OpenJDK 1.23 · sun.security.krb5.Config · APIdia, the JavaDoc alternative

Modifier and Type	Class and Description
pack-priv static class	Config.FileExistsAction

Modifier and Type	Field and Description
private static final int	BASE16_0
private static final int	BASE16_1
private static final int	BASE16_2
private static final int	BASE16_3
private final String	defaultKDC
private final String	defaultRealm Specified by system properties.
public static final boolean	DISABLE_REFERRALS `sun.security.krb5.disableReferrals` property indicating whether or not cross-realm referrals (RFC 6806) are enabled.
public static final int	MAX_REFERRALS `sun.security.krb5.maxReferrals` property indicating the maximum number of cross-realm referral hops allowed.
private static Config	singleton
private Hashtable<String, Object>	stanzaTable

Access	Constructor and Description
private	Config() Private constructor - can not be instantiated externally.

Method Summary

Modifier and Type	Method and Description
private static String	Returns: the realm if correct, or null otherwise checkRealm(String mapRealm) Check if the provided realm is the correct realm
public int[]	defaultEtype(String configName) Returns all etypes specified in krb5.conf for the given configName, or all the builtin defaults.
public static int	Returns: time in seconds duration(String the string duration s) Translates a duration value into seconds.
public boolean	exists(String... keys) Returns true if keys exists, can be final string(s) or a sub-section
private boolean	fileExists(String name)
private String	findMacosConfigFile()
public String	Returns: the value. When there are multiple values for the same key, returns the first one. `null` is returned if not all the keys are defined. For example, `get("libdefaults", "forwardable")` will return null if "forwardable" is not defined in [libdefaults], and `get("realms", "R", "kdc")` will return null if "R" is not defined in [realms] or "kdc" is not defined for "R". get(String... the keys, as an array from section name, sub-section names (if any), to value name. keys) Gets the last-defined string value for the specified keys.
private Object	get0(String... keys)
public String	getAll(String... keys) Gets all values (at least one) for the specified keys separated by a whitespace, or null if there is no such keys.
private int	getBase(int i)
public Boolean	Returns: the boolean value, or null if there is no value defined or the value does not look like a boolean value. getBooleanObject(String... the keys, see `get(String...)` keys) Gets the boolean value for the specified keys.
public String	Returns: the default realm, always non null getDefaultRealm() Gets default realm.
public static synchronized Config	getInstance() Gets an instance of Config class.
public int	Returns: the int value, Integer.MIN_VALUE is returned if it cannot be found or the value is not a legal integer. getIntValue(String... the keys keys) Gets the int value for the specified keys.
private String	getJavaFileName() Gets the default Java configuration file name.
private String	Returns: the KDC getKDCFromDNS(String the realm for which the primary KDC is desired realm) Locate KDC using DNS
public String	Returns: the list of KDCs separated by a space, always non null getKDCList(String the realm for which the KDC list is desired realm) Returns a list of KDC's with each KDC separated by a space
private String	getNativeFileName() Gets the default native configuration file name.
private String	Returns: the Kerberos realm getRealmFromDNS() Locate Kerberos realm using DNS
private Vector<String>	getString0(String... keys)
public static int	getType(String input) Get the etype and checksum value for the specified encryption and checksum type.
private static native String	getWindowsDirectory(boolean isSystem)
private static boolean	isMacosLionOrBetter()
public void	listTable() For testing purpose.
private List<String>	Returns: normalized lines loadConfigFile(final String the configuration file fileName) Reads the configuration file and return normalized lines.
private int	Returns: an numeric value represented by the string parseIntValue(String the String to be converted to an Integer. input) Parses a string to an integer.
private Hashtable<String, Object>	parseStanzaTable(List<String> the normalized input as return by loadConfigFile v) Parses the input lines to a hashtable.
private static Void	readConfigFileLines(Path the krb5.conf file, must be absolute file, List<String> the lines. Comment and empty lines are removed, all lines trimmed, include and includedir directives resolved, unknown directives ignored content, Set<Path> a set of Paths to check for possible infinite loop dups) Reads the lines of the configuration file.
public static void	refresh() Refresh and reload the Configuration.
public void	resetDefaultRealm(String realm) Resets the default kdc realm.
public String	toString() Overrides java.lang.Object.toString. Returns a string representation of the object.
private static void	toStringInternal(String prefix, Object obj, StringBuffer sb)
private static String	unquote(String s)
public boolean	useAddresses() Check to use addresses in tickets use addresses if "no_addresses" or "noaddresses" is set to false
private boolean	useDNS(String name, boolean defaultValue) Check if need to use DNS to locate Kerberos services for name.
private boolean	useDNS_KDC() Check if need to use DNS to locate the KDC
private boolean	useDNS_Realm()

Inherited from java.lang.Object:: clone equals finalize getClass hashCode notify notifyAll wait wait wait

BASE16_0	back to summary
private static final int BASE16_0

BASE16_1	back to summary
private static final int BASE16_1

BASE16_2	back to summary
private static final int BASE16_2

BASE16_3	back to summary
private static final int BASE16_3

defaultKDC	back to summary
private final String defaultKDC

defaultRealm	back to summary
private final String defaultRealm Specified by system properties. Must be both null or non-null.

DISABLE_REFERRALS	back to summary
public static final boolean DISABLE_REFERRALS `sun.security.krb5.disableReferrals` property indicating whether or not cross-realm referrals (RFC 6806) are enabled.

MAX_REFERRALS	back to summary
public static final int MAX_REFERRALS `sun.security.krb5.maxReferrals` property indicating the maximum number of cross-realm referral hops allowed.

singleton	back to summary
private static Config singleton

stanzaTable	back to summary
private Hashtable<String, Object> stanzaTable

Config	back to summary
private Config() throws KrbException Private constructor - can not be instantiated externally.

Method Detail

checkRealm	back to summary
private static String checkRealm(String mapRealm) Check if the provided realm is the correct realm Returns:String the realm if correct, or null otherwise

checkRealm

back to summary

private static String checkRealm(String mapRealm)

Check if the provided realm is the correct realm

Returns:String: the realm if correct, or null otherwise

defaultEtype	back to summary
public int[] defaultEtype(String configName) throws KrbException Returns all etypes specified in krb5.conf for the given configName, or all the builtin defaults. This result is always non-empty. If no etypes are found, an exception is thrown.

duration	back to summary
public static int duration(String s) throws KrbException Translates a duration value into seconds. The format can be one of "h:m[:s]", "NdNhNmNs", and "N". See http://web.mit.edu/kerberos/krb5-devel/doc/basic/date_format.html#duration for definitions. Parameters s:String the string duration Returns:int time in seconds Exceptions KrbException: if format is illegal

duration

back to summary

public static int duration(String s) throws KrbException

Translates a duration value into seconds. The format can be one of "h:m[:s]", "NdNhNmNs", and "N". See http://web.mit.edu/kerberos/krb5-devel/doc/basic/date_format.html#duration for definitions.

Parameters

s:String: the string duration

Returns:int

time in seconds

Exceptions

KrbException:: if format is illegal

exists back to summary

exists	back to summary
public boolean exists(String... keys) Returns true if keys exists, can be final string(s) or a sub-section Exceptions IllegalArgumentException: if any of the keys is illegal (See `get`)

public boolean exists(String... keys)

Returns true if keys exists, can be final string(s) or a sub-section

Exceptions

IllegalArgumentException:: if any of the keys is illegal (See get)

fileExists	back to summary
private boolean fileExists(String name) Annotations @SuppressWarnings:removal

findMacosConfigFile	back to summary
private String findMacosConfigFile()

get back to summary

get	back to summary
public String get(String... keys) Gets the last-defined string value for the specified keys. Parameters keys:String[] the keys, as an array from section name, sub-section names (if any), to value name. Returns:String the value. When there are multiple values for the same key, returns the first one. `null` is returned if not all the keys are defined. For example, `get("libdefaults", "forwardable")` will return null if "forwardable" is not defined in [libdefaults], and `get("realms", "R", "kdc")` will return null if "R" is not defined in [realms] or "kdc" is not defined for "R". Exceptions IllegalArgumentException: if any of the keys is illegal, either because a key not the last one is not a (sub)section name or the last key is still a section name. For example, `get("libdefaults")` throws this exception because [libdefaults] is a section name instead of a value name, and `get("libdefaults", "forwardable", "tail")` also throws this exception because "forwardable" is already a value name and has no sub-key at all (given "forwardable" is defined, otherwise, this method has no knowledge if it's a value name or a section name),

public String get(String... keys)

Gets the last-defined string value for the specified keys.

Parameters

keys:String[]: the keys, as an array from section name, sub-section names (if any), to value name.

Returns:String

the value. When there are multiple values for the same key, returns the first one. null is returned if not all the keys are defined. For example, get("libdefaults", "forwardable") will return null if "forwardable" is not defined in [libdefaults], and get("realms", "R", "kdc") will return null if "R" is not defined in [realms] or "kdc" is not defined for "R".

Exceptions

IllegalArgumentException:: if any of the keys is illegal, either because a key not the last one is not a (sub)section name or the last key is still a section name. For example, get("libdefaults") throws this exception because [libdefaults] is a section name instead of a value name, and get("libdefaults", "forwardable", "tail") also throws this exception because "forwardable" is already a value name and has no sub-key at all (given "forwardable" is defined, otherwise, this method has no knowledge if it's a value name or a section name),

get0	back to summary
private Object get0(String... keys) Annotations @SuppressWarnings:unchecked

getAll back to summary

getAll	back to summary
public String getAll(String... keys) Gets all values (at least one) for the specified keys separated by a whitespace, or null if there is no such keys. The values can either be provided on a single line, or on multiple lines using the same key. When provided on a single line, the value can be comma or space separated. Exceptions IllegalArgumentException: if any of the keys is illegal (See `get`)

public String getAll(String... keys)

Gets all values (at least one) for the specified keys separated by a whitespace, or null if there is no such keys. The values can either be provided on a single line, or on multiple lines using the same key. When provided on a single line, the value can be comma or space separated.

Exceptions

IllegalArgumentException:: if any of the keys is illegal (See get)

getBase	back to summary
private int getBase(int i)

getBooleanObject back to summary

getBooleanObject	back to summary
public Boolean getBooleanObject(String... keys) Gets the boolean value for the specified keys. Returns TRUE if the string value is "yes", or "true", FALSE if "no", or "false", or null if otherwise or not defined. The comparison is case-insensitive. Parameters keys:String[] the keys, see `get(String...)` Returns:Boolean the boolean value, or null if there is no value defined or the value does not look like a boolean value. Exceptions IllegalArgumentException: see `get(String...)`

public Boolean getBooleanObject(String... keys)

Gets the boolean value for the specified keys. Returns TRUE if the string value is "yes", or "true", FALSE if "no", or "false", or null if otherwise or not defined. The comparison is case-insensitive.

Parameters

keys:String[]: the keys, see get(String...)

Returns:Boolean

the boolean value, or null if there is no value defined or the value does not look like a boolean value.

Exceptions

IllegalArgumentException:: see get(String...)

getDefaultRealm	back to summary
public String getDefaultRealm() throws KrbException Gets default realm. Returns:String the default realm, always non null Annotations @SuppressWarnings:removal Exceptions KrbException: where no realm can be located

getDefaultRealm

back to summary

public String getDefaultRealm() throws KrbException

Gets default realm.

Returns:String

the default realm, always non null

Annotations

@SuppressWarnings:removal

Exceptions

KrbException:: where no realm can be located

getInstance	back to summary
public static synchronized Config getInstance() throws KrbException Gets an instance of Config class. One and only one instance (the singleton) is returned. Exceptions KrbException: if error occurs when constructing a Config instance. Possible causes would be either of java.security.krb5.realm or java.security.krb5.kdc not specified, error reading configuration file.

getInstance

back to summary

public static synchronized Config getInstance() throws KrbException

Gets an instance of Config class. One and only one instance (the singleton) is returned.

Exceptions

KrbException:: if error occurs when constructing a Config instance. Possible causes would be either of java.security.krb5.realm or java.security.krb5.kdc not specified, error reading configuration file.

getIntValue back to summary

getIntValue	back to summary
public int getIntValue(String... keys) Gets the int value for the specified keys. Parameters keys:String[] the keys Returns:int the int value, Integer.MIN_VALUE is returned if it cannot be found or the value is not a legal integer. Exceptions IllegalArgumentException: if any of the keys is illegal See Also `get(java.lang.String[])`

public int getIntValue(String... keys)

Gets the int value for the specified keys.

Parameters

keys:String[]: the keys

Returns:int

the int value, Integer.MIN_VALUE is returned if it cannot be found or the value is not a legal integer.

Exceptions

IllegalArgumentException:: if any of the keys is illegal

See Also

get(java.lang.String[])

getJavaFileName	back to summary
private String getJavaFileName() Gets the default Java configuration file name. If the system property "java.security.krb5.conf" is defined, we'll use its value, no matter if the file exists or not. Otherwise, we will look at $JAVA_HOME/conf/security directory with "krb5.conf" name, and return it if the file exists. The method returns null if it cannot find a Java config file.

getKDCFromDNS	back to summary
private String getKDCFromDNS(String realm) throws KrbException Locate KDC using DNS Parameters realm:String the realm for which the primary KDC is desired Returns:String the KDC

getKDCFromDNS

back to summary

private String getKDCFromDNS(String realm) throws KrbException

Locate KDC using DNS

Parameters

realm:String: the realm for which the primary KDC is desired

Returns:String

the KDC

getKDCList	back to summary
public String getKDCList(String realm) throws KrbException Returns a list of KDC's with each KDC separated by a space Parameters realm:String the realm for which the KDC list is desired Returns:String the list of KDCs separated by a space, always non null Annotations @SuppressWarnings:removal Exceptions KrbException: if there's no way to find KDC for the realm

getKDCList

back to summary

public String getKDCList(String realm) throws KrbException

Returns a list of KDC's with each KDC separated by a space

Parameters

realm:String: the realm for which the KDC list is desired

Returns:String

the list of KDCs separated by a space, always non null

Annotations

@SuppressWarnings:removal

Exceptions

KrbException:: if there's no way to find KDC for the realm

getNativeFileName	back to summary
private String getNativeFileName() Gets the default native configuration file name. Depending on the OS type, the method returns the default native kerberos config file name, which is at windows directory with the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris, /etc/krb5.conf otherwise. Mac OSX X has a different file name. Note When the Terminal Service is started in Windows (from 2003), there are two kinds of Windows directories: A system one (say, C:\Windows), and a user-private one (say, C:\Users\Me\Windows). We will first look for krb5.ini in the user-private one. If not found, try the system one instead. This method will always return a non-null non-empty file name, even if that file does not exist.

getNativeFileName

back to summary

private String getNativeFileName()

Gets the default native configuration file name. Depending on the OS type, the method returns the default native kerberos config file name, which is at windows directory with the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris, /etc/krb5.conf otherwise. Mac OSX X has a different file name.

Note

When the Terminal Service is started in Windows (from 2003), there are two kinds of Windows directories: A system one (say, C:\Windows), and a user-private one (say, C:\Users\Me\Windows). We will first look for krb5.ini in the user-private one. If not found, try the system one instead. This method will always return a non-null non-empty file name, even if that file does not exist.

getRealmFromDNS	back to summary
private String getRealmFromDNS() throws KrbException Locate Kerberos realm using DNS Returns:String the Kerberos realm

getRealmFromDNS

back to summary

private String getRealmFromDNS() throws KrbException

Locate Kerberos realm using DNS

Returns:String: the Kerberos realm

getString0	back to summary
private Vector<String> getString0(String... keys) Annotations @SuppressWarnings:unchecked

getType	back to summary
public static int getType(String input) Get the etype and checksum value for the specified encryption and checksum type.

getWindowsDirectory	back to summary
private static native String getWindowsDirectory(boolean isSystem)

isMacosLionOrBetter	back to summary
private static boolean isMacosLionOrBetter()

listTable	back to summary
public void listTable() For testing purpose. This method lists all information being parsed from the configuration file to the hashtable.

loadConfigFile	back to summary
private List<String> loadConfigFile(final String fileName) throws IOException, KrbException Reads the configuration file and return normalized lines. If the original file is: [realms] EXAMPLE.COM = { kdc = kerberos.example.com ... } ... The result will be (no indentations): { realms = { EXAMPLE.COM = { kdc = kerberos.example.com ... } } ... } Parameters fileName:String the configuration file Returns:List<String> normalized lines Annotations @SuppressWarnings:removal

loadConfigFile

back to summary

private List<String> loadConfigFile(final String fileName) throws IOException, KrbException

Reads the configuration file and return normalized lines. If the original file is: [realms] EXAMPLE.COM = { kdc = kerberos.example.com ... } ... The result will be (no indentations): { realms = { EXAMPLE.COM = { kdc = kerberos.example.com ... } } ... }

Parameters

fileName:String: the configuration file

Returns:List<String>

normalized lines

Annotations

@SuppressWarnings:removal

parseIntValue	back to summary
private int parseIntValue(String input) throws NumberFormatException Parses a string to an integer. The convertible strings include the string representations of positive integers, negative integers, and hex decimal integers. Valid inputs are, e.g., -1234, +1234, 0x40000. Parameters input:String the String to be converted to an Integer. Returns:int an numeric value represented by the string Exceptions NumberFormatException: if the String does not contain a parsable integer.

parseIntValue

back to summary

private int parseIntValue(String input) throws NumberFormatException

Parses a string to an integer. The convertible strings include the string representations of positive integers, negative integers, and hex decimal integers. Valid inputs are, e.g., -1234, +1234, 0x40000.

Parameters

input:String: the String to be converted to an Integer.

Returns:int

an numeric value represented by the string

Exceptions

NumberFormatException:: if the String does not contain a parsable integer.

parseStanzaTable	back to summary
private Hashtable<String, Object> parseStanzaTable(List<String> v) throws KrbException Parses the input lines to a hashtable. The key would be section names (libdefaults, realms, domain_realms, etc), and the value would be another hashtable which contains the key-value pairs inside the section. The value of this sub-hashtable can be another hashtable containing another sub-sub-section or a non-empty vector of strings for final values (even if there is only one value defined). For top-level sections with duplicates names, their contents are merged. For sub-sections the former overwrites the latter. For final values, they are stored in a vector in their appearing order. Please note these values must appear in the same sub-section. Otherwise, the sub-section appears first should have already overridden the others. As a corner case, if the same name is used as both a section name and a value name, the first appearance decides the type. That is to say, if the first one is for a section, all latter appearances are ignored. If it's a value, latter appearances as sections are ignored, but those as values are added to the vector. The behavior described above is compatible to other krb5 implementations but it's not decumented publicly anywhere. the best practice is not to assume any kind of override functionality and only specify values for a particular key in one place. Parameters v:List<String> the normalized input as return by loadConfigFile Annotations @SuppressWarnings:unchecked Exceptions KrbException: if there is a file format error

parseStanzaTable

back to summary

private Hashtable<String, Object> parseStanzaTable(List<String> v) throws KrbException

Parses the input lines to a hashtable. The key would be section names (libdefaults, realms, domain_realms, etc), and the value would be another hashtable which contains the key-value pairs inside the section. The value of this sub-hashtable can be another hashtable containing another sub-sub-section or a non-empty vector of strings for final values (even if there is only one value defined).

For top-level sections with duplicates names, their contents are merged. For sub-sections the former overwrites the latter. For final values, they are stored in a vector in their appearing order. Please note these values must appear in the same sub-section. Otherwise, the sub-section appears first should have already overridden the others.

As a corner case, if the same name is used as both a section name and a value name, the first appearance decides the type. That is to say, if the first one is for a section, all latter appearances are ignored. If it's a value, latter appearances as sections are ignored, but those as values are added to the vector.

The behavior described above is compatible to other krb5 implementations but it's not decumented publicly anywhere. the best practice is not to assume any kind of override functionality and only specify values for a particular key in one place.

Parameters

v:List<String>: the normalized input as return by loadConfigFile

Annotations

@SuppressWarnings:unchecked

Exceptions

KrbException:: if there is a file format error

readConfigFileLines	back to summary
private static Void readConfigFileLines(Path file, List<String> content, Set<Path> dups) throws IOException Reads the lines of the configuration file. All include and includedir directives are resolved by calling this method recursively. Parameters file:Path the krb5.conf file, must be absolute content:List<String> the lines. Comment and empty lines are removed, all lines trimmed, include and includedir directives resolved, unknown directives ignored dups:Set<Path> a set of Paths to check for possible infinite loop Exceptions IOException: if there is an I/O error

readConfigFileLines

back to summary

private static Void readConfigFileLines(Path file, List<String> content, Set<Path> dups) throws IOException

Reads the lines of the configuration file. All include and includedir directives are resolved by calling this method recursively.

Parameters

file:Path: the krb5.conf file, must be absolute
content:List<String>: the lines. Comment and empty lines are removed, all lines trimmed, include and includedir directives resolved, unknown directives ignored
dups:Set<Path>: a set of Paths to check for possible infinite loop

Exceptions

IOException:: if there is an I/O error

refresh	back to summary
public static void refresh() throws KrbException Refresh and reload the Configuration. This could involve, for example reading the Configuration file again or getting the java.security.krb5.* system properties again. This method also tries its best to update static fields in other classes that depend on the configuration. Exceptions KrbException: if error occurs when constructing a Config instance. Possible causes would be either of java.security.krb5.realm or java.security.krb5.kdc not specified, error reading configuration file.

refresh

back to summary

public static void refresh() throws KrbException

Refresh and reload the Configuration. This could involve, for example reading the Configuration file again or getting the java.security.krb5.* system properties again. This method also tries its best to update static fields in other classes that depend on the configuration.

Exceptions

KrbException:: if error occurs when constructing a Config instance. Possible causes would be either of java.security.krb5.realm or java.security.krb5.kdc not specified, error reading configuration file.

resetDefaultRealm	back to summary
public void resetDefaultRealm(String realm) Resets the default kdc realm. We do not need to synchronize these methods since assignments are atomic This method was useless. Kept here in case some class still calls it.

toString back to summary

toString	back to summary
public String toString() Overrides java.lang.Object.toString. Doc from java.lang.Object.toString. Returns a string representation of the object. Satisfying this method's contract implies a non-`null` result must be returned. Returns:String a string representation of the object Annotations @Override

public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object. Satisfying this method's contract implies a non-null result must be returned.

Returns:String

a string representation of the object

Annotations

@Override

toStringInternal	back to summary
private static void toStringInternal(String prefix, Object obj, StringBuffer sb)

unquote	back to summary
private static String unquote(String s)

useAddresses	back to summary
public boolean useAddresses() Check to use addresses in tickets use addresses if "no_addresses" or "noaddresses" is set to false

useDNS	back to summary
private boolean useDNS(String name, boolean defaultValue) Check if need to use DNS to locate Kerberos services for name. If not defined, check dns_fallback, whose default value is true.

useDNS_KDC	back to summary
private boolean useDNS_KDC() Check if need to use DNS to locate the KDC

useDNS_Realm	back to summary
private boolean useDNS_Realm()

public Class Config

Nested and Inner Type Summary

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail

pack-priv Class Config.FileExistsAction

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail