/* * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.security.auth.kerberos; import javax.security.auth.Destroyable; import java.util.Arrays; import java.util.Base64; import java.util.Objects; /** * This class encapsulates a Kerberos 5 KRB_CRED message which can be used to * send Kerberos credentials from one principal to another.

* * A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol * Specification (RFC 4120) as: * 

 *    KRB-CRED        ::= [APPLICATION 22] SEQUENCE {
 *            pvno            [0] INTEGER (5),
 *            msg-type        [1] INTEGER (22),
 *            tickets         [2] SEQUENCE OF Ticket,
 *            enc-part        [3] EncryptedData -- EncKrbCredPart
 *    }
 *
* * @since 9 */ public final class KerberosCredMessage implements Destroyable { final private KerberosPrincipal sender; final private KerberosPrincipal recipient; final private byte[] message; private boolean destroyed = false; /** * Constructs a {@code KerberosCredMessage} object. *

* The contents of the {@code message} argument are copied; subsequent * modification of the byte array does not affect the newly created object. * * @param sender the sender of the message * @param recipient the recipient of the message * @param message the DER encoded KRB_CRED message * @throws NullPointerException if any of sender, recipient * or message is null */ public KerberosCredMessage(KerberosPrincipal sender, KerberosPrincipal recipient, byte[] message) { this.sender = Objects.requireNonNull(sender); this.recipient = Objects.requireNonNull(recipient); this.message = Objects.requireNonNull(message).clone(); } /** * Returns the DER encoded form of the KRB_CRED message. * * @return a newly allocated byte array that contains the encoded form * @throws IllegalStateException if the object is destroyed */ public byte[] getEncoded() { if (destroyed) { throw new IllegalStateException("This object is no longer valid"); } return message.clone(); } /** * Returns the sender of this message. * * @return the sender * @throws IllegalStateException if the object is destroyed */ public KerberosPrincipal getSender() { if (destroyed) { throw new IllegalStateException("This object is no longer valid"); } return sender; } /** * Returns the recipient of this message. * * @return the recipient * @throws IllegalStateException if the object is destroyed */ public KerberosPrincipal getRecipient() { if (destroyed) { throw new IllegalStateException("This object is no longer valid"); } return recipient; } /** * Destroys this object by clearing out the message. */ @Override public void destroy() { if (!destroyed) { Arrays.fill(message, (byte)0); destroyed = true; } } @Override public boolean isDestroyed() { return destroyed; } /** * Returns an informative textual representation of this {@code KerberosCredMessage}. * * @return an informative textual representation of this {@code KerberosCredMessage}. */ @Override public String toString() { if (destroyed) { return "Destroyed KerberosCredMessage"; } else { return "KRB_CRED from " + sender + " to " + recipient + ":\n" + Base64.getUrlEncoder().encodeToString(message); } } /** * Returns a hash code for this {@code KerberosCredMessage}. * * @return a hash code for this {@code KerberosCredMessage}. */ @Override public int hashCode() { if (isDestroyed()) { return -1; } else { return Objects.hash(sender, recipient, Arrays.hashCode(message)); } } /** * Compares the specified object with this {@code KerberosCredMessage} * for equality. Returns true if the given object is also a * {@code KerberosCredMessage} and the two {@code KerberosCredMessage} * instances are equivalent. More formally two {@code KerberosCredMessage} * instances are equal if they have equal sender, recipient, and encoded * KRB_CRED messages. * A destroyed {@code KerberosCredMessage} object is only equal to itself. * * @param other the object to compare to * @return true if the specified object is equal to this * {@code KerberosCredMessage}, false otherwise. */ @Override public boolean equals(Object other) { if (other == this) { return true; } if (! (other instanceof KerberosCredMessage)) { return false; } KerberosCredMessage otherMessage = ((KerberosCredMessage) other); if (isDestroyed() || otherMessage.isDestroyed()) { return false; } return Objects.equals(sender, otherMessage.sender) && Objects.equals(recipient, otherMessage.recipient) && Arrays.equals(message, otherMessage.message); } }