com.ibm.security.krb5

Class Credentials

  1. java.lang.Object
  2. extended bycom.ibm.security.krb5.Credentials

  1. public class Credentials
  2. extends java.lang.Object
This class encapsulates the concept of a Kerberos service credential. That includes a Kerberos ticket and an associated session key.
Version:
1.1, 5/7/07

Constructor Summary

Constructor and Description
Credentials(byte[] encoding,java.lang.String client,java.lang.String server,byte[] keyBytes,int keyType,boolean[] flags,java.util.Date authTime,java.util.Date startTime,java.util.Date endTime,java.util.Date renewTill,java.net.InetAddress[] cAddrs)
Credentials(PrincipalName client,EncryptionKey serviceKey)
Credentials(PrincipalName client,EncryptionKey[] serviceKeys)
Credentials(java.lang.String client,EncryptionKey serviceKey)
Credentials(java.lang.String client,EncryptionKey[] serviceKeys)
Credentials(Ticket new_ticket,PrincipalName new_client,PrincipalName new_server,EncryptionKey new_key,TicketFlags new_flags,KerberosTime authTime,KerberosTime new_startTime,KerberosTime new_endTime,KerberosTime renewTill,HostAddresses cAddr)

Method Summary

Modifier and Type Method and Description
  1. static
  2. Credentials
acquireCreds(java.lang.String username,java.lang.String r)
Acquires credentials for a specified user in a specified realm.
  1. static
  2. Credentials
acquireDefaultCreds()
Acquires default credentials.
  1. static
  2. Credentials
acquireServiceCreds(PrincipalName service,Credentials ccreds)
Acquires credentials for a specified service using initial credential.
  1. static
  2. Credentials
acquireServiceCreds(PrincipalName service,Credentials ccreds,KDCOptions options,HostAddresses addresses)
  1. static
  2. Credentials
acquireServiceCreds(java.lang.String service,Credentials ccreds)
  1. Credentials
acquireSvcCreds(PrincipalName service,KDCOptions options,HostAddresses addresses)
Acquires credentials for a specified service using initial credential.
  1. static
  2. Credentials
acquireTGT(EncryptionKey sKey,KDCOptions options,PrincipalName cname,PrincipalName sname,KerberosTime from,KerberosTime till,KerberosTime rtime,int[] eTypes,HostAddresses addresses,Ticket[] additionalTickets,java.lang.String realm)
Returns a TGT for the given client principal via an AS-Exchange.
  1. static
  2. Credentials
acquireTGT(PrincipalName princ,EncryptionKey secretKey)
Returns a TGT for the given client principal via an AS-Exchange.
  1. static
  2. Credentials
acquireTGT(java.lang.StringBuffer password,KDCOptions options,PrincipalName cname,PrincipalName sname,KerberosTime from,KerberosTime till,KerberosTime rtime,int[] eTypes,HostAddresses addresses,Ticket[] additionalTickets,java.lang.String realm)
Returns a TGT for the given client principal via an AS-Exchange.
  1. static
  2. Credentials
acquireTGTFromCache(PrincipalName principal,java.io.InputStream ticketCache)
  1. static
  2. Credentials
acquireTGTFromCache(PrincipalName princ,java.lang.String ticketCache)
Returns a TGT for the given client principal from a ticket cache.
  1. boolean
checkDelegate()
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set
  1. java.util.Date
getAuthTime()
  1. CredentialsCache
getCache()
  1. PrincipalName
getClient()
  1. java.net.InetAddress[]
getClientAddresses()
  1. static
  2. Credentials
getDefaultNativeCreds()
Obtains default credentials from Windows credentials cache.
  1. byte[]
getEncoded()
  1. java.util.Date
getEndTime()
  1. boolean[]
getFlags()
  1. java.util.Date
getRenewTill()
  1. PrincipalName
getServer()
  1. static
  2. Credentials
getServiceCreds(PrincipalName serviceName,java.io.InputStream keytabStream)
Gets service credential from a stream key table.
  1. static
  2. Credentials
getServiceCreds(java.lang.String serviceName,java.io.File keyTabFile)
Gets service credential from key table.
  1. EncryptionKey
getServiceKey()
  1. EncryptionKey
getServiceKey(int enctype)
  1. EncryptionKey[]
getServiceKeys()
  1. EncryptionKey
getSessionKey()
  1. java.util.Date
getStartTime()
  1. Ticket
getTicket()
  1. TicketFlags
getTicketFlags()
  1. boolean
isForwardable()
  1. boolean
isRenewable()
  1. static
  2. void
printKrb5Debug(Credentials c)
  1. Credentials
renew()
  1. void
setServiceKey(EncryptionKey key)
  1. void
setServiceKeys(EncryptionKey[] keys)
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Credentials

  1. public Credentials(Ticket new_ticket,
  2. PrincipalName new_client,
  3. PrincipalName new_server,
  4. EncryptionKey new_key,
  5. TicketFlags new_flags,
  6. KerberosTime authTime,
  7. KerberosTime new_startTime,
  8. KerberosTime new_endTime,
  9. KerberosTime renewTill,
  10. HostAddresses cAddr)

Credentials

  1. public Credentials(byte[] encoding,
  2. java.lang.String client,
  3. java.lang.String server,
  4. byte[] keyBytes,
  5. int keyType,
  6. boolean[] flags,
  7. java.util.Date authTime,
  8. java.util.Date startTime,
  9. java.util.Date endTime,
  10. java.util.Date renewTill,
  11. java.net.InetAddress[] cAddrs)
  12. throws KrbException
  13. java.io.IOException
Throws:
java.io.IOException

Credentials

  1. public Credentials(PrincipalName client,
  2. EncryptionKey serviceKey)
  3. throws RealmException
Throws:

Credentials

  1. public Credentials(java.lang.String client,
  2. EncryptionKey serviceKey)
  3. throws RealmException
Throws:

Credentials

  1. public Credentials(java.lang.String client,
  2. EncryptionKey[] serviceKeys)
  3. throws RealmException
Throws:

Credentials

  1. public Credentials(PrincipalName client,
  2. EncryptionKey[] serviceKeys)
  3. throws RealmException
Throws:

Method Detail

getClient

  1. public final PrincipalName getClient( )

getServer

  1. public final PrincipalName getServer( )

getSessionKey

  1. public EncryptionKey getSessionKey( )

getStartTime

  1. public final java.util.Date getStartTime( )

getEndTime

  1. public final java.util.Date getEndTime( )

getRenewTill

  1. public final java.util.Date getRenewTill( )

getFlags

  1. public final boolean[] getFlags( )

getClientAddresses

  1. public final java.net.InetAddress[] getClientAddresses( )

getEncoded

  1. public final byte[] getEncoded( )

isRenewable

  1. public boolean isRenewable()

isForwardable

  1. public boolean isForwardable()

getTicket

  1. public Ticket getTicket()

getTicketFlags

  1. public TicketFlags getTicketFlags( )

checkDelegate

  1. public boolean checkDelegate()
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set
Returns:
true if OK-AS_DELEGATE flag is set, otherwise, return false.

renew

  1. public Credentials renew()
  2. throws KrbException
  3. java.io.IOException
Throws:
java.io.IOException

acquireTGTFromCache

  1. public static Credentials acquireTGTFromCache( PrincipalName princ,
  2. java.lang.String ticketCache)
  3. throws KrbException
  4. java.io.IOException
Returns a TGT for the given client principal from a ticket cache.
Parameters:
princ - the client principal. A value of null means that the default principal name in the credentials cache will be used.
ticketCache - the path to the tickets file. A value of null will be accepted to indicate that the default path should be searched
Throws:
java.io.IOException

acquireTGTFromCache

  1. public static Credentials acquireTGTFromCache( PrincipalName principal,
  2. java.io.InputStream ticketCache)
  3. throws KrbException
  4. java.io.IOException
Throws:
java.io.IOException

acquireTGT

  1. public static Credentials acquireTGT( PrincipalName princ,
  2. EncryptionKey secretKey)
  3. throws KrbException
  4. java.io.IOException
Returns a TGT for the given client principal via an AS-Exchange. This method causes pre-authentication data to be sent in the AS-REQ.
Parameters:
princ - the client principal. This value cannot be null.
secretKey - the secret key of the client principal. This value cannot be null.
Throws:
java.io.IOException

acquireTGT

  1. public static Credentials acquireTGT( java.lang.StringBuffer password,
  2. KDCOptions options,
  3. PrincipalName cname,
  4. PrincipalName sname,
  5. KerberosTime from,
  6. KerberosTime till,
  7. KerberosTime rtime,
  8. int[] eTypes,
  9. HostAddresses addresses,
  10. Ticket[] additionalTickets,
  11. java.lang.String realm)
  12. throws KrbException
  13. java.io.IOException
Returns a TGT for the given client principal via an AS-Exchange. This method causes pre-authentication data to be sent in the AS-REQ.
Throws:
java.io.IOException

acquireTGT

  1. public static Credentials acquireTGT( EncryptionKey sKey,
  2. KDCOptions options,
  3. PrincipalName cname,
  4. PrincipalName sname,
  5. KerberosTime from,
  6. KerberosTime till,
  7. KerberosTime rtime,
  8. int[] eTypes,
  9. HostAddresses addresses,
  10. Ticket[] additionalTickets,
  11. java.lang.String realm)
  12. throws KrbException
  13. java.io.IOException
Returns a TGT for the given client principal via an AS-Exchange. This method causes pre-authentication data to be sent in the AS-REQ.
Throws:
java.io.IOException

acquireDefaultCreds

  1. public static Credentials acquireDefaultCreds( )
Acquires default credentials.
The possible locations for default credentials cache is searched in the following order:
  1. The directory and cache file name specified by "KRB5CCNAME" system. property.
  2. The directory and cache file name specified by "KRB5CCNAME" environment variable.
  3. A cache file named krb5cc_{user.name} at {user.home} directory.
Returns:
a KrbCreds object if the credential is found, otherwise return null.

acquireCreds

  1. public static Credentials acquireCreds( java.lang.String username,
  2. java.lang.String r)
Acquires credentials for a specified user in a specified realm.
Parameters:
username - user's Kerberos name.
r - realm name.
Returns:
a Credentials object if it is found in the credentials cache, otherwise, return null.

getServiceCreds

  1. public static Credentials getServiceCreds( java.lang.String serviceName,
  2. java.io.File keyTabFile)
  3. throws java.io.IOException
  4. java.lang.IllegalArgumentException
Gets service credential from key table. The credential is used to decrypt * the received client message and authenticate the client by verifying the client's credential.
Parameters:
serviceName - the name of service, using format component@realm. Specify null for the default service.
keyTabFile - the file of key table.
Returns:
a KrbCreds object.
Throws:
java.io.IOException
java.lang.IllegalArgumentException

getServiceCreds

  1. public static Credentials getServiceCreds( PrincipalName serviceName,
  2. java.io.InputStream keytabStream)
  3. throws java.io.IOException
  4. KrbException
Gets service credential from a stream key table.
Parameters:
serviceName - the name of service. Null serviceName returns the latest entry in the key table.
keytabStream - input stream representing the key table.
Returns:
a Credentials object containing the service key or null if the key is not found.
Throws:
java.io.IOException

acquireServiceCreds

  1. public static Credentials acquireServiceCreds( java.lang.String service,
  2. Credentials ccreds)
  3. throws java.lang.Exception
Throws:
java.lang.Exception
See Also:

acquireServiceCreds

  1. public static Credentials acquireServiceCreds( PrincipalName service,
  2. Credentials ccreds)
  3. throws java.lang.Exception
Acquires credentials for a specified service using initial credential. When the service has a different realm from the initial credential, we do cross-realm authentication - first, we use the current credential to get a cross-realm credential from the local KDC, then use that cross-realm credential to request service credential from the foreigh KDC.
Parameters:
service - the name of service principal using format components@realm
ccreds - client's initial credential.
Returns:
a Credentials object.
Throws:
java.lang.Exception - general exception will be thrown when any error occurs.

acquireServiceCreds

  1. public static Credentials acquireServiceCreds( PrincipalName service,
  2. Credentials ccreds,
  3. KDCOptions options,
  4. HostAddresses addresses)
  5. throws KrbException
  6. java.lang.Exception
Throws:
java.lang.Exception

acquireSvcCreds

  1. public Credentials acquireSvcCreds( PrincipalName service,
  2. KDCOptions options,
  3. HostAddresses addresses)
  4. throws KrbException
  5. java.lang.Exception
Acquires credentials for a specified service using initial credential. When the service has a different realm from the initial credential, we do cross-realm authentication - first, we use the current credential to get a cross-realm credential from the local KDC, then use that cross-realm credential to request service credential from the foreigh KDC. this is a non-static implementation, supporting multithreading.
Parameters:
service - the name of service principal using format components@realm
Returns:
a Credentials object.
Throws:
java.lang.Exception - general exception will be thrown when any error occurs.

getCache

  1. public CredentialsCache getCache( )

getServiceKey

  1. public EncryptionKey getServiceKey( )

getServiceKey

  1. public EncryptionKey getServiceKey( int enctype)

getServiceKeys

  1. public EncryptionKey[] getServiceKeys( )

setServiceKey

  1. public void setServiceKey(EncryptionKey key)
  2. throws java.lang.Exception
Throws:
java.lang.Exception

setServiceKeys

  1. public void setServiceKeys(EncryptionKey[] keys)
  2. throws java.lang.Exception
Throws:
java.lang.Exception

printKrb5Debug

  1. public static void printKrb5Debug( Credentials c)

getDefaultNativeCreds

  1. public static Credentials getDefaultNativeCreds( )
Obtains default credentials from Windows credentials cache.

getAuthTime

  1. public java.util.Date getAuthTime( )