From commits-return-15663-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Tue Oct 02 03:17:59 2007 Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 78839 invoked from network); 2 Oct 2007 03:17:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Oct 2007 03:17:55 -0000 Received: (qmail 69498 invoked by uid 500); 2 Oct 2007 03:17:45 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 69441 invoked by uid 500); 2 Oct 2007 03:17:45 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 69430 invoked by uid 99); 2 Oct 2007 03:17:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Oct 2007 20:17:45 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Oct 2007 03:17:45 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 5455C1A9832; Mon, 1 Oct 2007 20:16:55 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r581130 - /directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ Date: Tue, 02 Oct 2007 03:16:54 -0000 To: commits@directory.apache.org From: erodriguez@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20071002031655.5455C1A9832@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: erodriguez Date: Mon Oct 1 20:16:53 2007 New Revision: 581130 URL: http://svn.apache.org/viewvc?rev=581130&view=rev Log: Message objects for PKINIT. Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java (with props) directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java (with props) Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,158 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +import java.util.List; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + + +/** + * AuthPack ::= SEQUENCE { + * pkAuthenticator [0] PKAuthenticator, + * clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, + * -- Type SubjectPublicKeyInfo is defined in + * -- [RFC3280]. + * -- Specifies Diffie-Hellman domain parameters + * -- and the client's public key value [IEEE1363]. + * -- The DH public key value is encoded as a BIT + * -- STRING according to [RFC3279]. + * -- This field is present only if the client wishes + * -- to use the Diffie-Hellman key agreement method. + * supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier + * OPTIONAL, + * -- Type AlgorithmIdentifier is defined in + * -- [RFC3280]. + * -- List of CMS algorithm [RFC3370] identifiers + * -- that identify key transport algorithms, or + * -- content encryption algorithms, or signature + * -- algorithms supported by the client in order of + * -- (decreasing) preference. + * clientDHNonce [3] DHNonce OPTIONAL, + * -- Present only if the client indicates that it + * -- wishes to reuse DH keys or to allow the KDC to + * -- do so. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class AuthPack +{ + private PkAuthenticator pkAuthenticator; + + /** + * Type SubjectPublicKeyInfo is defined in [RFC3280]. Specifies Diffie-Hellman + * domain parameters and the client's public key value [IEEE1363]. The DH public + * key value is encoded as a BIT STRING according to [RFC3279]. This field is + * present only if the client wishes to use the Diffie-Hellman key agreement method. + */ + private byte[] clientPublicValue; + + /** + * Type AlgorithmIdentifier is defined in [RFC3280]. List of CMS algorithm + * [RFC3370] identifiers that identify key transport algorithms, or content + * encryption algorithms, or signature algorithms supported by the client in + * order of (decreasing) preference. + */ + private List supportedCMSTypes; + + /** + * Present only if the client indicates that it wishes to reuse DH keys or to + * allow the KDC to do so. + */ + private byte[] clientDHNonce; + + + /** + * Creates a new instance of AuthPack. + * + * @param pkAuthenticator + * @param clientPublicValue + * @param supportedCMSTypes + * @param clientDHNonce + */ + public AuthPack( PkAuthenticator pkAuthenticator, byte[] clientPublicValue, + List supportedCMSTypes, byte[] clientDHNonce ) + { + this.pkAuthenticator = pkAuthenticator; + this.clientPublicValue = clientPublicValue; + this.supportedCMSTypes = supportedCMSTypes; + this.clientDHNonce = clientDHNonce; + } + + + /** + * Creates a new instance of AuthPack. + * + * @param encodedAuthPack + */ + public AuthPack( byte[] encodedAuthPack ) + { + // TODO - Decode the AuthPack. + } + + + /** + * @return the pkAuthenticator + */ + public PkAuthenticator getPkAuthenticator() + { + return pkAuthenticator; + } + + + /** + * @return the clientPublicValue + */ + public byte[] getClientPublicValue() + { + return clientPublicValue; + } + + + /** + * @return the supportedCMSTypes + */ + public List getSupportedCMSTypes() + { + return supportedCMSTypes; + } + + + /** + * @return the clientDHNonce + */ + public byte[] getClientDHNonce() + { + return clientDHNonce; + } + + + /** + * @return the encoded + */ + public byte[] getEncoded() + { + return new byte[0]; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +/** + * DHRepInfo ::= SEQUENCE { + * dhSignedData [0] IMPLICIT OCTET STRING, + * -- Contains a CMS type ContentInfo encoded according + * -- to [RFC3852]. + * -- The contentType field of the type ContentInfo is + * -- id-signedData (1.2.840.113549.1.7.2), and the + * -- content field is a SignedData. + * -- The eContentType field for the type SignedData is + * -- id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the + * -- eContent field contains the DER encoding of the + * -- type KDCDHKeyInfo. + * -- KDCDHKeyInfo is defined below. + * serverDHNonce [1] DHNonce OPTIONAL, + * -- Present if and only if dhKeyExpiration is + * -- present. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class DhRepInfo +{ + /** + * Contains a CMS type ContentInfo encoded according to [RFC3852]. The contentType + * field of the type ContentInfo is id-signedData (1.2.840.113549.1.7.2), and the + * content field is a SignedData. The eContentType field for the type SignedData + * is id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the eContent field contains the + * DER encoding of the type KDCDHKeyInfo. + */ + private byte[] dhSignedData; + + /** + * Present if and only if dhKeyExpiration is present. + */ + private byte[] serverDHNonce; + + + /** + * Creates a new instance of DhRepInfo. + * + * @param dhSignedData + * @param serverDHNonce + */ + public DhRepInfo( byte[] dhSignedData, byte[] serverDHNonce ) + { + this.dhSignedData = dhSignedData; + this.serverDHNonce = serverDHNonce; + } + + + /** + * @return the dhSignedData + */ + public byte[] getDhSignedData() + { + return dhSignedData; + } + + + /** + * @return the serverDHNonce + */ + public byte[] getServerDHNonce() + { + return serverDHNonce; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,122 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +/** + * ExternalPrincipalIdentifier ::= SEQUENCE { + * subjectName [0] IMPLICIT OCTET STRING OPTIONAL, + * -- Contains a PKIX type Name encoded according to + * -- [RFC3280]. + * -- Identifies the certificate subject by the + * -- distinguished subject name. + * -- REQUIRED when there is a distinguished subject + * -- name present in the certificate. + * issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, + * -- Contains a CMS type IssuerAndSerialNumber encoded + * -- according to [RFC3852]. + * -- Identifies a certificate of the subject. + * -- REQUIRED for TD-INVALID-CERTIFICATES and + * -- TD-TRUSTED-CERTIFIERS. + * subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, + * -- Identifies the subject's public key by a key + * -- identifier. When an X.509 certificate is + * -- referenced, this key identifier matches the X.509 + * -- subjectKeyIdentifier extension value. When other + * -- certificate formats are referenced, the documents + * -- that specify the certificate format and their use + * -- with the CMS must include details on matching the + * -- key identifier to the appropriate certificate + * -- field. + * -- RECOMMENDED for TD-TRUSTED-CERTIFIERS. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class ExternalPrincipalIdentifier +{ + /** + * Contains a PKIX type Name encoded according to [RFC3280]. Identifies the + * certificate subject by the distinguished subject name. REQUIRED when there + * is a distinguished subject name present in the certificate. + */ + private byte[] subjectName; + + /** + * Contains a CMS type IssuerAndSerialNumber encoded according to [RFC3852]. + * Identifies a certificate of the subject. REQUIRED for TD-INVALID-CERTIFICATES + * and TD-TRUSTED-CERTIFIERS. + */ + private byte[] issuerAndSerialNumber; + + /** + * Identifies the subject's public key by a key identifier. When an X.509 certificate + * is referenced, this key identifier matches the X.509 subjectKeyIdentifier extension + * value. When other certificate formats are referenced, the documents that specify + * the certificate format and their use with the CMS must include details on matching + * the key identifier to the appropriate certificate field. RECOMMENDED for + * TD-TRUSTED-CERTIFIERS. + */ + private byte[] subjectKeyIdentifier; + + + /** + * Creates a new instance of ExternalPrincipalIdentifier. + * + * @param subjectName + * @param issuerAndSerialNumber + * @param subjectKeyIdentifier + */ + public ExternalPrincipalIdentifier( byte[] subjectName, byte[] issuerAndSerialNumber, byte[] subjectKeyIdentifier ) + { + this.subjectName = subjectName; + this.issuerAndSerialNumber = issuerAndSerialNumber; + this.subjectKeyIdentifier = subjectKeyIdentifier; + } + + + /** + * @return the subjectName + */ + public byte[] getSubjectName() + { + return subjectName; + } + + + /** + * @return the issuerAndSerialNumber + */ + public byte[] getIssuerAndSerialNumber() + { + return issuerAndSerialNumber; + } + + + /** + * @return the subjectKeyIdentifier + */ + public byte[] getSubjectKeyIdentifier() + { + return subjectKeyIdentifier; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime; + + +/** + * KDCDHKeyInfo ::= SEQUENCE { + * subjectPublicKey [0] BIT STRING, + * -- The KDC's DH public key. + * -- The DH public key value is encoded as a BIT + * -- STRING according to [RFC3279]. + * nonce [1] INTEGER (0..4294967295), + * -- Contains the nonce in the pkAuthenticator field + * -- in the request if the DH keys are NOT reused, + * -- 0 otherwise. + * dhKeyExpiration [2] KerberosTime OPTIONAL, + * -- Expiration time for KDC's key pair, + * -- present if and only if the DH keys are reused. + * -- If present, the KDC's DH public key MUST not be + * -- used past the point of this expiration time. + * -- If this field is omitted then the serverDHNonce + * -- field MUST also be omitted. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class KdcDhKeyInfo +{ + /** + * The KDC's DH public key. The DH public key value is encoded as a BIT STRING + * according to [RFC3279]. + */ + private byte[] subjectPublicKey; + + /** + * Contains the nonce in the pkAuthenticator field in the request if the DH + * keys are NOT reused, 0 otherwise. + */ + private int nonce; + + /** + * Expiration time for KDC's key pair, present if and only if the DH keys are + * reused. If present, the KDC's DH public key MUST not be used past the point + * of this expiration time. If this field is omitted then the serverDHNonce + * field MUST also be omitted. + */ + private KerberosTime dhKeyExpiration; + + + /** + * Creates a new instance of KdcDhKeyInfo. + * + * @param subjectPublicKey + * @param nonce + * @param dhKeyExpiration + */ + public KdcDhKeyInfo( byte[] subjectPublicKey, int nonce, KerberosTime dhKeyExpiration ) + { + this.subjectPublicKey = subjectPublicKey; + this.nonce = nonce; + this.dhKeyExpiration = dhKeyExpiration; + } + + + /** + * Creates a new instance of KdcDhKeyInfo. + * + * @param encodedKdcDhKeyInfo + */ + public KdcDhKeyInfo( byte[] encodedKdcDhKeyInfo ) + { + // TODO - Decode. + } + + + /** + * @return the subjectPublicKey + */ + public byte[] getSubjectPublicKey() + { + return subjectPublicKey; + } + + + /** + * @return the nonce + */ + public int getNonce() + { + return nonce; + } + + + /** + * @return the dhKeyExpiration + */ + public KerberosTime getDhKeyExpiration() + { + return dhKeyExpiration; + } + + + /** + * @return the encoded + */ + public byte[] getEncoded() + { + return new byte[0]; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName; +import org.bouncycastle.asn1.DERSequence; + + +/** + * KRB5PrincipalName ::= SEQUENCE { + * realm [0] Realm, + * principalName [1] PrincipalName + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class Krb5PrincipalName +{ + private String realm; + + private PrincipalName principalName; + + + /** + * @return the realm + */ + public String getRealm() + { + return realm; + } + + + /** + * @return the principalName + */ + public PrincipalName getPrincipalName() + { + return principalName; + } + + + /** + * @return the sequence + */ + public DERSequence getSequence() + { + return new DERSequence(); + } + + + /** + * @return the encoded + */ + public byte[] getEncoded() + { + return new byte[0]; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java ------------------------------------------------------------------------------ svn:eol-style = native Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +/** + * PA-PK-AS-REP ::= CHOICE { + * dhInfo [0] DHRepInfo, + * -- Selected when Diffie-Hellman key exchange is + * -- used. + * encKeyPack [1] IMPLICIT OCTET STRING, + * -- Selected when public key encryption is used. + * -- Contains a CMS type ContentInfo encoded + * -- according to [RFC3852]. + * -- The contentType field of the type ContentInfo is + * -- id-envelopedData (1.2.840.113549.1.7.3). + * -- The content field is an EnvelopedData. + * -- The contentType field for the type EnvelopedData + * -- is id-signedData (1.2.840.113549.1.7.2). + * -- The eContentType field for the inner type + * -- SignedData (when unencrypted) is + * -- id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the + * -- eContent field contains the DER encoding of the + * -- type ReplyKeyPack. + * -- ReplyKeyPack is defined below. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class PaPkAsRep +{ + /** + * Selected when Diffie-Hellman key exchange is used. + */ + private DhRepInfo dhInfo; + + /** + * Selected when public key encryption is used. Contains a CMS type ContentInfo + * encoded according to [RFC3852]. The contentType field of the type ContentInfo + * is id-envelopedData (1.2.840.113549.1.7.3). The content field is an EnvelopedData. + * The contentType field for the type EnvelopedData is id-signedData (1.2.840.113549.1.7.2). + * The eContentType field for the inner type SignedData (when unencrypted) is + * id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the eContent field contains the + * DER encoding of the type ReplyKeyPack. + */ + private byte[] encKeyPack; + + + /** + * Creates a new instance of PaPkAsRep using the Diffie-Hellman key exchange method. + * + * @param dhInfo + */ + public PaPkAsRep( DhRepInfo dhInfo ) + { + this.dhInfo = dhInfo; + } + + + /** + * Creates a new instance of PaPkAsRep using the public key method. + * + * @param encKeyPack + */ + public PaPkAsRep( byte[] encKeyPack ) + { + this.encKeyPack = encKeyPack; + } + + + /** + * @return the dhInfo + */ + public DhRepInfo getDhInfo() + { + return dhInfo; + } + + + /** + * @return the encKeyPack + */ + public byte[] getEncKeyPack() + { + return encKeyPack; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,139 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +import java.util.List; + + +/** + * PA-PK-AS-REQ ::= SEQUENCE { + * signedAuthPack [0] IMPLICIT OCTET STRING, + * -- Contains a CMS type ContentInfo encoded + * -- according to [RFC3852]. + * -- The contentType field of the type ContentInfo + * -- is id-signedData (1.2.840.113549.1.7.2), + * -- and the content field is a SignedData. + * -- The eContentType field for the type SignedData is + * -- id-pkinit-authData (1.3.6.1.5.2.3.1), and the + * -- eContent field contains the DER encoding of the + * -- type AuthPack. + * -- AuthPack is defined below. + * trustedCertifiers [1] SEQUENCE OF + * ExternalPrincipalIdentifier OPTIONAL, + * -- Contains a list of CAs, trusted by the client, + * -- that can be used to certify the KDC. + * -- Each ExternalPrincipalIdentifier identifies a CA + * -- or a CA certificate (thereby its public key). + * -- The information contained in the + * -- trustedCertifiers SHOULD be used by the KDC as + * -- hints to guide its selection of an appropriate + * -- certificate chain to return to the client. + * kdcPkId [2] IMPLICIT OCTET STRING + * OPTIONAL, + * -- Contains a CMS type SignerIdentifier encoded + * -- according to [RFC3852]. + * -- Identifies, if present, a particular KDC + * -- public key that the client already has. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class PaPkAsReq +{ + /** + * Contains a CMS type ContentInfo encoded according to [RFC3852]. The contentType + * field of the type ContentInfo is id-signedData (1.2.840.113549.1.7.2), and the + * content field is a SignedData. The eContentType field for the type SignedData + * is id-pkinit-authData (1.3.6.1.5.2.3.1), and the eContent field contains the + * DER encoding of the type AuthPack. + */ + private byte[] signedAuthPack; + + /** + * Contains a list of CAs, trusted by the client, that can be used to certify + * the KDC. Each ExternalPrincipalIdentifier identifies a CA or a CA certificate + * (thereby its public key). The information contained in the trustedCertifiers + * SHOULD be used by the KDC as hints to guide its selection of an appropriate + * certificate chain to return to the client. + */ + private List trustedCertifiers; + + /** + * Contains a CMS type SignerIdentifier encoded according to [RFC3852]. Identifies, + * if present, a particular KDC public key that the client already has. + */ + private byte[] kdcPkId; + + + /** + * Creates a new instance of PaPkAsReq. + * + * @param signedAuthPack + * @param trustedCertifiers + * @param kdcPkId + */ + public PaPkAsReq( byte[] signedAuthPack, List trustedCertifiers, byte[] kdcPkId ) + { + this.signedAuthPack = signedAuthPack; + this.trustedCertifiers = trustedCertifiers; + this.kdcPkId = kdcPkId; + } + + + /** + * @return the signedAuthPack + */ + public byte[] getSignedAuthPack() + { + return signedAuthPack; + } + + + /** + * @return the trustedCertifiers + */ + public List getTrustedCertifiers() + { + return trustedCertifiers; + } + + + /** + * @return the kdcPkId + */ + public byte[] getKdcPkId() + { + return kdcPkId; + } + + + /** + * Returns the encoded form. + * + * @return The encoded form. + */ + public byte[] getEncoded() + { + return new byte[0]; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,120 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime; + + +/** + * PKAuthenticator ::= SEQUENCE { + * cusec [0] INTEGER (0..999999), + * ctime [1] KerberosTime, + * -- cusec and ctime are used as in [RFC4120], for + * -- replay prevention. + * nonce [2] INTEGER (0..4294967295), + * -- Chosen randomly; this nonce does not need to + * -- match with the nonce in the KDC-REQ-BODY. + * paChecksum [3] OCTET STRING OPTIONAL, + * -- MUST be present. + * -- Contains the SHA1 checksum, performed over + * -- KDC-REQ-BODY. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class PkAuthenticator +{ + /** + * cusec is used as in [RFC4120], for replay prevention. + */ + private int cusec; + + /** + * ctime is used as in [RFC4120], for replay prevention. + */ + private KerberosTime ctime; + + /** + * Chosen randomly; this nonce does not need to match with the nonce in the + * KDC-REQ-BODY. + */ + private int nonce; + + /** + * MUST be present. Contains the SHA1 checksum, performed over KDC-REQ-BODY. + */ + private byte[] paChecksum; + + + /** + * Creates a new instance of PkAuthenticator. + * + * @param cusec + * @param ctime + * @param nonce + * @param paChecksum + */ + public PkAuthenticator( int cusec, KerberosTime ctime, int nonce, byte[] paChecksum ) + { + this.cusec = cusec; + this.ctime = ctime; + this.nonce = nonce; + this.paChecksum = paChecksum; + } + + + /** + * @return the cusec + */ + public int getCusec() + { + return cusec; + } + + + /** + * @return the ctime + */ + public KerberosTime getCtime() + { + return ctime; + } + + + /** + * @return the nonce + */ + public int getNonce() + { + return nonce; + } + + + /** + * @return the paChecksum + */ + public byte[] getPaChecksum() + { + return paChecksum; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java ------------------------------------------------------------------------------ svn:executable = * Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java?rev=581130&view=auto ============================================================================== --- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java (added) +++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java Mon Oct 1 20:16:53 2007 @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.pkinit.io; + + +import org.apache.directory.server.kerberos.shared.messages.value.Checksum; +import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; + + +/** + * ReplyKeyPack ::= SEQUENCE { + * replyKey [0] EncryptionKey, + * -- Contains the session key used to encrypt the + * -- enc-part field in the AS-REP, i.e., the + * -- AS reply key. + * asChecksum [1] Checksum, + * -- Contains the checksum of the AS-REQ + * -- corresponding to the containing AS-REP. + * -- The checksum is performed over the type AS-REQ. + * -- The protocol key [RFC3961] of the checksum is the + * -- replyKey and the key usage number is 6. + * -- If the replyKey's enctype is "newer" [RFC4120] + * -- [RFC4121], the checksum is the required + * -- checksum operation [RFC3961] for that enctype. + * -- The client MUST verify this checksum upon receipt + * -- of the AS-REP. + * ... + * } + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class ReplyKeyPack +{ + /** + * Contains the session key used to encrypt the enc-part field in the AS-REP, + * i.e., the AS reply key. + */ + private EncryptionKey replyKey; + + /** + * Contains the checksum of the AS-REQ corresponding to the containing AS-REP. + * The checksum is performed over the type AS-REQ. The protocol key [RFC3961] + * of the checksum is the replyKey and the key usage number is 6. If the replyKey's + * enctype is "newer" [RFC4120] [RFC4121], the checksum is the required checksum + * operation [RFC3961] for that enctype. The client MUST verify this checksum + * upon receipt of the AS-REP. + */ + private Checksum asChecksum; + + + /** + * Creates a new instance of ReplyKeyPack. + * + * @param replyKey + * @param asChecksum + */ + public ReplyKeyPack( EncryptionKey replyKey, Checksum asChecksum ) + { + this.replyKey = replyKey; + this.asChecksum = asChecksum; + } + + + /** + * @return the replyKey + */ + public EncryptionKey getReplyKey() + { + return replyKey; + } + + + /** + * @return the asChecksum + */ + public Checksum getAsChecksum() + { + return asChecksum; + } + + + /** + * @return the encoded + */ + public byte[] getEncoded() + { + return new byte[0]; + } +} Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java ------------------------------------------------------------------------------ svn:executable = *