Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools Web Services Security Java API Reference
11g (11.1.1)
E10678-02
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.xmlsec.wss.kerberos
Class KerberosUtils

java.lang.Object
  extended by oracle.security.xmlsec.wss.kerberos.KerberosUtils

public class KerberosUtils
extends java.lang.Object

Utility methods for use with Java GSS API.

Constructor Summary
KerberosUtils()
           

 

Method Summary
static javax.crypto.SecretKey getSessionKey(org.ietf.jgss.GSSContext context)
          Get the kerberos session key stored inside this GSSContext.
static javax.crypto.SecretKey getSessionKey(java.lang.String sname, char[] passwd, byte[] ap_req)
          Use the string to key algorithm defined in kerberos specs to derive the service's key from the service's principal and password, and then use the service key to decrypt the message
static javax.crypto.SecretKey getSessionKey(javax.security.auth.Subject subject, byte[] ap_req)
          Get the session key that the service should use to decrypt messages sent by the client.
static javax.crypto.SecretKey getSessionKey(javax.security.auth.Subject subject, java.lang.String svcPrincipalName)
          Get the kerberos session key that the client should use to talk to the service.
static javax.crypto.SecretKey getSessionKey2(javax.security.auth.Subject subject, byte[] ap_req)
          Get the session key that the service should use to decrypt messages sent by the client.

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Constructor Detail

KerberosUtils

public KerberosUtils()

Method Detail

getSessionKey

public static javax.crypto.SecretKey getSessionKey(javax.security.auth.Subject subject,
                                                   java.lang.String svcPrincipalName)
Get the kerberos session key that the client should use to talk to the service. Call this after doing an initSecContext on the client side.
Parameters:
subject - the client's subject
svcPrincipalName - fully qualified service name, i.e. with realm
Returns:

getSessionKey

public static javax.crypto.SecretKey getSessionKey(org.ietf.jgss.GSSContext context)
                                            throws java.lang.ClassNotFoundException,
                                                   java.lang.NoSuchFieldException,
                                                   java.lang.NoSuchMethodException,
                                                   java.lang.IllegalAccessException,
                                                   java.lang.reflect.InvocationTargetException
Get the kerberos session key stored inside this GSSContext. Can be used both on the client side and the server side, but it internally uses calls private APIs of Sun's Kerberos Implementation. Will throw an IllegalAccessException if the SecurityManager is turned on, in that case use the other getSessionKey methods
Parameters:
context -
Returns:
Throws:
java.lang.ClassNotFoundException
java.lang.NoSuchFieldException
java.lang.NoSuchMethodException
java.lang.IllegalAccessException
java.lang.reflect.InvocationTargetException

getSessionKey2

public static javax.crypto.SecretKey getSessionKey2(javax.security.auth.Subject subject,
                                                    byte[] ap_req)
                                             throws org.ietf.jgss.GSSException
Get the session key that the service should use to decrypt messages sent by the client. Call this after doing an acceptSecContext. It internally uses public APIs of Sun's Kerberos implementation to parse the ap_req packet, and decrypt the ticket preset inside it, and return the session key from the decrypted ticket.
Parameters:
subject - the service's subject
ap_req - the ap_req packet sent by the client.
Returns:
Throws:
org.ietf.jgss.GSSException

getSessionKey

public static javax.crypto.SecretKey getSessionKey(javax.security.auth.Subject subject,
                                                   byte[] ap_req)
                                            throws java.io.IOException
Get the session key that the service should use to decrypt messages sent by the client. It internally use the KrbParser to parse the message and then uses the KrbDecryptor to decrypt the message
Parameters:
subject - the service's subject
ap_req - the ap_req packet sent by the client.
Returns:
Throws:
org.ietf.jgss.GSSException
java.io.IOException

getSessionKey

public static javax.crypto.SecretKey getSessionKey(java.lang.String sname,
                                                   char[] passwd,
                                                   byte[] ap_req)
                                            throws java.io.IOException
Use the string to key algorithm defined in kerberos specs to derive the service's key from the service's principal and password, and then use the service key to decrypt the message
Parameters:
sname - the service's principal
passwd - the service's password
ap_req - the ap_req packet sent by the client.
Returns:
Throws:
java.io.IOException

Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools Web Services Security Java API Reference
11g (11.1.1)
E10678-02
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2005, 2009, Oracle. All rights reserved.