/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Implements the krb5 initiator credential element.
*
* @author Mayank Upadhyay
* @author Ram Marti
* @since 1.4
*/
public class Krb5InitCredential
extends KerberosTicket
implements Krb5CredElement {
byte[] asn1Encoding,
byte[] sessionKey,
int keyType,
boolean[] flags,
throws GSSException {
super(asn1Encoding,
try {
// Cache this for later use by the sun.security.krb5 package.
} catch (KrbException e) {
e.getMessage());
} catch (IOException e) {
e.getMessage());
}
}
byte[] asn1Encoding,
byte[] sessionKey,
int keyType,
boolean[] flags,
throws GSSException {
super(asn1Encoding,
// A delegated cred does not have all fields set. So do not try to
// creat new Credentials out of the delegatedCred.
this.krb5Credentials = delegatedCred;
}
int initLifetime)
throws GSSException {
"Failed to find any Kerberos tgt");
}
return new Krb5InitCredential(name,
tgt.getEncoded(),
tgt.getAuthTime(),
tgt.getStartTime(),
tgt.getEndTime(),
tgt.getRenewTill(),
}
throws GSSException {
/*
* all of the following data is optional in a KRB-CRED
* messages. This check for each field.
*/
}
// XXX Compare name to credName
server =
}
return new Krb5InitCredential(credName,
}
/**
* Returns the principal name for this credential. The name
* is in mechanism specific format.
*
* @return GSSNameSpi representing principal name of this credential
* @exception GSSException may be thrown
*/
return name;
}
/**
* Returns the init lifetime remaining.
*
* @return the init lifetime remaining in seconds
* @exception GSSException may be thrown
*/
int retVal = 0;
return retVal/1000;
}
/**
* Returns the accept lifetime remaining.
*
* @return the accept lifetime remaining in seconds
* @exception GSSException may be thrown
*/
return 0;
}
return true;
}
return false;
}
/**
* Returns the oid representing the underlying credential
* mechanism oid.
*
* @return the Oid for this credential mechanism
* @exception GSSException may be thrown
*/
return Krb5MechFactory.GSS_KRB5_MECH_OID;
}
return Krb5MechFactory.PROVIDER;
}
/**
* Returns a sun.security.krb5.Credentials instance so that it maybe
* used in that package for th Kerberos protocol.
*/
return krb5Credentials;
}
/*
* XXX Call to this.refresh() should refresh the locally cached copy
* of krb5Credentials also.
*/
/**
* Called to invalidate this credential element.
*/
try {
destroy();
"Could not destroy credentials - " + e.getMessage());
}
}
// XXX call to this.destroy() should destroy the locally cached copy
// of krb5Credentials and then call super.destroy().
int initLifetime)
throws GSSException {
/*
* Find the TGT for the realm that the client is in. If the client
* name is not available, then use the default realm.
*/
} else {
try {
} catch (KrbException e) {
"Attempt to obtain INITIATE credentials failed!" +
throw ge;
}
}
try {
: caller;
return AccessController.doPrivileged(
new PrivilegedExceptionAction<KerberosTicket>() {
}});
} catch (PrivilegedActionException e) {
"Attempt to obtain new INITIATE credentials failed!" +
throw ge;
}
}
}