Examples of KerberosKey

• javax.security.auth.kerberos.KerberosKey
  This class encapsulates a long term secret key for a Kerberos principal.

  All Kerberos JAAS login modules that obtain a principal's password and generate the secret key from it should use this class. Sometimes, such as when authenticating a server in the absence of user-to-user authentication, the login module will store an instance of this class in the private credential set of a {@link javax.security.auth.Subject Subject} during the commit phase of theauthentication process.

  A Kerberos service using a keytab to read secret keys should use the {@link KeyTab} class, where latest keys can be read when needed.

  It might be necessary for the application to be granted a {@link javax.security.auth.PrivateCredentialPermission PrivateCredentialPermission} if it needs to access the KerberosKeyinstance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KerberosKey. In that case, however, the application will need an appropriate {@link javax.security.auth.kerberos.ServicePermission ServicePermission}. @author Mayank Upadhyay @since 1.4

Examples of javax.security.auth.kerberos.KerberosKey

    public void testTripleDesGoodPasswordEncrypt() throws ParseException
    {
        CipherTextHandler lockBox = new CipherTextHandler();
        KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        String algorithm = VendorHelper.getTripleDesAlgorithm();
        KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
        EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );

        String zuluTime = "20070410190400Z";
        int microSeconds = 460450;
        EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );

Examples of javax.security.auth.kerberos.KerberosKey

        }

        CipherTextHandler lockBox = new CipherTextHandler();
        Class hint = EncryptedTimeStamp.class;
        KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
        EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
        EncryptedData data = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 0, aes128EncryptedTimeStamp );

        try
        {
            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );

Examples of javax.security.auth.kerberos.KerberosKey

            return;
        }

        CipherTextHandler lockBox = new CipherTextHandler();
        KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
        EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );

        String zuluTime = "20070410190400Z";
        int microSeconds = 460450;
        EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );

Examples of javax.security.auth.kerberos.KerberosKey

        }

        CipherTextHandler lockBox = new CipherTextHandler();
        Class hint = EncryptedTimeStamp.class;

        KerberosKey kerberosKey;

        try
        {
            KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
            kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
        }
        catch ( IllegalArgumentException iae )
        {
            // Algorithm AES256 not enabled
            return;
        }

        EncryptionKey key = new EncryptionKey( EncryptionType.AES256_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
        EncryptedData data = new EncryptedData( EncryptionType.AES256_CTS_HMAC_SHA1_96, 0, aes256EncryptedTimeStamp );

        try
        {
            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );

Examples of javax.security.auth.kerberos.KerberosKey

            return;
        }

        CipherTextHandler lockBox = new CipherTextHandler();

        KerberosKey kerberosKey;

        try
        {
            KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
            kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
        }
        catch ( IllegalArgumentException iae )
        {
            // Algorithm AES256 not enabled
            return;
        }

        EncryptionKey key = new EncryptionKey( EncryptionType.AES256_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );

        String zuluTime = "20070410190400Z";
        int microSeconds = 460450;
        EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );

Examples of javax.security.auth.kerberos.KerberosKey

      for (Iterator iter = creds.iterator();
           iter.hasNext();)
      {
          Object cred = iter.next();
          if (cred instanceof KerberosKey) {
        KerberosKey key = (KerberosKey) cred;
        if (!key.isDestroyed() &&
            key.getPrincipal().equals(principal))
        {
            return key;
        }
          }
      }

Examples of javax.security.auth.kerberos.KerberosKey

      throws IOException
  {
      if (requestDispatcher == null)
    throw new NullPointerException("null dispatcher is passed in");

      KerberosKey serverKey;
      GSSCredential serverCred;
      try {
    // make sure that serverPrincipal is in serverSubject
    if (serverSubject != null &&
        !serverSubject.getPrincipals().contains(serverPrincipal))

Examples of javax.security.auth.kerberos.KerberosKey

        // verify that env. is clean
        assertNull(System.getProperty(ENV_KDC));
        assertNull(System.getProperty(ENV_REALM));

        // create real DES key
        byte[] newSessionKey = new KerberosKey(new KerberosPrincipal(
                "me@MY.REALM"), "pwd".toCharArray(), "DES").getEncoded();

        myFlags[8] = true;
        krbTicket = new KerberosTicket(encTicket, pClient, pServer,
                newSessionKey, KEY_TYPE, myFlags, authTime, startTime, endTime,

Examples of javax.security.auth.kerberos.KerberosKey

            ApplicationRequestDecoder applicationRequestDecoder = new ApplicationRequestDecoder();
            ApplicationRequest applicationRequest = applicationRequestDecoder.decode(toByteArray(asn1InputStream));

            final int encryptionType = applicationRequest.getTicket().getEncPart().getEType().getOrdinal();
            KerberosKey kerberosKey = getKrbKey(subject, encryptionType);

            EncryptionKey encryptionKey =
                    new EncryptionKey(EncryptionType.getTypeByOrdinal(encryptionType), kerberosKey.getEncoded());

            CipherTextHandler cipherTextHandler = new CipherTextHandler();
            this.encTicketPart = (EncTicketPart) cipherTextHandler.unseal(
                    EncTicketPart.class, encryptionKey, applicationRequest.getTicket().getEncPart(), KeyUsage.NUMBER2);
        } catch (KerberosException e) {

Examples of javax.security.auth.kerberos.KerberosKey

    private KerberosKey getKrbKey(Subject sub, int keyType) {
        Set<Object> creds = sub.getPrivateCredentials(Object.class);
        for (Iterator<Object> i = creds.iterator(); i.hasNext(); ) {
            Object cred = i.next();
            if (cred instanceof KerberosKey) {
                KerberosKey key = (KerberosKey) cred;
                if (key.getKeyType() == keyType) {
                    return (KerberosKey) cred;
                }
            }
        }
        return null;