/*
 * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package javax.security.auth.kerberos;

import javax.security.auth.Destroyable;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;

This class encapsulates a Kerberos 5 KRB_CRED message which can be used to send Kerberos credentials from one principal to another.

A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol Specification (RFC 4120) as:

   KRB-CRED        ::= [APPLICATION 22] SEQUENCE {
           pvno            [0] INTEGER (5),
           msg-type        [1] INTEGER (22),
           tickets         [2] SEQUENCE OF Ticket,
           enc-part        [3] EncryptedData -- EncKrbCredPart
   }
Since:9
/** * This class encapsulates a Kerberos 5 KRB_CRED message which can be used to * send Kerberos credentials from one principal to another.<p> * * A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as: * <pre> * KRB-CRED ::= [APPLICATION 22] SEQUENCE { * pvno [0] INTEGER (5), * msg-type [1] INTEGER (22), * tickets [2] SEQUENCE OF Ticket, * enc-part [3] EncryptedData -- EncKrbCredPart * } * </pre> * * @since 9 */
public final class KerberosCredMessage implements Destroyable { final private KerberosPrincipal sender; final private KerberosPrincipal recipient; final private byte[] message; private boolean destroyed = false;
Constructs a KerberosCredMessage object.

The contents of the message argument are copied; subsequent modification of the byte array does not affect the newly created object.

Params:
  • sender – the sender of the message
  • recipient – the recipient of the message
  • message – the DER encoded KRB_CRED message
Throws:
/** * Constructs a {@code KerberosCredMessage} object. * <p> * The contents of the {@code message} argument are copied; subsequent * modification of the byte array does not affect the newly created object. * * @param sender the sender of the message * @param recipient the recipient of the message * @param message the DER encoded KRB_CRED message * @throws NullPointerException if any of sender, recipient * or message is null */
public KerberosCredMessage(KerberosPrincipal sender, KerberosPrincipal recipient, byte[] message) { this.sender = Objects.requireNonNull(sender); this.recipient = Objects.requireNonNull(recipient); this.message = Objects.requireNonNull(message).clone(); }
Returns the DER encoded form of the KRB_CRED message.
Throws:
Returns:a newly allocated byte array that contains the encoded form
/** * Returns the DER encoded form of the KRB_CRED message. * * @return a newly allocated byte array that contains the encoded form * @throws IllegalStateException if the object is destroyed */
public byte[] getEncoded() { if (destroyed) { throw new IllegalStateException("This object is no longer valid"); } return message.clone(); }
Returns the sender of this message.
Throws:
Returns:the sender
/** * Returns the sender of this message. * * @return the sender * @throws IllegalStateException if the object is destroyed */
public KerberosPrincipal getSender() { if (destroyed) { throw new IllegalStateException("This object is no longer valid"); } return sender; }
Returns the recipient of this message.
Throws:
Returns:the recipient
/** * Returns the recipient of this message. * * @return the recipient * @throws IllegalStateException if the object is destroyed */
public KerberosPrincipal getRecipient() { if (destroyed) { throw new IllegalStateException("This object is no longer valid"); } return recipient; }
Destroys this object by clearing out the message.
/** * Destroys this object by clearing out the message. */
@Override public void destroy() { if (!destroyed) { Arrays.fill(message, (byte)0); destroyed = true; } } @Override public boolean isDestroyed() { return destroyed; }
Returns an informative textual representation of this KerberosCredMessage.
Returns:an informative textual representation of this KerberosCredMessage.
/** * Returns an informative textual representation of this {@code KerberosCredMessage}. * * @return an informative textual representation of this {@code KerberosCredMessage}. */
@Override public String toString() { if (destroyed) { return "Destroyed KerberosCredMessage"; } else { return "KRB_CRED from " + sender + " to " + recipient + ":\n" + Base64.getUrlEncoder().encodeToString(message); } }
Returns a hash code for this KerberosCredMessage.
Returns:a hash code for this KerberosCredMessage.
/** * Returns a hash code for this {@code KerberosCredMessage}. * * @return a hash code for this {@code KerberosCredMessage}. */
@Override public int hashCode() { if (isDestroyed()) { return -1; } else { return Objects.hash(sender, recipient, Arrays.hashCode(message)); } }
Compares the specified object with this KerberosCredMessage for equality. Returns true if the given object is also a KerberosCredMessage and the two KerberosCredMessage instances are equivalent. More formally two KerberosCredMessage instances are equal if they have equal sender, recipient, and encoded KRB_CRED messages. A destroyed KerberosCredMessage object is only equal to itself.
Params:
  • other – the object to compare to
Returns:true if the specified object is equal to this KerberosCredMessage, false otherwise.
/** * Compares the specified object with this {@code KerberosCredMessage} * for equality. Returns true if the given object is also a * {@code KerberosCredMessage} and the two {@code KerberosCredMessage} * instances are equivalent. More formally two {@code KerberosCredMessage} * instances are equal if they have equal sender, recipient, and encoded * KRB_CRED messages. * A destroyed {@code KerberosCredMessage} object is only equal to itself. * * @param other the object to compare to * @return true if the specified object is equal to this * {@code KerberosCredMessage}, false otherwise. */
@Override public boolean equals(Object other) { if (other == this) { return true; } if (! (other instanceof KerberosCredMessage)) { return false; } KerberosCredMessage otherMessage = ((KerberosCredMessage) other); if (isDestroyed() || otherMessage.isDestroyed()) { return false; } return Objects.equals(sender, otherMessage.sender) && Objects.equals(recipient, otherMessage.recipient) && Arrays.equals(message, otherMessage.message); } }