The two communicating peers must establish a security context over which they can use per-message services.
The initiator calls initSecContext() on its context, which returns a token to the initiator application. The initiator application transports the context token to the acceptor application. The acceptor calls acceptSecContext() on its context, specifying the context token received from the initiator. Depending on the underlying mechanism and the optional services that the initiator selected, acceptSecContext() might produce a token that the acceptor application has to forward to the initiator application. The initiator application then uses the received token to call initSecContext() one more time.
An application can make multiple calls to GSSContext.initSecContext() and GSSContext.acceptSecContext(). An application can also exchange multiple tokens with a peer during context establishment. Hence, the typical method of establishing context uses a loop to call GSSContext.initSecContext() or GSSContext.acceptSecContext() until the applications establish context.
Example: Establishing context
The following example illustrates the initiator (foo) side of context establishment:
byte array[] inToken = null; // The input token is null for the first call int inTokenLen = 0; do { byte[] outToken = fooContext.initSecContext(inToken, 0, inTokenLen); if (outToken != null) { send(outToken); // transport token to acceptor } if( !fooContext.isEstablished()) { inToken = receive(); // receive token from acceptor inTokenLen = inToken.length; } } while (!fooContext.isEstablished());
The following example illustrates the acceptor side of context establishment:
// The acceptor code for establishing context may be the following: do { byte[] inToken = receive(); // receive token from initiator byte[] outToken = serverAcceptorContext.acceptSecContext(inToken, 0, inToken.length); if (outToken != null) { send(outToken); // transport token to initiator } } while (!serverAcceptorContext.isEstablished());