Examples of KerberosKey

• javax.security.auth.kerberos.KerberosKey
  This class encapsulates a long term secret key for a Kerberos principal.

  All Kerberos JAAS login modules that obtain a principal's password and generate the secret key from it should use this class. Sometimes, such as when authenticating a server in the absence of user-to-user authentication, the login module will store an instance of this class in the private credential set of a {@link javax.security.auth.Subject Subject} during the commit phase of theauthentication process.

  A Kerberos service using a keytab to read secret keys should use the {@link KeyTab} class, where latest keys can be read when needed.

  It might be necessary for the application to be granted a {@link javax.security.auth.PrivateCredentialPermission PrivateCredentialPermission} if it needs to access the KerberosKeyinstance from a Subject. This permission is not needed when the application depends on the default JGSS Kerberos mechanism to access the KerberosKey. In that case, however, the application will need an appropriate {@link javax.security.auth.kerberos.ServicePermission ServicePermission}. @author Mayank Upadhyay @since 1.4

Examples of javax.security.auth.kerberos.KerberosKey

  private KerberosKey getKrbKey(Subject sub, int keyType) {
    Set<Object> creds = sub.getPrivateCredentials(Object.class);
    for (Iterator<Object> i = creds.iterator(); i.hasNext();) {
      Object cred = i.next();
      if (cred instanceof KerberosKey) {
        KerberosKey key = (KerberosKey) cred;
        if (key.getKeyType() == keyType) {
          return (KerberosKey) cred;
        }
      }
    }
    return null;

Examples of javax.security.auth.kerberos.KerberosKey

            byte[] keyBytes = key.getKeyValue();
            int type = key.getKeyType().getValue();
            int kvno = key.getKeyVersion();

            KerberosKey serviceKey = new KerberosKey( servicePrincipal, keyBytes, type, kvno );

            subject.getPrivateCredentials().add( serviceKey );
        }

        return subject;

Examples of javax.security.auth.kerberos.KerberosKey

     * @param passPhrase
     * @return The server's {@link EncryptionKey}.
     */
    protected EncryptionKey getEncryptionKey( KerberosPrincipal principal, String passPhrase )
    {
        KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), "AES128" );
        byte[] keyBytes = kerberosKey.getEncoded();
        EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, keyBytes );

        return key;
    }

Examples of javax.security.auth.kerberos.KerberosKey

            ApplicationRequestDecoder applicationRequestDecoder = new ApplicationRequestDecoder();
            ApplicationRequest applicationRequest = applicationRequestDecoder.decode(toByteArray(asn1InputStream));

            final int encryptionType = applicationRequest.getTicket().getEncPart().getEType().getOrdinal();
            KerberosKey kerberosKey = getKrbKey(subject, encryptionType);

            EncryptionKey encryptionKey =
                    new EncryptionKey(EncryptionType.getTypeByOrdinal(encryptionType), kerberosKey.getEncoded());

            CipherTextHandler cipherTextHandler = new CipherTextHandler();
            this.encTicketPart = (EncTicketPart) cipherTextHandler.unseal(
                    EncTicketPart.class, encryptionKey, applicationRequest.getTicket().getEncPart(), KeyUsage.NUMBER2);
        } catch (KerberosException e) {

Examples of javax.security.auth.kerberos.KerberosKey

    private KerberosKey getKrbKey(Subject sub, int keyType) {
        Set<Object> creds = sub.getPrivateCredentials(Object.class);
        for (Iterator<Object> i = creds.iterator(); i.hasNext(); ) {
            Object cred = i.next();
            if (cred instanceof KerberosKey) {
                KerberosKey key = (KerberosKey) cred;
                if (key.getKeyType() == keyType) {
                    return (KerberosKey) cred;
                }
            }
        }
        return null;

Examples of javax.security.auth.kerberos.KerberosKey

            {
                for ( PaData paData : preAuthData )
                {
                    if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
                    {
                        KerberosKey samKey = SamSubsystem.getInstance().verify( clientEntry,
                            paData.getPaDataValue() );
                        clientKey = new EncryptionKey( EncryptionType.getTypeByValue( samKey.getKeyType() ), samKey
                            .getEncoded() );
                    }
                }
            }
            catch ( SamException se )

Examples of javax.security.auth.kerberos.KerberosKey

    @Test
    public void testDesGoodPasswordDecrypt()
    {
        CipherTextHandler lockBox = new CipherTextHandler();
        KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
        KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" );
        EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
        EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, DES_ENCRYPTED_TIME_STAMP );

        try
        {
            byte[] paEncTsEncData = lockBox.decrypt( key, data, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );

Examples of javax.security.auth.kerberos.KerberosKey

    @Test
    public void testDesBadPasswordDecrypt()
    {
        CipherTextHandler lockBox = new CipherTextHandler();
        KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
        KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" );
        EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
        EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, DES_ENCRYPTED_TIME_STAMP );

        try
        {
            lockBox.decrypt( key, data, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );

Examples of javax.security.auth.kerberos.KerberosKey

    public void testTripleDesGoodPasswordDecrypt()
    {
        CipherTextHandler lockBox = new CipherTextHandler();
        KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        String algorithm = VendorHelper.getTripleDesAlgorithm();
        KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
        EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
        EncryptedData data = new EncryptedData( EncryptionType.DES3_CBC_SHA1_KD, 0, TRIPLE_DES_ENCRYPTED_TIME_STAMP );

        try
        {
            byte[] paEncTsEncData = lockBox.decrypt( key, data, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );

Examples of javax.security.auth.kerberos.KerberosKey

    public void testTripleDesGoodPasswordEncrypt() throws ParseException
    {
        CipherTextHandler lockBox = new CipherTextHandler();
        KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        String algorithm = VendorHelper.getTripleDesAlgorithm();
        KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
        EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );

        String zuluTime = "20070410190400Z";
        int microSeconds = 460450;
        PaEncTsEnc encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );