sun.security.mule.krb5
Class Credentials

java.lang.Object
  sun.security.mule.krb5.Credentials

public class Credentials
extends Object

This class encapsulates the concept of a Kerberos service credential. That includes a Kerberos ticket and an associated session key.

Constructor Summary

Credentials(byte[] encoding, String client, String server, byte[] keyBytes, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] cAddrs, Config kerberosConfig)

Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_server, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr)

Method Summary

static Credentials	acquireDefaultCreds() Acquires default credentials.
static Credentials	acquireServiceCreds(String service, Credentials ccreds, Config kerberosConfig) Acquires credentials for a specified service using initial credential.
static Credentials	acquireTGT(PrincipalName princ, EncryptionKey[] secretKeys, char[] password, Config kerberosConfig) Returns a TGT for the given client principal via an AS-Exchange.
static Credentials	acquireTGTFromCache(PrincipalName princ, String ticketCache) Returns a TGT for the given client principal from a ticket cache.
boolean	checkDelegate() Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set
Date	getAuthTime()
CredentialsCache	getCache()
PrincipalName	getClient() Acquires a service ticket for the specified service principal.
InetAddress[]	getClientAddresses()
byte[]	getEncoded()
Date	getEndTime()
boolean[]	getFlags()
Date	getRenewTill()
PrincipalName	getServer()
static Credentials	getServiceCreds(String serviceName, File keyTabFile, Config kerberosConfig) Gets service credential from key table.
EncryptionKey	getServiceKey()
EncryptionKey	getSessionKey()
Date	getStartTime()
Ticket	getTicket()
TicketFlags	getTicketFlags()
boolean	isForwardable()
boolean	isRenewable()
static void	printDebug(Credentials c)
Credentials	renew(Config kerberosConfig)
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

Credentials

public Credentials(Ticket new_ticket,
                   PrincipalName new_client,
                   PrincipalName new_server,
                   EncryptionKey new_key,
                   TicketFlags new_flags,
                   KerberosTime authTime,
                   KerberosTime new_startTime,
                   KerberosTime new_endTime,
                   KerberosTime renewTill,
                   HostAddresses cAddr)

Credentials

public Credentials(byte[] encoding,
                   String client,
                   String server,
                   byte[] keyBytes,
                   int keyType,
                   boolean[] flags,
                   Date authTime,
                   Date startTime,
                   Date endTime,
                   Date renewTill,
                   InetAddress[] cAddrs,
                   Config kerberosConfig)
            throws KrbException,
                   IOException

Throws:

KrbException

IOException

Method Detail

getClient

public final PrincipalName getClient()

Acquires a service ticket for the specified service principal. If the service ticket is not already available, it obtains a new one from the KDC.

getServer

public final PrincipalName getServer()

getSessionKey

public final EncryptionKey getSessionKey()

getAuthTime

public final Date getAuthTime()

getStartTime

public final Date getStartTime()

getEndTime

public final Date getEndTime()

getRenewTill

public final Date getRenewTill()

getFlags

public final boolean[] getFlags()

getClientAddresses

public final InetAddress[] getClientAddresses()

getEncoded

public final byte[] getEncoded()

isForwardable

public boolean isForwardable()

isRenewable

public boolean isRenewable()

getTicket

public Ticket getTicket()

getTicketFlags

public TicketFlags getTicketFlags()

checkDelegate

public boolean checkDelegate()

Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set

Returns:

true if OK-AS_DELEGATE flag is set, otherwise, return false.

renew

public Credentials renew(Config kerberosConfig)
                  throws KrbException,
                         IOException

Throws:

KrbException

IOException

acquireTGTFromCache

public static Credentials acquireTGTFromCache(PrincipalName princ,
                                              String ticketCache)
                                       throws KrbException,
                                              IOException

Returns a TGT for the given client principal from a ticket cache.

Parameters:

princ - the client principal. A value of null means that the default principal name in the credentials cache will be used.

ticketCache - the path to the tickets file. A value of null will be accepted to indicate that the default path should be searched

Throws:

KrbException

IOException

acquireTGT

public static Credentials acquireTGT(PrincipalName princ,
                                     EncryptionKey[] secretKeys,
                                     char[] password,
                                     Config kerberosConfig)
                              throws KrbException,
                                     IOException

Returns a TGT for the given client principal via an AS-Exchange. This method causes pre-authentication data to be sent in the AS-REQ.

Parameters:

princ - the client principal. This value cannot be null.

secretKey - the secret key of the client principal.This value cannot be null.

Throws:

KrbException

IOException

acquireDefaultCreds

public static Credentials acquireDefaultCreds()

Acquires default credentials.
The possible locations for default credentials cache is searched in the following order:

1. The directory and cache file name specified by "KRB5CCNAME" system. property.
2. The directory and cache file name specified by "KRB5CCNAME" environment variable.
3. A cache file named krb5cc_{user.name} at {user.home} directory.

Returns:

a KrbCreds object if the credential is found, otherwise return null.

getServiceCreds

public static Credentials getServiceCreds(String serviceName,
                                          File keyTabFile,
                                          Config kerberosConfig)

Gets service credential from key table. The credential is used to decrypt the received client message and authenticate the client by verifying the client's credential.

Parameters:

serviceName - the name of service, using format component@realm

keyTabFile - the file of key table.

Returns:

a KrbCreds object.

acquireServiceCreds

public static Credentials acquireServiceCreds(String service,
                                              Credentials ccreds,
                                              Config kerberosConfig)
                                       throws KrbException,
                                              IOException

Acquires credentials for a specified service using initial credential. When the service has a different realm from the initial credential, we do cross-realm authentication - first, we use the current credential to get a cross-realm credential from the local KDC, then use that cross-realm credential to request service credential from the foreigh KDC.

Parameters:

service - the name of service principal using format components@realm

ccreds - client's initial credential.

Returns:

a Credentials object.

Throws:

IOException - if an error occurs in reading the credentials cache

KrbException - if an error occurs specific to Kerberos

getCache

public CredentialsCache getCache()

getServiceKey

public EncryptionKey getServiceKey()

printDebug

public static void printDebug(Credentials c)

toString

public String toString()

Overrides:

toString in class Object