/*
* Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.security.auth.kerberos;
import javax.security.auth.Destroyable;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
This class encapsulates a Kerberos 5 KRB_CRED message which can be used to
send Kerberos credentials from one principal to another.
A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol
Specification (RFC 4120) as:
KRB-CRED ::= [APPLICATION 22] SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] INTEGER (22),
tickets [2] SEQUENCE OF Ticket,
enc-part [3] EncryptedData -- EncKrbCredPart
}
Since: 9
/**
* This class encapsulates a Kerberos 5 KRB_CRED message which can be used to
* send Kerberos credentials from one principal to another.<p>
*
* A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol
* Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as:
* <pre>
* KRB-CRED ::= [APPLICATION 22] SEQUENCE {
* pvno [0] INTEGER (5),
* msg-type [1] INTEGER (22),
* tickets [2] SEQUENCE OF Ticket,
* enc-part [3] EncryptedData -- EncKrbCredPart
* }
* </pre>
*
* @since 9
*/
public final class KerberosCredMessage implements Destroyable {
final private KerberosPrincipal sender;
final private KerberosPrincipal recipient;
final private byte[] message;
private boolean destroyed = false;
Constructs a KerberosCredMessage
object. The contents of the message
argument are copied; subsequent modification of the byte array does not affect the newly created object.
Params: - sender – the sender of the message
- recipient – the recipient of the message
- message – the DER encoded KRB_CRED message
Throws: - NullPointerException – if any of sender, recipient
or message is null
/**
* Constructs a {@code KerberosCredMessage} object.
* <p>
* The contents of the {@code message} argument are copied; subsequent
* modification of the byte array does not affect the newly created object.
*
* @param sender the sender of the message
* @param recipient the recipient of the message
* @param message the DER encoded KRB_CRED message
* @throws NullPointerException if any of sender, recipient
* or message is null
*/
public KerberosCredMessage(KerberosPrincipal sender,
KerberosPrincipal recipient,
byte[] message) {
this.sender = Objects.requireNonNull(sender);
this.recipient = Objects.requireNonNull(recipient);
this.message = Objects.requireNonNull(message).clone();
}
Returns the DER encoded form of the KRB_CRED message.
Throws: - IllegalStateException – if the object is destroyed
Returns: a newly allocated byte array that contains the encoded form
/**
* Returns the DER encoded form of the KRB_CRED message.
*
* @return a newly allocated byte array that contains the encoded form
* @throws IllegalStateException if the object is destroyed
*/
public byte[] getEncoded() {
if (destroyed) {
throw new IllegalStateException("This object is no longer valid");
}
return message.clone();
}
Returns the sender of this message.
Throws: - IllegalStateException – if the object is destroyed
Returns: the sender
/**
* Returns the sender of this message.
*
* @return the sender
* @throws IllegalStateException if the object is destroyed
*/
public KerberosPrincipal getSender() {
if (destroyed) {
throw new IllegalStateException("This object is no longer valid");
}
return sender;
}
Returns the recipient of this message.
Throws: - IllegalStateException – if the object is destroyed
Returns: the recipient
/**
* Returns the recipient of this message.
*
* @return the recipient
* @throws IllegalStateException if the object is destroyed
*/
public KerberosPrincipal getRecipient() {
if (destroyed) {
throw new IllegalStateException("This object is no longer valid");
}
return recipient;
}
Destroys this object by clearing out the message.
/**
* Destroys this object by clearing out the message.
*/
@Override
public void destroy() {
if (!destroyed) {
Arrays.fill(message, (byte)0);
destroyed = true;
}
}
@Override
public boolean isDestroyed() {
return destroyed;
}
Returns an informative textual representation of this KerberosCredMessage
. Returns: an informative textual representation of this KerberosCredMessage
.
/**
* Returns an informative textual representation of this {@code KerberosCredMessage}.
*
* @return an informative textual representation of this {@code KerberosCredMessage}.
*/
@Override
public String toString() {
if (destroyed) {
return "Destroyed KerberosCredMessage";
} else {
return "KRB_CRED from " + sender + " to " + recipient + ":\n"
+ Base64.getUrlEncoder().encodeToString(message);
}
}
Returns a hash code for this KerberosCredMessage
. Returns: a hash code for this KerberosCredMessage
.
/**
* Returns a hash code for this {@code KerberosCredMessage}.
*
* @return a hash code for this {@code KerberosCredMessage}.
*/
@Override
public int hashCode() {
if (isDestroyed()) {
return -1;
} else {
return Objects.hash(sender, recipient, Arrays.hashCode(message));
}
}
Compares the specified object with this KerberosCredMessage
for equality. Returns true if the given object is also a KerberosCredMessage
and the two KerberosCredMessage
instances are equivalent. More formally two KerberosCredMessage
instances are equal if they have equal sender, recipient, and encoded KRB_CRED messages. A destroyed KerberosCredMessage
object is only equal to itself. Params: - other – the object to compare to
Returns: true if the specified object is equal to this KerberosCredMessage
, false otherwise.
/**
* Compares the specified object with this {@code KerberosCredMessage}
* for equality. Returns true if the given object is also a
* {@code KerberosCredMessage} and the two {@code KerberosCredMessage}
* instances are equivalent. More formally two {@code KerberosCredMessage}
* instances are equal if they have equal sender, recipient, and encoded
* KRB_CRED messages.
* A destroyed {@code KerberosCredMessage} object is only equal to itself.
*
* @param other the object to compare to
* @return true if the specified object is equal to this
* {@code KerberosCredMessage}, false otherwise.
*/
@Override
public boolean equals(Object other) {
if (other == this) {
return true;
}
if (! (other instanceof KerberosCredMessage)) {
return false;
}
KerberosCredMessage otherMessage = ((KerberosCredMessage) other);
if (isDestroyed() || otherMessage.isDestroyed()) {
return false;
}
return Objects.equals(sender, otherMessage.sender)
&& Objects.equals(recipient, otherMessage.recipient)
&& Arrays.equals(message, otherMessage.message);
}
}