You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 22:48:17 UTC
[38/45] directory-kerberos git commit: DIRKRB-149 New layout
structure with the new name "Apache Kerby"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java
deleted file mode 100644
index 8e99204..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java
+++ /dev/null
@@ -1,321 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-import org.apache.haox.event.Event;
-import org.apache.haox.event.EventHub;
-import org.apache.haox.event.EventWaiter;
-import org.apache.kerberos.kerb.KrbErrorCode;
-import org.apache.kerberos.kerb.client.event.KrbClientEvent;
-import org.apache.kerberos.kerb.client.event.KrbClientEventType;
-import org.apache.kerberos.kerb.client.request.*;
-import org.apache.kerberos.kerb.common.KrbErrorUtil;
-import org.apache.kerberos.kerb.common.KrbStreamingDecoder;
-import org.apache.kerberos.kerb.KrbErrorException;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.KrbError;
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
-import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
-import org.haox.token.KerbToken;
-import org.apache.haox.transport.Connector;
-import org.apache.haox.transport.Transport;
-import org.apache.haox.transport.event.TransportEvent;
-import org.apache.haox.transport.event.TransportEventType;
-import org.apache.haox.transport.tcp.TcpConnector;
-
-import java.io.IOException;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-
-/**
- * A krb client API for applications to interact with KDC
- */
-public class KrbClient {
-
- private EventHub eventHub;
- private EventWaiter eventWaiter;
- private Transport transport;
-
- private KrbHandler krbHandler;
- private KrbContext context;
- private KrbConfig config;
-
- /**
- *
- * @param kdcHost
- * @param kdcPort
- */
- public KrbClient(String kdcHost, short kdcPort) {
- this(new KrbConfig());
-
- setKdcHost(kdcHost);
- setKdcPort(kdcPort);
- }
-
- public KrbClient(KrbConfig config) {
- this.config = config;
- this.context = new KrbContext();
- context.init(config);
- }
-
- /**
- * Set KDC realm for ticket request
- * @param realm
- */
- public void setKdcRealm(String realm) {
- context.setKdcRealm(realm);
- }
-
- /**
- *
- * @param kdcHost
- */
- public void setKdcHost(String kdcHost) {
- context.setKdcHost(kdcHost);
- }
-
- /**
- *
- * @param kdcPort
- */
- public void setKdcPort(short kdcPort) {
- context.setKdcPort(kdcPort);
- }
-
- /**
- * Set time out for connection
- * @param timeout in seconds
- */
- public void setTimeout(long timeout) {
- context.setTimeout(timeout);
- }
-
- public void init() {
- this.krbHandler = new KrbHandler();
- krbHandler.init(context);
-
- this.eventHub = new EventHub();
- eventHub.register(krbHandler);
-
- Connector connector = new TcpConnector(new KrbStreamingDecoder());
- eventHub.register(connector);
-
- eventWaiter = eventHub.waitEvent(
- TransportEventType.NEW_TRANSPORT,
- KrbClientEventType.TGT_RESULT,
- KrbClientEventType.TKT_RESULT
- );
-
- eventHub.start();
-
- connector.connect(context.getKdcHost(), context.getKdcPort());
- Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
- transport = ((TransportEvent) event).getTransport();
- }
-
- /**
- * Attempt to request a TGT and you'll be prompted to input a credential.
- * Whatever credential requested to provide depends on KDC admin configuration.
- * @param options
- * @return
- * @throws KrbException
- */
- public TgtTicket requestTgtTicket(String principal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- AsRequest asRequest = new AsRequest(context);
- asRequest.setKrbOptions(options);
- return requestTgtTicket(principal, asRequest);
- }
-
- /**
- * Request a TGT with user plain credential
- * @param principal
- * @param password
- * @param options
- * @return
- * @throws KrbException
- */
- public TgtTicket requestTgtTicket(String principal, String password,
- KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- AsRequest asRequest = new AsRequestWithPasswd(context);
- options.add(KrbOption.USER_PASSWD, password);
- asRequest.setKrbOptions(options);
- return requestTgtTicket(principal, asRequest);
- }
-
- /**
- * Request a TGT with user x509 certificate credential
- * @param principal
- * @param certificate
- * @param privateKey
- * @param options
- * @return
- * @throws KrbException
- */
- public TgtTicket requestTgtTicket(String principal, Certificate certificate,
- PrivateKey privateKey, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- AsRequestWithCert asRequest = new AsRequestWithCert(context);
- options.add(KrbOption.PKINIT_X509_CERTIFICATE, certificate);
- options.add(KrbOption.PKINIT_X509_PRIVATE_KEY, privateKey);
- asRequest.setKrbOptions(options);
- return requestTgtTicket(principal, asRequest);
- }
-
- /**
- * Request a TGT with using Anonymous PKINIT
- * @param options
- * @return
- * @throws KrbException
- */
- public TgtTicket requestTgtTicket(KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- AsRequestWithCert asRequest = new AsRequestWithCert(context);
- options.add(KrbOption.PKINIT_X509_ANONYMOUS);
- asRequest.setKrbOptions(options);
-
- String principal = AsRequestWithCert.ANONYMOUS_PRINCIPAL;
- return requestTgtTicket(principal, asRequest);
- }
-
- /**
- * Request a TGT with user token credential
- * @param principal
- * @param token
- * @param options
- * @return
- * @throws KrbException
- */
- public TgtTicket requestTgtTicket(String principal, KerbToken token,
- KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- AsRequestWithToken asRequest = new AsRequestWithToken(context);
- options.add(KrbOption.TOKEN_USER_ID_TOKEN, token);
- asRequest.setKrbOptions(options);
- return requestTgtTicket(principal, asRequest);
- }
-
- /**
- * Request a service ticket targeting for a server with user plain credentials
- * @param clientPrincipal
- * @param password
- * @param serverPrincipal
- * @param options
- * @return
- * @throws KrbException
- */
- public ServiceTicket requestServiceTicket(String clientPrincipal, String password,
- String serverPrincipal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- TgtTicket tgt = requestTgtTicket(clientPrincipal, password, options);
- return requestServiceTicket(tgt, serverPrincipal, options);
- }
-
- /**
- * Request a service ticket targeting for a server with an user Access Token
- * @param clientPrincipal
- * @param token
- * @param serverPrincipal
- * @param options
- * @return
- * @throws KrbException
- */
- public ServiceTicket requestServiceTicket(String clientPrincipal, KerbToken token,
- String serverPrincipal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- TgtTicket tgt = requestTgtTicket(clientPrincipal, token, options);
- return requestServiceTicket(tgt, serverPrincipal, options);
- }
-
- private TgtTicket requestTgtTicket(String clientPrincipal, AsRequest tgtTktReq) throws KrbException {
- tgtTktReq.setClientPrincipal(new PrincipalName(clientPrincipal));
- tgtTktReq.setTransport(transport);
-
- try {
- return doRequestTgtTicket(tgtTktReq);
- } catch(KrbErrorException e) {
- KrbError krbError = e.getKrbError();
- if (krbError.getErrorCode() == KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED) {
- try {
- tgtTktReq.setEncryptionTypes(KrbErrorUtil.getEtypes(krbError));
- } catch (IOException ioe) {
- throw new KrbException("Failed to decode and get etypes from krbError", ioe);
- }
- tgtTktReq.getPreauthContext().setPreauthRequired(true);
- return requestTgtTicket(clientPrincipal, tgtTktReq);
- }
- throw e;
- }
- }
-
- private TgtTicket doRequestTgtTicket(AsRequest tgtTktReq) throws KrbException {
- eventHub.dispatch(KrbClientEvent.createTgtIntentEvent(tgtTktReq));
- Event resultEvent = null;
- try {
- resultEvent = eventWaiter.waitEvent(KrbClientEventType.TGT_RESULT,
- context.getTimeout(), TimeUnit.SECONDS);
- } catch (TimeoutException e) {
- throw new KrbException("Network timeout", e);
- }
- AsRequest asResponse = (AsRequest) resultEvent.getEventData();
-
- return asResponse.getTicket();
- }
-
- /**
- * Request a service ticket with a TGT targeting for a server
- * @param tgt
- * @param serverPrincipal
- * @return
- * @throws KrbException
- */
- public ServiceTicket requestServiceTicket(TgtTicket tgt, String serverPrincipal,
- KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
-
- TgsRequest ticketReq = new TgsRequest(context, tgt);
- ticketReq.setServerPrincipal(new PrincipalName(serverPrincipal));
- ticketReq.setTransport(transport);
-
- eventHub.dispatch(KrbClientEvent.createTktIntentEvent(ticketReq));
- Event resultEvent = null;
- try {
- resultEvent = eventWaiter.waitEvent(KrbClientEventType.TKT_RESULT,
- context.getTimeout(), TimeUnit.SECONDS);
- } catch (TimeoutException e) {
- throw new KrbException("Network timeout", e);
- }
- TgsRequest tgsResponse = (TgsRequest) resultEvent.getEventData();
-
- return tgsResponse.getServiceTicket();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
deleted file mode 100644
index e9008c4..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-import org.apache.haox.config.Conf;
-import org.apache.kerberos.kerb.common.KrbConfHelper;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-
-import java.util.List;
-
-public class KrbConfig {
- protected Conf conf;
-
- public KrbConfig() {
- this.conf = new Conf();
- }
-
- public Conf getConf() {
- return this.conf;
- }
-
- public boolean enableDebug() {
- return conf.getBoolean(KrbConfigKey.KRB_DEBUG);
- }
-
- public String getKdcHost() {
- return conf.getString(KrbConfigKey.KDC_HOST);
- }
-
- public short getKdcPort() {
- Integer kdcPort = conf.getInt(KrbConfigKey.KDC_PORT);
- return kdcPort.shortValue();
- }
-
- public String getKdcRealm() {
- return conf.getString(KrbConfigKey.KDC_REALM);
- }
-
- public String getKdcDomain() {
- return conf.getString(KrbConfigKey.KDC_DOMAIN);
- }
-
- public boolean isPreauthRequired() {
- return conf.getBoolean(KrbConfigKey.PREAUTH_REQUIRED);
- }
-
- public String getTgsPrincipal() {
- return conf.getString(KrbConfigKey.TGS_PRINCIPAL);
- }
-
- public long getAllowableClockSkew() {
- return KrbConfHelper.getLongUnderSection(conf, KrbConfigKey.CLOCKSKEW);
- }
-
- public boolean isEmptyAddressesAllowed() {
- return conf.getBoolean(KrbConfigKey.EMPTY_ADDRESSES_ALLOWED);
- }
-
- public boolean isForwardableAllowed() {
- return KrbConfHelper.getBooleanUnderSection(conf, KrbConfigKey.FORWARDABLE);
- }
-
- public boolean isPostdatedAllowed() {
- return conf.getBoolean(KrbConfigKey.POSTDATED_ALLOWED);
- }
-
- public boolean isProxiableAllowed() {
- return KrbConfHelper.getBooleanUnderSection(conf, KrbConfigKey.PROXIABLE);
- }
-
- public boolean isRenewableAllowed() {
- return conf.getBoolean(KrbConfigKey.RENEWABLE_ALLOWED);
- }
-
- public long getMaximumRenewableLifetime() {
- return conf.getLong(KrbConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
- }
-
- public long getMaximumTicketLifetime() {
- return conf.getLong(KrbConfigKey.MAXIMUM_TICKET_LIFETIME);
- }
-
- public long getMinimumTicketLifetime() {
- return conf.getLong(KrbConfigKey.MINIMUM_TICKET_LIFETIME);
- }
-
- public List<EncryptionType> getEncryptionTypes() {
- return KrbConfHelper.getEncTypesUnderSection(conf, KrbConfigKey.PERMITTED_ENCTYPES);
- }
-
- public boolean isPaEncTimestampRequired() {
- return conf.getBoolean(KrbConfigKey.PA_ENC_TIMESTAMP_REQUIRED);
- }
-
- public boolean isBodyChecksumVerified() {
- return conf.getBoolean(KrbConfigKey.VERIFY_BODY_CHECKSUM);
- }
-
- public String getDefaultRealm() {
- return KrbConfHelper.getStringUnderSection(conf, KrbConfigKey.DEFAULT_REALM);
- }
-
- public boolean getDnsLookUpKdc() {
- return KrbConfHelper.getBooleanUnderSection(conf, KrbConfigKey.DNS_LOOKUP_KDC);
- }
-
- public boolean getDnsLookUpRealm() {
- return KrbConfHelper.getBooleanUnderSection(conf, KrbConfigKey.DNS_LOOKUP_REALM);
- }
-
- public boolean getAllowWeakCrypto() {
- return KrbConfHelper.getBooleanUnderSection(conf, KrbConfigKey.ALLOW_WEAK_CRYPTO);
- }
-
- public long getTicketLifetime() {
- return KrbConfHelper.getLongUnderSection(conf, KrbConfigKey.TICKET_LIFETIME);
- }
-
- public long getRenewLifetime() {
- return KrbConfHelper.getLongUnderSection(conf, KrbConfigKey.RENEW_LIFETIME);
- }
-
- public List<EncryptionType> getDefaultTgsEnctypes() {
- return KrbConfHelper.getEncTypesUnderSection(conf, KrbConfigKey.DEFAULT_TGS_ENCTYPES);
- }
-
- public List<EncryptionType> getDefaultTktEnctypes() {
- return KrbConfHelper.getEncTypesUnderSection(conf, KrbConfigKey.DEFAULT_TKT_ENCTYPES);
- }
-
- public String getDefaultLoggingLocation() {
- return KrbConfHelper.getStringUnderSection(conf, KrbConfigKey.DEFAULT);
- }
-
- public String getKdcLoggingLocation() {
- return KrbConfHelper.getStringUnderSection(conf, KrbConfigKey.KDC);
- }
-
- public String getAdminLoggingLocation() {
- return KrbConfHelper.getStringUnderSection(conf, KrbConfigKey.ADMIN_SERVER);
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java
deleted file mode 100644
index d56a741..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-import org.apache.haox.config.ConfigKey;
-import org.apache.kerberos.kerb.common.SectionConfigKey;
-
-public enum KrbConfigKey implements SectionConfigKey {
- KRB_DEBUG(true),
- KDC_HOST("localhost"),
- KDC_PORT(8015),
- KDC_DOMAIN("example.com"),
- KDC_REALM("EXAMPLE.COM"),
- TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
- PREAUTH_REQUIRED(true),
- CLOCKSKEW(5 * 60L, "libdefaults"),
- EMPTY_ADDRESSES_ALLOWED(true),
- PA_ENC_TIMESTAMP_REQUIRED(true),
- MAXIMUM_TICKET_LIFETIME(24 * 3600L),
- MINIMUM_TICKET_LIFETIME(1 * 3600L),
- MAXIMUM_RENEWABLE_LIFETIME(48 * 3600L),
- FORWARDABLE(true, "libdefaults"),
- POSTDATED_ALLOWED(true),
- PROXIABLE(true, "libdefaults"),
- RENEWABLE_ALLOWED(true),
- VERIFY_BODY_CHECKSUM(true),
- PERMITTED_ENCTYPES("aes128-cts-hmac-sha1-96", "libdefaults"),
- DEFAULT_REALM("EXAMPLE.COM", "libdefaults"),
- DNS_LOOKUP_KDC(false, "libdefaults"),
- DNS_LOOKUP_REALM(false, "libdefaults"),
- ALLOW_WEAK_CRYPTO(true, "libdefaults"),
- TICKET_LIFETIME(24 * 3600L, "libdefaults"),
- RENEW_LIFETIME(48 * 3600L, "libdefaults"),
- DEFAULT_TGS_ENCTYPES("aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 " +
- "des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac " +
- "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4",
- "libdefaults"),
- DEFAULT_TKT_ENCTYPES("aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 " +
- "des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac " +
- "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4",
- "libdefaults"),
-
- //key for logging location
- DEFAULT(null, "logging"),
- KDC(null, "logging"),
- ADMIN_SERVER(null, "logging");
-
- private Object defaultValue;
- /**
- * The name of a section where a config key is contained in MIT Kerberos config file.
- */
- private String sectionName;
-
- private KrbConfigKey() {
- this.defaultValue = null;
- }
-
- private KrbConfigKey(Object defaultValue) {
- this.defaultValue = defaultValue;
- }
-
- private KrbConfigKey(Object defaultValue, String sectionName) {
- this(defaultValue);
- this.sectionName = sectionName;
- }
-
- /**
- * Use the propertyKey, we can get the configuration value from Object Conf.
- */
- @Override
- public String getPropertyKey() {
- return name().toLowerCase();
- }
-
- @Override
- public Object getDefaultValue() {
- return this.defaultValue;
- }
-
- @Override
- public String getSectionName() {
- return sectionName;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java
deleted file mode 100644
index 16cb088..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-import org.apache.kerberos.kerb.client.preauth.PreauthHandler;
-import org.apache.kerberos.kerb.crypto.Nonce;
-
-public class KrbContext {
-
- private String kdcRealm;
- private KrbConfig config;
- private String kdcHost;
- private short kdcPort;
- private long timeout = 10L;
- private PreauthHandler preauthHandler;
-
- public void init(KrbConfig config) {
- this.config = config;
- preauthHandler = new PreauthHandler();
- preauthHandler.init(this);
- }
-
- public String getKdcHost() {
- if (kdcHost != null) {
- return kdcHost;
- }
- return config.getKdcHost();
- }
-
- public void setKdcHost(String kdcHost) {
- this.kdcHost = kdcHost;
- }
-
- public short getKdcPort() {
- if (kdcPort > 0) {
- return kdcPort;
- }
- return config.getKdcPort();
- }
-
- public void setKdcPort(short kdcPort) {
- this.kdcPort = kdcPort;
- }
-
- public void setTimeout(long timeout) {
- this.timeout = timeout;
- }
-
- public long getTimeout() {
- return this.timeout;
- }
-
- public KrbConfig getConfig() {
- return config;
- }
-
- public void setKdcRealm(String realm) {
- this.kdcRealm = realm;
- }
-
- public String getKdcRealm() {
- if (kdcRealm != null) {
- return kdcRealm;
- }
-
- return config.getKdcRealm();
- }
-
- public int generateNonce() {
- return Nonce.value();
- }
-
- public long getTicketValidTime() {
- return 8 * 60 * 60 * 1000;
- }
-
- public PreauthHandler getPreauthHandler() {
- return preauthHandler;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java
deleted file mode 100644
index 961134f..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-import org.apache.haox.event.AbstractEventHandler;
-import org.apache.haox.event.Event;
-import org.apache.haox.event.EventType;
-import org.apache.kerberos.kerb.client.event.KrbClientEvent;
-import org.apache.kerberos.kerb.client.event.KrbClientEventType;
-import org.apache.kerberos.kerb.client.preauth.PreauthHandler;
-import org.apache.kerberos.kerb.client.request.AsRequest;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.client.request.TgsRequest;
-import org.apache.kerberos.kerb.common.KrbUtil;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.KrbMessage;
-import org.apache.kerberos.kerb.spec.common.KrbMessageType;
-import org.apache.kerberos.kerb.spec.kdc.KdcRep;
-import org.apache.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.haox.transport.Transport;
-import org.apache.haox.transport.event.MessageEvent;
-import org.apache.haox.transport.event.TransportEventType;
-
-import java.nio.ByteBuffer;
-
-public class KrbHandler extends AbstractEventHandler {
-
- private KrbContext context;
- private PreauthHandler preauthHandler;
-
- public void init(KrbContext context) {
- this.context = context;
- preauthHandler = new PreauthHandler();
- preauthHandler.init(context);
- }
-
- @Override
- public EventType[] getInterestedEvents() {
- return new EventType[] {
- TransportEventType.INBOUND_MESSAGE,
- KrbClientEventType.TGT_INTENT,
- KrbClientEventType.TKT_INTENT
- };
- }
-
- @Override
- protected void doHandle(Event event) throws Exception {
- EventType eventType = event.getEventType();
-
- if (eventType == KrbClientEventType.TGT_INTENT ||
- eventType == KrbClientEventType.TKT_INTENT) {
- KdcRequest kdcRequest = (KdcRequest) event.getEventData();
- handleKdcRequest(kdcRequest);
- } else if (event.getEventType() == TransportEventType.INBOUND_MESSAGE) {
- handleMessage((MessageEvent) event);
- }
- }
-
- protected void handleKdcRequest(KdcRequest kdcRequest) throws KrbException {
- kdcRequest.process();
- KdcReq kdcReq = kdcRequest.getKdcReq();
- Transport transport = kdcRequest.getTransport();
- transport.setAttachment(kdcRequest);
- KrbUtil.sendMessage(kdcReq, transport);
- }
-
- protected void handleMessage(MessageEvent event) throws Exception {
- ByteBuffer message = event.getMessage();
- KrbMessage kdcRep = KrbUtil.decodeMessage(message);
-
- KrbMessageType messageType = kdcRep.getMsgType();
- if (messageType == KrbMessageType.AS_REP) {
- KdcRequest kdcRequest = (KdcRequest) event.getTransport().getAttachment();
- kdcRequest.processResponse((KdcRep) kdcRep);
- dispatch(KrbClientEvent.createTgtResultEvent((AsRequest) kdcRequest));
- } else if (messageType == KrbMessageType.TGS_REP) {
- KdcRequest kdcRequest = (KdcRequest) event.getTransport().getAttachment();
- kdcRequest.processResponse((KdcRep) kdcRep);
- dispatch(KrbClientEvent.createTktResultEvent((TgsRequest) kdcRequest));
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java
deleted file mode 100644
index d2aa79a..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-public enum KrbOption {
- LIFE_TIME("-l lifetime"),
- START_TIME("-s start time"),
- RENEWABLE_TIME("-r renewable lifetime"),
- FORWARDABLE("-f forwardable"),
- NOT_FORWARDABLE("-F not forwardable"),
- PROXIABLE("-p proxiable"),
- NOT_PROXIABLE("-P not proxiable"),
- ANONYMOUS("-n anonymous"),
- INCLUDE_ADDRESSES("-a include addresses"),
- NOT_INCLUDE_ADDRESSES("-A do not include addresses"),
- VALIDATE("-v validate"),
- RENEW("-R renew"),
- CANONICALIZE("-C canonicalize"),
- AS_ENTERPRISE_PN("-E client is enterprise principal name"),
- USE_KEYTAB("-k use keytab"),
- USE_DFT_KEYTAB("-i use default client keytab (with -k)"),
- USER_KEYTAB_FILE("-t filename of keytab to use"),
- KRB5_CACHE("-c Kerberos 5 cache name"),
- SERVICE("-S service"),
- ARMOR_CACHE("-T armor credential cache"),
- XATTR("-X <attribute>[=<value>]"),
-
- USER_PASSWD("user_passwd", "User plain password"),
-
- PKINIT_X509_IDENTITY("x509_identities", "X509 user private key and cert"),
- PKINIT_X509_PRIVATE_KEY("x509_privatekey", "X509 user private key"),
- PKINIT_X509_CERTIFICATE("x509_cert", "X509 user certificate"),
- PKINIT_X509_ANCHORS("x509_anchors", "X509 anchors"),
- PKINIT_X509_ANONYMOUS("x509_anonymous", "X509 anonymous"),
- PKINIT_USING_RSA("using_rsa_or_dh", "Using RSA or DH"),
-
- TOKEN_USING_IDTOKEN("using_id_token", "Using identity token"),
- TOKEN_USER_ID_TOKEN("user_id_token", "User identity token"),
- TOKEN_USER_AC_TOKEN("user_ac_token", "User access token"),
-
- ;
-
- private String name;
- private String description;
- private Object value;
-
- KrbOption(String description) {
- this.description = description;
- }
-
- KrbOption(String name, String description) {
- this.name = name;
- this.description = description;
- }
-
- public String getName() {
- if (name != null) {
- return name;
- }
- return name();
- }
-
- public String getDescription() {
- return this.description;
- }
-
- public void setValue(Object value) {
- this.value = value;
- }
-
- public Object getValue() {
- return value;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java
deleted file mode 100644
index 911ba72..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class KrbOptions {
-
- private Map<KrbOption, KrbOption> options = new HashMap<KrbOption, KrbOption>(4);
-
- public void add(KrbOption option) {
- if (option != null) {
- options.put(option, option);
- }
- }
-
- public void add(KrbOption option, Object optionValue) {
- option.setValue(optionValue);
- add(option);
- }
-
- public boolean contains(KrbOption option) {
- return options.containsKey(option);
- }
-
- public KrbOption getOption(KrbOption option) {
- if (! options.containsKey(option)) {
- return null;
- }
-
- return options.get(option);
- }
-
- public Object getOptionValue(KrbOption option) {
- if (! contains(option)) {
- return null;
- }
- return options.get(option).getValue();
- }
-
- public String getStringOption(KrbOption option) {
- Object value = getOptionValue(option);
- if (value != null && value instanceof String) {
- return (String) value;
- }
- return null;
- }
-
- public boolean getBooleanOption(KrbOption option) {
- Object value = getOptionValue(option);
- if (value != null) {
- if (value instanceof String) {
- String strVal = (String) value;
- if (strVal.equalsIgnoreCase("true") ||
- strVal.equalsIgnoreCase("yes") ||
- strVal.equals("1")) {
- return true;
- }
- } else if (value instanceof Boolean) {
- return (Boolean) value;
- }
- }
- return false;
- }
-
- public int getIntegerOption(KrbOption option) {
- Object value = getOptionValue(option);
- if (value != null) {
- if (value instanceof String) {
- String strVal = (String) value;
- return Integer.valueOf(strVal);
- } else if (value instanceof Integer) {
- return (Integer) value;
- }
- }
- return -1;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java
deleted file mode 100644
index 3c8ffc9..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.event;
-
-import org.apache.haox.event.Event;
-import org.apache.kerberos.kerb.client.request.AsRequest;
-import org.apache.kerberos.kerb.client.request.TgsRequest;
-
-public class KrbClientEvent {
-
- public static Event createTgtIntentEvent(AsRequest asRequest) {
- return new Event(KrbClientEventType.TGT_INTENT, asRequest);
- }
-
- public static Event createTktIntentEvent(TgsRequest tgsRequest) {
- return new Event(KrbClientEventType.TKT_INTENT, tgsRequest);
- }
-
- public static Event createTgtResultEvent(AsRequest asRequest) {
- return new Event(KrbClientEventType.TGT_RESULT, asRequest);
- }
-
- public static Event createTktResultEvent(TgsRequest tgsRequest) {
- return new Event(KrbClientEventType.TKT_RESULT, tgsRequest);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
deleted file mode 100644
index bf271f1..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.event;
-
-import org.apache.haox.event.EventType;
-
-public enum KrbClientEventType implements EventType {
- TGT_INTENT,
- TGT_RESULT,
- TKT_INTENT,
- TKT_RESULT
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
deleted file mode 100644
index 4f34181..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlag;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.Collections;
-import java.util.List;
-
-public class AbstractPreauthPlugin implements KrbPreauth {
-
- private PreauthPluginMeta pluginMeta;
- protected KrbContext context;
-
- public AbstractPreauthPlugin(PreauthPluginMeta meta) {
- this.pluginMeta = meta;
- }
-
- @Override
- public String getName() {
- return pluginMeta.getName();
- }
-
- public int getVersion() {
- return pluginMeta.getVersion();
- }
-
- public PaDataType[] getPaTypes() {
- return pluginMeta.getPaTypes();
- }
-
- public void init(KrbContext context) {
- this.context = context;
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- return null;
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException {
-
- kdcRequest.needAsKey();
- }
-
- @Override
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
- return Collections.emptyList();
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext, KrbOptions options) {
-
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext, PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- return false;
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext, PaDataType preauthType,
- PaData errPadata, PaData outPadata) {
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
- @Override
- public void destroy() {
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
deleted file mode 100644
index 82a0240..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.fast.FastOptions;
-import org.apache.kerberos.kerb.spec.fast.KrbFastArmor;
-import org.apache.kerberos.kerb.spec.kdc.KdcReq;
-
-public class FastContext {
-
- public KdcReq fastOuterRequest;
- public EncryptionKey armorKey;
- public KrbFastArmor fastArmor;
- public FastOptions fastOptions;
- public int nonce;
- public int fastFlags;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
deleted file mode 100644
index 66e1de4..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.List;
-
-/**
- * Client side preauth plugin module
- */
-public interface KrbPreauth extends PreauthPluginMeta {
-
- /**
- * Initializing preauth plugin context
- */
- public void init(KrbContext krbContext);
-
- /**
- * Initializing request context
- */
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest);
-
- /**
- * Prepare questions to prompt to you asking for credential
- */
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException;
-
- /**
- * Get supported encryption types
- */
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext);
-
- /**
- * Set krb options passed from user
- */
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions preauthOptions);
-
- /**
- * Attempt to try any initial padata derived from user options
- */
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException;
-
- /**
- * Process server returned paData and return back any result paData
- * Return true indicating padata is added
- */
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException;
-
- /**
- * When another request to server in the 4 pass, any paData to provide?
- * Return true indicating padata is added
- */
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata);
-
- /**
- * Return PA_REAL if pa_type is a real preauthentication type or PA_INFO if it is
- * an informational type.
- */
- public PaFlags getFlags(PaDataType paType);
-
- /**
- * When exiting...
- */
- public void destroy();
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
deleted file mode 100644
index 7bd55f1..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthContext {
- private boolean preauthRequired = true;
- private PaData inputPaData;
- private PaData outputPaData;
- private PaData errorPaData;
- private UserResponser userResponser = new UserResponser();
- private PaDataType selectedPaType;
- private PaDataType allowedPaType;
- private List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
- private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
-
- public PreauthContext() {
- this.selectedPaType = PaDataType.NONE;
- this.allowedPaType = PaDataType.NONE;
- this.outputPaData = new PaData();
- }
-
- public boolean isPreauthRequired() {
- return preauthRequired;
- }
-
- public void setPreauthRequired(boolean preauthRequired) {
- this.preauthRequired = preauthRequired;
- }
-
- public UserResponser getUserResponser() {
- return userResponser;
- }
-
- public boolean isPaTypeAllowed(PaDataType paType) {
- return (allowedPaType == PaDataType.NONE ||
- allowedPaType == paType);
- }
-
- public PaData getOutputPaData() throws KrbException {
- return outputPaData;
- }
-
- public boolean hasInputPaData() {
- return (inputPaData != null && ! inputPaData.isEmpty());
- }
-
- public PaData getInputPaData() {
- return inputPaData;
- }
-
- public void setInputPaData(PaData inputPaData) {
- this.inputPaData = inputPaData;
- }
-
- public PaData getErrorPaData() {
- return errorPaData;
- }
-
- public void setErrorPaData(PaData errorPaData) {
- this.errorPaData = errorPaData;
- }
-
- public void setAllowedPaType(PaDataType paType) {
- this.allowedPaType = paType;
- }
-
- public List<PreauthHandle> getHandles() {
- return handles;
- }
-
- public PaDataType getAllowedPaType() {
- return allowedPaType;
- }
-
- public boolean checkAndPutTried(PaDataType paType) {
- for (PaDataType pt : triedPaTypes) {
- if (pt == paType) {
- return true;
- }
- }
- triedPaTypes.add(paType);
- return false;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
deleted file mode 100644
index 0d594cb..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class PreauthHandle {
-
- public KrbPreauth preauth;
- public PluginRequestContext requestContext;
-
- public PreauthHandle(KrbPreauth preauth) {
- this.preauth = preauth;
- }
-
- public void initRequestContext(KdcRequest kdcRequest) {
- requestContext = preauth.initRequestContext(kdcRequest);
- }
-
- public void prepareQuestions(KdcRequest kdcRequest) throws KrbException {
- preauth.prepareQuestions(kdcRequest, requestContext);
- }
-
- public void setPreauthOptions(KdcRequest kdcRequest,
- KrbOptions preauthOptions) throws KrbException {
- preauth.setPreauthOptions(kdcRequest, requestContext, preauthOptions);
- }
-
- public void tryFirst(KdcRequest kdcRequest, PaData outPadata) throws KrbException {
- preauth.tryFirst(kdcRequest, requestContext, outPadata);
- }
-
- public boolean process(KdcRequest kdcRequest,
- PaDataEntry inPadata, PaData outPadata) throws KrbException {
- return preauth.process(kdcRequest, requestContext, inPadata, outPadata);
- }
-
- public boolean tryAgain(KdcRequest kdcRequest,
- PaDataType paType, PaData errPadata, PaData paData) {
- return preauth.tryAgain(kdcRequest, requestContext, paType, errPadata, paData);
- }
-
- public boolean isReal(PaDataType paType) {
- PaFlags paFlags = preauth.getFlags(paType);
- return paFlags.isReal();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
deleted file mode 100644
index 00048d7..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.preauth.builtin.EncTsPreauth;
-import org.apache.kerberos.kerb.client.preauth.builtin.TgtPreauth;
-import org.apache.kerberos.kerb.client.preauth.pkinit.PkinitPreauth;
-import org.apache.kerberos.kerb.client.preauth.token.TokenPreauth;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.codec.KrbCodec;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EtypeInfo;
-import org.apache.kerberos.kerb.spec.common.EtypeInfo2;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthHandler {
- private KrbContext krbContext;
- private List<KrbPreauth> preauths;
-
- public void init(KrbContext krbContext) {
- this.krbContext = krbContext;
- loadPreauthPlugins(krbContext);
- }
-
- private void loadPreauthPlugins(KrbContext context) {
- preauths = new ArrayList<KrbPreauth>();
-
- KrbPreauth preauth = new EncTsPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new TgtPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new PkinitPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new TokenPreauth();
- preauth.init(context);
- preauths.add(preauth);
- }
-
- public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
- PreauthContext preauthContext = new PreauthContext();
- preauthContext.setPreauthRequired(krbContext.getConfig().isPreauthRequired());
- for (KrbPreauth preauth : preauths) {
- PreauthHandle handle = new PreauthHandle(preauth);
- handle.initRequestContext(kdcRequest);
- preauthContext.getHandles().add(handle);
- }
-
- return preauthContext;
- }
-
- /**
- * Process preauth inputs and options, prepare and generate pdata to be out
- */
- public void preauth(KdcRequest kdcRequest) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- if (!preauthContext.isPreauthRequired()) {
- return;
- }
-
- if (!preauthContext.hasInputPaData()) {
- tryFirst(kdcRequest, preauthContext.getOutputPaData());
- return;
- }
-
- attemptETypeInfo(kdcRequest, preauthContext.getInputPaData());
-
- setPreauthOptions(kdcRequest, kdcRequest.getPreauthOptions());
-
- prepareUserResponses(kdcRequest, preauthContext.getInputPaData());
-
- preauthContext.getUserResponser().respondQuestions();
-
- if (!kdcRequest.isRetrying()) {
- process(kdcRequest, preauthContext.getInputPaData(),
- preauthContext.getOutputPaData());
- } else {
- tryAgain(kdcRequest, preauthContext.getInputPaData(),
- preauthContext.getOutputPaData());
- }
- }
-
- public void prepareUserResponses(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PaDataEntry pae : inPadata.getElements()) {
- if (! preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
- continue;
- }
-
- PreauthHandle handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) {
- continue;
- }
-
- handle.prepareQuestions(kdcRequest);
- }
- }
-
- public void setPreauthOptions(KdcRequest kdcRequest,
- KrbOptions preauthOptions) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- handle.setPreauthOptions(kdcRequest, preauthOptions);
- }
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PaData outPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- PreauthHandle handle = findHandle(kdcRequest,
- preauthContext.getAllowedPaType());
- handle.tryFirst(kdcRequest, outPadata);
- }
-
- public void process(KdcRequest kdcRequest,
- PaData inPadata, PaData outPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- /**
- * Process all informational padata types, then the first real preauth type
- * we succeed on
- */
- for (int real = 0; real <= 1; real ++) {
- for (PaDataEntry pae : inPadata.getElements()) {
-
- // Restrict real mechanisms to the chosen one if we have one
- if (real >0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
- continue;
- }
-
- PreauthHandle handle = findHandle(kdcRequest,
- preauthContext.getAllowedPaType());
- if (handle == null) {
- continue;
- }
-
- // Make sure this type is for the current pass
- int tmpReal = handle.isReal(pae.getPaDataType()) ? 1 : 0;
- if (tmpReal != real) {
- continue;
- }
-
- if (real > 0 && preauthContext.checkAndPutTried(pae.getPaDataType())) {
- continue;
- }
-
- boolean gotData = handle.process(kdcRequest, pae, outPadata);
- if (real > 0 && gotData) {
- return;
- }
- }
- }
- }
-
- public void tryAgain(KdcRequest kdcRequest,
- PaData inPadata, PaData outPadata) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- PreauthHandle handle;
- for (PaDataEntry pae : inPadata.getElements()) {
- handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) continue;
-
- boolean gotData = handle.tryAgain(kdcRequest,
- pae.getPaDataType(), preauthContext.getErrorPaData(), outPadata);
- }
- }
-
- public void destroy() {
- for (KrbPreauth preauth : preauths) {
- preauth.destroy();
- }
- }
-
- private PreauthHandle findHandle(KdcRequest kdcRequest,
- PaDataType paType) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- for (PaDataType pt : handle.preauth.getPaTypes()) {
- if (pt == paType) {
- return handle;
- }
- }
- }
- return null;
- }
-
- private void attemptETypeInfo(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- // Find an etype-info2 or etype-info element in padata
- EtypeInfo etypeInfo = null;
- EtypeInfo2 etypeInfo2 = null;
- PaDataEntry pae = inPadata.findEntry(PaDataType.ETYPE_INFO);
- if (pae != null) {
- etypeInfo = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo.class);
- } else {
- pae = inPadata.findEntry(PaDataType.ETYPE_INFO2);
- if (pae != null) {
- etypeInfo2 = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo2.class);
- }
- }
-
- if (etypeInfo == null && etypeInfo2 == null) {
- attemptSalt(kdcRequest, inPadata);
- }
- }
-
- private void attemptSalt(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
deleted file mode 100644
index bd30bf6..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-public class UserResponseItem {
- protected String question;
- protected String challenge;
- protected String answer;
-
- public UserResponseItem(String question, String challenge) {
- this.question = question;
- this.challenge = challenge;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
deleted file mode 100644
index 1b9ae9f..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class UserResponser {
-
- private List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
-
- /**
- * Let customize an interface like CMD or WEB UI to selectively respond all the questions
- */
- public void respondQuestions() {
- // TODO
- }
-
- public UserResponseItem findQuestion(String question) {
- for (UserResponseItem ri : items) {
- if (ri.question.equals(question)) {
- return ri;
- }
- }
- return null;
- }
-
- public void askQuestion(String question, String challenge) {
- UserResponseItem ri = findQuestion(question);
- if (ri == null) {
- items.add(new UserResponseItem(question, challenge));
- } else {
- ri.challenge = challenge;
- }
- }
-
- public String getChallenge(String question) {
- UserResponseItem ri = findQuestion(question);
- if (ri != null) {
- return ri.challenge;
- }
- return null;
- }
-
- public void setAnswer(String question, String answer) {
- UserResponseItem ri = findQuestion(question);
- if (ri == null) {
- throw new IllegalArgumentException("Question isn't exist for the answer");
- }
- ri.answer = answer;
- }
-
- public String getAnswer(String question) {
- UserResponseItem ri = findQuestion(question);
- if (ri != null) {
- return ri.answer;
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
deleted file mode 100644
index b04e09f..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.builtin;
-
-import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerberos.kerb.preauth.PaFlag;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.builtin.EncTsPreauthMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptedData;
-import org.apache.kerberos.kerb.spec.common.KeyUsage;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerberos.kerb.spec.pa.PaEncTsEnc;
-
-public class EncTsPreauth extends AbstractPreauthPlugin {
-
- public EncTsPreauth() {
- super(new EncTsPreauthMeta());
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException {
-
- kdcRequest.needAsKey();
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- if (kdcRequest.getAsKey() == null) {
- kdcRequest.needAsKey();
- }
- outPadata.addElement(makeEntry(kdcRequest));
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- if (kdcRequest.getAsKey() == null) {
- kdcRequest.needAsKey();
- }
- outPadata.addElement(makeEntry(kdcRequest));
-
- return true;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
- private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
- PaEncTsEnc paTs = new PaEncTsEnc();
- paTs.setPaTimestamp(kdcRequest.getPreauthTime());
-
- EncryptedData paDataValue = EncryptionUtil.seal(paTs,
- kdcRequest.getAsKey(), KeyUsage.AS_REQ_PA_ENC_TS);
- PaDataEntry tsPaEntry = new PaDataEntry();
- tsPaEntry.setPaDataType(PaDataType.ENC_TIMESTAMP);
- tsPaEntry.setPaDataValue(paDataValue.encode());
-
- return tsPaEntry;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
deleted file mode 100644
index 19459d0..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.builtin;
-
-import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.client.request.TgsRequest;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.builtin.TgtPreauthMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class TgtPreauth extends AbstractPreauthPlugin {
-
- public TgtPreauth() {
- super(new TgtPreauthMeta());
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- outPadata.addElement(makeEntry(kdcRequest));
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- outPadata.addElement(makeEntry(kdcRequest));
-
- return true;
- }
-
- private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
-
- TgsRequest tgsRequest = (TgsRequest) kdcRequest;
-
- PaDataEntry paEntry = new PaDataEntry();
- paEntry.setPaDataType(PaDataType.TGS_REQ);
- paEntry.setPaDataValue(tgsRequest.getApReq().encode());
-
- return paEntry;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
deleted file mode 100644
index 820eafd..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.pkinit;
-
-import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
-import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
-
-public class PkinitContext {
-
- public PluginOpts pluginOpts = new PluginOpts();
- public IdentityOpts identityOpts = new IdentityOpts();
-
-}