81 }
82
83 public final Integer getKeyVersionNumber() {
84 return kvno;
85 }
86
87 /**
88 * Returns the raw key bytes, not in any ASN.1 encoding.
89 */
90 public final byte[] getBytes() {
91 // This method cannot be called outside sun.security, hence no
92 // cloning. getEncoded() calls this method.
93 return keyValue;
94 }
95
96 public synchronized Object clone() {
97 return new EncryptionKey(keyValue, keyType, kvno);
98 }
99
100 /**
101 * Obtains the latest version of the secret key of
102 * the principal from a keytab.
103 *
104 * @param princ the principal whose secret key is desired
105 * @param keytab the path to the keytab file. A value of null
106 * will be accepted to indicate that the default path should be
107 * searched.
108 * @returns the secret key or null if none was found.
109 */
110 /*
111 // Replaced by acquireSecretKeys
112 public static EncryptionKey acquireSecretKey(PrincipalName princ,
113 String keytab)
114 throws KrbException, IOException {
115
116 if (princ == null) {
117 throw new IllegalArgumentException(
118 "Cannot have null pricipal name to look in keytab.");
119 }
120
121 KeyTab ktab = KeyTab.getInstance(keytab);
122
123 if (ktab == null)
124 return null;
125
126 return ktab.readServiceKey(princ);
127 }
128 */
129
130 /**
131 * Obtains all versions of the secret key of the principal from a
132 * keytab.
133 *
134 * @Param princ the principal whose secret key is desired
135 * @param keytab the path to the keytab file. A value of null
136 * will be accepted to indicate that the default path should be
137 * searched.
138 * @returns an array of secret keys or null if none were found.
139 */
140 public static EncryptionKey[] acquireSecretKeys(PrincipalName princ,
141 String keytab) {
142
143 if (princ == null)
144 throw new IllegalArgumentException(
145 "Cannot have null pricipal name to look in keytab.");
146
147 // KeyTab getInstance(keytab) will call KeyTab.getInstance()
148 // if keytab is null
149 KeyTab ktab = KeyTab.getInstance(keytab);
150 return ktab.readServiceKeys(princ);
191 etype, null);
192 }
193
194 /**
195 * Generate a list of keys using the given principal and password.
196 * Construct a key for each configured etype.
197 * Caller is responsible for clearing password.
198 */
199 /*
200 * Usually, when keyType is decoded from ASN.1 it will contain a
201 * value indicating what the algorithm to be used is. However, when
202 * converting from a password to a key for the AS-EXCHANGE, this
203 * keyType will not be available. Use builtin list of default etypes
204 * as the default in that case. If default_tkt_enctypes was set in
205 * the libdefaults of krb5.conf, then use that sequence.
206 */
207 public static EncryptionKey[] acquireSecretKeys(char[] password,
208 String salt) throws KrbException {
209
210 int[] etypes = EType.getDefaults("default_tkt_enctypes");
211 if (etypes == null) {
212 etypes = EType.getBuiltInDefaults();
213 }
214
215 EncryptionKey[] encKeys = new EncryptionKey[etypes.length];
216 for (int i = 0; i < etypes.length; i++) {
217 if (EType.isSupported(etypes[i])) {
218 encKeys[i] = new EncryptionKey(
219 stringToKey(password, salt, null, etypes[i]),
220 etypes[i], null);
221 } else {
222 if (DEBUG) {
223 System.out.println("Encryption Type " +
224 EType.toString(etypes[i]) +
225 " is not supported/enabled");
226 }
227 }
228 }
229 return encKeys;
230 }
231
232 // Used in Krb5AcceptCredential, self
233 public EncryptionKey(byte[] keyValue,
|
81 }
82
83 public final Integer getKeyVersionNumber() {
84 return kvno;
85 }
86
87 /**
88 * Returns the raw key bytes, not in any ASN.1 encoding.
89 */
90 public final byte[] getBytes() {
91 // This method cannot be called outside sun.security, hence no
92 // cloning. getEncoded() calls this method.
93 return keyValue;
94 }
95
96 public synchronized Object clone() {
97 return new EncryptionKey(keyValue, keyType, kvno);
98 }
99
100 /**
101 * Obtains all versions of the secret key of the principal from a
102 * keytab.
103 *
104 * @Param princ the principal whose secret key is desired
105 * @param keytab the path to the keytab file. A value of null
106 * will be accepted to indicate that the default path should be
107 * searched.
108 * @returns an array of secret keys or null if none were found.
109 */
110 public static EncryptionKey[] acquireSecretKeys(PrincipalName princ,
111 String keytab) {
112
113 if (princ == null)
114 throw new IllegalArgumentException(
115 "Cannot have null pricipal name to look in keytab.");
116
117 // KeyTab getInstance(keytab) will call KeyTab.getInstance()
118 // if keytab is null
119 KeyTab ktab = KeyTab.getInstance(keytab);
120 return ktab.readServiceKeys(princ);
161 etype, null);
162 }
163
164 /**
165 * Generate a list of keys using the given principal and password.
166 * Construct a key for each configured etype.
167 * Caller is responsible for clearing password.
168 */
169 /*
170 * Usually, when keyType is decoded from ASN.1 it will contain a
171 * value indicating what the algorithm to be used is. However, when
172 * converting from a password to a key for the AS-EXCHANGE, this
173 * keyType will not be available. Use builtin list of default etypes
174 * as the default in that case. If default_tkt_enctypes was set in
175 * the libdefaults of krb5.conf, then use that sequence.
176 */
177 public static EncryptionKey[] acquireSecretKeys(char[] password,
178 String salt) throws KrbException {
179
180 int[] etypes = EType.getDefaults("default_tkt_enctypes");
181
182 EncryptionKey[] encKeys = new EncryptionKey[etypes.length];
183 for (int i = 0; i < etypes.length; i++) {
184 if (EType.isSupported(etypes[i])) {
185 encKeys[i] = new EncryptionKey(
186 stringToKey(password, salt, null, etypes[i]),
187 etypes[i], null);
188 } else {
189 if (DEBUG) {
190 System.out.println("Encryption Type " +
191 EType.toString(etypes[i]) +
192 " is not supported/enabled");
193 }
194 }
195 }
196 return encKeys;
197 }
198
199 // Used in Krb5AcceptCredential, self
200 public EncryptionKey(byte[] keyValue,
|