@@ -90,8 +90,8 @@ public abstract class EXTENDED_NAME_FORMAT {
9090 * @param pAuthData
9191 * A pointer to package-specific data. This parameter can be NULL, which indicates
9292 * that the default credentials for that package must be used. To use supplied
93- * credentials, pass a SEC_WINNT_AUTH_IDENTITY structure that includes those credentials
94- * in this parameter.
93+ * credentials, pass a {@link com.sun.jna.platform.win32.Sspi.SEC_WINNT_AUTH_IDENTITY}
94+ * structure that includes those credentials in this parameter.
9595 * @param pGetKeyFn
9696 * This parameter is not used and should be set to NULL.
9797 * @param pvGetKeyArgument
@@ -111,6 +111,7 @@ int AcquireCredentialsHandle(String pszPrincipal, String pszPackage,
111111 Pointer pAuthData , Pointer pGetKeyFn , // TODO: SEC_GET_KEY_FN
112112 Pointer pvGetKeyArgument , CredHandle phCredential ,
113113 TimeStamp ptsExpiry );
114+
114115
115116 /**
116117 * The InitializeSecurityContext function initiates the client side, outbound security
@@ -178,7 +179,7 @@ int InitializeSecurityContext(CredHandle phCredential, CtxtHandle phContext,
178179 int TargetDataRep , SecBufferDesc pInput , int Reserved2 ,
179180 CtxtHandle phNewContext , SecBufferDesc pOutput , IntByReference pfContextAttr ,
180181 TimeStamp ptsExpiry );
181-
182+
182183 /**
183184 * The DeleteSecurityContext function deletes the local data structures associated
184185 * with the specified security context.
@@ -204,7 +205,7 @@ int InitializeSecurityContext(CredHandle phCredential, CtxtHandle phContext,
204205 * If the function fails, the return value is SEC_E_INVALID_HANDLE;
205206 */
206207 int FreeCredentialsHandle (CredHandle phCredential );
207-
208+
208209 /**
209210 * The AcceptSecurityContext function enables the server component of a transport
210211 * application to establish a security context between the server and a remote client.
@@ -251,7 +252,7 @@ int AcceptSecurityContext(CredHandle phCredential, CtxtHandle phContext,
251252 SecBufferDesc pInput , int fContextReq , int TargetDataRep ,
252253 CtxtHandle phNewContext , SecBufferDesc pOutput , IntByReference pfContextAttr ,
253254 TimeStamp ptsTimeStamp );
254-
255+
255256 /**
256257 * The EnumerateSecurityPackages function returns an array of SecPkgInfo structures that
257258 * describe the security packages available to the client.
@@ -340,4 +341,283 @@ int AcceptSecurityContext(CredHandle phCredential, CtxtHandle phContext,
340341 * If the function fails, the return value is a nonzero error code.
341342 */
342343 int QueryContextAttributes (CtxtHandle phContext , int ulAttribute , Structure pBuffer );
344+
345+ /**
346+ * Retrieves the attributes of a credential, such as the name associated
347+ * with the credential. The information is valid for any security context
348+ * created with the specified credential.
349+ *
350+ * @param phCredential A handle of the credentials to be queried.
351+ * @param ulAttribute Specifies the attribute of the context to be returned.
352+ * This parameter can be one of the SECPKG_ATTR_* values
353+ * defined in {@link Sspi}.
354+ * @param pBuffer A pointer to a structure that receives the attributes.
355+ * The type of structure pointed to depends on the value
356+ * specified in the ulAttribute parameter.
357+ * @return If the function succeeds, the return value is SEC_E_OK. If the
358+ * function fails, the return value is a nonzero error code.
359+ */
360+ int QueryCredentialsAttributes (Sspi .CredHandle phCredential , int ulAttribute , Structure pBuffer );
361+
362+ /**
363+ * Retrieves information about a specified security package. This
364+ * information includes the bounds on sizes of authentication information,
365+ * credentials, and contexts.
366+ *
367+ * @param pszPackageName Name of the security package.
368+ * @param ppPackageInfo Variable that receives a pointer to a SecPkgInfo
369+ * structure containing information about the
370+ * specified security package.
371+ * @return If the function succeeds, the return value is SEC_E_OK.
372+ * If the function fails, the return value is a nonzero error code.
373+ */
374+ int QuerySecurityPackageInfo (String pszPackageName , Sspi .PSecPkgInfo ppPackageInfo );
375+
376+ /**
377+ * EncryptMessage (Kerberos) function
378+ *
379+ * <p>
380+ * The EncryptMessage (Kerberos) function encrypts a message to provide
381+ * privacy. EncryptMessage (Kerberos) allows an application to choose among
382+ * cryptographic algorithms supported by the chosen mechanism. The
383+ * EncryptMessage (Kerberos) function uses the security context referenced
384+ * by the context handle. Some packages do not have messages to be encrypted
385+ * or decrypted but rather provide an integrity hash that can be
386+ * checked.</p>
387+ *
388+ * @param phContext A handle to the security context to be used to encrypt
389+ * the message.
390+ * @param fQOP Package-specific flags that indicate the quality of
391+ * protection. A security package can use this parameter to
392+ * enable the selection of cryptographic algorithms. This
393+ * parameter can be the following flag:
394+ * {@link Sspi#SECQOP_WRAP_NO_ENCRYPT}.
395+ * @param pMessage A pointer to a SecBufferDesc structure. On input, the
396+ * structure references one or more SecBuffer structures
397+ * that can be of type SECBUFFER_DATA. That buffer contains
398+ * the message to be encrypted. The message is encrypted in
399+ * place, overwriting the original contents of the
400+ * structure.
401+ *
402+ * <p>
403+ * The function does not process buffers with the SECBUFFER_READONLY
404+ * attribute.</p>
405+ *
406+ * <p>
407+ * The length of the SecBuffer structure that contains the message must be
408+ * no greater than cbMaximumMessage, which is obtained from the
409+ * QueryContextAttributes (Kerberos) (SECPKG_ATTR_STREAM_SIZES)
410+ * function.</p>
411+ *
412+ * <p>
413+ * Applications that do not use SSL must supply a SecBuffer of type
414+ * SECBUFFER_PADDING.</p>
415+ * @param MessageSeqNo The sequence number that the transport application
416+ * assigned to the message. If the transport application
417+ * does not maintain sequence numbers, this parameter
418+ * must be zero.
419+ * @return If the function succeeds, the function returns SEC_E_OK.
420+ * @see <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa375385(v=vs.85).aspx">MSDN Entry</a>
421+ */
422+ int EncryptMessage (CtxtHandle phContext , int fQOP , SecBufferDesc pMessage , int MessageSeqNo );
423+
424+ /**
425+ * VerifySignature function.
426+ *
427+ * <p>
428+ * Verifies that a message signed by using the MakeSignature function was
429+ * received in the correct sequence and has not been modified.</p>
430+ *
431+ * <p>
432+ * <strong>Warning</strong></p>
433+ *
434+ * <p>
435+ * The VerifySignature function will fail if the message was signed using
436+ * the RsaSignPssSha512 algorithm on a different version of Windows. For
437+ * example, a message that was signed by calling the MakeSignature function
438+ * on Windows 8 will cause the VerifySignature function on Windows 8.1 to
439+ * fail.</p>
440+ *
441+ * @param phContext A handle to the security context to use for the
442+ * message.
443+ * @param pMessage Pointer to a SecBufferDesc structure that references
444+ * a set of SecBuffer structures that contain the
445+ * message and signature to verify. The signature is in
446+ * a SecBuffer structure of type SECBUFFER_TOKEN.
447+ * @param MessageSeqNo Specifies the sequence number expected by the
448+ * transport application, if any. If the transport
449+ * application does not maintain sequence numbers, this
450+ * parameter is zero.
451+ * @param pfQOP Pointer to a ULONG variable that receives
452+ * package-specific flags that indicate the quality of
453+ * protection.
454+ *
455+ * <p>Some security packages ignore this parameter.</p>
456+ *
457+ * @return If the function verifies that the message was received in the
458+ * correct sequence and has not been modified, the return value is
459+ * SEC_E_OK.
460+ *
461+ * <p>
462+ * If the function determines that the message is not correct according to
463+ * the information in the signature, the return value can be one of the
464+ * following error codes.</p>
465+ *
466+ * <table>
467+ * <tr><th>Return code</th><th>Description</th></tr>
468+ * <tr><td>SEC_E_OUT_OF_SEQUENCE</td><td>The message was not received in the
469+ * correct sequence.</td></tr>
470+ * <tr><td>SEC_E_MESSAGE_ALTERED</td><td>The message has been
471+ * altered.</td></tr>
472+ * <tr><td>SEC_E_INVALID_HANDLE</td><td>The context handle specified by
473+ * phContext is not valid.</td></tr>
474+ * <tr><td>SEC_E_INVALID_TOKEN</td><td>pMessage did not contain a valid
475+ * SECBUFFER_TOKEN buffer, or contained too few buffers.</td></tr>
476+ * <tr><td>SEC_E_QOP_NOT_SUPPORTED</td><td>The quality of protection
477+ * negotiated between the client and server did not include integrity
478+ * checking.</td></tr>
479+ * </table>
480+ */
481+ int VerifySignature (CtxtHandle phContext , SecBufferDesc pMessage , int MessageSeqNo , IntByReference pfQOP );
482+
483+ /**
484+ * MakeSignature function.
485+ *
486+ * <p>
487+ * The MakeSignature function generates a cryptographic checksum of the
488+ * message, and also includes sequencing information to prevent message loss
489+ * or insertion. MakeSignature allows the application to choose between
490+ * several cryptographic algorithms, if supported by the chosen mechanism.
491+ * The MakeSignature function uses the security context referenced by the
492+ * context handle.</p>
493+ *
494+ * <p>
495+ * <strong>Remarks</strong></p>
496+ *
497+ * <p>
498+ * Remarks</p>
499+ *<p>
500+ * The MakeSignature function generates a signature that is based on the
501+ * message and the session key for the context.</p>
502+ *<p>
503+ * The VerifySignature function verifies the messages signed by the
504+ * MakeSignature function.</p>
505+ *<p>
506+ * If the transport application created the security context to support
507+ * sequence detection and the caller provides a sequence number, the
508+ * function includes this information in the signature. This protects
509+ * against reply, insertion, and suppression of messages. The security
510+ * package incorporates the sequence number passed down from the transport
511+ * application.</p>
512+ *
513+ * @param phContext A handle to the security context to use to sign the
514+ * message.
515+ * @param fQOP Package-specific flags that indicate the quality of
516+ * protection. A security package can use this parameter
517+ * to enable the selection of cryptographic algorithms.
518+ * <p>
519+ * When using the Digest SSP, this parameter must be set to zero.</p>
520+ *
521+ * @param pMessage A pointer to a SecBufferDesc structure. On input, the
522+ * structure references one or more SecBuffer structures
523+ * that contain the message to be signed. The function
524+ * does not process buffers with the
525+ * SECBUFFER_READONLY_WITH_CHECKSUM attribute.
526+ *
527+ * <p>
528+ * The SecBufferDesc structure also references a SecBuffer structure of type
529+ * SECBUFFER_TOKEN that receives the signature.</p>
530+ * <p>
531+ * When the Digest SSP is used as an HTTP authentication protocol, the
532+ * buffers should be configured as follows.</p>
533+ * <table>
534+ * <tr><th>Buffer #/buffer type</th><th>Meaning</th></tr>
535+ * <tr><td>0 / SECBUFFER_TOKEN</td><td>Empty.</td></tr>
536+ * <tr><td>1 / SECBUFFER_PKG_PARAMS</td><td>Method.</td></tr>
537+ * <tr><td>2 / SECBUFFER_PKG_PARAMS</td><td>URL.</td></tr>
538+ * <tr><td>3 / SECBUFFER_PKG_PARAMS</td><td>HEntity. For more information,
539+ * see Input Buffers for the Digest Challenge Response.</td></tr>
540+ * <tr><td>4 / SECBUFFER_PADDING</td><td>Empty. Receives the
541+ * signature.</td></tr>
542+ * </table>
543+ *<p>
544+ * When the Digest SSP is used as an SASL mechanism, the buffers should be
545+ * configured as follows.</p>
546+ *<table>
547+ * <tr><th>Buffer #/buffer type</th><th>Meaning</th></tr>
548+ * <tr><td>0 / SECBUFFER_TOKEN</td><td>Empty. Receives the signature. This
549+ * buffer must be large enough to hold the largest possible signature.
550+ * Determine the size required by calling the QueryContextAttributes
551+ * (General) function and specifying SECPKG_ATTR_SIZES. Check the returned
552+ * SecPkgContext_Sizes structure member cbMaxSignature.</td></tr>
553+ * <tr><td>1 / SECBUFFER_DATA</td><td>Message to be signed.</td></tr>
554+ * <tr><td>2 / SECBUFFER_PADDING</td><td>Empty.</td></tr>
555+ * </table>
556+ * @param MessageSeqNo *
557+ * The sequence number that the transport application
558+ * assigned to the message. If the transport application
559+ * does not maintain sequence numbers, this parameter is
560+ * zero.
561+ *
562+ * <p>
563+ * When using the Digest SSP, this parameter must be set to zero. The Digest
564+ * SSP manages sequence numbering internally.</p>
565+ *
566+ * @return If the function succeeds, the function returns SEC_E_OK.
567+ *
568+ * <p>
569+ * If the function fails, it returns one of the following error codes.</p>
570+ *
571+ * <table>
572+ * <tr><th>Return code</th><th>Description</th>
573+ * <tr><td>SEC_I_RENEGOTIATE</td><td>The remote party requires a new
574+ * handshake sequence or the application has just initiated a shutdown.
575+ * Return to the negotiation loop and call AcceptSecurityContext (General)
576+ * or InitializeSecurityContext (General) again. An empty input buffer is
577+ * passed in the first call.</td></tr>
578+ * <tr><td>SEC_E_INVALID_HANDLE</td><td>The context handle specified by
579+ * phContext is not valid.</td></tr>
580+ * <tr><td>SEC_E_INVALID_TOKEN</td><td>pMessage did not contain a valid
581+ * SECBUFFER_TOKEN buffer or contained too few buffers.</td></tr>
582+ * <tr><td>SEC_E_OUT_OF_SEQUENCE</td><td>The nonce count is out of
583+ * sequence.</td></tr>
584+ * <tr><td>SEC_E_NO_AUTHENTICATING_AUTHORITY</td><td>The security context
585+ * (phContext) must be revalidated.</td></tr>
586+ * <tr><td>STATUS_INVALID_PARAMETER</td><td>The nonce count is not
587+ * numeric.</td></tr>
588+ * <tr><td>SEC_E_QOP_NOT_SUPPORTED</td><td>The quality of protection
589+ * negotiated between the client and server did not include integrity
590+ * checking.</td></tr>
591+ * </table>
592+ */
593+ int MakeSignature (CtxtHandle phContext , int fQOP , SecBufferDesc pMessage , int MessageSeqNo );
594+
595+ /**
596+ * DecryptMessage (Kerberos) function
597+ *
598+ * <p>
599+ * The DecryptMessage (Kerberos) function decrypts a message. Some packages
600+ * do not encrypt and decrypt messages but rather perform and check an
601+ * integrity hash.</p>
602+ *
603+ * @param phContext A handle to the security context to be used to
604+ * encrypt the message.
605+ * @param pMessage A pointer to a SecBufferDesc structure. On input, the
606+ * structure references one or more SecBuffer structures
607+ * that may be of type SECBUFFER_DATA. The buffer
608+ * contains the encrypted message. The encrypted message
609+ * is decrypted in place, overwriting the original
610+ * contents of its buffer.
611+ * @param MessageSeqNo The sequence number expected by the transport
612+ * application, if any. If the transport application
613+ * does not maintain sequence numbers, this parameter
614+ * must be set to zero.
615+ * @param pfQOP A pointer to a variable of type ULONG that receives
616+ * package-specific flags that indicate the quality of
617+ * protection. This parameter can be the following flag:
618+ * {@link Sspi#SECQOP_WRAP_NO_ENCRYPT}.
619+ * @return If the function verifies that the message was received in the correct sequence, the function returns SEC_E_OK.
620+ * @see <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa375385(v=vs.85).aspx">MSDN Entry</a>
621+ */
622+ int DecryptMessage (CtxtHandle phContext , SecBufferDesc pMessage , int MessageSeqNo , IntByReference pfQOP );
343623}
0 commit comments