javax.security.auth.kerberos
Class KerberosTicket
- Destroyable, Refreshable, Serializable
This class represents a Kerberos ticket. See the Kerberos
authentication RFC for more information:
RFC 1510.
KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client, KerberosPrincipal server, byte[] key, int type, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] clientAddresses)- Create a new ticket given all the facts about it.
|
void | destroy()- Destroy this ticket.
|
Date | getAuthTime()- Return the authentication time for this ticket.
|
KerberosPrincipal | getClient()- Return the client principal for this ticket.
|
InetAddress[] | getClientAddresses()- Return the allowable client addresses for this ticket.
|
byte[] | getEncoded()- Return the encoded form of this ticket.
|
Date | getEndTime()- Return the end time for this ticket.
|
boolean[] | getFlags()- Return the flags for this ticket as a boolean array.
|
Date | getRenewTill()- Return the renewal time for this ticket.
|
KerberosPrincipal | getServer()- Return the server principal for this ticket.
|
SecretKey | getSessionKey()- Return the secret key associated with this ticket.
|
int | getSessionKeyType()-
Returns the type of the session key in accordance with
RFC1510.
|
Date | getStartTime()- Return the start time for this ticket.
|
boolean | isCurrent()- Return true if the ticket is currently valid.
|
boolean | isDestroyed()- Return true if this ticket has been destroyed.
|
boolean | isForwardable()- Return true if this ticket is forwardable.
|
boolean | isForwarded()- Return true if this ticket has been forwarded.
|
boolean | isInitial()- Return true if this ticket was granted by an application
server, and not via a ticket-granting ticket.
|
boolean | isPostdated()- Return true if this ticket was post-dated.
|
boolean | isProxiable()- Return true if this ticket is proxiable.
|
boolean | isProxy()- Return true if this ticket is a proxy ticket.
|
boolean | isRenewable()- Return true if this ticket is renewable.
|
void | refresh()- If the ticket is renewable, and the renewal time has not yet elapsed,
attempt to renew the ticket.
|
String | toString()- Convert this Object to a human-readable String.
|
clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait |
KerberosTicket
public KerberosTicket(byte[] asn1Encoding,
KerberosPrincipal client,
KerberosPrincipal server,
byte[] key,
int type,
boolean[] flags,
Date authTime,
Date startTime,
Date endTime,
Date renewTill,
InetAddress[] clientAddresses) Create a new ticket given all the facts about it.
Note that flags may be null or "short"; any flags not specified
will be taken to be false.
If the key is not renewable, then renewTill may be null.
If authTime is null, then it is taken to be the same as startTime.
If clientAddresses is null, then the ticket can be used anywhere.
asn1Encoding - the contents of the ticket, as ASN1client - the client principalserver - the server principalkey - the contents of the session keytype - the type of the keyflags - an array of flags, as specified by the RFCauthTime - when the client was authenticatedstartTime - starting time at which the ticket is validendTime - ending time, after which the ticket is invalidrenewTill - for a rewewable ticket, the time before which it must
be renewedclientAddresses - a possibly-null array of addresses where this
ticket may be used
getAuthTime
public final Date getAuthTime()
Return the authentication time for this ticket.
getClientAddresses
public final InetAddress[] getClientAddresses()
Return the allowable client addresses for this ticket. This will
return null if the ticket can be used anywhere.
getEncoded
public final byte[] getEncoded()
Return the encoded form of this ticket.
getEndTime
public final Date getEndTime()
Return the end time for this ticket.
getFlags
public final boolean[] getFlags()
Return the flags for this ticket as a boolean array.
See the RFC to understand what the different entries mean.
getRenewTill
public final Date getRenewTill()
Return the renewal time for this ticket. For a non-renewable
ticket, this will return null.
getSessionKeyType
public final int getSessionKeyType()
Returns the type of the session key in accordance with
RFC1510. This usually corresponds to the encryption
algorithm used by the key, though more than one algorithm
may use the same key type (e.g. DES with different checksum
mechanisms and chaining modes). Negative values are reserved
for local use. Non-negative values are for officially assigned
type fields. The RFC defines:
- 0 — null
- 1 — DES (in CBC mode with either MD4 or MD5 checksums)
- the type of session key used by this ticket.
getStartTime
public final Date getStartTime()
Return the start time for this ticket.
isCurrent
public boolean isCurrent()
Return true if the ticket is currently valid. This is true if
the system time is between the ticket's start and end times.
- isCurrent in interface Refreshable
isForwardable
public final boolean isForwardable()
Return true if this ticket is forwardable.
isForwarded
public final boolean isForwarded()
Return true if this ticket has been forwarded.
isInitial
public final boolean isInitial()
Return true if this ticket was granted by an application
server, and not via a ticket-granting ticket.
isPostdated
public final boolean isPostdated()
Return true if this ticket was post-dated.
isProxiable
public final boolean isProxiable()
Return true if this ticket is proxiable.
isProxy
public final boolean isProxy()
Return true if this ticket is a proxy ticket.
isRenewable
public final boolean isRenewable()
Return true if this ticket is renewable.
toString
public String toString()
Convert this Object to a human-readable String.
There are no limits placed on how long this String
should be or what it should contain. We suggest you
make it as intuitive as possible to be able to place
it into
System.out.println()
and such.
It is typical, but not required, to ensure that this method
never completes abruptly with a
RuntimeException.
This method will be called when performing string
concatenation with this object. If the result is
null, string concatenation will instead
use
"null".
The default implementation returns
getClass().getName() + "@" +
Integer.toHexString(hashCode()).
- toString in interface Object
- the String representing this Object, which may be null
KerberosTicket.java -- a kerberos ticket
Copyright (C) 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version.