public class KerberosUtils extends Object
Modifier and Type | Field and Description |
---|---|
static List<String> |
EMPTY_PRINCIPAL_NAME
An empty list of principal names
|
static int |
NULL
A constant for integer optional values
|
static SimpleDateFormat |
UTC_DATE_FORMAT
Defines a default date format with a "yyyyMMddHHmmss'Z'" pattern
|
static TimeZone |
UTC_TIME_ZONE |
Constructor and Description |
---|
KerberosUtils() |
Modifier and Type | Method and Description |
---|---|
static String |
getAlgoNameFromEncType(EncryptionType encType) |
static EncryptionType |
getBestEncryptionType(Set<EncryptionType> requestedTypes,
Set<EncryptionType> configuredTypes)
Get the matching encryption type from the configured types, searching
into the requested types.
|
static String |
getEncryptionTypesString(Set<EncryptionType> encryptionTypes)
Build a list of encryptionTypes
|
static PrincipalStoreEntry |
getEntry(KerberosPrincipal principal,
PrincipalStore store,
ErrorType errorType)
Get a PrincipalStoreEntry given a principal.
|
static KerberosPrincipal |
getKerberosPrincipal(PrincipalName principal,
String realm)
Constructs a KerberosPrincipal from a PrincipalName and an
optional realm
|
static List<String> |
getNames(KerberosPrincipal principal)
Parse a KerberosPrincipal instance and return the names.
|
static List<String> |
getNames(String principalNames)
Parse a PrincipalName and return the names.
|
static boolean |
isKerberosString(byte[] value) |
static boolean |
isNewEncryptionType(EncryptionType eType)
checks if the given encryption type is *new* (ref sec#3.1.3 of rfc4120)
|
static Set<EncryptionType> |
orderEtypesByStrength(Set<EncryptionType> etypes)
Order a list of EncryptionType in a decreasing strength order
|
static Authenticator |
verifyAuthHeader(ApReq authHeader,
Ticket ticket,
EncryptionKey serverKey,
long clockSkew,
ReplayCache replayCache,
boolean emptyAddressesAllowed,
InetAddress clientAddress,
CipherTextHandler lockBox,
KeyUsage authenticatorKeyUsage,
boolean isValidate)
Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."
|
public static final int NULL
public static final List<String> EMPTY_PRINCIPAL_NAME
public static final TimeZone UTC_TIME_ZONE
public static final SimpleDateFormat UTC_DATE_FORMAT
public KerberosUtils()
public static List<String> getNames(KerberosPrincipal principal) throws ParseException
principal
- The principal to be parsedParseException
- if the name is not validpublic static List<String> getNames(String principalNames) throws ParseException
ParseException
public static KerberosPrincipal getKerberosPrincipal(PrincipalName principal, String realm)
principal
- The principal name and typerealm
- The optional realmpublic static EncryptionType getBestEncryptionType(Set<EncryptionType> requestedTypes, Set<EncryptionType> configuredTypes)
requestedTypes
- The client encryption typesconfiguredTypes
- The configured encryption typespublic static String getEncryptionTypesString(Set<EncryptionType> encryptionTypes)
encryptionTypes
- The encryptionTypespublic static boolean isKerberosString(byte[] value)
public static String getAlgoNameFromEncType(EncryptionType encType)
public static Set<EncryptionType> orderEtypesByStrength(Set<EncryptionType> etypes)
etypes
- The ETypes to orderpublic static PrincipalStoreEntry getEntry(KerberosPrincipal principal, PrincipalStore store, ErrorType errorType) throws KerberosException
KerberosException
public static Authenticator verifyAuthHeader(ApReq authHeader, Ticket ticket, EncryptionKey serverKey, long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress, CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate) throws KerberosException
authHeader
- ticket
- serverKey
- clockSkew
- replayCache
- emptyAddressesAllowed
- clientAddress
- lockBox
- authenticatorKeyUsage
- isValidate
- KerberosException
public static boolean isNewEncryptionType(EncryptionType eType)
eType
- the encryption typeCopyright © 2003–2020 The Apache Software Foundation. All rights reserved.