directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [3/3] directory-kerberos git commit: Removed many unrelated
Date Sun, 25 Jan 2015 08:25:36 GMT
Removed many unrelated


Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/3917f3cc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/3917f3cc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/3917f3cc

Branch: refs/heads/cleanssl
Commit: 3917f3cc71c087e892ac5526e74b2d5206619300
Parents: 8b7fb1b
Author: Drankye <drankye@gmail.com>
Authored: Sun Jan 25 16:25:16 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Sun Jan 25 16:25:16 2015 +0800

----------------------------------------------------------------------
 3rdparty/not-yet-commons-ssl/pom.xml            |   5 +
 .../apache/commons/ssl/Asn1PkcsStructure.java   |   2 +-
 .../org/apache/commons/ssl/Asn1PkcsUtil.java    |   2 +-
 .../java/org/apache/commons/ssl/Java13.java     | 303 ----------
 .../commons/ssl/Java13KeyManagerWrapper.java    |  82 ---
 .../commons/ssl/Java13TrustManagerWrapper.java  | 103 ----
 .../java/org/apache/commons/ssl/JavaImpl.java   |  25 -
 .../java/org/apache/commons/ssl/LogHelper.java  |  87 ---
 .../java/org/apache/commons/ssl/LogWrapper.java | 295 ----------
 .../java/org/apache/commons/ssl/OpenSSL.java    |   2 +-
 .../java/org/apache/commons/ssl/PEMItem.java    |   2 +-
 .../commons/ssl/RMISocketFactoryImpl.java       | 578 -------------------
 .../main/java/org/apache/commons/ssl/SSL.java   |   8 -
 .../java/org/apache/commons/ssl/SSLServer.java  |  34 --
 .../apache/commons/ssl/SSLWrapperFactory.java   |  10 +-
 .../org/apache/commons/ssl/TomcatServerXML.java | 231 --------
 .../java/org/apache/commons/ssl/util/Hex.java   |  83 ---
 .../main/java/org/apache/kerby/util/Hex.java    |  77 +++
 18 files changed, 88 insertions(+), 1841 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/pom.xml
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/pom.xml b/3rdparty/not-yet-commons-ssl/pom.xml
index 00465a4..74c97d4 100644
--- a/3rdparty/not-yet-commons-ssl/pom.xml
+++ b/3rdparty/not-yet-commons-ssl/pom.xml
@@ -68,6 +68,11 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-util</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
       <scope>test</scope>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-ext-jdk15on</artifactId>

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
index e00d58d..fc25b51 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
@@ -25,8 +25,8 @@
 
 package org.apache.commons.ssl;
 
-import org.apache.commons.ssl.util.Hex;
 import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.util.Hex;
 
 import java.util.*;
 

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
index 4f6823a..398d012 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
@@ -25,9 +25,9 @@
 
 package org.apache.commons.ssl;
 
-import org.apache.commons.ssl.util.Hex;
 import org.apache.kerby.asn1.Asn1InputBuffer;
 import org.apache.kerby.asn1.type.*;
+import org.apache.kerby.util.Hex;
 
 import java.io.FileInputStream;
 import java.io.IOException;

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java
deleted file mode 100644
index 1a2fb47..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java13.java $
- * $Revision: 155 $
- * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import com.sun.net.ssl.KeyManager;
-import com.sun.net.ssl.KeyManagerFactory;
-import com.sun.net.ssl.SSLContext;
-import com.sun.net.ssl.TrustManager;
-import com.sun.net.ssl.TrustManagerFactory;
-import com.sun.net.ssl.X509KeyManager;
-import com.sun.net.ssl.X509TrustManager;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLServerSocket;
-import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.lang.reflect.Method;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.URL;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-/**
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 30-Jun-2006
- */
-public final class Java13 extends JavaImpl {
-    private final static Java13 instance = new Java13();
-
-    private Java13() {
-        try {
-            Class c = Class.forName("javax.crypto.Cipher");
-            Class[] sig = {String.class};
-            String[] args = {"DES/CBC/PKCS5Padding"};
-            Method m = c.getMethod("getInstance", sig);
-            m.invoke(null, (Object[]) args);
-        }
-        catch (Exception e) {
-            try {
-                Class c = Class.forName("com.sun.crypto.provider.SunJCE");
-                Security.addProvider((Provider) c.newInstance());
-                // System.out.println( "jce not loaded: " + e + " - loading SunJCE!" );
-                //e.printStackTrace( System.out );
-            }
-            catch (Exception e2) {
-                System.out.println("com.sun.crypto.provider.SunJCE unavailable: " + e2);
-                // e2.printStackTrace( System.out );
-            }
-        }
-        try {
-            URL u = new URL("https://vancity.com/");
-            u.openConnection();
-        }
-        catch (Exception e) {
-            // System.out.println( "java.net.URL support of https not loaded: " + e + " - attempting to load com.sun.net.ssl.internal.ssl.Provider!" );
-            Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
-            System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
-        }
-        // System.out.println( "old HANDLER: " + HANDLER );
-    }
-
-    public static Java13 getInstance() {
-        return instance;
-    }
-
-    public final String getVersion() {
-        return "Java13";
-    }
-
-    protected final String retrieveSubjectX500(X509Certificate cert) {
-        return cert.getSubjectDN().toString();
-    }
-
-    protected final String retrieveIssuerX500(X509Certificate cert) {
-        return cert.getIssuerDN().toString();
-    }
-
-    protected final Certificate[] retrievePeerCerts(SSLSession sslSession)
-        throws SSLPeerUnverifiedException {
-        javax.security.cert.X509Certificate[] chain;
-        chain = sslSession.getPeerCertificateChain();
-        X509Certificate[] newChain = new X509Certificate[chain.length];
-        try {
-            for (int i = 0; i < chain.length; i++) {
-                javax.security.cert.X509Certificate javaxCert = chain[i];
-                byte[] encoded = javaxCert.getEncoded();
-                ByteArrayInputStream in = new ByteArrayInputStream(encoded);
-                synchronized (Certificates.CF) {
-                    Certificate c = Certificates.CF.generateCertificate(in);
-                    newChain[i] = (X509Certificate) c;
-                }
-            }
-        }
-        catch (Exception e) {
-            throw buildRuntimeException(e);
-        }
-        return newChain;
-    }
-
-    protected final Object buildKeyManagerFactory(KeyStore ks, char[] password)
-        throws NoSuchAlgorithmException, KeyStoreException,
-        UnrecoverableKeyException {
-        String alg = KeyManagerFactory.getDefaultAlgorithm();
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance(alg);
-        kmf.init(ks, password);
-        return kmf;
-    }
-
-    protected final Object buildTrustManagerFactory(KeyStore ks)
-        throws NoSuchAlgorithmException, KeyStoreException {
-        String alg = TrustManagerFactory.getDefaultAlgorithm();
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(alg);
-        tmf.init(ks);
-        return tmf;
-    }
-
-
-    protected final Object[] retrieveKeyManagers(Object keyManagerFactory) {
-        KeyManagerFactory kmf = (KeyManagerFactory) keyManagerFactory;
-        return kmf.getKeyManagers();
-    }
-
-    protected final Object[] retrieveTrustManagers(Object trustManagerFactory) {
-        TrustManagerFactory tmf = (TrustManagerFactory) trustManagerFactory;
-        return tmf.getTrustManagers();
-    }
-
-    protected final SSLSocketFactory buildSSLSocketFactory(Object ssl) {
-        return ((SSLContext) ssl).getSocketFactory();
-    }
-
-    protected final SSLServerSocketFactory buildSSLServerSocketFactory(Object ssl) {
-        return ((SSLContext) ssl).getServerSocketFactory();
-    }
-
-    protected final RuntimeException buildRuntimeException(Exception cause) {
-        ByteArrayOutputStream byteOut = new ByteArrayOutputStream(512);
-        PrintStream ps = new PrintStream(byteOut);
-        ps.println(cause.toString());
-        cause.printStackTrace(ps);
-        ps.flush();
-        String originalCause = byteOut.toString();
-        return new RuntimeException(originalCause);
-    }
-
-    protected final SSLSocket buildSocket(SSL ssl) {
-        // Not supported in Java 1.3.
-        throw new UnsupportedOperationException();
-    }
-
-    protected final SSLSocket buildSocket(SSL ssl, String remoteHost,
-                                          int remotePort, InetAddress localHost,
-                                          int localPort, int connectTimeout)
-        throws IOException {
-        // Connect Timeout ignored for Java 1.3
-        SSLSocketFactory sf = ssl.getSSLSocketFactory();
-        SSLSocket s = (SSLSocket) connectSocket(
-                null, sf, remoteHost, remotePort, localHost, localPort, -1, ssl
-        );
-        ssl.doPreConnectSocketStuff(s);
-        ssl.doPostConnectSocketStuff(s, remoteHost);
-        return s;
-    }
-
-    protected final Socket buildPlainSocket(
-            SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int connectTimeout
-    )
-        throws IOException {
-        // Connect Timeout ignored for Java 1.3
-        SocketFactory sf = SocketFactory.getDefault();
-        Socket s = connectSocket(
-                null, sf, remoteHost, remotePort, localHost, localPort, -1, ssl
-        );
-        ssl.doPreConnectSocketStuff(s);
-        ssl.doPostConnectSocketStuff(s, remoteHost);
-        return s;
-    }
-    
-    protected final Socket connectSocket(Socket s, SocketFactory sf,
-                                         String remoteHost, int remotePort,
-                                         InetAddress localHost, int localPort,
-                                         int timeout, SSL ssl)
-        throws IOException {
-
-        remoteHost = ssl.dnsOverride(remoteHost);
-
-        // Connect Timeout ignored for Java 1.3
-        if (s == null) {
-            if (sf == null) {
-                s = new Socket(remoteHost, remotePort, localHost, localPort);
-            } else {
-                s = sf.createSocket(remoteHost, remotePort, localHost, localPort);
-            }
-        }
-        return s;
-    }
-
-
-    protected final SSLServerSocket buildServerSocket(SSL ssl) {
-        // Not supported in Java 1.3.
-        throw new UnsupportedOperationException();
-    }
-
-    protected final void wantClientAuth(Object o, boolean wantClientAuth) {
-        // Not supported in Java 1.3.
-    }
-
-    protected final void enabledProtocols(Object o, String[] enabledProtocols) {
-        // Not supported in Java 1.3.
-    }
-
-    protected void checkTrusted(Object trustManager, X509Certificate[] chain,
-                                String authType)
-        throws CertificateException {
-        X509TrustManager tm = (X509TrustManager) trustManager;
-        boolean result = tm.isServerTrusted(chain);
-        if (!result) {
-            throw new CertificateException("commons-ssl java13 mode: certificate chain not trusted");
-        }
-    }
-
-
-    protected final Object initSSL(SSL ssl, TrustChain tc, KeyMaterial k)
-        throws NoSuchAlgorithmException, KeyStoreException,
-        CertificateException, KeyManagementException, IOException {
-        SSLContext context = SSLContext.getInstance(ssl.getDefaultProtocol());
-        TrustManager[] trustManagers = null;
-        KeyManager[] keyManagers = null;
-        if (tc != null) {
-            trustManagers = (TrustManager[]) tc.getTrustManagers();
-        }
-        if (k != null) {
-            keyManagers = (KeyManager[]) k.getKeyManagers();
-        }
-        if (keyManagers != null) {
-            for (int i = 0; i < keyManagers.length; i++) {
-                if (keyManagers[i] instanceof X509KeyManager) {
-                    X509KeyManager km = (X509KeyManager) keyManagers[i];
-                    keyManagers[i] = new Java13KeyManagerWrapper(km, k, ssl);
-                }
-            }
-        }
-        if (trustManagers != null) {
-            for (int i = 0; i < trustManagers.length; i++) {
-                if (trustManagers[i] instanceof X509TrustManager) {
-                    X509TrustManager tm = (X509TrustManager) trustManagers[i];
-                    trustManagers[i] = new Java13TrustManagerWrapper(tm, tc, ssl);
-                }
-            }
-        }
-        context.init(keyManagers, trustManagers, null);
-        return context;
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java
deleted file mode 100644
index 81111b8..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java $
- * $Revision: 121 $
- * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import com.sun.net.ssl.X509KeyManager;
-
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-
-/**
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 30-Jun-2006
- */
-public class Java13KeyManagerWrapper implements X509KeyManager {
-
-    private final X509KeyManager keyManager;
-    // private final KeyMaterial keyMaterial;   <-- maybe use one day in the
-    // private final SSL ssl;                   <-- in the future?
-
-    public Java13KeyManagerWrapper(X509KeyManager m, KeyMaterial km, SSL h) {
-        this.keyManager = m;
-        // this.keyMaterial = km;   <-- maybe use one day in the
-        // this.ssl = h;            <-- in the future?
-    }
-
-    public String chooseClientAlias(String keyType, Principal[] issuers) {
-        return keyManager.chooseClientAlias(keyType, issuers);
-    }
-
-    public String chooseServerAlias(String keyType, Principal[] issuers) {
-        return keyManager.chooseServerAlias(keyType, issuers);
-    }
-
-    public X509Certificate[] getCertificateChain(String alias) {
-        return keyManager.getCertificateChain(alias);
-    }
-
-    public String[] getClientAliases(String keyType, Principal[] issuers) {
-        return keyManager.getClientAliases(keyType, issuers);
-    }
-
-    public PrivateKey getPrivateKey(String alias) {
-        return keyManager.getPrivateKey(alias);
-    }
-
-    public String[] getServerAliases(String keyType, Principal[] issuers) {
-        return keyManager.getServerAliases(keyType, issuers);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java
deleted file mode 100644
index ad86ee9..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java $
- * $Revision: 138 $
- * $Date: 2008-03-03 23:50:07 -0800 (Mon, 03 Mar 2008) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import com.sun.net.ssl.X509TrustManager;
-
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-/**
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 30-Jun-2006
- */
-public class Java13TrustManagerWrapper implements X509TrustManager {
-
-    private final X509TrustManager trustManager;
-    private final TrustChain trustChain;
-    private final SSL ssl;
-
-    public Java13TrustManagerWrapper(X509TrustManager m, TrustChain tc, SSL h) {
-        this.trustManager = m;
-        this.trustChain = tc;
-        this.ssl = h;
-    }
-
-    public boolean isClientTrusted(X509Certificate[] chain) {
-        ssl.setCurrentClientChain(chain);
-        boolean firstTest = trustManager.isClientTrusted(chain);
-        return test(firstTest, chain);
-    }
-
-    public boolean isServerTrusted(X509Certificate[] chain) {
-        ssl.setCurrentServerChain(chain);
-        boolean firstTest = trustManager.isServerTrusted(chain);
-        return test(firstTest, chain);
-    }
-
-    public X509Certificate[] getAcceptedIssuers() {
-        if ( trustChain.containsTrustAll()) {
-            // This means we accept all issuers.
-            return new X509Certificate[0];
-        } else {
-            return trustManager.getAcceptedIssuers();
-        }
-    }
-
-    private boolean test(boolean firstTest, X509Certificate[] chain) {
-        // Even if the first test failed, we might still be okay as long as
-        // this SSLServer or SSLClient is setup to trust all certificates.
-        if (!firstTest) {
-            if (!trustChain.contains(TrustMaterial.TRUST_ALL)) {
-                return false;
-            }
-        }
-        try {
-            for (int i = 0; i < chain.length; i++) {
-                X509Certificate c = chain[i];
-                if (ssl.getCheckExpiry()) {
-                    c.checkValidity();
-                }
-                if (ssl.getCheckCRL()) {
-                    Certificates.checkCRL(c);
-                }
-            }
-            return true;
-        }
-        catch (CertificateException ce) {
-            return false;
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
index 81d91a7..bc222a8 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
@@ -61,35 +61,10 @@ public abstract class JavaImpl {
 
     static {
         JavaImpl h = null;
-        try {
             h = Java14.getInstance();
-        }
-        catch (Throwable t) {
-            // System.out.println( t.toString() );
-            System.out.println("commons-ssl reverting to: Java 1.3 + jsse.jar");
-        }
-        if (h == null) {
-            h = Java13.getInstance();
-        }
         HANDLER = h;
     }
 
-    public static void downgrade() {
-        if (HANDLER instanceof Java14) {
-            HANDLER = Java13.getInstance();
-        }
-    }
-
-    public static boolean isJava13() {
-        return HANDLER instanceof Java13;
-    }
-
-    public static void uprade() {
-        if (HANDLER instanceof Java13) {
-            HANDLER = Java14.getInstance();
-        }
-    }
-
     public abstract String getVersion();
 
     protected abstract Object buildKeyManagerFactory(KeyStore ks, char[] pass)

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java
deleted file mode 100644
index 7a0f090..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/LogHelper.java $
- * $Revision: 121 $
- * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import org.apache.log4j.Logger;
-
-/**
- * <p/>
- * Wraps a Log4j Logger.  This non-public class is the one actually interacting
- * with the log4j.jar library.  That way LogWrapper can safely attempt to use
- * log4j.jar, but still degrade gracefully and provide logging via standard-out
- * even if log4j is unavailable.
- * <p/>
- * The interactions with log4j.jar could be done directly inside LogWrapper
- * as long as the Java code is compiled by Java 1.4 or greater (still works
- * at runtime in Java 1.3).  The interactions with log4j.jar only need to be
- * pushed out into a separate class like this for people using a Java 1.3
- * compiler, which creates bytecode that is more strict with depedency
- * checking.
- *
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 3-Aug-2006
- */
-final class LogHelper {
-    private final Logger l;
-
-    LogHelper(Class c) { l = Logger.getLogger(c); }
-
-    LogHelper(String s) { l = Logger.getLogger(s); }
-
-    void debug(Object o) { l.debug(o); }
-
-    void debug(Object o, Throwable t) { l.debug(o, t); }
-
-    void info(Object o) { l.info(o); }
-
-    void info(Object o, Throwable t) { l.info(o, t); }
-
-    void warn(Object o) { l.warn(o); }
-
-    void warn(Object o, Throwable t) { l.warn(o, t); }
-
-    void error(Object o) { l.error(o); }
-
-    void error(Object o, Throwable t) { l.error(o, t); }
-
-    void fatal(Object o) { l.fatal(o); }
-
-    void fatal(Object o, Throwable t) { l.fatal(o, t); }
-
-    boolean isDebugEnabled() { return l.isDebugEnabled(); }
-
-    boolean isInfoEnabled() { return l.isInfoEnabled(); }
-
-    Object getLog4jLogger() { return l; }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java
deleted file mode 100644
index b2baeb9..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/LogWrapper.java $
- * $Revision: 121 $
- * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import java.io.BufferedOutputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.PrintStream;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-/**
- * <p/>
- * LogWrapper can be used for situations where log4j might not be available on
- * the classpath.  It presents the most basic and critical components of the
- * log4j API, and passes all log calls through to log4j if possible.  If log4j
- * is not available, logging is sent to standard-out by default.
- * <p/>
- * This default logging to standard-out (which only occurs if log4j is NOT
- * available) can be disabled or changed via the static setBackupStream() and
- * setBackupLogFile() methods.
- *
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 3-Aug-2006
- */
-public class LogWrapper {
-
-    // final static String[] LEVELS = {"DEBUG", "INFO", "WARN", "ERROR", "FATAL"};
-    final static String[] LEVELS = {"+", " ", "!", "*", "#"};
-    final static String TIMESTAMP_PATTERN = "zzz:yyyy-MM-dd/HH:mm:ss.SSS";
-    final static int TIMESTAMP_LENGTH = TIMESTAMP_PATTERN.length();
-    final static String LINE_SEPARATOR = System.getProperty("line.separator");
-    final static DateFormat DF = new SimpleDateFormat(TIMESTAMP_PATTERN);
-
-    private final static LogWrapper NOOP = new LogWrapper();
-
-    /** Should we print DEBUG statements if log4j is not available? */
-    private final static boolean DEBUG = true;
-
-    /** true if log4j is available */
-    public final static boolean log4j;
-
-    /**
-     * OutputStream to log to if log4j is not available.  Set it to null to
-     * disable.
-     */
-    private static volatile OutputStream backup = System.out;
-
-    /** The wrappingPrintStream is lazy-initted if we have to log a stacktrace. */
-    private static volatile PrintStream wrappingPrintStream = null;
-
-    private final LogHelper h;
-
-    static {
-        boolean avail = false;
-        try {
-            // LogHelper's constructor will blow up if log4j.jar isn't on the
-            // classpath.
-            LogHelper lh = new LogHelper(LogWrapper.class);
-            lh.hashCode();
-            avail = true;
-        }
-        catch (Throwable t) {
-            avail = false;
-        }
-        finally {
-            log4j = avail;
-        }
-    }
-
-    public static boolean isLog4jAvailable() { return log4j; }
-
-    public static LogWrapper getLogger(Class c) {
-        return log4j ? new LogWrapper(c) : NOOP;
-    }
-
-    public static LogWrapper getLogger(String s) {
-        return log4j ? new LogWrapper(s) : NOOP;
-    }
-
-    private LogWrapper() { this.h = null; }
-
-    private LogWrapper(Class c) { this.h = new LogHelper(c); }
-
-    private LogWrapper(String s) { this.h = new LogHelper(s); }
-
-    public void debug(Object o) {
-        if (t(0, o, null)) {
-            h.debug(o);
-        }
-    }
-
-    public void debug(Object o, Throwable t) {
-        if (t(0, o, t)) {
-            h.debug(o, t);
-        }
-    }
-
-    public void info(Object o) {
-        if (t(1, o, null)) {
-            h.info(o);
-        }
-    }
-
-    public void info(Object o, Throwable t) {
-        if (t(1, o, t)) {
-            h.info(o, t);
-        }
-    }
-
-    public void warn(Object o) {
-        if (t(2, o, null)) {
-            h.warn(o);
-        }
-    }
-
-    public void warn(Object o, Throwable t) {
-        if (t(2, o, t)) {
-            h.warn(o, t);
-        }
-    }
-
-    public void error(Object o) {
-        if (t(3, o, null)) {
-            h.error(o);
-        }
-    }
-
-    public void error(Object o, Throwable t) {
-        if (t(3, o, t)) {
-            h.error(o, t);
-        }
-    }
-
-    public void fatal(Object o) {
-        if (t(4, o, null)) {
-            h.fatal(o);
-        }
-    }
-
-    public void fatal(Object o, Throwable t) {
-        if (t(4, o, t)) {
-            h.fatal(o, t);
-        }
-    }
-
-    public boolean isDebugEnabled() { return log4j ? h.isDebugEnabled() : DEBUG;}
-
-    public boolean isInfoEnabled() { return !log4j || h.isInfoEnabled(); }
-
-    public Object getLog4jLogger() { return log4j ? h.getLog4jLogger() : null; }
-
-
-    /**
-     * Tests if log4j is available.  If not, logs to backup OutputStream (if
-     * backup != null).
-     *
-     * @param level log4j logging level for this statement
-     * @param o     object to log
-     * @param t     throwable to log
-     * @return true if log4j is available, false if log4j is not.  If it returns
-     *         false, as a side-effect, it will also log the statement.
-     */
-    private boolean t(int level, Object o, Throwable t) {
-        if (log4j) {
-            return true;
-        } else {
-            // LogWrapper doesn't log debug statements if Log4j is not available
-            // and DEBUG is false.
-            if (backup != null && (DEBUG || level > 0)) {
-                String s = "";  // log4j allows null
-                if (o != null) {
-                    try {
-                        s = (String) o;
-                    }
-                    catch (ClassCastException cce) {
-                        s = o.toString();
-                    }
-                }
-                int len = s.length() + TIMESTAMP_LENGTH + 9;
-                String timestamp = DF.format(new Date());
-                StringBuffer buf = new StringBuffer(len);
-                buf.append(timestamp);
-                if (LEVELS[level].length() == 1) {
-                    buf.append(LEVELS[level]);
-                } else {
-                    buf.append(' ');
-                    buf.append(LEVELS[level]);
-                    buf.append(' ');
-                }
-                buf.append(s);
-                buf.append(LINE_SEPARATOR);
-                s = buf.toString();
-                byte[] logBytes = s.getBytes();
-                try {
-                    if (t == null) {
-                        backup.write(logBytes);
-                    } else {
-                        synchronized (backup) {
-                            backup.write(logBytes);
-                            if (t != null) {
-                                if (wrappingPrintStream == null) {
-                                    wrappingPrintStream = new PrintStream(backup, false);
-                                }
-                                t.printStackTrace(wrappingPrintStream);
-                                wrappingPrintStream.flush();
-                            }
-                        }
-                    }
-                    backup.flush();   // J2RE 1.5.0 IBM J9 2.3 Linux x86-32 needs this.
-                }
-                catch (IOException ioe) {
-                    throw new RuntimeException(ioe.toString());
-                }
-            }
-            return false;
-        }
-    }
-
-    /**
-     * Set file to log to if log4j is not available.
-     *
-     * @param f path to use for backup log file (if log4j not available)
-     * @throws java.io.IOException if we can't write to the given path
-     */
-    public static void setBackupLogFile(String f)
-        throws IOException {
-        if (!log4j) {
-            OutputStream out = new FileOutputStream(f, true);
-            out = new BufferedOutputStream(out);
-            setBackupStream(out);
-        }
-    }
-
-    /**
-     * Set PrintStream to log to if log4j is not available.  Set to null to
-     * disable.  Default value is System.out.
-     *
-     * @param os outputstream to use for backup logging (if log4j not available)
-     */
-    public static void setBackupStream(OutputStream os) {
-        // synchronize on the old backup - don't want to pull the rug out from
-        // under him if he's working on a big stacktrace or something like that.
-        if (backup != null) {
-            synchronized (backup) {
-                wrappingPrintStream = null;
-                backup = os;
-            }
-        } else {
-            wrappingPrintStream = null;
-            backup = os;
-        }
-    }
-
-    /**
-     * Get the PrintStream we're logging to if log4j is not available.
-     *
-     * @return OutputStream we're using as our log4j replacement.
-     */
-    public static OutputStream getBackupStream() { return backup; }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
index c4d3798..fd51bdb 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
@@ -31,7 +31,7 @@
 
 package org.apache.commons.ssl;
 
-import org.apache.commons.ssl.util.Hex;
+import org.apache.kerby.util.Hex;
 
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
index e0a9684..c935f39 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
@@ -31,7 +31,7 @@
 
 package org.apache.commons.ssl;
 
-import org.apache.commons.ssl.util.Hex;
+import org.apache.kerby.util.Hex;
 
 import java.util.Collections;
 import java.util.Map;

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java
deleted file mode 100644
index fcf7c5c..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java
+++ /dev/null
@@ -1,578 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/RMISocketFactoryImpl.java $
- * $Revision: 166 $
- * $Date: 2014-04-28 11:40:25 -0700 (Mon, 28 Apr 2014) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import javax.net.ServerSocketFactory;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLProtocolException;
-import javax.net.ssl.SSLSocket;
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InterruptedIOException;
-import java.net.DatagramSocket;
-import java.net.InetAddress;
-import java.net.NetworkInterface;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketException;
-import java.net.UnknownHostException;
-import java.rmi.server.RMISocketFactory;
-import java.security.GeneralSecurityException;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeMap;
-import java.util.TreeSet;
-
-
-/**
- * An RMISocketFactory ideal for using RMI over SSL.  The server secures both
- * the registry and the remote objects.  The client assumes that either both
- * the registry and the remote objects will use SSL, or both will use
- * plain-socket.  The client is able to auto detect plain-socket registries
- * and downgrades itself to accomodate those.
- * <p/>
- * Unlike most existing RMI over SSL solutions in use (including Java 5's
- * javax.rmi.ssl.SslRMIClientSocketFactory), this one does proper SSL hostname
- * verification.  From the client perspective this is straighforward.  From
- * the server perspective we introduce a clever trick:  we perform an initial
- * "hostname verification" by trying the current value of
- * "java.rmi.server.hostname" against our server certificate.  If the
- * "java.rmi.server.hostname" System Property isn't set, we set it ourselves
- * using the CN value we extract from our server certificate!  (Some
- * complications arise should a wildcard certificate show up, but we try our
- * best to deal with those).
- * <p/>
- * An SSL server cannot be started without a private key.  We have defined some
- * default behaviour for trying to find a private key to use that we believe
- * is convenient and sensible:
- * <p/>
- * If running from inside Tomcat, we try to re-use Tomcat's private key and
- * certificate chain (assuming Tomcat-SSL on port 8443 is enabled).  If this
- * isn't available, we look for the "javax.net.ssl.keyStore" System property.
- * Finally, if that isn't available, we look for "~/.keystore" and assume
- * a password of "changeit".
- * <p/>
- * If after all these attempts we still failed to find a private key, the
- * RMISocketFactoryImpl() constructor will throw an SSLException.
- *
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 22-Apr-2005
- */
-public class RMISocketFactoryImpl extends RMISocketFactory {
-    public final static String RMI_HOSTNAME_KEY = "java.rmi.server.hostname";
-    private final static LogWrapper log = LogWrapper.getLogger(RMISocketFactoryImpl.class);
-
-    private volatile SocketFactory defaultClient;
-    private volatile ServerSocketFactory sslServer;
-    private volatile String localBindAddress = null;
-    private volatile int anonymousPort = 31099;
-    private Map clientMap = new TreeMap();
-    private Map serverSockets = new HashMap();
-    private final SocketFactory plainClient = SocketFactory.getDefault();
-
-    public RMISocketFactoryImpl() throws GeneralSecurityException, IOException {
-        this(true);
-    }
-
-    /**
-     * @param createDefaultServer If false, then we only set the default
-     *                            client, and the default server is set to null.
-     *                            If true, then a default server is also created.
-     * @throws java.security.GeneralSecurityException bad things
-     * @throws java.io.IOException              bad things
-     */
-    public RMISocketFactoryImpl(boolean createDefaultServer)
-        throws GeneralSecurityException, IOException {
-        SSLServer defaultServer = createDefaultServer ? new SSLServer() : null;
-        SSLClient defaultClient = new SSLClient();
-
-        // RMI calls to localhost will not check that host matches CN in
-        // certificate.  Hopefully this is acceptable.  (The registry server
-        // will followup the registry lookup with the proper DNS name to get
-        // the remote object, anyway).
-        HostnameVerifier verifier = HostnameVerifier.DEFAULT_AND_LOCALHOST;
-        defaultClient.setHostnameVerifier(verifier);
-        if (defaultServer != null) {
-            defaultServer.setHostnameVerifier(verifier);
-            // The RMI server will try to re-use Tomcat's "port 8443" SSL
-            // Certificate if possible.
-            defaultServer.useTomcatSSLMaterial();
-            X509Certificate[] x509 = defaultServer.getAssociatedCertificateChain();
-            if (x509 == null || x509.length < 1) {
-                throw new SSLException("Cannot initialize RMI-SSL Server: no KeyMaterial!");
-            }
-            setServer(defaultServer);
-        }
-        setDefaultClient(defaultClient);
-    }
-
-    public void setServer(ServerSocketFactory f)
-        throws GeneralSecurityException, IOException {
-        this.sslServer = f;
-        if (f instanceof SSLServer) {
-            final HostnameVerifier VERIFIER;
-            VERIFIER = HostnameVerifier.DEFAULT_AND_LOCALHOST;
-
-            final SSLServer ssl = (SSLServer) f;
-            final X509Certificate[] chain = ssl.getAssociatedCertificateChain();
-            String[] cns = Certificates.getCNs(chain[0]);
-            String[] subjectAlts = Certificates.getDNSSubjectAlts(chain[0]);
-            LinkedList names = new LinkedList();
-            if (cns != null && cns.length > 0) {
-                // Only first CN is used.  Not going to get into the IE6 nonsense
-                // where all CN values are used.
-                names.add(cns[0]);
-            }
-            if (subjectAlts != null && subjectAlts.length > 0) {
-                names.addAll(Arrays.asList(subjectAlts));
-            }
-
-            String rmiHostName = System.getProperty(RMI_HOSTNAME_KEY);
-            // If "java.rmi.server.hostname" is already set, don't mess with it.
-            // But blowup if it's not going to work with our SSL Server
-            // Certificate!
-            if (rmiHostName != null) {
-                try {
-                    VERIFIER.check(rmiHostName, cns, subjectAlts);
-                }
-                catch (SSLException ssle) {
-                    String s = ssle.toString();
-                    throw new SSLException(RMI_HOSTNAME_KEY + " of " + rmiHostName + " conflicts with SSL Server Certificate: " + s);
-                }
-            } else {
-                // If SSL Cert only contains one non-wild name, just use that and
-                // hope for the best.
-                boolean hopingForBest = false;
-                if (names.size() == 1) {
-                    String name = (String) names.get(0);
-                    if (!name.startsWith("*")) {
-                        System.setProperty(RMI_HOSTNAME_KEY, name);
-                        log.warn("commons-ssl '" + RMI_HOSTNAME_KEY + "' set to '" + name + "' as found in my SSL Server Certificate.");
-                        hopingForBest = true;
-                    }
-                }
-                if (!hopingForBest) {
-                    // Help me, Obi-Wan Kenobi; you're my only hope.  All we can
-                    // do now is grab our internet-facing addresses, reverse-lookup
-                    // on them, and hope that one of them validates against our
-                    // server cert.
-                    Set s = getMyInternetFacingIPs();
-                    Iterator it = s.iterator();
-                    while (it.hasNext()) {
-                        String name = (String) it.next();
-                        try {
-                            VERIFIER.check(name, cns, subjectAlts);
-                            System.setProperty(RMI_HOSTNAME_KEY, name);
-                            log.warn("commons-ssl '" + RMI_HOSTNAME_KEY + "' set to '" + name + "' as found by reverse-dns against my own IP.");
-                            hopingForBest = true;
-                            break;
-                        }
-                        catch (SSLException ssle) {
-                            // next!
-                        }
-                    }
-                }
-                if (!hopingForBest) {
-                    throw new SSLException("'" + RMI_HOSTNAME_KEY + "' not present.  Must work with my SSL Server Certificate's CN field: " + names);
-                }
-            }
-        }
-        trustOurself();
-    }
-
-    public void setLocalBindAddress(String localBindAddress) {
-        this.localBindAddress = localBindAddress;
-    }
-
-    public void setAnonymousPort(int port) {
-        this.anonymousPort = port;
-    }
-
-    public void setDefaultClient(SocketFactory f)
-        throws GeneralSecurityException, IOException {
-        this.defaultClient = f;
-        trustOurself();
-    }
-
-    public void setClient(String host, SocketFactory f)
-        throws GeneralSecurityException, IOException {
-        if (f != null && sslServer != null) {
-            boolean clientIsCommonsSSL = f instanceof SSLClient;
-            boolean serverIsCommonsSSL = sslServer instanceof SSLServer;
-            if (clientIsCommonsSSL && serverIsCommonsSSL) {
-                SSLClient c = (SSLClient) f;
-                SSLServer s = (SSLServer) sslServer;
-                trustEachOther(c, s);
-            }
-        }
-        Set names = hostnamePossibilities(host);
-        Iterator it = names.iterator();
-        synchronized (this) {
-            while (it.hasNext()) {
-                clientMap.put(it.next(), f);
-            }
-        }
-    }
-
-    public void removeClient(String host) {
-        Set names = hostnamePossibilities(host);
-        Iterator it = names.iterator();
-        synchronized (this) {
-            while (it.hasNext()) {
-                clientMap.remove(it.next());
-            }
-        }
-    }
-
-    public synchronized void removeClient(SocketFactory sf) {
-        Iterator it = clientMap.entrySet().iterator();
-        while (it.hasNext()) {
-            Map.Entry entry = (Map.Entry) it.next();
-            Object o = entry.getValue();
-            if (sf.equals(o)) {
-                it.remove();
-            }
-        }
-    }
-
-    private Set hostnamePossibilities(String host) {
-        host = host != null ? host.toLowerCase().trim() : "";
-        if ("".equals(host)) {
-            return Collections.EMPTY_SET;
-        }
-        TreeSet names = new TreeSet();
-        names.add(host);
-        InetAddress[] addresses;
-        try {
-            // If they gave us "hostname.com", this will give us the various
-            // IP addresses:
-            addresses = InetAddress.getAllByName(host);
-            for (int i = 0; i < addresses.length; i++) {
-                String name1 = addresses[i].getHostName();
-                String name2 = addresses[i].getHostAddress();
-                names.add(name1.trim().toLowerCase());
-                names.add(name2.trim().toLowerCase());
-            }
-        }
-        catch (UnknownHostException uhe) {
-            /* oh well, nothing found, nothing to add for this client */
-        }
-
-        try {
-            host = InetAddress.getByName(host).getHostAddress();
-
-            // If they gave us "1.2.3.4", this will hopefully give us
-            // "hostname.com" so that we can then try and find any other
-            // IP addresses associated with that name.
-            host = InetAddress.getByName(host).getHostName();
-            names.add(host.trim().toLowerCase());
-            addresses = InetAddress.getAllByName(host);
-            for (int i = 0; i < addresses.length; i++) {
-                String name1 = addresses[i].getHostName();
-                String name2 = addresses[i].getHostAddress();
-                names.add(name1.trim().toLowerCase());
-                names.add(name2.trim().toLowerCase());
-            }
-        }
-        catch (UnknownHostException uhe) {
-            /* oh well, nothing found, nothing to add for this client */
-        }
-        return names;
-    }
-
-    private void trustOurself()
-        throws GeneralSecurityException, IOException {
-        if (defaultClient == null || sslServer == null) {
-            return;
-        }
-        boolean clientIsCommonsSSL = defaultClient instanceof SSLClient;
-        boolean serverIsCommonsSSL = sslServer instanceof SSLServer;
-        if (clientIsCommonsSSL && serverIsCommonsSSL) {
-            SSLClient c = (SSLClient) defaultClient;
-            SSLServer s = (SSLServer) sslServer;
-            trustEachOther(c, s);
-        }
-    }
-
-    private void trustEachOther(SSLClient client, SSLServer server)
-        throws GeneralSecurityException, IOException {
-        if (client != null && server != null) {
-            // Our own client should trust our own server.
-            X509Certificate[] certs = server.getAssociatedCertificateChain();
-            if (certs != null && certs[0] != null) {
-                TrustMaterial tm = new TrustMaterial(certs[0]);
-                client.addTrustMaterial(tm);
-            }
-
-            // Our own server should trust our own client.
-            certs = client.getAssociatedCertificateChain();
-            if (certs != null && certs[0] != null) {
-                TrustMaterial tm = new TrustMaterial(certs[0]);
-                server.addTrustMaterial(tm);
-            }
-        }
-    }
-
-    public ServerSocketFactory getServer() { return sslServer; }
-
-    public SocketFactory getDefaultClient() { return defaultClient; }
-
-    public synchronized SocketFactory getClient(String host) {
-        host = host != null ? host.trim().toLowerCase() : "";
-        return (SocketFactory) clientMap.get(host);
-    }
-
-    public synchronized ServerSocket createServerSocket(int port)
-        throws IOException {
-        // Re-use existing ServerSocket if possible.
-        if (port == 0) {
-            port = anonymousPort;
-        }
-        Integer key = new Integer(port);
-        ServerSocket ss = (ServerSocket) serverSockets.get(key);
-        if (ss == null || ss.isClosed()) {
-            if (ss != null && ss.isClosed()) {
-                System.out.println("found closed server on port: " + port);
-            }
-            log.debug("commons-ssl RMI server-socket: listening on port " + port);
-            ss = sslServer.createServerSocket(port);
-            serverSockets.put(key, ss);
-        }
-        return ss;
-    }
-
-    public Socket createSocket(String host, int port)
-        throws IOException {
-        host = host != null ? host.trim().toLowerCase() : "";
-        InetAddress local = null;
-        String bindAddress = localBindAddress;
-        if (bindAddress == null) {
-            bindAddress = System.getProperty(RMI_HOSTNAME_KEY);
-            if (bindAddress != null) {
-                local = InetAddress.getByName(bindAddress);
-                if (!local.isLoopbackAddress()) {
-                    String ip = local.getHostAddress();
-                    Set myInternetIps = getMyInternetFacingIPs();
-                    if (!myInternetIps.contains(ip)) {
-                        log.warn("Cannot bind to " + ip + " since it doesn't exist on this machine.");
-                        // Not going to be able to bind as this.  Our RMI_HOSTNAME_KEY
-                        // must be set to some kind of proxy in front of us.  So we
-                        // still want to use it, but we can't bind to it.
-                        local = null;
-                        bindAddress = null;
-                    }
-                }
-            }
-        }
-        if (bindAddress == null) {
-            // Our last resort - let's make sure we at least use something that's
-            // internet facing!
-            bindAddress = getMyDefaultIP();
-        }
-        if (local == null && bindAddress != null) {
-            local = InetAddress.getByName(bindAddress);
-            localBindAddress = local.getHostName();
-        }
-
-        SocketFactory sf;
-        synchronized (this) {
-            sf = (SocketFactory) clientMap.get(host);
-        }
-        if (sf == null) {
-            sf = defaultClient;
-        }
-
-        Socket s = null;
-        SSLSocket ssl = null;
-        int soTimeout = Integer.MIN_VALUE;
-        IOException reasonForPlainSocket = null;
-        boolean tryPlain = false;
-        try {
-            s = sf.createSocket(host, port, local, 0);
-            soTimeout = s.getSoTimeout();
-            if (!(s instanceof SSLSocket)) {
-                // Someone called setClient() or setDefaultClient() and passed in
-                // a plain socket factory.  Okay, nothing to see, move along.
-                return s;
-            } else {
-                ssl = (SSLSocket) s;
-            }
-
-            // If we don't get the peer certs in 15 seconds, revert to plain
-            // socket.
-            ssl.setSoTimeout(15000);
-            ssl.getSession().getPeerCertificates();
-
-            // Everything worked out okay, so go back to original soTimeout.
-            ssl.setSoTimeout(soTimeout);
-            return ssl;
-        }
-        catch (IOException ioe) {
-            // SSL didn't work.  Let's analyze the IOException to see if maybe
-            // we're accidentally attempting to talk to a plain-socket RMI
-            // server.
-            Throwable t = ioe;
-            while (!tryPlain && t != null) {
-                tryPlain = tryPlain || t instanceof EOFException;
-                tryPlain = tryPlain || t instanceof InterruptedIOException;
-                tryPlain = tryPlain || t instanceof SSLProtocolException;
-                t = t.getCause();
-            }
-            if (!tryPlain && ioe instanceof SSLPeerUnverifiedException) {
-                try {
-                    if (ssl != null) {
-                        ssl.startHandshake();
-                    }
-                }
-                catch (IOException ioe2) {
-                    // Stacktrace from startHandshake() will be more descriptive
-                    // then the one we got from getPeerCertificates().
-                    ioe = ioe2;
-                    t = ioe2;
-                    while (!tryPlain && t != null) {
-                        tryPlain = tryPlain || t instanceof EOFException;
-                        tryPlain = tryPlain || t instanceof InterruptedIOException;
-                        tryPlain = tryPlain || t instanceof SSLProtocolException;
-                        t = t.getCause();
-                    }
-                }
-            }
-            if (!tryPlain) {
-                log.debug("commons-ssl RMI-SSL failed: " + ioe);
-                throw ioe;
-            } else {
-                reasonForPlainSocket = ioe;
-            }
-        }
-        finally {
-            // Some debug logging:
-            boolean isPlain = tryPlain || (s != null && ssl == null);
-            String socket = isPlain ? "RMI plain-socket " : "RMI ssl-socket ";
-            String localIP = local != null ? local.getHostAddress() : "ANY";
-            StringBuffer buf = new StringBuffer(64);
-            buf.append(socket);
-            buf.append(localIP);
-            buf.append(" --> ");
-            buf.append(host);
-            buf.append(":");
-            buf.append(port);
-            log.debug(buf.toString());
-        }
-
-        // SSL didn't work.  Remote server either timed out, or sent EOF, or
-        // there was some kind of SSLProtocolException.  (Any other problem
-        // would have caused an IOException to be thrown, so execution wouldn't
-        // have made it this far).  Maybe plain socket will work in these three
-        // cases.
-        sf = plainClient;
-        s = JavaImpl.connect(null, sf, host, port, local, 0, 15000, null);
-        if (soTimeout != Integer.MIN_VALUE) {
-            s.setSoTimeout(soTimeout);
-        }
-
-        try {
-            // Plain socket worked!  Let's remember that for next time an RMI call
-            // against this host happens.
-            setClient(host, plainClient);
-            String msg = "RMI downgrading from SSL to plain-socket for " + host + " because of " + reasonForPlainSocket;
-            log.warn(msg, reasonForPlainSocket);
-        }
-        catch (GeneralSecurityException gse) {
-            throw new RuntimeException("can't happen because we're using plain socket", gse);
-            // won't happen because we're using plain socket, not SSL.
-        }
-
-        return s;
-    }
-
-
-    public static String getMyDefaultIP() {
-        String anInternetIP = "64.111.122.211";
-        String ip = null;
-        try {
-            DatagramSocket dg = new DatagramSocket();
-            dg.setSoTimeout(250);
-            // 64.111.122.211 is juliusdavies.ca.
-            // This code doesn't actually send any packets (so no firewalls can
-            // get in the way).  It's just a neat trick for getting our
-            // internet-facing interface card.
-            InetAddress addr = Util.toInetAddress(anInternetIP);
-            dg.connect(addr, 12345);
-            InetAddress localAddr = dg.getLocalAddress();
-            ip = localAddr.getHostAddress();
-            // log.debug( "Using bogus UDP socket (" + anInternetIP + ":12345), I think my IP address is: " + ip );
-            dg.close();
-            if (localAddr.isLoopbackAddress() || "0.0.0.0".equals(ip)) {
-                ip = null;
-            }
-        }
-        catch (IOException ioe) {
-            log.debug("Bogus UDP didn't work: " + ioe);
-        }
-        return ip;
-    }
-
-    public static SortedSet getMyInternetFacingIPs() throws SocketException {
-        TreeSet set = new TreeSet();
-        Enumeration en = NetworkInterface.getNetworkInterfaces();
-        while (en.hasMoreElements()) {
-            NetworkInterface ni = (NetworkInterface) en.nextElement();
-            Enumeration en2 = ni.getInetAddresses();
-            while (en2.hasMoreElements()) {
-                InetAddress addr = (InetAddress) en2.nextElement();
-                if (!addr.isLoopbackAddress()) {
-                    String ip = addr.getHostAddress();
-                    String reverse = addr.getHostName();
-                    // IP:
-                    set.add(ip);
-                    // Reverse-Lookup:
-                    set.add(reverse);
-
-                }
-            }
-        }
-        return set;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
index 5f9f6dc..c4a5be3 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
@@ -219,14 +219,6 @@ public class SSL {
 
     {
         Object obj = getSSLContextAsObject();
-        if (JavaImpl.isJava13()) {
-            try {
-                return (SSLContext) obj;
-            }
-            catch (ClassCastException cce) {
-                throw new ClassCastException("When using Java13 SSL, you must call SSL.getSSLContextAsObject() - " + cce);
-            }
-        }
         return (SSLContext) obj;
     }
 

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
index 13472ed..4d58988 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
@@ -71,40 +71,6 @@ public class SSLServer extends SSLServerSocketFactory {
         }
     }
 
-    /**
-     * Tries to extract the TrustMaterial and KeyMaterial being used by a Tomcat
-     * SSL server (usually on 8443) by analyzing Tomcat's "server.xml" file.  If
-     * the extraction is successful, the TrustMaterial and KeyMaterial are
-     * applied to this SSLServer.
-     *
-     * @return true if the operation was successful.
-     * @throws java.security.GeneralSecurityException setKeyMaterial() failed
-     * @throws java.io.IOException              setKeyMaterial() failed
-     */
-    public boolean useTomcatSSLMaterial()
-        throws GeneralSecurityException, IOException {
-        // If running inside Tomcat, let's try to re-use Tomcat's SSL
-        // certificate for our own stuff (e.g. RMI-SSL).
-        Integer p8443 = Integer.valueOf(8443);
-        KeyMaterial km;
-        TrustMaterial tm;
-        km = (KeyMaterial) TomcatServerXML.KEY_MATERIAL_BY_PORT.get(p8443);
-        tm = (TrustMaterial) TomcatServerXML.TRUST_MATERIAL_BY_PORT.get(p8443);
-
-        // If 8443 isn't set, let's take lowest secure port.
-        km = km == null ? TomcatServerXML.KEY_MATERIAL : km;
-        tm = tm == null ? TomcatServerXML.TRUST_MATERIAL : tm;
-        boolean success = false;
-        if (km != null) {
-            setKeyMaterial(km);
-            success = true;
-            if (tm != null && !TrustMaterial.DEFAULT.equals(tm)) {
-                setTrustMaterial(tm);
-            }
-        }
-        return success;
-    }
-
     private boolean useDefaultKeyMaterial()
         throws GeneralSecurityException, IOException {
         // If we're not able to re-use Tomcat's SSLServerSocket configuration,

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
index c8fa432..3f15b83 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
@@ -82,10 +82,7 @@ public interface SSLWrapperFactory {
         // the accept() call.
         public SSLServerSocket wrap(SSLServerSocket s, SSL ssl)
             throws IOException {
-            // Can't wrap with Java 1.3 because SSLServerSocket's constructor has
-            // default access instead of protected access in Java 1.3.
-            boolean java13 = JavaImpl.isJava13();
-            return java13 ? s : new SSLServerSocketWrapper(s, ssl, this);
+            return new SSLServerSocketWrapper(s, ssl, this);
         }
     };
 
@@ -99,10 +96,7 @@ public interface SSLWrapperFactory {
 
         public SSLServerSocket wrap(SSLServerSocket s, SSL ssl)
             throws IOException {
-            // Can't wrap with Java 1.3 because SSLServerSocket's constructor has
-            // default access instead of protected access in Java 1.3.
-            boolean java13 = JavaImpl.isJava13();
-            return java13 ? s : new SSLServerSocketWrapper(s, ssl, this);
+            return new SSLServerSocketWrapper(s, ssl, this);
         }
     };
 

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java
deleted file mode 100644
index 382c9f0..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/TomcatServerXML.java $
- * $Revision: 121 $
- * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collections;
-import java.util.Map;
-import java.util.SortedMap;
-import java.util.TreeMap;
-
-/**
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- * @since 22-Feb-2007
- */
-public class TomcatServerXML {
-    private final static LogWrapper log = LogWrapper.getLogger(TomcatServerXML.class);
-
-    /**
-     * KeyMaterial extracted from Tomcat's conf/server.xml.  There might be
-     * several KeyMaterials to extract if Tomcat has different SSL Certificates
-     * listening on different ports.  This particular KeyMaterial will come from
-     * the lowest secure port that Tomcat is properly configured to open.
-     */
-    public final static KeyMaterial KEY_MATERIAL;
-
-    /**
-     * TrustMaterial extracted from Tomcat's conf/server.xml.  There might be
-     * several TrustMaterials to extract if Tomcat has different SSL Certificates
-     * listening on different ports.  This particular TrustMaterial will come
-     * from the lowest secure port that Tomcat is properly configured to open.
-     * </p><p>
-     * There's a good chance this will be set to TrustMaterial.DEFAULT (which
-     * use's the JVM's '$JAVA_HOME/jre/lib/security/cacerts' file).
-     * </p><p>
-     * Note:  With SSLServerSockets, TrustMaterial only matters when the
-     * incoming client socket (SSLSocket) presents a client certificate.
-     * </p>
-     */
-    public final static TrustMaterial TRUST_MATERIAL;
-
-    /**
-     * new Integer( port ) --> KeyMaterial mapping of SSL Certificates found
-     * inside Tomcat's conf/server.xml file.
-     */
-    public final static SortedMap KEY_MATERIAL_BY_PORT;
-
-    /**
-     * new Integer( port ) --> TrustMaterial mapping of SSL configuration
-     * found inside Tomcat's conf/server.xml file.
-     * </p><p>
-     * Many of these will probably be TrustMaterial.DEFAULT (which uses the
-     * JVM's '$JAVA_HOME/jre/lib/security/cacerts' file).
-     * </p><p>
-     * Note:  With SSLServerSockets, TrustMaterial only matters when the
-     * incoming client socket (SSLSocket) presents a client certificate.
-     * </p>
-     */
-    public final static SortedMap TRUST_MATERIAL_BY_PORT;
-
-    static {
-        String tomcatHome = System.getProperty("catalina.home");
-        String serverXML = tomcatHome + "/conf/server.xml";
-        TreeMap keyMap = new TreeMap();
-        TreeMap trustMap = new TreeMap();
-        InputStream in = null;
-        Document doc = null;
-        try {
-            if (tomcatHome != null) {
-                File f = new File(serverXML);
-                if (f.exists()) {
-                    try {
-                        in = new FileInputStream(serverXML);
-                    }
-                    catch (IOException ioe) {
-                        // oh well, no soup for us.
-                        log.warn("Commons-SSL failed to load Tomcat's [" + serverXML + "] " + ioe);
-                    }
-                }
-            }
-            if (in != null) {
-                DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-                try {
-                    DocumentBuilder db = dbf.newDocumentBuilder();
-                    doc = db.parse(in);
-                }
-                catch (Exception e) {
-                    log.warn("Commons-SSL failed to parse Tomcat's [" + serverXML + "] " + e);
-                }
-            }
-            if (doc != null) {
-                loadTomcatConfig(doc, keyMap, trustMap);
-            }
-        }
-        finally {
-            if (in != null) {
-                try { in.close(); } catch (Exception e) { /* . */ }
-            }
-        }
-        KEY_MATERIAL_BY_PORT = Collections.unmodifiableSortedMap(keyMap);
-        TRUST_MATERIAL_BY_PORT = Collections.unmodifiableSortedMap(trustMap);
-
-        KeyMaterial km = null;
-        TrustMaterial tm = null;
-        if (!keyMap.isEmpty()) {
-            km = (KeyMaterial) keyMap.get(keyMap.firstKey());
-        }
-        if (!trustMap.isEmpty()) {
-            tm = (TrustMaterial) trustMap.get(trustMap.firstKey());
-        }
-        KEY_MATERIAL = km;
-        TRUST_MATERIAL = tm;
-
-    }
-
-    private static void loadTomcatConfig(Document d, Map keyMap, Map trustMap) {
-        final String userHome = System.getProperty("user.home");
-        NodeList nl = d.getElementsByTagName("Connector");
-        for (int i = 0; i < nl.getLength(); i++) {
-            KeyMaterial km = null;
-            TrustMaterial tm = null;
-
-            Element element = (Element) nl.item(i);
-            String secure = element.getAttribute("secure");
-            String portString = element.getAttribute("port");
-            Integer port = null;
-            String pass;
-            try {
-                portString = portString != null ? portString.trim() : "";
-                port = new Integer(portString);
-            }
-            catch (NumberFormatException nfe) {
-                // oh well
-            }
-            if (port != null && Util.isYes(secure)) {
-                // Key Material
-                String keystoreFile = element.getAttribute("keystoreFile");
-                pass = element.getAttribute("keystorePass");
-                if (!element.hasAttribute("keystoreFile")) {
-                    keystoreFile = userHome + "/.keystore";
-                }
-                if (!element.hasAttribute("keystorePass")) {
-                    pass = "changeit";
-                }
-                char[] keystorePass = pass != null ? pass.toCharArray() : null;
-
-                // Trust Material
-                String truststoreFile = element.getAttribute("truststoreFile");
-                pass = element.getAttribute("truststorePass");
-                if (!element.hasAttribute("truststoreFile")) {
-                    truststoreFile = null;
-                }
-                if (!element.hasAttribute("truststorePass")) {
-                    pass = null;
-                }
-                char[] truststorePass = pass != null ? pass.toCharArray() : null;
-
-
-                if (keystoreFile == null) {
-                    km = null;
-                } else {
-                    try {
-                        km = new KeyMaterial(keystoreFile, keystorePass);
-                    }
-                    catch (Exception e) {
-                        log.warn("Commons-SSL failed to load [" + keystoreFile + "] " + e);
-                    }
-                }
-                if (truststoreFile == null) {
-                    tm = TrustMaterial.DEFAULT;
-                } else {
-                    try {
-                        tm = new TrustMaterial(truststoreFile, truststorePass);
-                    }
-                    catch (Exception e) {
-                        log.warn("Commons-SSL failed to load [" + truststoreFile + "] " + e);
-                    }
-                }
-
-                Object o = keyMap.put(port, km);
-                if (o != null) {
-                    log.debug("Commons-SSL TomcatServerXML keyMap clobbered port: " + port);
-                }
-                o = trustMap.put(port, tm);
-                if (o != null) {
-                    log.debug("Commons-SSL TomcatServerXML trustMap clobbered port: " + port);
-                }
-            }
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java
deleted file mode 100644
index 2acebd1..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/util/Hex.java $
- * $Revision: 121 $
- * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
- *
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.ssl.util;
-
-/**
- * Utility class for dealing with hex-encoding of binary data.
- *
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@gmail.com</a>
- * @since 13-Nov-2007
- */
-public class Hex {
-
-    public static byte[] decode(String s) {
-        byte[] b = new byte[s.length() / 2];
-        for (int i = 0; i < b.length; i++) {
-            String hex = s.substring(2 * i, 2 * (i + 1));
-            b[i] = (byte) Integer.parseInt(hex, 16);
-        }
-        return b;
-    }
-
-    public static byte[] decode(byte[] hexString) {
-        byte[] b = new byte[hexString.length / 2];
-        char[] chars = new char[2];
-        for (int i = 0; i < b.length; i++) {
-            chars[0] = (char) hexString[2 * i];
-            chars[1] = (char) hexString[2 * i + 1];
-            String hex = new String(chars);
-            b[i] = (byte) Integer.parseInt(hex, 16);
-        }
-        return b;
-    }
-
-    public static String encode(byte[] b) {
-        return encode(b, 0, b.length);
-    }
-
-    public static String encode(byte[] b, int offset, int length) {
-        StringBuffer buf = new StringBuffer();
-        int len = Math.min(offset + length, b.length);
-        for (int i = offset; i < len; i++) {
-            int c = (int) b[i];
-            if (c < 0) {
-                c = c + 256;
-            }
-            if (c >= 0 && c <= 15) {
-                buf.append('0');
-            }
-            buf.append(Integer.toHexString(c));
-        }
-        return buf.toString();
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3917f3cc/lib/kerby-util/src/main/java/org/apache/kerby/util/Hex.java
----------------------------------------------------------------------
diff --git a/lib/kerby-util/src/main/java/org/apache/kerby/util/Hex.java b/lib/kerby-util/src/main/java/org/apache/kerby/util/Hex.java
new file mode 100644
index 0000000..ec61298
--- /dev/null
+++ b/lib/kerby-util/src/main/java/org/apache/kerby/util/Hex.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.kerby.util;
+
+/**
+ * Utility class for dealing with hex-encoding of binary data.
+ *
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@gmail.com</a>
+ * @since 13-Nov-2007
+ */
+public class Hex {
+
+    public static byte[] decode(String s) {
+        byte[] b = new byte[s.length() / 2];
+        for (int i = 0; i < b.length; i++) {
+            String hex = s.substring(2 * i, 2 * (i + 1));
+            b[i] = (byte) Integer.parseInt(hex, 16);
+        }
+        return b;
+    }
+
+    public static byte[] decode(byte[] hexString) {
+        byte[] b = new byte[hexString.length / 2];
+        char[] chars = new char[2];
+        for (int i = 0; i < b.length; i++) {
+            chars[0] = (char) hexString[2 * i];
+            chars[1] = (char) hexString[2 * i + 1];
+            String hex = new String(chars);
+            b[i] = (byte) Integer.parseInt(hex, 16);
+        }
+        return b;
+    }
+
+    public static String encode(byte[] b) {
+        return encode(b, 0, b.length);
+    }
+
+    public static String encode(byte[] b, int offset, int length) {
+        StringBuffer buf = new StringBuffer();
+        int len = Math.min(offset + length, b.length);
+        for (int i = offset; i < len; i++) {
+            int c = (int) b[i];
+            if (c < 0) {
+                c = c + 256;
+            }
+            if (c >= 0 && c <= 15) {
+                buf.append('0');
+            }
+            buf.append(Integer.toHexString(c));
+        }
+        return buf.toString();
+    }
+
+}


Mime
View raw message