directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [1/4] directory-kerby git commit: Refactoring the package and structure
Date Thu, 30 Jun 2016 09:10:42 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/gssapi e6626fef1 -> f3876f97d


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3876f97/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyUtil.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyUtil.java
deleted file mode 100644
index 081788b..0000000
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyUtil.java
+++ /dev/null
@@ -1,386 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.gssapi.krb5;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.client.KrbClientBase;
-import org.apache.kerby.kerberos.kerb.type.KerberosTime;
-import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
-import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.HostAddress;
-import org.apache.kerby.kerberos.kerb.type.base.HostAddresses;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.type.kdc.EncAsRepPart;
-import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
-import org.apache.kerby.kerberos.kerb.type.kdc.EncTgsRepPart;
-import org.apache.kerby.kerberos.kerb.type.ticket.KrbTicket;
-import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
-import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
-import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
-import org.apache.kerby.kerberos.kerb.type.ticket.TicketFlags;
-import org.ietf.jgss.GSSException;
-import sun.security.jgss.GSSCaller;
-
-import javax.crypto.SecretKey;
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.kerberos.KerberosTicket;
-import java.io.File;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.nio.ByteBuffer;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Date;
-import java.util.List;
-
-/**
- * Some utility functions to translate types between GSS and Kerby
- */
-public class KerbyUtil {
-    private static final int KERBEROS_TICKET_NUM_FLAGS = 32;  // KerberosTicket.NUM_LENGTH
-
-    /**
-     * Construct TgtTicket from info contained in KerberosTicket
-     * @param kerberosTicket
-     * @return
-     * @throws GSSException
-     */
-    public static TgtTicket getTgtTicketFromKerberosTicket(KerberosTicket kerberosTicket)
throws GSSException {
-        String clientName = kerberosTicket.getClient().getName();
-        PrincipalName clientPrincipal = new PrincipalName(clientName);
-
-        byte[] asn1Encoded = kerberosTicket.getEncoded();
-        Ticket ticket = getTicketFromAsn1Encoded(asn1Encoded);
-
-        EncAsRepPart encAsRepPart = new EncAsRepPart();
-        fillEncKdcRepPart(encAsRepPart, kerberosTicket);
-
-        TgtTicket tgt = new TgtTicket(ticket, encAsRepPart, clientPrincipal);
-        return tgt;
-    }
-
-    /**
-     *  Init encKdcRepPart members with info from kerberosTicket
-     * @param encKdcRepPart
-     * @param kerberosTicket
-     */
-    public static void fillEncKdcRepPart(EncKdcRepPart encKdcRepPart, KerberosTicket kerberosTicket)
{
-        String clientName = kerberosTicket.getClient().getName();
-        PrincipalName clientPrincipal = new PrincipalName(clientName);
-
-        SecretKey secretKey = kerberosTicket.getSessionKey();
-        int keyType = kerberosTicket.getSessionKeyType();
-        EncryptionKey key = new EncryptionKey(keyType, secretKey.getEncoded());
-        encKdcRepPart.setKey(key);
-
-        encKdcRepPart.setSname(clientPrincipal);
-        Date authTimeDate = kerberosTicket.getAuthTime();
-        if (authTimeDate != null) {
-            encKdcRepPart.setAuthTime(new KerberosTime(authTimeDate.getTime()));
-        }
-        Date startTimeDate = kerberosTicket.getStartTime();
-        if (startTimeDate != null) {
-            encKdcRepPart.setStartTime(new KerberosTime(startTimeDate.getTime()));
-        }
-        KerberosTime endTime = new KerberosTime(kerberosTicket.getEndTime().getTime());
-        encKdcRepPart.setEndTime(endTime);
-
-
-        InetAddress[] clientAddresses = kerberosTicket.getClientAddresses();
-        HostAddresses hostAddresses = null;
-        if (clientAddresses != null) {
-            hostAddresses = new HostAddresses();
-            for (InetAddress iAddr : clientAddresses) {
-                hostAddresses.add(new HostAddress(iAddr));
-            }
-        }
-        encKdcRepPart.setCaddr(hostAddresses);
-
-        boolean[] tf = kerberosTicket.getFlags();
-        TicketFlags ticketFlags = getTicketFlags(tf);
-        encKdcRepPart.setFlags(ticketFlags);
-
-
-        /* encKdcRepPart.setKeyExpiration();
-        encKdcRepPart.setLastReq();
-        encKdcRepPart.setNonce(); */
-
-        Date renewTillDate = kerberosTicket.getRenewTill();
-        KerberosTime renewTill = renewTillDate == null ? null : new KerberosTime(renewTillDate.getTime());
-        encKdcRepPart.setRenewTill(renewTill);
-
-        String serverRealm = kerberosTicket.getServer().getRealm();
-        encKdcRepPart.setSrealm(serverRealm);
-    }
-
-    /**
-     * Generate TicketFlags instance from flags
-     * @param flags each item in flags identifies an bit setted or not
-     * @return
-     */
-    public static TicketFlags getTicketFlags(boolean[] flags) {
-        if (flags == null || flags.length != KERBEROS_TICKET_NUM_FLAGS) {
-            return null;
-        }
-        int value = 0;
-        for (boolean flag : flags) {
-            value = (value << 1) + (flag ? 1 : 0);
-        }
-        return new TicketFlags(value);
-    }
-
-    /**
-     * Decode each flag in ticketFlags into an boolean array
-     * @param ticketFlags
-     * @return
-     */
-    public static boolean[] ticketFlagsToBooleans(TicketFlags ticketFlags) {
-        boolean[] ret = new boolean[KERBEROS_TICKET_NUM_FLAGS];
-        int value = ticketFlags.getFlags();
-        for (int i = 0; i < KERBEROS_TICKET_NUM_FLAGS; i++) {
-            ret[KERBEROS_TICKET_NUM_FLAGS - i - 1] = (value & 0x1) != 0;
-            value = value >> 1;
-        }
-        return ret;
-    }
-
-    /**
-     * Construct a Ticket from bytes encoded by Asn1
-     * @param encoded
-     * @return
-     * @throws GSSException
-     */
-    public static Ticket getTicketFromAsn1Encoded(byte[] encoded) throws GSSException {
-        Ticket ticket = new Ticket();
-        ByteBuffer byteBuffer = ByteBuffer.wrap(encoded);
-        try {
-            ticket.decode(byteBuffer);
-            return ticket;
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, e.getMessage());
-        }
-    }
-
-    /**
-     * Scan current context for SgtTicket
-     * @param client
-     * @param service
-     * @return
-     */
-    public static SgtTicket getSgtCredentialFromContext(GSSCaller caller, String client,
String service)
-            throws GSSException {
-        KerberosTicket ticket = CredUtils.getKerberosTicketFromContext(caller, client, service);
-        return getSgtTicketFromKerberosTicket(ticket);
-    }
-
-    /**
-     * Construct a SgtTicket from KerberosTicket
-     * @param kerberosTicket
-     * @return
-     * @throws GSSException
-     */
-    public static SgtTicket getSgtTicketFromKerberosTicket(KerberosTicket kerberosTicket)
throws GSSException {
-        if (kerberosTicket == null) {
-            return null;
-        }
-
-        Ticket ticket = getTicketFromAsn1Encoded(kerberosTicket.getEncoded());
-
-        EncTgsRepPart encTgsRepPart = new EncTgsRepPart();
-        fillEncKdcRepPart(encTgsRepPart, kerberosTicket);
-
-        SgtTicket sgt = new SgtTicket(ticket, encTgsRepPart);
-        return sgt;
-    }
-
-    /**
-     *  Apply SgtTicket by sending TGS_REQ to KDC
-     * @param ticket
-     * @param service
-     * @return
-     */
-    public static SgtTicket applySgtCredential(KerberosTicket ticket, String service) throws
GSSException {
-        TgtTicket tgt = getTgtTicketFromKerberosTicket(ticket);
-        return applySgtCredential(tgt, service);
-    }
-
-    public static SgtTicket applySgtCredential(TgtTicket tgt, String server) throws GSSException
{
-        KrbClientBase client = getKrbClient();
-
-        SgtTicket sgt = null;
-        try {
-            client.init();
-            sgt = client.requestSgt(tgt, server);
-            return sgt;
-        } catch (KrbException e) {
-            throw new GSSException(GSSException.FAILURE, -1, e.getMessage());
-        }
-    }
-
-    public static KerberosTicket convertKrbTicketToKerberosTicket(KrbTicket krbTicket, String
clientName)
-            throws GSSException {
-        byte[] asn1Encoding;
-        try {
-            asn1Encoding = krbTicket.getTicket().encode();
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, e.getMessage());
-        }
-
-        byte[] sessionKey = krbTicket.getSessionKey().getKeyData();
-        int keyType = krbTicket.getSessionKey().getKeyType().getValue();
-
-        EncKdcRepPart encKdcRepPart = krbTicket.getEncKdcRepPart();
-        KerberosPrincipal client = new KerberosPrincipal(clientName);
-
-        PrincipalName serverPrinc = krbTicket.getTicket().getSname();
-        String serverName = serverPrinc.getName() + "@" + krbTicket.getTicket().getRealm();
-        KerberosPrincipal server = new KerberosPrincipal(serverName, serverPrinc.getNameType().getValue());
-
-        TicketFlags ticketFlags = encKdcRepPart.getFlags();
-        boolean[] flags = ticketFlagsToBooleans(ticketFlags);
-
-        Date authTime = new Date(encKdcRepPart.getAuthTime().getTime());
-        Date startTime = new Date(encKdcRepPart.getStartTime().getTime());
-        Date endTime = new Date(encKdcRepPart.getEndTime().getTime());
-        Date renewTill = new Date(encKdcRepPart.getRenewTill().getTime());
-
-        InetAddress[] clientAddresses = null;
-        List<HostAddress> hostAddresses = encKdcRepPart.getCaddr().getElements();
-        if (hostAddresses != null) {
-            int i = 0;
-            clientAddresses = new InetAddress[hostAddresses.size()];
-            for (HostAddress hostAddr : hostAddresses) {
-                try {
-                    InetAddress iAddr = InetAddress.getByAddress(hostAddr.getAddress());
-                    clientAddresses[i++] = iAddr;
-                } catch (UnknownHostException e) {
-                    throw new GSSException(GSSException.FAILURE, -1, "Bad client address");
-                }
-            }
-        }
-
-        KerberosTicket ticket = new KerberosTicket(
-                asn1Encoding,
-                client,
-                server,
-                sessionKey,
-                keyType,
-                flags,
-                authTime,
-                startTime,
-                endTime,
-                renewTill,
-                clientAddresses
-        );
-        return ticket;
-    }
-
-    public static KrbClientBase getKrbClient() {
-        KrbClientBase client;
-        try {
-            File confSpecified = new File(getSystemProperty("java.security.krb5.conf"));
-            if (confSpecified != null) {
-                client = new KrbClientBase(confSpecified);
-            } else {
-                client = new KrbClientBase();   // get configure file from environment variable
or default path
-            }
-
-            return client;
-        } catch (KrbException e) {
-            return null;
-        }
-    }
-
-    public static EncryptionKey[] convertKerberosKeyToEncryptionKey(KerberosKey[] krbKeys)
{
-        if (krbKeys == null) {
-            return null;
-        }
-        EncryptionKey[] keys = new EncryptionKey[krbKeys.length];
-        int i = 0;
-        for (KerberosKey krbKey : krbKeys) {
-            keys[i++] = new EncryptionKey(krbKey.getKeyType(), krbKey.getEncoded());
-        }
-        return keys;
-    }
-
-    /**
-     * Filter out an appropriate KerberosKey from krbKeys and generate a
-     * EncryptionKey accordingly
-     *
-     * @param krbKeys
-     * @param encType
-     * @param kvno
-     * @return
-     */
-    public static EncryptionKey getEncryptionKey(KerberosKey[] krbKeys, int encType, int
kvno) {
-        if (krbKeys == null) {
-            return null;
-        }
-        for (KerberosKey krbKey : krbKeys) {
-            if (krbKey.getKeyType() == encType && krbKey.getVersionNumber() == kvno
&& !krbKey.isDestroyed()) {
-                return new EncryptionKey(krbKey.getKeyType(), krbKey.getEncoded());
-            }
-        }
-        return null;
-    }
-
-    /**
-     * Get value of predefined system property
-     * @param name
-     * @return
-     */
-    private static String getSystemProperty(String name) {
-        if (name == null) {
-            return null;
-        }
-
-        final String propertyName = name;
-        try {
-            return AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<String>() {
-                        public String run() {
-                            return System.getProperty(propertyName);
-                        }
-                    });
-        } catch (PrivilegedActionException e) {
-            return null;    // ignored
-        }
-    }
-
-    public static com.sun.security.jgss.AuthorizationDataEntry[]
-    kerbyAuthorizationDataToJgssAuthorizationDataEntries(AuthorizationData authData) {
-        if (authData == null) {
-            return null;
-        }
-        List<AuthorizationDataEntry> kerbyEntries = authData.getElements();
-        com.sun.security.jgss.AuthorizationDataEntry[] entries =
-                new com.sun.security.jgss.AuthorizationDataEntry[kerbyEntries.size()];
-        for (int i = 0; i < kerbyEntries.size(); i++) {
-            entries[i] = new com.sun.security.jgss.AuthorizationDataEntry(
-                    kerbyEntries.get(i).getAuthzType().getValue(),
-                    kerbyEntries.get(i).getAuthzData());
-        }
-        return entries;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3876f97/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV1.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV1.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV1.java
deleted file mode 100644
index 6a76e4c..0000000
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV1.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.gssapi.krb5;
-
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.MessageProp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-public class MicTokenV1 extends KerbyGssTokenV1 {
-    public MicTokenV1(KerbyContext context,
-                       byte[] inMsg,
-                       int msgOffset,
-                       int msgLength,
-                       MessageProp messageProp) throws GSSException {
-        super(TOKEN_MIC_V1, context);
-        calcPrivacyInfo(messageProp, null, inMsg, msgOffset, msgLength, 0);
-    }
-
-    // This is called to construct MicToken from MicToken bytes
-    MicTokenV1(KerbyContext context,
-               MessageProp messageProp,
-               byte[] inToken,
-               int tokenOffset,
-               int tokenLength) throws GSSException {
-        super(TOKEN_MIC_V1, context, messageProp, inToken, tokenOffset, tokenLength);
-    }
-
-    public int getMic(byte[] outToken, int offset) throws GSSException, IOException {
-        byte[] data = getMic();
-        System.arraycopy(data, 0, outToken, offset, data.length);
-        return data.length;
-    }
-
-    /**
-     * Get bytes for this Mic token
-     * @return
-     */
-    public byte[] getMic() throws GSSException {
-        ByteArrayOutputStream os = new ByteArrayOutputStream(64);
-        getMic(os);
-        return os.toByteArray();
-    }
-
-    public void getMic(OutputStream os) throws GSSException {
-        try {
-            encodeHeader(os);
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, "Error in output MicTokenV1
bytes:" + e.getMessage());
-        }
-    }
-
-    public void verify(InputStream is) throws GSSException {
-        byte[] data;
-        try {
-            data = new byte[is.available()];
-            is.read(data);
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1,
-                    "Read plain data for MicTokenV1 error:" + e.getMessage());
-        }
-        verify(data, 0, data.length);
-    }
-
-    public void verify(byte[] data, int offset, int len) throws GSSException {
-        verifyToken(null, data, offset, len, 0);
-    }
-
-    protected int getTokenSizeWithoutGssHeader() {
-        return getTokenHeaderSize();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3876f97/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV2.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV2.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV2.java
deleted file mode 100644
index 7ba27ab..0000000
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/MicTokenV2.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.gssapi.krb5;
-
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.MessageProp;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-public class MicTokenV2 extends KerbyGssTokenV2 {
-    private MessageProp prop;
-
-    // This is called to construct MicToken from user input
-    MicTokenV2(KerbyContext context,
-             byte[] inMsg,
-             int msgOffset,
-             int msgLength,
-             MessageProp messageProp) throws GSSException {
-        super(TOKEN_MIC_V2, context);
-
-        prop = messageProp;
-        if (prop == null) {
-            prop = new MessageProp(0, false);
-        }
-
-        generateCheckSum(prop, inMsg, msgOffset, msgLength);
-    }
-
-    // This is called to construct MicToken from MicToken bytes
-    MicTokenV2(KerbyContext context,
-             MessageProp messageProp,
-             byte[] inToken,
-             int tokenOffset,
-             int tokenLength) throws GSSException {
-        super(TOKEN_MIC_V2, context, messageProp, inToken, tokenOffset, tokenLength);
-        this.prop = messageProp;
-    }
-
-    public int getMic(byte[] outToken, int offset) {
-        encodeHeader(outToken, offset);
-        System.arraycopy(checkSum, 0, outToken, TOKEN_HEADER_SIZE + offset, checkSum.length);
-        return TOKEN_HEADER_SIZE + checkSum.length;
-    }
-
-    /**
-     * Get bytes for this Mic token
-     * @return
-     */
-    public byte[] getMic() {
-        byte[] ret = new byte[TOKEN_HEADER_SIZE + checkSum.length];
-        getMic(ret, 0);
-        return ret;
-    }
-
-    public void getMic(OutputStream os) throws GSSException {
-        try {
-            encodeHeader(os);
-            os.write(checkSum);
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, "Output MicTokenV2 error:" +
e.getMessage());
-        }
-    }
-
-    /**
-     * Calculate the checksum for inMsg and compare with it with this token, throw GssException
if not equal
-     * @param inMsg
-     * @param msgOffset
-     * @param msgLen
-     * @throws GSSException
-     */
-    public void verify(byte[] inMsg, int msgOffset, int msgLen) throws GSSException {
-        if (!verifyCheckSum(inMsg, msgOffset, msgLen)) {
-            throw new GSSException(GSSException.BAD_MIC, -1, "Corrupt MIC token");
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3876f97/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV1.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV1.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV1.java
deleted file mode 100644
index 8ecdae4..0000000
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV1.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.gssapi.krb5;
-
-import org.apache.kerby.kerberos.kerb.crypto.util.Random;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.MessageProp;
-import sun.security.jgss.GSSHeader;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-public class WrapTokenV1 extends KerbyGssTokenV1 {
-    public static final int CONFOUNDER_SIZE = 8;
-
-    private boolean privacy;
-
-    private byte[] inData;
-    private int inOffset;
-    private int inLen;
-
-    private int paddingLen;
-    private byte[] confounder;
-    private int tokenBodyLen;
-
-    private byte[] bodyData;
-    private int bodyOffset;
-    private int bodyLen;
-
-    // for reconstruct
-    private int rawDataLength;
-    private byte[] rawData;
-    private int rawDataOffset;
-
-
-    // Generate wrap token according user data
-    public WrapTokenV1(KerbyContext context,
-                       byte[] inMsg,
-                       int msgOffset,
-                       int msgLength,
-                       MessageProp prop) throws GSSException {
-        super(TOKEN_WRAP_V1, context);
-
-        paddingLen = getPaddingLength(msgLength);
-        confounder = Random.makeBytes(CONFOUNDER_SIZE);
-        tokenBodyLen = CONFOUNDER_SIZE + msgLength + paddingLen;
-
-        calcPrivacyInfo(prop, confounder, inMsg, msgOffset, msgLength, paddingLen);
-
-        if (!context.getConfState()) {
-            prop.setPrivacy(false);
-        }
-        privacy = prop.getPrivacy();
-        inData = inMsg;
-        inOffset = msgOffset;
-        inLen = msgLength;
-    }
-
-    // Reconstruct a token from token bytes
-    public WrapTokenV1(KerbyContext context, MessageProp prop,
-                       byte[] token, int offset, int len) throws GSSException {
-        super(TOKEN_WRAP_V1, context, prop, token, offset, len);
-        // adjust the offset to the beginning of the body
-        bodyData = token;
-        bodyOffset = offset + reconHeaderLen;
-        bodyLen = len - reconHeaderLen;
-        getRawData(prop);
-    }
-
-    // Reconstruct a token from token bytes stream
-    public WrapTokenV1(KerbyContext context, MessageProp prop, InputStream is) throws GSSException
{
-        super(TOKEN_WRAP_V1, context, prop, is);
-        byte[] token;
-        int len;
-        try {
-            len = is.available();
-            token = new byte[len];
-            is.read(token);
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, "Read wrap token V1 error:"
+ e.getMessage());
-        }
-        bodyData = token;
-        bodyOffset = 0;
-        bodyLen = len;
-        getRawData(prop);
-    }
-
-    private void getRawData(MessageProp prop) throws GSSException {
-        privacy = prop.getPrivacy();
-        tokenBodyLen = getGssHeader().getMechTokenLength() - getTokenHeaderSize();
-
-        if (bodyLen < tokenBodyLen) {
-            throw new GSSException(GSSException.FAILURE, -1, "Insufficient data for Wrap
token V1");
-        }
-
-        if (privacy) {
-            rawData = encryptor.encryptTokenV1(null, bodyData, bodyOffset, tokenBodyLen,
0,
-                    encryptor.isArcFourHmac() ? getPlainSequenceBytes() : null, false);
-            paddingLen = rawData[rawData.length - 1];
-            rawDataOffset = CONFOUNDER_SIZE;
-        } else {
-            rawData = bodyData;
-            paddingLen = bodyData[bodyOffset + tokenBodyLen - 1];
-            rawDataOffset = bodyOffset + CONFOUNDER_SIZE;
-        }
-        rawDataLength = tokenBodyLen - CONFOUNDER_SIZE - paddingLen;
-
-        verifyToken(null, rawData, rawDataOffset - CONFOUNDER_SIZE, tokenBodyLen, 0);
-    }
-
-    // Get plain text data from token data bytes
-    public byte[] unwrap() throws GSSException {
-        byte[] ret = new byte[rawDataLength];
-        System.arraycopy(rawData, rawDataOffset, ret, 0, rawDataLength);
-        return ret;
-    }
-
-    public void unwrap(OutputStream os) throws GSSException {
-        try {
-            os.write(rawData, rawDataOffset, rawDataLength);
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1,
-                    "Error in output wrap token v1 data bytes:" + e.getMessage());
-        }
-    }
-
-    public byte[] wrap() throws GSSException {
-        ByteArrayOutputStream os = new ByteArrayOutputStream(getTokenSizeWithoutGssHeader()
+ inLen + 64);
-        wrap(os);
-        return os.toByteArray();
-    }
-
-    public void wrap(OutputStream os) throws GSSException {
-        try {
-            encodeHeader(os);
-            if (privacy) {
-                byte[] enc = encryptor.encryptTokenV1(confounder, inData, inOffset, inLen,
paddingLen,
-                        encryptor.isArcFourHmac() ? getPlainSequenceBytes() : null, true);
-                os.write(enc);
-            } else {
-                os.write(confounder);
-                os.write(inData, inOffset, inLen);
-                os.write(getPaddingBytes(paddingLen));
-            }
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, "Error in output wrap token
v1 bytes:" + e.getMessage());
-        }
-    }
-
-    protected int getTokenSizeWithoutGssHeader() {
-        return tokenBodyLen + getTokenHeaderSize();
-    }
-
-    private int getPaddingLength(int dataLen) {
-        if (encryptor.isArcFourHmac()) {
-            return 1;
-        }
-        return 8 - (dataLen % 8);
-    }
-
-    private byte[] getPaddingBytes(int len) {
-        byte[] ret = new byte[len];
-        int i = 0;
-        while (i < len) {
-            ret[i++] = (byte) len;
-        }
-        return ret;
-    }
-
-    public static int getMsgSizeLimit(int qop, boolean confReq, int maxTokSize, KerbyGssEncryptor
encryptor)
-            throws GSSException {
-        return GSSHeader.getMaxMechTokenSize(objId, maxTokSize)
-                - encryptor.getCheckSumSize()
-                - TOKEN_HEADER_COMM_SIZE - TOKEN_HEADER_SEQ_SIZE
-                - CONFOUNDER_SIZE - 8;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3876f97/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV2.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV2.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV2.java
deleted file mode 100644
index 57f9e45..0000000
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/WrapTokenV2.java
+++ /dev/null
@@ -1,158 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.gssapi.krb5;
-
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.MessageProp;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-
-public class WrapTokenV2 extends KerbyGssTokenV2 {
-    private MessageProp prop;
-
-    // Generate a token from user input data
-    WrapTokenV2(KerbyContext context,
-              byte[] data,
-              int dataOffset,
-              int dataLength,
-              MessageProp messageProp) throws GSSException {
-        super(TOKEN_WRAP_V2, context);
-
-        prop = messageProp;
-
-        if (prop.getQOP() != 0) {
-            prop.setQOP(0);
-        }
-
-        if (!context.getConfState()) {
-            prop.setPrivacy(false);
-        }
-
-        generateCheckSum(prop, data, dataOffset, dataLength);
-
-        if (prop.getPrivacy()) {
-            byte[] toProcess = new byte[dataLength + TOKEN_HEADER_SIZE];
-            System.arraycopy(data, dataOffset, toProcess, 0, dataLength);
-            encodeHeader(toProcess, dataLength);
-
-            tokenData = encryptor.encryptData(toProcess, getKeyUsage());
-        } else {
-            tokenData = data; // keep it for now
-        }
-    }
-
-    /**
-     * Get bytes of the token
-     * @return
-     */
-    public byte[] wrap() {
-        int dataSize = tokenData.length;
-        int ckSize = checkSum == null ? 0 : checkSum.length;
-        byte[] ret = new byte[TOKEN_HEADER_SIZE + dataSize + ckSize];
-        encodeHeader(ret, 0);
-        System.arraycopy(tokenData, 0, ret, TOKEN_HEADER_SIZE, dataSize);
-        if (ckSize > 0) {
-            System.arraycopy(checkSum, 0, ret, TOKEN_HEADER_SIZE + dataSize, ckSize);
-        }
-        return ret;
-    }
-
-    public void wrap(OutputStream os) throws GSSException {
-        try {
-            encodeHeader(os);
-            os.write(tokenData);
-            int ckSize = checkSum == null ? 0 : checkSum.length;
-            if (ckSize > 0) {
-                os.write(checkSum);
-            }
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, "Output token error:" + e.getMessage());
-        }
-    }
-
-    // Reconstruct a token from token bytes
-    public WrapTokenV2(KerbyContext context, MessageProp prop, byte[] token, int offset,
int len) throws GSSException {
-        super(TOKEN_WRAP_V2, context, prop, token, offset, len);
-        this.prop = prop;
-    }
-
-    // Reconstruct a token from token bytes stream
-    public WrapTokenV2(KerbyContext context, MessageProp prop, InputStream is) throws GSSException
{
-        super(TOKEN_WRAP_V2, context, prop, is);
-        this.prop = prop;
-    }
-
-    /**
-     * Get plain text data from token bytes
-     * @param outBuffer
-     * @param offset
-     * @return plain text contained in the wrap token
-     * @throws GSSException
-     */
-    public byte[] unwrap(byte[] outBuffer, int offset) throws GSSException {
-        int lenToCopy;
-        if (prop.getPrivacy()) {
-            byte[] plainText = encryptor.decryptData(tokenData, getKeyUsage());
-            lenToCopy = plainText.length - TOKEN_HEADER_SIZE;
-            if (outBuffer == null) {
-                outBuffer = new byte[lenToCopy];
-                offset = 0;
-            }
-            System.arraycopy(plainText, 0, outBuffer, offset, lenToCopy);
-        } else {
-            lenToCopy = tokenData.length - encryptor.getCheckSumSize();
-            if (outBuffer == null) {
-                outBuffer = new byte[lenToCopy];
-                offset = 0;
-            }
-            System.arraycopy(tokenData, 0, outBuffer, offset, lenToCopy);
-
-            if (!verifyCheckSum(outBuffer, offset, lenToCopy)) {
-                throw new GSSException(GSSException.BAD_MIC, -1, "Corrupt token checksum");
-            }
-        }
-        return outBuffer;
-    }
-
-    public byte[] unwrap() throws GSSException {
-        return unwrap(null, 0);
-    }
-
-    public void unwrap(OutputStream os) throws GSSException {
-        byte[] data = unwrap();
-        try {
-            os.write(data);
-        } catch (IOException e) {
-            throw new GSSException(GSSException.FAILURE, -1, "Output token error:" + e.getMessage());
-        }
-    }
-
-    public static int getMsgSizeLimit(int qop, boolean confReq, int maxTokSize, KerbyGssEncryptor
encryptor)
-            throws GSSException {
-        if (confReq) {
-            return maxTokSize - encryptor.getCheckSumSize() - TOKEN_HEADER_SIZE * 2 - CONFOUNDER_SIZE;
-        } else {
-            return maxTokSize - encryptor.getCheckSumSize() - TOKEN_HEADER_SIZE;
-        }
-    }
-}


Mime
View raw message