Top Description Fields Constructors Methods
sun.security.krb5

public Class Credentials

extends Object
Class Inheritance
Imports
jdk.internal.util.OperatingSystem, sun.security.krb5.internal.*, sun.security.krb5.internal.ccache.CredentialsCache, sun.security.krb5.internal.crypto.EType, sun.security.util.SecurityProperties, java.io.IOException, java.util.Date, java.net.InetAddress
This class encapsulates the concept of a Kerberos service credential. That includes a Kerberos ticket and an associated session key.

Field Summary

Modifier and TypeField and Description
pack-priv static boolean
alreadyLoaded

private static boolean
alreadyTried

pack-priv KerberosTime
authTime

pack-priv AuthorizationData
authzData

pack-priv HostAddresses
cAddr

pack-priv PrincipalName
client

pack-priv PrincipalName
clientAlias

private static boolean
DEBUG

pack-priv KerberosTime
endTime

pack-priv TicketFlags
flags

pack-priv EncryptionKey
key

private Credentials
proxy

pack-priv KerberosTime
renewTill

public static final boolean
S4U2PROXY_ACCEPT_NON_FORWARDABLE

pack-priv PrincipalName
server

pack-priv PrincipalName
serverAlias

pack-priv KerberosTime
startTime

pack-priv Ticket
ticket

Constructor Summary

AccessConstructor and Description
public
Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_client_alias, PrincipalName new_server, PrincipalName new_server_alias, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr, AuthorizationData authzData)

public
Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_client_alias, PrincipalName new_server, PrincipalName new_server_alias, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr)

public
Credentials(byte[] encoding, String client, String clientAlias, String server, String serverAlias, byte[] keyBytes, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] cAddrs)

Method Summary

Modifier and TypeMethod and Description
public static synchronized Credentials

Returns:

a KrbCreds object if the credential is found, otherwise return null.
acquireDefaultCreds()

Acquires default credentials.

private static native Credentials
acquireDefaultNativeCreds(int[] eTypes)

public static Credentials
acquireS4U2proxyCreds(String service, Credentials userCreds, PrincipalName client, Credentials middleTGT)

public static Credentials
acquireS4U2selfCreds(PrincipalName user, Credentials middleTGT)

public static Credentials

Returns:

a Credentials object.
acquireServiceCreds(String
the name of service principal using format components@realm
service, Credentials
client's initial credential.
initCreds)

Acquires credentials for a specified service using initial credential.

public static Credentials

Returns:

the TGT credentials or null if none were found. If the tgt expired, it is the responsibility of the caller to determine this.
acquireTGTFromCache(PrincipalName
the client principal. A value of null means that the default principal name in the credentials cache will be used.
princ, String
the path to the tickets file. A value of null will be accepted to indicate that the default path should be searched
ticketCache)

Returns a TGT for the given client principal from a ticket cache.

public boolean

Returns:

true if OK-AS_DELEGATE flag is set, otherwise, return false.
checkDelegate()

Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set

private static KerberosTime
date2kt(Date d)

pack-priv static void
ensureLoaded()

public final Date
getAuthTime()

public AuthorizationData
getAuthzData()

public final PrincipalName
getClient()

Acquires a service ticket for the specified service principal.

public final InetAddress[]
getClientAddresses()

public final PrincipalName
getClientAlias()

public final byte[]
getEncoded()

public final Date
getEndTime()

public final boolean[]
getFlags()

public Credentials
getProxy()

public final Date
getRenewTill()

public final PrincipalName
getServer()

public final PrincipalName
getServerAlias()

public final EncryptionKey
getSessionKey()

public final Date
getStartTime()

public Ticket
getTicket()

public TicketFlags
getTicketFlags()

public boolean
isForwardable()

public boolean
isRenewable()

public static void
printDebug(Credentials c)

public Credentials
renew()

public void
resetDelegate()

Reset TKT_OPTS_DELEGATE to false, called at credentials acquirement when one of the cross-realm TGTs does not have the OK-AS-DELEGATE flag set.

public Credentials
setProxy(Credentials proxy)

public Credentials
toCCacheCreds()

public String
toString()

Overrides java.lang.Object.toString.

Returns a string representation of the object.
Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAllwaitwaitwait

Field Detail

alreadyLoadedback to summary
pack-priv static boolean alreadyLoaded
alreadyTriedback to summary
private static boolean alreadyTried
authTimeback to summary
pack-priv KerberosTime authTime
authzDataback to summary
pack-priv AuthorizationData authzData
cAddrback to summary
pack-priv HostAddresses cAddr
clientback to summary
pack-priv PrincipalName client
clientAliasback to summary
pack-priv PrincipalName clientAlias
DEBUGback to summary
private static boolean DEBUG
endTimeback to summary
pack-priv KerberosTime endTime
flagsback to summary
pack-priv TicketFlags flags
keyback to summary
pack-priv EncryptionKey key
proxyback to summary
private Credentials proxy
renewTillback to summary
pack-priv KerberosTime renewTill
S4U2PROXY_ACCEPT_NON_FORWARDABLEback to summary
public static final boolean S4U2PROXY_ACCEPT_NON_FORWARDABLE
serverback to summary
pack-priv PrincipalName server
serverAliasback to summary
pack-priv PrincipalName serverAlias
startTimeback to summary
pack-priv KerberosTime startTime
ticketback to summary
pack-priv Ticket ticket

Constructor Detail

Credentialsback to summary
public Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_client_alias, PrincipalName new_server, PrincipalName new_server_alias, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr, AuthorizationData authzData)
Credentialsback to summary
public Credentials(Ticket new_ticket, PrincipalName new_client, PrincipalName new_client_alias, PrincipalName new_server, PrincipalName new_server_alias, EncryptionKey new_key, TicketFlags new_flags, KerberosTime authTime, KerberosTime new_startTime, KerberosTime new_endTime, KerberosTime renewTill, HostAddresses cAddr)
Credentialsback to summary
public Credentials(byte[] encoding, String client, String clientAlias, String server, String serverAlias, byte[] keyBytes, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] cAddrs) throws KrbException, IOException

Method Detail

acquireDefaultCredsback to summary
public static synchronized Credentials acquireDefaultCreds()

Acquires default credentials.
The possible locations for default credentials cache is searched in the following order:

  1. The directory and cache file name specified by "KRB5CCNAME" system. property.
  2. The directory and cache file name specified by "KRB5CCNAME" environment variable.
  3. A cache file named krb5cc_{user.name} at {user.home} directory.
Returns:Credentials

a KrbCreds object if the credential is found, otherwise return null.

acquireDefaultNativeCredsback to summary
private static native Credentials acquireDefaultNativeCreds(int[] eTypes)
acquireS4U2proxyCredsback to summary
public static Credentials acquireS4U2proxyCreds(String service, Credentials userCreds, PrincipalName client, Credentials middleTGT) throws KrbException, IOException
acquireS4U2selfCredsback to summary
public static Credentials acquireS4U2selfCreds(PrincipalName user, Credentials middleTGT) throws KrbException, IOException
acquireServiceCredsback to summary
public static Credentials acquireServiceCreds(String service, Credentials initCreds) throws KrbException, IOException

Acquires credentials for a specified service using initial credential. When the service has a different realm from the initial credential, we do cross-realm authentication - first, we use the current credential to get a cross-realm credential from the local KDC, then use that cross-realm credential to request service credential from the foreigh KDC.

Parameters
service:String

the name of service principal using format components@realm

initCreds:Credentials

client's initial credential.

Returns:Credentials

a Credentials object.

Exceptions
KrbException:
if an error occurs specific to Kerberos
IOException:
if an error occurs in reading the credentials cache
acquireTGTFromCacheback to summary
public static Credentials acquireTGTFromCache(PrincipalName princ, String ticketCache) throws KrbException, IOException

Returns a TGT for the given client principal from a ticket cache.

Parameters
princ:PrincipalName

the client principal. A value of null means that the default principal name in the credentials cache will be used.

ticketCache:String

the path to the tickets file. A value of null will be accepted to indicate that the default path should be searched

Returns:Credentials

the TGT credentials or null if none were found. If the tgt expired, it is the responsibility of the caller to determine this.

checkDelegateback to summary
public boolean checkDelegate()

Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE flag set

Returns:boolean

true if OK-AS_DELEGATE flag is set, otherwise, return false.

date2ktback to summary
private static KerberosTime date2kt(Date d)
ensureLoadedback to summary
pack-priv static void ensureLoaded()
Annotations
@SuppressWarnings:removal
getAuthTimeback to summary
public final Date getAuthTime()
getAuthzDataback to summary
public AuthorizationData getAuthzData()
getClientback to summary
public final PrincipalName getClient()

Acquires a service ticket for the specified service principal. If the service ticket is not already available, it obtains a new one from the KDC.

getClientAddressesback to summary
public final InetAddress[] getClientAddresses()
getClientAliasback to summary
public final PrincipalName getClientAlias()
getEncodedback to summary
public final byte[] getEncoded()
getEndTimeback to summary
public final Date getEndTime()
getFlagsback to summary
public final boolean[] getFlags()
getProxyback to summary
public Credentials getProxy()
getRenewTillback to summary
public final Date getRenewTill()
getServerback to summary
public final PrincipalName getServer()
getServerAliasback to summary
public final PrincipalName getServerAlias()
getSessionKeyback to summary
public final EncryptionKey getSessionKey()
getStartTimeback to summary
public final Date getStartTime()
getTicketback to summary
public Ticket getTicket()
getTicketFlagsback to summary
public TicketFlags getTicketFlags()
isForwardableback to summary
public boolean isForwardable()
isRenewableback to summary
public boolean isRenewable()
printDebugback to summary
public static void printDebug(Credentials c)
renewback to summary
public Credentials renew() throws KrbException, IOException
resetDelegateback to summary
public void resetDelegate()

Reset TKT_OPTS_DELEGATE to false, called at credentials acquirement when one of the cross-realm TGTs does not have the OK-AS-DELEGATE flag set. This info must be preservable and restorable through the Krb5Util.credsToTicket/ticketToCreds() methods so that even if the service ticket is cached it still remembers the cross-realm authentication result.

setProxyback to summary
public Credentials setProxy(Credentials proxy)
toCCacheCredsback to summary
public Credentials toCCacheCreds()
toStringback to summary
public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object.

Returns:String

a string representation of the object