- Method unwrap
Verifies the origin and integrity of the given message using the MIC included in it, and also decrypts the message if it was encrypted. The message has been calculated by the sender using wrap or some other GSS_Wrap wrapper.
This wraps GSS_Unwrap according to RFC 2743 section 2.3.4.
This function requires that the context is established, or that the early per-message protection service is available (c.f. GSSAPI.PROT_READY_FLAG. If not, a GSSAPI.MissingServicesError is thrown (but the context is not closed).
The message to be unwrapped.
If this is nonzero then it is an error if
messageisn't encrypted, and zero is returned in that case (the status returned by last_major_status will still indicate success, though).
Zero is returned if the verification fails with GSSAPI.DEFECTIVE_TOKEN or
Zero is also returned if
messageisn't encrypted and
Otherwise the message is successfully decrypted (provided it was encrypted to begin with), and its origin and integrity checks out, but it might still be considered wrong depending on whether the replay detection or sequencing services are required (see required_services):
If sequencing (c.f. GSSAPI.SEQUENCE_FLAG) is required then in addition to the replay detection conditions, zero is also returned if the message is out of sequence (GSSAPI.UNSEQ_TOKEN or GSSAPI.GAP_TOKEN).
Otherwise the unwrapped message is returned, which is valid according to the currently required services (note however that requiring the confidentiality service does not imply that an error is signalled whenever an unencrypted message is received - see instead
Any GSS-API errors except GSSAPI.DEFECTIVE_TOKEN and
Even if the message is considered valid by the return value, last_major_status may be called to check for the informatory codes mentioned above.