File Doc Category Size Date Package
KerberosKey.java API Doc Java SE 6 API 8536 Tue Jun 10 00:26:28 BST 2008 javax.security.auth.kerberos

KerberosKey

java.lang.Object

public class KerberosKey extends Object implements SecretKey, Destroyable

This class encapsulates a long term secret key for a Kerberos principal.

All Kerberos JAAS login modules that obtain a principal's password and generate the secret key from it should use this class. Where available, the login module might even read this secret key directly from a Kerberos "keytab". Sometimes, such as when authenticating a server in the absence of user-to-user authentication, the login module will store an instance of this class in the private credential set of a {@link javax.security.auth.Subject Subject} during the commit phase of the authentication process.

It might be necessary for the application to be granted a {@link javax.security.auth.PrivateCredentialPermission PrivateCredentialPermission} if it needs to access the KerberosKey instance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KerberosKey. In that case, however, the application will need an appropriate {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.

author: Mayank Upadhyay
version: 1.20, 04/21/06
since: 1.4

Fields Summary
private static final long
serialVersionUID
private KerberosPrincipal
principal
The principal that this secret key belongs to.
private int
versionNum
the version number of this secret key
private KeyImpl
key
KeyImpl is serialized by writing out the ASN1 Encoded bytes of the encryption key. The ASN1 encoding is defined in RFC1510 and as follows:
EncryptionKey ::= SEQUENCE { keytype[0] INTEGER, keyvalue[1] OCTET STRING }
private transient boolean
destroyed
Constructors Summary
public KerberosKey(KerberosPrincipal principal, byte[] keyBytes, int keyType, int versionNum)
Constructs a KerberosKey from the given bytes when the key type and key version number are known. This can be used when reading the secret key information from a Kerberos "keytab".
param
principal the principal that this secret key belongs to
param
keyBytes the raw bytes for the secret key
param
keyType the key type for the secret key as defined by the Kerberos protocol specification.
param
versionNum the version number of this secret key
this.principal = principal; this.versionNum = versionNum; key = new KeyImpl(keyBytes, keyType);
public KerberosKey(KerberosPrincipal principal, char[] password, String algorithm)
Constructs a KerberosKey from a principal's password.
param
principal the principal that this password belongs to
param
password the password that should be used to compute the key
param
algorithm the name for the algorithm that this key will be used for. This parameter may be null in which case the default algorithm "DES" will be assumed.
throws
IllegalArgumentException if the name of the algorithm passed is unsupported.
this.principal = principal; // Pass principal in for salt key = new KeyImpl(principal, password, algorithm);
Methods Summary
public void destroy()
Destroys this key. A call to any of its other methods after this will cause an IllegalStateException to be thrown.
throws
DestroyFailedException if some error occurs while destorying this key.
if (!destroyed) { key.destroy(); principal = null; destroyed = true; }
public boolean equals(java.lang.Object other)
Compares the specified Object with this KerberosKey for equality. Returns true if the given object is also a KerberosKey and the two KerberosKey instances are equivalent.
param
other the Object to compare to
return
true if the specified object is equal to this KerberosKey, false otherwise. NOTE: Returns false if either of the KerberosKey objects has been destroyed.
since
1.6
if (other == this) return true; if (! (other instanceof KerberosKey)) { return false; } KerberosKey otherKey = ((KerberosKey) other); if (isDestroyed() || otherKey.isDestroyed()) { return false; } if (versionNum != otherKey.getVersionNumber() || getKeyType() != otherKey.getKeyType() || !Arrays.equals(getEncoded(), otherKey.getEncoded())) { return false; } if (principal == null) { if (otherKey.getPrincipal() != null) { return false; } } else { if (!principal.equals(otherKey.getPrincipal())) { return false; } } return true;
public final java.lang.String getAlgorithm()
Returns the standard algorithm name for this key. For example, "DES" would indicate that this key is a DES key. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
return
the name of the algorithm associated with this key.
if (destroyed) throw new IllegalStateException("This key is no longer valid"); return key.getAlgorithm();
public final byte[] getEncoded()
Returns the key material of this secret key.
return
the key material
if (destroyed) throw new IllegalStateException("This key is no longer valid"); return key.getEncoded();
public final java.lang.String getFormat()
Returns the name of the encoding format for this secret key.
return
the String "RAW"
if (destroyed) throw new IllegalStateException("This key is no longer valid"); return key.getFormat();
public final int getKeyType()
Returns the key type for this long-term key.
return
the key type.
if (destroyed) throw new IllegalStateException("This key is no longer valid"); return key.getKeyType();
public final javax.security.auth.kerberos.KerberosPrincipal getPrincipal()
Returns the principal that this key belongs to.
return
the principal this key belongs to.
if (destroyed) throw new IllegalStateException("This key is no longer valid"); return principal;
public final int getVersionNumber()
Returns the key version number.
return
the key version number.
if (destroyed) throw new IllegalStateException("This key is no longer valid"); return versionNum;
public int hashCode()
Returns a hashcode for this KerberosKey.
return
a hashCode() for the KerberosKey
since
1.6
int result = 17; if (isDestroyed()) { return result; } result = 37 * result + Arrays.hashCode(getEncoded()); result = 37 * result + getKeyType(); if (principal != null) { result = 37 * result + principal.hashCode(); } return result * 37 + versionNum;
public boolean isDestroyed()
Determines if this key has been destroyed.
return destroyed;
public java.lang.String toString()
if (destroyed) { return "Destroyed Principal"; } return "Kerberos Principal " + principal.toString() + "Key Version " + versionNum + "key " + key.toString();