4102N/A * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * (C) Copyright IBM Corp. 1999 All Rights Reserved. 0N/A * Copyright 1997 The Open Group Research Institute. All rights reserved. 0N/A * This class encapsulates the concept of an EncryptionKey. An encryption 0N/A * key is defined in RFC 4120 as: 0N/A * EncryptionKey ::= SEQUENCE { 0N/A * keytype [0] Int32 -- actually encryption type --, 0N/A * keyvalue [1] OCTET STRING 0N/A * This field specifies the encryption type of the encryption key 0N/A * that follows in the keyvalue field. Although its name is 0N/A * "keytype", it actually specifies an encryption type. Previously, 0N/A * multiple cryptosystems that performed encryption differently but 0N/A * were capable of using keys with the same characteristics were 0N/A * permitted to share an assigned number to designate the type of 0N/A * key; this usage is now deprecated. 0N/A * This field contains the key itself, encoded as an octet string. 0N/A * Returns the raw key bytes, not in any ASN.1 encoding. 0N/A // This method cannot be called outside sun.security, hence no 0N/A // cloning. getEncoded() calls this method. 0N/A * Obtains the latest version of the secret key of 0N/A * the principal from a keytab. 0N/A * @param princ the principal whose secret key is desired 0N/A * @param keytab the path to the keytab file. A value of null 0N/A * will be accepted to indicate that the default path should be 0N/A * @returns the secret key or null if none was found. 0N/A // Replaced by acquireSecretKeys 0N/A public static EncryptionKey acquireSecretKey(PrincipalName princ, 0N/A throws KrbException, IOException { 0N/A if (princ == null) { 0N/A throw new IllegalArgumentException( 0N/A "Cannot have null pricipal name to look in keytab."); 0N/A KeyTab ktab = KeyTab.getInstance(keytab); 0N/A return ktab.readServiceKey(princ); 0N/A * Obtains all versions of the secret key of the principal from a 0N/A * @Param princ the principal whose secret key is desired 0N/A * @param keytab the path to the keytab file. A value of null 0N/A * will be accepted to indicate that the default path should be 0N/A * @returns an array of secret keys or null if none were found. 0N/A "Cannot have null pricipal name to look in keytab.");
0N/A // KeyTab getInstance(keytab) will call KeyTab.getInstance() 0N/A // if keytab is null 4391N/A * Obtains a key for a given etype of a principal with possible new salt 3054N/A * Obtains a key for a given etype with salt and optional s2kparams 3054N/A * @param s2kparams can be NULL 0N/A * Generate a list of keys using the given principal and password. 0N/A * Construct a key for each configured etype. 0N/A * Caller is responsible for clearing password. 0N/A * Usually, when keyType is decoded from ASN.1 it will contain a 0N/A * value indicating what the algorithm to be used is. However, when 0N/A * converting from a password to a key for the AS-EXCHANGE, this 0N/A * keyType will not be available. Use builtin list of default etypes 0N/A * as the default in that case. If default_tkt_enctypes was set in 0N/A // Used in Krb5AcceptCredential, self 0N/A "Key bytes cannot be null!");
0N/A * Constructs an EncryptionKey by using the specified key type and key 0N/A * value. It is used to recover the key when retrieving data from 0N/A * credential cache file. 0N/A // Used in JSSE (KerberosWrapper), Credentials, 0N/A // javax.security.auth.kerberos.KeyImpl 0N/A // Used in javax.security.auth.kerberos.KeyImpl 0N/A // validate if AES256 is enabled 0N/A * Generates a sub-sessionkey from a given session key. 0N/A // Used in KrbApRep, KrbApReq 0N/A // generate random sub-session key 0N/A // check for key parity and weak keys 0N/A // check for DES key 0N/A // fix DES key parity 0N/A // check for weak key 0N/A // check for 3DES key 0N/A // fix 3DES key parity 0N/A // check for weak keys 0N/A * Constructs an instance of EncryptionKey type. 0N/A * @param encoding a single DER-encoded value. 0N/A * @exception Asn1Exception if an error occurs while decoding an ASN1 0N/A * @exception IOException if an I/O error occurs while reading encoded 0N/A // Used in javax.security.auth.kerberos.KeyImpl 0N/A * Returns the ASN.1 encoding of this EncryptionKey. 0N/A * EncryptionKey ::= SEQUENCE { 0N/A * keytype[0] INTEGER, 0N/A * keyvalue[1] OCTET STRING } 0N/A * This definition reflects the Network Working Group RFC 4120 0N/A * specification available at 0N/A * @return byte array of encoded EncryptionKey object. 0N/A * @exception Asn1Exception if an error occurs while decoding an ASN1 0N/A * @exception IOException if an I/O error occurs while reading encoded 0N/A * Parse (unmarshal) an Encryption key from a DER input stream. This form 0N/A * parsing might be used when expanding a value which is part of 0N/A * a constructed sequence and uses explicitly tagged type. 0N/A * @param data the Der input stream value, which contains one or more 0N/A * @param explicitTag tag number. 0N/A * @param optional indicate if this data field is optional 0N/A * @exception Asn1Exception if an error occurs while decoding an ASN1 0N/A * @exception IOException if an I/O error occurs while reading encoded 0N/A * @return an instance of EncryptionKey. 0N/A * Writes key value in FCC format to a <code>CCacheOutputStream</code>. 0N/A * @param cos a <code>CCacheOutputStream</code> to be written to. 0N/A * @exception IOException if an I/O exception occurs. 0N/A * @see sun.security.krb5.internal.ccache.CCacheOutputStream 0N/A // we use KRB5_FCC_FVNO_3 0N/A +
" keyValue (hex dump)=" 1802N/A * Find a key with given etype 2035N/A * Determines if a kvno matches another kvno. Used in the method 2035N/A * findKey(type, kvno, keys). Always returns true if either input 2035N/A * is null or zero, in case any side does not have kvno info available. 2035N/A * Note: zero is included because N/A is not a legal value for kvno 2035N/A * in javax.security.auth.kerberos.KerberosKey. Therefore, the info 2035N/A * that the kvno is N/A might be lost when converting between this 1802N/A * Find a key with given etype and kvno 1802N/A * @param kvno if null, return any (first?) key 0N/A // check if encryption type is supported 0N/A // allow DES key to be used for the DES etypes