You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/25 09:46:52 UTC
[6/6] directory-kerberos git commit: Clean up not-commons-ssl library,
removing many unwanted and not much relevant
Clean up not-commons-ssl library, removing many unwanted and not much relevant
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/bc5c276e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/bc5c276e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/bc5c276e
Branch: refs/heads/master
Commit: bc5c276eec622e36c3a0dc340692834ff13da8fe
Parents: 5c70429
Author: Drankye <dr...@gmail.com>
Authored: Mon Jan 26 00:43:39 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Mon Jan 26 00:43:39 2015 +0800
----------------------------------------------------------------------
3rdparty/not-yet-commons-ssl/README.txt | 10 +-
3rdparty/not-yet-commons-ssl/docs/.htaccess | 3 -
3rdparty/not-yet-commons-ssl/docs/404.html | 55 -
.../not-yet-commons-ssl/docs/TrustExample.java | 114 --
.../docs/TrustExample.java.html | 131 --
3rdparty/not-yet-commons-ssl/docs/about.html | 73 --
3rdparty/not-yet-commons-ssl/docs/download.html | 263 ----
3rdparty/not-yet-commons-ssl/docs/index.html | 119 --
.../docs/openssl/compare.txt | 28 -
.../docs/openssl/profile.3.10 | 72 --
.../docs/openssl/profile.3.9 | 72 --
3rdparty/not-yet-commons-ssl/docs/pbe.html | 204 ----
3rdparty/not-yet-commons-ssl/docs/ping.html | 93 --
3rdparty/not-yet-commons-ssl/docs/pkcs8.html | 156 ---
3rdparty/not-yet-commons-ssl/docs/rmi.html | 102 --
3rdparty/not-yet-commons-ssl/docs/roadmap.html | 86 --
3rdparty/not-yet-commons-ssl/docs/source.html | 38 -
3rdparty/not-yet-commons-ssl/docs/ssl.html | 106 --
3rdparty/not-yet-commons-ssl/docs/tree.html | 1137 ------------------
.../not-yet-commons-ssl/docs/utilities.html | 91 --
.../not-yet-commons-ssl-0.3.16.jar | Bin 273191 -> 0 bytes
3rdparty/not-yet-commons-ssl/pom.xml | 6 +
.../ssl/AuthSSLProtocolSocketFactory.java | 204 ----
.../ssl/EasySSLProtocolSocketFactory.java | 101 --
.../ssl/StrictSSLProtocolSocketFactory.java | 131 --
.../ssl/TrustSSLProtocolSocketFactory.java | 207 ----
.../apache/commons/ssl/Asn1PkcsStructure.java | 2 +-
.../org/apache/commons/ssl/Asn1PkcsUtil.java | 2 +-
.../java/org/apache/commons/ssl/Base64.java | 1048 ----------------
.../apache/commons/ssl/Base64InputStream.java | 174 ---
.../apache/commons/ssl/Base64OutputStream.java | 198 ---
.../org/apache/commons/ssl/Certificates.java | 2 +
.../java/org/apache/commons/ssl/Java13.java | 303 -----
.../commons/ssl/Java13KeyManagerWrapper.java | 82 --
.../commons/ssl/Java13TrustManagerWrapper.java | 103 --
.../java/org/apache/commons/ssl/JavaImpl.java | 25 -
.../java/org/apache/commons/ssl/LogHelper.java | 87 --
.../java/org/apache/commons/ssl/LogWrapper.java | 295 -----
.../java/org/apache/commons/ssl/OpenSSL.java | 4 +-
.../java/org/apache/commons/ssl/PEMItem.java | 2 +-
.../java/org/apache/commons/ssl/PEMUtil.java | 1 +
.../commons/ssl/RMISocketFactoryImpl.java | 578 ---------
.../main/java/org/apache/commons/ssl/SSL.java | 8 -
.../java/org/apache/commons/ssl/SSLServer.java | 34 -
.../apache/commons/ssl/SSLWrapperFactory.java | 10 +-
.../org/apache/commons/ssl/TomcatServerXML.java | 231 ----
.../org/apache/commons/ssl/rmi/DateRMI.java | 69 --
.../org/apache/commons/ssl/rmi/IntegerRMI.java | 69 --
.../org/apache/commons/ssl/rmi/RemoteDate.java | 46 -
.../apache/commons/ssl/rmi/RemoteInteger.java | 45 -
.../java/org/apache/commons/ssl/rmi/Test.java | 200 ---
.../java/org/apache/commons/ssl/util/Hex.java | 83 --
.../java/org/apache/commons/ssl/util/UTF8.java | 22 -
.../contrib/ssl/TestHttpclientContrib.java | 42 -
.../java/org/apache/commons/ssl/TestBase64.java | 3 +
.../main/java/org/apache/kerby/util/Base64.java | 1046 ++++++++++++++++
.../apache/kerby/util/Base64InputStream.java | 174 +++
.../apache/kerby/util/Base64OutputStream.java | 198 +++
.../main/java/org/apache/kerby/util/Hex.java | 77 ++
.../main/java/org/apache/kerby/util/UTF8.java | 22 +
pom.xml | 1 +
61 files changed, 1539 insertions(+), 7349 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/README.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/README.txt b/3rdparty/not-yet-commons-ssl/README.txt
index 2497e38..365bf3d 100644
--- a/3rdparty/not-yet-commons-ssl/README.txt
+++ b/3rdparty/not-yet-commons-ssl/README.txt
@@ -1,9 +1 @@
-Jakarta Commons SSL
-===========================
-Welcome to the SSL component of the Jakarta Commons
-project.
-
-This is not a real Jakarta Project yet. I'm just
-trying to copy their directory structure while I work
-on this proposal.
-
+This module is adapted from not-yet-commons-ssl library, with much simplified, only focusing on PKI and SSL related.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/.htaccess
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/.htaccess b/3rdparty/not-yet-commons-ssl/docs/.htaccess
deleted file mode 100644
index 6f20845..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/.htaccess
+++ /dev/null
@@ -1,3 +0,0 @@
-AddType text/html .html
-AddHandler server-parsed .html
-ErrorDocument 404 /commons-ssl/404.html
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/404.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/404.html b/3rdparty/not-yet-commons-ssl/docs/404.html
deleted file mode 100644
index 794a625..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/404.html
+++ /dev/null
@@ -1,55 +0,0 @@
-<html>
-<head>
-<title>Not-Yet-Commons-SSL - 404 Page Not Found</title>
-<style type="text/css">
-dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-td.v { text-align: center; }
-dt { padding: 8px 0 8px 5px; }
-dd { padding-left: 15px; }
-li { padding-bottom: 6px; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="/commons-ssl/index.html">main</a> |
-<a href="/commons-ssl/ssl.html">ssl</a> |
-
-<a href="/commons-ssl/pkcs8.html">pkcs8</a> |
-<a href="/commons-ssl/pbe.html">pbe</a> |
-<a href="/commons-ssl/rmi.html">rmi</a> |
-<a href="/commons-ssl/utilities.html">utilities</a> |
-<a href="/commons-ssl/source.html">source</a> |
-<a href="/commons-ssl/javadocs/">javadocs</a> |
-
-<a href="/commons-ssl/download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>404 - Page Not Found</h2>
-<p>The path you requested is not available.</p>
-<table cellpadding="6" cellspacing="0" border="0" style="margin-top: 9px;">
-<tr><th colspan="3">Current Version (September 23rd, 2014):</th></tr>
-<tr><td>Full source:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.zip">not-yet-commons-ssl-0.3.16.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: </td></tr>
-<tr><td>Binary only:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.jar">not-yet-commons-ssl-0.3.16.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: </td></tr>
-<tr><th colspan="3">Previous Version (September 8th, 2014):</th></tr>
-<tr><td>Full source:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.zip">not-yet-commons-ssl-0.3.15.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: f62d7f7f890ac03a0210d1be7571b21e</td></tr>
-<tr><td>Binary only:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.jar">not-yet-commons-ssl-0.3.15.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: cebc58b8367c253688426043fdf08221</td></tr>
-<tr><th colspan="3">All Previous Versions (use "svn export"):</th></tr>
-<tr><td> </td><td colspan="2"><a href='http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/'>/svn/not-yet-commons-ssl/tags/</a></td></tr>
-</table>
-<br/><b>Warning:</b>
- <span style="color: red; font-weight: bold;">All versions (to date) of not-yet-commons-ssl should be considered to be of "Alpha" quality!
-This code probably contains bugs. This code may have security issues.</span>
-<p>Future versions will definitely break the current API in a non-reverse compatible way. After commons-ssl-0.5.0, though, we
-plan on always being reverse compatible with ourselves.
-<hr/>
-
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/TrustExample.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/TrustExample.java b/3rdparty/not-yet-commons-ssl/docs/TrustExample.java
deleted file mode 100644
index c4561de..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/TrustExample.java
+++ /dev/null
@@ -1,114 +0,0 @@
-
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.methods.GetMethod;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.apache.commons.ssl.HttpSecureProtocol;
-import org.apache.commons.ssl.TrustMaterial;
-
-import javax.net.ssl.SSLHandshakeException;
-import java.net.URL;
-
-/**
- *
- * Example of trusting certs to answer a question Sudip Shrestha posed on the
- * httpclient-user@jakarta.apache.org mailing list, Fri 5/5/2006.
- *
- * @author Julius Davies
- * @since May 5, 2006
- */
-public class TrustExample {
-
-/*
-Microsoft IE trusts usertrust.com CA certs by default, but Java doesn't, so we need
-to tell Java to.
-
-Cert is good until 2019 !
-
-openssl x509 -in cert.pem -noout -text
-=======================================
-
-Serial Number:
- 44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
-Signature Algorithm: sha1WithRSAEncryption
-Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
-Validity
- Not Before: Jul 9 18:10:42 1999 GMT
- Not After : Jul 9 18:19:22 2019 GMT
-Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
-
-X509v3 extensions:
- X509v3 Key Usage:
- Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
- X509v3 CRL Distribution Points:
- URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
-
-*/
- private static byte[] pemCert = (
- "-----BEGIN CERTIFICATE-----\n" +
- "MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB\n" +
- "lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug\n" +
- "Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho\n" +
- "dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt\n" +
- "SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG\n" +
- "A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe\n" +
- "MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v\n" +
- "d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh\n" +
- "cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn\n" +
- "0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ\n" +
- "M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a\n" +
- "MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd\n" +
- "oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI\n" +
- "DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy\n" +
- "oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD\n" +
- "VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0\n" +
- "dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy\n" +
- "bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF\n" +
- "BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM\n" +
- "//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli\n" +
- "CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE\n" +
- "CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t\n" +
- "3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS\n" +
- "KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==\n" +
- "-----END CERTIFICATE-----\n" ).getBytes();
-
- public static void main( String[] args ) throws Exception
- {
- HttpSecureProtocol f = new HttpSecureProtocol();
-
- // might as well trust the usual suspects:
- f.addTrustMaterial(TrustMaterial.CACERTS);
-
- // here's where we start trusting usertrust.com's CA:
- f.addTrustMaterial(new TrustMaterial( pemCert ));
-
- Protocol trustHttps = new Protocol("https", f, 443);
- Protocol.registerProtocol("https", trustHttps);
-
- HttpClient client = new HttpClient();
- GetMethod httpget = new GetMethod("https://www.usertrust.com/");
- client.executeMethod(httpget);
- String s = httpget.getStatusLine().toString();
- System.out.println( "HTTPClient: " + s );
-
- // Notice that Java still can't access it. Only HTTPClient knows
- // to trust the cert!
- URL u = new URL( "https://www.usertrust.com/" );
- try
- {
- // This will throw an SSLHandshakeException
- u.openStream();
- }
- catch ( SSLHandshakeException she )
- {
- System.out.println( "Java: " + she );
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html b/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html
deleted file mode 100644
index ec2752d..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html
+++ /dev/null
@@ -1,131 +0,0 @@
-<HTML>
-<HEAD>
-<TITLE>/home/julius/dev/commons-ssl/src/java/TrustExample.java</TITLE>
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
-<META NAME="KEYWORDS" CONTENT="IntelliJ_IDEA_Html">
-</HEAD>
-<BODY BGCOLOR="#ffffff">
-<TABLE CELLSPACING=0 CELLPADDING=5 COLS=1 WIDTH="100%" BGCOLOR="#C0C0C0" >
-<TR><TD><CENTER>
-<FONT FACE="Arial, Helvetica" COLOR="#000000">
-/home/julius/dev/commons-ssl/src/java/TrustExample.java</FONT>
-</center></TD></TR></TABLE>
-<PRE>
-
-<FONT COLOR=0 STYLE="font-style:normal">1 </FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">2 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.httpclient.HttpClient;
-<FONT COLOR=0 STYLE="font-style:normal">3 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.httpclient.methods.GetMethod;
-<FONT COLOR=0 STYLE="font-style:normal">4 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.httpclient.protocol.Protocol;
-<FONT COLOR=0 STYLE="font-style:normal">5 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.ssl.HttpSecureProtocol;
-<FONT COLOR=0 STYLE="font-style:normal">6 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.ssl.TrustMaterial;
-<FONT COLOR=0 STYLE="font-style:normal">7 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">8 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> javax.net.ssl.SSLHandshakeException;
-<FONT COLOR=0 STYLE="font-style:normal">9 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> java.net.URL;
-<FONT COLOR=0 STYLE="font-style:normal">10 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">11 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>/**
-<FONT COLOR=0 STYLE="font-style:normal">12 </FONT> *
-<FONT COLOR=0 STYLE="font-style:normal">13 </FONT> * Example of trusting certs to answer a question Sudip Shrestha posed on the
-<FONT COLOR=0 STYLE="font-style:normal">14 </FONT> * httpclient-user@jakarta.apache.org mailing list, Fri 5/5/2006.
-<FONT COLOR=0 STYLE="font-style:normal">15 </FONT> *
-<FONT COLOR=0 STYLE="font-style:normal">16 </FONT> * </I></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><B>@author</B></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I> Julius Davies
-<FONT COLOR=0 STYLE="font-style:normal">17 </FONT> * </I></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><B>@since</B></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I> May 5, 2006
-<FONT COLOR=0 STYLE="font-style:normal">18 </FONT> */</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">19 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>public</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>class</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> TrustExample {
-<FONT COLOR=0 STYLE="font-style:normal">20 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">21 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>/*
-<FONT COLOR=0 STYLE="font-style:normal">22 </FONT>Microsoft IE trusts usertrust.com CA certs by default, but Java doesn't, so we need
-<FONT COLOR=0 STYLE="font-style:normal">23 </FONT>to tell Java to.
-<FONT COLOR=0 STYLE="font-style:normal">24 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">25 </FONT>Cert is good until 2019 !
-<FONT COLOR=0 STYLE="font-style:normal">26 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">27 </FONT>openssl x509 -in cert.pem -noout -text
-<FONT COLOR=0 STYLE="font-style:normal">28 </FONT>=======================================
-<FONT COLOR=0 STYLE="font-style:normal">29 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">30 </FONT>Serial Number:
-<FONT COLOR=0 STYLE="font-style:normal">31 </FONT> 44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
-<FONT COLOR=0 STYLE="font-style:normal">32 </FONT>Signature Algorithm: sha1WithRSAEncryption
-<FONT COLOR=0 STYLE="font-style:normal">33 </FONT>Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
-<FONT COLOR=0 STYLE="font-style:normal">34 </FONT>Validity
-<FONT COLOR=0 STYLE="font-style:normal">35 </FONT> Not Before: Jul 9 18:10:42 1999 GMT
-<FONT COLOR=0 STYLE="font-style:normal">36 </FONT> Not After : Jul 9 18:19:22 2019 GMT
-<FONT COLOR=0 STYLE="font-style:normal">37 </FONT>Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
-<FONT COLOR=0 STYLE="font-style:normal">38 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">39 </FONT>X509v3 extensions:
-<FONT COLOR=0 STYLE="font-style:normal">40 </FONT> X509v3 Key Usage:
-<FONT COLOR=0 STYLE="font-style:normal">41 </FONT> Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
-<FONT COLOR=0 STYLE="font-style:normal">42 </FONT> X509v3 Basic Constraints: critical
-<FONT COLOR=0 STYLE="font-style:normal">43 </FONT> CA:TRUE
-<FONT COLOR=0 STYLE="font-style:normal">44 </FONT> X509v3 Subject Key Identifier:
-<FONT COLOR=0 STYLE="font-style:normal">45 </FONT> A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
-<FONT COLOR=0 STYLE="font-style:normal">46 </FONT> X509v3 CRL Distribution Points:
-<FONT COLOR=0 STYLE="font-style:normal">47 </FONT> URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
-<FONT COLOR=0 STYLE="font-style:normal">48 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">49 </FONT> X509v3 Extended Key Usage:
-<FONT COLOR=0 STYLE="font-style:normal">50 </FONT> TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
-<FONT COLOR=0 STYLE="font-style:normal">51 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">52 </FONT>*/</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">53 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>private</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>static</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>byte</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000">[] pemCert = (
-<FONT COLOR=0 STYLE="font-style:normal">54 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"-----BEGIN CERTIFICATE-----</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">55 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">56 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">57 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">58 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">59 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">60 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">61 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">62 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">63 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">64 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">65 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">66 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">67 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">68 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">69 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">70 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">71 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">72 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">73 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">74 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">75 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">76 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">77 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">78 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
-<FONT COLOR=0 STYLE="font-style:normal">79 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"-----END CERTIFICATE-----</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> ).getBytes();
-<FONT COLOR=0 STYLE="font-style:normal">80 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">81 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>public</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>static</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>void</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> main( String[] args ) </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>throws</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> Exception
-<FONT COLOR=0 STYLE="font-style:normal">82 </FONT> {
-<FONT COLOR=0 STYLE="font-style:normal">83 </FONT> HttpSecureProtocol f = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> HttpSecureProtocol();
-<FONT COLOR=0 STYLE="font-style:normal">84 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">85 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// might as well trust the usual suspects:</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">86 </FONT> f.addTrustMaterial(TrustMaterial.CACERTS);
-<FONT COLOR=0 STYLE="font-style:normal">87 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">88 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// here's where we start trusting usertrust.com's CA:</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">89 </FONT> f.addTrustMaterial(</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> TrustMaterial( pemCert ));
-<FONT COLOR=0 STYLE="font-style:normal">90 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">91 </FONT> Protocol trustHttps = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> Protocol(</FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https"</FONT><FONT style="font-family:monospaced;" COLOR="#000000">, f, </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">443</FONT><FONT style="font-family:monospaced;" COLOR="#000000">);
-<FONT COLOR=0 STYLE="font-style:normal">92 </FONT> Protocol.registerProtocol(</FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https"</FONT><FONT style="font-family:monospaced;" COLOR="#000000">, trustHttps);
-<FONT COLOR=0 STYLE="font-style:normal">93 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">94 </FONT> HttpClient client = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> HttpClient();
-<FONT COLOR=0 STYLE="font-style:normal">95 </FONT> GetMethod httpget = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> GetMethod(</FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https://www.usertrust.com/"</FONT><FONT style="font-family:monospaced;" COLOR="#000000">);
-<FONT COLOR=0 STYLE="font-style:normal">96 </FONT> client.executeMethod(httpget);
-<FONT COLOR=0 STYLE="font-style:normal">97 </FONT> String s = httpget.getStatusLine().toString();
-<FONT COLOR=0 STYLE="font-style:normal">98 </FONT> System.out.println( </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"HTTPClient: "</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> + s );
-<FONT COLOR=0 STYLE="font-style:normal">99 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">100 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// Notice that Java still can't access it. Only HTTPClient knows</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">101 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// to trust the cert!</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">102 </FONT> URL u = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> URL( </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https://www.usertrust.com/"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> );
-<FONT COLOR=0 STYLE="font-style:normal">103 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>try</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">104 </FONT> {
-<FONT COLOR=0 STYLE="font-style:normal">105 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// This will throw an SSLHandshakeException</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
-<FONT COLOR=0 STYLE="font-style:normal">106 </FONT> u.openStream();
-<FONT COLOR=0 STYLE="font-style:normal">107 </FONT> }
-<FONT COLOR=0 STYLE="font-style:normal">108 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>catch</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> ( SSLHandshakeException she )
-<FONT COLOR=0 STYLE="font-style:normal">109 </FONT> {
-<FONT COLOR=0 STYLE="font-style:normal">110 </FONT> System.out.println( </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"Java: "</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> + she );
-<FONT COLOR=0 STYLE="font-style:normal">111 </FONT> }
-<FONT COLOR=0 STYLE="font-style:normal">112 </FONT> }
-<FONT COLOR=0 STYLE="font-style:normal">113 </FONT>
-<FONT COLOR=0 STYLE="font-style:normal">114 </FONT>}
-<FONT COLOR=0 STYLE="font-style:normal">115 </FONT></FONT></PRE>
-</BODY>
-</HTML>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/about.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/about.html b/3rdparty/not-yet-commons-ssl/docs/about.html
deleted file mode 100644
index 5ef231e..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/about.html
+++ /dev/null
@@ -1,73 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<meta name="Author" content="Julius Davies">
-<title>About Not-Yet-Commons-SSL</title>
-<style type="text/css">
-dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl, a.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-.nav a.hl { color: white; }
-dt { padding: 8px 0 8px 5px; }
-li { padding-bottom: 6px; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html" class="hl">main</a> |
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>About Not-Yet-Commons-SSL</h2>
-
-<h4 style="margin-top: 1em;">5 Design Goals:</h4>
-<ol>
-<li style="margin-top: 6px;"><b>Make SSL and Java Easier.</b> Ever wanted to work with self-signed
-certificates in your Java application in a secure fashion? Ever wanted to use more than one client
-certificate in a single running JVM? You can edit your <code>$JAVA_HOME/jre/lib/security/cacerts</code>
-file, and you can invoke Java with <code>-Djavax.net.ssl.keyStore=/path/to/keystore</code>. Both of
-these approaches are great at first, but they don't scale well. Do you really want to pollute every
-SSL socket in your JVM (HTTP, LDAP, JDBC, RMI, etc...) with those system-wide changes? Commons-SSL let's you
-control the SSL options you need in an natural way for each SSLSocketFactory, and those options
-won't bleed into the rest of your system.</li>
-<li style="margin-top: 6px;"><b>Improve Security.</b>
-<a href="http://en.wikipedia.org/wiki/Certificate_revocation_list">CRL</a> checking turned on by default.
-We hope to add support for
-<a href="http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol">OCSP</a> soon!
-It's obnoxious to have to download CRL files around 500KB each from Thawte and Verisign every 24 hours.
-OCSP improves on that.</li>
-<li style="margin-top: 6px;"><b>Improve Flexibility.</b> Checking hostnames, expirations, CRL's, and many
-other options can be enabled/disabled for each SSLSocketFactory created.</li>
-<li style="margin-top: 6px;"><b>Support more file formats, and support these formats more robustly.</b>
-<ul>
-<li>commons-ssl supports over <a href="samples/rsa_result.html">50 formats</a> of PKCS8 and OpenSSL Encrypted Private Keys in PEM or DER</li>
-<li>X.509 Certificates can be PEM or DER encoded. Can also come in PKCS7 chains. (To be fair, Java always supported this.)</li>
-<li>PKCS12 files can be in <a href="samples/pkcs12/pkcs12_client_cert.pem">PEM</a> (as created by <code>openssl pkcs12</code>).</li>
-<li>Parsing of Base64-PEM is more tolerant of extra whitespace or comments, especially outside the Base64 sections:
-<pre style="padding-left: 100px;">any comments or whitespace up here are ignored
-
------BEGIN TYPE-----
-[...base64....]
------END TYPE-----
-
-any comments or whitespace down here are also ignored</pre></li></ul></li>
-<li><b>Automatically detect type of KeyMaterial or TrustMaterial.</b> Consumer does not need to know
-whether keystore is PKCS12 or JKS. They just need to know the password to decrypt the private key.</li>
-</ol>
-
-</body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/download.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/download.html b/3rdparty/not-yet-commons-ssl/docs/download.html
deleted file mode 100644
index 5e8a8cb..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/download.html
+++ /dev/null
@@ -1,263 +0,0 @@
-<html>
-<head>
-<title>Not-Yet-Commons-SSL - Downloads, Features, Future Directions</title>
-<style type="text/css">
-dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-td.v { text-align: center; }
-dt { padding: 8px 0 8px 5px; }
-dd { padding-left: 15px; }
-li { padding-bottom: 6px; }
-tr.released td, tr.released th { background-color: yellow; font-weight: bold; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-
-<span class="hl" href="download.html">download</span>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>Download Not-Yet-Commons-SSL!</em></h2>
-<p>Not-Yet-Commons-SSL currently has NO affiliation with the <a href="http://apache.org/">Apache Software Foundation</a> (apache.org), but we're hoping
-to start <a href="http://incubator.apache.org/incubation/Incubation_Policy.html">Incubation</a> one day.
-<table cellpadding="6" cellspacing="0" border="0" style="margin-top: 9px;">
- <tr><th colspan="3">Current Version (September 23rd, 2014):</th></tr>
- <tr><td>Full source:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.zip">not-yet-commons-ssl-0.3.16.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: </td></tr>
- <tr><td>Binary only:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.jar">not-yet-commons-ssl-0.3.16.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: cebc58b8367c253688426043fdf08221</td></tr>
- <tr><th colspan="3">Previous Version (September 8th, 2014):</th></tr>
- <tr><td>Full source:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.zip">not-yet-commons-ssl-0.3.15.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: f62d7f7f890ac03a0210d1be7571b21e</td></tr>
- <tr><td>Binary only:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.jar">not-yet-commons-ssl-0.3.15.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: cebc58b8367c253688426043fdf08221</td></tr>
- <tr><th colspan="3">All Previous Versions (use "svn export"):</th></tr>
- <tr><td> </td><td colspan="2"><a href='http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/'>/svn/not-yet-commons-ssl/tags/</a></td></tr>
-</table>
-<br/><b>Warning:</b>
- <span style="color: red; font-weight: bold;">All versions of not-yet-commons-ssl should be considered to be of "Alpha" quality!
-This code probably contains bugs. This code may have security issues.</span>
-<p>Future versions will definitely break the current API in a non-reverse compatible way. After commons-ssl-0.5.0, though, we
-plan on always being reverse compatible with ourselves.
-<hr/>
-<h3>Changelog for not-yet-commons-ssl-0.3.16:</h3>
-<dl>
- <dt>1. Bug fix for TrustMaterial constructor.</dt>
- <dd>Re-introduce ability to load an X509 certificate specified as raw bytes (e.g., byte[]) in the constructor. (Thanks to Brent Putnam for the bug report).</dd></dd>
- <dt>2. Remove protocol / cipher whitelists.</dt>
- <dd>
-Got rid of useStrongCiphers() method (and its converse, useDefaultCiphers()), since all ciphers in Java 7 are at least 128 bit, and my approach used a white list that was starting to get out-of-date. If users want to ensure only strong ciphers are used in their SSL connections, they can either upgrade to Java 7 or newer, or invoke SSLClient.setEnabledCiphers() or SSLServer.setEnabledCiphers(). Also got rid of all logic that was setting default protocols, because again it was a white list that was getting out of date. We do still call SSLContext.getInstance("TLS") by default (can be overridden), but I figure that one should be okay for at least another decade.
- </dd>
-</dl>
-
-<h3>Changelog for not-yet-commons-ssl-0.3.15:</h3>
-<dl>
- <dt>1. Security patch from Redhat for CVE alert.</dt>
- <dd>The way we parse the Principal (e.g., "CN=a,OU=b,O=c") from an X509 Certificate had a serious security flaw.
- Thanks to Redhat, Arun Babu Neelicattu, and David Jorm for notifying us, and for the patch they submitted.</dd></dd>
- <dt>2. Upgrade to Java 1.5.</dt>
- <dd>Not-yet-commons-ssl now requires at least Java 1.5 to run (a.k.a. Java 5).
- If you really need Java 1.3 or Java 1.4 compatibility, please email the mailing list; it's not too late for us to
- rejig things to bring that back, but we're not going to bother unless someone actually needs it.
- </dd>
-</dl>
-<h3>Changelog for not-yet-commons-ssl-0.3.13:</h3>
-<dl>
-<dt>1. Fix bugs in AuthSSLProtocolSocketFactory and TrustSSLProtocolSocketFactory.</dt>
-<dd>KeyMaterial's constructor has been checking that KeyMaterial contains at least one
-private key, but this assumption was invalid with these guys. The fall-back to the
-TrustMaterial constructor if necessary. (Wonder how long this has been broken! Oops!)</dd>
-
-<dt>2. Upgraded from JUnit3 to JUnit4. Added some extra unit tests.</dt>
-</dl>
-<h3>Changelog for not-yet-commons-ssl-0.3.12:</h3>
-<dl>
-<dt>1. Avoid reverse-DNS lookups with literal IP address connections.</dt>
-<dd>Based on my own investigation, InetAddress.getByAddress(String, byte[]) does not do the reverse-DNS lookup that plagues Java SSL users, so we call that whenever possible.</dd>
-</dl>
-<h3>Changelog for not-yet-commons-ssl-0.3.11:</h3>
-<dl>
-<dt>1. Fixed KeyStoreBuilder.</dt>
-<dd>It really can handle KeyStores now where the store-password and key-password differ. It can
-also now handle all the things 0.3.9 couuld handle, too. Whoops. Sorry about 0.3.10, everyone.</dd>
-
-<dt>2. KeyStoreBuilder auto-detects BouncyCastle BKS and UBER keystore types.</dt>
-
-<dt>3. CRL checking no longer blocks forever in bad network situations (Java 5 and newer).</dt>
-<dd>CRL checking was using default java.net.URL behaviour, which unfortunately can
-cause infinite blocking. CRL checking now waits at most 5 seconds for the CRL server
-to respond. <b>Note: Only works on Java 1.5 and above.</b></dd>
-
-<dt>4. Lot's more unit tests. Especially for KeyStoreBuilder.</dt>
-
-<dt>5. Base64InputStream's default behaviour changed to DECODE. VERY SORRY!</dt>
-
-<dt>6. PKCS8Key.getPublicKey() and PEMUtil.toPEM() methods added. </dt>
-</dl>
-<br/>
-<h3>Features as of not-yet-commons-ssl-0.3.10:</h3>
-<dl>
-<dt>1. <a href="utilities.html#KSB">KeyStoreBuilder</a> broken.
-<dd>
-<b>Version 0.3.10 should be avoided!</b>
-</dd>
-</dl>
-
-<br/>
-<h3>Features as of not-yet-commons-ssl-0.3.9:</h3>
-<dl>
-<dt>1. <a href="pbe.html">PBE</a> is now Compatible with <code>openssl enc -K [key] -iv [IV]</code>.</dt>
-<dd>People were asking for this. See the PBE page for more details.</dd>
-<dt>2. DES2 with PBE was broken.</dt>
-<dd>Fixed.</dd>
-
-<dt>3. directory.apache.org didn't write the ASN.1 code. BouncyCastle did.</dt>
-<dd>Now using latest ASN.1 parsing code from BC, and attributing it properly.</dd>
-<dt>4. The "ping" utility has a few more options.</dt>
-<dd>For those who need more than just a "HEAD /" request. You can also set the HTTP host header,
-independant of the target host/ip.</dd>
-</dl>
-<br/>
-<h3>Features as of not-yet-commons-ssl-0.3.8:</h3>
-<dl>
-<dt>1. useDefaultJavaCiphers() actually works now.</dt>
-<dd>When you want to allow 40 bit, 56 bit, and MD5 based SSL ciphers, use this. It was 99% functional in 0.3.7, but there was a
-rare situation where setting ciphers was causing SSL handshake errors.</dd>
-
-<dt>2. <a href="pbe.html">PBE</a> (password-based-encryption) improved.</dt>
-<dd>PBE now has its own <a href="pbe.html">HTML page</a>. Support for all of OpenSSL's PBE ciphers implemented and tested, including
-IDEA and RC5. (DES-X might work, but couldn't find a JCE provider that supported it). Threw in support for some
-additional BouncyCastle ciphers even though OpenSSL doesn't support them (cast6, gost28147, rc6, seed, serpent,
-skipjack, tea, twofish, xtea). Around <a href="samples/pbe/">650 test files</a> created to make sure PBE is working properly.
-</dd>
-<dt>3. PBE API changed on <a href="javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20char[],%20java.io.InputStream)">OpenSSL.encrypt()</a> and <a href="javadocs/org/apache/commons/ssl/OpenSSL.html#decrypt(java.lang.String,%20char[],%20java.io.InputStream)">OpenSSL.decrypt()</a>.</dt>
-
-<dd>The password is now char[] instead of byte[] (sorry!). Encrypt/decrypt on byte[] introduced. Encrypt/decrypt on InputStream
-is still available, and is properly streamed so that even extremely large files can be encrypted/decrypted.</dd>
-</dl>
-<br/>
-<h3>Features as of not-yet-commons-ssl-0.3.7:</h3>
-<dl>
-<dt>1. useStrongCiphers() used by default.</dt>
-<dd>40 bit and 56 bit ciphers are now disabled by default. To turn them back on call useDefaultJavaCiphers().</dd>
-<dt>2. addAllowedName() adds some flexibility to the CN verification.</dt>
-<dd>
-Here's a code example using "cucbc.com" to connect, but anticipating "www.cucbc.com" in the server's certificate:
-<pre>
-SSLClient client = new SSLClient();
-client.addAllowedName( "www.cucbc.com" );
-Socket s = client.createSocket( "cucbc.com", 443 );
-
-</pre>
-This technique is also useful if you don't want to use DNS, and want to
-connect using the IP address.
-</dd>
-<dt>3. SSLServer can re-use a Tomcat-8443 private key if running from inside Tomcat.</dt>
-<dd>
-<pre>
-SSLClient server = new SSLServer();
-server.useTomcatSSLMaterial();
-</pre>
-</dd>
-<dt>4. RMI-SSL support improved.</dt>
-<dd>Attempts to re-use the Tomcat-8443 private key for all RMI SSL Server sockets.
-Anonymous server-sockets (port 0) will always be set to port 31099. Analyzes the
-server certificate CN field and tries to set "java.rmi.server.hostname" to something
-compatible with that. Probably the only free implementation around that does a good
-job on the hostname verification!
-</dd>
-<dt>5. KeyMaterial constructor blows up earlier.</dt>
-<dd>If a JKS or PKCS12 file is provided that isn't going to work (e.g. no private keys),
-the KeyMaterial constructor throws an exception right away.</dd>
-
-<dt>6. getSSLContext() now available to help inter-op with Java 5 SSL-NIO libraries.</dt>
-<dd>Oleg has been working hard on SSL-NIO for the Apache httpcomponents library. Go
-check it out!</dd>
-<dt>7. Fixed bug where SSLClient couldn't be used with javax.net.ssl.HttpsURLConnection
-on Java 1.4.x</dt>
-<dd>I was wrapping the SSLSocket, but Java 1.4.x guards against that inside HttpsURLConnection
-and throws this exciting exception:
-<pre>
-java.lang.RuntimeException: Export restriction: this JSSE implementation is non-pluggable.
- at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.checkCreate(DashoA6275)
- at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
- at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
- at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:560)
- at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA6275)
-</pre>
-Silly Java - I'm still using <em>your</em> JSSE implementation, I'm just wrapping it!
-</dd>
-</dl>
-<br/>
-
-<h3>Features as of not-yet-commons-ssl-0.3.4:</h3>
-<dl>
-<dt>1. <code>"javax.net.ssl.keyStore"</code> and <code>"javax.net.ssl.trustStore"</code></dt>
-<dd>SSLClient and SSLServer now set their default TrustMaterial and KeyMaterial from these
- system properties if they are present.</dd>
-<dt>2. <code>ssl.setCheckCRL( true/false )</code> <em>Note: <a href="http://en.wikipedia.org/wiki/Certificate_revocation_list">CRL</a> is an abbreviation for "Certificate Revocation List"</em></dt>
-
-<dd>Set to <code>true</code> by default. If you're using SSLClient, then the remote
-server's certificate chain is checked. If you're using SSLServer, CRL checking is ignored <em>unless</em>
-client certificates are presented. Commons-SSL tries to perform the CRL check against each certificate in
-the chain, but we're not sure if we always know the entire chain.
-<p><em>Implementation note:</em>
-To reduce memory consumption all CRL's are saved to disk using
-<code>File.createTempFile()</code> and <code>File.deleteOnExit()</code>.
-CRL's are re-downloaded every 24 hours. To reduce disk IO
-the "pass/fail" result of a CRL check for a given X.509 Certificate is cached using the 20 byte SHA1 hash of the
-certificate as the key. The cached "pass" result is discarded every 24 hours. The cached "fail" result is retained
-until the JVM restarts.
-</p>
-</dd>
-
-<dt>3. <code>ssl.setCheckExpiry( true/false )</code></dt>
-<dd>Certificate expiry checking can be turned off. Turned on by default. For Java 1.4 and newer we're
-intercepting the CertificateException thrown by the TrustManager. But we still implemented our own
-expiry checking because Java 1.3 doesn't check expiry. We check every certificate in
-the chain, but we're not sure if we always know the entire chain.</dd>
-<dt>4. <code>ssl.setCheckHostname( true/false )</code></dt>
-<dd>Certificate hostname checking improved. Turned on by default for SSLClient, but turned off by
-default for SSLServer. If turned on for SSLServer, only applied to client certificates by checking
-against a reverse DNS lookup of the client's IP address. Turning on for SSLServer will probably be
-quite rare. We imagine that applications (such as Tomcat) will pass the client chain back up into
-the business layer where people can code in any kind of validation logic they like. But we put
-it in anyway to keep things consistent.
-<p>Support added for certificates with wildcards in the CN field
-(e.g. <a href="https://www.credential.com/">*.credential.com</a>).
-Java already had this, to be fair. We broke it
-by accident!
-<pre style="font-style: 90%; padding: 0 30px;">
-s: CN=*.credential.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/cps (c)05,
- OU=businessprofile.geotrust.com/get.jsp?GT27402892, O=*.credential.com, C=CA
-i: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
-</pre>
-</p>
-</dd>
-
-<dt>5. PKCS8 support.</dt>
-<dd>Support for OpenSSL "Traditional" and PKCS8 encrypted private keys added.
-Private keys can be RSA or DSA. See our <a href="pkcs8.html">pkcs8 page</a> for more details.</dt>
-<dt>6. New Utility: "<code>KeyStoreBuilder</code>"</dt>
-<dd>Command line utility converts an OpenSSL pair (private key + certificate) into a Java Keystore ("JKS")
-file. To see the command-line options, visit our <a href="utilities.html">utilities page</a>, or just run:
-<pre style="font-style: 90%; padding: 0 30px;">
-
-java -cp commons-ssl-0.3.4.jar org.apache.commons.ssl.KeyStoreBuilder
-</pre></dd>
-</dl>
-
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/index.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/index.html b/3rdparty/not-yet-commons-ssl/docs/index.html
deleted file mode 100644
index db39c4d..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/index.html
+++ /dev/null
@@ -1,119 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<meta name="Author" content="Julius Davies">
-<title>Java and SSL/TLS Made Easier - Not-Yet-Commons-SSL</title>
-<meta name="description" content="Java library for controlling aspects of SSL. Also helps interop between Java and OpenSSL."/>
-<meta name="keywords" content="Java, SSL, TLS, OpenSSL, HTTPS, Certificates, X.509, X509, Secure Socket Layer, Transport Layer Security, Client Auth, Client Certificate, Client Cert, Client Certificates, Server Cert, Server Certificate, Server Certificates"/>
-<style type="text/css">
-dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-dt { padding: 8px 0 8px 5px; }
-li { padding-bottom: 6px; }
-th { text-align: right; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<span class="hl">main</span> |
-
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>Not-Yet-Commons-SSL</h2>
-<p><a href="download.html">not-yet-commons-ssl-0.3.16</a> released! (September 23rd, 2014)</p>
-<p>Requires Java 1.5.x or higher.
-
-<p>Please see our <a href="ssl.html">ssl page</a> for code examples on how to use this library.</a></p>
-
-<h3>Resources:</h3>
-<table border="0" cellpadding="5" cellspacing="5">
-<tr>
- <th>Design Goals:</th>
- <td><a href="about.html">about.html</a></td>
-</tr>
-
-<tr>
- <th>Code Examples:</th>
- <td><a href="ssl.html">SSL/TLS</a> | <a href="pkcs8.html">PKCS #8</a> | <a href="pbe.html">PBE</a></td>
-</tr>
-<tr>
-
- <th>Join Mailing List:</th>
- <td><a href="http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/">http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/</a></td>
-</tr>
-<tr>
- <th>Mailing List Archives:</th>
- <td><a href="http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/">http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/</a></td>
-</tr>
-
-<tr>
- <th>Downloads:</th>
- <td><a href="download.html">http://juliusdavies.ca/commons-ssl/download.html</a></td>
-</tr>
-<tr>
- <th>Checkout From Subversion:</th>
- <td><code>svn co <a style="text-decoration: none;" href="http://juliusdavies.ca/svn/not-yet-commons-ssl/trunk">http://juliusdavies.ca/svn/not-yet-commons-ssl/trunk</a> not-yet-commons-ssl</code></td>
-
-</tr>
-<tr>
- <th>Browse Subversion (via viewvc):</th>
- <td><a href="http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl/">http://juliusdavies.ca/svn/not-yet-commons-ssl/viewvc.cgi/not-yet-commons-ssl/</a></td>
-</tr>
-<tr>
- <th>License (Apache 2.0):</th>
- <td><a href="LICENSE.txt">LICENSE.txt</a></td>
-
-</tr>
-</table>
-<hr/>
-<h4>About</h4>
-<p>We're calling this library "Not-Yet-Commons-SSL" since we have the intention of one day
-becoming an official Apache project. Not-Yet-Commons-SSL was originally developed by
-<a href="https://www.cucbc.com">Credit Union Central of British Columbia</a>.
-The webpages, releases, and code here on <a href="http://juliusdavies.ca/">juliusdavies.ca</a> have no relationship to
-the Apache Software Foundation, but all code is licensed under <a href="LICENSE.txt">ASL 2.0</a>.
-</p>
-<p>The <a href="http://juliusdavies.ca/svn/viewvc.cgi/trunk/src/java/org/apache/commons/ssl/asn1/">ASN.1 parsing code</a>
-
-comes directly from BouncyCastle (<a href="http://bouncycastle.org/">bouncycastle.org</a>). Our only modification to this
-code was an accidental "reformat" to bring it inline with our code style. Also, in two places, we switched the BC code
-to use <em>our</em> Hex.java
-for encoding/decoding instead of their own.
-The PKCS12 key derivation function (for some PKCS8 version 1.5 encrypted keys) also comes from BouncyCastle.
-Presumably they got it from RSA's PKCS12 specification
-(<a href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf">ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf</a>).
-BouncyCastle maintains copyright over all the code used, but allows us to reuse and redistribute
-(the BouncyCastle license is compatible with ASL 2.0). We are very thankful for their excellent code.
-</p>
-
-<p>Not-Yet-Commons-SSL would never have happened without Oleg Kalnichevski's excellent
-"<a href="http://svn.apache.org/viewvc/jakarta/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/">contrib</a>"
-example in the <a href="http://jakarta.apache.org/httpcomponents/">HttpComponents</a> SVN repository.
-His
-<a href="http://svn.apache.org/viewvc/jakarta/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup">AuthSSLProtocolSocketFactory.java</a>
-
-and
-<a href="http://svn.apache.org/viewvc/jakarta/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java?view=markup">AuthSSLX509TrustManager.java</a>
-examples
-were the seeds for all of this. Evil Comrade Oleg's Javadocs on those classes were also extremely helpful. We
-only one day hope that we can write Javadocs like that (hopefully by <a href="download.html#roadmap">0.7.0</a>!).
-</p>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt b/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt
deleted file mode 100644
index 40c469d..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-
-Performance of org.apache.commons.ssl.OpenSSL.decrypt()
-
-Decrypting the same 946MB Base64 DES-3 encrypted file.
-
-
-OpenSSL 0.9.7l 28 Sep 2006
---------------------
-real 1m40.578s
-user 1m34.223s
-sys 0m04.039s
-
-
-not-yet-commons-ssl-0.3.10
-(22% slower than OpenSSL!)
---------------------
-real 2m03.270s
-user 1m56.959s
-sys 0m03.605s
-
-
-not-yet-commons-ssl-0.3.9
-(3,000% slower than OpenSSL!)
---------------------
-real 50m47.424s
-user 18m47.687s
-sys 31m30.298s
-
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10 b/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10
deleted file mode 100644
index d52bd7d..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10
+++ /dev/null
@@ -1,72 +0,0 @@
-Flat profile of 140.04 secs (12528 total ticks): main
-
- Interpreted + native Method
- 0.7% 0 + 90 java.io.FileOutputStream.writeBytes
- 0.4% 0 + 56 java.io.FileInputStream.readBytes
- 0.2% 0 + 24 java.lang.System.arraycopy
- 0.0% 5 + 0 org.apache.commons.ssl.ComboInputStream.read
- 0.0% 4 + 0 com.sun.crypto.provider.SunJCE_h.a
- 0.0% 3 + 0 javax.crypto.CipherInputStream.available
- 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_h.a
- 0.0% 2 + 0 org.apache.commons.ssl.Base64.decodeBase64
- 0.0% 0 + 2 java.io.FileInputStream.read
- 0.0% 2 + 0 java.io.PrintStream.write
- 0.0% 0 + 2 java.lang.String.intern
- 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_e.a
- 0.0% 1 + 0 java.math.BigInteger.addOne
- 0.0% 1 + 0 java.util.HashMap.getEntry
- 0.0% 1 + 0 java.lang.String.<init>
- 0.0% 1 + 0 sun.security.x509.RDN.<init>
- 0.0% 0 + 1 java.lang.ClassLoader.defineClass1
- 0.0% 1 + 0 java.math.BigInteger.mulAdd
- 0.0% 0 + 1 java.util.zip.Inflater.inflateBytes
- 0.0% 0 + 1 java.util.zip.ZipFile.getEntry
- 0.0% 1 + 0 org.apache.commons.ssl.Util.pipeStream
- 0.0% 0 + 1 java.lang.Class.forName0
- 0.0% 1 + 0 java.lang.StringCoding$CharsetSD.decode
- 0.0% 1 + 0 java.util.HashMap.<init>
- 0.0% 0 + 1 java.lang.Object.clone
- 1.8% 46 + 180 Total interpreted (including elided)
-
- Compiled + native Method
- 71.9% 8987 + 0 com.sun.crypto.provider.SunJCE_y.c
- 7.0% 706 + 167 org.apache.commons.ssl.util.ReadLine.nextAsBytes
- 3.1% 391 + 0 com.sun.crypto.provider.SunJCE_m.b
- 2.2% 252 + 28 org.apache.commons.ssl.Base64.decodeBase64
- 2.0% 249 + 0 org.apache.commons.ssl.Base64InputStream.getLine
- 1.3% 0 + 168 org.apache.commons.ssl.Base64.discardNonBase64
- 1.2% 8 + 144 javax.crypto.Cipher.update
- 0.8% 1 + 96 com.sun.crypto.provider.SunJCE_h.a
- 0.3% 37 + 0 javax.crypto.CipherInputStream.read
- 0.2% 22 + 0 org.apache.commons.ssl.Util.pipeStream
- 0.1% 13 + 0 java.io.BufferedInputStream.read1
- 0.1% 7 + 0 java.io.FilterInputStream.read
- 0.0% 2 + 0 adapters
- 0.0% 1 + 0 java.math.BigInteger.squareToLen
- 90.3% 10676 + 603 Total compiled
-
- Stub + native Method
- 4.6% 0 + 575 java.io.FileOutputStream.writeBytes
- 3.0% 0 + 380 java.io.FileInputStream.readBytes
- 7.6% 0 + 955 Total stub
-
- Thread-local ticks:
- 0.3% 36 Blocked (of total)
- 0.1% 7 Class loader
- 0.0% 1 Compilation
- 0.2% 24 Unknown: thread_state
-
-
-Flat profile of 0.01 secs (1 total ticks): DestroyJavaVM
-
- Thread-local ticks:
-100.0% 1 Blocked (of total)
-
-
-Global summary of 140.06 seconds:
-100.0% 12563 Received ticks
- 0.2% 29 Received GC ticks
- 0.5% 65 Compilation
- 0.0% 4 Other VM operations
- 0.1% 7 Class loader
- 0.2% 24 Unknown code
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9 b/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9
deleted file mode 100644
index cdff246..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9
+++ /dev/null
@@ -1,72 +0,0 @@
-Flat profile of 3230.62 secs (320463 total ticks): main
-
- Interpreted + native Method
- 0.0% 0 + 17 java.lang.System.arraycopy
- 0.0% 0 + 7 java.io.FileOutputStream.writeBytes
- 0.0% 0 + 6 java.io.FileInputStream.read
- 0.0% 0 + 4 java.lang.Object.clone
- 0.0% 0 + 3 java.io.FileInputStream.readBytes
- 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_e.<clinit>
- 0.0% 2 + 0 java.lang.StringCoding.trim
- 0.0% 0 + 2 java.util.zip.Inflater.inflateBytes
- 0.0% 2 + 0 java.math.BigInteger.multiplyToLen
- 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_h.a
- 0.0% 1 + 0 sun.security.util.DerValue.init
- 0.0% 1 + 0 com.sun.crypto.provider.SunJCE_y.a
- 0.0% 1 + 0 org.apache.commons.ssl.Base64.decodeBase64
- 0.0% 1 + 0 com.sun.crypto.provider.SunJCE_y.c
- 0.0% 1 + 0 com.sun.crypto.provider.SunJCE_h.a
- 0.0% 1 + 0 java.lang.String.toLowerCase
- 0.0% 1 + 0 sun.security.pkcs.PKCS7.parse
- 0.0% 0 + 1 java.lang.ClassLoader.findBootstrapClass
- 0.0% 1 + 0 sun.misc.CharacterDecoder.decodeLinePrefix
- 0.0% 1 + 0 java.lang.String.lastIndexOf
- 0.0% 1 + 0 java.util.AbstractList.iterator
- 0.0% 1 + 0 java.util.HashMap.newValueIterator
- 0.0% 1 + 0 java.io.DataInputStream.<init>
- 0.0% 0 + 1 org.apache.commons.ssl.JavaImpl.<clinit>
- 0.0% 1 + 0 java.util.HashMap.resize
- 0.0% 28 + 42 Total interpreted (including elided)
-
- Compiled + native Method
- 0.0% 111 + 0 com.sun.crypto.provider.SunJCE_y.c
- 0.0% 0 + 76 javax.crypto.Cipher.update
- 0.0% 16 + 0 org.apache.commons.ssl.Util.readLine
- 0.0% 12 + 0 org.apache.commons.ssl.Base64.decodeBase64
- 0.0% 11 + 0 java.nio.charset.CharsetEncoder.encode
- 0.0% 9 + 0 org.apache.commons.ssl.Base64InputStream.getLine
- 0.0% 7 + 1 java.lang.StringCoding$CharsetSE.encode
- 0.0% 5 + 0 com.sun.crypto.provider.SunJCE_m.b
- 0.0% 3 + 0 org.apache.commons.ssl.Util.pipeStream
- 0.0% 1 + 0 javax.crypto.CipherInputStream.read
- 0.0% 0 + 1 org.apache.commons.ssl.Base64.discardNonBase64
- 0.0% 1 + 0 java.lang.StringCoding.encode
- 0.0% 1 + 0 java.math.BigInteger.squareToLen
- 0.1% 177 + 78 Total compiled
-
- Stub + native Method
- 92.6% 0 + 296801 java.io.FileInputStream.read
- 7.3% 0 + 23277 java.io.FileOutputStream.writeBytes
- 99.9% 0 + 320078 Total stub
-
- Thread-local ticks:
- 0.0% 22 Blocked (of total)
- 0.0% 7 Class loader
- 0.0% 1 Compilation
- 0.0% 1 Unknown: no last frame
- 0.0% 29 Unknown: thread_state
-
-
-Flat profile of 0.01 secs (1 total ticks): DestroyJavaVM
-
- Thread-local ticks:
-100.0% 1 Blocked (of total)
-
-
-Global summary of 3230.64 seconds:
-100.0% 320556 Received ticks
- 0.0% 73 Received GC ticks
- 0.0% 61 Compilation
- 0.0% 16 Other VM operations
- 0.0% 7 Class loader
- 0.0% 30 Unknown code
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/pbe.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/pbe.html b/3rdparty/not-yet-commons-ssl/docs/pbe.html
deleted file mode 100644
index eab326a..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/pbe.html
+++ /dev/null
@@ -1,204 +0,0 @@
-<html>
-<head>
-<title>OpenSSL's "enc" in Java (PBE / Password Based Encryption)</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-li.top { margin-top: 10px; }
-li { margin-top: 6px; width: 750px; }
-ul.openssl { float: left; width: 100px; margin-top: 8px; }
-ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
-i { color: purple; }
-i.special { color: red; }
-dt { font-weight: bold; }
-dd { margin-top: 1em; margin-bottom: 1em; }
-sup a { text-decoration: none; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<span class="hl" href="pbe.html">pbe</span> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>OpenSSL's "enc" in Java (PBE / Password Based Encryption)</h2>
-<p>Not-Yet-Commons-SSL has an implementation of PBE ("password based encryption") that is 100%
-compatible with OpenSSL's command-line "enc" utility. PBE is a form of symmetric encryption where
-the same key or password is used to encrypt and decrypt the file.
-</p>
-<p>
-We are also compatible with <code>openssl enc -K [key] -iv [IV]</code>, where the key and IV are provided explicitly,
-instead of being derived from a password. Look for encrypt()/decrypt() methods that take
-<a href="http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20byte[],%20byte[],%20byte[])">byte[] key, byte[] iv</a>
-instead of char[] password.
-
-</p>
-<p>Please visit the <a href="#Quick-FAQ">Quick-FAQ</a> if you are having problems.</p>
-
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>PBE code example (DES-3):</b></u><sup><a href="#fn">*</a></sup>
-
-char[] password = {'c','h','a','n','g','e','i','t'};
-byte[] data = "Hello World!".getBytes();
-
-<em style="color: green;">// Encrypt!</em>
-byte[] encrypted = OpenSSL.encrypt("des3", password, data);
-System.out.println("ENCRYPTED: [" + new String(encrypted) + "]");
-
-<em style="color: green;">// Decrypt results of previous!</em>
-data = OpenSSL.decrypt("des3", password, encrypted);
-System.out.println("DECRYPTED: [" + new String(data) + "]");
-
-
-OUTPUT:
-=======================
-ENCRYPTED: [U2FsdGVkX19qplb9qVDVVEYxH8wjJDGpMS+F4/2pS2c=]
-DECRYPTED: [Hello World!]
-
-<sup><a name="fn">*</a></sup> <span style="font-size: 85%;">- This code example is <a href="#nqr">not quite right</a>.</span>
-</pre>
-<br clear="all"/>
-<p>Some notes:
-<ul>
- <li>The OpenSSL.encrypt() and OpenSSL.decrypt() methods have InputStream and byte[] versions. For large
- files you're going to have to use the InputStream versions.</li>
- <li>OpenSSL.encrypt() produces base64 output by default. Use
-<a href="http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20char[],%20byte[],%20boolean)">OpenSSL.encrypt(alg, pwd, data, false)</a>
- to turn that off.</li>
- <li>OpenSSL.decrypt() auto-detects whether input is base64 or raw binary, so you don't need to worry about it
- when decrypting. The base64 "true/false" parameter is only applicable when encrypting.</li>
- <li>We also have methods that are compatible with "<code>openssl enc -K [key] -iv [IV]</code>" where key and iv
- are explicitly provided, rather than being derived from a password. The [key] and [IV] should be specified
- in either raw binary, or hexidecimal (4 bits per character). This isn't really PBE anymore, but it's a
- common use case.</li>
-</ul>
-</p>
-
-<p>Here's a list of supported OpenSSL ciphers. The <i>purple ones</i> require the <a href="http://www.bouncycastle.org/latest_releases.html">BouncyCastle JCE</a>.
-The <i class="special">red ones (desx, desx-cbc)</i> probably require RSA's <a href="http://www.rsa.com/node.aspx?id=1204">BSAFE JCE</a>,
-and have not been tested.
-</p>
-<pre>
-aes-128-cbc aes-128-cfb <!-- aes-128-cfb1 -->
-aes-128-cfb8 aes-128-ecb aes-128-ofb
-aes-192-cbc aes-192-cfb <!-- aes-192-cfb1 -->
-aes-192-cfb8 aes-192-ecb aes-192-ofb
-aes-256-cbc aes-256-cfb <!-- aes-256-cfb1 -->
-aes-256-cfb8 aes-256-ecb aes-256-ofb
-aes128 aes192 aes256
-bf bf-cbc bf-cfb
-bf-ecb bf-ofb blowfish
-<i>camellia-128-cbc</i> <i>camellia-128-cfb</i> <!-- <i>camellia-128-cfb1</i> -->
-<i>camellia-128-cfb8</i> <i>camellia-128-ecb</i> <i>camellia-128-ofb</i>
-<i>camellia-192-cbc</i> <i>camellia-192-cfb</i> <!-- <i>camellia-192-cfb1</i> -->
-<i>camellia-192-cfb8</i> <i>camellia-192-ecb</i> <i>camellia-192-ofb</i>
-<i>camellia-256-cbc</i> <i>camellia-256-cfb</i> <!-- <i>camellia-256-cfb1</i> -->
-<i>camellia-256-cfb8</i> <i>camellia-256-ecb</i> <i>camellia-256-ofb</i>
-<i>camellia128</i> <i>camellia192</i> <i>camellia256</i>
-<i>cast</i> <i>cast-cbc</i> <i>cast5-cbc</i>
-<i>cast5-cfb</i> <i>cast5-ecb</i> <i>cast5-ofb</i>
-des des-cbc des-cfb
-<!-- des-cfb1 --> des-cfb8 des-ecb
-des-ede des-ede-cbc des-ede-cfb
-des-ede-ofb des-ede3 des-ede3-cbc
-des-ede3-cfb des-ede3-ofb des-ofb
-des3 <i class="special">desx</i> <i class="special">desx-cbc</i>
-<i>idea</i> <i>idea-cbc</i> <i>idea-cfb</i>
-<i>idea-ecb</i> <i>idea-ofb</i> rc2
-rc2-40-cbc rc2-64-cbc rc2-cbc
-rc2-cfb rc2-ecb rc2-ofb
-rc4 rc4-40 <i>rc5</i>
-<i>rc5-cbc</i> <i>rc5-cfb</i> <i>rc5-ecb</i>
-<i>rc5-ofb</i>
-</pre>
-
-<p>Here are some additional ciphers supported by BouncyCastle, but not by OpenSSL:</p>
-<pre>
-<i>cast6</i>
-<i>gost</i> (aka: <i>gost28147</i>)
-<i>rc6</i>
-<i>seed</i>
-<i>serpent</i>
-<i>skipjack</i>
-<i>tea</i>
-<i>twofish</i>
-<i>xtea</i>
-</pre>
-
-<hr/>
-<h3><a name="Quick-FAQ">Quick FAQ about PBE and Java</a></h3>
-<hr/>
-<dl>
-<dt>Why do I keep getting "java.security.InvalidKeyException: Illegal key size"?</dt>
-<dd>
-Don't forget to install your JVM's Unlimited Strength
-Jurisdiction Policy Files if you want AES-192 and AES-256 to work. (Same is true
-for Camillia-192, Camellia-256, and GOST28147).
-
-Visit <a href="http://java.sun.com/javase/downloads/">http://java.sun.com/javase/downloads/</a>
-and scroll to the bottom:
-<blockquote>
-Other Downloads
-<br/>Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
-</blockquote>
-You can use DES-3 (168 bit keys) without
-installing the extra policy files.
-</dd>
-<dt>Why do the encrypted files always start with "Salted__" ("U2FsdGVkX1" in base64)?
-Isn't giving away information like this insecure?</dt>
-<dd>
-The encrypted files must always start with "Salted__" to interoperate with OpenSSL.
-OpenSSL expects this. The 8 bytes that spell "Salted__" are always immediately followed
-by another random 8 bytes of salt. The encrypted stream starts at the 17th byte.
-This way, even if you use the same password to encrypt 2 different files, the actual
-secret keys used to encrypt these 2 files are very different.
-<br/>
-<br/>
-It is possible to omit the salt, but this is highly discouraged:
-
-<pre style="padding: 10px; float: left;">
-boolean useBase64 = true;
-boolean useSalt = false; <em style="color: green;">// Omitting the salt is bad for security!</em>
-byte[] result = <a href="http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20char[],%20byte[],%20boolean,%20boolean)">OpenSSL.encrypt(alg, pwd, data, useBase64, useSalt);</a>
-</pre>
-<br clear="all"/>
-</dd>
-<dt><a name="nqr">Why</a> is code example above "not quite right"?</dt>
-<dd>It relies on the platform's default character set. Here is the proper version (forcing UTF-8):
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>PBE example (DES-3):</b></u>
-
-char[] password = {'c','h','a','n','g','e','i','t'};
-byte[] data = "Hello World!".getBytes("UTF-8");
-
-<em style="color: green;">// Encrypt!</em>
-byte[] encrypted = OpenSSL.encrypt("des3", password, data);
-System.out.println("ENCRYPTED: [" + new String(encrypted, "UTF-8") + "]");
-
-<em style="color: green;">// Decrypt results of previous!</em>
-data = OpenSSL.decrypt("des3", password, encrypted);
-System.out.println("DECRYPTED: [" + new String(data, "UTF-8") + "]");
-
-OUTPUT:
-======================
-ENCRYPTED: [U2FsdGVkX19qplb9qVDVVEYxH8wjJDGpMS+F4/2pS2c=]
-DECRYPTED: [Hello World!]
-</pre>
-</dd>
-</dl>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/ping.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/ping.html b/3rdparty/not-yet-commons-ssl/docs/ping.html
deleted file mode 100644
index 3458d07..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/ping.html
+++ /dev/null
@@ -1,93 +0,0 @@
-<html>
-<head>
-<title>Commons-SSL - Utilities</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-li.top { margin-top: 10px; }
-ul.openssl { float: left; width: 100px; margin-top: 8px; }
-ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
-</style>
-</head>
-<body>
-<h1>commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<span class="hl" href="utilities.html">utilities</span> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>Ping</h2>
-
-<p>"org.apache.commons.ssl.Ping" contains a main method to help you diagnose SSL issues.
-It's modeled on OpenSSL's very handy "s_client" utility. We've been very careful to
-make sure "org.apache.commons.ssl.Ping" can execute without any additional jar files
-on the classpath (except if using Java 1.3 - then you'll need jsse.jar).</p>
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>"Ping" Utility Attempts "HEAD / HTTP/1.1" Request</b></u>
-This utility is very handy because it can get you the server's public
-certificate even if your client certificate is bad (so even though the SSL
-handshake fails). And unlike "openssl s_client", this utility can bind
-against any IP address available.
-
-Usage: java -jar not-yet-commons-ssl-0.3.13.jar [options]
-Version: 0.3.13 Compiled: [PDT:2014-05-08/14:15:16.000]
-Options: (*=required)
-* -t --target [hostname[:port]] default port=443
- -b --bind [hostname[:port]] default port=0 "ANY"
- -r --proxy [hostname[:port]] default port=80
- -tm --trust-cert [path to trust material] {pem, der, crt, jks}
- -km --client-cert [path to client's private key] {jks, pkcs12, pkcs8}
- -cc --cert-chain [path to client's cert chain for pkcs8/OpenSSL key]
- -p --password [client cert password]
- -h --host-header [http-host-header] in case -t is an IP address
- -u --path [path for GET/HEAD request] default=/
- -m --method [http method to use] default=HEAD
-
-Example:
-
-java -jar commons-ssl.jar -t host.com:443 -c ./client.pfx -p `cat ./pass.txt` </pre><br clear="all"/>
-
-<p style="margin-top: 8px;"><b>TODO:</b><br/>Apparently Java 6.0 includes support for grabbing passwords from
-standard-in without echoing the typed characters. Would be nice to use that feature when it's
-available, instead of requiring the password to be specified as a command-line argument.</p>
-
-<hr/>
-<h2>KeyStoreBuilder</em></h2>
-<p><code>java -cp not-yet-commons-ssl-0.3.13.jar org.apache.commons.ssl.KeyStoreBuilder</code></p>
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>KeyStoreBuilder converts PKCS12 and PKCS8 to Java "Keystore", and vice versa.</b></u>
-KeyStoreBuilder: creates '[alias].jks' (Java Key Store)
- -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8)
-[alias] will be set to the first CN value of the X509 certificate.
--------------------------------------------------------------------
-Usage1: [password] [file:pkcs12]
-Usage2: [password] [file:private-key] [file:certificate-chain]
-Usage3: -topk8 [password] [file:jks]
--------------------------------------------------------------------
-[private-key] can be openssl format, or pkcs8.
-[password] decrypts [private-key], and also encrypts outputted JKS file.
-All files can be PEM or DER.</pre><br clear="all"/>
-
-<br/><b>Warning:</b>
- <span style="color: red; font-weight: bold;">-topk8 outputs the private key UNENCRYPTED!
-Cut and paste the private key into a separate file, and then use "openssl rsa" or "openssl dsa"
-to encrypt it with a password.</span>
-<br/>
-<br/>
-
-
-</body>
-</html>