You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 01:56:58 UTC
[34/50] [abbrv] directory-kerberos git commit: Many changes with
newname
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem b/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem
deleted file mode 100644
index 66dc806..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
-NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
-s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
-AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
-usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
-Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
-Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
-IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
-Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
-zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
-0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
-tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
-GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
-L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
-pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
-YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
-/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
-XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
-VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
-ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
-XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
-IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
-OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
-oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
-5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
------END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc b/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
deleted file mode 100644
index 8052f71..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
+++ /dev/null
@@ -1,36 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-[kdc_cert]
-basicConstraints=CA:FALSE
-keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
-extendedKeyUsage=1.3.6.1.5.2.3.5
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-issuerAltName=issuer:copy
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
-
-[kdc_princ_name]
-realm=EXP:0,GeneralString:${ENV::REALM}
-principal_name=EXP:1,SEQUENCE:kdc_principal_seq
-
-[kdc_principal_seq]
-name_type=EXP:0,INTEGER:1
-name_string=EXP:1,SEQUENCE:kdc_principals
-
-[kdc_principals]
-princ1=GeneralString:krbtgt
-princ2=GeneralString:${ENV::REALM}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf b/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
deleted file mode 100644
index d118dd1..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[libdefaults]
- default_realm = {0}
- udp_preference_limit = 1
-
-[realms]
- {0} = '{'
- kdc = {1}:{2}
- '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff b/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
deleted file mode 100644
index bc989c3..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
+++ /dev/null
@@ -1,46 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-dn: ou=users,dc=${0},dc=${1}
-objectClass: organizationalUnit
-objectClass: top
-ou: users
-
-dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: KDC Service
-sn: Service
-uid: krbtgt
-userPassword: secret
-krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
-krb5KeyVersionNumber: 0
-
-dn: uid=ldap,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: LDAP
-sn: Service
-uid: ldap
-userPassword: secret
-krb5PrincipalName: ldap/${4}@${2}.${3}
-krb5KeyVersionNumber: 0
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem b/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
deleted file mode 100644
index 67e538c..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
-VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
-DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
-YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
-MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
-c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
-A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
-a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
-fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
-quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
-nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
-EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
-JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
-DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
-Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
-HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
-ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
-AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
-YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
-txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
-R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
-FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
-5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem b/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
deleted file mode 100644
index c9e75e2..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
-8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
-2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
-GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
-fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
-DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
-QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
-6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
-bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
-5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
-8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
-XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
-kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
-Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
-P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
-KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
-qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
-7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
-UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
-n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
-5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
-AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
-KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
-9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
-7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
------END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem b/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem
deleted file mode 100644
index 67e538c..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
-VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
-DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
-YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
-MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
-c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
-A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
-a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
-fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
-quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
-nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
-EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
-JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
-DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
-Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
-HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
-ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
-AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
-YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
-txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
-R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
-FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
-5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem b/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem
deleted file mode 100644
index c9e75e2..0000000
--- a/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
-8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
-2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
-GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
-fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
-DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
-QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
-6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
-bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
-5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
-8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
-XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
-kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
-Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
-P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
-KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
-qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
-7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
-UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
-n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
-5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
-AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
-KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
-9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
-7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
------END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
deleted file mode 100644
index 325baeb..0000000
--- a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
-import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
-import org.junit.Assert;
-import org.junit.Test;
-
-public class KdcTest extends KdcTestBase {
-
- private String password = "123456";
-
- @Override
- protected void setUpKdcServer() throws Exception {
- super.setUpKdcServer();
- kdcServer.createPrincipal(clientPrincipal, password);
- }
-
- @Test
- public void testKdc() throws Exception {
- kdcServer.start();
- Assert.assertTrue(kdcServer.isStarted());
-
- krbClnt.init();
- TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
- Assert.assertNotNull(tgt);
-
- ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
- Assert.assertNotNull(tkt);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java
deleted file mode 100644
index a692582..0000000
--- a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.client.KrbClient;
-import org.apache.kerberos.kerb.server.TestKdcServer;
-import org.junit.After;
-import org.junit.Before;
-
-public abstract class KdcTestBase {
-
- protected String kdcRealm;
- protected String clientPrincipal;
- protected String serverPrincipal;
-
- protected String hostname = "localhost";
- protected short tcpPort = 8088;
- protected short udpPort = 8089;
-
- protected TestKdcServer kdcServer;
- protected KrbClient krbClnt;
-
- @Before
- public void setUp() throws Exception {
- setUpKdcServer();
- setUpClient();
- }
-
- protected void setUpKdcServer() throws Exception {
- kdcServer = new TestKdcServer();
- kdcServer.setKdcHost(hostname);
- kdcServer.setKdcTcpPort(tcpPort);
- kdcServer.setKdcUdpPort(udpPort);
- kdcServer.init();
-
- kdcRealm = kdcServer.getKdcRealm();
- clientPrincipal = "drankye@" + kdcRealm;
-
- serverPrincipal = "test-service/localhost@" + kdcRealm;
- kdcServer.createPrincipals(serverPrincipal);
- }
-
- protected void setUpClient() throws Exception {
- krbClnt = new KrbClient(hostname, tcpPort);
- krbClnt.setTimeout(5);
- krbClnt.setKdcRealm(kdcServer.getKdcRealm());
- }
-
-
-
- @After
- public void tearDown() throws Exception {
- kdcServer.stop();
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java
deleted file mode 100644
index eeb9e62..0000000
--- a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
-import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
-import org.haox.pki.Pkix;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-
-/**
- openssl genrsa -out cakey.pem 2048
- openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
- vi extensions.kdc
- openssl genrsa -out kdckey.pem 2048
- openssl req -new -out kdc.req -key kdckey.pem
- env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
- -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
- */
-public class WithCertKdcTest extends KdcTestBase {
-
- private Certificate userCert;
- private PrivateKey userKey;
-
- @Override
- protected void setUpClient() throws Exception {
- super.setUpClient();
-
- loadCredentials();
- }
-
- @Override
- protected void setUpKdcServer() throws Exception {
- super.setUpKdcServer();
- kdcServer.createPrincipals(clientPrincipal);
- }
-
- //@Test
- public void testKdc() throws Exception {
- Assert.assertNotNull(userCert);
-
- kdcServer.start();
- Assert.assertTrue(kdcServer.isStarted());
- krbClnt.init();
-
- TgtTicket tgt = null;
- try {
- tgt = krbClnt.requestTgtTicket(clientPrincipal, userCert, userKey, null);
- } catch (KrbException te) {
- Assert.assertTrue(te.getMessage().contains("timeout"));
- return;
- }
- Assert.assertNull(tgt);
-
- ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
- Assert.assertNull(tkt);
- }
-
- private void loadCredentials() throws IOException, GeneralSecurityException {
- InputStream res = getClass().getResourceAsStream("/usercert.pem");
- userCert = Pkix.getCerts(res).iterator().next();
-
- res = getClass().getResourceAsStream("/userkey.pem");
- userKey = Pkix.getPrivateKey(res, null);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java
deleted file mode 100644
index e47cff4..0000000
--- a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
-import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
-import org.haox.token.KerbToken;
-import org.junit.Assert;
-import org.junit.Test;
-
-public class WithTokenKdcTest extends KdcTestBase {
-
- private KerbToken token;
-
- @Override
- protected void setUpKdcServer() throws Exception {
- super.setUpKdcServer();
- kdcServer.createPrincipals(clientPrincipal);
- }
-
- //@Test
- public void testKdc() throws Exception {
- kdcServer.start();
- Assert.assertTrue(kdcServer.isStarted());
- krbClnt.init();
-
- TgtTicket tgt = null;
- try {
- tgt = krbClnt.requestTgtTicket(clientPrincipal, token, null);
- } catch (KrbException te) {
- Assert.assertTrue(te.getMessage().contains("timeout"));
- return;
- }
- Assert.assertNull(tgt);
-
- ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
- Assert.assertNull(tkt);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/pom.xml b/haox-kerb/kerb-server/pom.xml
deleted file mode 100644
index 0fd7984..0000000
--- a/haox-kerb/kerb-server/pom.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License. See accompanying LICENSE file.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <groupId>org.haox</groupId>
- <artifactId>haox-kerb</artifactId>
- <version>1.0-SNAPSHOT</version>
- </parent>
-
- <artifactId>kerb-server</artifactId>
-
- <name>Haox-kerb Server</name>
- <description>Haox-kerb Server</description>
-
- <dependencies>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>haox-config</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>kerb-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>kerb-common</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>kerb-identity</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>haox-event</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>haox-pkix</artifactId>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
-</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
deleted file mode 100644
index 75db95d..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.haox.config.Conf;
-import org.apache.kerberos.kerb.common.KrbConfHelper;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-
-import java.util.List;
-
-public class KdcConfig {
- protected Conf conf;
-
- public KdcConfig() {
- this.conf = new Conf();
- }
-
- public Conf getConf() {
- return this.conf;
- }
-
- public boolean enableDebug() {
- return conf.getBoolean(KdcConfigKey.KRB_DEBUG);
- }
-
- public String getKdcServiceName() {
- return conf.getString(KdcConfigKey.KDC_SERVICE_NAME);
- }
-
- public String getWorkDir() {
- return conf.getString(KdcConfigKey.WORK_DIR);
- }
-
- public String getKdcHost() {
- return conf.getString(KdcConfigKey.KDC_HOST);
- }
-
- public short getKdcTcpPort() {
- Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_TCP_PORT);
- return kdcTcpPort.shortValue();
- }
-
- public short getKdcUdpPort() {
- Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_UDP_PORT);
- return kdcUdpPort.shortValue();
- }
-
- public String getKdcRealm() {
- return conf.getString(KdcConfigKey.KDC_REALM);
- }
-
- public String getKdcDomain() {
- return conf.getString(KdcConfigKey.KDC_DOMAIN);
- }
-
- public boolean isPreauthRequired() {
- return conf.getBoolean(KdcConfigKey.PREAUTH_REQUIRED);
- }
-
- public String getTgsPrincipal() {
- return conf.getString(KdcConfigKey.TGS_PRINCIPAL);
- }
-
- public long getAllowableClockSkew() {
- return conf.getLong(KdcConfigKey.ALLOWABLE_CLOCKSKEW);
- }
-
- public boolean isEmptyAddressesAllowed() {
- return conf.getBoolean(KdcConfigKey.EMPTY_ADDRESSES_ALLOWED);
- }
-
- public boolean isForwardableAllowed() {
- return conf.getBoolean(KdcConfigKey.FORWARDABLE_ALLOWED);
- }
-
- public boolean isPostdatedAllowed() {
- return conf.getBoolean(KdcConfigKey.POSTDATED_ALLOWED);
- }
-
- public boolean isProxiableAllowed() {
- return conf.getBoolean(KdcConfigKey.PROXIABLE_ALLOWED);
- }
-
- public boolean isRenewableAllowed() {
- return conf.getBoolean(KdcConfigKey.RENEWABLE_ALLOWED);
- }
-
- public long getMaximumRenewableLifetime() {
- return conf.getLong(KdcConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
- }
-
- public long getMaximumTicketLifetime() {
- return conf.getLong(KdcConfigKey.MAXIMUM_TICKET_LIFETIME);
- }
-
- public long getMinimumTicketLifetime() {
- return conf.getLong(KdcConfigKey.MINIMUM_TICKET_LIFETIME);
- }
-
- public List<EncryptionType> getEncryptionTypes() {
- List<String> eTypes = conf.getList(KdcConfigKey.ENCRYPTION_TYPES);
- return KrbConfHelper.getEncryptionTypes(eTypes);
- }
-
- public boolean isPaEncTimestampRequired() {
- return conf.getBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED);
- }
-
- public boolean isBodyChecksumVerified() {
- return conf.getBoolean(KdcConfigKey.VERIFY_BODY_CHECKSUM);
- }
-
- public String getDefaultLoggingLocation() {
- return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.DEFAULT);
- }
-
- public String getKdcLoggingLocation() {
- return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.KDC);
- }
-
- public String getAdminLoggingLocation() {
- return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.ADMIN_SERVER);
- }
-
- public boolean isRestrictAnonymousToTgt() {
- return KrbConfHelper.getBooleanUnderSection(conf, KdcConfigKey.RESTRICT_ANONYMOUS_TO_TGT);
- }
-
- public int getKdcMaxDgramReplySize() {
- return KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_MAX_DGRAM_REPLY_SIZE);
- }
-
- public String[] getLdapKerberosContainerDn() {
- return KrbConfHelper.getStringArrayUnderSection(conf, KdcConfigKey.LDAP_KERBEROS_CONTAINER_DN);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
deleted file mode 100644
index 54c5703..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.haox.config.ConfigKey;
-import org.apache.kerberos.kerb.common.SectionConfigKey;
-
-public enum KdcConfigKey implements SectionConfigKey {
- KRB_DEBUG(true),
- WORK_DIR,
- KDC_SERVICE_NAME("Haox_KDC_Server"),
- KDC_HOST("127.0.0.1"),
- KDC_UDP_PORT(8016, "kdcdefaults"),
- KDC_TCP_PORT(8015, "kdcdefaults"),
- KDC_DOMAIN("example.com"),
- KDC_REALM("EXAMPLE.COM"),
- TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
- PREAUTH_REQUIRED(true),
- ALLOWABLE_CLOCKSKEW(5 * 60L),
- EMPTY_ADDRESSES_ALLOWED(true),
- PA_ENC_TIMESTAMP_REQUIRED(true),
- MAXIMUM_TICKET_LIFETIME(24 * 3600L),
- MINIMUM_TICKET_LIFETIME(1 * 3600L),
- MAXIMUM_RENEWABLE_LIFETIME(48 * 3600L),
- FORWARDABLE_ALLOWED(true),
- POSTDATED_ALLOWED(true),
- PROXIABLE_ALLOWED(true),
- RENEWABLE_ALLOWED(true),
- VERIFY_BODY_CHECKSUM(true),
- ENCRYPTION_TYPES(new String[] { "aes128-cts-hmac-sha1-96", "des3-cbc-sha1-kd" }),
- RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
- KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
-
- //logging location TODO the default log location need to be determinded.
- DEFAULT(null, "logging"),
- KDC(null, "logging"),
- ADMIN_SERVER(null, "logging"),
-
- //dbdefaults
- LDAP_KERBEROS_CONTAINER_DN(null, "dbdefaults");
-
- private Object defaultValue;
- /**
- * The name of a section where a config key is contained in MIT Kerberos config file.
- */
- private String sectionName;
-
- private KdcConfigKey() {
- this.defaultValue = null;
- }
-
- private KdcConfigKey(Object defaultValue) {
- this.defaultValue = defaultValue;
- }
-
- private KdcConfigKey(Object defaultValue, String sectionName) {
- this(defaultValue);
- this.sectionName = sectionName;
- }
-
- /**
- * Use the propertyKey, we can get the configuration value from Object Conf.
- */
- @Override
- public String getPropertyKey() {
- return name().toLowerCase();
- }
-
- @Override
- public Object getDefaultValue() {
- return this.defaultValue;
- }
-
- @Override
- public String getSectionName() {
- return sectionName;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java
deleted file mode 100644
index 431df70..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.identity.IdentityService;
-import org.apache.kerberos.kerb.server.preauth.PreauthHandler;
-import org.apache.kerberos.kerb.server.replay.ReplayCheckService;
-
-import java.util.List;
-
-public class KdcContext {
- private KdcConfig config;
- private List<String> supportedKdcRealms;
- private String kdcRealm;
- private IdentityService identityService;
- private ReplayCheckService replayCache;
- private PreauthHandler preauthHandler;
-
- public void init(KdcConfig config) {
- this.config = config;
- }
-
- public KdcConfig getConfig() {
- return config;
- }
-
- public void setPreauthHandler(PreauthHandler preauthHandler) {
- this.preauthHandler = preauthHandler;
- }
-
- public PreauthHandler getPreauthHandler() {
- return this.preauthHandler;
- }
-
- public List<String> getSupportedKdcRealms() {
- return supportedKdcRealms;
- }
-
- public void setSupportedKdcRealms(List<String> supportedKdcRealms) {
- this.supportedKdcRealms = supportedKdcRealms;
- }
-
- public void setKdcRealm(String realm) {
- this.kdcRealm = realm;
- }
-
- public String getServerRealm() {
- return config.getKdcRealm();
- }
-
- public String getKdcRealm() {
- if (kdcRealm != null) {
- return kdcRealm;
- }
- return config.getKdcRealm();
- }
-
- public void setReplayCache(ReplayCheckService replayCache) {
- this.replayCache = replayCache;
- }
-
- public ReplayCheckService getReplayCache() {
- return replayCache;
- }
-
- public void setIdentityService(IdentityService identityService) {
- this.identityService = identityService;
- }
-
-
- public IdentityService getIdentityService() {
- return identityService;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java
deleted file mode 100644
index 086487f..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.common.KrbUtil;
-import org.apache.kerberos.kerb.identity.IdentityService;
-import org.apache.kerberos.kerb.server.preauth.PreauthHandler;
-import org.apache.kerberos.kerb.server.replay.ReplayCheckService;
-import org.apache.kerberos.kerb.server.request.AsRequest;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.server.request.TgsRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.KrbMessage;
-import org.apache.kerberos.kerb.spec.common.KrbMessageType;
-import org.apache.kerberos.kerb.spec.kdc.AsReq;
-import org.apache.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.kerberos.kerb.spec.kdc.TgsReq;
-import org.apache.haox.transport.MessageHandler;
-import org.apache.haox.transport.Transport;
-import org.apache.haox.transport.event.MessageEvent;
-import org.apache.haox.transport.tcp.TcpTransport;
-
-import java.net.InetSocketAddress;
-import java.nio.ByteBuffer;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-public class KdcHandler extends MessageHandler {
-
- private List<String> kdcRealms = new ArrayList<String>(1);
- private Map<String, KdcContext> kdcContexts;
-
- private KdcConfig kdcConfig;
- private PreauthHandler preauthHandler;
-
- // TODO: per realm for below
- private IdentityService identityService;
- private ReplayCheckService replayCheckService;
-
- /**
- * Should be called when all the necessary properties are set
- */
- public void init() {
- loadKdcRealms();
-
- preauthHandler = new PreauthHandler();
- preauthHandler.init(kdcConfig);
-
- kdcContexts = new HashMap<String, KdcContext>(1);
- for (String realm : kdcRealms) {
- initRealmContext(realm);
- }
- }
-
- private void initRealmContext(String kdcRealm) {
- KdcContext kdcContext = new KdcContext();
- kdcContext.init(kdcConfig);
- kdcContext.setKdcRealm(kdcRealm);
- kdcContext.setPreauthHandler(preauthHandler);
- kdcContext.setIdentityService(identityService);
- kdcContext.setReplayCache(replayCheckService);
-
- kdcContexts.put(kdcRealm, kdcContext);
- }
-
- public void setKdcRealm(String realm) {
- this.kdcRealms.add(realm);
- }
-
- public void setConfig(KdcConfig config) {
- this.kdcConfig = config;
- }
-
- public void setIdentityService(IdentityService identityService) {
- this.identityService = identityService;
- }
-
- @Override
- protected void handleMessage(MessageEvent event) throws Exception {
- ByteBuffer message = event.getMessage();
- Transport transport = event.getTransport();
-
- KrbMessage krbRequest = KrbUtil.decodeMessage(message);
- KdcRequest kdcRequest = null;
-
- KrbMessageType messageType = krbRequest.getMsgType();
- if (messageType == KrbMessageType.TGS_REQ || messageType == KrbMessageType.AS_REQ) {
- KdcReq kdcReq = (KdcReq) krbRequest;
- String realm = getRequestRealm(kdcReq);
- if (realm == null || !kdcContexts.containsKey(realm)) {
- throw new KrbException("Invalid realm from kdc request: " + realm);
- }
-
- KdcContext kdcContext = kdcContexts.get(realm);
- if (messageType == KrbMessageType.TGS_REQ) {
- kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
- } else if (messageType == KrbMessageType.AS_REQ) {
- kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
- }
- }
-
- InetSocketAddress clientAddress = transport.getRemoteAddress();
- kdcRequest.setClientAddress(clientAddress.getAddress());
- boolean isTcp = (transport instanceof TcpTransport);
- kdcRequest.isTcp(isTcp);
-
- kdcRequest.process();
-
- KrbMessage krbResponse = kdcRequest.getReply();
- KrbUtil.sendMessage(krbResponse, transport);
- }
-
- private void loadKdcRealms() {
- if (kdcRealms.isEmpty()) {
- kdcRealms.add(kdcConfig.getKdcRealm());
- }
- }
-
- private String getRequestRealm(KdcReq kdcReq) {
- String realm = kdcReq.getReqBody().getRealm();
- if (realm == null && kdcReq.getReqBody().getCname() != null) {
- realm = kdcReq.getReqBody().getCname().getRealm();
- }
- if (realm == null || realm.isEmpty()) {
- realm = "NULL-KDC-REALM";
- }
- return realm;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java
deleted file mode 100644
index db101c1..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.haox.event.EventHub;
-import org.apache.kerberos.kerb.common.KrbStreamingDecoder;
-import org.apache.kerberos.kerb.identity.IdentityService;
-import org.apache.haox.transport.Network;
-
-import java.io.File;
-
-public class KdcServer {
- private String kdcHost;
- private short kdcTcpPort;
- private short kdcUdpPort;
- private String kdcRealm;
-
- private boolean started;
- private String serviceName = "HaoxKdc";
-
- private KdcHandler kdcHandler;
- private EventHub eventHub;
-
- protected KdcConfig kdcConfig;
- protected IdentityService identityService;
- protected File workDir;
-
- public KdcServer() {
- kdcConfig = new KdcConfig();
- }
-
- public void init() {
- initConfig();
-
- initWorkDir();
- }
-
- protected void initWorkDir() {
- String path = kdcConfig.getWorkDir();
- File file;
- if (path != null) {
- file = new File(path);
- file.mkdirs();
- } else {
- file = new File(".");
- }
-
- this.workDir = file;
- }
-
- protected void initConfig() {}
-
- public void start() {
- try {
- doStart();
- } catch (Exception e) {
- throw new RuntimeException("Failed to start " + getServiceName(), e);
- }
-
- started = true;
- }
-
- public String getKdcRealm() {
- if (kdcRealm != null) {
- return kdcRealm;
- }
- return kdcConfig.getKdcRealm();
- }
-
- private String getKdcHost() {
- if (kdcHost != null) {
- return kdcHost;
- }
- return kdcConfig.getKdcHost();
- }
-
- private short getKdcTcpPort() {
- if (kdcTcpPort > 0) {
- return kdcTcpPort;
- }
- return kdcConfig.getKdcTcpPort();
- }
-
- private short getKdcUdpPort() {
- if (kdcUdpPort > 0) {
- return kdcUdpPort;
- }
- return kdcConfig.getKdcUdpPort();
- }
-
- public void setKdcHost(String kdcHost) {
- this.kdcHost = kdcHost;
- }
-
- public void setKdcTcpPort(short kdcTcpPort) {
- this.kdcTcpPort = kdcTcpPort;
- }
-
- public void setKdcUdpPort(short kdcUdpPort) {
- this.kdcUdpPort = kdcUdpPort;
- }
-
- public void setKdcRealm(String realm) {
- this.kdcRealm = realm;
- }
-
- public boolean enableDebug() {
- return kdcConfig.enableDebug();
- }
-
- protected void doStart() throws Exception {
- prepareHandler();
-
- this.eventHub = new EventHub();
-
- eventHub.register(kdcHandler);
-
- Network network = new Network();
- network.setStreamingDecoder(new KrbStreamingDecoder());
- eventHub.register(network);
-
- eventHub.start();
- network.tcpListen(getKdcHost(), getKdcTcpPort());
- network.udpListen(getKdcHost(), getKdcUdpPort());
- }
-
- private void prepareHandler() {
- this.kdcHandler = new KdcHandler();
- kdcHandler.setConfig(kdcConfig);
- kdcHandler.setIdentityService(identityService);
- if (kdcRealm != null) {
- kdcHandler.setKdcRealm(kdcRealm);
- }
- kdcHandler.init();
- }
-
- public void stop() {
- try {
- doStop();
- } catch (Exception e) {
- throw new RuntimeException("Failed to stop " + getServiceName());
- }
- }
-
- protected void doStop() throws Exception {
- eventHub.stop();
- }
-
- public KdcConfig getConfig() {
- return kdcConfig;
- }
-
- public boolean isStarted() {
- return started;
- }
-
- protected void setStarted( boolean started ) {
- this.started = started;
- }
-
- protected void setServiceName( String name ) {
- this.serviceName = name;
- }
-
- protected String getServiceName() {
- if (serviceName != null) {
- return serviceName;
- }
- return kdcConfig.getKdcServiceName();
- }
-
- public IdentityService getIdentityService() {
- return identityService;
- }
-
- protected void setIdentityService(IdentityService identityService) {
- this.identityService = identityService;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java
deleted file mode 100644
index 6134afd..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.kerberos.kerb.identity.IdentityService;
-import org.apache.kerberos.kerb.identity.backend.SimpleIdentityBackend;
-
-import java.io.File;
-
-public class SimpleKdcServer extends KdcServer {
-
- public SimpleKdcServer() {
- super();
- }
-
- public void init() {
- super.init();
- initIdentityService();
- }
-
- protected void initIdentityService() {
- File identityFile = new File(workDir, "simplekdb.dat");
- IdentityService identityService = new SimpleIdentityBackend(identityFile);
- setIdentityService(identityService);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
deleted file mode 100644
index 4a4dc41..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth;
-
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class AbstractPreauthPlugin implements KdcPreauth {
-
- private PreauthPluginMeta pluginMeta;
-
- public AbstractPreauthPlugin(PreauthPluginMeta meta) {
- this.pluginMeta = meta;
- }
-
- @Override
- public String getName() {
- return pluginMeta.getName();
- }
-
- public int getVersion() {
- return pluginMeta.getVersion();
- }
-
- public PaDataType[] getPaTypes() {
- return pluginMeta.getPaTypes();
- }
-
- @Override
- public void initWith(KdcContext kdcContext) {
-
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- return null;
- }
-
- @Override
- public void provideEdata(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaData outPaData) throws KrbException {
-
- }
-
- @Override
- public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataEntry paData) throws KrbException {
- return false;
- }
-
- @Override
- public void providePaData(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaData paData) {
-
- }
-
- @Override
- public PaFlags getFlags(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataType paType) {
- return null;
- }
-
- @Override
- public void destroy() {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java
deleted file mode 100644
index a426f7d..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth;
-
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.fast.FastOptions;
-import org.apache.kerberos.kerb.spec.fast.KrbFastArmor;
-import org.apache.kerberos.kerb.spec.kdc.KdcReq;
-
-public class FastContext {
-
- public KdcReq fastOuterRequest;
- public EncryptionKey armorKey;
- public KrbFastArmor fastArmor;
- public FastOptions fastOptions;
- public int nonce;
- public int fastFlags;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java
deleted file mode 100644
index c137b6a..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth;
-
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-/**
- * KDC side preauth plugin module
- */
-public interface KdcPreauth extends PreauthPluginMeta {
-
- /**
- * Initializing plugin context for each realm
- */
- public void initWith(KdcContext context);
-
- /**
- * Initializing request context
- */
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest);
-
- /**
- * Optional: provide pa_data to send to the client as part of the "you need to
- * use preauthentication" error.
- */
- public void provideEdata(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaData outPaData) throws KrbException;
-
- /**
- * Optional: verify preauthentication data sent by the client, setting the
- * TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
- * field as appropriate.
- */
- public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataEntry paData) throws KrbException;
-
- /**
- * Optional: generate preauthentication response data to send to the client as
- * part of the AS-REP.
- */
- public void providePaData(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaData paData);
-
- /**
- * Return PA_REAL if pa_type is a real preauthentication type or PA_INFO if it is
- * an informational type.
- */
- public PaFlags getFlags(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataType paType);
-
- /**
- * When exiting...
- */
- public void destroy();
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java
deleted file mode 100644
index d2812e9..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthContext {
- private boolean preauthRequired = true;
- private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
-
- public PreauthContext() {
-
- }
-
- public boolean isPreauthRequired() {
- return preauthRequired;
- }
-
- public void setPreauthRequired(boolean preauthRequired) {
- this.preauthRequired = preauthRequired;
- }
-
- public List<PreauthHandle> getHandles() {
- return handles;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java
deleted file mode 100644
index 90f8724..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth;
-
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-
-public class PreauthHandle {
-
- public KdcPreauth preauth;
- public PluginRequestContext requestContext;
-
- public PreauthHandle(KdcPreauth preauth) {
- this.preauth = preauth;
- }
-
- public void initRequestContext(KdcRequest kdcRequest) {
- requestContext = preauth.initRequestContext(kdcRequest);
- }
-
- public void provideEdata(KdcRequest kdcRequest, PaData outPaData) throws KrbException {
- preauth.provideEdata(kdcRequest, requestContext, outPaData);
- }
-
- public void verify(KdcRequest kdcRequest, PaDataEntry paData) throws KrbException {
- preauth.verify(kdcRequest, requestContext, paData);
- }
-
- public void providePaData(KdcRequest kdcRequest, PaData paData) {
- preauth.providePaData(kdcRequest, requestContext, paData);
- }
-
- public void destroy() {
- preauth.destroy();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java
deleted file mode 100644
index d8d9bca..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth;
-
-import org.apache.kerberos.kerb.server.KdcConfig;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.server.preauth.builtin.EncTsPreauth;
-import org.apache.kerberos.kerb.server.preauth.builtin.TgtPreauth;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthHandler {
-
- private List<KdcPreauth> preauths;
-
- /**
- * Should be called only once, for global
- */
- public void init(KdcConfig kdcConfig) {
- loadPreauthPlugins(kdcConfig);
- }
-
- private void loadPreauthPlugins(KdcConfig kdcConfig) {
- preauths = new ArrayList<KdcPreauth>();
-
- KdcPreauth preauth = new EncTsPreauth();
- preauths.add(preauth);
-
- preauth = new TgtPreauth();
- preauths.add(preauth);
- }
-
- /**
- * Should be called per realm
- * @param context
- */
- public void initWith(KdcContext context) {
- for (KdcPreauth preauth : preauths) {
- preauth.initWith(context);
- }
- }
-
- public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
- PreauthContext preauthContext = new PreauthContext();
-
- KdcContext kdcContext = kdcRequest.getKdcContext();
- preauthContext.setPreauthRequired(kdcContext.getConfig().isPreauthRequired());
-
- for (KdcPreauth preauth : preauths) {
- PreauthHandle handle = new PreauthHandle(preauth);
- handle.initRequestContext(kdcRequest);
- preauthContext.getHandles().add(handle);
- }
-
- return preauthContext;
- }
-
- public void provideEdata(KdcRequest kdcRequest, PaData outPaData) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- handle.provideEdata(kdcRequest, outPaData);
- }
- }
-
- public void verify(KdcRequest kdcRequest, PaData paData) throws KrbException {
- for (PaDataEntry paEntry : paData.getElements()) {
- PreauthHandle handle = findHandle(kdcRequest, paEntry.getPaDataType());
- if (handle != null) {
- handle.verify(kdcRequest, paEntry);
- }
- }
- }
-
- public void providePaData(KdcRequest kdcRequest, PaData paData) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- handle.providePaData(kdcRequest, paData);
- }
- }
-
- private PreauthHandle findHandle(KdcRequest kdcRequest, PaDataType paType) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- for (PaDataType pt : handle.preauth.getPaTypes()) {
- if (pt == paType) {
- return handle;
- }
- }
- }
- return null;
- }
-
- public void destroy() {
- for (KdcPreauth preauth : preauths) {
- preauth.destroy();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
deleted file mode 100644
index 5c7e6d0..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth.builtin;
-
-import org.apache.kerberos.kerb.KrbErrorCode;
-import org.apache.kerberos.kerb.codec.KrbCodec;
-import org.apache.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.builtin.EncTsPreauthMeta;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptedData;
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.common.KeyUsage;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaEncTsEnc;
-
-public class EncTsPreauth extends AbstractPreauthPlugin {
-
- public EncTsPreauth() {
- super(new EncTsPreauthMeta());
- }
-
- @Override
- public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataEntry paData) throws KrbException {
- EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class);
- EncryptionKey clientKey = kdcRequest.getClientKey(encData.getEType());
- PaEncTsEnc timestamp = EncryptionUtil.unseal(encData, clientKey,
- KeyUsage.AS_REQ_PA_ENC_TS, PaEncTsEnc.class);
-
- KdcContext kdcContext = kdcRequest.getKdcContext();
- long clockSkew = kdcContext.getConfig().getAllowableClockSkew() * 1000;
- if (!timestamp.getAllTime().isInClockSkew(clockSkew)) {
- throw new KrbException(KrbErrorCode.KDC_ERR_PREAUTH_FAILED);
- }
-
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
deleted file mode 100644
index 0cdc582..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth.builtin;
-
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.builtin.TgtPreauthMeta;
-import org.apache.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.server.request.TgsRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-
-public class TgtPreauth extends AbstractPreauthPlugin {
-
- public TgtPreauth() {
- super(new TgtPreauthMeta());
- }
-
- @Override
- public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataEntry paData) throws KrbException {
-
- TgsRequest tgsRequest = (TgsRequest) kdcRequest;
- tgsRequest.verifyAuthenticator(paData);
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java
deleted file mode 100644
index 19e8561..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth.pkinit;
-
-import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
-import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
-
-public class PkinitKdcContext {
-
- public PluginOpts pluginOpts;
- public IdentityOpts identityOpts;
- public String realm;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
deleted file mode 100644
index 7d621e7..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth.pkinit;
-
-import org.apache.kerberos.kerb.codec.KrbCodec;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerberos.kerb.spec.pa.pkinit.PaPkAsReq;
-
-import java.util.HashMap;
-import java.util.Map;
-
-public class PkinitPreauth extends AbstractPreauthPlugin {
-
- private Map<String, PkinitKdcContext> pkinitContexts;
-
- public PkinitPreauth() {
- super(new PkinitPreauthMeta());
-
- pkinitContexts = new HashMap<String, PkinitKdcContext>(1);
- }
-
- @Override
- public void initWith(KdcContext kdcContext) {
- super.initWith(kdcContext);
-
- PkinitKdcContext tmp = new PkinitKdcContext();
- tmp.realm = kdcContext.getKdcRealm();
- pkinitContexts.put(kdcContext.getKdcRealm(), tmp);
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- PkinitRequestContext reqCtx = new PkinitRequestContext();
-
- //reqCtx.updateRequestOpts(pkinitContext.pluginOpts);
-
- return reqCtx;
- }
-
- @Override
- public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
- PaDataEntry paData) throws KrbException {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
- PkinitKdcContext pkinitContext = findContext(kdcRequest.getServerPrincipal());
- if (pkinitContext == null) {
- return false;
- }
-
- reqCtx.paType = paData.getPaDataType();
- if (paData.getPaDataType() == PaDataType.PK_AS_REQ) {
- PaPkAsReq paPkAsReq = KrbCodec.decode(paData.getPaDataValue(), PaPkAsReq.class);
- if (paPkAsReq == null) {
- return false;
- }
- }
-
- return true;
- }
-
- private PkinitKdcContext findContext(PrincipalName principal) {
- String realm = principal.getRealm();
- if (pkinitContexts.containsKey(realm)) {
- return pkinitContexts.get(realm);
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java
deleted file mode 100644
index e207fe4..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth.pkinit;
-
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerberos.kerb.spec.pa.pkinit.AuthPack;
-
-public class PkinitRequestContext implements PluginRequestContext {
-
- public AuthPack authPack;
- public PaDataType paType;
-}