public class

Credentials

extends Object
java.lang.Object
   ↳ sun.security.krb5.Credentials

Class Overview

This class encapsulates the concept of a Kerberos service credential. That includes a Kerberos ticket and an associated session key.

Summary

Public Constructors
Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_server, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr)
Credentials(byte[] encoding, String client, String server, byte[] keyBytes, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] cAddrs)
Public Methods
synchronized static Credentials acquireDefaultCreds()
Acquires default credentials.
static Credentials acquireServiceCreds(String service, Credentials ccreds)
Acquires credentials for a specified service using initial credential.
static Credentials acquireTGT(PrincipalName princ, EncryptionKey[] secretKeys, char[] password)
Returns a TGT for the given client principal via an AS-Exchange.
static Credentials acquireTGTFromCache(PrincipalName princ, String ticketCache)
Returns a TGT for the given client principal from a ticket cache.
boolean checkDelegate()
Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set
final Date getAuthTime()
CredentialsCache getCache()
final PrincipalName getClient()
Acquires a service ticket for the specified service principal.
final InetAddress[] getClientAddresses()
final byte[] getEncoded()
final Date getEndTime()
final boolean[] getFlags()
final Date getRenewTill()
final PrincipalName getServer()
static Credentials getServiceCreds(String serviceName, File keyTabFile)
Gets service credential from key table.
EncryptionKey getServiceKey()
final EncryptionKey getSessionKey()
final Date getStartTime()
Ticket getTicket()
TicketFlags getTicketFlags()
boolean isForwardable()
boolean isRenewable()
static void printDebug(Credentials c)
Credentials renew()
String toString()
Returns a string representation of the object.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public Credentials (Ticket new_ticket, PrincipalName new_client, PrincipalName new_server, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr)

public Credentials (byte[] encoding, String client, String server, byte[] keyBytes, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] cAddrs)

Public Methods

public static synchronized Credentials acquireDefaultCreds ()

Acquires default credentials.
The possible locations for default credentials cache is searched in the following order:

  1. The directory and cache file name specified by "KRB5CCNAME" system. property.
  2. The directory and cache file name specified by "KRB5CCNAME" environment variable.
  3. A cache file named krb5cc_{user.name} at {user.home} directory.

Returns
  • a KrbCreds object if the credential is found, otherwise return null.

public static Credentials acquireServiceCreds (String service, Credentials ccreds)

Acquires credentials for a specified service using initial credential. When the service has a different realm from the initial credential, we do cross-realm authentication - first, we use the current credential to get a cross-realm credential from the local KDC, then use that cross-realm credential to request service credential from the foreigh KDC.

Parameters
service the name of service principal using format components@realm
ccreds client's initial credential.
Returns
  • a Credentials object.
Throws
IOException if an error occurs in reading the credentials cache
KrbException if an error occurs specific to Kerberos

public static Credentials acquireTGT (PrincipalName princ, EncryptionKey[] secretKeys, char[] password)

Returns a TGT for the given client principal via an AS-Exchange. This method causes pre-authentication data to be sent in the AS-REQ.

Parameters
princ the client principal. This value cannot be null.

public static Credentials acquireTGTFromCache (PrincipalName princ, String ticketCache)

Returns a TGT for the given client principal from a ticket cache.

Parameters
princ the client principal. A value of null means that the default principal name in the credentials cache will be used.
ticketCache the path to the tickets file. A value of null will be accepted to indicate that the default path should be searched

public boolean checkDelegate ()

Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set

Returns
  • true if OK-AS_DELEGATE flag is set, otherwise, return false.

public final Date getAuthTime ()

public CredentialsCache getCache ()

public final PrincipalName getClient ()

Acquires a service ticket for the specified service principal. If the service ticket is not already available, it obtains a new one from the KDC.

public final InetAddress[] getClientAddresses ()

public final byte[] getEncoded ()

public final Date getEndTime ()

public final boolean[] getFlags ()

public final Date getRenewTill ()

public final PrincipalName getServer ()

public static Credentials getServiceCreds (String serviceName, File keyTabFile)

Gets service credential from key table. The credential is used to decrypt the received client message and authenticate the client by verifying the client's credential.

Parameters
serviceName the name of service, using format component@realm
keyTabFile the file of key table.
Returns
  • a KrbCreds object.

public EncryptionKey getServiceKey ()

public final EncryptionKey getSessionKey ()

public final Date getStartTime ()

public Ticket getTicket ()

public TicketFlags getTicketFlags ()

public boolean isForwardable ()

public boolean isRenewable ()

public static void printDebug (Credentials c)

public Credentials renew ()

public String toString ()

Returns a string representation of the object. In general, the toString method returns a string that "textually represents" this object. The result should be a concise but informative representation that is easy for a person to read. It is recommended that all subclasses override this method.

The toString method for class Object returns a string consisting of the name of the class of which the object is an instance, the at-sign character `@', and the unsigned hexadecimal representation of the hash code of the object. In other words, this method returns a string equal to the value of:

 getClass().getName() + '@' + Integer.toHexString(hashCode())
 

Returns
  • a string representation of the object.