javax.security.auth.kerberos
Class KerberosTicket

java.lang.Object
  extended by javax.security.auth.kerberos.KerberosTicket
All Implemented Interfaces:
Serializable, Destroyable, Refreshable

public class KerberosTicket
extends Object
implements Destroyable, Serializable, Refreshable

This class represents a Kerberos ticket. See the Kerberos authentication RFC for more information: RFC 1510.

Since:
1.4
See Also:
Serialized Form

Constructor Summary
KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client, KerberosPrincipal server, byte[] key, int type, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] clientAddresses)
          Create a new ticket given all the facts about it.
 
Method Summary
 void destroy()
          Destroy this ticket.
 Date getAuthTime()
          Return the authentication time for this ticket.
 KerberosPrincipal getClient()
          Return the client principal for this ticket.
 InetAddress[] getClientAddresses()
          Return the allowable client addresses for this ticket.
 byte[] getEncoded()
          Return the encoded form of this ticket.
 Date getEndTime()
          Return the end time for this ticket.
 boolean[] getFlags()
          Return the flags for this ticket as a boolean array.
 Date getRenewTill()
          Return the renewal time for this ticket.
 KerberosPrincipal getServer()
          Return the server principal for this ticket.
 SecretKey getSessionKey()
          Return the secret key associated with this ticket.
 int getSessionKeyType()
           Returns the type of the session key in accordance with RFC1510.
 Date getStartTime()
          Return the start time for this ticket.
 boolean isCurrent()
          Return true if the ticket is currently valid.
 boolean isDestroyed()
          Return true if this ticket has been destroyed.
 boolean isForwardable()
          Return true if this ticket is forwardable.
 boolean isForwarded()
          Return true if this ticket has been forwarded.
 boolean isInitial()
          Return true if this ticket was granted by an application server, and not via a ticket-granting ticket.
 boolean isPostdated()
          Return true if this ticket was post-dated.
 boolean isProxiable()
          Return true if this ticket is proxiable.
 boolean isProxy()
          Return true if this ticket is a proxy ticket.
 boolean isRenewable()
          Return true if this ticket is renewable.
 void refresh()
          If the ticket is renewable, and the renewal time has not yet elapsed, attempt to renew the ticket.
 String toString()
          Convert this Object to a human-readable String.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

KerberosTicket

public KerberosTicket(byte[] asn1Encoding,
                      KerberosPrincipal client,
                      KerberosPrincipal server,
                      byte[] key,
                      int type,
                      boolean[] flags,
                      Date authTime,
                      Date startTime,
                      Date endTime,
                      Date renewTill,
                      InetAddress[] clientAddresses)
Create a new ticket given all the facts about it. Note that flags may be null or "short"; any flags not specified will be taken to be false. If the key is not renewable, then renewTill may be null. If authTime is null, then it is taken to be the same as startTime. If clientAddresses is null, then the ticket can be used anywhere.

Parameters:
asn1Encoding - the contents of the ticket, as ASN1
client - the client principal
server - the server principal
key - the contents of the session key
type - the type of the key
flags - an array of flags, as specified by the RFC
authTime - when the client was authenticated
startTime - starting time at which the ticket is valid
endTime - ending time, after which the ticket is invalid
renewTill - for a rewewable ticket, the time before which it must be renewed
clientAddresses - a possibly-null array of addresses where this ticket may be used
Method Detail

destroy

public void destroy()
             throws DestroyFailedException
Destroy this ticket. This discards secret information. After this method is called, other methods will throw IllegalStateException.

Specified by:
destroy in interface Destroyable
Throws:
DestroyFailedException - If this object could not be destroyed.

isDestroyed

public boolean isDestroyed()
Return true if this ticket has been destroyed.

Specified by:
isDestroyed in interface Destroyable
Returns:
True if this object has been destroyed.

isCurrent

public boolean isCurrent()
Return true if the ticket is currently valid. This is true if the system time is between the ticket's start and end times.

Specified by:
isCurrent in interface Refreshable
Returns:
Whether this object is current.

refresh

public void refresh()
             throws RefreshFailedException,
                    NotImplementedException
If the ticket is renewable, and the renewal time has not yet elapsed, attempt to renew the ticket.

Specified by:
refresh in interface Refreshable
Throws:
RefreshFailedException - if the renewal fails for any reason
NotImplementedException

getClient

public final KerberosPrincipal getClient()
Return the client principal for this ticket.


getServer

public final KerberosPrincipal getServer()
Return the server principal for this ticket.


isForwardable

public final boolean isForwardable()
Return true if this ticket is forwardable.


isForwarded

public final boolean isForwarded()
Return true if this ticket has been forwarded.


isProxiable

public final boolean isProxiable()
Return true if this ticket is proxiable.


isProxy

public final boolean isProxy()
Return true if this ticket is a proxy ticket.


isPostdated

public final boolean isPostdated()
Return true if this ticket was post-dated.


isRenewable

public final boolean isRenewable()
Return true if this ticket is renewable.


isInitial

public final boolean isInitial()
Return true if this ticket was granted by an application server, and not via a ticket-granting ticket.


getFlags

public final boolean[] getFlags()
Return the flags for this ticket as a boolean array. See the RFC to understand what the different entries mean.


getAuthTime

public final Date getAuthTime()
Return the authentication time for this ticket.


getStartTime

public final Date getStartTime()
Return the start time for this ticket.


getEndTime

public final Date getEndTime()
Return the end time for this ticket.


getRenewTill

public final Date getRenewTill()
Return the renewal time for this ticket. For a non-renewable ticket, this will return null.


getClientAddresses

public final InetAddress[] getClientAddresses()
Return the allowable client addresses for this ticket. This will return null if the ticket can be used anywhere.


getEncoded

public final byte[] getEncoded()
Return the encoded form of this ticket.


getSessionKey

public final SecretKey getSessionKey()
Return the secret key associated with this ticket.


toString

public String toString()
Description copied from class: Object
Convert this Object to a human-readable String. There are no limits placed on how long this String should be or what it should contain. We suggest you make it as intuitive as possible to be able to place it into System.out.println() and such.

It is typical, but not required, to ensure that this method never completes abruptly with a RuntimeException.

This method will be called when performing string concatenation with this object. If the result is null, string concatenation will instead use "null".

The default implementation returns getClass().getName() + "@" + Integer.toHexString(hashCode()).

Overrides:
toString in class Object
Returns:
the String representing this Object, which may be null
See Also:
Object.getClass(), Object.hashCode(), Class.getName(), Integer.toHexString(int)

getSessionKeyType

public final int getSessionKeyType()

Returns the type of the session key in accordance with RFC1510. This usually corresponds to the encryption algorithm used by the key, though more than one algorithm may use the same key type (e.g. DES with different checksum mechanisms and chaining modes). Negative values are reserved for local use. Non-negative values are for officially assigned type fields. The RFC defines:

Returns:
the type of session key used by this ticket.