You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/12 14:06:34 UTC
[26/50] [abbrv] directory-kerberos git commit: Renaming packages in
haox-kerb projects, using "apache"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/event/KrbClientEventType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/event/KrbClientEventType.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/event/KrbClientEventType.java
deleted file mode 100644
index a36dc88..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/event/KrbClientEventType.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.haox.kerb.client.event;
-
-import org.apache.haox.event.EventType;
-
-public enum KrbClientEventType implements EventType {
- TGT_INTENT,
- TGT_RESULT,
- TKT_INTENT,
- TKT_RESULT
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/AbstractPreauthPlugin.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/AbstractPreauthPlugin.java
deleted file mode 100644
index 9c23204..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/AbstractPreauthPlugin.java
+++ /dev/null
@@ -1,103 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.preauth.PaFlag;
-import org.haox.kerb.preauth.PaFlags;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.preauth.PreauthPluginMeta;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EncryptionType;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-
-import java.util.Collections;
-import java.util.List;
-
-public class AbstractPreauthPlugin implements KrbPreauth {
-
- private PreauthPluginMeta pluginMeta;
- protected KrbContext context;
-
- public AbstractPreauthPlugin(PreauthPluginMeta meta) {
- this.pluginMeta = meta;
- }
-
- @Override
- public String getName() {
- return pluginMeta.getName();
- }
-
- public int getVersion() {
- return pluginMeta.getVersion();
- }
-
- public PaDataType[] getPaTypes() {
- return pluginMeta.getPaTypes();
- }
-
- public void init(KrbContext context) {
- this.context = context;
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- return null;
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException {
-
- kdcRequest.needAsKey();
- }
-
- @Override
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
- return Collections.emptyList();
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext, KrbOptions options) {
-
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext, PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- return false;
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext, PaDataType preauthType,
- PaData errPadata, PaData outPadata) {
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
- @Override
- public void destroy() {
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/FastContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/FastContext.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/FastContext.java
deleted file mode 100644
index e1bef43..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/FastContext.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import org.haox.kerb.spec.common.EncryptionKey;
-import org.haox.kerb.spec.fast.FastOptions;
-import org.haox.kerb.spec.fast.KrbFastArmor;
-import org.haox.kerb.spec.kdc.KdcReq;
-
-public class FastContext {
-
- public KdcReq fastOuterRequest;
- public EncryptionKey armorKey;
- public KrbFastArmor fastArmor;
- public FastOptions fastOptions;
- public int nonce;
- public int fastFlags;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/KrbPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/KrbPreauth.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/KrbPreauth.java
deleted file mode 100644
index 139e4e7..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/KrbPreauth.java
+++ /dev/null
@@ -1,88 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.preauth.PaFlags;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.preauth.PreauthPluginMeta;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EncryptionType;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-
-import java.util.List;
-
-/**
- * Client side preauth plugin module
- */
-public interface KrbPreauth extends PreauthPluginMeta {
-
- /**
- * Initializing preauth plugin context
- */
- public void init(KrbContext krbContext);
-
- /**
- * Initializing request context
- */
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest);
-
- /**
- * Prepare questions to prompt to you asking for credential
- */
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException;
-
- /**
- * Get supported encryption types
- */
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext);
-
- /**
- * Set krb options passed from user
- */
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions preauthOptions);
-
- /**
- * Attempt to try any initial padata derived from user options
- */
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException;
-
- /**
- * Process server returned paData and return back any result paData
- * Return true indicating padata is added
- */
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException;
-
- /**
- * When another request to server in the 4 pass, any paData to provide?
- * Return true indicating padata is added
- */
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata);
-
- /**
- * Return PA_REAL if pa_type is a real preauthentication type or PA_INFO if it is
- * an informational type.
- */
- public PaFlags getFlags(PaDataType paType);
-
- /**
- * When exiting...
- */
- public void destroy();
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthContext.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthContext.java
deleted file mode 100644
index e7b198b..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthContext.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthContext {
- private boolean preauthRequired = true;
- private PaData inputPaData;
- private PaData outputPaData;
- private PaData errorPaData;
- private UserResponser userResponser = new UserResponser();
- private PaDataType selectedPaType;
- private PaDataType allowedPaType;
- private List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
- private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
-
- public PreauthContext() {
- this.selectedPaType = PaDataType.NONE;
- this.allowedPaType = PaDataType.NONE;
- this.outputPaData = new PaData();
- }
-
- public boolean isPreauthRequired() {
- return preauthRequired;
- }
-
- public void setPreauthRequired(boolean preauthRequired) {
- this.preauthRequired = preauthRequired;
- }
-
- public UserResponser getUserResponser() {
- return userResponser;
- }
-
- public boolean isPaTypeAllowed(PaDataType paType) {
- return (allowedPaType == PaDataType.NONE ||
- allowedPaType == paType);
- }
-
- public PaData getOutputPaData() throws KrbException {
- return outputPaData;
- }
-
- public boolean hasInputPaData() {
- return (inputPaData != null && ! inputPaData.isEmpty());
- }
-
- public PaData getInputPaData() {
- return inputPaData;
- }
-
- public void setInputPaData(PaData inputPaData) {
- this.inputPaData = inputPaData;
- }
-
- public PaData getErrorPaData() {
- return errorPaData;
- }
-
- public void setErrorPaData(PaData errorPaData) {
- this.errorPaData = errorPaData;
- }
-
- public void setAllowedPaType(PaDataType paType) {
- this.allowedPaType = paType;
- }
-
- public List<PreauthHandle> getHandles() {
- return handles;
- }
-
- public PaDataType getAllowedPaType() {
- return allowedPaType;
- }
-
- public boolean checkAndPutTried(PaDataType paType) {
- for (PaDataType pt : triedPaTypes) {
- if (pt == paType) {
- return true;
- }
- }
- triedPaTypes.add(paType);
- return false;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandle.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandle.java
deleted file mode 100644
index 1f440ba..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandle.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.preauth.PaFlags;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class PreauthHandle {
-
- public KrbPreauth preauth;
- public PluginRequestContext requestContext;
-
- public PreauthHandle(KrbPreauth preauth) {
- this.preauth = preauth;
- }
-
- public void initRequestContext(KdcRequest kdcRequest) {
- requestContext = preauth.initRequestContext(kdcRequest);
- }
-
- public void prepareQuestions(KdcRequest kdcRequest) throws KrbException {
- preauth.prepareQuestions(kdcRequest, requestContext);
- }
-
- public void setPreauthOptions(KdcRequest kdcRequest,
- KrbOptions preauthOptions) throws KrbException {
- preauth.setPreauthOptions(kdcRequest, requestContext, preauthOptions);
- }
-
- public void tryFirst(KdcRequest kdcRequest, PaData outPadata) throws KrbException {
- preauth.tryFirst(kdcRequest, requestContext, outPadata);
- }
-
- public boolean process(KdcRequest kdcRequest,
- PaDataEntry inPadata, PaData outPadata) throws KrbException {
- return preauth.process(kdcRequest, requestContext, inPadata, outPadata);
- }
-
- public boolean tryAgain(KdcRequest kdcRequest,
- PaDataType paType, PaData errPadata, PaData paData) {
- return preauth.tryAgain(kdcRequest, requestContext, paType, errPadata, paData);
- }
-
- public boolean isReal(PaDataType paType) {
- PaFlags paFlags = preauth.getFlags(paType);
- return paFlags.isReal();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandler.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandler.java
deleted file mode 100644
index 7e4b306..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/PreauthHandler.java
+++ /dev/null
@@ -1,230 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.preauth.builtin.EncTsPreauth;
-import org.haox.kerb.client.preauth.builtin.TgtPreauth;
-import org.haox.kerb.client.preauth.pkinit.PkinitPreauth;
-import org.haox.kerb.client.preauth.token.TokenPreauth;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.codec.KrbCodec;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EtypeInfo;
-import org.haox.kerb.spec.common.EtypeInfo2;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthHandler {
- private KrbContext krbContext;
- private List<KrbPreauth> preauths;
-
- public void init(KrbContext krbContext) {
- this.krbContext = krbContext;
- loadPreauthPlugins(krbContext);
- }
-
- private void loadPreauthPlugins(KrbContext context) {
- preauths = new ArrayList<KrbPreauth>();
-
- KrbPreauth preauth = new EncTsPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new TgtPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new PkinitPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new TokenPreauth();
- preauth.init(context);
- preauths.add(preauth);
- }
-
- public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
- PreauthContext preauthContext = new PreauthContext();
- preauthContext.setPreauthRequired(krbContext.getConfig().isPreauthRequired());
- for (KrbPreauth preauth : preauths) {
- PreauthHandle handle = new PreauthHandle(preauth);
- handle.initRequestContext(kdcRequest);
- preauthContext.getHandles().add(handle);
- }
-
- return preauthContext;
- }
-
- /**
- * Process preauth inputs and options, prepare and generate pdata to be out
- */
- public void preauth(KdcRequest kdcRequest) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- if (!preauthContext.isPreauthRequired()) {
- return;
- }
-
- if (!preauthContext.hasInputPaData()) {
- tryFirst(kdcRequest, preauthContext.getOutputPaData());
- return;
- }
-
- attemptETypeInfo(kdcRequest, preauthContext.getInputPaData());
-
- setPreauthOptions(kdcRequest, kdcRequest.getPreauthOptions());
-
- prepareUserResponses(kdcRequest, preauthContext.getInputPaData());
-
- preauthContext.getUserResponser().respondQuestions();
-
- if (!kdcRequest.isRetrying()) {
- process(kdcRequest, preauthContext.getInputPaData(),
- preauthContext.getOutputPaData());
- } else {
- tryAgain(kdcRequest, preauthContext.getInputPaData(),
- preauthContext.getOutputPaData());
- }
- }
-
- public void prepareUserResponses(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PaDataEntry pae : inPadata.getElements()) {
- if (! preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
- continue;
- }
-
- PreauthHandle handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) {
- continue;
- }
-
- handle.prepareQuestions(kdcRequest);
- }
- }
-
- public void setPreauthOptions(KdcRequest kdcRequest,
- KrbOptions preauthOptions) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- handle.setPreauthOptions(kdcRequest, preauthOptions);
- }
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PaData outPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- PreauthHandle handle = findHandle(kdcRequest,
- preauthContext.getAllowedPaType());
- handle.tryFirst(kdcRequest, outPadata);
- }
-
- public void process(KdcRequest kdcRequest,
- PaData inPadata, PaData outPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- /**
- * Process all informational padata types, then the first real preauth type
- * we succeed on
- */
- for (int real = 0; real <= 1; real ++) {
- for (PaDataEntry pae : inPadata.getElements()) {
-
- // Restrict real mechanisms to the chosen one if we have one
- if (real >0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
- continue;
- }
-
- PreauthHandle handle = findHandle(kdcRequest,
- preauthContext.getAllowedPaType());
- if (handle == null) {
- continue;
- }
-
- // Make sure this type is for the current pass
- int tmpReal = handle.isReal(pae.getPaDataType()) ? 1 : 0;
- if (tmpReal != real) {
- continue;
- }
-
- if (real > 0 && preauthContext.checkAndPutTried(pae.getPaDataType())) {
- continue;
- }
-
- boolean gotData = handle.process(kdcRequest, pae, outPadata);
- if (real > 0 && gotData) {
- return;
- }
- }
- }
- }
-
- public void tryAgain(KdcRequest kdcRequest,
- PaData inPadata, PaData outPadata) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- PreauthHandle handle;
- for (PaDataEntry pae : inPadata.getElements()) {
- handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) continue;
-
- boolean gotData = handle.tryAgain(kdcRequest,
- pae.getPaDataType(), preauthContext.getErrorPaData(), outPadata);
- }
- }
-
- public void destroy() {
- for (KrbPreauth preauth : preauths) {
- preauth.destroy();
- }
- }
-
- private PreauthHandle findHandle(KdcRequest kdcRequest,
- PaDataType paType) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- for (PaDataType pt : handle.preauth.getPaTypes()) {
- if (pt == paType) {
- return handle;
- }
- }
- }
- return null;
- }
-
- private void attemptETypeInfo(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- // Find an etype-info2 or etype-info element in padata
- EtypeInfo etypeInfo = null;
- EtypeInfo2 etypeInfo2 = null;
- PaDataEntry pae = inPadata.findEntry(PaDataType.ETYPE_INFO);
- if (pae != null) {
- etypeInfo = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo.class);
- } else {
- pae = inPadata.findEntry(PaDataType.ETYPE_INFO2);
- if (pae != null) {
- etypeInfo2 = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo2.class);
- }
- }
-
- if (etypeInfo == null && etypeInfo2 == null) {
- attemptSalt(kdcRequest, inPadata);
- }
- }
-
- private void attemptSalt(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponseItem.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponseItem.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponseItem.java
deleted file mode 100644
index 609640d..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponseItem.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-public class UserResponseItem {
- protected String question;
- protected String challenge;
- protected String answer;
-
- public UserResponseItem(String question, String challenge) {
- this.question = question;
- this.challenge = challenge;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponser.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponser.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponser.java
deleted file mode 100644
index ee86ba7..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/UserResponser.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package org.haox.kerb.client.preauth;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class UserResponser {
-
- private List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
-
- /**
- * Let customize an interface like CMD or WEB UI to selectively respond all the questions
- */
- public void respondQuestions() {
- // TODO
- }
-
- public UserResponseItem findQuestion(String question) {
- for (UserResponseItem ri : items) {
- if (ri.question.equals(question)) {
- return ri;
- }
- }
- return null;
- }
-
- public void askQuestion(String question, String challenge) {
- UserResponseItem ri = findQuestion(question);
- if (ri == null) {
- items.add(new UserResponseItem(question, challenge));
- } else {
- ri.challenge = challenge;
- }
- }
-
- public String getChallenge(String question) {
- UserResponseItem ri = findQuestion(question);
- if (ri != null) {
- return ri.challenge;
- }
- return null;
- }
-
- public void setAnswer(String question, String answer) {
- UserResponseItem ri = findQuestion(question);
- if (ri == null) {
- throw new IllegalArgumentException("Question isn't exist for the answer");
- }
- ri.answer = answer;
- }
-
- public String getAnswer(String question) {
- UserResponseItem ri = findQuestion(question);
- if (ri != null) {
- return ri.answer;
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/EncTsPreauth.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/EncTsPreauth.java
deleted file mode 100644
index 14fcdfa..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/EncTsPreauth.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.haox.kerb.client.preauth.builtin;
-
-import org.haox.kerb.client.preauth.AbstractPreauthPlugin;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.common.EncryptionUtil;
-import org.haox.kerb.preauth.PaFlag;
-import org.haox.kerb.preauth.PaFlags;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.preauth.builtin.EncTsPreauthMeta;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EncryptedData;
-import org.haox.kerb.spec.common.KeyUsage;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-import org.haox.kerb.spec.pa.PaEncTsEnc;
-
-public class EncTsPreauth extends AbstractPreauthPlugin {
-
- public EncTsPreauth() {
- super(new EncTsPreauthMeta());
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException {
-
- kdcRequest.needAsKey();
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- if (kdcRequest.getAsKey() == null) {
- kdcRequest.needAsKey();
- }
- outPadata.addElement(makeEntry(kdcRequest));
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- if (kdcRequest.getAsKey() == null) {
- kdcRequest.needAsKey();
- }
- outPadata.addElement(makeEntry(kdcRequest));
-
- return true;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
- private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
- PaEncTsEnc paTs = new PaEncTsEnc();
- paTs.setPaTimestamp(kdcRequest.getPreauthTime());
-
- EncryptedData paDataValue = EncryptionUtil.seal(paTs,
- kdcRequest.getAsKey(), KeyUsage.AS_REQ_PA_ENC_TS);
- PaDataEntry tsPaEntry = new PaDataEntry();
- tsPaEntry.setPaDataType(PaDataType.ENC_TIMESTAMP);
- tsPaEntry.setPaDataValue(paDataValue.encode());
-
- return tsPaEntry;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/TgtPreauth.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/TgtPreauth.java
deleted file mode 100644
index b6c58f7..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/builtin/TgtPreauth.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package org.haox.kerb.client.preauth.builtin;
-
-import org.haox.kerb.client.preauth.AbstractPreauthPlugin;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.client.request.TgsRequest;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.preauth.builtin.TgtPreauthMeta;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class TgtPreauth extends AbstractPreauthPlugin {
-
- public TgtPreauth() {
- super(new TgtPreauthMeta());
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- outPadata.addElement(makeEntry(kdcRequest));
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- outPadata.addElement(makeEntry(kdcRequest));
-
- return true;
- }
-
- private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
-
- TgsRequest tgsRequest = (TgsRequest) kdcRequest;
-
- PaDataEntry paEntry = new PaDataEntry();
- paEntry.setPaDataType(PaDataType.TGS_REQ);
- paEntry.setPaDataValue(tgsRequest.getApReq().encode());
-
- return paEntry;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitContext.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitContext.java
deleted file mode 100644
index 3b10333..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitContext.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.haox.kerb.client.preauth.pkinit;
-
-import org.haox.kerb.preauth.pkinit.IdentityOpts;
-import org.haox.kerb.preauth.pkinit.PluginOpts;
-
-public class PkinitContext {
-
- public PluginOpts pluginOpts = new PluginOpts();
- public IdentityOpts identityOpts = new IdentityOpts();
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitPreauth.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitPreauth.java
deleted file mode 100644
index a80003a..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ /dev/null
@@ -1,214 +0,0 @@
-package org.haox.kerb.client.preauth.pkinit;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOption;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.preauth.AbstractPreauthPlugin;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.preauth.PaFlag;
-import org.haox.kerb.preauth.PaFlags;
-import org.haox.kerb.preauth.pkinit.PkinitIdenity;
-import org.haox.kerb.preauth.pkinit.PkinitPreauthMeta;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.KerberosTime;
-import org.haox.kerb.spec.common.EncryptionKey;
-import org.haox.kerb.spec.common.EncryptionType;
-import org.haox.kerb.spec.common.PrincipalName;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-import org.haox.kerb.spec.pa.pkinit.*;
-import org.haox.kerb.spec.x509.SubjectPublicKeyInfo;
-
-public class PkinitPreauth extends AbstractPreauthPlugin {
-
- private PkinitContext pkinitContext;
-
- public PkinitPreauth() {
- super(new PkinitPreauthMeta());
- }
-
- @Override
- public void init(KrbContext context) {
- super.init(context);
- this.pkinitContext = new PkinitContext();
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- PkinitRequestContext reqCtx = new PkinitRequestContext();
-
- reqCtx.updateRequestOpts(pkinitContext.pluginOpts);
-
- return reqCtx;
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions options) {
- if (options.contains(KrbOption.PKINIT_X509_IDENTITY)) {
- pkinitContext.identityOpts.identity =
- options.getStringOption(KrbOption.PKINIT_X509_IDENTITY);
- }
-
- if (options.contains(KrbOption.PKINIT_X509_ANCHORS)) {
- pkinitContext.identityOpts.anchors.add(
- options.getStringOption(KrbOption.PKINIT_X509_ANCHORS));
- }
-
- if (options.contains(KrbOption.PKINIT_USING_RSA)) {
- pkinitContext.pluginOpts.usingRsa =
- options.getBooleanOption(KrbOption.PKINIT_USING_RSA);
- }
-
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
-
- if (!reqCtx.identityInitialized) {
- PkinitIdenity.initialize(reqCtx.identityOpts, kdcRequest.getClientPrincipal());
- reqCtx.identityInitialized = true;
- }
-
- // Might have questions asking for password to access the private key
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
- if (inPadata == null) return false;
-
- boolean processingRequest = false;
- switch (inPadata.getPaDataType()) {
- case PK_AS_REQ:
- processingRequest = true;
- break;
- case PK_AS_REP:
- break;
- }
-
- if (processingRequest) {
- generateRequest(reqCtx, kdcRequest, outPadata);
- } else {
- EncryptionType encType = kdcRequest.getEncType();
- processReply(kdcRequest, reqCtx, inPadata, encType);
- }
-
- return false;
- }
-
- private void generateRequest(PkinitRequestContext reqCtx, KdcRequest kdcRequest,
- PaData outPadata) {
-
- }
-
- private PaPkAsReq makePaPkAsReq(PkinitContext pkinitContext, PkinitRequestContext reqCtx,
- KerberosTime ctime, int cusec, int nonce, byte[] checksum,
- PrincipalName client, PrincipalName server) {
-
- PaPkAsReq paPkAsReq = new PaPkAsReq();
- AuthPack authPack = new AuthPack();
- SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo();
- PkAuthenticator pkAuthen = new PkAuthenticator();
-
- boolean usingRsa = reqCtx.requestOpts.usingRsa;
- PaDataType paType = reqCtx.paType = PaDataType.PK_AS_REQ;
-
- pkAuthen.setCtime(ctime);
- pkAuthen.setCusec(cusec);
- pkAuthen.setNonce(nonce);
- pkAuthen.setPaChecksum(checksum);
-
- authPack.setPkAuthenticator(pkAuthen);
- DHNonce dhNonce = new DHNonce();
- authPack.setClientDhNonce(dhNonce);
- authPack.setClientPublicValue(pubInfo);
-
- authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
-
- if (usingRsa) {
- // DH case
- } else {
- authPack.setClientPublicValue(null);
- }
-
- byte[] signedAuthPack = signAuthPack(pkinitContext, reqCtx, authPack);
- paPkAsReq.setSignedAuthPack(signedAuthPack);
-
- TrustedCertifiers trustedCertifiers = pkinitContext.pluginOpts.createTrustedCertifiers();
- paPkAsReq.setTrustedCertifiers(trustedCertifiers);
-
- byte[] kdcPkId = pkinitContext.pluginOpts.createIssuerAndSerial();
- paPkAsReq.setKdcPkId(kdcPkId);
-
- return paPkAsReq;
- }
-
- private byte[] signAuthPack(PkinitContext pkinitContext,
- PkinitRequestContext reqCtx, AuthPack authPack) {
- return null;
- }
-
- private void processReply(KdcRequest kdcRequest,
- PkinitRequestContext reqCtx,
- PaDataEntry inPadata,
- EncryptionType encType) {
-
- EncryptionKey asKey = null;
-
- // TODO
-
- kdcRequest.setAsKey(asKey);
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata) {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
- if (reqCtx.paType != preauthType && errPadata == null) {
- return false;
- }
-
- boolean doAgain = false;
- for (PaDataEntry pde : errPadata.getElements()) {
- switch (pde.getPaDataType()) {
- // TODO
- }
- }
-
- if (doAgain) {
- generateRequest(reqCtx, kdcRequest, outPadata);
- }
-
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestContext.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestContext.java
deleted file mode 100644
index 5fa488c..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestContext.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.haox.kerb.client.preauth.pkinit;
-
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.preauth.pkinit.IdentityOpts;
-import org.haox.kerb.preauth.pkinit.PluginOpts;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class PkinitRequestContext implements PluginRequestContext {
-
- public PkinitRequestOpts requestOpts = new PkinitRequestOpts();
- public IdentityOpts identityOpts = new IdentityOpts();
- public boolean doIdentityMatching;
- public PaDataType paType;
- public boolean rfc6112Kdc;
- public boolean identityInitialized;
- public boolean identityPrompted;
-
- public void updateRequestOpts(PluginOpts pluginOpts) {
- requestOpts.requireEku = pluginOpts.requireEku;
- requestOpts.acceptSecondaryEku = pluginOpts.acceptSecondaryEku;
- requestOpts.allowUpn = pluginOpts.allowUpn;
- requestOpts.usingRsa = pluginOpts.usingRsa;
- requestOpts.requireCrlChecking = pluginOpts.requireCrlChecking;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestOpts.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestOpts.java
deleted file mode 100644
index c1641ec..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/pkinit/PkinitRequestOpts.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package org.haox.kerb.client.preauth.pkinit;
-
-public class PkinitRequestOpts {
-
- // From MIT Krb5 _pkinit_plg_opts
-
- // require EKU checking (default is true)
- public boolean requireEku = true;
- // accept secondary EKU (default is false)
- public boolean acceptSecondaryEku = false;
- // allow UPN-SAN instead of pkinit-SAN
- public boolean allowUpn = true;
- // selects DH or RSA based pkinit
- public boolean usingRsa = true;
- // require CRL for a CA (default is false)
- public boolean requireCrlChecking = false;
- // initial request DH modulus size (default=1024)
- public int dhSize = 1024;
-
- public boolean requireHostnameMatch = true;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenContext.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenContext.java
deleted file mode 100644
index 32b1221..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenContext.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.haox.kerb.client.preauth.token;
-
-import org.haox.token.KerbToken;
-
-public class TokenContext {
-
- public boolean usingIdToken = true;
- public KerbToken token = null;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenPreauth.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenPreauth.java
deleted file mode 100644
index 22c7519..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenPreauth.java
+++ /dev/null
@@ -1,105 +0,0 @@
-package org.haox.kerb.client.preauth.token;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOption;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.preauth.AbstractPreauthPlugin;
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.client.request.KdcRequest;
-import org.haox.kerb.preauth.PaFlag;
-import org.haox.kerb.preauth.PaFlags;
-import org.haox.kerb.preauth.token.TokenPreauthMeta;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EncryptionType;
-import org.haox.kerb.spec.pa.PaData;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-import org.haox.token.KerbToken;
-
-import java.util.Collections;
-import java.util.List;
-
-public class TokenPreauth extends AbstractPreauthPlugin {
-
- private TokenContext tokenContext;
-
- public TokenPreauth() {
- super(new TokenPreauthMeta());
- }
-
- public void init(KrbContext context) {
- super.init(context);
- this.tokenContext = new TokenContext();
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- TokenRequestContext reqCtx = new TokenRequestContext();
-
- return reqCtx;
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
-
- }
-
- @Override
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
- return Collections.emptyList();
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions options) {
-
- tokenContext.usingIdToken = options.getBooleanOption(KrbOption.TOKEN_USING_IDTOKEN);
- if (tokenContext.usingIdToken) {
- if (options.contains(KrbOption.TOKEN_USER_ID_TOKEN)) {
- tokenContext.token =
- (KerbToken) options.getOptionValue(KrbOption.TOKEN_USER_ID_TOKEN);
- }
- } else {
- if (options.contains(KrbOption.TOKEN_USER_AC_TOKEN)) {
- tokenContext.token =
- (KerbToken) options.getOptionValue(KrbOption.TOKEN_USER_AC_TOKEN);
- }
- }
-
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- return false;
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata) {
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenRequestContext.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenRequestContext.java
deleted file mode 100644
index 9ca0547..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/preauth/token/TokenRequestContext.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.haox.kerb.client.preauth.token;
-
-import org.haox.kerb.preauth.PluginRequestContext;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class TokenRequestContext implements PluginRequestContext {
-
- public boolean doIdentityMatching;
- public PaDataType paType;
- public boolean identityInitialized;
- public boolean identityPrompted;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequest.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequest.java
deleted file mode 100644
index 00c1dbe..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequest.java
+++ /dev/null
@@ -1,108 +0,0 @@
-package org.haox.kerb.client.request;
-
-import org.haox.kerb.KrbErrorCode;
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.KrbConstant;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.*;
-import org.haox.kerb.spec.kdc.*;
-import org.haox.kerb.spec.ticket.TgtTicket;
-
-import java.io.IOException;
-import java.util.List;
-
-public class AsRequest extends KdcRequest {
-
- private PrincipalName clientPrincipal;
- private EncryptionKey clientKey;
-
- public AsRequest(KrbContext context) {
- super(context);
-
- setServerPrincipal(makeTgsPrincipal());
- }
-
- public PrincipalName getClientPrincipal() {
- return clientPrincipal;
- }
-
- public void setClientPrincipal(PrincipalName clientPrincipal) {
- this.clientPrincipal = clientPrincipal;
- }
-
- public void setClientKey(EncryptionKey clientKey) {
- this.clientKey = clientKey;
- }
-
- public EncryptionKey getClientKey() throws KrbException {
- return clientKey;
- }
-
- @Override
- public void process() throws KrbException {
- super.process();
-
- KdcReqBody body = makeReqBody();
-
- AsReq asReq = new AsReq();
- asReq.setReqBody(body);
- asReq.setPaData(getPreauthContext().getOutputPaData());
-
- setKdcReq(asReq);
- }
-
- @Override
- public void processResponse(KdcRep kdcRep) throws KrbException {
- setKdcRep(kdcRep);
-
- PrincipalName clientPrincipal = getKdcRep().getCname();
- String clientRealm = getKdcRep().getCrealm();
- clientPrincipal.setRealm(clientRealm);
- if (! clientPrincipal.equals(getClientPrincipal())) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_NAME_MISMATCH);
- }
-
- byte[] decryptedData = decryptWithClientKey(getKdcRep().getEncryptedEncPart(),
- KeyUsage.AS_REP_ENCPART);
- EncKdcRepPart encKdcRepPart = new EncAsRepPart();
- try {
- encKdcRepPart.decode(decryptedData);
- } catch (IOException e) {
- throw new KrbException("Failed to decode EncAsRepPart", e);
- }
- getKdcRep().setEncPart(encKdcRepPart);
-
- if (getChosenNonce() != encKdcRepPart.getNonce()) {
- throw new KrbException("Nonce didn't match");
- }
-
- PrincipalName serverPrincipal = encKdcRepPart.getSname();
- serverPrincipal.setRealm(encKdcRepPart.getSrealm());
- if (! serverPrincipal.equals(getServerPrincipal())) {
- throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
- }
-
- HostAddresses hostAddresses = getHostAddresses();
- if (hostAddresses != null) {
- List<HostAddress> requestHosts = hostAddresses.getElements();
- if (!requestHosts.isEmpty()) {
- List<HostAddress> responseHosts = encKdcRepPart.getCaddr().getElements();
- for (HostAddress h : requestHosts) {
- if (!responseHosts.contains(h)) {
- throw new KrbException("Unexpected client host");
- }
- }
- }
- }
- }
-
- public TgtTicket getTicket() {
- TgtTicket TgtTicket = new TgtTicket(getKdcRep().getTicket(),
- (EncAsRepPart) getKdcRep().getEncPart(), getKdcRep().getCname().getName());
- return TgtTicket;
- }
-
- private PrincipalName makeTgsPrincipal() {
- return new PrincipalName(KrbConstant.TGS_PRINCIPAL + "@" + getContext().getKdcRealm());
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithCert.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithCert.java
deleted file mode 100644
index ee516eb..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithCert.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.haox.kerb.client.request;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOption;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class AsRequestWithCert extends AsRequest {
-
- public static final String ANONYMOUS_PRINCIPAL = "ANONYMOUS@WELLKNOWN:ANONYMOUS";
-
- public AsRequestWithCert(KrbContext context) {
- super(context);
-
- setAllowedPreauth(PaDataType.PK_AS_REQ);
- }
-
- @Override
- public void process() throws KrbException {
- throw new RuntimeException("To be implemented");
- }
-
- @Override
- public KrbOptions getPreauthOptions() {
- KrbOptions results = new KrbOptions();
-
- KrbOptions krbOptions = getKrbOptions();
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_CERTIFICATE));
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_ANCHORS));
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_PRIVATE_KEY));
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_IDENTITY));
- results.add(krbOptions.getOption(KrbOption.PKINIT_USING_RSA));
-
- return results;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithPasswd.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithPasswd.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithPasswd.java
deleted file mode 100644
index dd4bd47..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithPasswd.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package org.haox.kerb.client.request;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOption;
-import org.haox.kerb.crypto.EncryptionHandler;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EncryptionKey;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class AsRequestWithPasswd extends AsRequest {
-
- public AsRequestWithPasswd(KrbContext context) {
- super(context);
-
- setAllowedPreauth(PaDataType.ENC_TIMESTAMP);
- }
-
- public String getPassword() {
- return getKrbOptions().getStringOption(KrbOption.USER_PASSWD);
- }
-
- @Override
- public EncryptionKey getClientKey() throws KrbException {
- if (super.getClientKey() == null) {
- EncryptionKey tmpKey = EncryptionHandler.string2Key(getClientPrincipal().getName(),
- getPassword(), getChosenEncryptionType());
- setClientKey(tmpKey);
- }
- return super.getClientKey();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithToken.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithToken.java
deleted file mode 100644
index 554bf8e..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/AsRequestWithToken.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.haox.kerb.client.request;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOption;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.pa.PaDataType;
-
-public class AsRequestWithToken extends AsRequest {
-
- public AsRequestWithToken(KrbContext context) {
- super(context);
-
- setAllowedPreauth(PaDataType.TOKEN_REQUEST);
- }
-
- @Override
- public void process() throws KrbException {
- throw new RuntimeException("To be implemented");
- }
-
- @Override
- public KrbOptions getPreauthOptions() {
- KrbOptions results = new KrbOptions();
-
- KrbOptions krbOptions = getKrbOptions();
- results.add(krbOptions.getOption(KrbOption.TOKEN_USING_IDTOKEN));
- results.add(krbOptions.getOption(KrbOption.TOKEN_USER_ID_TOKEN));
- results.add(krbOptions.getOption(KrbOption.TOKEN_USER_AC_TOKEN));
-
- return results;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/KdcRequest.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/KdcRequest.java
deleted file mode 100644
index f6efe4b..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/KdcRequest.java
+++ /dev/null
@@ -1,339 +0,0 @@
-package org.haox.kerb.client.request;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.client.KrbOptions;
-import org.haox.kerb.client.preauth.FastContext;
-import org.haox.kerb.client.preauth.PreauthContext;
-import org.haox.kerb.client.preauth.PreauthHandler;
-import org.haox.kerb.crypto.EncryptionHandler;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.KerberosTime;
-import org.haox.kerb.spec.common.*;
-import org.haox.kerb.spec.kdc.KdcOptions;
-import org.haox.kerb.spec.kdc.KdcRep;
-import org.haox.kerb.spec.kdc.KdcReq;
-import org.haox.kerb.spec.kdc.KdcReqBody;
-import org.haox.kerb.spec.pa.PaDataType;
-import org.apache.haox.transport.Transport;
-
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * A wrapper for KdcReq request
- */
-public abstract class KdcRequest {
- private KrbContext context;
- private Transport transport;
-
- private KrbOptions krbOptions;
- private PrincipalName serverPrincipal;
- private List<HostAddress> hostAddresses = new ArrayList<HostAddress>();
- private KdcOptions kdcOptions = new KdcOptions();
- private List<EncryptionType> encryptionTypes;
- private EncryptionType chosenEncryptionType;
- private int chosenNonce;
- private KdcReq kdcReq;
- private KdcRep kdcRep;
- protected Map<String, Object> credCache;
- private PreauthContext preauthContext;
- private FastContext fastContext;
- private EncryptionKey asKey;
-
- private KrbError errorReply;
- private boolean isRetrying;
-
- public KdcRequest(KrbContext context) {
- this.context = context;
- this.isRetrying = false;
- this.credCache = new HashMap<String, Object>();
- this.preauthContext = context.getPreauthHandler()
- .preparePreauthContext(this);
- this.fastContext = new FastContext();
- }
-
- public void setTransport(Transport transport) {
- this.transport = transport;
- }
-
- public Transport getTransport() {
- return this.transport;
- }
-
- public void setKrbOptions(KrbOptions options) {
- this.krbOptions = options;
- }
-
- public KrbOptions getKrbOptions() {
- return krbOptions;
- }
-
- public boolean isRetrying() {
- return isRetrying;
- }
-
- public void setAsKey(EncryptionKey asKey) {
- this.asKey = asKey;
- }
-
- public EncryptionKey getAsKey() throws KrbException {
- return asKey;
- }
-
- public void setAllowedPreauth(PaDataType paType) {
- preauthContext.setAllowedPaType(paType);
- }
-
- public Map<String, Object> getCredCache() {
- return credCache;
- }
-
- public void setPreauthRequired(boolean preauthRequired) {
- preauthContext.setPreauthRequired(preauthRequired);
- }
-
- public PreauthContext getPreauthContext() {
- return preauthContext;
- }
-
- protected void loadCredCache() {
- // TODO
- }
-
- public KdcReq getKdcReq() {
- return kdcReq;
- }
-
- public void setKdcReq(KdcReq kdcReq) {
- this.kdcReq = kdcReq;
- }
-
- public KdcRep getKdcRep() {
- return kdcRep;
- }
-
- public void setKdcRep(KdcRep kdcRep) {
- this.kdcRep = kdcRep;
- }
-
- protected KdcReqBody makeReqBody() throws KrbException {
- KdcReqBody body = new KdcReqBody();
-
- long startTime = System.currentTimeMillis();
- body.setFrom(new KerberosTime(startTime));
-
- PrincipalName cName = null;
- cName = getClientPrincipal();
- body.setCname(cName);
-
- body.setRealm(cName.getRealm());
-
- PrincipalName sName = getServerPrincipal();
- body.setSname(sName);
-
- body.setTill(new KerberosTime(startTime + getTicketValidTime()));
-
- int nonce = generateNonce();
- body.setNonce(nonce);
- setChosenNonce(nonce);
-
- body.setKdcOptions(getKdcOptions());
-
- HostAddresses addresses = getHostAddresses();
- if (addresses != null) {
- body.setAddresses(addresses);
- }
-
- body.setEtypes(getEncryptionTypes());
-
- return body;
- }
-
- public KdcOptions getKdcOptions() {
- return kdcOptions;
- }
-
- public HostAddresses getHostAddresses() {
- HostAddresses addresses = null;
- if (!hostAddresses.isEmpty()) {
- addresses = new HostAddresses();
- for(HostAddress ha : hostAddresses) {
- addresses.addElement(ha);
- }
- }
- return addresses;
- }
-
- public KrbContext getContext() {
- return context;
- }
-
- protected byte[] decryptWithClientKey(EncryptedData data, KeyUsage usage) throws KrbException {
- return EncryptionHandler.decrypt(data, getClientKey(), usage);
- }
-
- public void setContext(KrbContext context) {
- this.context = context;
- }
-
- public void setHostAddresses(List<HostAddress> hostAddresses) {
- this.hostAddresses = hostAddresses;
- }
-
- public void setKdcOptions(KdcOptions kdcOptions) {
- this.kdcOptions = kdcOptions;
- }
-
- public abstract PrincipalName getClientPrincipal();
-
- public PrincipalName getServerPrincipal() {
- return serverPrincipal;
- }
-
- public void setServerPrincipal(PrincipalName serverPrincipal) {
- this.serverPrincipal = serverPrincipal;
- }
-
- public List<EncryptionType> getEncryptionTypes() {
- if (encryptionTypes == null) {
- encryptionTypes = context.getConfig().getEncryptionTypes();
- }
- return encryptionTypes;
- }
-
- public void setEncryptionTypes(List<EncryptionType> encryptionTypes) {
- this.encryptionTypes = encryptionTypes;
- }
-
- public EncryptionType getChosenEncryptionType() {
- return chosenEncryptionType;
- }
-
- public void setChosenEncryptionType(EncryptionType chosenEncryptionType) {
- this.chosenEncryptionType = chosenEncryptionType;
- }
-
- public int generateNonce() {
- return context.generateNonce();
- }
-
- public int getChosenNonce() {
- return chosenNonce;
- }
-
- public void setChosenNonce(int nonce) {
- this.chosenNonce = nonce;
- }
-
- public abstract EncryptionKey getClientKey() throws KrbException;
-
- public long getTicketValidTime() {
- return context.getTicketValidTime();
- }
-
- public KerberosTime getTicketTillTime() {
- long now = System.currentTimeMillis();
- return new KerberosTime(now + KerberosTime.MINUTE * 60 * 1000);
- }
-
- public void addHost(String hostNameOrIpAddress) throws UnknownHostException {
- InetAddress address = InetAddress.getByName(hostNameOrIpAddress);
- hostAddresses.add(new HostAddress(address));
- }
-
- public void process() throws KrbException {
- preauth();
- }
-
- public abstract void processResponse(KdcRep kdcRep) throws KrbException;
-
- public KrbOptions getPreauthOptions() {
- return new KrbOptions();
- }
-
- protected void preauth() throws KrbException {
- loadCredCache();
-
- List<EncryptionType> etypes = getEncryptionTypes();
- if (etypes.isEmpty()) {
- throw new KrbException("No encryption type is configured and available");
- }
- EncryptionType encryptionType = etypes.iterator().next();
- setChosenEncryptionType(encryptionType);
-
- getPreauthHandler().preauth(this);
- }
-
- protected PreauthHandler getPreauthHandler() {
- return getContext().getPreauthHandler();
- }
-
- /**
- * Indicate interest in the AS key.
- */
- public void needAsKey() throws KrbException {
- EncryptionKey clientKey = getClientKey();
- if (clientKey == null) {
- throw new RuntimeException("Client key should be prepared or prompted at this time!");
- }
- setAsKey(clientKey);
- }
-
- /**
- * Get the enctype expected to be used to encrypt the encrypted portion of
- * the AS_REP packet. When handling a PREAUTH_REQUIRED error, this
- * typically comes from etype-info2. When handling an AS reply, it is
- * initialized from the AS reply itself.
- */
- public EncryptionType getEncType() {
-
- return getChosenEncryptionType();
- }
-
- public void askQuestion(String question, String challenge) {
- preauthContext.getUserResponser().askQuestion(question, challenge);
- }
-
- /**
- * Get a pointer to the FAST armor key, or NULL if the client is not using FAST.
- */
- public EncryptionKey getArmorKey() {
- return fastContext.armorKey;
- }
-
- /**
- * Get the current time for use in a preauth response. If
- * allow_unauth_time is true and the library has been configured to allow
- * it, the current time will be offset using unauthenticated timestamp
- * information received from the KDC in the preauth-required error, if one
- * has been received. Otherwise, the timestamp in a preauth-required error
- * will only be used if it is protected by a FAST channel. Only set
- * allow_unauth_time if using an unauthenticated time offset would not
- * create a security issue.
- */
- public KerberosTime getPreauthTime() {
- return KerberosTime.now();
- }
-
- /**
- * Get a state item from an input ccache, which may allow it
- * to retrace the steps it took last time. The returned data string is an
- * alias and should not be freed.
- */
- public Object getCacheValue(String key) {
- return credCache.get(key);
- }
-
- /**
- * Set a state item which will be recorded to an output
- * ccache, if the calling application supplied one. Both key and data
- * should be valid UTF-8 text.
- */
- public void cacheValue(String key, Object value) {
- credCache.put(key, value);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/TgsRequest.java b/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/TgsRequest.java
deleted file mode 100644
index 8930523..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/haox/kerb/client/request/TgsRequest.java
+++ /dev/null
@@ -1,117 +0,0 @@
-package org.haox.kerb.client.request;
-
-import org.haox.kerb.client.KrbContext;
-import org.haox.kerb.common.EncryptionUtil;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.KerberosTime;
-import org.haox.kerb.spec.ap.ApOptions;
-import org.haox.kerb.spec.ap.ApReq;
-import org.haox.kerb.spec.ap.Authenticator;
-import org.haox.kerb.spec.common.EncryptedData;
-import org.haox.kerb.spec.common.EncryptionKey;
-import org.haox.kerb.spec.common.KeyUsage;
-import org.haox.kerb.spec.common.PrincipalName;
-import org.haox.kerb.spec.kdc.*;
-import org.haox.kerb.spec.pa.PaDataType;
-import org.haox.kerb.spec.ticket.ServiceTicket;
-import org.haox.kerb.spec.ticket.TgtTicket;
-
-public class TgsRequest extends KdcRequest {
- private TgtTicket tgt;
- private ApReq apReq;
-
- public TgsRequest(KrbContext context, TgtTicket tgtTicket) {
- super(context);
- this.tgt = tgtTicket;
-
- setAllowedPreauth(PaDataType.TGS_REQ);
- }
-
- public PrincipalName getClientPrincipal() {
- return tgt.getClientPrincipal();
- }
-
- @Override
- public EncryptionKey getClientKey() throws KrbException {
- return getSessionKey();
- }
-
- public EncryptionKey getSessionKey() {
- return tgt.getSessionKey();
- }
-
- @Override
- protected void preauth() throws KrbException {
- apReq = makeApReq();
- super.preauth();
- }
-
- @Override
- public void process() throws KrbException {
- super.process();
-
- TgsReq tgsReq = new TgsReq();
-
- KdcReqBody tgsReqBody = makeReqBody();
- tgsReq.setReqBody(tgsReqBody);
- tgsReq.setPaData(getPreauthContext().getOutputPaData());
-
- setKdcReq(tgsReq);
- }
-
- private ApReq makeApReq() throws KrbException {
- ApReq apReq = new ApReq();
-
- Authenticator authenticator = makeAuthenticator();
- EncryptionKey sessionKey = tgt.getSessionKey();
- EncryptedData authnData = EncryptionUtil.seal(authenticator,
- sessionKey, KeyUsage.TGS_REQ_AUTH);
- apReq.setEncryptedAuthenticator(authnData);
-
- apReq.setTicket(tgt.getTicket());
- ApOptions apOptions = new ApOptions();
- apReq.setApOptions(apOptions);
-
- return apReq;
- }
-
- private Authenticator makeAuthenticator() {
- Authenticator authenticator = new Authenticator();
- authenticator.setCname(getClientPrincipal());
- authenticator.setCrealm(tgt.getRealm());
-
- authenticator.setCtime(KerberosTime.now());
- authenticator.setCusec(0);
-
- EncryptionKey sessionKey = tgt.getSessionKey();
- authenticator.setSubKey(sessionKey);
-
- return authenticator;
- }
-
- @Override
- public void processResponse(KdcRep kdcRep) throws KrbException {
- setKdcRep(kdcRep);
-
- TgsRep tgsRep = (TgsRep) getKdcRep();
- EncTgsRepPart encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(),
- getSessionKey(),
- KeyUsage.TGS_REP_ENCPART_SESSKEY, EncTgsRepPart.class);
-
- tgsRep.setEncPart(encTgsRepPart);
-
- if (getChosenNonce() != encTgsRepPart.getNonce()) {
- throw new KrbException("Nonce didn't match");
- }
- }
-
- public ServiceTicket getServiceTicket() {
- ServiceTicket serviceTkt = new ServiceTicket(getKdcRep().getTicket(),
- (EncTgsRepPart) getKdcRep().getEncPart());
- return serviceTkt;
- }
-
- public ApReq getApReq() {
- return apReq;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/KrbThrow.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/KrbThrow.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/KrbThrow.java
deleted file mode 100644
index a367bff..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/KrbThrow.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.haox.kerb;
-
-public class KrbThrow {
-
- public static KrbException out(MessageCode messageCode) throws KrbException {
- throw new KrbException(Message.getMessage(messageCode));
- }
-
- public static void out(MessageCode messageCode, Exception e) throws KrbException {
- throw new KrbException(Message.getMessage(messageCode), e);
- }
-
- public static void out(MessageCode messageCode, String message) throws KrbException {
- throw new KrbException(Message.getMessage(messageCode) + ":" + message);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/Message.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/Message.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/Message.java
deleted file mode 100644
index 33a14bc..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/Message.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.haox.kerb;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class Message {
- private static Map<MessageCode, String> entries = new HashMap<MessageCode, String>();
-
- public static void init() {
-
- }
-
- public static void define(MessageCode code, String message) {
- entries.put(code, message);
- }
-
- public static String getMessage(MessageCode code) {
- String msg = entries.get(code);
- if (msg == null) {
- msg = code.getCodeName();
- }
- return msg;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/MessageCode.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/MessageCode.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/MessageCode.java
deleted file mode 100644
index 37e45e6..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/MessageCode.java
+++ /dev/null
@@ -1,5 +0,0 @@
-package org.haox.kerb;
-
-public interface MessageCode {
- public String getCodeName();
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/EncryptionUtil.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/EncryptionUtil.java
deleted file mode 100644
index 0d19c42..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/EncryptionUtil.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.haox.kerb.common;
-
-import org.apache.haox.asn1.type.AbstractAsn1Type;
-import org.apache.haox.asn1.type.Asn1Type;
-import org.haox.kerb.codec.KrbCodec;
-import org.haox.kerb.crypto.EncTypeHandler;
-import org.haox.kerb.crypto.EncryptionHandler;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.EncryptedData;
-import org.haox.kerb.spec.common.EncryptionKey;
-import org.haox.kerb.spec.common.EncryptionType;
-import org.haox.kerb.spec.common.KeyUsage;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class EncryptionUtil {
-
- public static List<EncryptionKey> generateKeys(List<EncryptionType> encryptionTypes) throws KrbException {
- List<EncryptionKey> results = new ArrayList<EncryptionKey>(encryptionTypes.size());
- EncryptionKey encKey;
- for (EncryptionType eType : encryptionTypes) {
- encKey = EncryptionHandler.random2Key(eType);
- results.add(encKey);
- }
-
- return results;
- }
-
- public static List<EncryptionKey> generateKeys(String principal, String passwd,
- List<EncryptionType> encryptionTypes) throws KrbException {
- List<EncryptionKey> results = new ArrayList<EncryptionKey>(encryptionTypes.size());
- EncryptionKey encKey;
- for (EncryptionType eType : encryptionTypes) {
- encKey = EncryptionHandler.string2Key(principal, passwd, eType);
- results.add(encKey);
- }
-
- return results;
- }
-
- public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
- List<EncryptionType> configuredTypes) {
- for (EncryptionType encryptionType : configuredTypes) {
- if (requestedTypes.contains(encryptionType)) {
- return encryptionType;
- }
- }
-
- return null;
- }
-
- public static EncryptedData seal(AbstractAsn1Type asn1Type,
- EncryptionKey key, KeyUsage usage) throws KrbException {
- byte[] encoded = asn1Type.encode();
- EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
- return encrypted;
- }
-
- public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey key,
- KeyUsage usage, Class<T> krbType) throws KrbException {
- byte[] encoded = EncryptionHandler.decrypt(encrypted, key, usage);
- return KrbCodec.decode(encoded, krbType);
- }
-
- public static byte[] encrypt(EncryptionKey key,
- byte[] plaintext, int usage) throws KrbException {
- EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
- byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage);
- return cipherData;
- }
-
- public static byte[] decrypt(EncryptionKey key,
- byte[] cipherData, int usage) throws KrbException {
- EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
- byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage);
- return plainData;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbConfHelper.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbConfHelper.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbConfHelper.java
deleted file mode 100644
index 955e14e..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbConfHelper.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.haox.kerb.common;
-
-import org.haox.kerb.spec.common.EncryptionType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class KrbConfHelper {
-
- public static List<EncryptionType> getEncryptionTypes(List<String> encTypeNames) {
- List<EncryptionType> results = new ArrayList<EncryptionType>(encTypeNames.size());
-
- EncryptionType etype;
- for (String etypeName : encTypeNames) {
- etype = EncryptionType.fromName(etypeName);
- if (etype != EncryptionType.NONE) {
- results.add(etype);
- }
- }
- return results;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbErrorUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbErrorUtil.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbErrorUtil.java
deleted file mode 100644
index 6d0fb43..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbErrorUtil.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package org.haox.kerb.common;
-
-import org.haox.kerb.spec.common.*;
-import org.haox.kerb.spec.pa.PaDataEntry;
-import org.haox.kerb.spec.pa.PaDataType;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-public class KrbErrorUtil {
-
- public static List<EncryptionType> getEtypes(KrbError error) throws IOException {
- MethodData methodData = new MethodData();
- methodData.decode(error.getEdata());
-
- for( PaDataEntry pd : methodData.getElements()) {
- if( pd.getPaDataType() == PaDataType.ETYPE_INFO2 ) {
- return getEtypes2(pd.getPaDataValue());
- }
- else if( pd.getPaDataType() == PaDataType.ETYPE_INFO ) {
- return getEtypes(pd.getPaDataValue());
- }
- }
- return Collections.EMPTY_LIST;
- }
-
- private static List<EncryptionType> getEtypes(byte[] data) throws IOException {
- EtypeInfo info = new EtypeInfo();
- info.decode(data);
- List<EncryptionType> results = new ArrayList<EncryptionType>();
- for( EtypeInfoEntry entry : info.getElements() ) {
- results.add(entry.getEtype());
- }
- return results;
- }
-
- private static List<EncryptionType> getEtypes2(byte[] data) throws IOException {
- EtypeInfo2 info2 = new EtypeInfo2();
- info2.decode(data);
- List<EncryptionType> results = new ArrayList<EncryptionType>();
- for( EtypeInfo2Entry entry : info2.getElements() ) {
- results.add(entry.getEtype());
- }
- return results;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbStreamingDecoder.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbStreamingDecoder.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbStreamingDecoder.java
deleted file mode 100644
index 1585e36..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbStreamingDecoder.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.haox.kerb.common;
-
-import org.apache.haox.transport.tcp.DecodingCallback;
-import org.apache.haox.transport.tcp.StreamingDecoder;
-
-import java.nio.ByteBuffer;
-
-public class KrbStreamingDecoder implements StreamingDecoder {
-
- @Override
- public void decode(ByteBuffer streamingBuffer, DecodingCallback callback) {
- if (streamingBuffer.remaining() >= 4) {
- int len = streamingBuffer.getInt();
- if (streamingBuffer.remaining() >= len) {
- callback.onMessageComplete(len + 4);
- } else {
- callback.onMoreDataNeeded(len + 4);
- }
- } else {
- callback.onMoreDataNeeded();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbUtil.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbUtil.java
deleted file mode 100644
index 887bffd..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/common/KrbUtil.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.haox.kerb.common;
-
-import org.haox.kerb.codec.KrbCodec;
-import org.haox.kerb.spec.common.KrbMessage;
-import org.apache.haox.transport.Transport;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-
-public class KrbUtil {
-
- public static void sendMessage(KrbMessage message, Transport transport) {
- int bodyLen = message.encodingLength();
- ByteBuffer buffer = ByteBuffer.allocate(bodyLen + 4);
- buffer.putInt(bodyLen);
- message.encode(buffer);
- buffer.flip();
- transport.sendMessage(buffer);
- }
-
- public static KrbMessage decodeMessage(ByteBuffer message) throws IOException {
- int bodyLen = message.getInt();
- assert (message.remaining() >= bodyLen);
-
- KrbMessage krbMessage = KrbCodec.decodeMessage(message);
-
- return krbMessage;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlag.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlag.java
deleted file mode 100644
index 431f926..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlag.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.haox.kerb.preauth;
-
-import org.haox.kerb.spec.KrbEnum;
-
-public enum PaFlag implements KrbEnum {
- NONE(-1),
- PA_REAL(0x01),
- PA_INFO(0x02);
-
- private final int value;
-
- private PaFlag(int value) {
- this.value = value;
- }
-
- @Override
- public int getValue() {
- return value;
- }
-
- public static PaFlag fromValue(int value) {
- for (KrbEnum e : values()) {
- if (e.getValue() == value) {
- return (PaFlag) e;
- }
- }
-
- return NONE;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlags.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlags.java
deleted file mode 100644
index 9697b68..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PaFlags.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.haox.kerb.preauth;
-
-import org.haox.kerb.spec.common.KrbFlags;
-
-public class PaFlags extends KrbFlags {
-
- public PaFlags() {
- this(0);
- }
-
- public PaFlags(int value) {
- setFlags(value);
- }
-
- public boolean isReal() {
- return isFlagSet(PaFlag.PA_REAL);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PluginRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PluginRequestContext.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PluginRequestContext.java
deleted file mode 100644
index ab1856a..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PluginRequestContext.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.haox.kerb.preauth;
-
-/**
- * Per request per module
- */
-public interface PluginRequestContext {
- // Nothing here, just as a type mark
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PreauthPluginMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PreauthPluginMeta.java b/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PreauthPluginMeta.java
deleted file mode 100644
index 92cc912..0000000
--- a/haox-kerb/kerb-common/src/main/java/org/haox/kerb/preauth/PreauthPluginMeta.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.haox.kerb.preauth;
-
-import org.haox.kerb.spec.pa.PaDataType;
-
-public interface PreauthPluginMeta {
-
- public String getName();
-
- public int getVersion();
-
- public PaDataType[] getPaTypes();
-
-}