directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [3/6] directory-kerberos git commit: Clean up not-commons-ssl library, removing many unwanted and not much relevant
Date Sun, 25 Jan 2015 08:46:49 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/utilities.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/utilities.html b/3rdparty/not-yet-commons-ssl/docs/utilities.html
deleted file mode 100644
index 76ec47c..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/utilities.html
+++ /dev/null
@@ -1,91 +0,0 @@
-<html>
-<head>
-<title>Not-Yet-Commons-SSL - Utilities</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-li.top { margin-top: 10px; }
-ul.openssl { float: left; width: 100px; margin-top: 8px; }
-ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<span class="hl" href="utilities.html">utilities</span> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>Ping</h2>
-
-<p>"org.apache.commons.ssl.Ping" contains a main method to help you diagnose SSL issues.
-It's modeled on OpenSSL's very handy "s_client" utility.  We've been very careful to
-make sure "org.apache.commons.ssl.Ping" can execute without any additional jar files
-on the classpath (except if using Java 1.3 - then you'll need jsse.jar).</p>
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>"Ping" Utility Attempts "HEAD / HTTP/1.1" Request</b></u>
-This utility is very handy because it can get you the server's public
-certificate even if your client certificate is bad (so even though the SSL
-handshake fails).  And unlike "openssl s_client", this utility can bind
-against any IP address available.
-
-Usage:  java -jar not-yet-commons-ssl-0.3.13.jar [options]
-Version 0.3.13      compiled=[PST:2014-05-08/14:42:18.000]
-Options:   (*=required)
-*  -t  --target           [hostname[:port]]              default port=443
-   -b  --bind             [hostname[:port]]              default port=0 "ANY"
-   -r  --proxy            [hostname[:port]]              default port=80
-   -tm --trust-cert       [path to trust material]       {pem, der, crt, jks}
-   -km --client-cert      [path to client's private key] {jks, pkcs12, pkcs8}
-   -cc --cert-chain       [path to client's cert chain for pkcs8/OpenSSL key]
-   -p  --password         [client cert password]
-   -h  --host-header      [http-host-header]      in case -t is an IP address
-   -u  --path             [path for GET/HEAD request]    default=/
-   -m  --method           [http method to use]           default=HEAD
-
-Example:
-
-java -jar not-yet-commons-ssl.jar -t host.com:443 -c ./client.pfx -p `cat ./pass.txt`</pre><br clear="all"/>
-
-<p style="margin-top: 8px;"><b>TODO:</b><br/>Apparently Java 6.0 includes support for grabbing passwords from
-standard-in without echoing the typed characters.  Would be nice to use that feature when it's
-available, instead of requiring the password to be specified as a command-line argument.</p>
-
-<hr/>
-<h2>KeyStoreBuilder</h2>
-<p>org.apache.commons.ssl.KeyStoreBuilder is able to convert OpenSSL style public/private keys into
-Java KeyStore files.  It can also convert Java Keystore files into the PEM format that Apache likes.</p>
-
-<p><code>java -cp not-yet-commons-ssl-0.3.13.jar org.apache.commons.ssl.KeyStoreBuilder</code></p>
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>KeyStoreBuilder converts PKCS12 and PKCS8 to Java "Keystore"</b></u>
-
-KeyStoreBuilder:  creates '[alias].jks' (Java Key Store)
-    -topk8 mode:  creates '[alias].pem' (x509 chain + unencrypted pkcs8)
-[alias] will be set to the first CN value of the X509 certificate.
--------------------------------------------------------------------
-Usage1: [password] [file:pkcs12]
-Usage2: [password] [file:private-key] [file:certificate-chain]
-Usage3: -topk8 [password] [file:jks]
--------------------------------------------------------------------
-[private-key] can be openssl format, or pkcs8.
-[password] decrypts [private-key], and also encrypts outputted JKS file.
-All files can be PEM or DER.
-</pre><br clear="all"/>
-
-
-</body>
-</html>

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar b/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar
deleted file mode 100644
index 71fd59e..0000000
Binary files a/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar and /dev/null differ

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/pom.xml
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/pom.xml b/3rdparty/not-yet-commons-ssl/pom.xml
index ae3bf0f..74c97d4 100644
--- a/3rdparty/not-yet-commons-ssl/pom.xml
+++ b/3rdparty/not-yet-commons-ssl/pom.xml
@@ -68,6 +68,12 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-util</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <scope>test</scope>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-ext-jdk15on</artifactId>
       <version>1.51</version>

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
deleted file mode 100644
index df7f095..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * $Header$
- * $Revision: 168 $
- * $Date: 2014-05-06 16:25:46 -0700 (Tue, 06 May 2014) $
- *
- * ====================================================================
- *
- *  Copyright 2002-2006 The Apache Software Foundation
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.httpclient.contrib.ssl;
-
-import org.apache.commons.ssl.HttpSecureProtocol;
-import org.apache.commons.ssl.KeyMaterial;
-import org.apache.commons.ssl.TrustMaterial;
-
-import java.io.IOException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStoreException;
-
-/**
- * <p/>
- * AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS
- * server against a list of trusted certificates and to authenticate to the HTTPS
- * server using a private key.
- * </p>
- * <p/>
- * <p/>
- * AuthSSLProtocolSocketFactory will enable server authentication when supplied with
- * a {@link java.security.KeyStore truststore} file containg one or several trusted certificates.
- * The client secure socket will reject the connection during the SSL session handshake
- * if the target HTTPS server attempts to authenticate itself with a non-trusted
- * certificate.
- * </p>
- * <p/>
- * <p/>
- * Use JDK keytool utility to import a trusted certificate and generate a truststore file:
- * <pre>
- *     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
- *    </pre>
- * </p>
- * <p/>
- * <p/>
- * AuthSSLProtocolSocketFactory will enable client authentication when supplied with
- * a {@link java.security.KeyStore keystore} file containg a private key/public certificate pair.
- * The client secure socket will use the private key to authenticate itself to the target
- * HTTPS server during the SSL session handshake if requested to do so by the server.
- * The target HTTPS server will in its turn verify the certificate presented by the client
- * in order to establish client's authenticity
- * </p>
- * <p/>
- * <p/>
- * Use the following sequence of actions to generate a keystore file
- * </p>
- * <ul>
- * <li>
- * <p/>
- * Use JDK keytool utility to generate a new key
- * <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
- * For simplicity use the same password for the key as that of the keystore
- * </p>
- * </li>
- * <li>
- * <p/>
- * Issue a certificate signing request (CSR)
- * <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore</pre>
- * </p>
- * </li>
- * <li>
- * <p/>
- * Send the certificate request to the trusted Certificate Authority for signature.
- * One may choose to act as her own CA and sign the certificate request using a PKI
- * tool, such as OpenSSL.
- * </p>
- * </li>
- * <li>
- * <p/>
- * Import the trusted CA root certificate
- * <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>
- * </p>
- * </li>
- * <li>
- * <p/>
- * Import the PKCS#7 file containg the complete certificate chain
- * <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>
- * </p>
- * </li>
- * <li>
- * <p/>
- * Verify the content the resultant keystore file
- * <pre>keytool -list -v -keystore my.keystore</pre>
- * </p>
- * </li>
- * </ul>
- * <p/>
- * Example of using custom protocol socket factory for a specific host:
- * <pre>
- *     Protocol authhttps = new Protocol("https",
- *          new AuthSSLProtocolSocketFactory(
- *              new URL("file:my.keystore"), "mypassword",
- *              new URL("file:my.truststore"), "mypassword"), 443);
- * <p/>
- *     HttpClient client = new HttpClient();
- *     client.getHostConfiguration().setHost("localhost", 443, authhttps);
- *     // use relative url only
- *     GetMethod httpget = new GetMethod("/");
- *     client.executeMethod(httpget);
- *     </pre>
- * </p>
- * <p/>
- * Example of using custom protocol socket factory per default instead of the standard one:
- * <pre>
- *     Protocol authhttps = new Protocol("https",
- *          new AuthSSLProtocolSocketFactory(
- *              new URL("file:my.keystore"), "mypassword",
- *              new URL("file:my.truststore"), "mypassword"), 443);
- *     Protocol.registerProtocol("https", authhttps);
- * <p/>
- *     HttpClient client = new HttpClient();
- *     GetMethod httpget = new GetMethod("https://localhost/");
- *     client.executeMethod(httpget);
- *     </pre>
- * </p>
- *
- * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
- *         <p/>
- *         <p/>
- *         DISCLAIMER: HttpClient developers DO NOT actively support this component.
- *         The component is provided as a reference material, which may be inappropriate
- *         for use without additional customization.
- *         </p>
- */
-
-public class AuthSSLProtocolSocketFactory extends HttpSecureProtocol {
-
-    /**
-     * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file
-     * must be given. Otherwise SSL context initialization error will result.
-     *
-     * @param keystoreUrl        URL of the keystore file. May be <tt>null</tt> if HTTPS client
-     *                           authentication is not to be used.
-     * @param keystorePassword   Password to unlock the keystore. IMPORTANT: this implementation
-     *                           assumes that the same password is used to protect the key and the keystore itself.
-     * @param truststoreUrl      URL of the truststore file. May be <tt>null</tt> if HTTPS server
-     *                           authentication is not to be used.
-     * @param truststorePassword Password to unlock the truststore.
-     */
-    public AuthSSLProtocolSocketFactory(final URL keystoreUrl,
-                                        final String keystorePassword,
-                                        final URL truststoreUrl,
-                                        final String truststorePassword)
-        throws GeneralSecurityException, IOException {
-
-        super();
-
-        // prepare key material
-        if (keystoreUrl != null) {
-            char[] ksPass = null;
-            if (keystorePassword != null) {
-                ksPass = keystorePassword.toCharArray();
-            }
-            KeyMaterial km = new KeyMaterial(keystoreUrl, ksPass);
-            super.setKeyMaterial(km);
-        }
-
-        // prepare trust material
-        if (truststoreUrl != null) {
-            char[] tsPass = null;
-            if (truststorePassword != null) {
-                tsPass = truststorePassword.toCharArray();
-            }
-            TrustMaterial tm;
-            try {
-                tm = new KeyMaterial(truststoreUrl, tsPass);
-            } catch (KeyStoreException kse) {
-                // KeyMaterial constructor blows up in no keys found,
-                // so we fall back to TrustMaterial constructor instead.
-                tm = new TrustMaterial(truststoreUrl, tsPass);
-            }
-            super.setTrustMaterial(tm);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
deleted file mode 100644
index e7c55bc..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * $Header$
- * $Revision: 180 $
- * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
- * 
- * ====================================================================
- *
- *  Copyright 2002-2004 The Apache Software Foundation
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.httpclient.contrib.ssl;
-
-import org.apache.commons.ssl.HttpSecureProtocol;
-import org.apache.commons.ssl.TrustMaterial;
-
-import java.io.IOException;
-import java.net.Socket;
-import java.security.GeneralSecurityException;
-
-/**
- * <p/>
- * EasySSLProtocolSocketFactory can be used to creats SSL {@link java.net.Socket}s
- * that accept self-signed certificates.
- * </p>
- * <p/>
- * This socket factory SHOULD NOT be used for productive systems
- * due to security reasons, unless it is a concious decision and
- * you are perfectly aware of security implications of accepting
- * self-signed certificates
- * </p>
- * <p/>
- * <p/>
- * Example of using custom protocol socket factory for a specific host:
- * <pre>
- *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
- * <p/>
- *     HttpClient client = new HttpClient();
- *     client.getHostConfiguration().setHost("localhost", 443, easyhttps);
- *     // use relative url only
- *     GetMethod httpget = new GetMethod("/");
- *     client.executeMethod(httpget);
- *     </pre>
- * </p>
- * <p/>
- * Example of using custom protocol socket factory per default instead of the standard one:
- * <pre>
- *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
- *     Protocol.registerProtocol("https", easyhttps);
- * <p/>
- *     HttpClient client = new HttpClient();
- *     GetMethod httpget = new GetMethod("https://localhost/");
- *     client.executeMethod(httpget);
- *     </pre>
- * </p>
- *
- * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
- *         <p/>
- *         <p/>
- *         DISCLAIMER: HttpClient developers DO NOT actively support this component.
- *         The component is provided as a reference material, which may be inappropriate
- *         for use without additional customization.
- *         </p>
- */
-
-public class EasySSLProtocolSocketFactory extends HttpSecureProtocol {
-
-    /**
-     * Constructor for EasySSLProtocolSocketFactory.
-     *
-     * @throws java.security.GeneralSecurityException GeneralSecurityException
-     * @throws java.io.IOException              IOException
-     */
-    public EasySSLProtocolSocketFactory()
-        throws GeneralSecurityException, IOException {
-        super();
-        super.setTrustMaterial(TrustMaterial.TRUST_ALL);
-        super.setCheckHostname(false);
-        super.setCheckExpiry(false);
-        super.setCheckCRL(false );
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
deleted file mode 100644
index 05e207d..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * $Header$
- * $Revision: 129 $
- * $Date: 2007-11-14 19:21:33 -0800 (Wed, 14 Nov 2007) $
- *
- * ====================================================================
- *
- *  Copyright 1999-2004 The Apache Software Foundation
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * [Additional notices, if required by prior licensing conditions]
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU Lesser General Public License Version 2 or later
- * (the "LGPL"), in which case the provisions of the LGPL are 
- * applicable instead of those above.  See terms of LGPL at
- * <http://www.gnu.org/copyleft/lesser.txt>.
- * If you wish to allow use of your version of this file only under 
- * the terms of the LGPL and not to allow others to use your version
- * of this file under the Apache Software License, indicate your 
- * decision by deleting the provisions above and replace them with 
- * the notice and other provisions required by the LGPL.  If you do 
- * not delete the provisions above, a recipient may use your version 
- * of this file under either the Apache Software License or the LGPL.
- */
-
-package org.apache.commons.httpclient.contrib.ssl;
-
-import org.apache.commons.ssl.HttpSecureProtocol;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
-/**
- * A <code>SecureProtocolSocketFactory</code> that uses JSSE to create
- * SSL sockets.  It will also support host name verification to help preventing
- * man-in-the-middle attacks.  Host name verification is turned <b>on</b> by
- * default but one will be able to turn it off, which might be a useful feature
- * during development.  Host name verification will make sure the SSL sessions
- * server host name matches with the the host name returned in the
- * server certificates "Common Name" field of the "SubjectDN" entry.
- *
- * @author <a href="mailto:hauer@psicode.com">Sebastian Hauer</a>
- *         <p/>
- *         DISCLAIMER: HttpClient developers DO NOT actively support this component.
- *         The component is provided as a reference material, which may be inappropriate
- *         for use without additional customization.
- *         </p>
- */
-public class StrictSSLProtocolSocketFactory extends HttpSecureProtocol {
-
-    /**
-     * Constructor for StrictSSLProtocolSocketFactory.
-     *
-     * @param verifyHostname The host name verification flag. If set to
-     *                       <code>true</code> the SSL sessions server host name will be compared
-     *                       to the host name returned in the server certificates "Common Name"
-     *                       field of the "SubjectDN" entry.  If these names do not match a
-     *                       Exception is thrown to indicate this.  Enabling host name verification
-     *                       will help to prevent from man-in-the-middle attacks.  If set to
-     *                       <code>false</code> host name verification is turned off.
-     *                       <p/>
-     *                       Code sample:
-     *                       <p/>
-     *                       <blockquote>
-     *                       Protocol stricthttps = new Protocol(
-     *                       "https", new StrictSSLProtocolSocketFactory(true), 443);
-     *                       <p/>
-     *                       HttpClient client = new HttpClient();
-     *                       client.getHostConfiguration().setHost("localhost", 443, stricthttps);
-     *                       </blockquote>
-     */
-    public StrictSSLProtocolSocketFactory(boolean verifyHostname)
-        throws GeneralSecurityException, IOException {
-        super();
-        super.setCheckHostname(verifyHostname);
-    }
-
-    /**
-     * Constructor for StrictSSLProtocolSocketFactory.
-     * Host name verification will be enabled by default.
-     */
-    public StrictSSLProtocolSocketFactory()
-        throws GeneralSecurityException, IOException {
-        this(true);
-    }
-
-    /**
-     * Set the host name verification flag.
-     *
-     * @param verifyHostname The host name verification flag. If set to
-     *                       <code>true</code> the SSL sessions server host name will be compared
-     *                       to the host name returned in the server certificates "Common Name"
-     *                       field of the "SubjectDN" entry.  If these names do not match a
-     *                       Exception is thrown to indicate this.  Enabling host name verification
-     *                       will help to prevent from man-in-the-middle attacks.  If set to
-     *                       <code>false</code> host name verification is turned off.
-     */
-    public void setHostnameVerification(boolean verifyHostname) {
-        super.setCheckHostname(verifyHostname);
-    }
-
-    /**
-     * Gets the status of the host name verification flag.
-     *
-     * @return Host name verification flag.  Either <code>true</code> if host
-     *         name verification is turned on, or <code>false</code> if host name
-     *         verification is turned off.
-     */
-    public boolean getHostnameVerification() {
-        return super.getCheckHostname();
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
deleted file mode 100644
index 31362c7..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * ====================================================================
- *
- *  Copyright 1999-2006 The Apache Software Foundation
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.commons.httpclient.contrib.ssl;
-
-import org.apache.commons.ssl.HttpSecureProtocol;
-import org.apache.commons.ssl.KeyMaterial;
-import org.apache.commons.ssl.TrustMaterial;
-
-import java.io.IOException;
-import java.net.Socket;
-import java.security.GeneralSecurityException;
-import java.security.KeyManagementException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-
-/**
- * <p/>
- * TrustSSLProtocolSocketFactory allows you exercise full control over the
- * HTTPS server certificates you are going to trust.  Instead of relying
- * on the Certificate Authorities already present in "jre/lib/security/cacerts",
- * TrustSSLProtocolSocketFactory only trusts the public certificates you provide
- * to its constructor.
- * </p>
- * <p/>
- * TrustSSLProtocolSocketFactory can be used to create SSL {@link java.net.Socket}s
- * that accepts self-signed certificates.  Unlike EasySSLProtocolSocketFactory,
- * TrustSSLProtocolSocketFactory can be used in production.  This is because
- * it forces you to pre-install the self-signed certificate you are going to
- * trust locally.
- * <p/>
- * TrustSSLProtocolSocketFactory can parse both Java Keystore Files (*.jks)
- * and base64 PEM encoded public certificates (*.pem).
- * </p>
- * <p/>
- * Example of using TrustSSLProtocolSocketFactory
- * <pre>
- * 1.  First we must find the certificate we want to trust.  In this example
- *     we'll use gmail.google.com's certificate.
- * <p/>
- *   openssl s_client -showcerts -connect gmail.google.com:443
- * <p/>
- * 2.  Cut & paste into a "cert.pem" any certificates you are interested in
- *     trusting in accordance with your security policies.  In this example I'll
- *     actually use the current "gmail.google.com" certificate (instead of the
- *     Thawte CA certificate that signed the gmail certificate - that would be
- *     too boring) - but it expires on June 7th, 2006, so this example won't be
- *     useful for very long!
- * <p/>
- * Here's what my "cert.pem" file looks like:
- * <p/>
- * -----BEGIN CERTIFICATE-----
- * MIIDFjCCAn+gAwIBAgIDP3PeMA0GCSqGSIb3DQEBBAUAMEwxCzAJBgNVBAYTAlpB
- * MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMRYwFAYDVQQD
- * Ew1UaGF3dGUgU0dDIENBMB4XDTA1MDYwNzIyMTI1N1oXDTA2MDYwNzIyMTI1N1ow
- * ajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
- * dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGTAXBgNVBAMTEGdtYWls
- * Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoRiWYW0hZw
- * 9TSn3s9912syZg1CP2TaC86PU1Ao2qf3pVu7Mx10Wl8W+aKZrQlvrYjTwku4sEh+
- * 9uI+gWnfmCd0OyVcXr1eFOGCYiiyaPv79Wtb0m0d8GuiRSJhYkZGzGlgFViws2vR
- * BAMCD2fdp7WGJUVGYOO+s52dgAMUHQXxAgMBAAGjgecwgeQwKAYDVR0lBCEwHwYI
- * KwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwNgYDVR0fBC8wLTAroCmgJ4Yl
- * aHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNHQ0NBLmNybDByBggrBgEFBQcB
- * AQRmMGQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wPgYIKwYB
- * BQUHMAKGMmh0dHA6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5L1RoYXd0ZV9T
- * R0NfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAktM1l1cV
- * ebi+Uo6fCE/eLnvvY6QbNNCsU5Pi9B5E1BlEUG+AGpgzE2cSPw1N4ZZb+2AWWwjx
- * H8/IrJ143KZZXM49ri3Z2e491Jj8qitrMauT7/hb16Jw6I02/74/do4TtHu/Eifr
- * EZCaSOobSHGeufHjlqlC3ehC4Bx4mLexIMk=
- * -----END CERTIFICATE-----
- * <p/>
- * 3.  Run "openssl x509" to analyze the certificate more deeply.  This helps
- *     us answer questions like "Do we really want to trust it?  When does it
- *     expire? What's the value of the CN (Common Name) field?".
- * <p/>
- *     "openssl x509" is also super cool, and will impress all your friends,
- *     coworkers, family, and that cute girl at the starbucks.   :-)
- * <p/>
- *     If you dig through "man x509" you'll find this example.  Run it:
- * <p/>
- *    openssl x509 -in cert.pem -noout -text
- * <p/>
- * 4.  Rename "cert.pem" to "gmail.pem" so that step 5 works.
- * <p/>
- * 5.  Setup the TrustSSLProtocolSocketFactory to trust "gmail.google.com"
- *     for URLS of the form "https-gmail://" - but don't trust anything else
- *     when using "https-gmail://":
- * <p/>
- *     TrustSSLProtocolSocketFactory sf = new TrustSSLProtocolSocketFactory( "/path/to/gmail.pem" );
- *     Protocol trustHttps = new Protocol("https-gmail", sf, 443);
- *     Protocol.registerProtocol("https-gmail", trustHttps);
- * <p/>
- *     HttpClient client = new HttpClient();
- *     GetMethod httpget = new GetMethod("https-gmail://gmail.google.com/");
- *     client.executeMethod(httpget);
- * <p/>
- * 6.  Notice that "https-gmail://" cannot connect to "www.wellsfargo.com" -
- *     the server's certificate isn't trusted!  It would still work using
- *     regular "https://" because Java would use the "jre/lib/security/cacerts"
- *     file.
- * <p/>
- *     httpget = new GetMethod("https-gmail://www.wellsfargo.com/");
- *     client.executeMethod(httpget);
- * <p/>
- * javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
- * <p/>
- * <p/>
- * 7.  Of course "https-gmail://" cannot connect to hosts where the CN field
- *     in the certificate doesn't match the hostname.  The same is supposed to
- *     be true of regular "https://", but HTTPClient is a bit lenient.
- * <p/>
- *     httpget = new GetMethod("https-gmail://gmail.com/");
- *     client.executeMethod(httpget);
- * <p/>
- * javax.net.ssl.SSLException: hostname in certificate didn't match: &lt;gmail.com> != &lt;gmail.google.com>
- * <p/>
- * <p/>
- * 8.  You can use "*.jks" files instead of "*.pem" if you prefer.  Use the 2nd constructor
- *     in that case to pass along the JKS password:
- * <p/>
- *   new TrustSSLProtocolSocketFactory( "/path/to/gmail.jks", "my_password".toCharArray() );
- * <p/>
- * </pre>
- *
- * @author Credit Union Central of British Columbia
- * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
- * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
- *         <p/>
- *         <p/>
- *         DISCLAIMER: HttpClient developers DO NOT actively support this component.
- *         The component is provided as a reference material, which may be inappropriate
- *         for use without additional customization.
- *         </p>
- * @since 17-Feb-2006
- */
-
-public class TrustSSLProtocolSocketFactory extends HttpSecureProtocol {
-
-    /**
-     * @param pathToTrustStore Path to either a ".jks" Java Key Store, or a
-     *                         ".pem" base64 encoded certificate.  If it's a
-     *                         ".pem" base64 certificate, the file must start
-     *                         with "------BEGIN CERTIFICATE-----", and must end
-     *                         with "-------END CERTIFICATE--------".
-     */
-    public TrustSSLProtocolSocketFactory(String pathToTrustStore)
-        throws GeneralSecurityException, IOException {
-        this(pathToTrustStore, null);
-    }
-
-    /**
-     * @param pathToTrustStore Path to either a ".jks" Java Key Store, or a
-     *                         ".pem" base64 encoded certificate.  If it's a
-     *                         ".pem" base64 certificate, the file must start
-     *                         with "------BEGIN CERTIFICATE-----", and must end
-     *                         with "-------END CERTIFICATE--------".
-     * @param password         Password to open the ".jks" file.  If "truststore"
-     *                         is a ".pem" file, then password can be null; if
-     *                         password isn't null and we're using a ".pem" file,
-     *                         then technically, this becomes the password to
-     *                         open up the special in-memory keystore we create
-     *                         to hold the ".pem" file, but it's not important at
-     *                         all.
-     * @throws java.security.cert.CertificateException
-     * @throws java.security.KeyStoreException
-     * @throws java.io.IOException
-     * @throws java.security.NoSuchAlgorithmException
-     * @throws java.security.KeyManagementException
-     */
-    public TrustSSLProtocolSocketFactory(String pathToTrustStore, char[] password)
-        throws GeneralSecurityException, IOException {
-        super();
-        TrustMaterial tm;
-        try {
-            tm = new KeyMaterial(pathToTrustStore, password);
-        } catch (KeyStoreException kse) {
-            // KeyMaterial constructor blows up in no keys found,
-            // so we fall back to TrustMaterial constructor instead.
-            tm = new TrustMaterial(pathToTrustStore, password);
-        }
-        super.setTrustMaterial(tm);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
index e00d58d..fc25b51 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsStructure.java
@@ -25,8 +25,8 @@
 
 package org.apache.commons.ssl;
 
-import org.apache.commons.ssl.util.Hex;
 import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.util.Hex;
 
 import java.util.*;
 

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
index 4f6823a..398d012 100644
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Asn1PkcsUtil.java
@@ -25,9 +25,9 @@
 
 package org.apache.commons.ssl;
 
-import org.apache.commons.ssl.util.Hex;
 import org.apache.kerby.asn1.Asn1InputBuffer;
 import org.apache.kerby.asn1.type.*;
+import org.apache.kerby.util.Hex;
 
 import java.io.FileInputStream;
 import java.io.IOException;

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java
deleted file mode 100644
index 99dc717..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java
+++ /dev/null
@@ -1,1048 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.commons.ssl;
-
-import org.apache.commons.ssl.util.UTF8;
-
-import java.math.BigInteger;
-
-/**
- * Provides Base64 encoding and decoding as defined by RFC 2045.
- *
- * <p>
- * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose
- * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein.
- * </p>
- * <p>
- * The class can be parameterized in the following manner with various constructors:
- * <ul>
- * <li>URL-safe mode: Default off.</li>
- * <li>Line length: Default 76. Line length that aren't multiples of 4 will still essentially end up being multiples of
- * 4 in the encoded data.
- * <li>Line separator: Default is CRLF ("\r\n")</li>
- * </ul>
- * </p>
- * <p>
- * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode
- * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc).
- * </p>
- *
- * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>
- * @author Apache Software Foundation
- * @since 1.0
- * @version $Id: Base64.java 155 2009-09-17 21:00:58Z julius $
- */
-public class Base64 {
-    private static final int DEFAULT_BUFFER_RESIZE_FACTOR = 2;
-
-    private static final int DEFAULT_BUFFER_SIZE = 8192;
-
-    /**
-     * Chunk size per RFC 2045 section 6.8.
-     *
-     * <p>
-     * The {@value} character limit does not count the trailing CRLF, but counts all other characters, including any
-     * equal signs.
-     * </p>
-     *
-     * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 6.8</a>
-     */
-    static final int CHUNK_SIZE = 76;
-
-    /**
-     * Chunk separator per RFC 2045 section 2.1.
-     *
-     * <p>
-     * N.B. The next major release may break compatibility and make this field private.
-     * </p>
-     *
-     * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 2.1</a>
-     */
-    static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
-
-    /**
-     * This array is a lookup table that translates 6-bit positive integer index values into their "Base64 Alphabet"
-     * equivalents as specified in Table 1 of RFC 2045.
-     *
-     * Thanks to "commons" project in ws.apache.org for this code.
-     * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
-     */
-    private static final byte[] STANDARD_ENCODE_TABLE = {
-            'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
-            'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
-            'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
-            'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
-            '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
-    };
-
-    /**
-     * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and /
-     * changed to - and _ to make the encoded Base64 results more URL-SAFE.
-     * This table is only used when the Base64's mode is set to URL-SAFE.
-     */
-    private static final byte[] URL_SAFE_ENCODE_TABLE = {
-            'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
-            'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
-            'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
-            'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
-            '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_'
-    };
-
-    /**
-     * Byte used to pad output.
-     */
-    private static final byte PAD = '=';
-
-    /**
-     * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified in
-     * Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64
-     * alphabet but fall within the bounds of the array are translated to -1.
-     *
-     * Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63. This means decoder seamlessly handles both
-     * URL_SAFE and STANDARD base64. (The encoder, on the other hand, needs to know ahead of time what to emit).
-     *
-     * Thanks to "commons" project in ws.apache.org for this code.
-     * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
-     */
-    private static final byte[] DECODE_TABLE = {
-            -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-            -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-            -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63, 52, 53, 54,
-            55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4,
-            5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
-            24, 25, -1, -1, -1, -1, 63, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34,
-            35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
-    };
-
-    /** Mask used to extract 6 bits, used when encoding */
-    private static final int MASK_6BITS = 0x3f;
-
-    /** Mask used to extract 8 bits, used in decoding base64 bytes */
-    private static final int MASK_8BITS = 0xff;
-
-    // The static final fields above are used for the original static byte[] methods on Base64.
-    // The private member fields below are used with the new streaming approach, which requires
-    // some state be preserved between calls of encode() and decode().
-
-    /**
-     * Encode table to use: either STANDARD or URL_SAFE. Note: the DECODE_TABLE above remains static because it is able
-     * to decode both STANDARD and URL_SAFE streams, but the encodeTable must be a member variable so we can switch
-     * between the two modes.
-     */
-    private final byte[] encodeTable;
-
-    /**
-     * Line length for encoding. Not used when decoding. A value of zero or less implies no chunking of the base64
-     * encoded data.
-     */
-    private final int lineLength;
-
-    /**
-     * Line separator for encoding. Not used when decoding. Only used if lineLength > 0.
-     */
-    private final byte[] lineSeparator;
-
-    /**
-     * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing.
-     * <code>decodeSize = 3 + lineSeparator.length;</code>
-     */
-    private final int decodeSize;
-
-    /**
-     * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing.
-     * <code>encodeSize = 4 + lineSeparator.length;</code>
-     */
-    private final int encodeSize;
-
-    /**
-     * Buffer for streaming.
-     */
-    private byte[] buffer;
-
-    /**
-     * Position where next character should be written in the buffer.
-     */
-    private int pos;
-
-    /**
-     * Position where next character should be read from the buffer.
-     */
-    private int readPos;
-
-    /**
-     * Variable tracks how many characters have been written to the current line. Only used when encoding. We use it to
-     * make sure each encoded line never goes beyond lineLength (if lineLength > 0).
-     */
-    private int currentLinePos;
-
-    /**
-     * Writes to the buffer only occur after every 3 reads when encoding, an every 4 reads when decoding. This variable
-     * helps track that.
-     */
-    private int modulus;
-
-    /**
-     * Boolean flag to indicate the EOF has been reached. Once EOF has been reached, this Base64 object becomes useless,
-     * and must be thrown away.
-     */
-    private boolean eof;
-
-    /**
-     * Place holder for the 3 bytes we're dealing with for our base64 logic. Bitwise operations store and extract the
-     * base64 encoding or decoding from this variable.
-     */
-    private int x;
-
-    /**
-     * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
-     * <p>
-     * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE.
-     * </p>
-     *
-     * <p>
-     * When decoding all variants are supported.
-     * </p>
-     */
-    public Base64() {
-        this(false);
-    }
-
-    /**
-     * Creates a Base64 codec used for decoding (all modes) and encoding in the given URL-safe mode.
-     * <p>
-     * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE.
-     * </p>
-     *
-     * <p>
-     * When decoding all variants are supported.
-     * </p>
-     *
-     * @param urlSafe
-     *            if <code>true</code>, URL-safe encoding is used. In most cases this should be set to
-     *            <code>false</code>.
-     * @since 1.4
-     */
-    public Base64(boolean urlSafe) {
-        this(CHUNK_SIZE, CHUNK_SEPARATOR, urlSafe);
-    }
-
-    /**
-     * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
-     * <p>
-     * When encoding the line length is given in the constructor, the line separator is CRLF, and the encoding table is
-     * STANDARD_ENCODE_TABLE.
-     * </p>
-     * <p>
-     * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
-     * </p>
-     * <p>
-     * When decoding all variants are supported.
-     * </p>
-     *
-     * @param lineLength
-     *            Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4).
-     *            If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when decoding.
-     * @since 1.4
-     */
-    public Base64(int lineLength) {
-        this(lineLength, CHUNK_SEPARATOR);
-    }
-
-    /**
-     * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
-     * <p>
-     * When encoding the line length and line separator are given in the constructor, and the encoding table is
-     * STANDARD_ENCODE_TABLE.
-     * </p>
-     * <p>
-     * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
-     * </p>
-     * <p>
-     * When decoding all variants are supported.
-     * </p>
-     *
-     * @param lineLength
-     *            Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4).
-     *            If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when decoding.
-     * @param lineSeparator
-     *            Each line of encoded data will end with this sequence of bytes.
-     * @throws IllegalArgumentException
-     *             Thrown when the provided lineSeparator included some base64 characters.
-     * @since 1.4
-     */
-    public Base64(int lineLength, byte[] lineSeparator) {
-        this(lineLength, lineSeparator, false);
-    }
-
-    /**
-     * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
-     * <p>
-     * When encoding the line length and line separator are given in the constructor, and the encoding table is
-     * STANDARD_ENCODE_TABLE.
-     * </p>
-     * <p>
-     * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
-     * </p>
-     * <p>
-     * When decoding all variants are supported.
-     * </p>
-     *
-     * @param lineLength
-     *            Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4).
-     *            If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when decoding.
-     * @param lineSeparator
-     *            Each line of encoded data will end with this sequence of bytes.
-     * @param urlSafe
-     *            Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode
-     *            operations. Decoding seamlessly handles both modes.
-     * @throws IllegalArgumentException
-     *             The provided lineSeparator included some base64 characters. That's not going to work!
-     * @since 1.4
-     */
-    public Base64(int lineLength, byte[] lineSeparator, boolean urlSafe) {
-        if (lineSeparator == null) {
-            lineLength = 0;  // disable chunk-separating
-            lineSeparator = CHUNK_SEPARATOR;  // this just gets ignored
-        }
-        this.lineLength = lineLength > 0 ? (lineLength / 4) * 4 : 0;
-        this.lineSeparator = new byte[lineSeparator.length];
-        System.arraycopy(lineSeparator, 0, this.lineSeparator, 0, lineSeparator.length);
-        if (lineLength > 0) {
-            this.encodeSize = 4 + lineSeparator.length;
-        } else {
-            this.encodeSize = 4;
-        }
-        this.decodeSize = this.encodeSize - 1;
-        if (containsBase64Byte(lineSeparator)) {
-            String sep = UTF8.toString(lineSeparator);
-            throw new IllegalArgumentException("lineSeperator must not contain base64 characters: [" + sep + "]");
-        }
-        this.encodeTable = urlSafe ? URL_SAFE_ENCODE_TABLE : STANDARD_ENCODE_TABLE;
-    }
-
-    /**
-     * Returns our current encode mode. True if we're URL-SAFE, false otherwise.
-     *
-     * @return true if we're in URL-SAFE mode, false otherwise.
-     * @since 1.4
-     */
-    public boolean isUrlSafe() {
-        return this.encodeTable == URL_SAFE_ENCODE_TABLE;
-    }
-
-    /**
-     * Returns true if this Base64 object has buffered data for reading.
-     *
-     * @return true if there is Base64 object still available for reading.
-     */
-    boolean hasData() {
-        return this.buffer != null;
-    }
-
-    /**
-     * Returns the amount of buffered data available for reading.
-     *
-     * @return The amount of buffered data available for reading.
-     */
-    int avail() {
-        return buffer != null ? pos - readPos : 0;
-    }
-
-    /** Doubles our buffer. */
-    private void resizeBuffer() {
-        if (buffer == null) {
-            buffer = new byte[DEFAULT_BUFFER_SIZE];
-            pos = 0;
-            readPos = 0;
-        } else {
-            byte[] b = new byte[buffer.length * DEFAULT_BUFFER_RESIZE_FACTOR];
-            System.arraycopy(buffer, 0, b, 0, buffer.length);
-            buffer = b;
-        }
-    }
-
-    /**
-     * Extracts buffered data into the provided byte[] array, starting at position bPos, up to a maximum of bAvail
-     * bytes. Returns how many bytes were actually extracted.
-     *
-     * @param b
-     *            byte[] array to extract the buffered data into.
-     * @param bPos
-     *            position in byte[] array to start extraction at.
-     * @param bAvail
-     *            amount of bytes we're allowed to extract. We may extract fewer (if fewer are available).
-     * @return The number of bytes successfully extracted into the provided byte[] array.
-     */
-    int readResults(byte[] b, int bPos, int bAvail) {
-        if (buffer != null) {
-            int len = Math.min(avail(), bAvail);
-            if (buffer != b) {
-                System.arraycopy(buffer, readPos, b, bPos, len);
-                readPos += len;
-                if (readPos >= pos) {
-                    buffer = null;
-                }
-            } else {
-                // Re-using the original consumer's output array is only
-                // allowed for one round.
-                buffer = null;
-            }
-            return len;
-        }
-        return eof ? -1 : 0;
-    }
-
-    /**
-     * Sets the streaming buffer. This is a small optimization where we try to buffer directly to the consumer's output
-     * array for one round (if the consumer calls this method first) instead of starting our own buffer.
-     *
-     * @param out
-     *            byte[] array to buffer directly to.
-     * @param outPos
-     *            Position to start buffering into.
-     * @param outAvail
-     *            Amount of bytes available for direct buffering.
-     */
-    void setInitialBuffer(byte[] out, int outPos, int outAvail) {
-        // We can re-use consumer's original output array under
-        // special circumstances, saving on some System.arraycopy().
-        if (out != null && out.length == outAvail) {
-            buffer = out;
-            pos = outPos;
-            readPos = outPos;
-        }
-    }
-
-    /**
-     * <p>
-     * Encodes all of the provided data, starting at inPos, for inAvail bytes. Must be called at least twice: once with
-     * the data to encode, and once with inAvail set to "-1" to alert encoder that EOF has been reached, so flush last
-     * remaining bytes (if not multiple of 3).
-     * </p>
-     * <p>
-     * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
-     * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
-     * </p>
-     *
-     * @param in
-     *            byte[] array of binary data to base64 encode.
-     * @param inPos
-     *            Position to start reading data from.
-     * @param inAvail
-     *            Amount of bytes available from input for encoding.
-     */
-    void encode(byte[] in, int inPos, int inAvail) {
-        if (eof) {
-            return;
-        }
-        // inAvail < 0 is how we're informed of EOF in the underlying data we're
-        // encoding.
-        if (inAvail < 0) {
-            eof = true;
-            if (buffer == null || buffer.length - pos < encodeSize) {
-                resizeBuffer();
-            }
-            switch (modulus) {
-                case 1 :
-                    buffer[pos++] = encodeTable[(x >> 2) & MASK_6BITS];
-                    buffer[pos++] = encodeTable[(x << 4) & MASK_6BITS];
-                    // URL-SAFE skips the padding to further reduce size.
-                    if (encodeTable == STANDARD_ENCODE_TABLE) {
-                        buffer[pos++] = PAD;
-                        buffer[pos++] = PAD;
-                    }
-                    break;
-
-                case 2 :
-                    buffer[pos++] = encodeTable[(x >> 10) & MASK_6BITS];
-                    buffer[pos++] = encodeTable[(x >> 4) & MASK_6BITS];
-                    buffer[pos++] = encodeTable[(x << 2) & MASK_6BITS];
-                    // URL-SAFE skips the padding to further reduce size.
-                    if (encodeTable == STANDARD_ENCODE_TABLE) {
-                        buffer[pos++] = PAD;
-                    }
-                    break;
-            }
-            if (lineLength > 0 && pos > 0) {
-                System.arraycopy(lineSeparator, 0, buffer, pos, lineSeparator.length);
-                pos += lineSeparator.length;
-            }
-        } else {
-            for (int i = 0; i < inAvail; i++) {
-                if (buffer == null || buffer.length - pos < encodeSize) {
-                    resizeBuffer();
-                }
-                modulus = (++modulus) % 3;
-                int b = in[inPos++];
-                if (b < 0) {
-                    b += 256;
-                }
-                x = (x << 8) + b;
-                if (0 == modulus) {
-                    buffer[pos++] = encodeTable[(x >> 18) & MASK_6BITS];
-                    buffer[pos++] = encodeTable[(x >> 12) & MASK_6BITS];
-                    buffer[pos++] = encodeTable[(x >> 6) & MASK_6BITS];
-                    buffer[pos++] = encodeTable[x & MASK_6BITS];
-                    currentLinePos += 4;
-                    if (lineLength > 0 && lineLength <= currentLinePos) {
-                        System.arraycopy(lineSeparator, 0, buffer, pos, lineSeparator.length);
-                        pos += lineSeparator.length;
-                        currentLinePos = 0;
-                    }
-                }
-            }
-        }
-    }
-
-    /**
-     * <p>
-     * Decodes all of the provided data, starting at inPos, for inAvail bytes. Should be called at least twice: once
-     * with the data to decode, and once with inAvail set to "-1" to alert decoder that EOF has been reached. The "-1"
-     * call is not necessary when decoding, but it doesn't hurt, either.
-     * </p>
-     * <p>
-     * Ignores all non-base64 characters. This is how chunked (e.g. 76 character) data is handled, since CR and LF are
-     * silently ignored, but has implications for other bytes, too. This method subscribes to the garbage-in,
-     * garbage-out philosophy: it will not check the provided data for validity.
-     * </p>
-     * <p>
-     * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
-     * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
-     * </p>
-     *
-     * @param in
-     *            byte[] array of ascii data to base64 decode.
-     * @param inPos
-     *            Position to start reading data from.
-     * @param inAvail
-     *            Amount of bytes available from input for encoding.
-     */
-    void decode(byte[] in, int inPos, int inAvail) {
-        if (eof) {
-            return;
-        }
-        if (inAvail < 0) {
-            eof = true;
-        }
-        for (int i = 0; i < inAvail; i++) {
-            if (buffer == null || buffer.length - pos < decodeSize) {
-                resizeBuffer();
-            }
-            byte b = in[inPos++];
-            if (b == PAD) {
-                // We're done.
-                eof = true;
-                break;
-            } else {
-                if (b >= 0 && b < DECODE_TABLE.length) {
-                    int result = DECODE_TABLE[b];
-                    if (result >= 0) {
-                        modulus = (++modulus) % 4;
-                        x = (x << 6) + result;
-                        if (modulus == 0) {
-                            buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS);
-                            buffer[pos++] = (byte) ((x >> 8) & MASK_8BITS);
-                            buffer[pos++] = (byte) (x & MASK_8BITS);
-                        }
-                    }
-                }
-            }
-        }
-
-        // Two forms of EOF as far as base64 decoder is concerned: actual
-        // EOF (-1) and first time '=' character is encountered in stream.
-        // This approach makes the '=' padding characters completely optional.
-        if (eof && modulus != 0) {
-            x = x << 6;
-            switch (modulus) {
-                case 2 :
-                    x = x << 6;
-                    buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS);
-                    break;
-                case 3 :
-                    buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS);
-                    buffer[pos++] = (byte) ((x >> 8) & MASK_8BITS);
-                    break;
-            }
-        }
-    }
-
-    /**
-     * Returns whether or not the <code>octet</code> is in the base 64 alphabet.
-     *
-     * @param octet
-     *            The value to test
-     * @return <code>true</code> if the value is defined in the the base 64 alphabet, <code>false</code> otherwise.
-     * @since 1.4
-     */
-    public static boolean isBase64(byte octet) {
-        return octet == PAD || (octet >= 0 && octet < DECODE_TABLE.length && DECODE_TABLE[octet] != -1);
-    }
-
-    /**
-     * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. Currently the
-     * method treats whitespace as valid.
-     *
-     * @param arrayOctet
-     *            byte array to test
-     * @return <code>true</code> if all bytes are valid characters in the Base64 alphabet or if the byte array is empty;
-     *         false, otherwise
-     */
-    public static boolean isArrayByteBase64(byte[] arrayOctet) {
-        for (int i = 0; i < arrayOctet.length; i++) {
-            if (!isBase64(arrayOctet[i]) && !isWhiteSpace(arrayOctet[i])) {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet.
-     *
-     * @param arrayOctet
-     *            byte array to test
-     * @return <code>true</code> if any byte is a valid character in the Base64 alphabet; false herwise
-     */
-    private static boolean containsBase64Byte(byte[] arrayOctet) {
-        for (int i = 0; i < arrayOctet.length; i++) {
-            if (isBase64(arrayOctet[i])) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Encodes binary data using the base64 algorithm but does not chunk the output.
-     *
-     * @param binaryData
-     *            binary data to encode
-     * @return byte[] containing Base64 characters in their UTF-8 representation.
-     */
-    public static byte[] encodeBase64(byte[] binaryData) {
-        return encodeBase64(binaryData, false);
-    }
-
-    /**
-     * Encodes binary data using the base64 algorithm into 76 character blocks separated by CRLF.
-     *
-     * @param binaryData
-     *            binary data to encode
-     * @return String containing Base64 characters.
-     * @since 1.4
-     */
-    public static String encodeBase64String(byte[] binaryData) {
-        return UTF8.toString(encodeBase64(binaryData, true));
-    }
-
-    /**
-     * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
-     * url-safe variation emits - and _ instead of + and / characters.
-     *
-     * @param binaryData
-     *            binary data to encode
-     * @return byte[] containing Base64 characters in their UTF-8 representation.
-     * @since 1.4
-     */
-    public static byte[] encodeBase64URLSafe(byte[] binaryData) {
-        return encodeBase64(binaryData, false, true);
-    }
-
-    /**
-     * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
-     * url-safe variation emits - and _ instead of + and / characters.
-     *
-     * @param binaryData
-     *            binary data to encode
-     * @return String containing Base64 characters
-     * @since 1.4
-     */
-    public static String encodeBase64URLSafeString(byte[] binaryData) {
-        return UTF8.toString(encodeBase64(binaryData, false, true));
-    }
-
-    /**
-     * Encodes binary data using the base64 algorithm and chunks the encoded output into 76 character blocks
-     *
-     * @param binaryData
-     *            binary data to encode
-     * @return Base64 characters chunked in 76 character blocks
-     */
-    public static byte[] encodeBase64Chunked(byte[] binaryData) {
-        return encodeBase64(binaryData, true);
-    }
-
-    /**
-     * Decodes an Object using the base64 algorithm. This method is provided in order to satisfy the requirements of the
-     * Decoder interface, and will throw a DecoderException if the supplied object is not of type byte[] or String.
-     *
-     * @param pObject
-     *            Object to decode
-     * @return An object (of type byte[]) containing the binary data which corresponds to the byte[] or String supplied.
-     */
-    public Object decode(Object pObject) {
-        if (pObject instanceof byte[]) {
-            return decode((byte[]) pObject);
-        } else if (pObject instanceof String) {
-            return decode((String) pObject);
-        } else {
-            throw new IllegalArgumentException("Parameter supplied to Base64 decode is not a byte[] or a String");
-        }
-    }
-
-    /**
-     * Decodes a String containing containing characters in the Base64 alphabet.
-     *
-     * @param pArray
-     *            A String containing Base64 character data
-     * @return a byte array containing binary data
-     * @since 1.4
-     */
-    public byte[] decode(String pArray) {
-        return decode(UTF8.toBytes(pArray));
-    }
-
-    /**
-     * Decodes a byte[] containing containing characters in the Base64 alphabet.
-     *
-     * @param pArray
-     *            A byte array containing Base64 character data
-     * @return a byte array containing binary data
-     */
-    public byte[] decode(byte[] pArray) {
-        reset();
-        if (pArray == null || pArray.length == 0) {
-            return pArray;
-        }
-        long len = (pArray.length * 3) / 4;
-        byte[] buf = new byte[(int) len];
-        setInitialBuffer(buf, 0, buf.length);
-        decode(pArray, 0, pArray.length);
-        decode(pArray, 0, -1); // Notify decoder of EOF.
-
-        // Would be nice to just return buf (like we sometimes do in the encode
-        // logic), but we have no idea what the line-length was (could even be
-        // variable).  So we cannot determine ahead of time exactly how big an
-        // array is necessary.  Hence the need to construct a 2nd byte array to
-        // hold the final result:
-
-        byte[] result = new byte[pos];
-        readResults(result, 0, result.length);
-        return result;
-    }
-
-    /**
-     * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
-     *
-     * @param binaryData
-     *            Array containing binary data to encode.
-     * @param isChunked
-     *            if <code>true</code> this encoder will chunk the base64 output into 76 character blocks
-     * @return Base64-encoded data.
-     * @throws IllegalArgumentException
-     *             Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
-     */
-    public static byte[] encodeBase64(byte[] binaryData, boolean isChunked) {
-        return encodeBase64(binaryData, isChunked, false);
-    }
-
-    /**
-     * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
-     *
-     * @param binaryData
-     *            Array containing binary data to encode.
-     * @param isChunked
-     *            if <code>true</code> this encoder will chunk the base64 output into 76 character blocks
-     * @param urlSafe
-     *            if <code>true</code> this encoder will emit - and _ instead of the usual + and / characters.
-     * @return Base64-encoded data.
-     * @throws IllegalArgumentException
-     *             Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
-     * @since 1.4
-     */
-    public static byte[] encodeBase64(byte[] binaryData, boolean isChunked, boolean urlSafe) {
-        return encodeBase64(binaryData, isChunked, urlSafe, Integer.MAX_VALUE);
-    }
-
-    /**
-     * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
-     *
-     * @param binaryData
-     *            Array containing binary data to encode.
-     * @param isChunked
-     *            if <code>true</code> this encoder will chunk the base64 output into 76 character blocks
-     * @param urlSafe
-     *            if <code>true</code> this encoder will emit - and _ instead of the usual + and / characters.
-     * @param maxResultSize
-     *            The maximum result size to accept.
-     * @return Base64-encoded data.
-     * @throws IllegalArgumentException
-     *             Thrown when the input array needs an output array bigger than maxResultSize
-     * @since 1.4
-     */
-    public static byte[] encodeBase64(byte[] binaryData, boolean isChunked, boolean urlSafe, int maxResultSize) {
-        if (binaryData == null || binaryData.length == 0) {
-            return binaryData;
-        }
-
-        long len = getEncodeLength(binaryData, CHUNK_SIZE, CHUNK_SEPARATOR);
-        if (len > maxResultSize) {
-            throw new IllegalArgumentException("Input array too big, the output array would be bigger (" +
-                len +
-                ") than the specified maxium size of " +
-                maxResultSize);
-        }
-
-        Base64 b64 = isChunked ? new Base64(urlSafe) : new Base64(0, CHUNK_SEPARATOR, urlSafe);
-        return b64.encode(binaryData);
-    }
-
-    /**
-     * Decodes a Base64 String into octets
-     *
-     * @param base64String
-     *            String containing Base64 data
-     * @return Array containing decoded data.
-     * @since 1.4
-     */
-    public static byte[] decodeBase64(String base64String) {
-        return new Base64().decode(base64String);
-    }
-
-    /**
-     * Decodes Base64 data into octets
-     *
-     * @param base64Data
-     *            Byte array containing Base64 data
-     * @return Array containing decoded data.
-     */
-    public static byte[] decodeBase64(byte[] base64Data) {
-        return new Base64().decode(base64Data);
-    }
-
-    /**
-     * Discards any whitespace from a base-64 encoded block.
-     *
-     * @param data
-     *            The base-64 encoded data to discard the whitespace from.
-     * @return The data, less whitespace (see RFC 2045).
-     * @deprecated This method is no longer needed
-     */
-    static byte[] discardWhitespace(byte[] data) {
-        byte groomedData[] = new byte[data.length];
-        int bytesCopied = 0;
-        for (int i = 0; i < data.length; i++) {
-            switch (data[i]) {
-                case ' ' :
-                case '\n' :
-                case '\r' :
-                case '\t' :
-                    break;
-                default :
-                    groomedData[bytesCopied++] = data[i];
-            }
-        }
-        byte packedData[] = new byte[bytesCopied];
-        System.arraycopy(groomedData, 0, packedData, 0, bytesCopied);
-        return packedData;
-    }
-
-    /**
-     * Checks if a byte value is whitespace or not.
-     *
-     * @param byteToCheck
-     *            the byte to check
-     * @return true if byte is whitespace, false otherwise
-     */
-    private static boolean isWhiteSpace(byte byteToCheck) {
-        switch (byteToCheck) {
-            case ' ' :
-            case '\n' :
-            case '\r' :
-            case '\t' :
-                return true;
-            default :
-                return false;
-        }
-    }
-
-    // Implementation of the Encoder Interface
-
-    /**
-     * Encodes an Object using the base64 algorithm. This method is provided in order to satisfy the requirements of the
-     * Encoder interface, and will throw an EncoderException if the supplied object is not of type byte[].
-     *
-     * @param pObject
-     *            Object to encode
-     * @return An object (of type byte[]) containing the base64 encoded data which corresponds to the byte[] supplied.
-     */
-    public Object encode(Object pObject) {
-        if (!(pObject instanceof byte[])) {
-            throw new IllegalArgumentException("Parameter supplied to Base64 encode is not a byte[]");
-        }
-        return encode((byte[]) pObject);
-    }
-
-    /**
-     * Encodes a byte[] containing binary data, into a String containing characters in the Base64 alphabet.
-     *
-     * @param pArray
-     *            a byte array containing binary data
-     * @return A String containing only Base64 character data
-     * @since 1.4
-     */
-    public String encodeToString(byte[] pArray) {
-        return UTF8.toString(encode(pArray));
-    }
-
-    /**
-     * Encodes a byte[] containing binary data, into a byte[] containing characters in the Base64 alphabet.
-     *
-     * @param pArray
-     *            a byte array containing binary data
-     * @return A byte array containing only Base64 character data
-     */
-    public byte[] encode(byte[] pArray) {
-        reset();
-        if (pArray == null || pArray.length == 0) {
-            return pArray;
-        }
-        long len = getEncodeLength(pArray, lineLength, lineSeparator);
-        byte[] buf = new byte[(int) len];
-        setInitialBuffer(buf, 0, buf.length);
-        encode(pArray, 0, pArray.length);
-        encode(pArray, 0, -1); // Notify encoder of EOF.
-        // Encoder might have resized, even though it was unnecessary.
-        if (buffer != buf) {
-            readResults(buf, 0, buf.length);
-        }
-        // In URL-SAFE mode we skip the padding characters, so sometimes our
-        // final length is a bit smaller.
-        if (isUrlSafe() && pos < buf.length) {
-            byte[] smallerBuf = new byte[pos];
-            System.arraycopy(buf, 0, smallerBuf, 0, pos);
-            buf = smallerBuf;
-        }
-        return buf;
-    }
-
-    /**
-     * Pre-calculates the amount of space needed to base64-encode the supplied array.
-     *
-     * @param pArray byte[] array which will later be encoded
-     * @param chunkSize line-length of the output (<= 0 means no chunking) between each
-     *        chunkSeparator (e.g. CRLF).
-     * @param chunkSeparator the sequence of bytes used to separate chunks of output (e.g. CRLF).
-     *
-     * @return amount of space needed to encoded the supplied array.  Returns
-     *         a long since a max-len array will require Integer.MAX_VALUE + 33%.
-     */
-    private static long getEncodeLength(byte[] pArray, int chunkSize, byte[] chunkSeparator) {
-        // base64 always encodes to multiples of 4.
-        chunkSize = (chunkSize / 4) * 4;
-
-        long len = (pArray.length * 4) / 3;
-        long mod = len % 4;
-        if (mod != 0) {
-            len += 4 - mod;
-        }
-        if (chunkSize > 0) {
-            boolean lenChunksPerfectly = len % chunkSize == 0;
-            len += (len / chunkSize) * chunkSeparator.length;
-            if (!lenChunksPerfectly) {
-                len += chunkSeparator.length;
-            }
-        }
-        return len;
-    }
-
-    // Implementation of integer encoding used for crypto
-    /**
-     * Decodes a byte64-encoded integer according to crypto standards such as W3C's XML-Signature
-     *
-     * @param pArray
-     *            a byte array containing base64 character data
-     * @return A BigInteger
-     * @since 1.4
-     */
-    public static BigInteger decodeInteger(byte[] pArray) {
-        return new BigInteger(1, decodeBase64(pArray));
-    }
-
-    /**
-     * Encodes to a byte64-encoded integer according to crypto standards such as W3C's XML-Signature
-     *
-     * @param bigInt
-     *            a BigInteger
-     * @return A byte array containing base64 character data
-     * @throws NullPointerException
-     *             if null is passed in
-     * @since 1.4
-     */
-    public static byte[] encodeInteger(BigInteger bigInt) {
-        if (bigInt == null) {
-            throw new NullPointerException("encodeInteger called with null parameter");
-        }
-        return encodeBase64(toIntegerBytes(bigInt), false);
-    }
-
-    /**
-     * Returns a byte-array representation of a <code>BigInteger</code> without sign bit.
-     *
-     * @param bigInt
-     *            <code>BigInteger</code> to be converted
-     * @return a byte array representation of the BigInteger parameter
-     */
-    static byte[] toIntegerBytes(BigInteger bigInt) {
-        int bitlen = bigInt.bitLength();
-        // round bitlen
-        bitlen = ((bitlen + 7) >> 3) << 3;
-        byte[] bigBytes = bigInt.toByteArray();
-
-        if (((bigInt.bitLength() % 8) != 0) && (((bigInt.bitLength() / 8) + 1) == (bitlen / 8))) {
-            return bigBytes;
-        }
-        // set up params for copying everything but sign bit
-        int startSrc = 0;
-        int len = bigBytes.length;
-
-        // if bigInt is exactly byte-aligned, just skip signbit in copy
-        if ((bigInt.bitLength() % 8) == 0) {
-            startSrc = 1;
-            len--;
-        }
-        int startDst = bitlen / 8 - len; // to pad w/ nulls as per spec
-        byte[] resizedBytes = new byte[bitlen / 8];
-        System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, len);
-        return resizedBytes;
-    }
-
-    /**
-     * Resets this Base64 object to its initial newly constructed state.
-     */
-    private void reset() {
-        buffer = null;
-        pos = 0;
-        readPos = 0;
-        currentLinePos = 0;
-        modulus = 0;
-        eof = false;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java
deleted file mode 100644
index 02f83bd..0000000
--- a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.commons.ssl;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * Provides Base64 encoding and decoding in a streaming fashion (unlimited size). When encoding the default lineLength
- * is 76 characters and the default lineEnding is CRLF, but these can be overridden by using the appropriate
- * constructor.
- * <p>
- * The default behaviour of the Base64InputStream is to DECODE, whereas the default behaviour of the Base64OutputStream
- * is to ENCODE, but this behaviour can be overridden by using a different constructor.
- * </p>
- * <p>
- * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose
- * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein.
- * </p>
- * <p>
- * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode
- * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc).
- * </p>
- *
- * @author Apache Software Foundation
- * @version $Id: Base64InputStream.java 155 2009-09-17 21:00:58Z julius $
- * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>
- * @since 1.4
- */
-public class Base64InputStream extends FilterInputStream {
-
-    private final boolean doEncode;
-
-    private final Base64 base64;
-
-    private final byte[] singleByte = new byte[1];
-
-    /**
-     * Creates a Base64InputStream such that all data read is Base64-decoded from the original provided InputStream.
-     *
-     * @param in
-     *            InputStream to wrap.
-     */
-    public Base64InputStream(InputStream in) {
-        this(in, false);
-    }
-
-    /**
-     * Creates a Base64InputStream such that all data read is either Base64-encoded or Base64-decoded from the original
-     * provided InputStream.
-     *
-     * @param in
-     *            InputStream to wrap.
-     * @param doEncode
-     *            true if we should encode all data read from us, false if we should decode.
-     */
-    public Base64InputStream(InputStream in, boolean doEncode) {
-        super(in);
-        this.doEncode = doEncode;
-        this.base64 = new Base64();
-    }
-
-    /**
-     * Creates a Base64InputStream such that all data read is either Base64-encoded or Base64-decoded from the original
-     * provided InputStream.
-     *
-     * @param in
-     *            InputStream to wrap.
-     * @param doEncode
-     *            true if we should encode all data read from us, false if we should decode.
-     * @param lineLength
-     *            If doEncode is true, each line of encoded data will contain lineLength characters (rounded down to
-     *            nearest multiple of 4). If lineLength <=0, the encoded data is not divided into lines. If doEncode is
-     *            false, lineLength is ignored.
-     * @param lineSeparator
-     *            If doEncode is true, each line of encoded data will be terminated with this byte sequence (e.g. \r\n).
-     *            If lineLength <= 0, the lineSeparator is not used. If doEncode is false lineSeparator is ignored.
-     */
-    public Base64InputStream(InputStream in, boolean doEncode, int lineLength, byte[] lineSeparator) {
-        super(in);
-        this.doEncode = doEncode;
-        this.base64 = new Base64(lineLength, lineSeparator);
-    }
-
-    /**
-     * Reads one <code>byte</code> from this input stream.
-     *
-     * @return the byte as an integer in the range 0 to 255. Returns -1 if EOF has been reached.
-     * @throws java.io.IOException
-     *             if an I/O error occurs.
-     */
-    public int read() throws IOException {
-        int r = read(singleByte, 0, 1);
-        while (r == 0) {
-            r = read(singleByte, 0, 1);
-        }
-        if (r > 0) {
-            return singleByte[0] < 0 ? 256 + singleByte[0] : singleByte[0];
-        }
-        return -1;
-    }
-
-    /**
-     * Attempts to read <code>len</code> bytes into the specified <code>b</code> array starting at <code>offset</code>
-     * from this InputStream.
-     *
-     * @param b
-     *            destination byte array
-     * @param offset
-     *            where to start writing the bytes
-     * @param len
-     *            maximum number of bytes to read
-     *
-     * @return number of bytes read
-     * @throws java.io.IOException
-     *             if an I/O error occurs.
-     * @throws NullPointerException
-     *             if the byte array parameter is null
-     * @throws IndexOutOfBoundsException
-     *             if offset, len or buffer size are invalid
-     */
-    public int read(byte b[], int offset, int len) throws IOException {
-        if (b == null) {
-            throw new NullPointerException();
-        } else if (offset < 0 || len < 0) {
-            throw new IndexOutOfBoundsException();
-        } else if (offset > b.length || offset + len > b.length) {
-            throw new IndexOutOfBoundsException();
-        } else if (len == 0) {
-            return 0;
-        } else {
-            if (!base64.hasData()) {
-                byte[] buf = new byte[doEncode ? 4096 : 8192];
-                int c = in.read(buf);
-                // A little optimization to avoid System.arraycopy()
-                // when possible.
-                if (c > 0 && b.length == len) {
-                    base64.setInitialBuffer(b, offset, len);
-                }
-                if (doEncode) {
-                    base64.encode(buf, 0, c);
-                } else {
-                    base64.decode(buf, 0, c);
-                }
-            }
-            return base64.readResults(b, offset, len);
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return false
-     */
-    public boolean markSupported() {
-        return false; // not an easy job to support marks
-    }
-}


Mime
View raw message