directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [17/17] directory-kerby git commit: Merge from master.
Date Fri, 27 Nov 2015 08:18:27 GMT
Merge from master.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/67c2bb6e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/67c2bb6e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/67c2bb6e

Branch: refs/heads/pkinit-support
Commit: 67c2bb6e249b92017dc091f5c38271309b58919c
Parents: b948567 af7deb6
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri Nov 27 16:24:39 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri Nov 27 16:24:39 2015 +0800

----------------------------------------------------------------------
 .../org/apache/kerby/asn1/Asn1OutputBuffer.java |   5 -
 .../org/apache/kerby/asn1/EncodingOption.java   | 202 -------------------
 .../org/apache/kerby/asn1/TaggingOption.java    |   4 +-
 .../org/apache/kerby/asn1/UniversalTag.java     |   3 +-
 .../kerby/asn1/type/AbstractAsn1Type.java       | 147 +++++++++-----
 .../org/apache/kerby/asn1/type/Asn1Any.java     |  39 +++-
 .../apache/kerby/asn1/type/Asn1BmpString.java   |   3 +-
 .../org/apache/kerby/asn1/type/Asn1Boolean.java |   2 +-
 .../org/apache/kerby/asn1/type/Asn1Choice.java  |   6 -
 .../apache/kerby/asn1/type/Asn1Collection.java  |   7 +-
 .../kerby/asn1/type/Asn1CollectionType.java     |   7 +-
 .../apache/kerby/asn1/type/Asn1EnumType.java    |  13 +-
 .../apache/kerby/asn1/type/Asn1Enumerated.java  |  64 ++++++
 .../apache/kerby/asn1/type/Asn1FieldInfo.java   |  43 +++-
 .../org/apache/kerby/asn1/type/Asn1Flags.java   |  10 +-
 .../org/apache/kerby/asn1/type/Asn1Simple.java  |   7 +-
 .../org/apache/kerby/asn1/type/Asn1Tagging.java |  55 +++--
 .../org/apache/kerby/asn1/type/Asn1Type.java    |  96 ++++++++-
 .../apache/kerby/asn1/type/ExplicitField.java   |  44 ++++
 .../apache/kerby/asn1/type/ImplicitField.java   |  44 ++++
 .../kerby/asn1/type/TaggingCollection.java      |  82 ++++++--
 .../apache/kerby/asn1/type/TaggingSequence.java |   5 +-
 .../org/apache/kerby/asn1/type/TaggingSet.java  |   5 +-
 .../org/apache/kerby/asn1/PersonnelRecord.java  |  40 ++--
 .../org/apache/kerby/asn1/TestAsn1Boolean.java  |   8 +-
 .../org/apache/kerby/asn1/TestAsn1Flags.java    |   2 +-
 .../org/apache/kerby/asn1/TestAsn1Integer.java  |   4 +-
 .../kerby/asn1/TestAsn1ObjectIdentifier.java    |   4 +-
 .../org/apache/kerby/asn1/TestAsn1UtcTime.java  |   4 +-
 .../apache/kerby/asn1/TestTaggingEncoding.java  |  12 +-
 .../identitybackend/LdapIdentityBackend.java    |   2 +-
 .../org/apache/kerby/KrbIdentitySerializer.java |   2 +-
 .../apache/kerby/config/IniConfigLoader.java    |   4 +-
 .../kerb/integration/test/Transport.java        |   4 +-
 .../kerb/integration/test/gss/GssAppClient.java |   4 +-
 .../kerb/integration/test/gss/GssAppServer.java |   4 +-
 .../kerb/integration/test/jaas/TokenCache.java  |   6 +-
 .../integration/test/sasl/SaslAppClient.java    |   8 +-
 .../integration/test/sasl/SaslAppServer.java    |   4 +-
 .../client/preauth/pkinit/PkinitPreauth.java    |   9 +-
 .../kerby/kerberos/kerb/preauth/PaFlag.java     |   4 +-
 .../kerb/preauth/pkinit/PluginOpts.java         |   2 +-
 .../kerby/kerberos/kerb/codec/CodecTest.java    |   2 +
 .../kerberos/kerb/codec/TestAsReqCodec.java     |   8 +-
 .../kerberos/kerb/codec/TestTgsReqCodec.java    |   8 +-
 kerby-kerb/kerb-core/pom.xml                    |   5 +
 .../apache/kerby/kerberos/kerb/KrbCodec.java    |   3 +-
 .../kerby/kerberos/kerb/KrbErrorCode.java       |   4 +-
 .../kerberos/kerb/spec/KerberosString.java      |   1 +
 .../kerberos/kerb/spec/KrbAppSequenceType.java  |   6 +-
 .../kerberos/kerb/spec/KrbSequenceType.java     |   4 +-
 .../kerby/kerberos/kerb/spec/ad/AdToken.java    |   3 +-
 .../kerb/spec/ad/AuthorizationDataEntry.java    |   7 +-
 .../kerb/spec/ad/AuthorizationType.java         |   4 +-
 .../kerby/kerberos/kerb/spec/ap/ApOption.java   |   4 +-
 .../kerby/kerberos/kerb/spec/ap/ApRep.java      |   9 +-
 .../kerby/kerberos/kerb/spec/ap/ApReq.java      |  13 +-
 .../kerberos/kerb/spec/ap/Authenticator.java    |  19 +-
 .../kerberos/kerb/spec/ap/EncAPRepPart.java     |   9 +-
 .../kerby/kerberos/kerb/spec/base/CheckSum.java |   7 +-
 .../kerberos/kerb/spec/base/CheckSumType.java   |   4 +-
 .../kerberos/kerb/spec/base/EncryptedData.java  |   9 +-
 .../kerberos/kerb/spec/base/EncryptionKey.java  |   7 +-
 .../kerberos/kerb/spec/base/EncryptionType.java |   4 +-
 .../kerb/spec/base/EtypeInfo2Entry.java         |   7 +-
 .../kerberos/kerb/spec/base/EtypeInfoEntry.java |   5 +-
 .../kerberos/kerb/spec/base/HostAddrType.java   |   4 +-
 .../kerberos/kerb/spec/base/HostAddress.java    |   7 +-
 .../kerby/kerberos/kerb/spec/base/KeyUsage.java |   4 +-
 .../kerby/kerberos/kerb/spec/base/KrbError.java |  27 +--
 .../kerberos/kerb/spec/base/KrbMessage.java     |   4 +-
 .../kerberos/kerb/spec/base/KrbMessageType.java |   4 +-
 .../kerby/kerberos/kerb/spec/base/KrbToken.java |   7 +-
 .../kerberos/kerb/spec/base/LastReqEntry.java   |   7 +-
 .../kerberos/kerb/spec/base/LastReqType.java    |   4 +-
 .../kerby/kerberos/kerb/spec/base/NameType.java |   4 +-
 .../kerberos/kerb/spec/base/PrincipalName.java  |   7 +-
 .../kerby/kerberos/kerb/spec/base/SamType.java  |   4 +-
 .../kerberos/kerb/spec/base/TokenFormat.java    |   4 +-
 .../kerb/spec/base/TransitedEncoding.java       |   5 +-
 .../kerb/spec/base/TransitedEncodingType.java   |   4 +-
 .../kerb/spec/cms/AlgorithmIdentifier.java      |  61 ------
 .../kerberos/kerb/spec/cms/DHParameter.java     |  51 -----
 .../kerb/spec/cms/SubjectPublicKeyInfo.java     |  60 ------
 .../kerberos/kerb/spec/fast/ArmorType.java      |   4 +-
 .../kerberos/kerb/spec/fast/FastOption.java     |   4 +-
 .../kerberos/kerb/spec/fast/KrbFastArmor.java   |   7 +-
 .../kerb/spec/fast/KrbFastArmoredRep.java       |   3 +-
 .../kerb/spec/fast/KrbFastArmoredReq.java       |   7 +-
 .../kerb/spec/fast/KrbFastFinished.java         |   7 +-
 .../kerberos/kerb/spec/fast/KrbFastReq.java     |   7 +-
 .../kerb/spec/fast/KrbFastResponse.java         |   9 +-
 .../kerberos/kerb/spec/fast/PaAuthnEntry.java   |   9 +-
 .../kerberos/kerb/spec/fast/PaFxFastReply.java  |   3 +-
 .../kerb/spec/fast/PaFxFastRequest.java         |   3 +-
 .../kerberos/kerb/spec/kdc/EncKdcRepPart.java   |  25 +--
 .../kerby/kerberos/kerb/spec/kdc/KdcOption.java |   4 +-
 .../kerby/kerberos/kerb/spec/kdc/KdcRep.java    |  15 +-
 .../kerby/kerberos/kerb/spec/kdc/KdcReq.java    |   9 +-
 .../kerberos/kerb/spec/kdc/KdcReqBody.java      |  27 +--
 .../kerb/spec/pa/PaAuthenticationSetElem.java   |   9 +-
 .../kerberos/kerb/spec/pa/PaDataEntry.java      |   7 +-
 .../kerby/kerberos/kerb/spec/pa/PaDataType.java |   4 +-
 .../kerby/kerberos/kerb/spec/pa/PaEncTsEnc.java |   5 +-
 .../kerberos/kerb/spec/pa/otp/OtpTokenInfo.java |  19 +-
 .../kerb/spec/pa/otp/PaOtpChallenge.java        |  11 +-
 .../spec/pa/pkinit/AlgorithmIdentifiers.java    |   2 +-
 .../kerberos/kerb/spec/pa/pkinit/AuthPack.java  |  11 +-
 .../kerb/spec/pa/pkinit/DHParameter.java        |  51 +++++
 .../kerberos/kerb/spec/pa/pkinit/DHRepInfo.java |   6 +-
 .../pa/pkinit/ExternalPrincipalIdentifier.java  |   7 +-
 .../kerb/spec/pa/pkinit/KdcDHKeyInfo.java       |   7 +-
 .../kerb/spec/pa/pkinit/Krb5PrincipalName.java  |   5 +-
 .../kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java |   6 +-
 .../kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java |   8 +-
 .../kerb/spec/pa/pkinit/PkAuthenticator.java    |   9 +-
 .../kerb/spec/pa/pkinit/ReplyKeyPack.java       |   5 +-
 .../kerb/spec/pa/token/PaTokenChallenge.java    |   3 +-
 .../kerb/spec/pa/token/PaTokenRequest.java      |   5 +-
 .../kerberos/kerb/spec/pa/token/TokenFlag.java  |   4 +-
 .../kerberos/kerb/spec/pa/token/TokenFlags.java |   2 +-
 .../kerberos/kerb/spec/pa/token/TokenInfo.java  |   5 +-
 .../kerb/spec/ticket/EncTicketPart.java         |  23 ++-
 .../kerby/kerberos/kerb/spec/ticket/Ticket.java |   9 +-
 .../kerberos/kerb/spec/ticket/TicketFlag.java   |   4 +-
 .../kerberos/kerb/spec/ticket/TicketFlags.java  |   2 +-
 .../kerberos/kerb/crypto/CheckSumHandler.java   |   4 +-
 .../kerberos/kerb/crypto/EncryptionHandler.java |   6 +-
 .../kerb/crypto/cksum/HmacMd5Rc4CheckSum.java   |   4 +-
 .../kerberos/kerb/crypto/enc/KeKiCmacEnc.java   |   4 +-
 .../kerb/crypto/enc/KeKiHmacSha1Enc.java        |   4 +-
 .../kerberos/kerb/crypto/fast/FastUtil.java     |   4 +-
 .../kerb/crypto/key/AbstractKeyMaker.java       |  18 +-
 .../kerberos/kerb/crypto/key/AesKeyMaker.java   |   8 +-
 .../kerb/crypto/key/CamelliaKeyMaker.java       |   8 +-
 .../kerby/kerberos/kerb/crypto/util/Rc4.java    |   4 +-
 .../kerb/identity/backend/BackendTest.java      |   4 +-
 .../server/preauth/pkinit/PkinitPreauth.java    |   1 -
 .../kerby/kerberos/kerb/KrbInputStream.java     |   4 +-
 .../kerby/kerberos/kerb/KrbOutputStream.java    |   4 +-
 .../kerb/ccache/CredCacheOutputStream.java      |  10 +-
 .../kerby/kerberos/kerb/ccache/Credential.java  |   2 +-
 .../kerb/keytab/KeytabOutputStream.java         |   4 +-
 kerby-pkix/pom.xml                              |  37 ++++
 .../org/apache/kerby/cms/type/Attribute.java    |  66 ++++++
 .../cms/type/AttributeCertificateInfoV1.java    | 147 ++++++++++++++
 .../kerby/cms/type/AttributeCertificateV1.java  |  73 +++++++
 .../kerby/cms/type/AttributeCertificateV2.java  |  29 +++
 .../org/apache/kerby/cms/type/Certificate.java  |  76 +++++++
 .../kerby/cms/type/CertificateChoices.java      |  93 +++++++++
 .../apache/kerby/cms/type/CertificateList.java  |  77 +++++++
 .../apache/kerby/cms/type/CertificateSet.java   |  29 +++
 .../org/apache/kerby/cms/type/CmsVersion.java   |  53 +++++
 .../apache/kerby/cms/type/CompressedData.java   |  77 +++++++
 .../org/apache/kerby/cms/type/ContentInfo.java  |  69 +++++++
 .../cms/type/DigestAlgorithmIdentifier.java     |  28 +++
 .../cms/type/DigestAlgorithmIdentifiers.java    |  28 +++
 .../kerby/cms/type/EncapsulatedContentInfo.java |  64 ++++++
 .../kerby/cms/type/ExtendedCertificate.java     |  70 +++++++
 .../kerby/cms/type/ExtendedCertificateInfo.java |  71 +++++++
 .../kerby/cms/type/IssuerAndSerialNumber.java   |  66 ++++++
 .../kerby/cms/type/OtherCertificateFormat.java  |  63 ++++++
 .../cms/type/OtherRevocationInfoFormat.java     |  62 ++++++
 .../cms/type/RelativeDistinguishedName.java     |  29 +++
 .../kerby/cms/type/RevocationInfoChoice.java    |  60 ++++++
 .../kerby/cms/type/RevocationInfoChoices.java   |  28 +++
 .../org/apache/kerby/cms/type/Signature.java    |  28 +++
 .../cms/type/SignatureAlgorithmIdentifier.java  |  28 +++
 .../apache/kerby/cms/type/SignatureValue.java   |  28 +++
 .../apache/kerby/cms/type/SignedAttributes.java |  28 +++
 .../org/apache/kerby/cms/type/SignedData.java   | 108 ++++++++++
 .../apache/kerby/cms/type/SignerIdentifier.java |  66 ++++++
 .../org/apache/kerby/cms/type/SignerInfo.java   | 119 +++++++++++
 .../org/apache/kerby/cms/type/SignerInfos.java  |  28 +++
 .../java/org/apache/kerby/cms/type/Subject.java |  65 ++++++
 .../kerby/cms/type/UnsignedAttributes.java      |  28 +++
 .../kerby/x500/type/AttributeTypeAndValue.java  |  63 ++++++
 .../java/org/apache/kerby/x500/type/Name.java   |  49 +++++
 .../org/apache/kerby/x500/type/RDNSequence.java |  28 +++
 .../x500/type/RelativeDistinguishedName.java    |  28 +++
 .../kerby/x509/type/AccessDescription.java      |  63 ++++++
 .../kerby/x509/type/AlgorithmIdentifier.java    |  62 ++++++
 .../apache/kerby/x509/type/AttCertIssuer.java   |  63 ++++++
 .../kerby/x509/type/AttCertValidityPeriod.java  |  62 ++++++
 .../org/apache/kerby/x509/type/Attribute.java   |  62 ++++++
 .../kerby/x509/type/AttributeCertificate.java   |  73 +++++++
 .../x509/type/AttributeCertificateInfo.java     | 145 +++++++++++++
 .../apache/kerby/x509/type/AttributeValues.java |  27 +++
 .../org/apache/kerby/x509/type/Attributes.java  |  43 ++++
 .../x509/type/AuthorityInformationAccess.java   |  41 ++++
 .../kerby/x509/type/AuthorityKeyIdentifier.java |  80 ++++++++
 .../kerby/x509/type/BasicConstraints.java       |  69 +++++++
 .../apache/kerby/x509/type/CRLDistPoint.java    |  31 +++
 .../org/apache/kerby/x509/type/CRLNumber.java   |  31 +++
 .../org/apache/kerby/x509/type/CRLReason.java   |  66 ++++++
 .../apache/kerby/x509/type/CertPolicyId.java    |  31 +++
 .../org/apache/kerby/x509/type/Certificate.java |  73 +++++++
 .../apache/kerby/x509/type/CertificateList.java |  75 +++++++
 .../apache/kerby/x509/type/CertificatePair.java |  64 ++++++
 .../kerby/x509/type/CertificatePolicies.java    |  32 +++
 .../x509/type/CertificateSerialNumber.java      |  26 +++
 .../apache/kerby/x509/type/DSAParameter.java    |  66 ++++++
 .../org/apache/kerby/x509/type/DigestInfo.java  |  62 ++++++
 .../kerby/x509/type/DigestedObjectType.java     |  53 +++++
 .../apache/kerby/x509/type/DirectoryString.java | 100 +++++++++
 .../org/apache/kerby/x509/type/DisplayText.java |  87 ++++++++
 .../kerby/x509/type/DistributionPoint.java      |  74 +++++++
 .../kerby/x509/type/DistributionPointName.java  |  64 ++++++
 .../apache/kerby/x509/type/EDIPartyName.java    |  62 ++++++
 .../kerby/x509/type/ExtendedKeyUsage.java       |  31 +++
 .../org/apache/kerby/x509/type/Extension.java   |  77 +++++++
 .../org/apache/kerby/x509/type/Extensions.java  |  37 ++++
 .../org/apache/kerby/x509/type/GeneralName.java | 147 ++++++++++++++
 .../apache/kerby/x509/type/GeneralNames.java    |  26 +++
 .../apache/kerby/x509/type/GeneralSubtree.java  |  77 +++++++
 .../apache/kerby/x509/type/GeneralSubtrees.java |  25 +++
 .../java/org/apache/kerby/x509/type/Holder.java |  78 +++++++
 .../apache/kerby/x509/type/IetfAttrSyntax.java  |  69 +++++++
 .../kerby/x509/type/IetfAttrSyntaxChoice.java   |  78 +++++++
 .../kerby/x509/type/IetfAttrSyntaxChoices.java  |  26 +++
 .../apache/kerby/x509/type/IssuerSerial.java    |  73 +++++++
 .../x509/type/IssuingDistributionPoint.java     | 107 ++++++++++
 .../apache/kerby/x509/type/KeyIdentifier.java   |  32 +++
 .../apache/kerby/x509/type/KeyPurposeId.java    |  36 ++++
 .../org/apache/kerby/x509/type/KeyUsage.java    |  62 ++++++
 .../apache/kerby/x509/type/NameConstraints.java |  60 ++++++
 .../apache/kerby/x509/type/NoticeNumbers.java   |  31 +++
 .../apache/kerby/x509/type/NoticeReference.java |  63 ++++++
 .../kerby/x509/type/ObjectDigestInfo.java       |  93 +++++++++
 .../org/apache/kerby/x509/type/OtherName.java   |  66 ++++++
 .../kerby/x509/type/PolicyConstraints.java      |  67 ++++++
 .../kerby/x509/type/PolicyInformation.java      |  61 ++++++
 .../apache/kerby/x509/type/PolicyMapping.java   |  62 ++++++
 .../apache/kerby/x509/type/PolicyMappings.java  |  34 ++++
 .../kerby/x509/type/PolicyQualifierId.java      |  35 ++++
 .../kerby/x509/type/PolicyQualifierInfo.java    |  66 ++++++
 .../kerby/x509/type/PolicyQualifierInfos.java   |  31 +++
 .../kerby/x509/type/PrivateKeyUsagePeriod.java  |  63 ++++++
 .../org/apache/kerby/x509/type/ReasonFlags.java |  61 ++++++
 .../kerby/x509/type/RevokedCertificate.java     |  75 +++++++
 .../kerby/x509/type/RevokedCertificates.java    |  38 ++++
 .../org/apache/kerby/x509/type/RoleSyntax.java  |  63 ++++++
 .../x509/type/SubjectDirectoryAttributes.java   |  39 ++++
 .../kerby/x509/type/SubjectKeyIdentifier.java   |  32 +++
 .../kerby/x509/type/SubjectPublicKeyInfo.java   |  60 ++++++
 .../org/apache/kerby/x509/type/TBSCertList.java | 128 ++++++++++++
 .../apache/kerby/x509/type/TBSCertificate.java  | 155 ++++++++++++++
 .../java/org/apache/kerby/x509/type/Target.java |  74 +++++++
 .../org/apache/kerby/x509/type/TargetCert.java  |  70 +++++++
 .../kerby/x509/type/TargetInformation.java      |  34 ++++
 .../org/apache/kerby/x509/type/Targets.java     |  45 +++++
 .../java/org/apache/kerby/x509/type/Time.java   |  66 ++++++
 .../org/apache/kerby/x509/type/UserNotice.java  |  63 ++++++
 .../java/org/apache/kerby/x509/type/V2Form.java |  77 +++++++
 .../provider/token/JwtTokenDecoder.java         |   4 +-
 .../provider/token/JwtTokenEncoder.java         |   4 +-
 .../kerby/kerberos/tool/token/TokenCache.java   |   6 +-
 .../main/java/org/apache/kerby/util/Utf8.java   |  14 +-
 pom.xml                                         |   1 +
 259 files changed, 7673 insertions(+), 930 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-asn1/src/main/java/org/apache/kerby/asn1/UniversalTag.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index ae8ff74,0a69a04..096045b
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@@ -38,13 -31,9 +38,11 @@@ import org.apache.kerby.kerberos.kerb.p
  import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity;
  import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
  import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 +import org.apache.kerby.kerberos.kerb.spec.base.CheckSum;
 +import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
  import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
  import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
- import org.apache.kerby.kerberos.kerb.spec.cms.AlgorithmIdentifier;
 -import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 +import org.apache.kerby.kerberos.kerb.spec.cms.DHParameter;
- import org.apache.kerby.kerberos.kerb.spec.cms.SubjectPublicKeyInfo;
  import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
  import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
  import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
@@@ -52,24 -41,11 +50,29 @@@ import org.apache.kerby.kerberos.kerb.s
  import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PaPkAsReq;
  import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PkAuthenticator;
  import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.TrustedCertifiers;
++
++import org.apache.kerby.x509.type.AlgorithmIdentifier;
+ import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import javax.crypto.interfaces.DHPublicKey;
 +import javax.crypto.spec.DHParameterSpec;
 +import java.io.FileInputStream;
 +import java.io.FileNotFoundException;
 +import java.io.IOException;
 +import java.io.InputStream;
 +import java.math.BigInteger;
 +import java.security.cert.X509Certificate;
 +import java.util.Arrays;
 +import java.util.Calendar;
 +import java.util.Date;
 +import java.util.List;
 +
++
+ 
 -@SuppressWarnings("PMD")
  public class PkinitPreauth extends AbstractPreauthPlugin {
 +    private static final Logger LOG = LoggerFactory.getLogger(PkinitPreauth.class);
  
      private PkinitContext pkinitContext;
  
@@@ -234,69 -175,20 +237,69 @@@
          boolean usingRsa = reqCtx.requestOpts.usingRsa;
          reqCtx.paType = PaDataType.PK_AS_REQ;
  
 -        pkAuthen.setCtime(ctime);
          pkAuthen.setCusec(cusec);
 +        pkAuthen.setCtime(ctime);
          pkAuthen.setNonce(nonce);
 -        pkAuthen.setPaChecksum(checksum);
 +//        pkAuthen.setPaChecksum(checkSum.getChecksum());
 +
 +        pkAuthen.setPaChecksum(checkSum.encode());
  
          authPack.setPkAuthenticator(pkAuthen);
 -        DHNonce dhNonce = new DHNonce();
 -        authPack.setClientDhNonce(dhNonce);
 -        authPack.setClientPublicValue(pubInfo);
  
 -        authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
 +//        authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
 +
 +        if (!usingRsa) {
 +            // DH case
 +            LOG.info("DH key transport algorithm.");
 +
 +            AlgorithmIdentifier dhAlg = new AlgorithmIdentifier();
 +
 +//            byte[] dh_oid = new byte[]{0, 7, (byte) 0x2A, (byte) 0x86, (byte) 0x48, (byte)
0xce,
 +//                    (byte) 0x3e, (byte) 0x02, (byte) 0x01};
 +//            String dhOidStr = Utf8.toString(dh_oid);
 +//            String dhOidStr = "0.7.42.840.10046.2.1";
 +
 +            String content = "0x06 07 2A 86 48 ce 3e 02 01";
 +            Asn1ObjectIdentifier decoded = new Asn1ObjectIdentifier();
-             decoded.getEncodingOption().useDer();
++            decoded.useDER();
 +            try {
 +                decoded.decode(Util.hex2bytes(content));
 +            } catch (IOException e) {
 +                e.printStackTrace();
 +            }
 +
 +            dhAlg.setAlgorithm(decoded);
 +
 +            DhClient client = new DhClient();
 +
 +            DHPublicKey clientPubKey = null;
 +            try {
 +                clientPubKey = client.init(DhGroup.MODP_GROUP14);
 +            } catch (Exception e) {
 +                e.printStackTrace();
 +            }
 +
 +            kdcRequest.setDhClient(client);
 +
 +            DHParameterSpec spec = clientPubKey.getParams();
 +            BigInteger q = spec.getP().shiftRight(1);
 +            DHParameter dhParameter = new DHParameter();
 +            dhParameter.setP(spec.getP());
 +            dhParameter.setG(spec.getG());
 +            dhParameter.setQ(q);
 +            dhAlg.setParameters(dhParameter);
 +
 +            SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo();
 +            pubInfo.setAlgorithm(dhAlg);
 +
 +            Asn1Integer publickey = new Asn1Integer(clientPubKey.getY());
 +            pubInfo.setSubjectPubKey(publickey.encode());
 +
 +            authPack.setClientPublicValue(pubInfo);
 +
 +//            DHNonce dhNonce = new DHNonce();
 +//            authPack.setClientDhNonce(dhNonce);
  
 -        if (usingRsa) {
 -            System.out.println(); // DH case
          } else {
              authPack.setClientPublicValue(null);
          }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
index d3b214a,f5543f7..abc4164
--- a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
@@@ -57,26 -41,7 +57,28 @@@ public class CodecTest 
          assertThat(restored).isNotNull();
          assertThat(restored.getCksumtype()).isEqualTo(mcs.getCksumtype());
          assertThat(mcs.getChecksum()).isEqualTo(restored.getChecksum());
+         assertThat(restored.tagNo()).isEqualTo(mcs.tagNo());
+         assertThat(restored.tagFlags()).isEqualTo(mcs.tagFlags());
      }
 +
 +    @Test
 +    public void testDecode() throws IOException {
 +        AsReq expected = new AsReq();
 +
 +        KdcReqBody body = new KdcReqBody();
 +
 +        expected.setReqBody(body);
 +
 +        Asn1InputBuffer ib = new Asn1InputBuffer(expected.encode());
 +        Asn1Type fd1 = ib.read();
 +        Asn1Type fd2 = ib.read();
 +        Asn1Type fd3 = ib.read();
 +        Asn1Type fd4 = ib.read();
 +        Asn1Type fd5 = ib.read();
 +        Asn1Type fd6 = ib.read();
 +        Asn1Type fd7 = ib.read();
 +        Asn1Type fd8 = ib.read();
 +        Asn1Type fd9 = ib.read();
 +
 +    }
  }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/NameType.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/DHParameter.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/DHParameter.java
index 0000000,0000000..8675820
new file mode 100644
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/DHParameter.java
@@@ -1,0 -1,0 +1,51 @@@
++package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
++
++import org.apache.kerby.asn1.type.Asn1FieldInfo;
++import org.apache.kerby.asn1.type.Asn1Integer;
++import org.apache.kerby.asn1.type.Asn1SequenceType;
++
++import java.math.BigInteger;
++
++public class DHParameter extends Asn1SequenceType {
++
++    private static final int P = 0;
++    private static final int G = 1;
++    private static final int Q = 2;
++
++    static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
++            new Asn1FieldInfo(P, Asn1Integer.class),
++            new Asn1FieldInfo(G, Asn1Integer.class),
++            new Asn1FieldInfo(Q, Asn1Integer.class),
++    };
++
++    public DHParameter() {
++        super(fieldInfos);
++    }
++
++    public void setP(BigInteger p) {
++        setFieldAsBigInteger(P, p);
++    }
++
++    public BigInteger getP() {
++        Asn1Integer p = getFieldAs(P, Asn1Integer.class);
++        return p.getValue();
++    }
++
++    public void setG(BigInteger g) {
++        setFieldAsBigInteger(G, g);
++    }
++
++    public BigInteger getG() {
++        Asn1Integer g = getFieldAs(G, Asn1Integer.class);
++        return g.getValue();
++    }
++
++    public void setQ(BigInteger q) {
++        setFieldAsBigInteger(Q, q);
++    }
++
++    public BigInteger getQ() {
++        Asn1Integer q = getFieldAs(Q, Asn1Integer.class);
++        return q.getValue();
++    }
++}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
index ed01f43,b5e23f4..bc60921
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
@@@ -38,9 -39,9 +39,9 @@@ public class KdcDHKeyInfo extends KrbSe
      private static final int DH_KEY_EXPIRATION = 2;
  
      static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
-             new Asn1FieldInfo(SUBJECT_PUBLIC_KEY, Asn1BitString.class),
-             new Asn1FieldInfo(NONCE, Asn1Integer.class),
-             new Asn1FieldInfo(DH_KEY_EXPIRATION, KerberosTime.class)
 -            new ExplicitField(SUBJECT_PUBLICK_KEY, Asn1BitString.class),
++            new ExplicitField(SUBJECT_PUBLIC_KEY, Asn1BitString.class),
+             new ExplicitField(NONCE, Asn1Integer.class),
+             new ExplicitField(DH_KEY_EXPIRATION, KerberosTime.class)
      };
  
      public KdcDHKeyInfo() {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 8d99bbe,08baa0e..fd933f3
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@@ -35,42 -26,13 +35,41 @@@ import org.apache.kerby.kerberos.kerb.p
  import org.apache.kerby.kerberos.kerb.server.KdcContext;
  import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
  import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
 +import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 +import org.apache.kerby.kerberos.kerb.spec.base.CheckSum;
 +import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
 +import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
  import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 +import org.apache.kerby.kerberos.kerb.spec.cms.DHParameter;
- import org.apache.kerby.kerberos.kerb.spec.cms.SubjectPublicKeyInfo;
 +import org.apache.kerby.kerberos.kerb.spec.kdc.KdcOption;
  import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
  import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
 +import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.AuthPack;
 +import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.DHRepInfo;
 +import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.KdcDHKeyInfo;
 +import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PaPkAsRep;
  import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PaPkAsReq;
 +import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PkAuthenticator;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +import sun.security.pkcs.ContentInfo;
 +import sun.security.pkcs.PKCS7;
  
 +import javax.crypto.interfaces.DHPublicKey;
 +import java.io.ByteArrayOutputStream;
 +import java.io.File;
 +import java.io.FileInputStream;
 +import java.io.FileNotFoundException;
 +import java.io.IOException;
 +import java.io.InputStream;
 +import java.math.BigInteger;
 +import java.security.cert.X509Certificate;
 +import java.util.ArrayList;
 +import java.util.Arrays;
  import java.util.HashMap;
 +import java.util.List;
  import java.util.Map;
 +import java.util.Scanner;
  
  public class PkinitPreauth extends AbstractPreauthPlugin {
  

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/pom.xml
----------------------------------------------------------------------


Mime
View raw message