Establishing context

The two communicating peers must establish a security context over which they can use per-message services.

The initiator calls initSecContext() on its context, which returns a token to the initiator application. The initiator application transports the context token to the acceptor application. The acceptor calls acceptSecContext() on its context, specifying the context token received from the initiator. Depending on the underlying mechanism and the optional services that the initiator selected, acceptSecContext() might produce a token that the acceptor application has to forward to the initiator application. The initiator application then uses the received token to call initSecContext() one more time.

An application can make multiple calls to GSSContext.initSecContext() and GSSContext.acceptSecContext(). An application can also exchange multiple tokens with a peer during context establishment. Hence, the typical method of establishing context uses a loop to call GSSContext.initSecContext() or GSSContext.acceptSecContext() until the applications establish context.

Example: Establishing context

The following example illustrates the initiator (foo) side of context establishment:

     byte array[] inToken = null; // The input token is null for the first call
     int inTokenLen = 0;

     do {
         byte[] outToken = fooContext.initSecContext(inToken, 0, inTokenLen);

         if (outToken != null) {
             send(outToken); // transport token to acceptor
         }

         if( !fooContext.isEstablished()) {
             inToken = receive(); // receive token from acceptor
               inTokenLen = inToken.length;
         }
     } while (!fooContext.isEstablished());

The following example illustrates the acceptor side of context establishment:

     // The acceptor code for establishing context may be the following:
     do {
         byte[] inToken = receive(); // receive token from initiator
         byte[] outToken =
             serverAcceptorContext.acceptSecContext(inToken, 0, inToken.length);

         if (outToken != null) {
             send(outToken); // transport token to initiator
         }
     } while (!serverAcceptorContext.isEstablished());