javax.security.auth.kerberos

Class KerberosTicket

Implemented Interfaces:
Destroyable, Refreshable, Serializable

public class KerberosTicket
extends Object
implements Destroyable, Serializable, Refreshable

This class represents a Kerberos ticket. See the Kerberos authentication RFC for more information: RFC 1510.
Since:
1.4
See Also:
Serialized Form

Constructor Summary

KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client, KerberosPrincipal server, byte[] key, int type, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] clientAddresses)
Create a new ticket given all the facts about it.

Method Summary

void
destroy()
Destroy this ticket.
Date
getAuthTime()
Return the authentication time for this ticket.
KerberosPrincipal
getClient()
Return the client principal for this ticket.
InetAddress[]
getClientAddresses()
Return the allowable client addresses for this ticket.
byte[]
getEncoded()
Return the encoded form of this ticket.
Date
getEndTime()
Return the end time for this ticket.
boolean[]
getFlags()
Return the flags for this ticket as a boolean array.
Date
getRenewTill()
Return the renewal time for this ticket.
KerberosPrincipal
getServer()
Return the server principal for this ticket.
SecretKey
getSessionKey()
Return the secret key associated with this ticket.
int
getSessionKeyType()
Returns the type of the session key in accordance with RFC1510.
Date
getStartTime()
Return the start time for this ticket.
boolean
isCurrent()
Return true if the ticket is currently valid.
boolean
isDestroyed()
Return true if this ticket has been destroyed.
boolean
isForwardable()
Return true if this ticket is forwardable.
boolean
isForwarded()
Return true if this ticket has been forwarded.
boolean
isInitial()
Return true if this ticket was granted by an application server, and not via a ticket-granting ticket.
boolean
isPostdated()
Return true if this ticket was post-dated.
boolean
isProxiable()
Return true if this ticket is proxiable.
boolean
isProxy()
Return true if this ticket is a proxy ticket.
boolean
isRenewable()
Return true if this ticket is renewable.
void
refresh()
If the ticket is renewable, and the renewal time has not yet elapsed, attempt to renew the ticket.
String
toString()
Convert this Object to a human-readable String.

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KerberosTicket

public KerberosTicket(byte[] asn1Encoding,
                      KerberosPrincipal client,
                      KerberosPrincipal server,
                      byte[] key,
                      int type,
                      boolean[] flags,
                      Date authTime,
                      Date startTime,
                      Date endTime,
                      Date renewTill,
                      InetAddress[] clientAddresses)
Create a new ticket given all the facts about it. Note that flags may be null or "short"; any flags not specified will be taken to be false. If the key is not renewable, then renewTill may be null. If authTime is null, then it is taken to be the same as startTime. If clientAddresses is null, then the ticket can be used anywhere.
Parameters:
asn1Encoding - the contents of the ticket, as ASN1
client - the client principal
server - the server principal
key - the contents of the session key
type - the type of the key
flags - an array of flags, as specified by the RFC
authTime - when the client was authenticated
startTime - starting time at which the ticket is valid
endTime - ending time, after which the ticket is invalid
renewTill - for a rewewable ticket, the time before which it must be renewed
clientAddresses - a possibly-null array of addresses where this ticket may be used

Method Details

destroy

public void destroy()
            throws DestroyFailedException
Destroy this ticket. This discards secret information. After this method is called, other methods will throw IllegalStateException.
Specified by:
destroy in interface Destroyable

getAuthTime

public final Date getAuthTime()
Return the authentication time for this ticket.

getClient

public final KerberosPrincipal getClient()
Return the client principal for this ticket.

getClientAddresses

public final InetAddress[] getClientAddresses()
Return the allowable client addresses for this ticket. This will return null if the ticket can be used anywhere.

getEncoded

public final byte[] getEncoded()
Return the encoded form of this ticket.

getEndTime

public final Date getEndTime()
Return the end time for this ticket.

getFlags

public final boolean[] getFlags()
Return the flags for this ticket as a boolean array. See the RFC to understand what the different entries mean.

getRenewTill

public final Date getRenewTill()
Return the renewal time for this ticket. For a non-renewable ticket, this will return null.

getServer

public final KerberosPrincipal getServer()
Return the server principal for this ticket.

getSessionKey

public final SecretKey getSessionKey()
Return the secret key associated with this ticket.

getSessionKeyType

public final int getSessionKeyType()
Returns the type of the session key in accordance with RFC1510. This usually corresponds to the encryption algorithm used by the key, though more than one algorithm may use the same key type (e.g. DES with different checksum mechanisms and chaining modes). Negative values are reserved for local use. Non-negative values are for officially assigned type fields. The RFC defines:
  • 0 — null
  • 1 — DES (in CBC mode with either MD4 or MD5 checksums)
Returns:
the type of session key used by this ticket.

getStartTime

public final Date getStartTime()
Return the start time for this ticket.

isCurrent

public boolean isCurrent()
Return true if the ticket is currently valid. This is true if the system time is between the ticket's start and end times.
Specified by:
isCurrent in interface Refreshable

isDestroyed

public boolean isDestroyed()
Return true if this ticket has been destroyed.
Specified by:
isDestroyed in interface Destroyable

isForwardable

public final boolean isForwardable()
Return true if this ticket is forwardable.

isForwarded

public final boolean isForwarded()
Return true if this ticket has been forwarded.

isInitial

public final boolean isInitial()
Return true if this ticket was granted by an application server, and not via a ticket-granting ticket.

isPostdated

public final boolean isPostdated()
Return true if this ticket was post-dated.

isProxiable

public final boolean isProxiable()
Return true if this ticket is proxiable.

isProxy

public final boolean isProxy()
Return true if this ticket is a proxy ticket.

isRenewable

public final boolean isRenewable()
Return true if this ticket is renewable.

refresh

public void refresh()
            throws RefreshFailedException,
                   NotImplementedException
If the ticket is renewable, and the renewal time has not yet elapsed, attempt to renew the ticket.
Specified by:
refresh in interface Refreshable
Throws:
RefreshFailedException - if the renewal fails for any reason

toString

public String toString()
Convert this Object to a human-readable String. There are no limits placed on how long this String should be or what it should contain. We suggest you make it as intuitive as possible to be able to place it into System.out.println() and such.

It is typical, but not required, to ensure that this method never completes abruptly with a RuntimeException.

This method will be called when performing string concatenation with this object. If the result is null, string concatenation will instead use "null".

The default implementation returns getClass().getName() + "@" + Integer.toHexString(hashCode()).

Overrides:
toString in interface Object
Returns:
the String representing this Object, which may be null

KerberosTicket.java -- a kerberos ticket Copyright (C) 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.