FileDocCategorySizeDatePackage
KerberosKey.javaAPI DocJava SE 5 API6566Fri Aug 26 14:57:48 BST 2005javax.security.auth.kerberos

KerberosKey

public class KerberosKey extends Object implements SecretKey, Destroyable
This class encapsulates a long term secret key for a Kerberos principal.

All Kerberos JAAS login modules that obtain a principal's password and generate the secret key from it should use this class. Where available, the login module might even read this secret key directly from a Kerberos "keytab". Sometimes, such as when authenticating a server in the absence of user-to-user authentication, the login module will store an instance of this class in the private credential set of a {@link javax.security.auth.Subject Subject} during the commit phase of the authentication process.

It might be necessary for the application to be granted a {@link javax.security.auth.PrivateCredentialPermission PrivateCredentialPermission} if it needs to access the KerberosKey instance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KerberosKey. In that case, however, the application will need an appropriate {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.

author
Mayank Upadhyay
version
1.17, 01/13/04
since
1.4

Fields Summary
private static final long
serialVersionUID
private KerberosPrincipal
principal
The principal that this secret key belongs to.
private int
versionNum
the version number of this secret key
private KeyImpl
key
KeyImpl is serialized by writing out the ASN1 Encoded bytes of the encryption key. The ASN1 encoding is defined in RFC1510 and as follows: 
EncryptionKey ::= SEQUENCE {
keytype[0] INTEGER,
keyvalue[1] OCTET STRING
}
private transient boolean
destroyed
Constructors Summary
public KerberosKey(KerberosPrincipal principal, byte[] keyBytes, int keyType, int versionNum)
Constructs a KerberosKey from the given bytes when the key type and key version number are known. This can be used when reading the secret key information from a Kerberos "keytab".

param
principal the principal that this secret key belongs to
param
keyBytes the raw bytes for the secret key
param
keyType the key type for the secret key as defined by the Kerberos protocol specification.
param
versionNum the version number of this secret key


                                                                                     
      
		         
		        
		         
	this.principal = principal;
	this.versionNum = versionNum;
	key = new KeyImpl(keyBytes, keyType);
public KerberosKey(KerberosPrincipal principal, char[] password, String algorithm)
Constructs a KerberosKey from a principal's password.

param
principal the principal that this password belongs to
param
password the password that should be used to compute the key
param
algorithm the name for the algorithm that this key will be used for. This parameter may be null in which case the default algorithm "DES" will be assumed.
throws
IllegalArgumentException if the name of the algorithm passed is unsupported.


	this.principal = principal;
	// Pass principal in for salt
	key = new KeyImpl(principal, password, algorithm);
Methods Summary
public voiddestroy()
Destroys this key. A call to any of its other methods after this will cause an IllegalStateException to be thrown.

throws
DestroyFailedException if some error occurs while destorying this key.

	if (!destroyed) {
	    key.destroy();
	    principal = null;
	    destroyed = true;
	}
public final java.lang.StringgetAlgorithm()
Returns the standard algorithm name for this key. For example, "DES" would indicate that this key is a DES key. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.

return
the name of the algorithm associated with this key.

	if (destroyed)
	    throw new IllegalStateException("This key is no longer valid");
	return key.getAlgorithm();
public final byte[]getEncoded()
Returns the key material of this secret key.

return
the key material

	if (destroyed)
	    throw new IllegalStateException("This key is no longer valid");
	return key.getEncoded();
public final java.lang.StringgetFormat()
Returns the name of the encoding format for this secret key.

return
the String "RAW"

	if (destroyed)
	    throw new IllegalStateException("This key is no longer valid");
	return key.getFormat();
public final intgetKeyType()
Returns the key type for this long-term key.

return
the key type.

	if (destroyed)
	    throw new IllegalStateException("This key is no longer valid");
	return key.getKeyType();
public final javax.security.auth.kerberos.KerberosPrincipalgetPrincipal()
Returns the principal that this key belongs to.

return
the principal this key belongs to.

	if (destroyed)
	    throw new IllegalStateException("This key is no longer valid");
	return principal;
public final intgetVersionNumber()
Returns the key version number.

return
the key version number.

	if (destroyed)
	    throw new IllegalStateException("This key is no longer valid");
	return versionNum;
public booleanisDestroyed()
Determines if this key has been destroyed.

	return destroyed;
public java.lang.StringtoString()


	return "Kerberos Principal " + principal.toString() +
		"Key Version " + versionNum +
		"key "	+ key.toString();