1. /*

  2.  * @(#)KerberosKey.java	1.13 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7.   

  8. package javax.security.auth.kerberos;

  9. 

  10. import javax.crypto.SecretKey;

  11. import javax.security.auth.Destroyable;

  12. import javax.security.auth.DestroyFailedException;

  13. 

  14. /**

  15.  * This class encapsulates a long term secret key for a Kerberos

  16.  * principal.<p>

  17.  *

  18.  * All Kerberos JAAS login modules that obtain a principal's password and

  19.  * generate the secret key from it should use this class. Where available,

  20.  * the login module might even read this secret key directly from a

  21.  * Kerberos "keytab". Sometimes, such as when authenticating a server in

  22.  * the absence of user-to-user authentication, the login module will store 

  23.  * an instance of this class in the private credential set of a

  24.  * {@link javax.security.auth.Subject Subject} during the commit phase of the

  25.  * authentication process.<p>

  26.  *

  27.  * It might be necessary for the application to be granted a

  28.  * {@link javax.security.auth.PrivateCredentialPermission 

  29.  * PrivateCredentialPermission} if it needs to access the KerberosKey

  30.  * instance from a Subject. This permission is not needed when the 

  31.  * application depends on the default JGSS Kerberos mechanism to access the 

  32.  * KerberosKey. In that case, however, the application will need an 

  33.  * appropriate 

  34.  * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.

  35.  *

  36.  * @author Mayank Upadhyay

  37.  * @version 1.13, 01/23/03

  38.  * @since 1.4

  39.  */

  40. public class KerberosKey implements SecretKey, Destroyable {

  41. 

  42. 

  43.    /**

  44.      * The principal that this secret key belongs to.

  45.      *

  46.      * @serial

  47.      */

  48.     private KerberosPrincipal principal;

  49. 

  50.    /**

  51.      * the version number of this secret key

  52.      *

  53.      * @serial

  54.      */

  55.     private int versionNum;

  56. 

  57.    /**

  58.     * <code>KeyImpl</code> is serialized by writing out the ASN1 Encoded bytes 

  59.     *			of the 	encryption key. The ASN1 encoding is defined in 

  60.     *			RFC1510 and as  follows:

  61.     *			<pre>

  62.     *			EncryptionKey ::=   SEQUENCE {

  63.     *				keytype[0]    INTEGER,

  64.     *				keyvalue[1]   OCTET STRING    	

  65.     *				}

  66.     *			</pre>

  67.     *

  68.     * @serial

  69.     */

  70. 

  71.     private KeyImpl key;

  72.     private transient boolean destroyed = false;

  73. 

  74.     /**

  75.      * Constructs a KerberosKey from the given bytes when the key type and

  76.      * key version number are known. This can used when reading the secret

  77.      * key information from a Kerberos "keytab".

  78.      * 

  79.      * @param principal the principal that this secret key belongs to

  80.      * @param keyBytes the raw bytes for the secret key

  81.      * @param keyType the key type for the secret key as defined by the

  82.      * Kerberos protocol specification.

  83.      * @param versionNum the version number of this secret key

  84.      */

  85.     public KerberosKey(KerberosPrincipal principal,

  86. 		       byte[] keyBytes, 

  87. 		       int keyType,

  88. 		       int versionNum) {

  89. 	this.principal = principal;

  90. 	this.versionNum = versionNum;

  91. 	key = new KeyImpl(keyBytes, keyType);

  92.     }

  93. 

  94.     /**

  95.      * Constructs a KerberosKey from a principal's password.

  96.      *

  97.      * @param principal the principal that this password belongs to

  98.      * @param password the password that should be used to compute the key

  99.      * @param algorithm the name for the algorithm that this key wil be

  100.      * used for. This parameter may be null in which case "DES" will be

  101.      * assumed.

  102.      */

  103.     public KerberosKey(KerberosPrincipal principal,

  104. 		       char[] password,

  105. 		       String algorithm) {

  106. 

  107. 	this.principal = principal;

  108. 	// Pass principal in for salt

  109. 	key = new KeyImpl(principal, password, algorithm);

  110.     }

  111. 

  112.     /**

  113.      * Returns the principal that this key belongs to.

  114.      *

  115.      * @return the principal this key belongs to.

  116.      */

  117.     public final KerberosPrincipal getPrincipal() {

  118. 	if (destroyed)

  119. 	    throw new IllegalStateException("This key is no longer valid");

  120. 	return principal;

  121.     }

  122. 

  123.     /**

  124.      * Returns the key version number.

  125.      *

  126.      * @return the key version number.

  127.      */

  128.     public final int getVersionNumber() {

  129. 	if (destroyed)

  130. 	    throw new IllegalStateException("This key is no longer valid");

  131. 	return versionNum;

  132.     }

  133. 

  134.     /**

  135.      * Returns the key type for this long-term key.

  136.      *

  137.      * @return the key type.

  138.      */

  139.     public final int getKeyType() {

  140. 	if (destroyed)

  141. 	    throw new IllegalStateException("This key is no longer valid");

  142. 	return key.getKeyType();

  143.     }

  144. 

  145.     /*

  146.      * Methods from java.security.Key

  147.      */

  148.     

  149.     /** 

  150.      * Returns the standard algorithm name for this key. For 

  151.      * example, "DES" would indicate that this key is a DES key. 

  152.      * See Appendix A in the <a href= 

  153.      * "../../../../../guide/security/CryptoSpec.html#AppA"> 

  154.      * Java Cryptography Architecture API Specification & Reference

  155.      * </a> 

  156.      * for information about standard algorithm names.

  157.      * 

  158.      * @return the name of the algorithm associated with this key.

  159.      */

  160.     public final String getAlgorithm() {

  161. 	if (destroyed)

  162. 	    throw new IllegalStateException("This key is no longer valid");

  163. 	return key.getAlgorithm();

  164.     }

  165.     

  166.     /**

  167.      * Returns the name of the encoding format for this secret key.

  168.      *

  169.      * @return the String "RAW"

  170.      */

  171.     public final String getFormat() {

  172. 	if (destroyed)

  173. 	    throw new IllegalStateException("This key is no longer valid");

  174. 	return key.getFormat();

  175.     }

  176.     

  177.     /**

  178.      * Returns the key material of this secret key.

  179.      *

  180.      * @return the key material

  181.      */

  182.     public final byte[] getEncoded() {

  183. 	if (destroyed)

  184. 	    throw new IllegalStateException("This key is no longer valid");

  185. 	return key.getEncoded();

  186.     }

  187. 

  188.     /**

  189.      * Destroys this key. A call to any of its other methods after this

  190.      * will cause an  IllegalStateException to be thrown.

  191.      *

  192.      * @throws DestroyFailedException if some error occurs while destorying 

  193.      * this key.

  194.      */

  195.     public void destroy() throws DestroyFailedException {

  196. 	if (!destroyed) {

  197. 	    key.destroy();

  198. 	    principal = null;

  199. 	    destroyed = true;

  200. 	}

  201.     }

  202. 

  203. 

  204.     /** Determines if this key has been destroyed.*/

  205.     public boolean isDestroyed() {

  206. 	return destroyed;

  207.     }

  208.    

  209.    public String toString() {

  210. 

  211. 	return "Kerberos Principal " + principal.toString() +

  212. 		"Key Version " + versionNum +

  213. 		"key "	+ key.toString();

  214.    }

  215. 

  216. }