You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 22:47:52 UTC
[13/45] directory-kerberos git commit: DIRKRB-149 New layout
structure with the new name "Apache Kerby"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java
new file mode 100644
index 0000000..4a67feb
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ ExternalPrincipalIdentifier ::= SEQUENCE {
+ subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
+ issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
+ subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL
+ }
+ */
+public class ExternalPrincipalIdentifier extends KrbSequenceType {
+ private static int SUBJECT_NAME = 0;
+ private static int ISSUER_AND_SERIAL_NUMBER = 1;
+ private static int SUBJECT_KEY_IDENTIFIER = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(SUBJECT_NAME, Asn1OctetString.class, true),
+ new Asn1FieldInfo(ISSUER_AND_SERIAL_NUMBER, Asn1OctetString.class, true),
+ new Asn1FieldInfo(SUBJECT_KEY_IDENTIFIER, Asn1OctetString.class, true)
+ };
+
+ public ExternalPrincipalIdentifier() {
+ super(fieldInfos);
+ }
+
+ public byte[] getSubjectName() {
+ return getFieldAsOctets(SUBJECT_NAME);
+ }
+
+ public void setSubjectName(byte[] subjectName) {
+ setFieldAsOctets(SUBJECT_NAME, subjectName);
+ }
+
+ public byte[] getIssuerSerialNumber() {
+ return getFieldAsOctets(ISSUER_AND_SERIAL_NUMBER);
+ }
+
+ public void setIssuerSerialNumber(byte[] issuerSerialNumber) {
+ setFieldAsOctets(ISSUER_AND_SERIAL_NUMBER, issuerSerialNumber);
+ }
+
+ public byte[] getSubjectKeyIdentifier() {
+ return getFieldAsOctets(SUBJECT_KEY_IDENTIFIER);
+ }
+
+ public void setSubjectKeyIdentifier(byte[] subjectKeyIdentifier) {
+ setFieldAsOctets(SUBJECT_KEY_IDENTIFIER, subjectKeyIdentifier);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
new file mode 100644
index 0000000..97c6003
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1BitString;
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ KDCDHKeyInfo ::= SEQUENCE {
+ subjectPublicKey [0] BIT STRING,
+ nonce [1] INTEGER (0..4294967295),
+ dhKeyExpiration [2] KerberosTime OPTIONAL,
+ }
+ */
+public class KdcDHKeyInfo extends KrbSequenceType {
+ private static int SUBJECT_PUBLICK_KEY = 0;
+ private static int NONCE = 1;
+ private static int DH_KEY_EXPIRATION = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(SUBJECT_PUBLICK_KEY, Asn1BitString.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class),
+ new Asn1FieldInfo(DH_KEY_EXPIRATION, KerberosTime.class)
+ };
+
+ public KdcDHKeyInfo() {
+ super(fieldInfos);
+ }
+
+ public byte[] getSubjectPublicKey() {
+ return getFieldAsOctets(SUBJECT_PUBLICK_KEY);
+ }
+
+ public void setSubjectPublicKey(byte[] subjectPublicKey) {
+ setFieldAsOctets(SUBJECT_PUBLICK_KEY, subjectPublicKey);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java
new file mode 100644
index 0000000..543b7c8
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.common.Realm;
+
+/**
+ KRB5PrincipalName ::= SEQUENCE {
+ realm [0] Realm,
+ principalName [1] PrincipalName
+ }
+ */
+public class Krb5PrincipalName extends KrbSequenceType {
+ private static int REALM = 0;
+ private static int PRINCIPAL_NAME = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(REALM, Realm.class),
+ new Asn1FieldInfo(PRINCIPAL_NAME, PrincipalName.class)
+ };
+
+ public Krb5PrincipalName() {
+ super(fieldInfos);
+ }
+
+ public String getRelm() {
+ return getFieldAsString(REALM);
+ }
+
+ public void setRealm(String realm) {
+ setFieldAsString(REALM, realm);
+ }
+
+ public PrincipalName getPrincipalName() {
+ return getFieldAs(PRINCIPAL_NAME, PrincipalName.class);
+ }
+
+ public void setPrincipalName(PrincipalName principalName) {
+ setFieldAs(PRINCIPAL_NAME, principalName);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java
new file mode 100644
index 0000000..952bea6
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1Choice;
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+
+/**
+ PA-PK-AS-REP ::= CHOICE {
+ dhInfo [0] DHRepInfo,
+ encKeyPack [1] IMPLICIT OCTET STRING,
+ }
+ */
+public class PaPkAsRep extends Asn1Choice {
+ private static int DH_INFO = 0;
+ private static int ENCKEY_PACK = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(DH_INFO, DHRepInfo.class),
+ new Asn1FieldInfo(ENCKEY_PACK, Asn1OctetString.class, true)
+ };
+
+ public PaPkAsRep() {
+ super(fieldInfos);
+ }
+
+ public DHRepInfo getDHRepInfo() {
+ return getFieldAs(DH_INFO, DHRepInfo.class);
+ }
+
+ public void setDHRepInfo(DHRepInfo dhRepInfo) {
+ setFieldAs(DH_INFO, dhRepInfo);
+ }
+
+ public byte[] getEncKeyPack() {
+ return getFieldAsOctets(ENCKEY_PACK);
+ }
+
+ public void setEncKeyPack(byte[] encKeyPack) {
+ setFieldAsOctets(ENCKEY_PACK, encKeyPack);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java
new file mode 100644
index 0000000..79e6e55
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-PK-AS-REQ ::= SEQUENCE {
+ signedAuthPack [0] IMPLICIT OCTET STRING,
+ trustedCertifiers [1] SEQUENCE OF ExternalPrincipalIdentifier OPTIONAL,
+ kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL
+ }
+ */
+public class PaPkAsReq extends KrbSequenceType {
+ private static int SIGNED_AUTH_PACK = 0;
+ private static int TRUSTED_CERTIFIERS = 1;
+ private static int KDC_PKID = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(SIGNED_AUTH_PACK, Asn1OctetString.class, true),
+ new Asn1FieldInfo(TRUSTED_CERTIFIERS, TrustedCertifiers.class),
+ new Asn1FieldInfo(KDC_PKID, Asn1OctetString.class, true)
+ };
+
+ public PaPkAsReq() {
+ super(fieldInfos);
+ }
+
+ public byte[] getSignedAuthPack() {
+ return getFieldAsOctets(SIGNED_AUTH_PACK);
+ }
+
+ public void setSignedAuthPack(byte[] signedAuthPack) {
+ setFieldAsOctets(SIGNED_AUTH_PACK, signedAuthPack);
+ }
+
+ public TrustedCertifiers getTrustedCertifiers() {
+ return getFieldAs(TRUSTED_CERTIFIERS, TrustedCertifiers.class);
+ }
+
+ public void setTrustedCertifiers(TrustedCertifiers trustedCertifiers) {
+ setFieldAs(TRUSTED_CERTIFIERS, trustedCertifiers);
+ }
+
+ public byte[] getKdcPkId() {
+ return getFieldAsOctets(KDC_PKID);
+ }
+
+ public void setKdcPkId(byte[] kdcPkId) {
+ setFieldAsOctets(KDC_PKID, kdcPkId);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java
new file mode 100644
index 0000000..d1fafd7
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PKAuthenticator ::= SEQUENCE {
+ cusec [0] INTEGER (0..999999),
+ ctime [1] KerberosTime,
+ -- cusec and ctime are used as in [RFC4120], for
+ -- replay prevention.
+ nonce [2] INTEGER (0..4294967295),
+ -- Chosen randomly; this nonce does not need to
+ -- match with the nonce in the KDC-REQ-BODY.
+ paChecksum [3] OCTET STRING OPTIONAL,
+ -- MUST be present.
+ -- Contains the SHA1 checksum, performed over
+ -- KDC-REQ-BODY.
+ }
+ */
+public class PkAuthenticator extends KrbSequenceType {
+ private static int CUSEC = 0;
+ private static int CTIME = 1;
+ private static int NONCE = 2;
+ private static int PA_CHECKSUM = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(CUSEC, Asn1Integer.class),
+ new Asn1FieldInfo(CTIME, KerberosTime.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class),
+ new Asn1FieldInfo(PA_CHECKSUM, Asn1OctetString.class)
+ };
+
+ public PkAuthenticator() {
+ super(fieldInfos);
+ }
+
+ public int getCusec() {
+ return getFieldAsInt(CUSEC);
+ }
+
+ public void setCusec(int cusec) {
+ setFieldAsInt(CUSEC, cusec);
+ }
+
+ public KerberosTime getCtime() {
+ return getFieldAsTime(CTIME);
+ }
+
+ public void setCtime(KerberosTime ctime) {
+ setFieldAs(CTIME, ctime);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+
+ public byte[] getPaChecksum() {
+ return getFieldAsOctets(PA_CHECKSUM);
+ }
+
+ public void setPaChecksum(byte[] paChecksum) {
+ setFieldAsOctets(PA_CHECKSUM, paChecksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java
new file mode 100644
index 0000000..af0dfc3
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+
+/**
+ ReplyKeyPack ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ asChecksum [1] Checksum,
+ }
+ */
+public class ReplyKeyPack extends KrbSequenceType {
+ private static int REPLY_KEY = 0;
+ private static int AS_CHECKSUM = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(REPLY_KEY, EncryptionKey.class),
+ new Asn1FieldInfo(AS_CHECKSUM, CheckSum.class)
+ };
+
+ public ReplyKeyPack() {
+ super(fieldInfos);
+ }
+
+ public EncryptionKey getReplyKey() {
+ return getFieldAs(REPLY_KEY, EncryptionKey.class);
+ }
+
+ public void setReplyKey(EncryptionKey replyKey) {
+ setFieldAs(REPLY_KEY, replyKey);
+ }
+
+ public CheckSum getAsChecksum() {
+ return getFieldAs(AS_CHECKSUM, CheckSum.class);
+ }
+
+ public void setAsChecksum(CheckSum checkSum) {
+ setFieldAs(AS_CHECKSUM, checkSum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java
new file mode 100644
index 0000000..77e82b1
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+/**
+ * TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+ */
+public class TdDhParameters extends AlgorithmIdentifiers {
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java
new file mode 100644
index 0000000..418b213
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ trustedCertifiers SEQUENCE OF ExternalPrincipalIdentifier OPTIONAL,
+ */
+public class TrustedCertifiers extends KrbSequenceOfType<ExternalPrincipalIdentifier> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenChallenge.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenChallenge.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenChallenge.java
new file mode 100644
index 0000000..5956fc7
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenChallenge.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-TOKEN-CHALLENGE ::= SEQUENCE {
+ tokenInfos [0] SEQUENCE (SIZE(1..MAX)) OF TokenInfo,
+ }
+*/
+public class PaTokenChallenge extends KrbSequenceType {
+ private static int TOKENINFOS = 0;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TOKENINFOS, TokenInfos.class)
+ };
+
+ public PaTokenChallenge() {
+ super(fieldInfos);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
new file mode 100644
index 0000000..6b08a6f
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbToken;
+
+/**
+ PA-TOKEN-REQUEST ::= SEQUENCE {
+ token [0] OCTET STRING,
+ tokenInfo [1] TokenInfo
+ }
+*/
+public class PaTokenRequest extends KrbSequenceType {
+ private static int TOKEN_INFO = 0;
+ private static int TOKEN = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TOKEN_INFO, TokenInfo.class),
+ new Asn1FieldInfo(TOKEN, KrbToken.class)
+ };
+
+ public PaTokenRequest() {
+ super(fieldInfos);
+ }
+
+ public KrbToken getToken() {
+ return getFieldAs(TOKEN, KrbToken.class);
+ }
+
+ public void setToken(KrbToken token) {
+ setFieldAs(TOKEN, token);
+ }
+
+ public String getTokenInfo() {
+ return getFieldAsString(TOKEN_INFO);
+ }
+
+ public void setTokenInfo(TokenInfo tokenInfo) {
+ setFieldAs(TOKEN_INFO, tokenInfo);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlag.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlag.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlag.java
new file mode 100644
index 0000000..75f06f6
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlag.java
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbEnum;
+
+public enum TokenFlag implements KrbEnum {
+ NONE(-1),
+ ID_TOKEN_REQUIRED(0x40000000),
+ AC_TOKEN_REQUIRED(0x20000000),
+ BEARER_TOKEN_REQUIRED(0x10000000),
+ HOK_TOKEN_REQUIRED(0x08000000);
+
+ private final int value;
+
+ private TokenFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static TokenFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (TokenFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlags.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlags.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlags.java
new file mode 100644
index 0000000..af6e0f9
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenFlags.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbFlags;
+
+import static org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlag.INVALID;
+
+public class TokenFlags extends KrbFlags {
+
+ public TokenFlags() {
+ this(0);
+ }
+
+ public TokenFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isInvalid() {
+ return isFlagSet(INVALID.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfo.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfo.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfo.java
new file mode 100644
index 0000000..43533ca
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfo.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.asn1.type.Asn1Utf8String;
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ TokenInfo ::= SEQUENCE {
+ flags [0] TokenFlags,
+ tokenVendor [1] UTF8String,
+ }
+ */
+public class TokenInfo extends KrbSequenceType {
+ private static int FLAGS = 0;
+ private static int TOKEN_VENDOR = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FLAGS, Asn1OctetString.class, true),
+ new Asn1FieldInfo(TOKEN_VENDOR, Asn1Utf8String.class),
+ };
+
+ public TokenInfo() {
+ super(fieldInfos);
+ }
+
+ public TokenFlags getFlags() {
+ return getFieldAs(FLAGS, TokenFlags.class);
+ }
+
+ public void setFlags(TokenFlags flags) {
+ setFieldAs(FLAGS, flags);
+ }
+
+ public String getTokenVendor() {
+ return getFieldAsString(TOKEN_VENDOR);
+ }
+
+ public void setTokenVendor(String tokenVendor) {
+ setFieldAs(TOKEN_VENDOR, new Asn1Utf8String(tokenVendor));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfos.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfos.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfos.java
new file mode 100644
index 0000000..85d6e58
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/TokenInfos.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ SEQUENCE (SIZE(1..MAX)) OF TokenInfo,
+*/
+public class TokenInfos extends KrbSequenceOfType<TokenInfo> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/AbstractServiceTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/AbstractServiceTicket.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/AbstractServiceTicket.java
new file mode 100644
index 0000000..28f5dea
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/AbstractServiceTicket.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.kdc.EncKdcRepPart;
+
+public class AbstractServiceTicket {
+ private Ticket ticket;
+ private EncKdcRepPart encKdcRepPart;
+
+ public AbstractServiceTicket(Ticket ticket, EncKdcRepPart encKdcRepPart) {
+ this.ticket = ticket;
+ this.encKdcRepPart = encKdcRepPart;
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+
+ public EncKdcRepPart getEncKdcRepPart() {
+ return encKdcRepPart;
+ }
+
+ public EncryptionKey getSessionKey() {
+ return encKdcRepPart.getKey();
+ }
+
+ public String getRealm() {
+ return ticket.getRealm();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/EncTicketPart.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/EncTicketPart.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/EncTicketPart.java
new file mode 100644
index 0000000..86d0e33
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/EncTicketPart.java
@@ -0,0 +1,164 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.kerberos.kerb.spec.KerberosString;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerby.kerberos.kerb.spec.common.*;
+
+/**
+ -- Encrypted part of ticket
+ EncTicketPart ::= [APPLICATION 3] SEQUENCE {
+ flags [0] TicketFlags,
+ key [1] EncryptionKey,
+ crealm [2] Realm,
+ cname [3] PrincipalName,
+ transited [4] TransitedEncoding,
+ authtime [5] KerberosTime,
+ starttime [6] KerberosTime OPTIONAL,
+ endtime [7] KerberosTime,
+ renew-till [8] KerberosTime OPTIONAL,
+ caddr [9] HostAddresses OPTIONAL,
+ authorization-data [10] AuthorizationData OPTIONAL
+ }
+ */
+public class EncTicketPart extends KrbAppSequenceType {
+ public static final int TAG = 3;
+
+ private static int FLAGS = 0;
+ private static int KEY = 1;
+ private static int CREALM = 2;
+ private static int CNAME = 3;
+ private static int TRANSITED = 4;
+ private static int AUTHTIME = 5;
+ private static int STARTTIME = 6;
+ private static int ENDTIME = 7;
+ private static int RENEW_TILL = 8;
+ private static int CADDR = 9;
+ private static int AUTHORIZATION_DATA = 10;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FLAGS, 0, TicketFlags.class),
+ new Asn1FieldInfo(KEY, 1, EncryptionKey.class),
+ new Asn1FieldInfo(CREALM, 2, KerberosString.class),
+ new Asn1FieldInfo(CNAME, 3, PrincipalName.class),
+ new Asn1FieldInfo(TRANSITED, 4, TransitedEncoding.class),
+ new Asn1FieldInfo(AUTHTIME, 5, KerberosTime.class),
+ new Asn1FieldInfo(STARTTIME, 6, KerberosTime.class),
+ new Asn1FieldInfo(ENDTIME, 7, KerberosTime.class),
+ new Asn1FieldInfo(ENDTIME, 8, KerberosTime.class),
+ new Asn1FieldInfo(CADDR, 9, HostAddresses.class),
+ new Asn1FieldInfo(AUTHORIZATION_DATA, 10, AuthorizationData.class)
+ };
+
+ public EncTicketPart() {
+ super(TAG, fieldInfos);
+ }
+
+ public TicketFlags getFlags() {
+ return getFieldAs(FLAGS, TicketFlags.class);
+ }
+
+ public void setFlags(TicketFlags flags) {
+ setFieldAs(FLAGS, flags);
+ }
+
+ public EncryptionKey getKey() {
+ return getFieldAs(KEY, EncryptionKey.class);
+ }
+
+ public void setKey(EncryptionKey key) {
+ setFieldAs(KEY, key);
+ }
+
+ public String getCrealm() {
+ return getFieldAsString(CREALM);
+ }
+
+ public void setCrealm(String crealm) {
+ setFieldAsString(CREALM, crealm);
+ }
+
+ public PrincipalName getCname() {
+ return getFieldAs(CNAME, PrincipalName.class);
+ }
+
+ public void setCname(PrincipalName cname) {
+ setFieldAs(CNAME, cname);
+ }
+
+ public TransitedEncoding getTransited() {
+ return getFieldAs(TRANSITED, TransitedEncoding.class);
+ }
+
+ public void setTransited(TransitedEncoding transited) {
+ setFieldAs(TRANSITED, transited);
+ }
+
+ public KerberosTime getAuthTime() {
+ return getFieldAs(AUTHTIME, KerberosTime.class);
+ }
+
+ public void setAuthTime(KerberosTime authTime) {
+ setFieldAs(AUTHTIME, authTime);
+ }
+
+ public KerberosTime getStartTime() {
+ return getFieldAs(STARTTIME, KerberosTime.class);
+ }
+
+ public void setStartTime(KerberosTime startTime) {
+ setFieldAs(STARTTIME, startTime);
+ }
+
+ public KerberosTime getEndTime() {
+ return getFieldAs(ENDTIME, KerberosTime.class);
+ }
+
+ public void setEndTime(KerberosTime endTime) {
+ setFieldAs(ENDTIME, endTime);
+ }
+
+ public KerberosTime getRenewtill() {
+ return getFieldAs(RENEW_TILL, KerberosTime.class);
+ }
+
+ public void setRenewtill(KerberosTime renewtill) {
+ setFieldAs(RENEW_TILL, renewtill);
+ }
+
+ public HostAddresses getClientAddresses() {
+ return getFieldAs(CADDR, HostAddresses.class);
+ }
+
+ public void setClientAddresses(HostAddresses clientAddresses) {
+ setFieldAs(CADDR, clientAddresses);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return getFieldAs(AUTHORIZATION_DATA, AuthorizationData.class);
+ }
+
+ public void setAuthorizationData(AuthorizationData authorizationData) {
+ setFieldAs(AUTHORIZATION_DATA, authorizationData);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
new file mode 100644
index 0000000..f081b41
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.kerberos.kerb.spec.kdc.EncTgsRepPart;
+
+public class ServiceTicket extends AbstractServiceTicket {
+ public ServiceTicket(Ticket ticket, EncTgsRepPart encKdcRepPart) {
+ super(ticket, encKdcRepPart);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
new file mode 100644
index 0000000..a530856
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.kdc.EncAsRepPart;
+
+public class TgtTicket extends AbstractServiceTicket {
+ private PrincipalName clientPrincipal;
+
+ public TgtTicket(Ticket ticket, EncAsRepPart encKdcRepPart, String clientPrincipal) {
+ super(ticket, encKdcRepPart);
+ this.clientPrincipal = new PrincipalName(clientPrincipal);
+ }
+
+ public PrincipalName getClientPrincipal() {
+ return clientPrincipal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Ticket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Ticket.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Ticket.java
new file mode 100644
index 0000000..543b02d
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Ticket.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.KrbConstant;
+import org.apache.kerby.kerberos.kerb.spec.KerberosString;
+import org.apache.kerby.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+
+/**
+ Ticket ::= [APPLICATION 1] SEQUENCE {
+ tkt-vno [0] INTEGER (5),
+ realm [1] Realm,
+ sname [2] PrincipalName,
+ enc-part [3] EncryptedData -- EncTicketPart
+ }
+ */
+public class Ticket extends KrbAppSequenceType {
+ public static final int TKT_KVNO = KrbConstant.KRB_V5;
+ public static final int TAG = 1;
+
+ private static int TKT_VNO = 0;
+ private static int REALM = 1;
+ private static int SNAME = 2;
+ private static int ENC_PART = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TKT_VNO, 0, Asn1Integer.class),
+ new Asn1FieldInfo(REALM, 1, KerberosString.class),
+ new Asn1FieldInfo(SNAME, 2, PrincipalName.class),
+ new Asn1FieldInfo(ENC_PART, 3, EncryptedData.class)
+ };
+
+ public Ticket() {
+ super(TAG, fieldInfos);
+ setTktKvno(TKT_KVNO);
+ }
+
+ private EncTicketPart encPart;
+
+ public int getTktvno() {
+ return getFieldAsInt(TKT_VNO);
+ }
+
+ public void setTktKvno(int kvno) {
+ setFieldAsInt(TKT_VNO, kvno);
+ }
+ public PrincipalName getSname() {
+ return getFieldAs(SNAME, PrincipalName.class);
+ }
+
+ public void setSname(PrincipalName sname) {
+ setFieldAs(SNAME, sname);
+ }
+
+ public String getRealm() {
+ return getFieldAsString(REALM);
+ }
+
+ public void setRealm(String realm) {
+ setFieldAs(REALM, new KerberosString(realm));
+ }
+
+ public EncryptedData getEncryptedEncPart() {
+ return getFieldAs(ENC_PART, EncryptedData.class);
+ }
+
+ public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
+ setFieldAs(ENC_PART, encryptedEncPart);
+ }
+
+ public EncTicketPart getEncPart() {
+ return encPart;
+ }
+
+ public void setEncPart(EncTicketPart encPart) {
+ this.encPart = encPart;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlag.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlag.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlag.java
new file mode 100644
index 0000000..b9de3c8
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlag.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbEnum;
+
+public enum TicketFlag implements KrbEnum {
+ NONE(-1),
+ FORWARDABLE(0x40000000),
+ FORWARDED(0x20000000),
+ PROXIABLE(0x10000000),
+ PROXY(0x08000000),
+ MAY_POSTDATE(0x04000000),
+ POSTDATED(0x02000000),
+ INVALID(0x01000000),
+ RENEWABLE(0x00800000),
+ INITIAL(0x00400000),
+ PRE_AUTH(0x00200000),
+ HW_AUTH(0x00100000),
+ TRANSIT_POLICY_CHECKED( 0x00080000),
+ OK_AS_DELEGATE(0x00040000),
+ ENC_PA_REP(0x00010000),
+ ANONYMOUS(0x00008000);
+
+ private final int value;
+
+ private TicketFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static TicketFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (TicketFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlags.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlags.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlags.java
new file mode 100644
index 0000000..4bbadf2
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TicketFlags.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbFlags;
+
+import static org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlag.INVALID;
+
+public class TicketFlags extends KrbFlags {
+
+ public TicketFlags() {
+ this(0);
+ }
+
+ public TicketFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isInvalid() {
+ return isFlagSet(INVALID.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Tickets.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Tickets.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Tickets.java
new file mode 100644
index 0000000..a7acef0
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/Tickets.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ticket;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ SEQUENCE OF Ticket
+ */
+public class Tickets extends KrbSequenceOfType<Ticket> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/AlgorithmIdentifier.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/AlgorithmIdentifier.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/AlgorithmIdentifier.java
new file mode 100644
index 0000000..369b99a
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/AlgorithmIdentifier.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.x509;
+
+import org.apache.kerby.asn1.type.*;
+
+/**
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL
+ }
+ */
+public class AlgorithmIdentifier extends Asn1SequenceType {
+ private static int ALGORITHM = 0;
+ private static int PARAMETERS = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ALGORITHM, -1, Asn1ObjectIdentifier.class),
+ new Asn1FieldInfo(PARAMETERS, -1, Asn1Any.class)
+ };
+
+ public AlgorithmIdentifier() {
+ super(fieldInfos);
+ }
+
+ public Asn1ObjectIdentifier getAlgorithm() {
+ return getFieldAs(ALGORITHM, Asn1ObjectIdentifier.class);
+ }
+
+ public void setAlgorithm(Asn1ObjectIdentifier algorithm) {
+ setFieldAs(ALGORITHM, algorithm);
+ }
+
+ public Asn1Type getParameters() {
+ return getFieldAsAny(PARAMETERS);
+ }
+
+ public void setParameters(Asn1Type parameters) {
+ setFieldAsAny(PARAMETERS, parameters);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java
new file mode 100644
index 0000000..f69345f
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.x509;
+
+import org.apache.kerby.asn1.type.Asn1BitString;
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
+/**
+ SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING
+ }
+ */
+public class SubjectPublicKeyInfo extends Asn1SequenceType {
+ private static int ALGORITHM = 0;
+ private static int SUBJECT_PUBLIC_KEY = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ALGORITHM, -1, AlgorithmIdentifier.class),
+ new Asn1FieldInfo(SUBJECT_PUBLIC_KEY, -1, Asn1BitString.class)
+ };
+
+ public SubjectPublicKeyInfo() {
+ super(fieldInfos);
+ }
+
+ public AlgorithmIdentifier getAlgorithm() {
+ return getFieldAs(ALGORITHM, AlgorithmIdentifier.class);
+ }
+
+ public void setAlgorithm(AlgorithmIdentifier algorithm) {
+ setFieldAs(ALGORITHM, algorithm);
+ }
+
+ public byte[] getSubjectPubKey() {
+ return getFieldAsOctets(SUBJECT_PUBLIC_KEY);
+ }
+
+ public void setSubjectPubKey(byte[] subjectPubKey) {
+ setFieldAs(SUBJECT_PUBLIC_KEY, new Asn1BitString(subjectPubKey));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/pom.xml b/kerby-kerb/kerb-crypto/pom.xml
new file mode 100644
index 0000000..ed7e8f5
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/pom.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-crypto</artifactId>
+
+ <name>Kerby-kerb Crypto</name>
+ <description>Kerby-kerb Crypto facility</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-util</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
new file mode 100644
index 0000000..76d6a61
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+
+import java.util.Arrays;
+
+public abstract class AbstractCryptoTypeHandler implements CryptoTypeHandler {
+
+ private EncryptProvider encProvider;
+ private HashProvider hashProvider;
+
+ public AbstractCryptoTypeHandler(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ this.encProvider = encProvider;
+ this.hashProvider = hashProvider;
+ }
+
+ @Override
+ public EncryptProvider encProvider() {
+ return encProvider;
+ }
+
+ @Override
+ public HashProvider hashProvider() {
+ return hashProvider;
+ }
+
+ protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2) {
+ return Arrays.equals(cksum1, cksum2);
+ }
+
+ protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2, int cksum2Start, int len) {
+ if (cksum1 == cksum2)
+ return true;
+ if (cksum1 == null || cksum2 == null)
+ return false;
+
+ if (len <= cksum2.length && len <= cksum1.length) {
+ for (int i = 0; i < len; i++)
+ if (cksum1[i] != cksum2[cksum2Start + i])
+ return false;
+ } else {
+ return false;
+ }
+
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/BytesUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/BytesUtil.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/BytesUtil.java
new file mode 100644
index 0000000..43ddfe8
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/BytesUtil.java
@@ -0,0 +1,183 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+public class BytesUtil {
+
+ public static short bytes2short(byte[] bytes, int offset, boolean bigEndian) {
+ short val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 8;
+ val += (bytes[offset + 1] & 0xff);
+ } else {
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static short bytes2short(byte[] bytes, boolean bigEndian) {
+ return bytes2short(bytes, 0, bigEndian);
+ }
+
+ public static byte[] short2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[2];
+
+ short2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void short2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 1] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val ) & 0xff);
+ }
+ }
+
+ public static int bytes2int(byte[] bytes, boolean bigEndian) {
+ return bytes2int(bytes, 0, bigEndian);
+ }
+
+ public static int bytes2int(byte[] bytes, int offset, boolean bigEndian) {
+ int val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 24;
+ val += (bytes[offset + 1] & 0xff) << 16;
+ val += (bytes[offset + 2] & 0xff) << 8;
+ val += (bytes[offset + 3] & 0xff);
+ } else {
+ val += (bytes[offset + 3] & 0xff) << 24;
+ val += (bytes[offset + 2] & 0xff) << 16;
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static byte[] int2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[4];
+
+ int2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void int2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 3] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 3] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val) & 0xff);
+ }
+ }
+
+ public static byte[] long2bytes(long val, boolean bigEndian) {
+ byte[] bytes = new byte[8];
+ long2bytes(val, bytes, 0, bigEndian);
+ return bytes;
+ }
+
+ public static void long2bytes(long val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> ((7 - i) * 8)) & 0xffL);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> (i * 8)) & 0xffL);
+ }
+ }
+ }
+
+ public static long bytes2long(byte[] bytes, boolean bigEndian) {
+ return bytes2long(bytes, 0, bigEndian);
+ }
+
+ public static long bytes2long(byte[] bytes, int offset, boolean bigEndian) {
+ long val = 0;
+
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << ((7 - i) * 8);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << (i * 8);
+ }
+ }
+
+ return val;
+ }
+
+ public static byte[] padding(byte[] data, int block) {
+ int len = data.length;
+ int paddingLen = len % block != 0 ? 8 - len % block : 0;
+ if (paddingLen == 0) {
+ return data;
+ }
+
+ byte[] result = new byte[len + + paddingLen];
+ System.arraycopy(data, 0, result, 0, len);
+ return result;
+ }
+
+ public static byte[] duplicate(byte[] bytes) {
+ return duplicate(bytes, 0, bytes.length);
+ }
+
+ public static byte[] duplicate(byte[] bytes, int offset, int len) {
+ byte[] dup = new byte[len];
+ System.arraycopy(bytes, offset, dup, 0, len);
+ return dup;
+ }
+
+ public static void xor(byte[] input, int offset, byte[] output) {
+ int a, b;
+ for (int i = 0; i < output.length / 4; ++i) {
+ a = BytesUtil.bytes2int(input, offset + i * 4, true);
+ b = BytesUtil.bytes2int(output, i * 4, true);
+ b = a ^ b;
+ BytesUtil.int2bytes(b, output, i * 4, true);
+ }
+ }
+
+ public static void xor(byte[] a, byte[] b, byte[] output) {
+ int av, bv, v;
+ for (int i = 0; i < a.length / 4; ++i) {
+ av = BytesUtil.bytes2int(a, i * 4, true);
+ bv = BytesUtil.bytes2int(b, i * 4, true);
+ v = av ^ bv;
+ BytesUtil.int2bytes(v, output, i * 4, true);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Camellia.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Camellia.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Camellia.java
new file mode 100644
index 0000000..3737e9d
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Camellia.java
@@ -0,0 +1,250 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
+ *
+ * This is based on CamelliaEngine.java from bouncycastle library.
+ */
+
+public class Camellia {
+ private static final int BLOCK_SIZE = 16;
+ private int[] state = new int[4]; // for encryption and decryption
+
+ private CamelliaKey camKey;
+
+ public void setKey(boolean forEncryption, byte[] key) {
+ camKey = new CamelliaKey(key, forEncryption);
+ }
+
+ private void process128Block(byte[] in, int inOff,
+ byte[] out, int outOff) {
+ for (int i = 0; i < 4; i++) {
+ state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
+ state[i] ^= camKey.kw[i];
+ }
+
+ camKey.f2(state, camKey.subkey, 0);
+ camKey.f2(state, camKey.subkey, 4);
+ camKey.f2(state, camKey.subkey, 8);
+ camKey.fls(state, camKey.ke, 0);
+ camKey.f2(state, camKey.subkey, 12);
+ camKey.f2(state, camKey.subkey, 16);
+ camKey.f2(state, camKey.subkey, 20);
+ camKey.fls(state, camKey.ke, 4);
+ camKey.f2(state, camKey.subkey, 24);
+ camKey.f2(state, camKey.subkey, 28);
+ camKey.f2(state, camKey.subkey, 32);
+
+ state[2] ^= camKey.kw[4];
+ state[3] ^= camKey.kw[5];
+ state[0] ^= camKey.kw[6];
+ state[1] ^= camKey.kw[7];
+
+ BytesUtil.int2bytes(state[2], out, outOff, true);
+ BytesUtil.int2bytes(state[3], out, outOff + 4, true);
+ BytesUtil.int2bytes(state[0], out, outOff + 8, true);
+ BytesUtil.int2bytes(state[1], out, outOff + 12, true);
+ }
+
+ private void processBlockLargerBlock(byte[] in, int inOff,
+ byte[] out, int outOff) {
+ for (int i = 0; i < 4; i++) {
+ state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
+ state[i] ^= camKey.kw[i];
+ }
+
+ camKey.f2(state, camKey.subkey, 0);
+ camKey.f2(state, camKey.subkey, 4);
+ camKey.f2(state, camKey.subkey, 8);
+ camKey.fls(state, camKey.ke, 0);
+ camKey.f2(state, camKey.subkey, 12);
+ camKey.f2(state, camKey.subkey, 16);
+ camKey.f2(state, camKey.subkey, 20);
+ camKey.fls(state, camKey.ke, 4);
+ camKey.f2(state, camKey.subkey, 24);
+ camKey.f2(state, camKey.subkey, 28);
+ camKey.f2(state, camKey.subkey, 32);
+ camKey.fls(state, camKey.ke, 8);
+ camKey.f2(state, camKey.subkey, 36);
+ camKey.f2(state, camKey.subkey, 40);
+ camKey.f2(state, camKey.subkey, 44);
+
+ state[2] ^= camKey.kw[4];
+ state[3] ^= camKey.kw[5];
+ state[0] ^= camKey.kw[6];
+ state[1] ^= camKey.kw[7];
+
+ BytesUtil.int2bytes(state[2], out, outOff, true);
+ BytesUtil.int2bytes(state[3], out, outOff + 4, true);
+ BytesUtil.int2bytes(state[0], out, outOff + 8, true);
+ BytesUtil.int2bytes(state[1], out, outOff + 12, true);
+ }
+
+ public void processBlock(byte[] in, int inOff) {
+ byte[] out = new byte[BLOCK_SIZE];
+
+ if (camKey.is128()) {
+ process128Block(in, inOff, out, 0);
+ } else {
+ processBlockLargerBlock(in, inOff, out, 0);
+ }
+
+ System.arraycopy(out, 0, in, inOff, BLOCK_SIZE);
+ }
+
+ public void encrypt(byte[] data, byte[] iv) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ byte[] cipherState = new byte[BLOCK_SIZE];
+
+ int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
+ if (blocksNum == 1) {
+ cbcEnc(data, 0, 1, cipherState);
+ return;
+ }
+
+ if (iv != null) {
+ System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
+ }
+
+ int contBlocksNum, offset = 0;
+ while (blocksNum > 2) {
+ contBlocksNum = (data.length - offset) / BLOCK_SIZE;
+ if (contBlocksNum > 0) {
+ // Encrypt a series of contiguous blocks in place if we can, but
+ // don't touch the last two blocks.
+ contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
+ cbcEnc(data, offset, contBlocksNum, cipherState);
+ offset += contBlocksNum * BLOCK_SIZE;
+ blocksNum -= contBlocksNum;
+ } else {
+ cbcEnc(data, offset, 1, cipherState);
+ offset += BLOCK_SIZE;
+ blocksNum--;
+ }
+ }
+
+ // Encrypt the last two blocks and store the results in reverse order
+ byte[] blockN2 = new byte[BLOCK_SIZE];
+ byte[] blockN1 = new byte[BLOCK_SIZE];
+
+ System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
+ cbcEnc(blockN2, 0, 1, cipherState);
+ System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
+ cbcEnc(blockN1, 0, 1, cipherState);
+
+ System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
+ System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
+
+ if (iv != null) {
+ System.arraycopy(cipherState, 0, iv, 0, BLOCK_SIZE);
+ }
+ }
+
+ public void decrypt(byte[] data, byte[] iv) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ byte[] cipherState = new byte[BLOCK_SIZE];
+
+ int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
+ if (blocksNum == 1) {
+ cbcDec(data, 0, 1, cipherState);
+ return;
+ }
+
+ if (iv != null) {
+ System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
+ }
+
+ int contBlocksNum, offset = 0;
+ while (blocksNum > 2) {
+ contBlocksNum = (data.length - offset) / BLOCK_SIZE;
+ if (contBlocksNum > 0) {
+ // Decrypt a series of contiguous blocks in place if we can, but
+ // don't touch the last two blocks.
+ contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
+ cbcDec(data, offset, contBlocksNum, cipherState);
+ offset += contBlocksNum * BLOCK_SIZE;
+ blocksNum -= contBlocksNum;
+ } else {
+ cbcDec(data, offset, 1, cipherState);
+ offset += BLOCK_SIZE;
+ blocksNum--;
+ }
+ }
+
+ // Decrypt the last two blocks
+ byte[] blockN2 = new byte[BLOCK_SIZE];
+ byte[] blockN1 = new byte[BLOCK_SIZE];
+ System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
+ System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
+ if (iv != null) {
+ System.arraycopy(blockN2, 0, iv, 0, BLOCK_SIZE);
+ }
+
+ byte[] tmpCipherState = new byte[BLOCK_SIZE];
+ System.arraycopy(blockN1, 0, tmpCipherState, 0, BLOCK_SIZE);
+ cbcDec(blockN2, 0, 1, tmpCipherState);
+ System.arraycopy(blockN2, lastBlockLen, blockN1, lastBlockLen, BLOCK_SIZE - lastBlockLen);
+ cbcDec(blockN1, 0, 1, cipherState);
+
+ System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
+ System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
+ }
+
+ /**
+ * CBC encrypt nblocks blocks of data in place, using and updating iv.
+ */
+ public void cbcEnc(byte[] data, int offset, int blocksNum, byte[] cipherState) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ for (int i = 0; i < blocksNum; ++i) {
+ System.arraycopy(data, offset + i * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
+ BytesUtil.xor(cipherState, 0, cipher);
+ processBlock(cipher, 0);
+ System.arraycopy(cipher, 0, data, offset + i * BLOCK_SIZE, BLOCK_SIZE);
+ System.arraycopy(cipher, 0, cipherState, 0, BLOCK_SIZE);
+ }
+ }
+
+ /**
+ * CBC encrypt nblocks blocks of data in place, using and updating iv.
+ */
+ public void cbcDec(byte[] data, int offset, int blocksNum, byte[] cipherState) {
+ byte[] lastBlock = new byte[BLOCK_SIZE];
+ byte[] cipher = new byte[BLOCK_SIZE];
+
+ System.arraycopy(data, offset + (blocksNum - 1) * BLOCK_SIZE, lastBlock, 0, BLOCK_SIZE);
+ for (int i = blocksNum; i > 0; i--) {
+ System.arraycopy(data, offset + (i - 1) * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
+ processBlock(cipher, 0);
+
+ if (i == 1) {
+ BytesUtil.xor(cipherState, 0, cipher);
+ } else {
+ BytesUtil.xor(data, offset + (i - 2) * BLOCK_SIZE, cipher);
+ }
+
+ System.arraycopy(cipher, 0, data, offset + (i - 1) * BLOCK_SIZE, BLOCK_SIZE);
+ }
+ System.arraycopy(lastBlock, 0, cipherState, 0, BLOCK_SIZE);
+ }
+}