|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
An interface to a Kerberos v5 Ticket, special cases of which are Ticket Granting Tickets (TGTs) and service Tickets.
Kerberos Tickets are for presentation to the Kerberos Ticket Granting Service (in the case of a TGT) or to Kerberized application services (in the case of service Tickets). A Ticket contains a non-encrypted part, which includes the realm and principal names of the target service. It also contains an encrypted part which includes the realm and principal names of the client and the session key shared by the client and the service. The encrypted part of a Ticket is encrypted in the long-term key of the target service.
The Kerberos Ticket structure is defined in RFC 1510 as
Ticket ::= [APPLICATION 1] SEQUENCE { tkt-vno[0] INTEGER, realm[1] Realm, sname[2] PrincipalName, enc-part[3] EncryptedData } -- Encrypted part of ticket EncTicketPart ::= [APPLICATION 3] SEQUENCE { flags[0] TicketFlags, key[1] EncryptionKey, crealm[2] Realm, cname[3] PrincipalName, transited[4] TransitedEncoding, authtime[5] KerberosTime, starttime[6] KerberosTime OPTIONAL, endtime[7] KerberosTime, renew-till[8] KerberosTime OPTIONAL, caddr[9] HostAddresses OPTIONAL, authorization-data[10] AuthorizationData OPTIONAL }
This interface allows examination of all Ticket fields. However, if the Ticket has not already been decrypted with the target's long-term key, calling get() methods on the encrypted fields will throw a NotYetDecryptedException. These methods are primarily for the use of Kerberized services. For clients of these services, a Kerberos Ticket is normally to be treated as an opaque blob.
Kerberos
Method Summary | |
AuthorizationDataElement[] |
getAuthData()
Returns all the authorization data for this Ticket. |
Date |
getAuthTime()
Returns the time of initial authentication for this Ticket |
InetAddress[] |
getClientAddresses()
Returns all client addresses for which this Ticket is valid. |
PrincipalName |
getClientName()
Returns the client's principal name for this Ticket |
String |
getClientRealm()
Returns the client's realm for this Ticket |
byte[] |
getEncoded()
Returns the ASN.1 DER encoding for this Ticket |
Date |
getEndTime()
Returns the expiration time for this Ticket |
EncryptionKey |
getKey()
Returns the session key in this Ticket |
String |
getRealm()
Returns the service realm for this Ticket |
Date |
getRenewTill()
Returns the absolute expiration time for this Ticket, including renewals or null if absent. |
PrincipalName |
getServerName()
Returns the service principal name for this Ticket |
Date |
getStartTime()
Returns the time after which this Ticket is valid, or null if absent in which case the initial authentication time is the effective start time. |
TicketFlags |
getTicketFlags()
Returns the ticket flags for this Ticket |
String[] |
getTransited()
Returns the names of the realms which took part in authenticating the user to whom this Ticket was issued. |
boolean |
isValid()
Returns true if this Ticket is valid at the time this method call is made. |
Methods inherited from interface com.dstc.security.kerberos.msg.EncryptedPart |
decrypt,
encryptionType,
initDecrypt |
Method Detail |
public String getRealm()
public PrincipalName getServerName()
public TicketFlags getTicketFlags() throws NotYetDecryptedException
public EncryptionKey getKey() throws NotYetDecryptedException
public String getClientRealm() throws NotYetDecryptedException
public PrincipalName getClientName() throws NotYetDecryptedException
public String[] getTransited() throws NotYetDecryptedException
public Date getAuthTime() throws NotYetDecryptedException
public Date getStartTime() throws NotYetDecryptedException
public Date getEndTime() throws NotYetDecryptedException
public boolean isValid() throws NotYetDecryptedException
public Date getRenewTill() throws NotYetDecryptedException
public InetAddress[] getClientAddresses() throws NotYetDecryptedException
public AuthorizationDataElement[] getAuthData() throws NotYetDecryptedException
public byte[] getEncoded() throws KerberosException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |