|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.dstc.security.kerberos.Kerberos
The main class for the kerberos package.
Field Summary | |
static int |
CKSUM_CRC32
Checksum type CRC32 (0x01) |
static int |
CKSUM_DES_MAC
Checksum type des-mac (0x04) |
static int |
CKSUM_MD4
Checksum type rsa-md4 (0x02) |
static int |
CKSUM_MD5
Checksum type rsa-md5 (0x07) |
static int |
DES_CBC_CRC
Encryption type des-cbc-crc (0x01) |
static int |
DES_CBC_MD4
Encryption type des-cbc-md4 (0x02) |
static int |
DES_CBC_MD5
Encryption type des-cbc-md5 (0x03) |
Method Summary | |
static APReq |
createApplicationRequest(Credential cred,
APOptions apOpts,
int seqNum,
Checksum cksum,
EncryptionKey subKey)
Creates and returns an APReq to hand over to a Kerberized application, using a supplied Credential and request options. |
static APRep |
createApplicationResponse(EncryptionKey key,
Date cTime,
int cusec,
int seqNum,
EncryptionKey subKey)
Creates and returns an APRep in response to a successful application request with a given Kerberos encryption key. |
KrbASReq |
createKrbASReq(PrincipalName sName,
KDCOptions options,
InetAddress[] adds,
Date validFrom,
Date validTill,
PaData[] padatas)
Creates and returns a KrbASReq in order to send to a KDC. |
static KrbCred |
createKrbCred(EncryptionKey key,
Credential[] creds)
Creates a KrbCred |
static KrbError |
createKrbError(int errorCode,
String server)
|
static KrbError |
createKrbError(int errorCode,
String realm,
PrincipalName sName)
|
KrbTGSReq |
createKrbTGSReq(Credential cred,
PrincipalName sName,
String realm,
KDCOptions options,
Date validFrom,
Date validTill,
InetAddress[] adds,
Ticket addTicket,
AuthorizationDataElement[] authData)
Creates and returns a KrbTGSReq in order to send to a KDC. |
static APReq |
decryptApplicationRequest(EncryptionKey key,
APReq apReq)
Decrypts a supplied APReq with a given Kerberos encryption key and returns a decrypted APReq. |
static APRep |
decryptApplicationResponse(EncryptionKey key,
APRep apRep)
Decrypts a supplied APRep with a given Kerberos encryption key and returns a decrypted APRep |
static KrbCred |
decryptKrbCred(EncryptionKey key,
KrbCred cred)
Decrypts a supplied KrbCred with a given Kerberos encryption key and returns a decrypted KrbCred |
static Ticket |
decryptTicket(EncryptionKey key,
Ticket ticket)
Decrypts a supplied Ticket with a given Kerberos encryption key and returns a decrypted Ticket |
KerberosContext |
getContext()
Returns the KerberosContext for this Kerberos instance |
GSSManager |
getGSSManager()
Returns the GSSManager for this Kerberos instance. |
static Kerberos |
getInstance()
Returns a Kerberos instance for a KerberosContext which is constructed from defaults and from information passed through system properties. |
static Kerberos |
getInstance(KerberosContext context)
Returns a Kerberos instance for a given KerberosContext |
KrbASRep |
getKrbASRepFromKDC(KrbASReq req,
EncryptionKey key)
Sends the supplied KrbASReq to the configured KDC, processes the reply and returns it as a KrbASRep, if successful. |
KrbTGSRep |
getKrbTGSRepFromKDC(KrbTGSReq req)
Sends the supplied KrbTGSReq to the configured KDC, processes the reply and returns it as a KrbTGSRep, if successful. |
static KerberosMessage |
getMessage(byte[] encoded)
Returns a KerberosMessage from its ASN.1 DER encoding. |
Credential |
processKrbASRep(KrbASRep rep,
EncryptionKey key)
Processes (decrypts with the supplied EncryptionKey) a KrbASRep obtained from a KDC and returns a Credential. |
Credential |
processKrbTGSRep(KrbTGSRep rep,
EncryptionKey key)
Processes (decrypts with the supplied EncryptionKey) a KrbTGSRep obtained from a KDC and returns a Credential. |
Credential |
requestInitialTicket(EncryptionKey key,
PrincipalName sName,
KDCOptions options,
Date validFrom,
Date validTill,
InetAddress[] adds,
PaData[] padatas)
|
Credential |
requestServiceTicket(Credential cred,
PrincipalName sName,
String serverRealm,
KDCOptions options)
|
Credential |
requestServiceTicket(Credential cred,
PrincipalName sName,
String serverRealm,
KDCOptions options,
Date validFrom,
Date validTill,
Ticket addTicket,
AuthorizationDataElement[] authData)
|
Credential |
requestTicketGrantingTicket(EncryptionKey key,
KDCOptions options)
|
Credential |
requestTicketGrantingTicket(EncryptionKey key,
KDCOptions options,
Date validFrom,
Date validTill,
InetAddress[] adds,
PaData[] padatas)
|
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final int DES_CBC_CRC
public static final int DES_CBC_MD4
public static final int DES_CBC_MD5
public static final int CKSUM_CRC32
public static final int CKSUM_MD4
public static final int CKSUM_DES_MAC
public static final int CKSUM_MD5
Method Detail |
public static Kerberos getInstance()
This factory method is for the benefit of applications which "access" the kerberos library through the GSSAPI call org.ietf.jgss.GSSManager.getInstance(). It is only valid for GSSAPI context initiators with a FileCredentialStore and context acceptors with a FileKeyTab (the standard MIT Kerberos scenario). Applications with different needs should instead use the alternative and more flexible factory method Kerberos.getInstance(KerberosContext).
Five system properties are consulted:
If jcsi.kerberos.principal is not set, the standard property java.user will be used in its place. If either jcsi.kerberos.realm or jcsi.kerberos.kdcHost is null, a RuntimeException will be thrown. Likewise if both the fourth and fifth properties are null.
public static Kerberos getInstance(KerberosContext context)
public KerberosContext getContext()
public GSSManager getGSSManager()
Note. Calling org.ietf.jgss.GSSManager.getInstance() is equivalent to calling Kerberos.getInstance().getGSSManager()
public KrbASReq createKrbASReq(PrincipalName sName, KDCOptions options, InetAddress[] adds, Date validFrom, Date validTill, PaData[] padatas) throws KerberosException
Note. Clients requiring authentication to a KDC do not normally need to handle KrbASReq directly. The requestInitialTicket() methods are recommended instead.
public KrbTGSReq createKrbTGSReq(Credential cred, PrincipalName sName, String realm, KDCOptions options, Date validFrom, Date validTill, InetAddress[] adds, Ticket addTicket, AuthorizationDataElement[] authData) throws KerberosException
Note. Clients requiring a service Ticket from a KDC do not normally need to handle KrbTGSReq directly. The requestServiceTicket() methods are recommended instead.
public Credential processKrbASRep(KrbASRep rep, EncryptionKey key) throws KerberosException
This method can handle password salts transparently. More specifically, if the KrbASRep has a PaData of type PaData.PA_PW_SALT (indicating a non-standard mix-in string for password-to-key conversion), and the supplied EncryptionKey is of type KerberosKey with a non-null getMixInString(), then updateMixIn() with the value specified in the PaData will be called on the KerberosKey before it is used to decrypt KrbASRep. Otherwise the passed-in EncryptionKey is used as is.
Note. Clients requiring an initial Ticket from a KDC do not normally need to handle KrbASRep directly. The requestInitialTicket() methods should be used, if possible.
public Credential processKrbTGSRep(KrbTGSRep rep, EncryptionKey key) throws KerberosException
Note. Clients requiring a service Ticket from a KDC do not normally need to handle KrbTGSRep directly. The requestServiceTicket() methods should be used, if possible.
public Credential requestTicketGrantingTicket(EncryptionKey key, KDCOptions options) throws KerberosException, IOException
public Credential requestTicketGrantingTicket(EncryptionKey key, KDCOptions options, Date validFrom, Date validTill, InetAddress[] adds, PaData[] padatas) throws KerberosException, IOException
public Credential requestInitialTicket(EncryptionKey key, PrincipalName sName, KDCOptions options, Date validFrom, Date validTill, InetAddress[] adds, PaData[] padatas) throws KerberosException, IOException
public KrbASRep getKrbASRepFromKDC(KrbASReq req, EncryptionKey key) throws KerberosException, IOException
If the KerberosError is one indicating pre-authentication required, a second request will be sent transparently with an PaEncTimestamp generated with the supplied EncryptionKey appended to the original KrbASReq. If this results in another KrbError from the KDC, a KerberosError exception will be thrown with the corresponding error code.
Note. Applications do not normally need to handle KrbASReq directly. The requestInitialTicket() methods should be sufficient for most users.
public Credential requestServiceTicket(Credential cred, PrincipalName sName, String serverRealm, KDCOptions options) throws KerberosException, IOException
public Credential requestServiceTicket(Credential cred, PrincipalName sName, String serverRealm, KDCOptions options, Date validFrom, Date validTill, Ticket addTicket, AuthorizationDataElement[] authData) throws KerberosException, IOException
public KrbTGSRep getKrbTGSRepFromKDC(KrbTGSReq req) throws KerberosException, IOException
Note. Applications do not normally need to handle KrbTGSReq directly. The requestServiceTicket() methods should be sufficient for most users.
public static APReq createApplicationRequest(Credential cred, APOptions apOpts, int seqNum, Checksum cksum, EncryptionKey subKey) throws KerberosException
Note. Applications do not normally need to handle APReq directly. Equivalent ways of dealing with this are available through the GSSAPI (context initiation), which is the recommended practice.
public static APReq decryptApplicationRequest(EncryptionKey key, APReq apReq) throws KerberosException
Note. Applications do not normally need to handle APReq directly. Equivalent ways of dealing with this are available through the GSSAPI (context acceptance), which is the recommended practice.
public static APRep createApplicationResponse(EncryptionKey key, Date cTime, int cusec, int seqNum, EncryptionKey subKey) throws KerberosException
Note. Applications do not normally need to handle APRep directly. Equivalent ways of dealing with this are available through the GSSAPI (context acceptance), which is the recommended practice.
public static APRep decryptApplicationResponse(EncryptionKey key, APRep apRep) throws KerberosException
Note. Applications do not normally need to handle APRep directly. Equivalent ways of dealing with this are available through the GSSAPI (context initiation), which is the recommended practice.
public static Ticket decryptTicket(EncryptionKey key, Ticket ticket) throws KerberosException
Note. Applications do not normally need to handle Tickets directly. Equivalent ways of dealing with this are available through the GSSAPI (context acceptance), which is the recommended practice.
public static KrbCred createKrbCred(EncryptionKey key, Credential[] creds) throws KerberosException
public static KrbCred decryptKrbCred(EncryptionKey key, KrbCred cred) throws KerberosException
Note. Applications do not normally need to handle KrbCred directly. Equivalent ways of dealing with this are available through the GSSAPI (context acceptance), which is the recommended practice.
public static KrbError createKrbError(int errorCode, String server) throws KerberosException
public static KrbError createKrbError(int errorCode, String realm, PrincipalName sName) throws KerberosException
public static KerberosMessage getMessage(byte[] encoded) throws KerberosException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |