Examples of javax.security.auth.kerberos.KerberosKey

• javax.security.auth.kerberos.KerberosKey
  This class encapsulates a long term secret key for a Kerberos principal.

  All Kerberos JAAS login modules that obtain a principal's password and generate the secret key from it should use this class. Sometimes, such as when authenticating a server in the absence of user-to-user authentication, the login module will store an instance of this class in the private credential set of a {@link javax.security.auth.Subject Subject} during the commit phase of theauthentication process.

  A Kerberos service using a keytab to read secret keys should use the {@link KeyTab} class, where latest keys can be read when needed.

  It might be necessary for the application to be granted a {@link javax.security.auth.PrivateCredentialPermission PrivateCredentialPermission} if it needs to access the KerberosKeyinstance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KerberosKey. In that case, however, the application will need an appropriate {@link javax.security.auth.kerberos.ServicePermission ServicePermission}. @author Mayank Upadhyay @since 1.4

            DerInputStream in = new DerInputStream(out.toByteArray());

            if (in.tag == KDCReply.AS_REP_ASN1.constrId) { //TODO AS reply
                KDCReply reply = (KDCReply) KDCReply.AS_REP_ASN1.decode(in);

                KerberosKey key = new KerberosKey(new KerberosPrincipal(cname
                        .getName()[0]
                        + '@' + realm, cname.getType()), password, "DES");

                reply.decrypt(key);

     */
    protected EncryptionKey getEncryptionKey( KerberosPrincipal principal, String passPhrase, List<EncryptionType> encryptionTypes )
    {
        EncryptionType encryptionType = encryptionTypes.get( 0 );

        KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), "AES128" );
        byte[] keyBytes = kerberosKey.getEncoded();
        EncryptionKey key = new EncryptionKey( encryptionType, keyBytes );

        return key;
    }

     * @param passPhrase
     * @return The server's {@link EncryptionKey}.
     */
    protected EncryptionKey getEncryptionKey( KerberosPrincipal principal, String passPhrase )
    {
        KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), "AES128" );
        byte[] keyBytes = kerberosKey.getEncoded();
        return new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, keyBytes );
    }

    /**
     * @tests serialization/deserialization compatibility.
     */
    public void testSerializationSelf() throws Exception {
        SerializationTest.verifySelf(new KerberosKey(PRINCIPAL, KEY_BYTES,
                KEY_TYPE, VERSION_NUM), COMPARATOR);
    }

    /**
     * @tests serialization/deserialization compatibility with RI.
     */
    public void testSerializationCompatibility() throws Exception {
        SerializationTest.verifyGolden(this, new KerberosKey(PRINCIPAL,
                KEY_BYTES, KEY_TYPE, VERSION_NUM), COMPARATOR);
    }

     *        javax.security.auth.kerberos.KerberosPrincipal, byte[], int, int)
     */
    public void test_Ctor1() {

        // OK to pass null value for principal parameter
        assertNull(new KerberosKey(null, keyBytes, 0, 0).getPrincipal());

        // NPE for null keyBytes parameter
        try {
            new KerberosKey(principal, null, 0, 0);
            fail("No expected NullPointerException");
        } catch (NullPointerException e) {
        }

        // construct with DES algorithm
        KerberosKey key = new KerberosKey(principal, keyBytes, 1, 123);
        assertEquals("DES algorithm", "DES", key.getAlgorithm());
        assertEquals("version number", 123, key.getVersionNumber());
        assertEquals("format", "RAW", key.getFormat());
        assertSame("principal", principal, key.getPrincipal());
        assertFalse("is destroyed", key.isDestroyed());

        // construct with NULL algorithm
        key = new KerberosKey(principal, keyBytes, 0, 0);
        assertEquals("NULL algorithm", "NULL", key.getAlgorithm());
        assertEquals("version number", 0, key.getVersionNumber());
    }

     */
    public void test_Ctor2() {

        // NPE for null value for principal parameter
        try {
            new KerberosKey(null, new char[10], "DES");
            fail("No expected NullPointerException");
        } catch (NullPointerException e) {
        }

        // NPE for null password value
        try {
            new KerberosKey(principal, null, "DES");
            fail("No expected NullPointerException");
        } catch (NullPointerException e) {
        }

        // IAE for unsupported algorithm
        try {
            new KerberosKey(principal, new char[10],
                    "there_is_no_such_algorithm");
            fail("No expected IllegalArgumentException");
        } catch (IllegalArgumentException e) {
        }

        // if algorithm parameter is null then DES is used
        KerberosKey key = new KerberosKey(principal, new char[10], null);

        assertEquals("algorithm", "DES", key.getAlgorithm());
        assertEquals("format", "RAW", key.getFormat());
        assertEquals("key type", 3, key.getKeyType());
        assertEquals("version number", 0, key.getVersionNumber());
        assertFalse("is destroyed", key.isDestroyed());
        assertSame("principal", principal, key.getPrincipal());
    }

    /**
     * @tests javax.security.auth.kerberos.KerberosKey#getEncoded()
     */
    public void test_getEncoded() {

        KerberosKey key = new KerberosKey(principal, keyBytes, 1, 123);

        byte[] keyBytes1 = key.getEncoded();
        assertTrue("encoded", Arrays.equals(keyBytes, keyBytes1));

        // bytes are copied each time we invoke the method
        assertNotSame("keyBytes immutability 1 ", keyBytes, keyBytes1);
        assertNotSame("keyBytes immutability 2 ", keyBytes1, key.getEncoded());

        // Test generation of DES key from password
        // test data from RFC 3961 (http://www.ietf.org/rfc/rfc3961.txt)
        // see A.2 test vectors
        // test data format: principal/password/DES key
        Object[][] testcases = {
                {
                        "raeburn@ATHENA.MIT.EDU",
                        "password",
                        new byte[] { (byte) 0xcb, (byte) 0xc2, (byte) 0x2f,
                                (byte) 0xae, (byte) 0x23, (byte) 0x52,
                                (byte) 0x98, (byte) 0xe3 } },
                {
                        "danny@WHITEHOUSE.GOV",
                        "potatoe",
                        new byte[] { (byte) 0xdf, (byte) 0x3d, (byte) 0x32,
                                (byte) 0xa7, (byte) 0x4f, (byte) 0xd9,
                                (byte) 0x2a, (byte) 0x01 } },
        // TODO add "pianist@EXAMPLE.COM" and "Juri ... @ATHENA.MIT.EDU"
        };

        for (Object[] element : testcases) {
            KerberosPrincipal kp = new KerberosPrincipal(
                    (String) element[0], 1);

            key = new KerberosKey(kp, ((String) element[1]).toCharArray(),
                    "DES");

            assertTrue("Testcase: " + (String) element[0], Arrays.equals(
                    (byte[]) element[2], key.getEncoded()));
        }
    }

    /**
     * @tests javax.security.auth.kerberos.KerberosKey#destroy()
     */
    public void test_destroy() throws Exception {

        KerberosKey key = new KerberosKey(principal, new char[10], "DES");

        assertFalse("not destroyed", key.isDestroyed());

        key.destroy();
        assertTrue("destroyed", key.isDestroyed());

        // no exceptions for second destroy() call
        key.destroy();

        // check that IllegalStateException is thrown for certain methods
        try {
            key.getAlgorithm();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }

        try {
            key.getEncoded();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }

        try {
            key.getFormat();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }

        try {
            key.getKeyType();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }

        try {
            key.getPrincipal();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }

        try {
            key.getVersionNumber();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }

        try {
            // but for serialization IOException is expected
            ObjectOutputStream out = new ObjectOutputStream(
                    new ByteArrayOutputStream());
            out.writeObject(key);
            fail("No expected IOException");
        } catch (IOException e) {
        }

        try {
            key.toString();
            fail("No expected IllegalStateException");
        } catch (IllegalStateException e) {
        }
    }

        // verify that env. is clean
        assertNull(System.getProperty(ENV_KDC));
        assertNull(System.getProperty(ENV_REALM));

        // create real DES key
        byte[] newSessionKey = new KerberosKey(new KerberosPrincipal(
                "me@MY.REALM"), "pwd".toCharArray(), "DES").getEncoded();

        myFlags[8] = true;
        krbTicket = new KerberosTicket(encTicket, pClient, pServer,
                newSessionKey, KEY_TYPE, myFlags, authTime, startTime, endTime,