- java.lang.Object
- 
- javax.security.auth.kerberos.KerberosKey
 
- 
- All Implemented Interfaces:
- Serializable,- Key,- SecretKey,- Destroyable
 
 public class KerberosKey extends Object implements SecretKey This class encapsulates a long term secret key for a Kerberos principal.A KerberosKeyobject includes an EncryptionKey, aKerberosPrincipalas its owner, and the version number of the key.An EncryptionKey is defined in Section 4.2.9 of the Kerberos Protocol Specification (RFC 4120) as: EncryptionKey ::= SEQUENCE { keytype [0] Int32 -- actually encryption type --, keyvalue [1] OCTET STRING }The key material of aKerberosKeyis defined as the value of thekeyValueabove.All Kerberos JAAS login modules that obtain a principal's password and generate the secret key from it should use this class. Sometimes, such as when authenticating a server in the absence of user-to-user authentication, the login module will store an instance of this class in the private credential set of a Subjectduring the commit phase of the authentication process.A Kerberos service using a keytab to read secret keys should use the KeyTabclass, where latest keys can be read when needed.It might be necessary for the application to be granted a PrivateCredentialPermissionif it needs to access theKerberosKeyinstance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access theKerberosKey. In that case, however, the application will need an appropriateServicePermission.When creating a KerberosKeyusing theKerberosKey(KerberosPrincipal, char[], String)constructor, an implementation may accept non-IANA algorithm names (For example, "ArcFourMac" for "rc4-hmac"), but thegetAlgorithm()method must always return the IANA algorithm name.- Implementation Note:
- Old algorithm names used before JDK 9 are supported in the
 KerberosKey(KerberosPrincipal, char[], String)constructor in this implementation for compatibility reasons, which are "DES" (and null) for "des-cbc-md5", "DESede" for "des3-cbc-sha1-kd", "ArcFourHmac" for "rc4-hmac", "AES128" for "aes128-cts-hmac-sha1-96", and "AES256" for "aes256-cts-hmac-sha1-96".
- Since:
- 1.4
- See Also:
- Serialized Form
 
- 
- 
Constructor SummaryConstructors Constructor Description KerberosKey(KerberosPrincipal principal, byte[] keyBytes, int keyType, int versionNum)Constructs aKerberosKeyfrom the given bytes when the key type and key version number are known.KerberosKey(KerberosPrincipal principal, char[] password, String algorithm)Constructs aKerberosKeyfrom a principal's password using the specified algorithm name.
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description voiddestroy()Destroys this key by clearing out the key material of this secret key.booleanequals(Object other)Compares the specified object with thisKerberosKeyfor equality.StringgetAlgorithm()Returns the standard algorithm name for this key.byte[]getEncoded()Returns the key material of this secret key.StringgetFormat()Returns the name of the encoding format for this secret key.intgetKeyType()Returns the key type for this long-term key.KerberosPrincipalgetPrincipal()Returns the principal that this key belongs to.intgetVersionNumber()Returns the key version number.inthashCode()Returns a hash code for thisKerberosKey.booleanisDestroyed()Determines if this key has been destroyed.StringtoString()Returns an informative textual representation of thisKerberosKey.
 
- 
- 
- 
Constructor Detail- 
KerberosKeypublic KerberosKey(KerberosPrincipal principal, byte[] keyBytes, int keyType, int versionNum) Constructs aKerberosKeyfrom the given bytes when the key type and key version number are known. This can be used when reading the secret key information from a Kerberos "keytab".- Parameters:
- principal- the principal that this secret key belongs to
- keyBytes- the key material for the secret key
- keyType- the key type for the secret key as defined by the Kerberos protocol specification.
- versionNum- the version number of this secret key
 
 - 
KerberosKeypublic KerberosKey(KerberosPrincipal principal, char[] password, String algorithm) Constructs aKerberosKeyfrom a principal's password using the specified algorithm name. The algorithm name (case insensitive) should be provided as the encryption type string defined on the IANA Kerberos Encryption Type Numbers page. The version number of the key generated will be 0.- Parameters:
- principal- the principal that this password belongs to
- password- the password that should be used to compute the key
- algorithm- the name for the algorithm that this key will be used for
- Throws:
- IllegalArgumentException- if the name of the algorithm passed is unsupported.
 
 
- 
 - 
Method Detail- 
getPrincipalpublic final KerberosPrincipal getPrincipal() Returns the principal that this key belongs to.- Returns:
- the principal this key belongs to.
- Throws:
- IllegalStateException- if the key is destroyed
 
 - 
getVersionNumberpublic final int getVersionNumber() Returns the key version number.- Returns:
- the key version number.
- Throws:
- IllegalStateException- if the key is destroyed
 
 - 
getKeyTypepublic final int getKeyType() Returns the key type for this long-term key.- Returns:
- the key type.
- Throws:
- IllegalStateException- if the key is destroyed
 
 - 
getAlgorithmpublic final String getAlgorithm() Returns the standard algorithm name for this key. The algorithm names are the encryption type string defined on the IANA Kerberos Encryption Type Numbers page.This method can return the following value not defined on the IANA page: - none: for etype equal to 0
- unknown: for etype greater than 0 but unsupported by the implementation
- private: for etype smaller than 0
 - Specified by:
- getAlgorithmin interface- Key
- Returns:
- the name of the algorithm associated with this key.
- Throws:
- IllegalStateException- if the key is destroyed
 
 - 
getFormatpublic final String getFormat() Returns the name of the encoding format for this secret key.- Specified by:
- getFormatin interface- Key
- Returns:
- the String "RAW"
- Throws:
- IllegalStateException- if the key is destroyed
 
 - 
getEncodedpublic final byte[] getEncoded() Returns the key material of this secret key.- Specified by:
- getEncodedin interface- Key
- Returns:
- the key material
- Throws:
- IllegalStateException- if the key is destroyed
 
 - 
destroypublic void destroy() throws DestroyFailedExceptionDestroys this key by clearing out the key material of this secret key.- Specified by:
- destroyin interface- Destroyable
- Throws:
- DestroyFailedException- if some error occurs while destroying this key.
 
 - 
isDestroyedpublic boolean isDestroyed() Determines if this key has been destroyed.- Specified by:
- isDestroyedin interface- Destroyable
- Returns:
- true if this Objecthas been destroyed, false otherwise.
 
 - 
toStringpublic String toString() Returns an informative textual representation of thisKerberosKey.
 - 
hashCodepublic int hashCode() Returns a hash code for thisKerberosKey.- Overrides:
- hashCodein class- Object
- Returns:
- a hash code for this KerberosKey.
- Since:
- 1.6
- See Also:
- Object.equals(java.lang.Object),- System.identityHashCode(java.lang.Object)
 
 - 
equalspublic boolean equals(Object other) Compares the specified object with thisKerberosKeyfor equality. Returns true if the given object is also aKerberosKeyand the twoKerberosKeyinstances are equivalent. A destroyedKerberosKeyobject is only equal to itself.- Overrides:
- equalsin class- Object
- Parameters:
- other- the object to compare to
- Returns:
- true if the specified object is equal to this KerberosKey, false otherwise.
- Since:
- 1.6
- See Also:
- Object.hashCode(),- HashMap
 
 
- 
 
-