This interface is intended to be used as server and client authentication service.
Inherits from:
nsISupports
Last changed in Gecko 1.8 (Firefox 1.5 / Thunderbird 1.5 / SeaMonkey 1.0)Method overview
void getNextToken([const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength); |
void init(in string aServiceName, in unsigned long aServiceFlags, in wstring aDomain, in wstring aUsername, in wstring aPassword); |
void unwrap([const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength); |
void wrap([const] in voidPtr aInToken, in unsigned long aInTokenLength, in boolean confidential, out voidPtr aOutToken, out unsigned long aOutTokenLength); |
Constants
Constant | Value | Description |
REQ_DEFAULT | 0 | Default behavior. |
REQ_MUTUAL_AUTH | (1 << 0) | Client and server will be authenticated. |
REQ_DELEGATE | (1 << 1) | The server is allowed to impersonate the client. The REQ_MUTUAL_AUTH flag may also need to be specified in order for this flag to take effect. |
Methods
getNextToken()
This method is called to get the next token in a sequence of authentication steps.
void getNextToken( [const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength );
Parameters
aInToken
- A buffer containing the input token (For example a challenge from a server). This may be
null
. aInTokenLength
- The length of the input token.
aOutToken
- If
getNextToken
succeeds, then aOutToken will point to a buffer to be sent in response to the server challenge. The length of this buffer is given byaOutTokenLength
. The buffer ataOutToken
must be recycled with a call tonsIMemory.free()
. aOutTokenLength
- If
getNextToken
succeeds, thenaOutTokenLength
contains the length of the buffer (number of bytes) pointed to byaOutToken
.
init()
This method is called to initialize an auth module. The other methods cannot be called unless this method succeeds.
void init( in string aServiceName, in unsigned long aServiceFlags, in wstring aDomain, in wstring aUsername, in wstring aPassword );
Parameters
aServiceName
- The service name, which may be
null
if not applicable (For example, for NTLM, this parameter should benull
). aServiceFlags
- A bitwise-or of the
REQ_
constants (passREQ_DEFAULT
for default behavior). aDomain
- The authentication domain, which may be
null
if not applicable. aUsername
- The user's login name.
aPassword
- The user's password.
Requires Gecko 1.8 (Firefox 1.5 / Thunderbird 1.5 / SeaMonkey 1.0)
unwrap()
This method is used to unpack, decrypt, and verify the checksums on data returned by a server when security layers are in use.
void unwrap( [const] in voidPtr aInToken, in unsigned long aInTokenLength, out voidPtr aOutToken, out unsigned long aOutTokenLength );
Parameters
aInToken
- A buffer containing the data received from the server.
aInTokenLength
- The length of the input token.
aOutToken
- A buffer containing the plaintext data from the server.
aOutTokenLength
- The length of the output token buffer.
Exceptions thrown
NS_ERROR_NOT_IMPLEMENTED
- If the underlying authentication mechanism does not support security layers.
Requires Gecko 1.8 (Firefox 1.5 / Thunderbird 1.5 / SeaMonkey 1.0)
wrap()
Once a security context has been established through calls to getNextToken()
it may be used to protect data exchanged between client and server. Calls to this method are used to protect items of data to be sent to the server.
void wrap( [const] in voidPtr aInToken, in unsigned long aInTokenLength, in boolean confidential, out voidPtr aOutToken, out unsigned long aOutTokenLength );
Parameters
aInToken
- A buffer containing the data to be sent to the server.
aInTokenLength
- The length of the input token.
confidential
- If set to
true
, it will encrypt the data, otherwise data will just be integrity protected (checksummed). aOutToken
- A buffer containing the resulting data to be sent to the server.
aOutTokenLength
- The length of the output token buffer.
Exceptions thrown
NS_ERROR_NOT_IMPLEMENTED
- If the underlying authentication mechanism does not support security layers.