You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/12 14:06:28 UTC
[20/50] [abbrv] directory-kerberos git commit: Renaming packages in
haox-kerb projects, using "apache"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfo.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfo.java
deleted file mode 100644
index 86c233a..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfo.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.haox.kerb.spec.pa.token;
-
-import org.apache.haox.asn1.type.Asn1FieldInfo;
-import org.apache.haox.asn1.type.Asn1OctetString;
-import org.apache.haox.asn1.type.Asn1Utf8String;
-import org.haox.kerb.spec.KrbSequenceType;
-
-/**
- TokenInfo ::= SEQUENCE {
- flags [0] TokenFlags,
- tokenVendor [1] UTF8String,
- }
- */
-public class TokenInfo extends KrbSequenceType {
- private static int FLAGS = 0;
- private static int TOKEN_VENDOR = 1;
-
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new Asn1FieldInfo(FLAGS, Asn1OctetString.class, true),
- new Asn1FieldInfo(TOKEN_VENDOR, Asn1Utf8String.class),
- };
-
- public TokenInfo() {
- super(fieldInfos);
- }
-
- public TokenFlags getFlags() {
- return getFieldAs(FLAGS, TokenFlags.class);
- }
-
- public void setFlags(TokenFlags flags) {
- setFieldAs(FLAGS, flags);
- }
-
- public String getTokenVendor() {
- return getFieldAsString(TOKEN_VENDOR);
- }
-
- public void setTokenVendor(String tokenVendor) {
- setFieldAs(TOKEN_VENDOR, new Asn1Utf8String(tokenVendor));
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfos.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfos.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfos.java
deleted file mode 100644
index a3c2a53..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/pa/token/TokenInfos.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.haox.kerb.spec.pa.token;
-
-import org.haox.kerb.spec.KrbSequenceOfType;
-import org.haox.kerb.spec.pa.PaDataEntry;
-
-/**
- SEQUENCE (SIZE(1..MAX)) OF TokenInfo,
-*/
-public class TokenInfos extends KrbSequenceOfType<TokenInfo> {
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/AbstractServiceTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/AbstractServiceTicket.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/AbstractServiceTicket.java
deleted file mode 100644
index 908d268..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/AbstractServiceTicket.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.haox.kerb.spec.common.EncryptionKey;
-import org.haox.kerb.spec.kdc.EncKdcRepPart;
-
-public class AbstractServiceTicket {
- private Ticket ticket;
- private EncKdcRepPart encKdcRepPart;
-
- public AbstractServiceTicket(Ticket ticket, EncKdcRepPart encKdcRepPart) {
- this.ticket = ticket;
- this.encKdcRepPart = encKdcRepPart;
- }
-
- public Ticket getTicket() {
- return ticket;
- }
-
- public EncKdcRepPart getEncKdcRepPart() {
- return encKdcRepPart;
- }
-
- public EncryptionKey getSessionKey() {
- return encKdcRepPart.getKey();
- }
-
- public String getRealm() {
- return ticket.getRealm();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/EncTicketPart.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/EncTicketPart.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/EncTicketPart.java
deleted file mode 100644
index c1c46de..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/EncTicketPart.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.apache.haox.asn1.type.Asn1FieldInfo;
-import org.haox.kerb.spec.KerberosString;
-import org.haox.kerb.spec.KerberosTime;
-import org.haox.kerb.spec.KrbAppSequenceType;
-import org.haox.kerb.spec.common.*;
-
-/**
- -- Encrypted part of ticket
- EncTicketPart ::= [APPLICATION 3] SEQUENCE {
- flags [0] TicketFlags,
- key [1] EncryptionKey,
- crealm [2] Realm,
- cname [3] PrincipalName,
- transited [4] TransitedEncoding,
- authtime [5] KerberosTime,
- starttime [6] KerberosTime OPTIONAL,
- endtime [7] KerberosTime,
- renew-till [8] KerberosTime OPTIONAL,
- caddr [9] HostAddresses OPTIONAL,
- authorization-data [10] AuthorizationData OPTIONAL
- }
- */
-public class EncTicketPart extends KrbAppSequenceType {
- public static final int TAG = 3;
-
- private static int FLAGS = 0;
- private static int KEY = 1;
- private static int CREALM = 2;
- private static int CNAME = 3;
- private static int TRANSITED = 4;
- private static int AUTHTIME = 5;
- private static int STARTTIME = 6;
- private static int ENDTIME = 7;
- private static int RENEW_TILL = 8;
- private static int CADDR = 9;
- private static int AUTHORIZATION_DATA = 10;
-
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new Asn1FieldInfo(FLAGS, 0, TicketFlags.class),
- new Asn1FieldInfo(KEY, 1, EncryptionKey.class),
- new Asn1FieldInfo(CREALM, 2, KerberosString.class),
- new Asn1FieldInfo(CNAME, 3, PrincipalName.class),
- new Asn1FieldInfo(TRANSITED, 4, TransitedEncoding.class),
- new Asn1FieldInfo(AUTHTIME, 5, KerberosTime.class),
- new Asn1FieldInfo(STARTTIME, 6, KerberosTime.class),
- new Asn1FieldInfo(ENDTIME, 7, KerberosTime.class),
- new Asn1FieldInfo(ENDTIME, 8, KerberosTime.class),
- new Asn1FieldInfo(CADDR, 9, HostAddresses.class),
- new Asn1FieldInfo(AUTHORIZATION_DATA, 10, AuthorizationData.class)
- };
-
- public EncTicketPart() {
- super(TAG, fieldInfos);
- }
-
- public TicketFlags getFlags() {
- return getFieldAs(FLAGS, TicketFlags.class);
- }
-
- public void setFlags(TicketFlags flags) {
- setFieldAs(FLAGS, flags);
- }
-
- public EncryptionKey getKey() {
- return getFieldAs(KEY, EncryptionKey.class);
- }
-
- public void setKey(EncryptionKey key) {
- setFieldAs(KEY, key);
- }
-
- public String getCrealm() {
- return getFieldAsString(CREALM);
- }
-
- public void setCrealm(String crealm) {
- setFieldAsString(CREALM, crealm);
- }
-
- public PrincipalName getCname() {
- return getFieldAs(CNAME, PrincipalName.class);
- }
-
- public void setCname(PrincipalName cname) {
- setFieldAs(CNAME, cname);
- }
-
- public TransitedEncoding getTransited() {
- return getFieldAs(TRANSITED, TransitedEncoding.class);
- }
-
- public void setTransited(TransitedEncoding transited) {
- setFieldAs(TRANSITED, transited);
- }
-
- public KerberosTime getAuthTime() {
- return getFieldAs(AUTHTIME, KerberosTime.class);
- }
-
- public void setAuthTime(KerberosTime authTime) {
- setFieldAs(AUTHTIME, authTime);
- }
-
- public KerberosTime getStartTime() {
- return getFieldAs(STARTTIME, KerberosTime.class);
- }
-
- public void setStartTime(KerberosTime startTime) {
- setFieldAs(STARTTIME, startTime);
- }
-
- public KerberosTime getEndTime() {
- return getFieldAs(ENDTIME, KerberosTime.class);
- }
-
- public void setEndTime(KerberosTime endTime) {
- setFieldAs(ENDTIME, endTime);
- }
-
- public KerberosTime getRenewtill() {
- return getFieldAs(RENEW_TILL, KerberosTime.class);
- }
-
- public void setRenewtill(KerberosTime renewtill) {
- setFieldAs(RENEW_TILL, renewtill);
- }
-
- public HostAddresses getClientAddresses() {
- return getFieldAs(CADDR, HostAddresses.class);
- }
-
- public void setClientAddresses(HostAddresses clientAddresses) {
- setFieldAs(CADDR, clientAddresses);
- }
-
- public AuthorizationData getAuthorizationData() {
- return getFieldAs(AUTHORIZATION_DATA, AuthorizationData.class);
- }
-
- public void setAuthorizationData(AuthorizationData authorizationData) {
- setFieldAs(AUTHORIZATION_DATA, authorizationData);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/ServiceTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/ServiceTicket.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/ServiceTicket.java
deleted file mode 100644
index 79f7b3c..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/ServiceTicket.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.haox.kerb.spec.kdc.EncTgsRepPart;
-
-public class ServiceTicket extends AbstractServiceTicket {
- public ServiceTicket(Ticket ticket, EncTgsRepPart encKdcRepPart) {
- super(ticket, encKdcRepPart);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TgtTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TgtTicket.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TgtTicket.java
deleted file mode 100644
index fda0dde..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TgtTicket.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.haox.kerb.spec.common.PrincipalName;
-import org.haox.kerb.spec.kdc.EncAsRepPart;
-
-public class TgtTicket extends AbstractServiceTicket {
- private PrincipalName clientPrincipal;
-
- public TgtTicket(Ticket ticket, EncAsRepPart encKdcRepPart, String clientPrincipal) {
- super(ticket, encKdcRepPart);
- this.clientPrincipal = new PrincipalName(clientPrincipal);
- }
-
- public PrincipalName getClientPrincipal() {
- return clientPrincipal;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Ticket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Ticket.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Ticket.java
deleted file mode 100644
index ec61fe7..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Ticket.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.apache.haox.asn1.type.Asn1FieldInfo;
-import org.apache.haox.asn1.type.Asn1Integer;
-import org.haox.kerb.KrbConstant;
-import org.haox.kerb.spec.KerberosString;
-import org.haox.kerb.spec.KrbAppSequenceType;
-import org.haox.kerb.spec.common.EncryptedData;
-import org.haox.kerb.spec.common.PrincipalName;
-
-/**
- Ticket ::= [APPLICATION 1] SEQUENCE {
- tkt-vno [0] INTEGER (5),
- realm [1] Realm,
- sname [2] PrincipalName,
- enc-part [3] EncryptedData -- EncTicketPart
- }
- */
-public class Ticket extends KrbAppSequenceType {
- public static final int TKT_KVNO = KrbConstant.KRB_V5;
- public static final int TAG = 1;
-
- private static int TKT_VNO = 0;
- private static int REALM = 1;
- private static int SNAME = 2;
- private static int ENC_PART = 3;
-
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new Asn1FieldInfo(TKT_VNO, 0, Asn1Integer.class),
- new Asn1FieldInfo(REALM, 1, KerberosString.class),
- new Asn1FieldInfo(SNAME, 2, PrincipalName.class),
- new Asn1FieldInfo(ENC_PART, 3, EncryptedData.class)
- };
-
- public Ticket() {
- super(TAG, fieldInfos);
- setTktKvno(TKT_KVNO);
- }
-
- private EncTicketPart encPart;
-
- public int getTktvno() {
- return getFieldAsInt(TKT_VNO);
- }
-
- public void setTktKvno(int kvno) {
- setFieldAsInt(TKT_VNO, kvno);
- }
- public PrincipalName getSname() {
- return getFieldAs(SNAME, PrincipalName.class);
- }
-
- public void setSname(PrincipalName sname) {
- setFieldAs(SNAME, sname);
- }
-
- public String getRealm() {
- return getFieldAsString(REALM);
- }
-
- public void setRealm(String realm) {
- setFieldAs(REALM, new KerberosString(realm));
- }
-
- public EncryptedData getEncryptedEncPart() {
- return getFieldAs(ENC_PART, EncryptedData.class);
- }
-
- public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
- setFieldAs(ENC_PART, encryptedEncPart);
- }
-
- public EncTicketPart getEncPart() {
- return encPart;
- }
-
- public void setEncPart(EncTicketPart encPart) {
- this.encPart = encPart;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlag.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlag.java
deleted file mode 100644
index 4a73836..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlag.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.haox.kerb.spec.KrbEnum;
-
-public enum TicketFlag implements KrbEnum {
- NONE(-1),
- FORWARDABLE(0x40000000),
- FORWARDED(0x20000000),
- PROXIABLE(0x10000000),
- PROXY(0x08000000),
- MAY_POSTDATE(0x04000000),
- POSTDATED(0x02000000),
- INVALID(0x01000000),
- RENEWABLE(0x00800000),
- INITIAL(0x00400000),
- PRE_AUTH(0x00200000),
- HW_AUTH(0x00100000),
- TRANSIT_POLICY_CHECKED( 0x00080000),
- OK_AS_DELEGATE(0x00040000),
- ENC_PA_REP(0x00010000),
- ANONYMOUS(0x00008000);
-
- private final int value;
-
- private TicketFlag(int value) {
- this.value = value;
- }
-
- @Override
- public int getValue() {
- return value;
- }
-
- public static TicketFlag fromValue(int value) {
- for (KrbEnum e : values()) {
- if (e.getValue() == value) {
- return (TicketFlag) e;
- }
- }
-
- return NONE;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlags.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlags.java
deleted file mode 100644
index db0a855..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/TicketFlags.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.haox.kerb.spec.common.KrbFlags;
-
-import static org.haox.kerb.spec.ticket.TicketFlag.INVALID;
-
-public class TicketFlags extends KrbFlags {
-
- public TicketFlags() {
- this(0);
- }
-
- public TicketFlags(int value) {
- setFlags(value);
- }
-
- public boolean isInvalid() {
- return isFlagSet(INVALID.getValue());
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Tickets.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Tickets.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Tickets.java
deleted file mode 100644
index b518f72..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/ticket/Tickets.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.haox.kerb.spec.ticket;
-
-import org.haox.kerb.spec.KrbSequenceOfType;
-
-/**
- SEQUENCE OF Ticket
- */
-public class Tickets extends KrbSequenceOfType<Ticket> {
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/AlgorithmIdentifier.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/AlgorithmIdentifier.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/AlgorithmIdentifier.java
deleted file mode 100644
index e6e7d3e..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/AlgorithmIdentifier.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.haox.kerb.spec.x509;
-
-import org.apache.haox.asn1.type.*;
-
-/**
- AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL
- }
- */
-public class AlgorithmIdentifier extends Asn1SequenceType {
- private static int ALGORITHM = 0;
- private static int PARAMETERS = 1;
-
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new Asn1FieldInfo(ALGORITHM, -1, Asn1ObjectIdentifier.class),
- new Asn1FieldInfo(PARAMETERS, -1, Asn1Any.class)
- };
-
- public AlgorithmIdentifier() {
- super(fieldInfos);
- }
-
- public Asn1ObjectIdentifier getAlgorithm() {
- return getFieldAs(ALGORITHM, Asn1ObjectIdentifier.class);
- }
-
- public void setAlgorithm(Asn1ObjectIdentifier algorithm) {
- setFieldAs(ALGORITHM, algorithm);
- }
-
- public Asn1Type getParameters() {
- return getFieldAsAny(PARAMETERS);
- }
-
- public void setParameters(Asn1Type parameters) {
- setFieldAsAny(PARAMETERS, parameters);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/SubjectPublicKeyInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/SubjectPublicKeyInfo.java b/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/SubjectPublicKeyInfo.java
deleted file mode 100644
index 53f89a5..0000000
--- a/haox-kerb/kerb-core/src/main/java/org/haox/kerb/spec/x509/SubjectPublicKeyInfo.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package org.haox.kerb.spec.x509;
-
-import org.apache.haox.asn1.type.Asn1BitString;
-import org.apache.haox.asn1.type.Asn1FieldInfo;
-import org.apache.haox.asn1.type.Asn1SequenceType;
-
-/**
- SubjectPublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- subjectPublicKey BIT STRING
- }
- */
-public class SubjectPublicKeyInfo extends Asn1SequenceType {
- private static int ALGORITHM = 0;
- private static int SUBJECT_PUBLIC_KEY = 1;
-
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new Asn1FieldInfo(ALGORITHM, -1, AlgorithmIdentifier.class),
- new Asn1FieldInfo(SUBJECT_PUBLIC_KEY, -1, Asn1BitString.class)
- };
-
- public SubjectPublicKeyInfo() {
- super(fieldInfos);
- }
-
- public AlgorithmIdentifier getAlgorithm() {
- return getFieldAs(ALGORITHM, AlgorithmIdentifier.class);
- }
-
- public void setAlgorithm(AlgorithmIdentifier algorithm) {
- setFieldAs(ALGORITHM, algorithm);
- }
-
- public byte[] getSubjectPubKey() {
- return getFieldAsOctets(SUBJECT_PUBLIC_KEY);
- }
-
- public void setSubjectPubKey(byte[] subjectPubKey) {
- setFieldAs(SUBJECT_PUBLIC_KEY, new Asn1BitString(subjectPubKey));
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
new file mode 100644
index 0000000..ccdeb3a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
@@ -0,0 +1,49 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+import java.util.Arrays;
+
+public abstract class AbstractCryptoTypeHandler implements CryptoTypeHandler {
+
+ private EncryptProvider encProvider;
+ private HashProvider hashProvider;
+
+ public AbstractCryptoTypeHandler(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ this.encProvider = encProvider;
+ this.hashProvider = hashProvider;
+ }
+
+ @Override
+ public EncryptProvider encProvider() {
+ return encProvider;
+ }
+
+ @Override
+ public HashProvider hashProvider() {
+ return hashProvider;
+ }
+
+ protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2) {
+ return Arrays.equals(cksum1, cksum2);
+ }
+
+ protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2, int cksum2Start, int len) {
+ if (cksum1 == cksum2)
+ return true;
+ if (cksum1 == null || cksum2 == null)
+ return false;
+
+ if (len <= cksum2.length && len <= cksum1.length) {
+ for (int i = 0; i < len; i++)
+ if (cksum1[i] != cksum2[cksum2Start + i])
+ return false;
+ } else {
+ return false;
+ }
+
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java
new file mode 100644
index 0000000..7282107
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java
@@ -0,0 +1,144 @@
+package org.apache.kerberos.kerb.crypto;
+
+public class BytesUtil {
+
+ public static short bytes2short(byte[] bytes, int offset, boolean bigEndian) {
+ short val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 8;
+ val += (bytes[offset + 1] & 0xff);
+ } else {
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static short bytes2short(byte[] bytes, boolean bigEndian) {
+ return bytes2short(bytes, 0, bigEndian);
+ }
+
+ public static byte[] short2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[2];
+
+ short2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void short2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 1] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val ) & 0xff);
+ }
+ }
+
+ public static int bytes2int(byte[] bytes, boolean bigEndian) {
+ return bytes2int(bytes, 0, bigEndian);
+ }
+
+ public static int bytes2int(byte[] bytes, int offset, boolean bigEndian) {
+ int val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 24;
+ val += (bytes[offset + 1] & 0xff) << 16;
+ val += (bytes[offset + 2] & 0xff) << 8;
+ val += (bytes[offset + 3] & 0xff);
+ } else {
+ val += (bytes[offset + 3] & 0xff) << 24;
+ val += (bytes[offset + 2] & 0xff) << 16;
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static byte[] int2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[4];
+
+ int2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void int2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 3] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 3] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val) & 0xff);
+ }
+ }
+
+ public static byte[] long2bytes(long val, boolean bigEndian) {
+ byte[] bytes = new byte[8];
+ long2bytes(val, bytes, 0, bigEndian);
+ return bytes;
+ }
+
+ public static void long2bytes(long val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> ((7 - i) * 8)) & 0xffL);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> (i * 8)) & 0xffL);
+ }
+ }
+ }
+
+ public static long bytes2long(byte[] bytes, boolean bigEndian) {
+ return bytes2long(bytes, 0, bigEndian);
+ }
+
+ public static long bytes2long(byte[] bytes, int offset, boolean bigEndian) {
+ long val = 0;
+
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << ((7 - i) * 8);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << (i * 8);
+ }
+ }
+
+ return val;
+ }
+
+ public static byte[] padding(byte[] data, int block) {
+ int len = data.length;
+ int paddingLen = len % block != 0 ? 8 - len % block : 0;
+ if (paddingLen == 0) {
+ return data;
+ }
+
+ byte[] result = new byte[len + + paddingLen];
+ System.arraycopy(data, 0, result, 0, len);
+ return result;
+ }
+
+ public static byte[] duplicate(byte[] bytes) {
+ return duplicate(bytes, 0, bytes.length);
+ }
+
+ public static byte[] duplicate(byte[] bytes, int offset, int len) {
+ byte[] dup = new byte[len];
+ System.arraycopy(bytes, offset, dup, 0, len);
+ return dup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java
new file mode 100644
index 0000000..232f70c
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java
@@ -0,0 +1,229 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
+ */
+
+public class Camellia {
+ private static final int BLOCK_SIZE = 16;
+ private int[] state = new int[4]; // for encryption and decryption
+
+ private CamelliaKey camKey;
+
+ public void setKey(boolean forEncryption, byte[] key) {
+ camKey = new CamelliaKey(key, forEncryption);
+ }
+
+ private void process128Block(byte[] in, int inOff,
+ byte[] out, int outOff) {
+ for (int i = 0; i < 4; i++) {
+ state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
+ state[i] ^= camKey.kw[i];
+ }
+
+ camKey.f2(state, camKey.subkey, 0);
+ camKey.f2(state, camKey.subkey, 4);
+ camKey.f2(state, camKey.subkey, 8);
+ camKey.fls(state, camKey.ke, 0);
+ camKey.f2(state, camKey.subkey, 12);
+ camKey.f2(state, camKey.subkey, 16);
+ camKey.f2(state, camKey.subkey, 20);
+ camKey.fls(state, camKey.ke, 4);
+ camKey.f2(state, camKey.subkey, 24);
+ camKey.f2(state, camKey.subkey, 28);
+ camKey.f2(state, camKey.subkey, 32);
+
+ state[2] ^= camKey.kw[4];
+ state[3] ^= camKey.kw[5];
+ state[0] ^= camKey.kw[6];
+ state[1] ^= camKey.kw[7];
+
+ BytesUtil.int2bytes(state[2], out, outOff, true);
+ BytesUtil.int2bytes(state[3], out, outOff + 4, true);
+ BytesUtil.int2bytes(state[0], out, outOff + 8, true);
+ BytesUtil.int2bytes(state[1], out, outOff + 12, true);
+ }
+
+ private void processBlockLargerBlock(byte[] in, int inOff,
+ byte[] out, int outOff) {
+ for (int i = 0; i < 4; i++) {
+ state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
+ state[i] ^= camKey.kw[i];
+ }
+
+ camKey.f2(state, camKey.subkey, 0);
+ camKey.f2(state, camKey.subkey, 4);
+ camKey.f2(state, camKey.subkey, 8);
+ camKey.fls(state, camKey.ke, 0);
+ camKey.f2(state, camKey.subkey, 12);
+ camKey.f2(state, camKey.subkey, 16);
+ camKey.f2(state, camKey.subkey, 20);
+ camKey.fls(state, camKey.ke, 4);
+ camKey.f2(state, camKey.subkey, 24);
+ camKey.f2(state, camKey.subkey, 28);
+ camKey.f2(state, camKey.subkey, 32);
+ camKey.fls(state, camKey.ke, 8);
+ camKey.f2(state, camKey.subkey, 36);
+ camKey.f2(state, camKey.subkey, 40);
+ camKey.f2(state, camKey.subkey, 44);
+
+ state[2] ^= camKey.kw[4];
+ state[3] ^= camKey.kw[5];
+ state[0] ^= camKey.kw[6];
+ state[1] ^= camKey.kw[7];
+
+ BytesUtil.int2bytes(state[2], out, outOff, true);
+ BytesUtil.int2bytes(state[3], out, outOff + 4, true);
+ BytesUtil.int2bytes(state[0], out, outOff + 8, true);
+ BytesUtil.int2bytes(state[1], out, outOff + 12, true);
+ }
+
+ public void processBlock(byte[] in, int inOff) {
+ byte[] out = new byte[BLOCK_SIZE];
+
+ if (camKey.is128()) {
+ process128Block(in, inOff, out, 0);
+ } else {
+ processBlockLargerBlock(in, inOff, out, 0);
+ }
+
+ System.arraycopy(out, 0, in, inOff, BLOCK_SIZE);
+ }
+
+ public void encrypt(byte[] data, byte[] iv) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ byte[] cipherState = new byte[BLOCK_SIZE];
+
+ int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
+ if (blocksNum == 1) {
+ cbcEnc(data, 0, 1, cipherState);
+ return;
+ }
+
+ if (iv != null) {
+ System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
+ }
+
+ int contBlocksNum, offset = 0;
+ while (blocksNum > 2) {
+ contBlocksNum = (data.length - offset) / BLOCK_SIZE;
+ if (contBlocksNum > 0) {
+ // Encrypt a series of contiguous blocks in place if we can, but
+ // don't touch the last two blocks.
+ contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
+ cbcEnc(data, offset, contBlocksNum, cipherState);
+ offset += contBlocksNum * BLOCK_SIZE;
+ blocksNum -= contBlocksNum;
+ } else {
+ cbcEnc(data, offset, 1, cipherState);
+ offset += BLOCK_SIZE;
+ blocksNum--;
+ }
+ }
+
+ // Encrypt the last two blocks and store the results in reverse order
+ byte[] blockN2 = new byte[BLOCK_SIZE];
+ byte[] blockN1 = new byte[BLOCK_SIZE];
+
+ System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
+ cbcEnc(blockN2, 0, 1, cipherState);
+ System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
+ cbcEnc(blockN1, 0, 1, cipherState);
+
+ System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
+ System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
+
+ if (iv != null) {
+ System.arraycopy(cipherState, 0, iv, 0, BLOCK_SIZE);
+ }
+ }
+
+ public void decrypt(byte[] data, byte[] iv) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ byte[] cipherState = new byte[BLOCK_SIZE];
+
+ int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
+ if (blocksNum == 1) {
+ cbcDec(data, 0, 1, cipherState);
+ return;
+ }
+
+ if (iv != null) {
+ System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
+ }
+
+ int contBlocksNum, offset = 0;
+ while (blocksNum > 2) {
+ contBlocksNum = (data.length - offset) / BLOCK_SIZE;
+ if (contBlocksNum > 0) {
+ // Decrypt a series of contiguous blocks in place if we can, but
+ // don't touch the last two blocks.
+ contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
+ cbcDec(data, offset, contBlocksNum, cipherState);
+ offset += contBlocksNum * BLOCK_SIZE;
+ blocksNum -= contBlocksNum;
+ } else {
+ cbcDec(data, offset, 1, cipherState);
+ offset += BLOCK_SIZE;
+ blocksNum--;
+ }
+ }
+
+ // Decrypt the last two blocks
+ byte[] blockN2 = new byte[BLOCK_SIZE];
+ byte[] blockN1 = new byte[BLOCK_SIZE];
+ System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
+ System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
+ if (iv != null) {
+ System.arraycopy(blockN2, 0, iv, 0, BLOCK_SIZE);
+ }
+
+ byte[] tmpCipherState = new byte[BLOCK_SIZE];
+ System.arraycopy(blockN1, 0, tmpCipherState, 0, BLOCK_SIZE);
+ cbcDec(blockN2, 0, 1, tmpCipherState);
+ System.arraycopy(blockN2, lastBlockLen, blockN1, lastBlockLen, BLOCK_SIZE - lastBlockLen);
+ cbcDec(blockN1, 0, 1, cipherState);
+
+ System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
+ System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
+ }
+
+ /**
+ * CBC encrypt nblocks blocks of data in place, using and updating iv.
+ */
+ public void cbcEnc(byte[] data, int offset, int blocksNum, byte[] cipherState) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ for (int i = 0; i < blocksNum; ++i) {
+ System.arraycopy(data, offset + i * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
+ Util.xor(cipherState, 0, cipher);
+ processBlock(cipher, 0);
+ System.arraycopy(cipher, 0, data, offset + i * BLOCK_SIZE, BLOCK_SIZE);
+ System.arraycopy(cipher, 0, cipherState, 0, BLOCK_SIZE);
+ }
+ }
+
+ /**
+ * CBC encrypt nblocks blocks of data in place, using and updating iv.
+ */
+ public void cbcDec(byte[] data, int offset, int blocksNum, byte[] cipherState) {
+ byte[] lastBlock = new byte[BLOCK_SIZE];
+ byte[] cipher = new byte[BLOCK_SIZE];
+
+ System.arraycopy(data, offset + (blocksNum - 1) * BLOCK_SIZE, lastBlock, 0, BLOCK_SIZE);
+ for (int i = blocksNum; i > 0; i--) {
+ System.arraycopy(data, offset + (i - 1) * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
+ processBlock(cipher, 0);
+
+ if (i == 1) {
+ Util.xor(cipherState, 0, cipher);
+ } else {
+ Util.xor(data, offset + (i - 2) * BLOCK_SIZE, cipher);
+ }
+
+ System.arraycopy(cipher, 0, data, offset + (i - 1) * BLOCK_SIZE, BLOCK_SIZE);
+ }
+ System.arraycopy(lastBlock, 0, cipherState, 0, BLOCK_SIZE);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java
new file mode 100644
index 0000000..72354a8
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java
@@ -0,0 +1,412 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
+ */
+
+public class CamelliaKey {
+ private int keySize;
+
+ protected int[] subkey = new int[24 * 4];
+ protected int[] kw = new int[4 * 2]; // for whitening
+ protected int[] ke = new int[6 * 2]; // for FL and FL^(-1)
+
+ private static final int SIGMA[] = {
+ 0xa09e667f, 0x3bcc908b,
+ 0xb67ae858, 0x4caa73b2,
+ 0xc6ef372f, 0xe94f82be,
+ 0x54ff53a5, 0xf1d36f1c,
+ 0x10e527fa, 0xde682d1d,
+ 0xb05688c2, 0xb3e6c1fd
+ };
+
+ // S-box data
+ protected static final byte SBOX1[] = {
+ (byte)112, (byte)130, (byte)44, (byte)236,
+ (byte)179, (byte)39, (byte)192, (byte)229,
+ (byte)228, (byte)133, (byte)87, (byte)53,
+ (byte)234, (byte)12, (byte)174, (byte)65,
+ (byte)35, (byte)239, (byte)107, (byte)147,
+ (byte)69, (byte)25, (byte)165, (byte)33,
+ (byte)237, (byte)14, (byte)79, (byte)78,
+ (byte)29, (byte)101, (byte)146, (byte)189,
+ (byte)134, (byte)184, (byte)175, (byte)143,
+ (byte)124, (byte)235, (byte)31, (byte)206,
+ (byte)62, (byte)48, (byte)220, (byte)95,
+ (byte)94, (byte)197, (byte)11, (byte)26,
+ (byte)166, (byte)225, (byte)57, (byte)202,
+ (byte)213, (byte)71, (byte)93, (byte)61,
+ (byte)217, (byte)1, (byte)90, (byte)214,
+ (byte)81, (byte)86, (byte)108, (byte)77,
+ (byte)139, (byte)13, (byte)154, (byte)102,
+ (byte)251, (byte)204, (byte)176, (byte)45,
+ (byte)116, (byte)18, (byte)43, (byte)32,
+ (byte)240, (byte)177, (byte)132, (byte)153,
+ (byte)223, (byte)76, (byte)203, (byte)194,
+ (byte)52, (byte)126, (byte)118, (byte)5,
+ (byte)109, (byte)183, (byte)169, (byte)49,
+ (byte)209, (byte)23, (byte)4, (byte)215,
+ (byte)20, (byte)88, (byte)58, (byte)97,
+ (byte)222, (byte)27, (byte)17, (byte)28,
+ (byte)50, (byte)15, (byte)156, (byte)22,
+ (byte)83, (byte)24, (byte)242, (byte)34,
+ (byte)254, (byte)68, (byte)207, (byte)178,
+ (byte)195, (byte)181, (byte)122, (byte)145,
+ (byte)36, (byte)8, (byte)232, (byte)168,
+ (byte)96, (byte)252, (byte)105, (byte)80,
+ (byte)170, (byte)208, (byte)160, (byte)125,
+ (byte)161, (byte)137, (byte)98, (byte)151,
+ (byte)84, (byte)91, (byte)30, (byte)149,
+ (byte)224, (byte)255, (byte)100, (byte)210,
+ (byte)16, (byte)196, (byte)0, (byte)72,
+ (byte)163, (byte)247, (byte)117, (byte)219,
+ (byte)138, (byte)3, (byte)230, (byte)218,
+ (byte)9, (byte)63, (byte)221, (byte)148,
+ (byte)135, (byte)92, (byte)131, (byte)2,
+ (byte)205, (byte)74, (byte)144, (byte)51,
+ (byte)115, (byte)103, (byte)246, (byte)243,
+ (byte)157, (byte)127, (byte)191, (byte)226,
+ (byte)82, (byte)155, (byte)216, (byte)38,
+ (byte)200, (byte)55, (byte)198, (byte)59,
+ (byte)129, (byte)150, (byte)111, (byte)75,
+ (byte)19, (byte)190, (byte)99, (byte)46,
+ (byte)233, (byte)121, (byte)167, (byte)140,
+ (byte)159, (byte)110, (byte)188, (byte)142,
+ (byte)41, (byte)245, (byte)249, (byte)182,
+ (byte)47, (byte)253, (byte)180, (byte)89,
+ (byte)120, (byte)152, (byte)6, (byte)106,
+ (byte)231, (byte)70, (byte)113, (byte)186,
+ (byte)212, (byte)37, (byte)171, (byte)66,
+ (byte)136, (byte)162, (byte)141, (byte)250,
+ (byte)114, (byte)7, (byte)185, (byte)85,
+ (byte)248, (byte)238, (byte)172, (byte)10,
+ (byte)54, (byte)73, (byte)42, (byte)104,
+ (byte)60, (byte)56, (byte)241, (byte)164,
+ (byte)64, (byte)40, (byte)211, (byte)123,
+ (byte)187, (byte)201, (byte)67, (byte)193,
+ (byte)21, (byte)227, (byte)173, (byte)244,
+ (byte)119, (byte)199, (byte)128, (byte)158
+ };
+
+ public CamelliaKey(byte[] key, boolean isEncrypt) {
+ init(key, isEncrypt);
+ }
+
+ protected boolean is128() {
+ return keySize == 16;
+ }
+
+ private static int rightRotate(int x, int s) {
+ return (((x) >>> (s)) + ((x) << (32 - s)));
+ }
+
+ private static int leftRotate(int x, int s) {
+ return ((x) << (s)) + ((x) >>> (32 - s));
+ }
+
+ private static void roldq(int rot, int[] ki, int ioff,
+ int[] ko, int ooff) {
+ ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
+ ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
+ ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
+ ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
+ ki[0 + ioff] = ko[0 + ooff];
+ ki[1 + ioff] = ko[1 + ooff];
+ ki[2 + ioff] = ko[2 + ooff];
+ ki[3 + ioff] = ko[3 + ooff];
+ }
+
+ private static void decroldq(int rot, int[] ki, int ioff,
+ int[] ko, int ooff) {
+ ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
+ ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
+ ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
+ ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
+ ki[0 + ioff] = ko[2 + ooff];
+ ki[1 + ioff] = ko[3 + ooff];
+ ki[2 + ioff] = ko[0 + ooff];
+ ki[3 + ioff] = ko[1 + ooff];
+ }
+
+ private static void roldqo32(int rot, int[] ki, int ioff,
+ int[] ko, int ooff)
+ {
+ ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
+ ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
+ ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
+ ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
+ ki[0 + ioff] = ko[0 + ooff];
+ ki[1 + ioff] = ko[1 + ooff];
+ ki[2 + ioff] = ko[2 + ooff];
+ ki[3 + ioff] = ko[3 + ooff];
+ }
+
+ private static void decroldqo32(int rot, int[] ki, int ioff,
+ int[] ko, int ooff) {
+ ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
+ ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
+ ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
+ ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
+ ki[0 + ioff] = ko[2 + ooff];
+ ki[1 + ioff] = ko[3 + ooff];
+ ki[2 + ioff] = ko[0 + ooff];
+ ki[3 + ioff] = ko[1 + ooff];
+ }
+
+ private byte lRot8(byte v, int rot)
+ {
+ return (byte)((v << rot) | ((v & 0xff) >>> (8 - rot)));
+ }
+
+ private int sbox2(int x)
+ {
+ return (lRot8(SBOX1[x], 1) & 0xff);
+ }
+
+ private int sbox3(int x)
+ {
+ return (lRot8(SBOX1[x], 7) & 0xff);
+ }
+
+ private int sbox4(int x)
+ {
+ return (SBOX1[((int)lRot8((byte)x, 1) & 0xff)] & 0xff);
+ }
+
+ protected void fls(int[] s, int[] fkey, int keyoff) {
+ s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1);
+ s[0] ^= fkey[1 + keyoff] | s[1];
+
+ s[2] ^= fkey[3 + keyoff] | s[3];
+ s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1);
+ }
+
+ protected void f2(int[] s, int[] skey, int keyoff) {
+ int t1, t2, u, v;
+
+ t1 = s[0] ^ skey[0 + keyoff];
+ u = sbox4((t1 & 0xff));
+ u |= (sbox3(((t1 >>> 8) & 0xff)) << 8);
+ u |= (sbox2(((t1 >>> 16) & 0xff)) << 16);
+ u |= ((int)(SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24);
+
+ t2 = s[1] ^ skey[1 + keyoff];
+ v = (int)SBOX1[(t2 & 0xff)] & 0xff;
+ v |= (sbox4(((t2 >>> 8) & 0xff)) << 8);
+ v |= (sbox3(((t2 >>> 16) & 0xff)) << 16);
+ v |= (sbox2(((t2 >>> 24) & 0xff)) << 24);
+
+ v = leftRotate(v, 8);
+ u ^= v;
+ v = leftRotate(v, 8) ^ u;
+ u = rightRotate(u, 8) ^ v;
+ s[2] ^= leftRotate(v, 16) ^ u;
+ s[3] ^= leftRotate(u, 8);
+
+ t1 = s[2] ^ skey[2 + keyoff];
+ u = sbox4((t1 & 0xff));
+ u |= sbox3(((t1 >>> 8) & 0xff)) << 8;
+ u |= sbox2(((t1 >>> 16) & 0xff)) << 16;
+ u |= ((int)SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24;
+
+ t2 = s[3] ^ skey[3 + keyoff];
+ v = ((int)SBOX1[(t2 & 0xff)] & 0xff);
+ v |= sbox4(((t2 >>> 8) & 0xff)) << 8;
+ v |= sbox3(((t2 >>> 16) & 0xff)) << 16;
+ v |= sbox2(((t2 >>> 24) & 0xff)) << 24;
+
+ v = leftRotate(v, 8);
+ u ^= v;
+ v = leftRotate(v, 8) ^ u;
+ u = rightRotate(u, 8) ^ v;
+ s[0] ^= leftRotate(v, 16) ^ u;
+ s[1] ^= leftRotate(u, 8);
+ }
+
+ private void init(byte[] key, boolean isEncrypt) {
+ keySize = key.length;
+
+ int[] k = new int[8];
+ int[] ka = new int[4];
+ int[] kb = new int[4];
+ int[] t = new int[4];
+
+ switch (key.length) {
+ case 16:
+ k[0] = BytesUtil.bytes2int(key, 0, true);
+ k[1] = BytesUtil.bytes2int(key, 4, true);
+ k[2] = BytesUtil.bytes2int(key, 8, true);
+ k[3] = BytesUtil.bytes2int(key, 12, true);
+ k[4] = k[5] = k[6] = k[7] = 0;
+ break;
+ case 24:
+ k[0] = BytesUtil.bytes2int(key, 0, true);
+ k[1] = BytesUtil.bytes2int(key, 4, true);
+ k[2] = BytesUtil.bytes2int(key, 8, true);
+ k[3] = BytesUtil.bytes2int(key, 12, true);
+ k[4] = BytesUtil.bytes2int(key, 16, true);
+ k[5] = BytesUtil.bytes2int(key, 20, true);
+ k[6] = ~k[4];
+ k[7] = ~k[5];
+ break;
+ case 32:
+ k[0] = BytesUtil.bytes2int(key, 0, true);
+ k[1] = BytesUtil.bytes2int(key, 4, true);
+ k[2] = BytesUtil.bytes2int(key, 8, true);
+ k[3] = BytesUtil.bytes2int(key, 12, true);
+ k[4] = BytesUtil.bytes2int(key, 16, true);
+ k[5] = BytesUtil.bytes2int(key, 20, true);
+ k[6] = BytesUtil.bytes2int(key, 24, true);
+ k[7] = BytesUtil.bytes2int(key, 28, true);
+ break;
+ default:
+ throw new
+ IllegalArgumentException("Invalid key size, only support 16/24/32 bytes");
+ }
+
+ for (int i = 0; i < 4; i++) {
+ ka[i] = k[i] ^ k[i + 4];
+ }
+
+ /* compute KA */
+ f2(ka, SIGMA, 0);
+ for (int i = 0; i < 4; i++) {
+ ka[i] ^= k[i];
+ }
+ f2(ka, SIGMA, 4);
+
+ if (keySize == 16) {
+ if (isEncrypt) {
+ /* KL dependant keys */
+ kw[0] = k[0];
+ kw[1] = k[1];
+ kw[2] = k[2];
+ kw[3] = k[3];
+ roldq(15, k, 0, subkey, 4);
+ roldq(30, k, 0, subkey, 12);
+ roldq(15, k, 0, t, 0);
+ subkey[18] = t[2];
+ subkey[19] = t[3];
+ roldq(17, k, 0, ke, 4);
+ roldq(17, k, 0, subkey, 24);
+ roldq(17, k, 0, subkey, 32);
+ /* KA dependant keys */
+ subkey[0] = ka[0];
+ subkey[1] = ka[1];
+ subkey[2] = ka[2];
+ subkey[3] = ka[3];
+ roldq(15, ka, 0, subkey, 8);
+ roldq(15, ka, 0, ke, 0);
+ roldq(15, ka, 0, t, 0);
+ subkey[16] = t[0];
+ subkey[17] = t[1];
+ roldq(15, ka, 0, subkey, 20);
+ roldqo32(34, ka, 0, subkey, 28);
+ roldq(17, ka, 0, kw, 4);
+
+ } else { // decryption
+ /* KL dependant keys */
+ kw[4] = k[0];
+ kw[5] = k[1];
+ kw[6] = k[2];
+ kw[7] = k[3];
+ decroldq(15, k, 0, subkey, 28);
+ decroldq(30, k, 0, subkey, 20);
+ decroldq(15, k, 0, t, 0);
+ subkey[16] = t[0];
+ subkey[17] = t[1];
+ decroldq(17, k, 0, ke, 0);
+ decroldq(17, k, 0, subkey, 8);
+ decroldq(17, k, 0, subkey, 0);
+ /* KA dependant keys */
+ subkey[34] = ka[0];
+ subkey[35] = ka[1];
+ subkey[32] = ka[2];
+ subkey[33] = ka[3];
+ decroldq(15, ka, 0, subkey, 24);
+ decroldq(15, ka, 0, ke, 4);
+ decroldq(15, ka, 0, t, 0);
+ subkey[18] = t[2];
+ subkey[19] = t[3];
+ decroldq(15, ka, 0, subkey, 12);
+ decroldqo32(34, ka, 0, subkey, 4);
+ roldq(17, ka, 0, kw, 0);
+ }
+ } else { // 192bit or 256bit
+ /* compute KB */
+ for (int i = 0; i < 4; i++) {
+ kb[i] = ka[i] ^ k[i + 4];
+ }
+ f2(kb, SIGMA, 8);
+
+ if (isEncrypt) {
+ /* KL dependant keys */
+ kw[0] = k[0];
+ kw[1] = k[1];
+ kw[2] = k[2];
+ kw[3] = k[3];
+ roldqo32(45, k, 0, subkey, 16);
+ roldq(15, k, 0, ke, 4);
+ roldq(17, k, 0, subkey, 32);
+ roldqo32(34, k, 0, subkey, 44);
+ /* KR dependant keys */
+ roldq(15, k, 4, subkey, 4);
+ roldq(15, k, 4, ke, 0);
+ roldq(30, k, 4, subkey, 24);
+ roldqo32(34, k, 4, subkey, 36);
+ /* KA dependant keys */
+ roldq(15, ka, 0, subkey, 8);
+ roldq(30, ka, 0, subkey, 20);
+ /* 32bit rotation */
+ ke[8] = ka[1];
+ ke[9] = ka[2];
+ ke[10] = ka[3];
+ ke[11] = ka[0];
+ roldqo32(49, ka, 0, subkey, 40);
+
+ /* KB dependant keys */
+ subkey[0] = kb[0];
+ subkey[1] = kb[1];
+ subkey[2] = kb[2];
+ subkey[3] = kb[3];
+ roldq(30, kb, 0, subkey, 12);
+ roldq(30, kb, 0, subkey, 28);
+ roldqo32(51, kb, 0, kw, 4);
+
+ } else { // decryption
+ /* KL dependant keys */
+ kw[4] = k[0];
+ kw[5] = k[1];
+ kw[6] = k[2];
+ kw[7] = k[3];
+ decroldqo32(45, k, 0, subkey, 28);
+ decroldq(15, k, 0, ke, 4);
+ decroldq(17, k, 0, subkey, 12);
+ decroldqo32(34, k, 0, subkey, 0);
+ /* KR dependant keys */
+ decroldq(15, k, 4, subkey, 40);
+ decroldq(15, k, 4, ke, 8);
+ decroldq(30, k, 4, subkey, 20);
+ decroldqo32(34, k, 4, subkey, 8);
+ /* KA dependant keys */
+ decroldq(15, ka, 0, subkey, 36);
+ decroldq(30, ka, 0, subkey, 24);
+ /* 32bit rotation */
+ ke[2] = ka[1];
+ ke[3] = ka[2];
+ ke[0] = ka[3];
+ ke[1] = ka[0];
+ decroldqo32(49, ka, 0, subkey, 4);
+
+ /* KB dependant keys */
+ subkey[46] = kb[0];
+ subkey[47] = kb[1];
+ subkey[44] = kb[2];
+ subkey[45] = kb[3];
+ decroldq(30, kb, 0, subkey, 32);
+ decroldq(30, kb, 0, subkey, 16);
+ roldqo32(51, kb, 0, kw, 0);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java
new file mode 100644
index 0000000..2f25dde
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java
@@ -0,0 +1,134 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.cksum.*;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+
+public class CheckSumHandler {
+
+ public static CheckSumTypeHandler getCheckSumHandler(String cksumType) throws KrbException {
+ CheckSumType eTypeEnum = CheckSumType.fromName(cksumType);
+ return getCheckSumHandler(eTypeEnum);
+ }
+
+ public static CheckSumTypeHandler getCheckSumHandler(int cksumType) throws KrbException {
+ CheckSumType eTypeEnum = CheckSumType.fromValue(cksumType);
+ return getCheckSumHandler(eTypeEnum);
+ }
+
+ public static boolean isImplemented(CheckSumType cksumType) throws KrbException {
+ return getCheckSumHandler(cksumType, true) != null;
+ }
+
+ public static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType) throws KrbException {
+ return getCheckSumHandler(cksumType, false);
+ }
+
+ private static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType, boolean check) throws KrbException {
+ CheckSumTypeHandler cksumHandler = null;
+ switch (cksumType) {
+ case CRC32:
+ cksumHandler = new Crc32CheckSum();
+ break;
+
+ case DES_MAC:
+ cksumHandler = new DesCbcCheckSum();
+ break;
+
+ case RSA_MD4:
+ cksumHandler = new RsaMd4CheckSum();
+ break;
+
+ case RSA_MD5:
+ cksumHandler = new RsaMd5CheckSum();
+ break;
+
+ case NIST_SHA:
+ cksumHandler = new Sha1CheckSum();
+ break;
+
+ case RSA_MD4_DES:
+ cksumHandler = new RsaMd4DesCheckSum();
+ break;
+
+ case RSA_MD5_DES:
+ cksumHandler = new RsaMd5DesCheckSum();
+ break;
+
+ case HMAC_SHA1_DES3:
+ case HMAC_SHA1_DES3_KD:
+ cksumHandler = new HmacSha1Des3CheckSum();
+ break;
+
+ case HMAC_SHA1_96_AES128:
+ cksumHandler = new HmacSha1Aes128CheckSum();
+ break;
+
+ case HMAC_SHA1_96_AES256:
+ cksumHandler = new HmacSha1Aes256CheckSum();
+ break;
+
+ case CMAC_CAMELLIA128:
+ cksumHandler = new CmacCamellia128CheckSum();
+ break;
+
+ case CMAC_CAMELLIA256:
+ cksumHandler = new CmacCamellia256CheckSum();
+ break;
+
+ case HMAC_MD5_ARCFOUR:
+ cksumHandler = new HmacMd5Rc4CheckSum();
+ break;
+
+ case MD5_HMAC_ARCFOUR:
+ cksumHandler = new Md5HmacRc4CheckSum();
+ break;
+
+ default:
+ break;
+ }
+
+ if (cksumHandler == null && ! check) {
+ String message = "Unsupported checksum type: " + cksumType.name();
+ throw new KrbException(KrbErrorCode.KDC_ERR_SUMTYPE_NOSUPP, message);
+ }
+
+ return cksumHandler;
+ }
+
+ public static CheckSum checksum(CheckSumType checkSumType, byte[] bytes) throws KrbException {
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ byte[] checksumBytes = handler.checksum(bytes);
+ CheckSum checkSum = new CheckSum();
+ checkSum.setCksumtype(checkSumType);
+ checkSum.setChecksum(checksumBytes);
+ return checkSum;
+ }
+
+ public static boolean verify(CheckSum checkSum, byte[] bytes) throws KrbException {
+ CheckSumType checkSumType = checkSum.getCksumtype();
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ return handler.verify(bytes, checkSum.getChecksum());
+ }
+
+ public static CheckSum checksumWithKey(CheckSumType checkSumType,
+ byte[] bytes, byte[] key, KeyUsage usage) throws KrbException {
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ byte[] checksumBytes = handler.checksumWithKey(bytes, key, usage.getValue());
+ CheckSum checkSum = new CheckSum();
+ checkSum.setCksumtype(checkSumType);
+ checkSum.setChecksum(checksumBytes);
+ return checkSum;
+ }
+
+ public static boolean verifyWithKey(CheckSum checkSum, byte[] bytes,
+ byte[] key, KeyUsage usage) throws KrbException {
+ CheckSumType checkSumType = checkSum.getCksumtype();
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ return handler.verifyWithKey(bytes, key,
+ usage.getValue(), checkSum.getChecksum());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java
new file mode 100644
index 0000000..175e93b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public interface CheckSumTypeHandler extends CryptoTypeHandler {
+
+ public int confounderSize();
+
+ public CheckSumType cksumType();
+
+ public int computeSize(); // allocation size for checksum computation
+
+ public int outputSize(); // possibly truncated output size
+
+ public boolean isSafe();
+
+ public int cksumSize();
+
+ public int keySize();
+
+ public byte[] checksum(byte[] data) throws KrbException;
+
+ public byte[] checksum(byte[] data, int start, int len) throws KrbException;
+
+ public boolean verify(byte[] data, byte[] checksum) throws KrbException;
+
+ public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException;
+
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException;
+
+ public byte[] checksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException;
+
+ public boolean verifyWithKey(byte[] data,
+ byte[] key, int usage, byte[] checksum) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java
new file mode 100644
index 0000000..d59909d
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java
@@ -0,0 +1,156 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+public class Cmac {
+
+ private static byte[] constRb = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, (byte) 0x87
+ };
+
+ public static byte[] cmac(EncryptProvider encProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return cmac(encProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] cmac(EncryptProvider encProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Cmac.cmac(encProvider, key, data, start, len);
+ if (hash.length > outputSize) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ } else {
+ return hash;
+ }
+ }
+
+ public static byte[] cmac(EncryptProvider encProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return cmac(encProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] cmac(EncryptProvider encProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockSize = encProvider.blockSize();
+
+ byte[] Y = new byte[blockSize];
+ byte[] mLast = new byte[blockSize];
+ byte[] padded = new byte[blockSize];
+ byte[] K1 = new byte[blockSize];
+ byte[] K2 = new byte[blockSize];
+
+ // step 1
+ makeSubkey(encProvider, key, K1, K2);
+
+ // step 2
+ int n = (len + blockSize - 1) / blockSize;
+
+ // step 3
+ boolean lastIsComplete;
+ if (n == 0) {
+ n = 1;
+ lastIsComplete = false;
+ } else {
+ lastIsComplete = ((len % blockSize) == 0);
+ }
+
+ // Step 6 (all but last block)
+ byte[] cipherState = new byte[blockSize];
+ byte[] cipher = new byte[blockSize];
+ for (int i = 0; i < n - 1; i++) {
+ System.arraycopy(data, i * blockSize, cipher, 0, blockSize);
+ encryptBlock(encProvider, key, cipherState, cipher);
+ System.arraycopy(cipher, 0, cipherState, 0, blockSize);
+ }
+
+ // step 5
+ System.arraycopy(cipher, 0, Y, 0, blockSize);
+
+ // step 4
+ int lastPos = (n - 1) * blockSize;
+ int lastLen = lastIsComplete ? blockSize : len % blockSize;
+ byte[] lastBlock = new byte[lastLen];
+ System.arraycopy(data, lastPos, lastBlock, 0, lastLen);
+ if (lastIsComplete) {
+ Util.xor(lastBlock, K1, mLast);
+ } else {
+ padding(lastBlock, padded);
+ Util.xor(padded, K2, mLast);
+ }
+
+ // Step 6 (last block)
+ encryptBlock(encProvider, key, cipherState, mLast);
+
+ return mLast;
+ }
+
+ // Generate subkeys K1 and K2 as described in RFC 4493 figure 2.2.
+ private static void makeSubkey(EncryptProvider encProvider,
+ byte[] key, byte[] K1, byte[] K2) throws KrbException {
+
+ // L := encrypt(K, const_Zero)
+ byte[] L = new byte[K1.length];
+ Arrays.fill(L, (byte) 0);
+ encryptBlock(encProvider, key, null, L);
+
+ // K1 := (MSB(L) == 0) ? L << 1 : (L << 1) XOR const_Rb
+ if ((L[0] & 0x80) == 0) {
+ leftShiftByOne(L, K1);
+ } else {
+ byte[] tmp = new byte[K1.length];
+ leftShiftByOne(L, tmp);
+ Util.xor(tmp, constRb, K1);
+ }
+
+ // K2 := (MSB(K1) == 0) ? K1 << 1 : (K1 << 1) XOR const_Rb
+ if ((K1[0] & 0x80) == 0) {
+ leftShiftByOne(K1, K2);
+ } else {
+ byte[] tmp = new byte[K1.length];
+ leftShiftByOne(K1, tmp);
+ Util.xor(tmp, constRb, K2);
+ }
+ }
+
+ private static void encryptBlock(EncryptProvider encProvider,
+ byte[] key, byte[] cipherState, byte[] block) throws KrbException {
+ if (cipherState == null) {
+ cipherState = new byte[encProvider.blockSize()];
+ }
+ if (encProvider.supportCbcMac()) {
+ encProvider.cbcMac(key, cipherState, block);
+ } else {
+ encProvider.encrypt(key, cipherState, block);
+ }
+ }
+
+ private static void leftShiftByOne(byte[] input, byte[] output) {
+ byte overflow = 0;
+
+ for (int i = input.length - 1; i >= 0; i--) {
+ output[i] = (byte) (input[i] << 1);
+ output[i] |= overflow;
+ overflow = (byte) ((input[i] & 0x80) != 0 ? 1 : 0);
+ }
+ }
+
+ // Padding out data with a 1 bit followed by 0 bits, placing the result in pad
+ private static void padding(byte[] data, byte[] padded) {
+ int len = data.length;
+
+ // original last block
+ System.arraycopy(data, 0, padded, 0, len);
+
+ padded[len] = (byte) 0x80;
+
+ for (int i = len + 1; i < padded.length; i++) {
+ padded[i] = 0x00;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java
new file mode 100644
index 0000000..a79fa43
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Confounder {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static byte[] makeBytes(int size) {
+ byte[] data = new byte[size];
+ srand.nextBytes(data);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java
new file mode 100644
index 0000000..52441c8
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java
@@ -0,0 +1,99 @@
+package org.apache.kerberos.kerb.crypto;
+
+public class Crc32 {
+
+ private static long[] crcTable = {
+ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
+ 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
+ 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
+ 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+ 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
+ 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
+ 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
+ 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
+ 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
+ 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
+ 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
+ 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
+ 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
+ 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
+ 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+ 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
+ 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+ 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
+ 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
+ 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
+ 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
+ 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+ 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
+ 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+ 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
+ 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
+ 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+ 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
+ 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
+ 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
+ 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
+ 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
+ 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
+ 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+ 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
+ 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
+ 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+ 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
+ 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+ 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
+ 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
+ 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
+ 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
+ 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+ 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
+ };
+
+ public static byte[] crc(byte[] data, int start, int size) {
+ long c = crc(0, data, start, size);
+ return convert((int) c);
+ }
+
+ public static long crc(long seed, byte[] data, int start, int len) {
+ long c = seed;
+
+ int idx;
+ for (int i = 0; i < len; i++) {
+ idx = (int) ((data[start + i] ^ c) & 0xff);
+ c = ((c & 0xffffffffL) >>> 8) ^ crcTable[idx]; // why?
+ }
+
+ return c;
+ }
+
+ private static byte[] convert(int val) {
+ byte[] p = new byte[4];
+
+ p[3] = (byte) ((val >> 24) & 0xff);
+ p[2] = (byte) ((val >> 16) & 0xff);
+ p[1] = (byte) ((val >> 8) & 0xff);
+ p[0] = (byte) ((val ) & 0xff);
+
+ return p;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java
new file mode 100644
index 0000000..fee7433
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public interface CryptoTypeHandler {
+
+ public String name();
+
+ public String displayName();
+
+ public EncryptProvider encProvider();
+
+ public HashProvider hashProvider();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
new file mode 100644
index 0000000..da9a3ae
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.crypto;
+
+import javax.crypto.spec.DESKeySpec;
+import java.security.InvalidKeyException;
+
+public class Des {
+
+ public static boolean isWeakKey(byte[] key) {
+ try {
+ return (DESKeySpec.isWeak(key, 0));
+ } catch (InvalidKeyException ex) {
+ return true;
+ }
+ }
+
+ public static byte[] fixKey(byte[] key) {
+ if (Des.isWeakKey(key)) {
+ key[7] ^= 0xf0;
+ }
+ return key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java
new file mode 100644
index 0000000..1021106
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public interface EncTypeHandler extends CryptoTypeHandler {
+
+ public EncryptionType eType();
+
+ public int keyInputSize();
+
+ public int keySize();
+
+ public int confounderSize();
+
+ public int checksumSize();
+
+ public int paddingSize();
+
+ public byte[] str2key(String string,
+ String salt, byte[] param) throws KrbException;
+
+ public byte[] random2Key(byte[] randomBits) throws KrbException;
+
+ public CheckSumType checksumType();
+
+ public byte[] encrypt(byte[] data, byte[] key, int usage)
+ throws KrbException;
+
+ public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException;
+
+ public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java
new file mode 100644
index 0000000..10af3cc
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java
@@ -0,0 +1,154 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.enc.*;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.*;
+
+public class EncryptionHandler {
+
+ public static EncryptionType getEncryptionType(String eType) throws KrbException {
+ EncryptionType result = EncryptionType.fromName(eType);
+ return result;
+ }
+
+ public static EncTypeHandler getEncHandler(String eType) throws KrbException {
+ EncryptionType result = EncryptionType.fromName(eType);
+ return getEncHandler(result);
+ }
+
+ public static EncTypeHandler getEncHandler(int eType) throws KrbException {
+ EncryptionType eTypeEnum = EncryptionType.fromValue(eType);
+ return getEncHandler(eTypeEnum);
+ }
+
+ public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException {
+ return getEncHandler(eType, false);
+ }
+
+ private static EncTypeHandler getEncHandler(EncryptionType eType, boolean check) throws KrbException {
+ EncTypeHandler encHandler = null;
+ switch (eType) {
+ case DES_CBC_CRC:
+ encHandler = new DesCbcCrcEnc();
+ break;
+
+ case DES_CBC_MD5:
+ case DES:
+ encHandler = new DesCbcMd5Enc();
+ break;
+
+ case DES_CBC_MD4:
+ encHandler = new DesCbcMd4Enc();
+ break;
+
+ case DES3_CBC_SHA1:
+ case DES3_CBC_SHA1_KD:
+ case DES3_HMAC_SHA1:
+ encHandler = new Des3CbcSha1Enc();
+ break;
+
+ case AES128_CTS_HMAC_SHA1_96:
+ case AES128_CTS:
+ encHandler = new Aes128CtsHmacSha1Enc();
+ break;
+
+ case AES256_CTS_HMAC_SHA1_96:
+ case AES256_CTS:
+ encHandler = new Aes256CtsHmacSha1Enc();
+ break;
+
+ case CAMELLIA128_CTS_CMAC:
+ case CAMELLIA128_CTS:
+ encHandler = new Camellia128CtsCmacEnc();
+ break;
+
+ case CAMELLIA256_CTS_CMAC:
+ case CAMELLIA256_CTS:
+ encHandler = new Camellia256CtsCmacEnc();
+ break;
+
+ case RC4_HMAC:
+ case ARCFOUR_HMAC:
+ case ARCFOUR_HMAC_MD5:
+ encHandler = new Rc4HmacEnc();
+ break;
+
+ case RC4_HMAC_EXP:
+ case ARCFOUR_HMAC_EXP:
+ case ARCFOUR_HMAC_MD5_EXP:
+ encHandler = new Rc4HmacExpEnc();
+ break;
+
+ case NONE:
+ default:
+ break;
+ }
+
+ if (encHandler == null && ! check) {
+ String message = "Unsupported encryption type: " + eType.name();
+ throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message);
+ }
+
+ return encHandler;
+ }
+
+ public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+ byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue());
+
+ EncryptedData ed = new EncryptedData();
+ ed.setCipher(cipher);
+ ed.setEType(key.getKeyType());
+ ed.setKvno(key.getKvno());
+
+ return ed;
+ }
+
+ public static byte[] decrypt(byte[] data, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+ byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue());
+ return plainData;
+ }
+
+ public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+ byte[] plainData = handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue());
+ return plainData;
+ }
+
+ public static boolean isImplemented(EncryptionType eType) {
+ EncTypeHandler handler = null;
+ try {
+ handler = getEncHandler(eType, true);
+ } catch (KrbException e) {
+ return false;
+ }
+ return handler != null;
+ }
+
+ public static EncryptionKey string2Key(String principalName,
+ String passPhrase, EncryptionType eType) throws KrbException {
+ PrincipalName principal = new PrincipalName(principalName);
+ return string2Key(passPhrase,
+ PrincipalName.makeSalt(principal), null, eType);
+ }
+
+ public static EncryptionKey string2Key(String string, String salt,
+ byte[] s2kparams, EncryptionType eType) throws KrbException {
+ EncTypeHandler handler = getEncHandler(eType);
+ byte[] keyBytes = handler.str2key(string, salt, s2kparams);
+ return new EncryptionKey(eType, keyBytes);
+ }
+
+ public static EncryptionKey random2Key(EncryptionType eType) throws KrbException {
+ EncTypeHandler handler = getEncHandler(eType);
+
+ byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
+ byte[] keyBytes = handler.random2Key(randomBytes);
+ EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
+ return encKey;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
new file mode 100644
index 0000000..486f6e1
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
@@ -0,0 +1,53 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public class Hmac {
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockLen = hashProvider.blockSize();
+ byte[] ipad = new byte[blockLen];
+ byte[] opad = new byte[blockLen];
+
+ int ki;
+ for (int i = 0; i < blockLen; i++) {
+ ki = (i < key.length) ? key[i] : 0;
+ ipad[i] = (byte)(ki ^ 0x36);
+ opad[i] = (byte)(ki ^ 0x5c);
+ }
+
+ hashProvider.hash(ipad);
+
+ hashProvider.hash(data, start, len);
+
+ byte[] tmp = hashProvider.output();
+
+ hashProvider.hash(opad);
+ hashProvider.hash(tmp);
+
+ tmp = hashProvider.output();
+ return tmp;
+ }
+}