The SecurityContext object is created by the vault on either an initialize_security_context (client side) or accept_security_context (server side).
readonly attribute Security::ChannelBindings chan_binding;
The channel binding that were used to intialize the security context. Client Side.
readonly attribute Security::SecurityContextState context_state;
The current state of the context establishment.
readonly attribute Security::SecurityContextType context_type;
The type of the security context. Its client/server orientation.
readonly attribute Security::MechanismType mechanism;
The mechanism currently in use by the security context.
readonly attribute SecurityLevel2::Credentials peer_credentials;
Credentails received from the peer. However, this may not be used in favor of received_credentials on the ServerSecurityContext, or target_credentials on the ClientSecurityContext.
readonly attribute boolean supports_refresh;
This attribute tells whether this context supports being refreshed.
Security::AssociationStatus continue_security_context(in Security::OpaqueBuffer in_token, out Security::OpaqueBuffer out_token);
This operation is used on either the Client or Server oriented contexts.
Context must be greater than or equal to the SecContextContinued state and less than the the SecContextEstablished state.
in_token
- The GSS Token.
out_token
- The output GSS Token. Note, this token
can contain 0 octets, which means that
security context has transistioned
into the SecContextEstablished state
and this operation has returned
SecAssocSuccess.
boolean discard_security_context(in Security::Opaque discard_data, out Security::OpaqueBuffer out_token);
boolean is_valid(out Security::UtcT expiry_time);
Returns the validity state of the context.
expiry_type
- The expiry time of the context.
boolean process_discard_token(in Security::OpaqueBuffer discard_token);
boolean process_refresh_token(in Security::OpaqueBuffer refresh_token);
void protect_message(in Security::OpaqueBuffer message, in Security::QOP qop, out Security::OpaqueBuffer text_buffer, out Security::OpaqueBuffer out_token);
This operation protects the message using the give QOP.
message
- The message to be protected.
qop
- The quality of protection to use.
text_buffer
- This output parameter may contain
information that may not be included
in the output_token. Returning information
in this argument has the semantic meaning
that the token protects the message
in the text buffer, implying integrity
protection only. This signals to SECIOP
that a MIC and message are sent seperately.
out_token
- This is the protection token. If no data
was in the text_buffer, then a WRAP
by SECIOP with only this token data.
void reclaim_message(in Security::OpaqueBuffer text_buffer, in Security::OpaqueBuffer token, out Security::QOP qop, out Security::OpaqueBuffer message);
This operation reclaims a message from the protection.
text_buffer
- This message may be the seperate message
from the token, implying integrity
protection only that was created by
the protect_message operation on the
remote end. If it has any data, that
implies the token is merely an MIC.
token
- The MIC or WRAP token depending on the
data in the text_buffer.
qop
- The quality of protection that the
message was sent with.
message
- The reclaimed message.
boolean refresh_security_context(in Security::OpaqueBuffer refresh_data, out Security::OpaqueBuffer out_token);
Generated by the ORBacus IDL-to-HTML translator (non-commercial)