public class KerberosKey extends Object implements SecretKey, Destroyable
All Kerberos JAAS login modules that obtain a principal's password and
generate the secret key from it should use this class.
Sometimes, such as when authenticating a server in
the absence of user-to-user authentication, the login module will store
an instance of this class in the private credential set of a
Subject
during the commit phase of the
authentication process.
A Kerberos service using a keytab to read secret keys should use
the KeyTab
class, where latest keys can be read when needed.
It might be necessary for the application to be granted a
PrivateCredentialPermission
if it needs to access the KerberosKey
instance from a Subject. This permission is not needed when the
application depends on the default JGSS Kerberos mechanism to access the
KerberosKey. In that case, however, the application will need an
appropriate
ServicePermission
.
Constructor and Description |
---|
KerberosKey(KerberosPrincipal principal,
byte[] keyBytes,
int keyType,
int versionNum)
Constructs a KerberosKey from the given bytes when the key type and
key version number are known.
|
KerberosKey(KerberosPrincipal principal,
char[] password,
String algorithm)
Constructs a KerberosKey from a principal's password.
|
Modifier and Type | Method and Description |
---|---|
void |
destroy()
Destroys this key.
|
boolean |
equals(Object other)
Compares the specified Object with this KerberosKey for equality.
|
String |
getAlgorithm()
Returns the standard algorithm name for this key.
|
byte[] |
getEncoded()
Returns the key material of this secret key.
|
String |
getFormat()
Returns the name of the encoding format for this secret key.
|
int |
getKeyType()
Returns the key type for this long-term key.
|
KerberosPrincipal |
getPrincipal()
Returns the principal that this key belongs to.
|
int |
getVersionNumber()
Returns the key version number.
|
int |
hashCode()
Returns a hashcode for this KerberosKey.
|
boolean |
isDestroyed()
Determines if this key has been destroyed.
|
String |
toString()
Returns a string representation of the object.
|
public KerberosKey(KerberosPrincipal principal, byte[] keyBytes, int keyType, int versionNum)
principal
- the principal that this secret key belongs tokeyBytes
- the raw bytes for the secret keykeyType
- the key type for the secret key as defined by the
Kerberos protocol specification.versionNum
- the version number of this secret keypublic KerberosKey(KerberosPrincipal principal, char[] password, String algorithm)
principal
- the principal that this password belongs topassword
- the password that should be used to compute the keyalgorithm
- the name for the algorithm that this key will be
used for. This parameter may be null in which case the default
algorithm "DES" will be assumed.IllegalArgumentException
- if the name of the
algorithm passed is unsupported.public final KerberosPrincipal getPrincipal()
public final int getVersionNumber()
public final int getKeyType()
public final String getAlgorithm()
getAlgorithm
in interface Key
public final String getFormat()
public final byte[] getEncoded()
getEncoded
in interface Key
public void destroy() throws DestroyFailedException
destroy
in interface Destroyable
DestroyFailedException
- if some error occurs while destorying
this key.public boolean isDestroyed()
isDestroyed
in interface Destroyable
Object
has been destroyed,
false otherwise.public String toString()
Object
toString
method returns a string that
"textually represents" this object. The result should
be a concise but informative representation that is easy for a
person to read.
It is recommended that all subclasses override this method.
The toString
method for class Object
returns a string consisting of the name of the class of which the
object is an instance, the at-sign character `@
', and
the unsigned hexadecimal representation of the hash code of the
object. In other words, this method returns a string equal to the
value of:
getClass().getName() + '@' + Integer.toHexString(hashCode())
public int hashCode()
hashCode
in class Object
KerberosKey
Object.equals(java.lang.Object)
,
System.identityHashCode(java.lang.Object)
public boolean equals(Object other)
KerberosKey
and the two
KerberosKey
instances are equivalent.equals
in class Object
other
- the Object to compare toObject.hashCode()
,
HashMap
Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2022, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.