com.ibm.security.krb5
Class Credentials
- java.lang.Object
com.ibm.security.krb5.Credentials
- public class Credentials
- extends java.lang.Object
Version:
1.1, 5/7/07
Constructor Summary
Constructor and Description |
---|
Credentials(byte[] encoding,java.lang.String client,java.lang.String server,byte[] keyBytes,int keyType,boolean[] flags,java.util.Date authTime,java.util.Date startTime,java.util.Date endTime,java.util.Date renewTill,java.net.InetAddress[] cAddrs)
|
Credentials(PrincipalName client,EncryptionKey serviceKey)
|
Credentials(PrincipalName client,EncryptionKey[] serviceKeys)
|
Credentials(java.lang.String client,EncryptionKey serviceKey)
|
Credentials(java.lang.String client,EncryptionKey[] serviceKeys)
|
Credentials(Ticket new_ticket,PrincipalName new_client,PrincipalName new_server,EncryptionKey new_key,TicketFlags new_flags,KerberosTime authTime,KerberosTime new_startTime,KerberosTime new_endTime,KerberosTime renewTill,HostAddresses cAddr)
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
acquireCreds(java.lang.String username,java.lang.String r)
Acquires credentials for a specified user in a specified realm.
|
|
acquireDefaultCreds()
Acquires default credentials.
|
|
acquireServiceCreds(PrincipalName service,Credentials ccreds)
Acquires credentials for a specified service using initial credential.
|
|
acquireServiceCreds(PrincipalName service,Credentials ccreds,KDCOptions options,HostAddresses addresses)
|
|
acquireServiceCreds(java.lang.String service,Credentials ccreds)
|
acquireSvcCreds(PrincipalName service,KDCOptions options,HostAddresses addresses)
Acquires credentials for a specified service using initial credential.
|
|
|
acquireTGT(EncryptionKey sKey,KDCOptions options,PrincipalName cname,PrincipalName sname,KerberosTime from,KerberosTime till,KerberosTime rtime,int[] eTypes,HostAddresses addresses,Ticket[] additionalTickets,java.lang.String realm)
Returns a TGT for the given client principal via an AS-Exchange.
|
|
acquireTGT(PrincipalName princ,EncryptionKey secretKey)
Returns a TGT for the given client principal via an AS-Exchange.
|
|
acquireTGT(java.lang.StringBuffer password,KDCOptions options,PrincipalName cname,PrincipalName sname,KerberosTime from,KerberosTime till,KerberosTime rtime,int[] eTypes,HostAddresses addresses,Ticket[] additionalTickets,java.lang.String realm)
Returns a TGT for the given client principal via an AS-Exchange.
|
|
acquireTGTFromCache(PrincipalName principal,java.io.InputStream ticketCache)
|
|
acquireTGTFromCache(PrincipalName princ,java.lang.String ticketCache)
Returns a TGT for the given client principal from a ticket cache.
|
|
checkDelegate()
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE
flag set
|
|
getAuthTime()
|
getCache()
|
|
getClient()
|
|
|
getClientAddresses()
|
|
getDefaultNativeCreds()
Obtains default credentials from Windows credentials cache.
|
|
getEncoded()
|
|
getEndTime()
|
|
getFlags()
|
|
getRenewTill()
|
getServer()
|
|
|
getServiceCreds(PrincipalName serviceName,java.io.InputStream keytabStream)
Gets service credential from a stream key table.
|
|
getServiceCreds(java.lang.String serviceName,java.io.File keyTabFile)
Gets service credential from key table.
|
getServiceKey()
|
|
getServiceKey(int enctype)
|
|
getServiceKeys()
|
|
getSessionKey()
|
|
|
getStartTime()
|
getTicket()
|
|
getTicketFlags()
|
|
|
isForwardable()
|
|
isRenewable()
|
|
printKrb5Debug(Credentials c)
|
renew()
|
|
|
setServiceKey(EncryptionKey key)
|
|
setServiceKeys(EncryptionKey[] keys)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
Credentials
- public Credentials(Ticket new_ticket,
- PrincipalName new_client,
- PrincipalName new_server,
- EncryptionKey new_key,
- TicketFlags new_flags,
- KerberosTime authTime,
- KerberosTime new_startTime,
- KerberosTime new_endTime,
- KerberosTime renewTill,
- HostAddresses cAddr)
Credentials
- public Credentials(byte[] encoding,
- java.lang.String client,
- java.lang.String server,
- byte[] keyBytes,
- int keyType,
- boolean[] flags,
- java.util.Date authTime,
- java.util.Date startTime,
- java.util.Date endTime,
- java.util.Date renewTill,
- java.net.InetAddress[] cAddrs)
- throws KrbException
- java.io.IOException
Credentials
- public Credentials(PrincipalName client,
- EncryptionKey serviceKey)
- throws RealmException
Throws:
Credentials
- public Credentials(java.lang.String client,
- EncryptionKey serviceKey)
- throws RealmException
Throws:
Credentials
- public Credentials(java.lang.String client,
- EncryptionKey[] serviceKeys)
- throws RealmException
Throws:
Credentials
- public Credentials(PrincipalName client,
- EncryptionKey[] serviceKeys)
- throws RealmException
Throws:
Method Detail
getClient
- public final PrincipalName getClient( )
getServer
- public final PrincipalName getServer( )
getSessionKey
- public EncryptionKey getSessionKey( )
getStartTime
- public final java.util.Date getStartTime( )
getEndTime
- public final java.util.Date getEndTime( )
getRenewTill
- public final java.util.Date getRenewTill( )
getFlags
- public final boolean[] getFlags( )
getClientAddresses
- public final java.net.InetAddress[] getClientAddresses( )
getEncoded
- public final byte[] getEncoded( )
isRenewable
- public boolean isRenewable()
isForwardable
- public boolean isForwardable()
getTicket
- public Ticket getTicket()
getTicketFlags
- public TicketFlags getTicketFlags( )
checkDelegate
- public boolean checkDelegate()
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE
flag set
Returns:
true if OK-AS_DELEGATE flag is set, otherwise, return false.
renew
- public Credentials renew()
- throws KrbException
- java.io.IOException
acquireTGTFromCache
- public static Credentials acquireTGTFromCache( PrincipalName princ,
- java.lang.String ticketCache)
- throws KrbException
- java.io.IOException
Returns a TGT for the given client principal from a ticket cache.
Parameters:
princ
- the client principal. A value of null means that the
default principal name in the credentials cache will be used. ticketCache
- the path to the tickets file. A value
of null will be accepted to indicate that the default
path should be searched Throws:
java.io.IOException
acquireTGTFromCache
- public static Credentials acquireTGTFromCache( PrincipalName principal,
- java.io.InputStream ticketCache)
- throws KrbException
- java.io.IOException
acquireTGT
- public static Credentials acquireTGT( PrincipalName princ,
- EncryptionKey secretKey)
- throws KrbException
- java.io.IOException
Returns a TGT for the given client principal via an AS-Exchange.
This method causes pre-authentication data to be sent in the
AS-REQ.
Parameters:
princ
- the client principal. This value cannot be null. secretKey
- the secret key of the client principal. This value
cannot be null. Throws:
java.io.IOException
acquireTGT
- public static Credentials acquireTGT( java.lang.StringBuffer password,
- KDCOptions options,
- PrincipalName cname,
- PrincipalName sname,
- KerberosTime from,
- KerberosTime till,
- KerberosTime rtime,
- int[] eTypes,
- HostAddresses addresses,
- Ticket[] additionalTickets,
- java.lang.String realm)
- throws KrbException
- java.io.IOException
Returns a TGT for the given client principal via an AS-Exchange.
This method causes pre-authentication data to be sent in the
AS-REQ.
acquireTGT
- public static Credentials acquireTGT( EncryptionKey sKey,
- KDCOptions options,
- PrincipalName cname,
- PrincipalName sname,
- KerberosTime from,
- KerberosTime till,
- KerberosTime rtime,
- int[] eTypes,
- HostAddresses addresses,
- Ticket[] additionalTickets,
- java.lang.String realm)
- throws KrbException
- java.io.IOException
Returns a TGT for the given client principal via an AS-Exchange.
This method causes pre-authentication data to be sent in the
AS-REQ.
acquireDefaultCreds
- public static Credentials acquireDefaultCreds( )
Acquires default credentials.
The possible locations for default credentials cache is searched in the following order:
The possible locations for default credentials cache is searched in the following order:
- The directory and cache file name specified by "KRB5CCNAME" system. property.
- The directory and cache file name specified by "KRB5CCNAME" environment variable.
- A cache file named krb5cc_{user.name} at {user.home} directory.
Returns:
a
KrbCreds
object if the credential is found,
otherwise return null. acquireCreds
- public static Credentials acquireCreds( java.lang.String username,
- java.lang.String r)
Acquires credentials for a specified user in a specified realm.
Parameters:
username
- user's Kerberos name. r
- realm name. Returns:
a
Credentials
object
if it is found in the credentials cache, otherwise, return null. getServiceCreds
- public static Credentials getServiceCreds( java.lang.String serviceName,
- java.io.File keyTabFile)
- throws java.io.IOException
- java.lang.IllegalArgumentException
Gets service credential from key table. The credential is used to decrypt * the received client message
and authenticate the client by verifying the client's credential.
Parameters:
serviceName
- the name of service, using format component@realm. Specify null for the default service. keyTabFile
- the file of key table. Returns:
a
KrbCreds
object. Throws:
java.io.IOException
java.lang.IllegalArgumentException
getServiceCreds
- public static Credentials getServiceCreds( PrincipalName serviceName,
- java.io.InputStream keytabStream)
- throws java.io.IOException
- KrbException
Gets service credential from a stream key table.
Parameters:
serviceName
- the name of service. Null serviceName returns the
latest entry in the key table. keytabStream
- input stream representing the key table. Returns:
a
Credentials
object containing the service key
or null if the key is not found. Throws:
java.io.IOException
acquireServiceCreds
- public static Credentials acquireServiceCreds( java.lang.String service,
- Credentials ccreds)
- throws java.lang.Exception
acquireServiceCreds
- public static Credentials acquireServiceCreds( PrincipalName service,
- Credentials ccreds)
- throws java.lang.Exception
Acquires credentials for a specified service using initial credential. When
the service has a different realm
from the initial credential, we do cross-realm authentication - first, we
use the current credential to get
a cross-realm credential from the local KDC, then use that cross-realm
credential to request service credential
from the foreigh KDC.
Parameters:
service
- the name of service principal using format components@realm ccreds
- client's initial credential. Returns:
a
Credentials
object. Throws:
java.lang.Exception
- general exception will be thrown when any error occurs. acquireServiceCreds
- public static Credentials acquireServiceCreds( PrincipalName service,
- Credentials ccreds,
- KDCOptions options,
- HostAddresses addresses)
- throws KrbException
- java.lang.Exception
acquireSvcCreds
- public Credentials acquireSvcCreds( PrincipalName service,
- KDCOptions options,
- HostAddresses addresses)
- throws KrbException
- java.lang.Exception
Acquires credentials for a specified service using initial credential. When
the service has a different realm
from the initial credential, we do cross-realm authentication - first, we
use the current credential to get
a cross-realm credential from the local KDC, then use that cross-realm
credential to request service credential
from the foreigh KDC.
this is a non-static implementation, supporting multithreading.
Parameters:
service
- the name of service principal using format components@realm Returns:
a
Credentials
object. Throws:
java.lang.Exception
- general exception will be thrown when any error occurs. getCache
- public CredentialsCache getCache( )
getServiceKey
- public EncryptionKey getServiceKey( )
getServiceKey
- public EncryptionKey getServiceKey( int enctype)
getServiceKeys
- public EncryptionKey[] getServiceKeys( )
setServiceKey
- public void setServiceKey(EncryptionKey key)
- throws java.lang.Exception
Throws:
java.lang.Exception
setServiceKeys
- public void setServiceKeys(EncryptionKey[] keys)
- throws java.lang.Exception
Throws:
java.lang.Exception
printKrb5Debug
- public static void printKrb5Debug( Credentials c)
getDefaultNativeCreds
- public static Credentials getDefaultNativeCreds( )
Obtains default credentials from Windows credentials cache.
getAuthTime
- public java.util.Date getAuthTime( )