WS-Security and GSS-API: How do I get the session key?

Michael B Allen ioplex at gmail.com
Fri Mar 6 15:54:21 EST 2009


On Thu, Mar 5, 2009 at 9:29 PM,  <weijun.wang at sun.com> wrote:
> Hi Luke
>
> On Feb 24, 9:36 pm, Luke Howard <lu... at padl.com> wrote:
>> > I don't recall offhand if there's been an IETF draft proposing the
>> > specific extension we've got for extracting the session key.
>>
>
>>    major = gss_inquire_sec_context_by_oid(&minor,
>>                                          ctx,
>>                                          GSS_C_INQ_SSPI_SESSION_KEY,
>>                                          &skey);
>
> Cool, we (Java SE Team at Sun) are also preparing to add a new method
> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.

I think it would be better to have a GSSContext method that could
return an Object that is specific to the OID supplied. For example, in
the case of the session key, it would return a byte[] array like:

  Oid sspiSessionKeyOid = new Oid("1.2.840.113554.1.2.2.5.5");
  byte[] sessionKey = (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);

Otherwise you're going to end up just adding more methods in an
already overwhelming API.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/




More information about the Kerberos mailing list