Java Code Examples for javax.security.auth.kerberos.KerberosTicket#isDestroyed()

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}
 

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}
 

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 

static private void fixKerberosTicketOrder(Subject subject) {
    Set<Object> creds = subject.getPrivateCredentials();
    synchronized (creds) {
        for (Iterator<Object> iter = creds.iterator(); iter.hasNext(); ) {
            Object cred = iter.next();
            if (cred instanceof KerberosTicket) {
                KerberosTicket ticket = (KerberosTicket) cred;
                if (ticket.isDestroyed() || ticket.getServer() == null) {
                    LOG.debug("Ticket is already destroyed, remove it.");
                    iter.remove();
                } else if (!ticket.getServer().getName().startsWith("krbtgt")) {
                    LOG.debug("The first kerberos ticket is not TGT(the server principal is {}), remove and destroy it.",
                            ticket.getServer());
                    iter.remove();
                    try {
                        ticket.destroy();
                    } catch (DestroyFailedException e) {
                        LOG.warn("destroy ticket failed", e);
                    }
                } else {
                    return;
                }
            }
        }
    }
    LOG.warn("Warning, no kerberos tickets found while attempting to renew ticket");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}
 

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);

    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);

    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
            "forwardable = true", "proxiable = true");

    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList(
            "Client {",
            "    com.sun.security.auth.module.Krb5LoginModule required;",
            "};"
    ));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    long startTime = Instant.now().getEpochSecond() * 1000;

    LoginContext lc = new LoginContext("Client",
            new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();

    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);

    Set creds = subject.getPrivateCredentials(
            KerberosTicket.class);

    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }

    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;

    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());

    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }

    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }

    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }

    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException(
                "Expected RefreshFailedException not thrown");
    } catch(RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }

    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }

    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }

    System.out.println("Test passed");
}