org.apache.directory.server.kerberos.shared
Class KerberosUtils

java.lang.Object
  extended by org.apache.directory.server.kerberos.shared.KerberosUtils

public class KerberosUtils
extends java.lang.Object

An utility class for Kerberos.

Author:
Apache Directory Project

Field Summary
static java.util.List<java.lang.String> EMPTY_PRINCIPAL_NAME
          An empty list of principal names
static int NULL
          A constant for integer optional values
 
Constructor Summary
KerberosUtils()
           
 
Method Summary
static EncryptionType getBestEncryptionType(java.util.Set<EncryptionType> requestedTypes, java.util.Set<EncryptionType> configuredTypes)
          Get the matching encryption type from the configured types, searching into the requested types.
static java.lang.String getEncryptionTypesString(java.util.Set<EncryptionType> encryptionTypes)
          Build a list of encryptionTypes
static PrincipalStoreEntry getEntry(javax.security.auth.kerberos.KerberosPrincipal principal, PrincipalStore store, ErrorType errorType)
          Get a PrincipalStoreEntry given a principal.
static javax.security.auth.kerberos.KerberosPrincipal getKerberosPrincipal(PrincipalName principal, java.lang.String realm)
          Constructs a KerberosPrincipal from a PrincipalName and an optional realm
static java.util.List<java.lang.String> getNames(javax.security.auth.kerberos.KerberosPrincipal principal)
          Parse a KerberosPrincipal instance and return the names.
static java.util.List<java.lang.String> getNames(java.lang.String principalNames)
          Parse a PrincipalName and return the names.
static Authenticator verifyAuthHeader(ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey, long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, java.net.InetAddress clientAddress, CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate)
          Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NULL

public static final int NULL
A constant for integer optional values

See Also:
Constant Field Values

EMPTY_PRINCIPAL_NAME

public static final java.util.List<java.lang.String> EMPTY_PRINCIPAL_NAME
An empty list of principal names

Constructor Detail

KerberosUtils

public KerberosUtils()
Method Detail

getNames

public static java.util.List<java.lang.String> getNames(javax.security.auth.kerberos.KerberosPrincipal principal)
                                                 throws java.text.ParseException
Parse a KerberosPrincipal instance and return the names. The Principal name is described in RFC 1964 :

This name type corresponds to the single-string representation of a
Kerberos name. (Within the MIT Kerberos V5 implementation, such
names are parseable with the krb5_parse_name() function.) The
elements included within this name representation are as follows,
proceeding from the beginning of the string:

(1) One or more principal name components; if more than one
principal name component is included, the components are
separated by `/`. Arbitrary octets may be included within
principal name components, with the following constraints and
special considerations:

(1a) Any occurrence of the characters `@` or `/` within a
name component must be immediately preceded by the `\`
quoting character, to prevent interpretation as a component
or realm separator.

(1b) The ASCII newline, tab, backspace, and null characters
may occur directly within the component or may be
represented, respectively, by `\n`, `\t`, `\b`, or `\0`.

(1c) If the `\` quoting character occurs outside the contexts
described in (1a) and (1b) above, the following character is
interpreted literally. As a special case, this allows the
doubled representation `\\` to represent a single occurrence
of the quoting character.

(1d) An occurrence of the `\` quoting character as the last
character of a component is illegal.

(2) Optionally, a `@` character, signifying that a realm name
immediately follows. If no realm name element is included, the
local realm name is assumed. The `/` , `:`, and null characters
may not occur within a realm name; the `@`, newline, tab, and
backspace characters may be included using the quoting
conventions described in (1a), (1b), and (1c) above.

Parameters:
principal - The principal to be parsed
Returns:
The names as a List of nameComponent
Throws:
java.text.ParseException - if the name is not valid

getNames

public static java.util.List<java.lang.String> getNames(java.lang.String principalNames)
                                                 throws java.text.ParseException
Parse a PrincipalName and return the names.

Throws:
java.text.ParseException

getKerberosPrincipal

public static javax.security.auth.kerberos.KerberosPrincipal getKerberosPrincipal(PrincipalName principal,
                                                                                  java.lang.String realm)
Constructs a KerberosPrincipal from a PrincipalName and an optional realm

Parameters:
principal - The principal name and type
realm - The optional realm
Returns:
A KerberosPrincipal

getBestEncryptionType

public static EncryptionType getBestEncryptionType(java.util.Set<EncryptionType> requestedTypes,
                                                   java.util.Set<EncryptionType> configuredTypes)
Get the matching encryption type from the configured types, searching into the requested types. We returns the first we find.

Parameters:
requestedTypes - The client encryption types
configuredTypes - The configured encryption types
Returns:
The first matching encryption type.

getEncryptionTypesString

public static java.lang.String getEncryptionTypesString(java.util.Set<EncryptionType> encryptionTypes)
Build a list of encryptionTypes

Parameters:
encryptionTypes - The encryptionTypes
Returns:
A list comma separated of the encryptionTypes

getEntry

public static PrincipalStoreEntry getEntry(javax.security.auth.kerberos.KerberosPrincipal principal,
                                           PrincipalStore store,
                                           ErrorType errorType)
                                    throws KerberosException
Get a PrincipalStoreEntry given a principal. The ErrorType is used to indicate whether any resulting error pertains to a server or client.

Parameters:
principal -
store -
errorType -
Returns:
The PrincipalStoreEntry
Throws:
java.lang.Exception
KerberosException

verifyAuthHeader

public static Authenticator verifyAuthHeader(ApplicationRequest authHeader,
                                             Ticket ticket,
                                             EncryptionKey serverKey,
                                             long clockSkew,
                                             ReplayCache replayCache,
                                             boolean emptyAddressesAllowed,
                                             java.net.InetAddress clientAddress,
                                             CipherTextHandler lockBox,
                                             KeyUsage authenticatorKeyUsage,
                                             boolean isValidate)
                                      throws KerberosException
Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."

Parameters:
authHeader -
ticket -
serverKey -
clockSkew -
replayCache -
emptyAddressesAllowed -
clientAddress -
lockBox -
authenticatorKeyUsage -
isValidate -
Returns:
The authenticator.
Throws:
KerberosException


Copyright © 2003-2009 Apache Software Foundation. All Rights Reserved.