You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 01:57:10 UTC
[46/50] [abbrv] directory-kerberos git commit: Many changes with
newname
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
deleted file mode 100644
index bf271f1..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.event;
-
-import org.apache.haox.event.EventType;
-
-public enum KrbClientEventType implements EventType {
- TGT_INTENT,
- TGT_RESULT,
- TKT_INTENT,
- TKT_RESULT
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
deleted file mode 100644
index 4f34181..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlag;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.Collections;
-import java.util.List;
-
-public class AbstractPreauthPlugin implements KrbPreauth {
-
- private PreauthPluginMeta pluginMeta;
- protected KrbContext context;
-
- public AbstractPreauthPlugin(PreauthPluginMeta meta) {
- this.pluginMeta = meta;
- }
-
- @Override
- public String getName() {
- return pluginMeta.getName();
- }
-
- public int getVersion() {
- return pluginMeta.getVersion();
- }
-
- public PaDataType[] getPaTypes() {
- return pluginMeta.getPaTypes();
- }
-
- public void init(KrbContext context) {
- this.context = context;
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- return null;
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException {
-
- kdcRequest.needAsKey();
- }
-
- @Override
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
- return Collections.emptyList();
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext, KrbOptions options) {
-
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext, PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- return false;
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext, PaDataType preauthType,
- PaData errPadata, PaData outPadata) {
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
- @Override
- public void destroy() {
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
deleted file mode 100644
index 82a0240..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.fast.FastOptions;
-import org.apache.kerberos.kerb.spec.fast.KrbFastArmor;
-import org.apache.kerberos.kerb.spec.kdc.KdcReq;
-
-public class FastContext {
-
- public KdcReq fastOuterRequest;
- public EncryptionKey armorKey;
- public KrbFastArmor fastArmor;
- public FastOptions fastOptions;
- public int nonce;
- public int fastFlags;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
deleted file mode 100644
index 66e1de4..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.List;
-
-/**
- * Client side preauth plugin module
- */
-public interface KrbPreauth extends PreauthPluginMeta {
-
- /**
- * Initializing preauth plugin context
- */
- public void init(KrbContext krbContext);
-
- /**
- * Initializing request context
- */
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest);
-
- /**
- * Prepare questions to prompt to you asking for credential
- */
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException;
-
- /**
- * Get supported encryption types
- */
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext);
-
- /**
- * Set krb options passed from user
- */
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions preauthOptions);
-
- /**
- * Attempt to try any initial padata derived from user options
- */
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException;
-
- /**
- * Process server returned paData and return back any result paData
- * Return true indicating padata is added
- */
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException;
-
- /**
- * When another request to server in the 4 pass, any paData to provide?
- * Return true indicating padata is added
- */
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata);
-
- /**
- * Return PA_REAL if pa_type is a real preauthentication type or PA_INFO if it is
- * an informational type.
- */
- public PaFlags getFlags(PaDataType paType);
-
- /**
- * When exiting...
- */
- public void destroy();
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
deleted file mode 100644
index 7bd55f1..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthContext {
- private boolean preauthRequired = true;
- private PaData inputPaData;
- private PaData outputPaData;
- private PaData errorPaData;
- private UserResponser userResponser = new UserResponser();
- private PaDataType selectedPaType;
- private PaDataType allowedPaType;
- private List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
- private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
-
- public PreauthContext() {
- this.selectedPaType = PaDataType.NONE;
- this.allowedPaType = PaDataType.NONE;
- this.outputPaData = new PaData();
- }
-
- public boolean isPreauthRequired() {
- return preauthRequired;
- }
-
- public void setPreauthRequired(boolean preauthRequired) {
- this.preauthRequired = preauthRequired;
- }
-
- public UserResponser getUserResponser() {
- return userResponser;
- }
-
- public boolean isPaTypeAllowed(PaDataType paType) {
- return (allowedPaType == PaDataType.NONE ||
- allowedPaType == paType);
- }
-
- public PaData getOutputPaData() throws KrbException {
- return outputPaData;
- }
-
- public boolean hasInputPaData() {
- return (inputPaData != null && ! inputPaData.isEmpty());
- }
-
- public PaData getInputPaData() {
- return inputPaData;
- }
-
- public void setInputPaData(PaData inputPaData) {
- this.inputPaData = inputPaData;
- }
-
- public PaData getErrorPaData() {
- return errorPaData;
- }
-
- public void setErrorPaData(PaData errorPaData) {
- this.errorPaData = errorPaData;
- }
-
- public void setAllowedPaType(PaDataType paType) {
- this.allowedPaType = paType;
- }
-
- public List<PreauthHandle> getHandles() {
- return handles;
- }
-
- public PaDataType getAllowedPaType() {
- return allowedPaType;
- }
-
- public boolean checkAndPutTried(PaDataType paType) {
- for (PaDataType pt : triedPaTypes) {
- if (pt == paType) {
- return true;
- }
- }
- triedPaTypes.add(paType);
- return false;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
deleted file mode 100644
index 0d594cb..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class PreauthHandle {
-
- public KrbPreauth preauth;
- public PluginRequestContext requestContext;
-
- public PreauthHandle(KrbPreauth preauth) {
- this.preauth = preauth;
- }
-
- public void initRequestContext(KdcRequest kdcRequest) {
- requestContext = preauth.initRequestContext(kdcRequest);
- }
-
- public void prepareQuestions(KdcRequest kdcRequest) throws KrbException {
- preauth.prepareQuestions(kdcRequest, requestContext);
- }
-
- public void setPreauthOptions(KdcRequest kdcRequest,
- KrbOptions preauthOptions) throws KrbException {
- preauth.setPreauthOptions(kdcRequest, requestContext, preauthOptions);
- }
-
- public void tryFirst(KdcRequest kdcRequest, PaData outPadata) throws KrbException {
- preauth.tryFirst(kdcRequest, requestContext, outPadata);
- }
-
- public boolean process(KdcRequest kdcRequest,
- PaDataEntry inPadata, PaData outPadata) throws KrbException {
- return preauth.process(kdcRequest, requestContext, inPadata, outPadata);
- }
-
- public boolean tryAgain(KdcRequest kdcRequest,
- PaDataType paType, PaData errPadata, PaData paData) {
- return preauth.tryAgain(kdcRequest, requestContext, paType, errPadata, paData);
- }
-
- public boolean isReal(PaDataType paType) {
- PaFlags paFlags = preauth.getFlags(paType);
- return paFlags.isReal();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
deleted file mode 100644
index 00048d7..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.preauth.builtin.EncTsPreauth;
-import org.apache.kerberos.kerb.client.preauth.builtin.TgtPreauth;
-import org.apache.kerberos.kerb.client.preauth.pkinit.PkinitPreauth;
-import org.apache.kerberos.kerb.client.preauth.token.TokenPreauth;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.codec.KrbCodec;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EtypeInfo;
-import org.apache.kerberos.kerb.spec.common.EtypeInfo2;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class PreauthHandler {
- private KrbContext krbContext;
- private List<KrbPreauth> preauths;
-
- public void init(KrbContext krbContext) {
- this.krbContext = krbContext;
- loadPreauthPlugins(krbContext);
- }
-
- private void loadPreauthPlugins(KrbContext context) {
- preauths = new ArrayList<KrbPreauth>();
-
- KrbPreauth preauth = new EncTsPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new TgtPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new PkinitPreauth();
- preauth.init(context);
- preauths.add(preauth);
-
- preauth = new TokenPreauth();
- preauth.init(context);
- preauths.add(preauth);
- }
-
- public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
- PreauthContext preauthContext = new PreauthContext();
- preauthContext.setPreauthRequired(krbContext.getConfig().isPreauthRequired());
- for (KrbPreauth preauth : preauths) {
- PreauthHandle handle = new PreauthHandle(preauth);
- handle.initRequestContext(kdcRequest);
- preauthContext.getHandles().add(handle);
- }
-
- return preauthContext;
- }
-
- /**
- * Process preauth inputs and options, prepare and generate pdata to be out
- */
- public void preauth(KdcRequest kdcRequest) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- if (!preauthContext.isPreauthRequired()) {
- return;
- }
-
- if (!preauthContext.hasInputPaData()) {
- tryFirst(kdcRequest, preauthContext.getOutputPaData());
- return;
- }
-
- attemptETypeInfo(kdcRequest, preauthContext.getInputPaData());
-
- setPreauthOptions(kdcRequest, kdcRequest.getPreauthOptions());
-
- prepareUserResponses(kdcRequest, preauthContext.getInputPaData());
-
- preauthContext.getUserResponser().respondQuestions();
-
- if (!kdcRequest.isRetrying()) {
- process(kdcRequest, preauthContext.getInputPaData(),
- preauthContext.getOutputPaData());
- } else {
- tryAgain(kdcRequest, preauthContext.getInputPaData(),
- preauthContext.getOutputPaData());
- }
- }
-
- public void prepareUserResponses(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PaDataEntry pae : inPadata.getElements()) {
- if (! preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
- continue;
- }
-
- PreauthHandle handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) {
- continue;
- }
-
- handle.prepareQuestions(kdcRequest);
- }
- }
-
- public void setPreauthOptions(KdcRequest kdcRequest,
- KrbOptions preauthOptions) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- handle.setPreauthOptions(kdcRequest, preauthOptions);
- }
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PaData outPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- PreauthHandle handle = findHandle(kdcRequest,
- preauthContext.getAllowedPaType());
- handle.tryFirst(kdcRequest, outPadata);
- }
-
- public void process(KdcRequest kdcRequest,
- PaData inPadata, PaData outPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- /**
- * Process all informational padata types, then the first real preauth type
- * we succeed on
- */
- for (int real = 0; real <= 1; real ++) {
- for (PaDataEntry pae : inPadata.getElements()) {
-
- // Restrict real mechanisms to the chosen one if we have one
- if (real >0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
- continue;
- }
-
- PreauthHandle handle = findHandle(kdcRequest,
- preauthContext.getAllowedPaType());
- if (handle == null) {
- continue;
- }
-
- // Make sure this type is for the current pass
- int tmpReal = handle.isReal(pae.getPaDataType()) ? 1 : 0;
- if (tmpReal != real) {
- continue;
- }
-
- if (real > 0 && preauthContext.checkAndPutTried(pae.getPaDataType())) {
- continue;
- }
-
- boolean gotData = handle.process(kdcRequest, pae, outPadata);
- if (real > 0 && gotData) {
- return;
- }
- }
- }
- }
-
- public void tryAgain(KdcRequest kdcRequest,
- PaData inPadata, PaData outPadata) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- PreauthHandle handle;
- for (PaDataEntry pae : inPadata.getElements()) {
- handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) continue;
-
- boolean gotData = handle.tryAgain(kdcRequest,
- pae.getPaDataType(), preauthContext.getErrorPaData(), outPadata);
- }
- }
-
- public void destroy() {
- for (KrbPreauth preauth : preauths) {
- preauth.destroy();
- }
- }
-
- private PreauthHandle findHandle(KdcRequest kdcRequest,
- PaDataType paType) {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- for (PreauthHandle handle : preauthContext.getHandles()) {
- for (PaDataType pt : handle.preauth.getPaTypes()) {
- if (pt == paType) {
- return handle;
- }
- }
- }
- return null;
- }
-
- private void attemptETypeInfo(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
- PreauthContext preauthContext = kdcRequest.getPreauthContext();
-
- // Find an etype-info2 or etype-info element in padata
- EtypeInfo etypeInfo = null;
- EtypeInfo2 etypeInfo2 = null;
- PaDataEntry pae = inPadata.findEntry(PaDataType.ETYPE_INFO);
- if (pae != null) {
- etypeInfo = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo.class);
- } else {
- pae = inPadata.findEntry(PaDataType.ETYPE_INFO2);
- if (pae != null) {
- etypeInfo2 = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo2.class);
- }
- }
-
- if (etypeInfo == null && etypeInfo2 == null) {
- attemptSalt(kdcRequest, inPadata);
- }
- }
-
- private void attemptSalt(KdcRequest kdcRequest,
- PaData inPadata) throws KrbException {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
deleted file mode 100644
index bd30bf6..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-public class UserResponseItem {
- protected String question;
- protected String challenge;
- protected String answer;
-
- public UserResponseItem(String question, String challenge) {
- this.question = question;
- this.challenge = challenge;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
deleted file mode 100644
index 1b9ae9f..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class UserResponser {
-
- private List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
-
- /**
- * Let customize an interface like CMD or WEB UI to selectively respond all the questions
- */
- public void respondQuestions() {
- // TODO
- }
-
- public UserResponseItem findQuestion(String question) {
- for (UserResponseItem ri : items) {
- if (ri.question.equals(question)) {
- return ri;
- }
- }
- return null;
- }
-
- public void askQuestion(String question, String challenge) {
- UserResponseItem ri = findQuestion(question);
- if (ri == null) {
- items.add(new UserResponseItem(question, challenge));
- } else {
- ri.challenge = challenge;
- }
- }
-
- public String getChallenge(String question) {
- UserResponseItem ri = findQuestion(question);
- if (ri != null) {
- return ri.challenge;
- }
- return null;
- }
-
- public void setAnswer(String question, String answer) {
- UserResponseItem ri = findQuestion(question);
- if (ri == null) {
- throw new IllegalArgumentException("Question isn't exist for the answer");
- }
- ri.answer = answer;
- }
-
- public String getAnswer(String question) {
- UserResponseItem ri = findQuestion(question);
- if (ri != null) {
- return ri.answer;
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
deleted file mode 100644
index b04e09f..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.builtin;
-
-import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerberos.kerb.preauth.PaFlag;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.builtin.EncTsPreauthMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptedData;
-import org.apache.kerberos.kerb.spec.common.KeyUsage;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerberos.kerb.spec.pa.PaEncTsEnc;
-
-public class EncTsPreauth extends AbstractPreauthPlugin {
-
- public EncTsPreauth() {
- super(new EncTsPreauthMeta());
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) throws KrbException {
-
- kdcRequest.needAsKey();
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- if (kdcRequest.getAsKey() == null) {
- kdcRequest.needAsKey();
- }
- outPadata.addElement(makeEntry(kdcRequest));
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- if (kdcRequest.getAsKey() == null) {
- kdcRequest.needAsKey();
- }
- outPadata.addElement(makeEntry(kdcRequest));
-
- return true;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
- private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
- PaEncTsEnc paTs = new PaEncTsEnc();
- paTs.setPaTimestamp(kdcRequest.getPreauthTime());
-
- EncryptedData paDataValue = EncryptionUtil.seal(paTs,
- kdcRequest.getAsKey(), KeyUsage.AS_REQ_PA_ENC_TS);
- PaDataEntry tsPaEntry = new PaDataEntry();
- tsPaEntry.setPaDataType(PaDataType.ENC_TIMESTAMP);
- tsPaEntry.setPaDataValue(paDataValue.encode());
-
- return tsPaEntry;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
deleted file mode 100644
index 19459d0..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.builtin;
-
-import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.client.request.TgsRequest;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.builtin.TgtPreauthMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class TgtPreauth extends AbstractPreauthPlugin {
-
- public TgtPreauth() {
- super(new TgtPreauthMeta());
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- outPadata.addElement(makeEntry(kdcRequest));
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- outPadata.addElement(makeEntry(kdcRequest));
-
- return true;
- }
-
- private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
-
- TgsRequest tgsRequest = (TgsRequest) kdcRequest;
-
- PaDataEntry paEntry = new PaDataEntry();
- paEntry.setPaDataType(PaDataType.TGS_REQ);
- paEntry.setPaDataValue(tgsRequest.getApReq().encode());
-
- return paEntry;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
deleted file mode 100644
index 820eafd..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.pkinit;
-
-import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
-import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
-
-public class PkinitContext {
-
- public PluginOpts pluginOpts = new PluginOpts();
- public IdentityOpts identityOpts = new IdentityOpts();
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
deleted file mode 100644
index 178dbba..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ /dev/null
@@ -1,233 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.pkinit;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOption;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlag;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.pkinit.PkinitIdenity;
-import org.apache.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerberos.kerb.spec.pa.pkinit.*;
-import org.apache.kerberos.kerb.spec.x509.SubjectPublicKeyInfo;
-
-public class PkinitPreauth extends AbstractPreauthPlugin {
-
- private PkinitContext pkinitContext;
-
- public PkinitPreauth() {
- super(new PkinitPreauthMeta());
- }
-
- @Override
- public void init(KrbContext context) {
- super.init(context);
- this.pkinitContext = new PkinitContext();
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- PkinitRequestContext reqCtx = new PkinitRequestContext();
-
- reqCtx.updateRequestOpts(pkinitContext.pluginOpts);
-
- return reqCtx;
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions options) {
- if (options.contains(KrbOption.PKINIT_X509_IDENTITY)) {
- pkinitContext.identityOpts.identity =
- options.getStringOption(KrbOption.PKINIT_X509_IDENTITY);
- }
-
- if (options.contains(KrbOption.PKINIT_X509_ANCHORS)) {
- pkinitContext.identityOpts.anchors.add(
- options.getStringOption(KrbOption.PKINIT_X509_ANCHORS));
- }
-
- if (options.contains(KrbOption.PKINIT_USING_RSA)) {
- pkinitContext.pluginOpts.usingRsa =
- options.getBooleanOption(KrbOption.PKINIT_USING_RSA);
- }
-
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
-
- if (!reqCtx.identityInitialized) {
- PkinitIdenity.initialize(reqCtx.identityOpts, kdcRequest.getClientPrincipal());
- reqCtx.identityInitialized = true;
- }
-
- // Might have questions asking for password to access the private key
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
- if (inPadata == null) return false;
-
- boolean processingRequest = false;
- switch (inPadata.getPaDataType()) {
- case PK_AS_REQ:
- processingRequest = true;
- break;
- case PK_AS_REP:
- break;
- }
-
- if (processingRequest) {
- generateRequest(reqCtx, kdcRequest, outPadata);
- } else {
- EncryptionType encType = kdcRequest.getEncType();
- processReply(kdcRequest, reqCtx, inPadata, encType);
- }
-
- return false;
- }
-
- private void generateRequest(PkinitRequestContext reqCtx, KdcRequest kdcRequest,
- PaData outPadata) {
-
- }
-
- private PaPkAsReq makePaPkAsReq(PkinitContext pkinitContext, PkinitRequestContext reqCtx,
- KerberosTime ctime, int cusec, int nonce, byte[] checksum,
- PrincipalName client, PrincipalName server) {
-
- PaPkAsReq paPkAsReq = new PaPkAsReq();
- AuthPack authPack = new AuthPack();
- SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo();
- PkAuthenticator pkAuthen = new PkAuthenticator();
-
- boolean usingRsa = reqCtx.requestOpts.usingRsa;
- PaDataType paType = reqCtx.paType = PaDataType.PK_AS_REQ;
-
- pkAuthen.setCtime(ctime);
- pkAuthen.setCusec(cusec);
- pkAuthen.setNonce(nonce);
- pkAuthen.setPaChecksum(checksum);
-
- authPack.setPkAuthenticator(pkAuthen);
- DHNonce dhNonce = new DHNonce();
- authPack.setClientDhNonce(dhNonce);
- authPack.setClientPublicValue(pubInfo);
-
- authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
-
- if (usingRsa) {
- // DH case
- } else {
- authPack.setClientPublicValue(null);
- }
-
- byte[] signedAuthPack = signAuthPack(pkinitContext, reqCtx, authPack);
- paPkAsReq.setSignedAuthPack(signedAuthPack);
-
- TrustedCertifiers trustedCertifiers = pkinitContext.pluginOpts.createTrustedCertifiers();
- paPkAsReq.setTrustedCertifiers(trustedCertifiers);
-
- byte[] kdcPkId = pkinitContext.pluginOpts.createIssuerAndSerial();
- paPkAsReq.setKdcPkId(kdcPkId);
-
- return paPkAsReq;
- }
-
- private byte[] signAuthPack(PkinitContext pkinitContext,
- PkinitRequestContext reqCtx, AuthPack authPack) {
- return null;
- }
-
- private void processReply(KdcRequest kdcRequest,
- PkinitRequestContext reqCtx,
- PaDataEntry inPadata,
- EncryptionType encType) {
-
- EncryptionKey asKey = null;
-
- // TODO
-
- kdcRequest.setAsKey(asKey);
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata) {
-
- PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
- if (reqCtx.paType != preauthType && errPadata == null) {
- return false;
- }
-
- boolean doAgain = false;
- for (PaDataEntry pde : errPadata.getElements()) {
- switch (pde.getPaDataType()) {
- // TODO
- }
- }
-
- if (doAgain) {
- generateRequest(reqCtx, kdcRequest, outPadata);
- }
-
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
deleted file mode 100644
index 94d10d2..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.pkinit;
-
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
-import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class PkinitRequestContext implements PluginRequestContext {
-
- public PkinitRequestOpts requestOpts = new PkinitRequestOpts();
- public IdentityOpts identityOpts = new IdentityOpts();
- public boolean doIdentityMatching;
- public PaDataType paType;
- public boolean rfc6112Kdc;
- public boolean identityInitialized;
- public boolean identityPrompted;
-
- public void updateRequestOpts(PluginOpts pluginOpts) {
- requestOpts.requireEku = pluginOpts.requireEku;
- requestOpts.acceptSecondaryEku = pluginOpts.acceptSecondaryEku;
- requestOpts.allowUpn = pluginOpts.allowUpn;
- requestOpts.usingRsa = pluginOpts.usingRsa;
- requestOpts.requireCrlChecking = pluginOpts.requireCrlChecking;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java
deleted file mode 100644
index be803c9..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.pkinit;
-
-public class PkinitRequestOpts {
-
- // From MIT Krb5 _pkinit_plg_opts
-
- // require EKU checking (default is true)
- public boolean requireEku = true;
- // accept secondary EKU (default is false)
- public boolean acceptSecondaryEku = false;
- // allow UPN-SAN instead of pkinit-SAN
- public boolean allowUpn = true;
- // selects DH or RSA based pkinit
- public boolean usingRsa = true;
- // require CRL for a CA (default is false)
- public boolean requireCrlChecking = false;
- // initial request DH modulus size (default=1024)
- public int dhSize = 1024;
-
- public boolean requireHostnameMatch = true;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java
deleted file mode 100644
index 12320df..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.token;
-
-import org.haox.token.KerbToken;
-
-public class TokenContext {
-
- public boolean usingIdToken = true;
- public KerbToken token = null;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java
deleted file mode 100644
index ec614e7..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.token;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOption;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.client.request.KdcRequest;
-import org.apache.kerberos.kerb.preauth.PaFlag;
-import org.apache.kerberos.kerb.preauth.PaFlags;
-import org.apache.kerberos.kerb.preauth.token.TokenPreauthMeta;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.haox.token.KerbToken;
-
-import java.util.Collections;
-import java.util.List;
-
-public class TokenPreauth extends AbstractPreauthPlugin {
-
- private TokenContext tokenContext;
-
- public TokenPreauth() {
- super(new TokenPreauthMeta());
- }
-
- public void init(KrbContext context) {
- super.init(context);
- this.tokenContext = new TokenContext();
- }
-
- @Override
- public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
- TokenRequestContext reqCtx = new TokenRequestContext();
-
- return reqCtx;
- }
-
- @Override
- public void prepareQuestions(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
-
- }
-
- @Override
- public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
- PluginRequestContext requestContext) {
- return Collections.emptyList();
- }
-
- @Override
- public void setPreauthOptions(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- KrbOptions options) {
-
- tokenContext.usingIdToken = options.getBooleanOption(KrbOption.TOKEN_USING_IDTOKEN);
- if (tokenContext.usingIdToken) {
- if (options.contains(KrbOption.TOKEN_USER_ID_TOKEN)) {
- tokenContext.token =
- (KerbToken) options.getOptionValue(KrbOption.TOKEN_USER_ID_TOKEN);
- }
- } else {
- if (options.contains(KrbOption.TOKEN_USER_AC_TOKEN)) {
- tokenContext.token =
- (KerbToken) options.getOptionValue(KrbOption.TOKEN_USER_AC_TOKEN);
- }
- }
-
- }
-
- public void tryFirst(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaData outPadata) throws KrbException {
-
- }
-
- @Override
- public boolean process(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataEntry inPadata,
- PaData outPadata) throws KrbException {
-
- return false;
- }
-
- @Override
- public boolean tryAgain(KdcRequest kdcRequest,
- PluginRequestContext requestContext,
- PaDataType preauthType,
- PaData errPadata,
- PaData outPadata) {
- return false;
- }
-
- @Override
- public PaFlags getFlags(PaDataType paType) {
- PaFlags paFlags = new PaFlags(0);
- paFlags.setFlag(PaFlag.PA_REAL);
-
- return paFlags;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java
deleted file mode 100644
index 02697ee..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.preauth.token;
-
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class TokenRequestContext implements PluginRequestContext {
-
- public boolean doIdentityMatching;
- public PaDataType paType;
- public boolean identityInitialized;
- public boolean identityPrompted;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java
deleted file mode 100644
index f3d0079..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.request;
-
-import org.apache.kerberos.kerb.KrbErrorCode;
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.KrbConstant;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.*;
-import org.apache.kerberos.kerb.spec.kdc.*;
-import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
-
-import java.io.IOException;
-import java.util.List;
-
-public class AsRequest extends KdcRequest {
-
- private PrincipalName clientPrincipal;
- private EncryptionKey clientKey;
-
- public AsRequest(KrbContext context) {
- super(context);
-
- setServerPrincipal(makeTgsPrincipal());
- }
-
- public PrincipalName getClientPrincipal() {
- return clientPrincipal;
- }
-
- public void setClientPrincipal(PrincipalName clientPrincipal) {
- this.clientPrincipal = clientPrincipal;
- }
-
- public void setClientKey(EncryptionKey clientKey) {
- this.clientKey = clientKey;
- }
-
- public EncryptionKey getClientKey() throws KrbException {
- return clientKey;
- }
-
- @Override
- public void process() throws KrbException {
- super.process();
-
- KdcReqBody body = makeReqBody();
-
- AsReq asReq = new AsReq();
- asReq.setReqBody(body);
- asReq.setPaData(getPreauthContext().getOutputPaData());
-
- setKdcReq(asReq);
- }
-
- @Override
- public void processResponse(KdcRep kdcRep) throws KrbException {
- setKdcRep(kdcRep);
-
- PrincipalName clientPrincipal = getKdcRep().getCname();
- String clientRealm = getKdcRep().getCrealm();
- clientPrincipal.setRealm(clientRealm);
- if (! clientPrincipal.equals(getClientPrincipal())) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_NAME_MISMATCH);
- }
-
- byte[] decryptedData = decryptWithClientKey(getKdcRep().getEncryptedEncPart(),
- KeyUsage.AS_REP_ENCPART);
- EncKdcRepPart encKdcRepPart = new EncAsRepPart();
- try {
- encKdcRepPart.decode(decryptedData);
- } catch (IOException e) {
- throw new KrbException("Failed to decode EncAsRepPart", e);
- }
- getKdcRep().setEncPart(encKdcRepPart);
-
- if (getChosenNonce() != encKdcRepPart.getNonce()) {
- throw new KrbException("Nonce didn't match");
- }
-
- PrincipalName serverPrincipal = encKdcRepPart.getSname();
- serverPrincipal.setRealm(encKdcRepPart.getSrealm());
- if (! serverPrincipal.equals(getServerPrincipal())) {
- throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
- }
-
- HostAddresses hostAddresses = getHostAddresses();
- if (hostAddresses != null) {
- List<HostAddress> requestHosts = hostAddresses.getElements();
- if (!requestHosts.isEmpty()) {
- List<HostAddress> responseHosts = encKdcRepPart.getCaddr().getElements();
- for (HostAddress h : requestHosts) {
- if (!responseHosts.contains(h)) {
- throw new KrbException("Unexpected client host");
- }
- }
- }
- }
- }
-
- public TgtTicket getTicket() {
- TgtTicket TgtTicket = new TgtTicket(getKdcRep().getTicket(),
- (EncAsRepPart) getKdcRep().getEncPart(), getKdcRep().getCname().getName());
- return TgtTicket;
- }
-
- private PrincipalName makeTgsPrincipal() {
- return new PrincipalName(KrbConstant.TGS_PRINCIPAL + "@" + getContext().getKdcRealm());
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java
deleted file mode 100644
index ac808c2..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.request;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOption;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class AsRequestWithCert extends AsRequest {
-
- public static final String ANONYMOUS_PRINCIPAL = "ANONYMOUS@WELLKNOWN:ANONYMOUS";
-
- public AsRequestWithCert(KrbContext context) {
- super(context);
-
- setAllowedPreauth(PaDataType.PK_AS_REQ);
- }
-
- @Override
- public void process() throws KrbException {
- throw new RuntimeException("To be implemented");
- }
-
- @Override
- public KrbOptions getPreauthOptions() {
- KrbOptions results = new KrbOptions();
-
- KrbOptions krbOptions = getKrbOptions();
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_CERTIFICATE));
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_ANCHORS));
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_PRIVATE_KEY));
- results.add(krbOptions.getOption(KrbOption.PKINIT_X509_IDENTITY));
- results.add(krbOptions.getOption(KrbOption.PKINIT_USING_RSA));
-
- return results;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java
deleted file mode 100644
index 7a97b33..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.request;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOption;
-import org.apache.kerberos.kerb.crypto.EncryptionHandler;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class AsRequestWithPasswd extends AsRequest {
-
- public AsRequestWithPasswd(KrbContext context) {
- super(context);
-
- setAllowedPreauth(PaDataType.ENC_TIMESTAMP);
- }
-
- public String getPassword() {
- return getKrbOptions().getStringOption(KrbOption.USER_PASSWD);
- }
-
- @Override
- public EncryptionKey getClientKey() throws KrbException {
- if (super.getClientKey() == null) {
- EncryptionKey tmpKey = EncryptionHandler.string2Key(getClientPrincipal().getName(),
- getPassword(), getChosenEncryptionType());
- setClientKey(tmpKey);
- }
- return super.getClientKey();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java
deleted file mode 100644
index 9c73937..0000000
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.client.request;
-
-import org.apache.kerberos.kerb.client.KrbContext;
-import org.apache.kerberos.kerb.client.KrbOption;
-import org.apache.kerberos.kerb.client.KrbOptions;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class AsRequestWithToken extends AsRequest {
-
- public AsRequestWithToken(KrbContext context) {
- super(context);
-
- setAllowedPreauth(PaDataType.TOKEN_REQUEST);
- }
-
- @Override
- public void process() throws KrbException {
- throw new RuntimeException("To be implemented");
- }
-
- @Override
- public KrbOptions getPreauthOptions() {
- KrbOptions results = new KrbOptions();
-
- KrbOptions krbOptions = getKrbOptions();
- results.add(krbOptions.getOption(KrbOption.TOKEN_USING_IDTOKEN));
- results.add(krbOptions.getOption(KrbOption.TOKEN_USER_ID_TOKEN));
- results.add(krbOptions.getOption(KrbOption.TOKEN_USER_AC_TOKEN));
-
- return results;
- }
-}