Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (101)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (309)
Collections:
Other Resources:
JDK 17 java.security.jgss.jmod - Security JGSS Module
JDK 17 java.security.jgss.jmod is the JMOD file for JDK 17 Security JGSS (Java Generic Security Service) module.
JDK 17 Security JGSS module compiled class files are stored in \fyicenter\jdk-17.0.5\jmods\java.security.jgss.jmod.
JDK 17 Security JGSS module compiled class files are also linked and stored in the \fyicenter\jdk-17.0.5\lib\modules JImage file.
JDK 17 Security JGSS module source code files are stored in \fyicenter\jdk-17.0.5\lib\src.zip\java.security.jgss.
You can click and view the content of each source code file in the list below.
✍: FYIcenter
⏎ sun/security/jgss/krb5/ServiceCreds.java
/* * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. * * * * * * * * * * * * * * * * * * * * */ package sun.security.jgss.krb5; import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KeyTab; import javax.security.auth.Subject; import sun.security.krb5.Credentials; import sun.security.krb5.EncryptionKey; import sun.security.krb5.KrbException; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.Set; import sun.security.krb5.*; import sun.security.krb5.internal.Krb5; /** * Credentials of a kerberos acceptor. A KerberosPrincipal object (kp) is * the principal. It can be specified as the serverPrincipal argument * in the getInstance() method, or uses only KerberosPrincipal in the subject. * Otherwise, the creds object is unbound and kp is null. * * The class also encapsulates various secrets, which can be: * * 1. Some KerberosKeys (generated from password) * 2. Some KeyTabs (for a typical service based on keytabs) * 3. A TGT (for S4U2proxy extension or user2user) * * Note that some secrets can coexist. For example, a user2user service * can use its keytab (or keys) if the client can successfully obtain a * normal service ticket, or it can use the TGT (actually, the session key * of the TGT) if the client can only acquire a service ticket * of ENC-TKT-IN-SKEY style. * * @since 1.8 */ public final class ServiceCreds { // The principal, or null if unbound private KerberosPrincipal kp; // All principals in the subject's princ set private Set<KerberosPrincipal> allPrincs; // All private credentials that can be used private List<KeyTab> ktabs; private List<KerberosKey> kk; private KerberosTicket tgt; private boolean destroyed; private ServiceCreds() { // Make sure this class cannot be instantiated externally. } /** * Creates a ServiceCreds object based on info in a Subject for * a given principal name (if specified). * @return the object, or null if there is no private creds for it */ public static ServiceCreds getInstance( Subject subj, String serverPrincipal) { ServiceCreds sc = new ServiceCreds(); sc.allPrincs = subj.getPrincipals(KerberosPrincipal.class); // Compatibility. A key implies its own principal for (KerberosKey key: SubjectComber.findMany( subj, serverPrincipal, null, KerberosKey.class)) { sc.allPrincs.add(key.getPrincipal()); } if (serverPrincipal != null) { // A named principal sc.kp = new KerberosPrincipal(serverPrincipal); } else { // For compatibility reason, we set the name of default principal // to the "only possible" name it can take, which means there is // only one KerberosPrincipal and there is no unbound keytabs if (sc.allPrincs.size() == 1) { boolean hasUnbound = false; for (KeyTab ktab: SubjectComber.findMany( subj, null, null, KeyTab.class)) { if (!ktab.isBound()) { hasUnbound = true; break; } } if (!hasUnbound) { sc.kp = sc.allPrincs.iterator().next(); serverPrincipal = sc.kp.getName(); } } } sc.ktabs = SubjectComber.findMany( subj, serverPrincipal, null, KeyTab.class); sc.kk = SubjectComber.findMany( subj, serverPrincipal, null, KerberosKey.class); sc.tgt = SubjectComber.find( subj, null, serverPrincipal, KerberosTicket.class); if (sc.ktabs.isEmpty() && sc.kk.isEmpty() && sc.tgt == null) { return null; } sc.destroyed = false; return sc; } // can be null public String getName() { if (destroyed) { throw new IllegalStateException("This object is destroyed"); } return kp == null ? null : kp.getName(); } /** * Gets keys for "someone". Used in 2 cases: * 1. By TLS because it needs to get keys before client comes in. * 2. As a fallback in getEKeys() below. * This method can still return an empty array. */ public KerberosKey[] getKKeys() { if (destroyed) { throw new IllegalStateException("This object is destroyed"); } KerberosPrincipal one = kp; // named principal if (one == null && !allPrincs.isEmpty()) { // or, a known principal one = allPrincs.iterator().next(); } if (one == null) { // Or, some random one for (KeyTab ktab: ktabs) { // Must be unbound keytab, otherwise, allPrincs is not empty PrincipalName pn = Krb5Util.snapshotFromJavaxKeyTab(ktab).getOneName(); if (pn != null) { one = new KerberosPrincipal(pn.getName()); break; } } } if (one != null) { return getKKeys(one); } else { return new KerberosKey[0]; } } /** * Get kkeys for a principal, * @param princ the target name initiator requests. Not null. * @return keys for the princ, never null, might be empty */ public KerberosKey[] getKKeys(KerberosPrincipal princ) { if (destroyed) { throw new IllegalStateException("This object is destroyed"); } ArrayList<KerberosKey> keys = new ArrayList<>(); if (kp != null && !princ.equals(kp)) { // named principal return new KerberosKey[0]; } for (KerberosKey k: kk) { if (k.getPrincipal().equals(princ)) { keys.add(k); } } for (KeyTab ktab: ktabs) { if (ktab.getPrincipal() == null && ktab.isBound()) { // legacy bound keytab. although we don't know who // the bound principal is, it must be in allPrincs if (!allPrincs.contains(princ)) { continue; // skip this legacy bound keytab } } for (KerberosKey k: ktab.getKeys(princ)) { keys.add(k); } } return keys.toArray(new KerberosKey[keys.size()]); } /** * Gets EKeys for a principal. * @param princ the target name initiator requests. Not null. * @return keys for the princ, never null, might be empty */ public EncryptionKey[] getEKeys(PrincipalName princ) { if (destroyed) { throw new IllegalStateException("This object is destroyed"); } KerberosKey[] kkeys = getKKeys(new KerberosPrincipal(princ.getName())); if (kkeys.length == 0) { // Fallback: old JDK does not perform real name checking. If the // acceptor has host.sun.com but initiator requests for host, // as long as their keys match (i.e. keys for one can decrypt // the other's service ticket), the authentication is OK. // There are real customers depending on this to use different // names for a single service. kkeys = getKKeys(); } EncryptionKey[] ekeys = new EncryptionKey[kkeys.length]; for (int i=0; i<ekeys.length; i++) { ekeys[i] = new EncryptionKey( kkeys[i].getEncoded(), kkeys[i].getKeyType(), kkeys[i].getVersionNumber()); } return ekeys; } public Credentials getInitCred() { if (destroyed) { throw new IllegalStateException("This object is destroyed"); } if (tgt == null) { return null; } try { return Krb5Util.ticketToCreds(tgt); } catch (KrbException | IOException e) { return null; } } public void destroy() { // Do not wipe out real keys because they are references to the // priv creds in subject. Just make it useless. destroyed = true; kp = null; ktabs.clear(); kk.clear(); tgt = null; } }
⏎ sun/security/jgss/krb5/ServiceCreds.java
Or download all of them as a single archive file:
File name: java.security.jgss-17.0.5-src.zip File size: 225968 bytes Release date: 2022-09-13 Download
⇒ JDK 17 java.security.sasl.jmod - Security SASL Module
2023-10-27, 5311👍, 0💬
Popular Posts:
Apache Log4j API provides the interface that applications should code to and provides the adapter co...
What Is poi-contrib-3.5.jar? poi-contrib-3.5.jar is one of the JAR files for Apache POI 3.5, which p...
What Is mail.jar of JavaMail 1.4? I got the JAR file from javamail-1_4.zip. mail.jar in javamail-1_4...
JDK 17 java.base.jmod is the JMOD file for JDK 17 Base module. JDK 17 Base module compiled class fil...
Apache Commons Lang 3 is the 3rd version of Apache Commons Lang, which provides a host of helper uti...