You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/05 03:51:16 UTC
[1/2] directory-kerby git commit: DIRKRB-444 Fix some pmd and
checkstyle issues in kerb-client module.
Repository: directory-kerby
Updated Branches:
refs/heads/pkinit-support 1b1d4c152 -> 4e7a3c0cf
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/TrustAnchorGenerator.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/TrustAnchorGenerator.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/TrustAnchorGenerator.java
index f3152d9..80ce1ef 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/TrustAnchorGenerator.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/TrustAnchorGenerator.java
@@ -48,13 +48,12 @@ import java.util.Date;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class TrustAnchorGenerator
-{
+public class TrustAnchorGenerator {
/**
* Create CA certificate.
- *
- * @param publicKey
- * @param privateKey
+ *
+ * @param publicKey
+ * @param privateKey
* @param dn
* @param validityDays
* @param friendlyName
@@ -66,44 +65,44 @@ public class TrustAnchorGenerator
* @throws DataLengthException
* @throws CertificateException
*/
- public static X509Certificate generate( PublicKey publicKey, PrivateKey privateKey, String dn, int validityDays,
- String friendlyName ) throws InvalidKeyException, SecurityException, SignatureException,
- NoSuchAlgorithmException, DataLengthException, CertificateException
- {
+ public static X509Certificate generate(PublicKey publicKey, PrivateKey privateKey,
+ String dn, int validityDays, String friendlyName)
+ throws InvalidKeyException, SecurityException, SignatureException,
+ NoSuchAlgorithmException, DataLengthException, CertificateException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
// Set certificate attributes.
- certGen.setSerialNumber( BigInteger.valueOf( System.currentTimeMillis() ) );
+ certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
- X509Principal x509Principal = new X509Principal( dn );
- certGen.setIssuerDN( x509Principal );
- certGen.setSubjectDN( x509Principal );
+ X509Principal x509Principal = new X509Principal(dn);
+ certGen.setIssuerDN(x509Principal);
+ certGen.setSubjectDN(x509Principal);
- certGen.setNotBefore( new Date() );
+ certGen.setNotBefore(new Date());
Calendar expiry = Calendar.getInstance();
- expiry.add( Calendar.DAY_OF_YEAR, validityDays );
+ expiry.add(Calendar.DAY_OF_YEAR, validityDays);
- certGen.setNotAfter( expiry.getTime() );
+ certGen.setNotAfter(expiry.getTime());
- certGen.setPublicKey( publicKey );
- certGen.setSignatureAlgorithm( "SHA1WithRSAEncryption" );
+ certGen.setPublicKey(publicKey);
+ certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
certGen
- .addExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure( publicKey ) );
+ .addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
- certGen.addExtension( X509Extensions.BasicConstraints, true, new BasicConstraints( 1 ) );
+ certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(1));
- certGen.addExtension( X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature
- | KeyUsage.keyCertSign | KeyUsage.cRLSign ) );
+ certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
+ | KeyUsage.keyCertSign | KeyUsage.cRLSign));
- X509Certificate cert = certGen.generate( privateKey );
+ X509Certificate cert = certGen.generate(privateKey);
- PKCS12BagAttributeCarrier bagAttr = ( PKCS12BagAttributeCarrier ) cert;
+ PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert;
- bagAttr.setBagAttribute( PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString( friendlyName ) );
- bagAttr.setBagAttribute( PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(
- publicKey ) );
+ bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName));
+ bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(
+ publicKey));
return cert;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/CertificateChainFactoryTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/CertificateChainFactoryTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/CertificateChainFactoryTest.java
index 918047a..0b25ba2 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/CertificateChainFactoryTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/CertificateChainFactoryTest.java
@@ -47,48 +47,43 @@ import java.util.List;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class CertificateChainFactoryTest extends TestCase
-{
- public void setUp()
- {
- if ( Security.getProvider( BouncyCastleProvider.PROVIDER_NAME ) == null )
- {
- Security.addProvider( new BouncyCastleProvider() );
+public class CertificateChainFactoryTest extends TestCase {
+ public void setUp() {
+ if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+ Security.addProvider(new BouncyCastleProvider());
}
}
/**
* Tests construction of the client chain.
- *
+ * <p/>
* The created certificates can be displayed with a command like:
- *
+ * <p/>
* openssl pkcs12 -nodes -info -in /tmp/test.p12 > /tmp/test.cert && openssl x509 -noout -text -in /tmp/test.cert
- *
- * @throws Exception
+ *
+ * @throws Exception
*/
- public void testClientChain() throws Exception
- {
+ public void testClientChain() throws Exception {
X509Certificate[] clientChain = CertificateChainFactory.getClientChain();
- validateChain( clientChain );
+ validateChain(clientChain);
}
/**
* Tests construction of the KDC chain.
- *
+ * <p/>
* The created certificates can be displayed with a command like:
- *
+ * <p/>
* openssl pkcs12 -nodes -info -in /tmp/test.p12 > /tmp/test.cert && openssl x509 -noout -text -in /tmp/test.cert
- *
- * @throws Exception
+ *
+ * @throws Exception
*/
- public void testKdcChain() throws Exception
- {
+ public void testKdcChain() throws Exception {
X509Certificate[] kdcChain = CertificateChainFactory.getKdcChain();
- validateChain( kdcChain );
+ validateChain(kdcChain);
}
@@ -99,21 +94,20 @@ public class CertificateChainFactoryTest extends TestCase
* @throws CertificateException
* @throws InvalidAlgorithmParameterException
*/
- private void validateChain( X509Certificate[] chain ) throws CertificateException,
- InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException,
- InvalidAlgorithmParameterException, CertPathValidatorException
- {
- List<X509Certificate> certificateList = Arrays.asList( chain );
- CertificateFactory certificateFactory = CertificateFactory.getInstance( "X.509" );
- CertPath certPath = certificateFactory.generateCertPath( certificateList );
+ private void validateChain(X509Certificate[] chain) throws CertificateException,
+ InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidAlgorithmParameterException, CertPathValidatorException {
+ List<X509Certificate> certificateList = Arrays.asList(chain);
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ CertPath certPath = certificateFactory.generateCertPath(certificateList);
- CertPathValidator cpv = CertPathValidator.getInstance( "PKIX", "BC" );
+ CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
- TrustAnchor trustAnchor = new TrustAnchor( chain[chain.length - 1], null );
+ TrustAnchor trustAnchor = new TrustAnchor(chain[chain.length - 1], null);
- PKIXParameters parameters = new PKIXParameters( Collections.singleton( trustAnchor ) );
- parameters.setRevocationEnabled( false );
+ PKIXParameters parameters = new PKIXParameters(Collections.singleton(trustAnchor));
+ parameters.setRevocationEnabled(false);
- cpv.validate( certPath, parameters );
+ cpv.validate(certPath, parameters);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroupTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroupTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroupTest.java
index da436c1..ba44390 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroupTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroupTest.java
@@ -26,30 +26,27 @@ import junit.framework.TestCase;
* support Oakley 1024-bit Modular Exponential (MODP) well-known group 2
* [RFC2412] and Oakley 2048-bit MODP well-known group 14 [RFC3526] and
* SHOULD support Oakley 4096-bit MODP well-known group 16 [RFC3526]."
- *
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class DhGroupTest extends TestCase
-{
+public class DhGroupTest extends TestCase {
/**
* Tests that the translation of the hex representation of the prime modulus
* resulted in the expected bit length.
*/
- public void testPrimeBitLengths()
- {
- assertEquals( 1024, DhGroup.MODP_GROUP2.getP().bitLength() );
- assertEquals( 2048, DhGroup.MODP_GROUP14.getP().bitLength() );
- assertEquals( 4096, DhGroup.MODP_GROUP16.getP().bitLength() );
+ public void testPrimeBitLengths() {
+ assertEquals(1024, DhGroup.MODP_GROUP2.getP().bitLength());
+ assertEquals(2048, DhGroup.MODP_GROUP14.getP().bitLength());
+ assertEquals(4096, DhGroup.MODP_GROUP16.getP().bitLength());
}
/**
* Tests the generator values.
*/
- public void testGeneratorValues()
- {
- assertEquals( 2, DhGroup.MODP_GROUP2.getG().intValue() );
- assertEquals( 2, DhGroup.MODP_GROUP14.getG().intValue() );
- assertEquals( 2, DhGroup.MODP_GROUP16.getG().intValue() );
+ public void testGeneratorValues() {
+ assertEquals(2, DhGroup.MODP_GROUP2.getG().intValue());
+ assertEquals(2, DhGroup.MODP_GROUP14.getG().intValue());
+ assertEquals(2, DhGroup.MODP_GROUP16.getG().intValue());
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngineTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngineTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngineTest.java
index 83b6050..e1a8083 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngineTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngineTest.java
@@ -21,7 +21,6 @@ package org.apache.kerby.kerberos.kerb.client.preauth.pkinit;
import junit.framework.TestCase;
import org.apache.kerby.kerberos.kerb.client.preauth.pkinit.certs.CertificateChainFactory;
-import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -44,30 +43,26 @@ import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.util.Arrays;
+public class EnvelopedDataEngineTest extends TestCase {
+ /**
+ * The log for this class.
+ */
+ private static final Logger LOG = LoggerFactory.getLogger(EnvelopedDataEngineTest.class);
-/**
- * Tests the use of {@link CMSEnvelopedData}.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- * @version $Rev$, $Date$
- */
-public class EnvelopedDataEngineTest extends TestCase
-{
- /** The log for this class. */
- private static final Logger log = LoggerFactory.getLogger( EnvelopedDataEngineTest.class );
-
- /** Certificate used to encrypt the data. */
+ /**
+ * Certificate used to encrypt the data.
+ */
private X509Certificate certificate;
- /** Private key used to decrypt the data. */
+ /**
+ * Private key used to decrypt the data.
+ */
private PrivateKey privateKey;
- public void setUp() throws Exception
- {
- if ( Security.getProvider( BouncyCastleProvider.PROVIDER_NAME ) == null )
- {
- Security.addProvider( new BouncyCastleProvider() );
+ public void setUp() throws Exception {
+ if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+ Security.addProvider(new BouncyCastleProvider());
}
//getCaFromFile( "/tmp/testCa.p12", "password", "Test CA" );
@@ -80,19 +75,17 @@ public class EnvelopedDataEngineTest extends TestCase
*
* @throws Exception
*/
- public void testEnvelopedData() throws Exception
- {
+ public void testEnvelopedData() throws Exception {
byte[] dataToEnvelope = "Hello".getBytes();
- byte[] envelopedDataBytes = EnvelopedDataEngine.getEnvelopedReplyKeyPack( dataToEnvelope, certificate );
- byte[] unenvelopedData = EnvelopedDataEngine.getUnenvelopedData( envelopedDataBytes, certificate, privateKey );
+ byte[] envelopedDataBytes = EnvelopedDataEngine.getEnvelopedReplyKeyPack(dataToEnvelope, certificate);
+ byte[] unenvelopedData = EnvelopedDataEngine.getUnenvelopedData(envelopedDataBytes, certificate, privateKey);
- assertTrue( Arrays.equals( dataToEnvelope, unenvelopedData ) );
+ assertTrue(Arrays.equals(dataToEnvelope, unenvelopedData));
}
- void getCaFromFactory() throws Exception
- {
+ void getCaFromFactory() throws Exception {
X509Certificate[] clientChain = CertificateChainFactory.getClientChain();
certificate = clientChain[0];
@@ -100,34 +93,31 @@ public class EnvelopedDataEngineTest extends TestCase
}
- void getCaFromFile( String caFile, String caPassword, String caAlias ) throws KeyStoreException,
- NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException,
- InvalidKeyException, SignatureException, NoSuchProviderException
- {
+ void getCaFromFile(String caFile, String caPassword, String caAlias) throws KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException,
+ UnrecoverableKeyException, InvalidKeyException, SignatureException, NoSuchProviderException {
// Open the keystore.
- KeyStore caKs = KeyStore.getInstance( "PKCS12" );
- caKs.load( new FileInputStream( new File( caFile ) ), caPassword.toCharArray() );
+ KeyStore caKs = KeyStore.getInstance("PKCS12");
+ caKs.load(new FileInputStream(new File(caFile)), caPassword.toCharArray());
// Load the private key from the keystore.
- privateKey = ( RSAPrivateCrtKey ) caKs.getKey( caAlias, caPassword.toCharArray() );
+ privateKey = (RSAPrivateCrtKey) caKs.getKey(caAlias, caPassword.toCharArray());
- if ( privateKey == null )
- {
- throw new IllegalStateException( "Got null key from keystore!" );
+ if (privateKey == null) {
+ throw new IllegalStateException("Got null key from keystore!");
}
// Load the certificate from the keystore.
- certificate = ( X509Certificate ) caKs.getCertificate( caAlias );
+ certificate = (X509Certificate) caKs.getCertificate(caAlias);
- if ( certificate == null )
- {
- throw new IllegalStateException( "Got null cert from keystore!" );
+ if (certificate == null) {
+ throw new IllegalStateException("Got null cert from keystore!");
}
- log.debug( "Successfully loaded key and certificate having DN '{}'.", certificate.getSubjectDN().getName() );
+ LOG.debug("Successfully loaded key and certificate having DN '{}'.", certificate.getSubjectDN().getName());
// Verify.
- certificate.verify( certificate.getPublicKey() );
- log.debug( "Successfully verified CA certificate with its own public key." );
+ certificate.verify(certificate.getPublicKey());
+ LOG.debug("Successfully verified CA certificate with its own public key.");
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2KeyTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2KeyTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2KeyTest.java
index 8a2c0ce..783dae1 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2KeyTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2KeyTest.java
@@ -27,60 +27,58 @@ import java.util.Arrays;
/**
* From RFC 4556:
- *
+ * <p/>
* "Appendix B. Test Vectors
- *
+ * <p/>
* Function octetstring2key() is defined in Section 3.2.3.1. This section describes
* a few sets of test vectors that would be useful for implementers of octetstring2key()."
- *
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class OctetString2KeyTest extends TestCase
-{
+public class OctetString2KeyTest extends TestCase {
/**
* Set 1:
* =====
* Input octet string x is:
- *
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- *
+ * <p/>
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * <p/>
* Output of K-truncate() when the key size is 32 octets:
- *
- * 5e e5 0d 67 5c 80 9f e5 9e 4a 77 62 c5 4b 65 83
- * 75 47 ea fb 15 9b d8 cd c7 5f fc a5 91 1e 4c 41
+ * <p/>
+ * 5e e5 0d 67 5c 80 9f e5 9e 4a 77 62 c5 4b 65 83
+ * 75 47 ea fb 15 9b d8 cd c7 5f fc a5 91 1e 4c 41
*/
- public void testSet1()
- {
+ public void testSet1() {
byte[] inputOctetString = new byte[16 * 16];
byte[] expectedOutput =
- { ( byte ) 0x5e, ( byte ) 0xe5, ( byte ) 0x0d, ( byte ) 0x67, ( byte ) 0x5c, ( byte ) 0x80, ( byte ) 0x9f,
- ( byte ) 0xe5, ( byte ) 0x9e, ( byte ) 0x4a, ( byte ) 0x77, ( byte ) 0x62, ( byte ) 0xc5,
- ( byte ) 0x4b, ( byte ) 0x65, ( byte ) 0x83, ( byte ) 0x75, ( byte ) 0x47, ( byte ) 0xea,
- ( byte ) 0xfb, ( byte ) 0x15, ( byte ) 0x9b, ( byte ) 0xd8, ( byte ) 0xcd, ( byte ) 0xc7,
- ( byte ) 0x5f, ( byte ) 0xfc, ( byte ) 0xa5, ( byte ) 0x91, ( byte ) 0x1e, ( byte ) 0x4c, ( byte ) 0x41 };
+ {(byte) 0x5e, (byte) 0xe5, (byte) 0x0d, (byte) 0x67, (byte) 0x5c, (byte) 0x80, (byte) 0x9f,
+ (byte) 0xe5, (byte) 0x9e, (byte) 0x4a, (byte) 0x77, (byte) 0x62, (byte) 0xc5,
+ (byte) 0x4b, (byte) 0x65, (byte) 0x83, (byte) 0x75, (byte) 0x47, (byte) 0xea,
+ (byte) 0xfb, (byte) 0x15, (byte) 0x9b, (byte) 0xd8, (byte) 0xcd, (byte) 0xc7,
+ (byte) 0x5f, (byte) 0xfc, (byte) 0xa5, (byte) 0x91, (byte) 0x1e, (byte) 0x4c, (byte) 0x41};
int keySize = 32 * 8;
- byte[] result = OctetString2Key.kTruncate( keySize, inputOctetString );
+ byte[] result = OctetString2Key.kTruncate(keySize, inputOctetString);
- assertTrue( Arrays.equals( result, expectedOutput ) );
+ assertTrue(Arrays.equals(result, expectedOutput));
}
@@ -88,37 +86,36 @@ public class OctetString2KeyTest extends TestCase
* Set 2:
* =====
* Input octet string x is:
- *
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- *
+ * <p/>
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ * <p/>
* Output of K-truncate() when the key size is 32 octets:
- *
- * ac f7 70 7c 08 97 3d df db 27 cd 36 14 42 cc fb
- * a3 55 c8 88 4c b4 72 f3 7d a6 36 d0 7d 56 78 7e
+ * <p/>
+ * ac f7 70 7c 08 97 3d df db 27 cd 36 14 42 cc fb
+ * a3 55 c8 88 4c b4 72 f3 7d a6 36 d0 7d 56 78 7e
*/
- public void testSet2()
- {
+ public void testSet2() {
byte[] inputOctetString = new byte[16 * 8];
byte[] expectedOutput =
- { ( byte ) 0xac, ( byte ) 0xf7, ( byte ) 0x70, ( byte ) 0x7c, ( byte ) 0x08, ( byte ) 0x97, ( byte ) 0x3d,
- ( byte ) 0xdf, ( byte ) 0xdb, ( byte ) 0x27, ( byte ) 0xcd, ( byte ) 0x36, ( byte ) 0x14,
- ( byte ) 0x42, ( byte ) 0xcc, ( byte ) 0xfb, ( byte ) 0xa3, ( byte ) 0x55, ( byte ) 0xc8,
- ( byte ) 0x88, ( byte ) 0x4c, ( byte ) 0xb4, ( byte ) 0x72, ( byte ) 0xf3, ( byte ) 0x7d,
- ( byte ) 0xa6, ( byte ) 0x36, ( byte ) 0xd0, ( byte ) 0x7d, ( byte ) 0x56, ( byte ) 0x78, ( byte ) 0x7e };
+ {(byte) 0xac, (byte) 0xf7, (byte) 0x70, (byte) 0x7c, (byte) 0x08, (byte) 0x97, (byte) 0x3d,
+ (byte) 0xdf, (byte) 0xdb, (byte) 0x27, (byte) 0xcd, (byte) 0x36, (byte) 0x14,
+ (byte) 0x42, (byte) 0xcc, (byte) 0xfb, (byte) 0xa3, (byte) 0x55, (byte) 0xc8,
+ (byte) 0x88, (byte) 0x4c, (byte) 0xb4, (byte) 0x72, (byte) 0xf3, (byte) 0x7d,
+ (byte) 0xa6, (byte) 0x36, (byte) 0xd0, (byte) 0x7d, (byte) 0x56, (byte) 0x78, (byte) 0x7e};
int keySize = 32 * 8;
- byte[] result = OctetString2Key.kTruncate( keySize, inputOctetString );
+ byte[] result = OctetString2Key.kTruncate(keySize, inputOctetString);
- assertTrue( Arrays.equals( result, expectedOutput ) );
+ assertTrue(Arrays.equals(result, expectedOutput));
}
@@ -126,58 +123,57 @@ public class OctetString2KeyTest extends TestCase
* Set 3:
* ======
* Input octet string x is:
- *
- * 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
- * 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
- * 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
- * 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c
- * 0d 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b
- * 0c 0d 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a
- * 0b 0c 0d 0e 0f 10 00 01 02 03 04 05 06 07 08 09
- * 0a 0b 0c 0d 0e 0f 10 00 01 02 03 04 05 06 07 08
- *
+ * <p/>
+ * 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
+ * 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
+ * 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
+ * 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c
+ * 0d 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b
+ * 0c 0d 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a
+ * 0b 0c 0d 0e 0f 10 00 01 02 03 04 05 06 07 08 09
+ * 0a 0b 0c 0d 0e 0f 10 00 01 02 03 04 05 06 07 08
+ * <p/>
* Output of K-truncate() when the key size is 32 octets:
- *
- * c4 42 da 58 5f cb 80 e4 3b 47 94 6f 25 40 93 e3
- * 73 29 d9 90 01 38 0d b7 83 71 db 3a cf 5c 79 7e
+ * <p/>
+ * c4 42 da 58 5f cb 80 e4 3b 47 94 6f 25 40 93 e3
+ * 73 29 d9 90 01 38 0d b7 83 71 db 3a cf 5c 79 7e
*/
- public void testSet3()
- {
+ public void testSet3() {
byte[] inputOctetString =
- { ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06,
- ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c,
- ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01,
- ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07,
- ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d,
- ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02,
- ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08,
- ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d, ( byte ) 0x0e,
- ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03,
- ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09,
- ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f,
- ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04,
- ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a,
- ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10,
- ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05,
- ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b,
- ( byte ) 0x0c, ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00,
- ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06,
- ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c,
- ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01,
- ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08 };
+ {(byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06,
+ (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c,
+ (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01,
+ (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07,
+ (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d,
+ (byte) 0x0e, (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01, (byte) 0x02,
+ (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08,
+ (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e,
+ (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03,
+ (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09,
+ (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f,
+ (byte) 0x10, (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04,
+ (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a,
+ (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, (byte) 0x10,
+ (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05,
+ (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b,
+ (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, (byte) 0x10, (byte) 0x00,
+ (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06,
+ (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c,
+ (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01,
+ (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08};
byte[] expectedOutput =
- { ( byte ) 0xc4, ( byte ) 0x42, ( byte ) 0xda, ( byte ) 0x58, ( byte ) 0x5f, ( byte ) 0xcb, ( byte ) 0x80,
- ( byte ) 0xe4, ( byte ) 0x3b, ( byte ) 0x47, ( byte ) 0x94, ( byte ) 0x6f, ( byte ) 0x25,
- ( byte ) 0x40, ( byte ) 0x93, ( byte ) 0xe3, ( byte ) 0x73, ( byte ) 0x29, ( byte ) 0xd9,
- ( byte ) 0x90, ( byte ) 0x01, ( byte ) 0x38, ( byte ) 0x0d, ( byte ) 0xb7, ( byte ) 0x83,
- ( byte ) 0x71, ( byte ) 0xdb, ( byte ) 0x3a, ( byte ) 0xcf, ( byte ) 0x5c, ( byte ) 0x79, ( byte ) 0x7e };
+ {(byte) 0xc4, (byte) 0x42, (byte) 0xda, (byte) 0x58, (byte) 0x5f, (byte) 0xcb, (byte) 0x80,
+ (byte) 0xe4, (byte) 0x3b, (byte) 0x47, (byte) 0x94, (byte) 0x6f, (byte) 0x25,
+ (byte) 0x40, (byte) 0x93, (byte) 0xe3, (byte) 0x73, (byte) 0x29, (byte) 0xd9,
+ (byte) 0x90, (byte) 0x01, (byte) 0x38, (byte) 0x0d, (byte) 0xb7, (byte) 0x83,
+ (byte) 0x71, (byte) 0xdb, (byte) 0x3a, (byte) 0xcf, (byte) 0x5c, (byte) 0x79, (byte) 0x7e};
int keySize = 32 * 8;
- byte[] result = OctetString2Key.kTruncate( keySize, inputOctetString );
+ byte[] result = OctetString2Key.kTruncate(keySize, inputOctetString);
- assertTrue( Arrays.equals( result, expectedOutput ) );
+ assertTrue(Arrays.equals(result, expectedOutput));
}
@@ -185,46 +181,45 @@ public class OctetString2KeyTest extends TestCase
* Set 4:
* =====
* Input octet string x is:
- *
- * 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
- * 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
- * 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
- * 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c
- * 0d 0e 0f 10 00 01 02 03 04 05 06 07 08
- *
+ * <p/>
+ * 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
+ * 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
+ * 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
+ * 0e 0f 10 00 01 02 03 04 05 06 07 08 09 0a 0b 0c
+ * 0d 0e 0f 10 00 01 02 03 04 05 06 07 08
+ * <p/>
* Output of K-truncate() when the key size is 32 octets:
- *
- * 00 53 95 3b 84 c8 96 f4 eb 38 5c 3f 2e 75 1c 4a
- * 59 0e d6 ff ad ca 6f f6 4f 47 eb eb 8d 78 0f fc
+ * <p/>
+ * 00 53 95 3b 84 c8 96 f4 eb 38 5c 3f 2e 75 1c 4a
+ * 59 0e d6 ff ad ca 6f f6 4f 47 eb eb 8d 78 0f fc
*/
- public void testSet4()
- {
+ public void testSet4() {
byte[] inputOctetString =
- { ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06,
- ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c,
- ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01,
- ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07,
- ( byte ) 0x08, ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d,
- ( byte ) 0x0e, ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02,
- ( byte ) 0x03, ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08,
- ( byte ) 0x09, ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d, ( byte ) 0x0e,
- ( byte ) 0x0f, ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03,
- ( byte ) 0x04, ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08, ( byte ) 0x09,
- ( byte ) 0x0a, ( byte ) 0x0b, ( byte ) 0x0c, ( byte ) 0x0d, ( byte ) 0x0e, ( byte ) 0x0f,
- ( byte ) 0x10, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x04,
- ( byte ) 0x05, ( byte ) 0x06, ( byte ) 0x07, ( byte ) 0x08 };
+ {(byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06,
+ (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c,
+ (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01,
+ (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07,
+ (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d,
+ (byte) 0x0e, (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01, (byte) 0x02,
+ (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08,
+ (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e,
+ (byte) 0x0f, (byte) 0x10, (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03,
+ (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09,
+ (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f,
+ (byte) 0x10, (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04,
+ (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08};
byte[] expectedOutput =
- { ( byte ) 0x00, ( byte ) 0x53, ( byte ) 0x95, ( byte ) 0x3b, ( byte ) 0x84, ( byte ) 0xc8, ( byte ) 0x96,
- ( byte ) 0xf4, ( byte ) 0xeb, ( byte ) 0x38, ( byte ) 0x5c, ( byte ) 0x3f, ( byte ) 0x2e,
- ( byte ) 0x75, ( byte ) 0x1c, ( byte ) 0x4a, ( byte ) 0x59, ( byte ) 0x0e, ( byte ) 0xd6,
- ( byte ) 0xff, ( byte ) 0xad, ( byte ) 0xca, ( byte ) 0x6f, ( byte ) 0xf6, ( byte ) 0x4f,
- ( byte ) 0x47, ( byte ) 0xeb, ( byte ) 0xeb, ( byte ) 0x8d, ( byte ) 0x78, ( byte ) 0x0f, ( byte ) 0xfc };
+ {(byte) 0x00, (byte) 0x53, (byte) 0x95, (byte) 0x3b, (byte) 0x84, (byte) 0xc8, (byte) 0x96,
+ (byte) 0xf4, (byte) 0xeb, (byte) 0x38, (byte) 0x5c, (byte) 0x3f, (byte) 0x2e,
+ (byte) 0x75, (byte) 0x1c, (byte) 0x4a, (byte) 0x59, (byte) 0x0e, (byte) 0xd6,
+ (byte) 0xff, (byte) 0xad, (byte) 0xca, (byte) 0x6f, (byte) 0xf6, (byte) 0x4f,
+ (byte) 0x47, (byte) 0xeb, (byte) 0xeb, (byte) 0x8d, (byte) 0x78, (byte) 0x0f, (byte) 0xfc};
int keySize = 32 * 8;
- byte[] result = OctetString2Key.kTruncate( keySize, inputOctetString );
+ byte[] result = OctetString2Key.kTruncate(keySize, inputOctetString);
- assertTrue( Arrays.equals( result, expectedOutput ) );
+ assertTrue(Arrays.equals(result, expectedOutput));
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngineTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngineTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngineTest.java
index 9dd007d..d4e08f9 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngineTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngineTest.java
@@ -50,25 +50,28 @@ import java.security.interfaces.RSAPrivateCrtKey;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class SignedDataEngineTest extends TestCase
-{
- /** The log for this class. */
- private static final Logger log = LoggerFactory.getLogger( SignedDataEngineTest.class );
+public class SignedDataEngineTest extends TestCase {
+ /**
+ * The log for this class.
+ */
+ private static final Logger LOG = LoggerFactory.getLogger(SignedDataEngineTest.class);
private static final String ID_DATA = "1.2.840.113549.1.7.1";
- /** Certificate used to verify the signature. */
+ /**
+ * Certificate used to verify the signature.
+ */
private X509Certificate certificate;
- /** Private key used to sign the data. */
+ /**
+ * Private key used to sign the data.
+ */
private PrivateKey privateKey;
- public void setUp() throws Exception
- {
- if ( Security.getProvider( "BC" ) == null )
- {
- Security.addProvider( new BouncyCastleProvider() );
+ public void setUp() throws Exception {
+ if (Security.getProvider("BC") == null) {
+ Security.addProvider(new BouncyCastleProvider());
}
//getCaFromFile( "/tmp/testCa.p12", "password", "Test CA" );
@@ -81,20 +84,18 @@ public class SignedDataEngineTest extends TestCase
*
* @throws Exception
*/
- public void testSignedData() throws Exception
- {
+ public void testSignedData() throws Exception {
byte[] data = "Hello".getBytes();
- byte[] signedDataBytes = SignedDataEngine.getSignedData( privateKey, certificate, data, ID_DATA );
+ byte[] signedDataBytes = SignedDataEngine.getSignedData(privateKey, certificate, data, ID_DATA);
- CMSSignedData signedData = new CMSSignedData( signedDataBytes );
+ CMSSignedData signedData = new CMSSignedData(signedDataBytes);
- assertTrue(SignedDataEngine.validateSignedData( signedData ));
+ assertTrue(SignedDataEngine.validateSignedData(signedData));
}
- void getCaFromFactory() throws Exception
- {
+ void getCaFromFactory() throws Exception {
X509Certificate[] clientChain = CertificateChainFactory.getClientChain();
certificate = clientChain[0];
@@ -102,34 +103,31 @@ public class SignedDataEngineTest extends TestCase
}
- void getCaFromFile( String caFile, String caPassword, String caAlias ) throws KeyStoreException,
- NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException,
- InvalidKeyException, SignatureException, NoSuchProviderException
- {
+ void getCaFromFile(String caFile, String caPassword, String caAlias) throws KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException,
+ UnrecoverableKeyException, InvalidKeyException, SignatureException, NoSuchProviderException {
// Open the keystore.
- KeyStore caKs = KeyStore.getInstance( "PKCS12" );
- caKs.load( new FileInputStream( new File( caFile ) ), caPassword.toCharArray() );
+ KeyStore caKs = KeyStore.getInstance("PKCS12");
+ caKs.load(new FileInputStream(new File(caFile)), caPassword.toCharArray());
// Load the private key from the keystore.
- privateKey = ( RSAPrivateCrtKey ) caKs.getKey( caAlias, caPassword.toCharArray() );
+ privateKey = (RSAPrivateCrtKey) caKs.getKey(caAlias, caPassword.toCharArray());
- if ( privateKey == null )
- {
- throw new IllegalStateException( "Got null key from keystore!" );
+ if (privateKey == null) {
+ throw new IllegalStateException("Got null key from keystore!");
}
// Load the certificate from the keystore.
- certificate = ( X509Certificate ) caKs.getCertificate( caAlias );
+ certificate = (X509Certificate) caKs.getCertificate(caAlias);
- if ( certificate == null )
- {
- throw new IllegalStateException( "Got null cert from keystore!" );
+ if (certificate == null) {
+ throw new IllegalStateException("Got null cert from keystore!");
}
- log.debug( "Successfully loaded CA key and certificate. CA DN is '{}'.", certificate.getSubjectDN().getName() );
+ LOG.debug("Successfully loaded CA key and certificate. CA DN is '{}'.", certificate.getSubjectDN().getName());
// Verify.
- certificate.verify( certificate.getPublicKey() );
- log.debug( "Successfully verified CA certificate with its own public key." );
+ certificate.verify(certificate.getPublicKey());
+ LOG.debug("Successfully verified CA certificate with its own public key.");
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactoryTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactoryTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactoryTest.java
index 531fd07..5efe79d 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactoryTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactoryTest.java
@@ -44,48 +44,43 @@ import java.util.List;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class CertificateChainFactoryTest extends TestCase
-{
- public void setUp()
- {
- if ( Security.getProvider( BouncyCastleProvider.PROVIDER_NAME ) == null )
- {
- Security.addProvider( new BouncyCastleProvider() );
+public class CertificateChainFactoryTest extends TestCase {
+ public void setUp() {
+ if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+ Security.addProvider(new BouncyCastleProvider());
}
}
/**
* Tests construction of the client chain.
- *
+ * <p/>
* The created certificates can be displayed with a command like:
- *
+ * <p/>
* openssl pkcs12 -nodes -info -in /tmp/test.p12 > /tmp/test.cert && openssl x509 -noout -text -in /tmp/test.cert
- *
- * @throws Exception
+ *
+ * @throws Exception
*/
- public void testClientChain() throws Exception
- {
+ public void testClientChain() throws Exception {
X509Certificate[] clientChain = CertificateChainFactory.getClientChain();
- validateChain( clientChain );
+ validateChain(clientChain);
}
/**
* Tests construction of the KDC chain.
- *
+ * <p/>
* The created certificates can be displayed with a command like:
- *
+ * <p/>
* openssl pkcs12 -nodes -info -in /tmp/test.p12 > /tmp/test.cert && openssl x509 -noout -text -in /tmp/test.cert
- *
- * @throws Exception
+ *
+ * @throws Exception
*/
- public void testKdcChain() throws Exception
- {
+ public void testKdcChain() throws Exception {
X509Certificate[] kdcChain = CertificateChainFactory.getKdcChain();
- validateChain( kdcChain );
+ validateChain(kdcChain);
}
@@ -96,21 +91,20 @@ public class CertificateChainFactoryTest extends TestCase
* @throws CertificateException
* @throws InvalidAlgorithmParameterException
*/
- private void validateChain( X509Certificate[] chain ) throws CertificateException,
- InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException,
- InvalidAlgorithmParameterException, CertPathValidatorException
- {
- List<X509Certificate> certificateList = Arrays.asList( chain );
- CertificateFactory certificateFactory = CertificateFactory.getInstance( "X.509" );
- CertPath certPath = certificateFactory.generateCertPath( certificateList );
+ private void validateChain(X509Certificate[] chain) throws CertificateException,
+ InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidAlgorithmParameterException, CertPathValidatorException {
+ List<X509Certificate> certificateList = Arrays.asList(chain);
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ CertPath certPath = certificateFactory.generateCertPath(certificateList);
- CertPathValidator cpv = CertPathValidator.getInstance( "PKIX", "BC" );
+ CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
- TrustAnchor trustAnchor = new TrustAnchor( chain[chain.length - 1], null );
+ TrustAnchor trustAnchor = new TrustAnchor(chain[chain.length - 1], null);
- PKIXParameters parameters = new PKIXParameters( Collections.singleton( trustAnchor ) );
- parameters.setRevocationEnabled( false );
+ PKIXParameters parameters = new PKIXParameters(Collections.singleton(trustAnchor));
+ parameters.setRevocationEnabled(false);
- cpv.validate( certPath, parameters );
+ cpv.validate(certPath, parameters);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-provider/pki-provider/src/main/java/org/apache/kerby/kerberos/provider/pki/KerbyPkiLoader.java
----------------------------------------------------------------------
diff --git a/kerby-provider/pki-provider/src/main/java/org/apache/kerby/kerberos/provider/pki/KerbyPkiLoader.java b/kerby-provider/pki-provider/src/main/java/org/apache/kerby/kerberos/provider/pki/KerbyPkiLoader.java
index 276e90b..ba1f581 100644
--- a/kerby-provider/pki-provider/src/main/java/org/apache/kerby/kerberos/provider/pki/KerbyPkiLoader.java
+++ b/kerby-provider/pki-provider/src/main/java/org/apache/kerby/kerberos/provider/pki/KerbyPkiLoader.java
@@ -23,7 +23,11 @@ import org.apache.commons.ssl.PKCS8Key;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.provider.PkiLoader;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
@@ -104,8 +108,7 @@ public class KerbyPkiLoader implements PkiLoader {
PrivateKey pk = null;
if (pkcs8.isDSA()) {
pk = KeyFactory.getInstance("DSA").generatePrivate(spec);
- }
- else if (pkcs8.isRSA()) {
+ } else if (pkcs8.isRSA()) {
pk = KeyFactory.getInstance("RSA").generatePrivate(spec);
}
[2/2] directory-kerby git commit: DIRKRB-444 Fix some pmd and
checkstyle issues in kerb-client module.
Posted by pl...@apache.org.
DIRKRB-444 Fix some pmd and checkstyle issues in kerb-client module.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/4e7a3c0c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/4e7a3c0c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/4e7a3c0c
Branch: refs/heads/pkinit-support
Commit: 4e7a3c0cffc2b4566bf2e531b4876f3bb9316c1e
Parents: 1b1d4c1
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Nov 5 10:57:16 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Nov 5 10:57:16 2015 +0800
----------------------------------------------------------------------
.../preauth/pkinit/ClientConfiguration.java | 33 +--
.../kerb/client/preauth/pkinit/DhClient.java | 65 ++---
.../kerb/client/preauth/pkinit/DhGroup.java | 116 ++++-----
.../kerb/client/preauth/pkinit/DhServer.java | 64 ++---
.../preauth/pkinit/EnvelopedDataEngine.java | 47 ++--
.../client/preauth/pkinit/OctetString2Key.java | 56 ++--
.../client/preauth/pkinit/PkinitContext.java | 33 ++-
.../client/preauth/pkinit/PkinitCrypto.java | 33 ++-
.../preauth/pkinit/ServerConfiguration.java | 37 +--
.../client/preauth/pkinit/SignedDataEngine.java | 24 +-
.../pkinit/certs/CertificateChainFactory.java | 53 ++--
.../pkinit/certs/EndEntityGenerator.java | 112 ++++----
.../pkinit/certs/IntermediateCaGenerator.java | 59 ++---
.../preauth/pkinit/certs/KeyPairSpec.java | 132 +++++-----
.../pkinit/certs/TrustAnchorGenerator.java | 53 ++--
.../pkinit/CertificateChainFactoryTest.java | 60 ++---
.../kerb/client/preauth/pkinit/DhGroupTest.java | 23 +-
.../preauth/pkinit/EnvelopedDataEngineTest.java | 76 +++---
.../preauth/pkinit/OctetString2KeyTest.java | 259 +++++++++----------
.../preauth/pkinit/SignedDataEngineTest.java | 68 +++--
.../certs/CertificateChainFactoryTest.java | 60 ++---
.../kerberos/provider/pki/KerbyPkiLoader.java | 9 +-
22 files changed, 691 insertions(+), 781 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ClientConfiguration.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ClientConfiguration.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ClientConfiguration.java
index 5350c02..6734728 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ClientConfiguration.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ClientConfiguration.java
@@ -29,8 +29,7 @@ import javax.crypto.spec.DHParameterSpec;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class ClientConfiguration
-{
+public class ClientConfiguration {
/**
* The location of the user certificate.
*/
@@ -61,8 +60,7 @@ public class ClientConfiguration
/**
* @return the certificatePath
*/
- public String getCertificatePath()
- {
+ public String getCertificatePath() {
return certificatePath;
}
@@ -70,8 +68,7 @@ public class ClientConfiguration
/**
* @param certificatePath the certificatePath to set
*/
- public void setCertificatePath( String certificatePath )
- {
+ public void setCertificatePath(String certificatePath) {
this.certificatePath = certificatePath;
}
@@ -79,8 +76,7 @@ public class ClientConfiguration
/**
* @return the cmsType
*/
- public String getCmsType()
- {
+ public String getCmsType() {
return cmsType;
}
@@ -88,8 +84,7 @@ public class ClientConfiguration
/**
* @param cmsType the cmsType to set
*/
- public void setCmsType( String cmsType )
- {
+ public void setCmsType(String cmsType) {
this.cmsType = cmsType;
}
@@ -97,8 +92,7 @@ public class ClientConfiguration
/**
* @return the isDhUsed
*/
- public boolean isDhUsed()
- {
+ public boolean isDhUsed() {
return isDhUsed;
}
@@ -106,8 +100,7 @@ public class ClientConfiguration
/**
* @param isDhUsed the isDhUsed to set
*/
- public void setDhUsed( boolean isDhUsed )
- {
+ public void setDhUsed(boolean isDhUsed) {
this.isDhUsed = isDhUsed;
}
@@ -115,8 +108,7 @@ public class ClientConfiguration
/**
* @return the dhGroup
*/
- public DHParameterSpec getDhGroup()
- {
+ public DHParameterSpec getDhGroup() {
return dhGroup;
}
@@ -124,8 +116,7 @@ public class ClientConfiguration
/**
* @param dhGroup the dhGroup to set
*/
- public void setDhGroup( DHParameterSpec dhGroup )
- {
+ public void setDhGroup(DHParameterSpec dhGroup) {
this.dhGroup = dhGroup;
}
@@ -133,8 +124,7 @@ public class ClientConfiguration
/**
* @return the isDhKeysReused
*/
- public boolean isDhKeysReused()
- {
+ public boolean isDhKeysReused() {
return isDhKeysReused;
}
@@ -142,8 +132,7 @@ public class ClientConfiguration
/**
* @param isDhKeysReused the isDhKeysReused to set
*/
- public void setDhKeysReused( boolean isDhKeysReused )
- {
+ public void setDhKeysReused(boolean isDhKeysReused) {
this.isDhKeysReused = isDhKeysReused;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhClient.java
index 20ca0c6..ca2be20 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhClient.java
@@ -40,60 +40,55 @@ import java.security.spec.X509EncodedKeySpec;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-class DhClient
-{
- private static AlgorithmParameterSpec AES_IV = new IvParameterSpec( new byte[16] );
+class DhClient {
+ private static AlgorithmParameterSpec aesIv = new IvParameterSpec(new byte[16]);
private KeyAgreement clientKeyAgree;
private SecretKey clientAesKey;
- byte[] init( DHParameterSpec dhParamSpec ) throws Exception
- {
+ byte[] init(DHParameterSpec dhParamSpec) throws Exception {
// The client creates its own DH key pair, using the DH parameters from above.
- KeyPairGenerator clientKpairGen = KeyPairGenerator.getInstance( "DH" );
- clientKpairGen.initialize( dhParamSpec );
+ KeyPairGenerator clientKpairGen = KeyPairGenerator.getInstance("DH");
+ clientKpairGen.initialize(dhParamSpec);
KeyPair clientKpair = clientKpairGen.generateKeyPair();
// The client creates and initializes its DH KeyAgreement object.
- clientKeyAgree = KeyAgreement.getInstance( "DH" );
- clientKeyAgree.init( clientKpair.getPrivate() );
+ clientKeyAgree = KeyAgreement.getInstance("DH");
+ clientKeyAgree.init(clientKpair.getPrivate());
// The client encodes its public key, and sends it over to the server.
return clientKpair.getPublic().getEncoded();
}
- void doPhase( byte[] serverPubKeyEnc ) throws Exception
- {
+ void doPhase(byte[] serverPubKeyEnc) throws Exception {
/*
* The client uses the server's public key for the first (and only) phase
* of its version of the DH protocol. Before it can do so, it has to
* instantiate a DH public key from the server's encoded key material.
*/
- KeyFactory clientKeyFac = KeyFactory.getInstance( "DH" );
- X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec( serverPubKeyEnc );
- PublicKey serverPubKey = clientKeyFac.generatePublic( x509KeySpec );
+ KeyFactory clientKeyFac = KeyFactory.getInstance("DH");
+ X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(serverPubKeyEnc);
+ PublicKey serverPubKey = clientKeyFac.generatePublic(x509KeySpec);
- clientKeyAgree.doPhase( serverPubKey, true );
+ clientKeyAgree.doPhase(serverPubKey, true);
}
- byte[] generateKey( byte[] clientDhNonce, byte[] serverDhNonce )
- {
+ byte[] generateKey(byte[] clientDhNonce, byte[] serverDhNonce) {
// ZZ length will be same as public key.
byte[] dhSharedSecret = clientKeyAgree.generateSecret();
byte[] x = dhSharedSecret;
- if ( ( clientDhNonce != null && clientDhNonce.length > 0 )
- && ( serverDhNonce != null && serverDhNonce.length > 0 ) )
- {
- x = concatenateBytes( dhSharedSecret, clientDhNonce );
- x = concatenateBytes( x, serverDhNonce );
+ if (clientDhNonce != null && clientDhNonce.length > 0
+ && serverDhNonce != null && serverDhNonce.length > 0) {
+ x = concatenateBytes(dhSharedSecret, clientDhNonce);
+ x = concatenateBytes(x, serverDhNonce);
}
- byte[] secret = OctetString2Key.kTruncate( dhSharedSecret.length, x );
- clientAesKey = new SecretKeySpec( secret, 0, 16, "AES" );
+ byte[] secret = OctetString2Key.kTruncate(dhSharedSecret.length, x);
+ clientAesKey = new SecretKeySpec(secret, 0, 16, "AES");
return clientAesKey.getEncoded();
}
@@ -101,32 +96,28 @@ class DhClient
/**
* Decrypt using AES in CTS mode.
- *
+ *
* @param cipherText
* @return
* @throws Exception
*/
- byte[] decryptAes( byte[] cipherText ) throws Exception
- {
+ byte[] decryptAes(byte[] cipherText) throws Exception {
// Use the secret key to encrypt/decrypt data.
- Cipher serverCipher = Cipher.getInstance( "AES/CTS/NoPadding" );
- serverCipher.init( Cipher.DECRYPT_MODE, clientAesKey, AES_IV );
+ Cipher serverCipher = Cipher.getInstance("AES/CTS/NoPadding");
+ serverCipher.init(Cipher.DECRYPT_MODE, clientAesKey, aesIv);
- return serverCipher.doFinal( cipherText );
+ return serverCipher.doFinal(cipherText);
}
- byte[] concatenateBytes( byte[] array1, byte[] array2 )
- {
- byte concatenatedBytes[] = new byte[array1.length + array2.length];
+ byte[] concatenateBytes(byte[] array1, byte[] array2) {
+ byte[] concatenatedBytes = new byte[array1.length + array2.length];
- for ( int i = 0; i < array1.length; i++ )
- {
+ for (int i = 0; i < array1.length; i++) {
concatenatedBytes[i] = array1[i];
}
- for ( int j = array1.length; j < concatenatedBytes.length; j++ )
- {
+ for (int j = array1.length; j < concatenatedBytes.length; j++) {
concatenatedBytes[j] = array2[j - array1.length];
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroup.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroup.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroup.java
index 6fb0f51..cf3a0df 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroup.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhGroup.java
@@ -29,17 +29,16 @@ import java.math.BigInteger;
* support Oakley 1024-bit Modular Exponential (MODP) well-known group 2
* [RFC2412] and Oakley 2048-bit MODP well-known group 14 [RFC3526] and
* SHOULD support Oakley 4096-bit MODP well-known group 16 [RFC3526]."
- *
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class DhGroup
-{
+public class DhGroup {
/**
* From:
* The OAKLEY Key Determination Protocol
* http://www.ietf.org/rfc/rfc2412.txt
- *
+ * <p/>
* Well-Known Group 2: A 1024 bit prime
* This group is assigned id 2 (two).
* The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
@@ -47,27 +46,26 @@ public class DhGroup
*/
public static final DHParameterSpec MODP_GROUP2;
- static
- {
+ static {
StringBuffer sb = new StringBuffer();
- sb.append( "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" );
- sb.append( "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" );
- sb.append( "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" );
- sb.append( "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" );
- sb.append( "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" );
- sb.append( "FFFFFFFFFFFFFFFF" );
+ sb.append("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1");
+ sb.append("29024E088A67CC74020BBEA63B139B22514A08798E3404DD");
+ sb.append("EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245");
+ sb.append("E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED");
+ sb.append("EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381");
+ sb.append("FFFFFFFFFFFFFFFF");
- BigInteger prime = new BigInteger( sb.toString(), 16 );
- BigInteger generator = BigInteger.valueOf( 2 );
+ BigInteger prime = new BigInteger(sb.toString(), 16);
+ BigInteger generator = BigInteger.valueOf(2);
- MODP_GROUP2 = new DHParameterSpec( prime, generator );
+ MODP_GROUP2 = new DHParameterSpec(prime, generator);
}
/**
* From:
* More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
* http://www.ietf.org/rfc/rfc3526.txt
- *
+ * <p/>
* 2048-bit MODP Group
* This group is assigned id 14.
* This prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
@@ -75,32 +73,31 @@ public class DhGroup
*/
public static final DHParameterSpec MODP_GROUP14;
- static
- {
+ static {
StringBuffer sb = new StringBuffer();
- sb.append( "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" );
- sb.append( "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" );
- sb.append( "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" );
- sb.append( "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" );
- sb.append( "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" );
- sb.append( "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" );
- sb.append( "83655D23DCA3AD961C62F356208552BB9ED529077096966D" );
- sb.append( "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" );
- sb.append( "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" );
- sb.append( "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" );
- sb.append( "15728E5A8AACAA68FFFFFFFFFFFFFFFF" );
+ sb.append("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1");
+ sb.append("29024E088A67CC74020BBEA63B139B22514A08798E3404DD");
+ sb.append("EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245");
+ sb.append("E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED");
+ sb.append("EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D");
+ sb.append("C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F");
+ sb.append("83655D23DCA3AD961C62F356208552BB9ED529077096966D");
+ sb.append("670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B");
+ sb.append("E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9");
+ sb.append("DE2BCBF6955817183995497CEA956AE515D2261898FA0510");
+ sb.append("15728E5A8AACAA68FFFFFFFFFFFFFFFF");
- BigInteger prime = new BigInteger( sb.toString(), 16 );
- BigInteger generator = BigInteger.valueOf( 2 );
+ BigInteger prime = new BigInteger(sb.toString(), 16);
+ BigInteger generator = BigInteger.valueOf(2);
- MODP_GROUP14 = new DHParameterSpec( prime, generator );
+ MODP_GROUP14 = new DHParameterSpec(prime, generator);
}
/**
* From:
* More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
* http://www.ietf.org/rfc/rfc3526.txt
- *
+ * <p/>
* 4096-bit MODP Group
* This group is assigned id 16.
* This prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
@@ -108,35 +105,34 @@ public class DhGroup
*/
public static final DHParameterSpec MODP_GROUP16;
- static
- {
+ static {
StringBuffer sb = new StringBuffer();
- sb.append( "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" );
- sb.append( "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" );
- sb.append( "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" );
- sb.append( "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" );
- sb.append( "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" );
- sb.append( "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" );
- sb.append( "83655D23DCA3AD961C62F356208552BB9ED529077096966D" );
- sb.append( "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" );
- sb.append( "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" );
- sb.append( "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" );
- sb.append( "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" );
- sb.append( "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" );
- sb.append( "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" );
- sb.append( "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" );
- sb.append( "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" );
- sb.append( "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" );
- sb.append( "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" );
- sb.append( "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" );
- sb.append( "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" );
- sb.append( "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" );
- sb.append( "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" );
- sb.append( "FFFFFFFFFFFFFFFF" );
+ sb.append("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1");
+ sb.append("29024E088A67CC74020BBEA63B139B22514A08798E3404DD");
+ sb.append("EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245");
+ sb.append("E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED");
+ sb.append("EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D");
+ sb.append("C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F");
+ sb.append("83655D23DCA3AD961C62F356208552BB9ED529077096966D");
+ sb.append("670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B");
+ sb.append("E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9");
+ sb.append("DE2BCBF6955817183995497CEA956AE515D2261898FA0510");
+ sb.append("15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64");
+ sb.append("ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7");
+ sb.append("ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B");
+ sb.append("F12FFA06D98A0864D87602733EC86A64521F2B18177B200C");
+ sb.append("BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31");
+ sb.append("43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7");
+ sb.append("88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA");
+ sb.append("2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6");
+ sb.append("287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED");
+ sb.append("1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9");
+ sb.append("93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199");
+ sb.append("FFFFFFFFFFFFFFFF");
- BigInteger prime = new BigInteger( sb.toString(), 16 );
- BigInteger generator = BigInteger.valueOf( 2 );
+ BigInteger prime = new BigInteger(sb.toString(), 16);
+ BigInteger generator = BigInteger.valueOf(2);
- MODP_GROUP16 = new DHParameterSpec( prime, generator );
+ MODP_GROUP16 = new DHParameterSpec(prime, generator);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhServer.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhServer.java
index a2e4a27..0c8aa0d 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhServer.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/DhServer.java
@@ -42,65 +42,61 @@ import javax.crypto.spec.SecretKeySpec;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-class DhServer
-{
- private static AlgorithmParameterSpec AES_IV = new IvParameterSpec( new byte[16] );
+class DhServer {
+ private static AlgorithmParameterSpec aesIv = new IvParameterSpec(new byte[16]);
private KeyAgreement serverKeyAgree;
private SecretKey serverAesKey;
- byte[] initAndDoPhase( byte[] clientPubKeyEnc ) throws Exception
- {
+ byte[] initAndDoPhase(byte[] clientPubKeyEnc) throws Exception {
/*
* The server has received the client's public key in encoded format. The
* server instantiates a DH public key from the encoded key material.
*/
- KeyFactory serverKeyFac = KeyFactory.getInstance( "DH" );
- X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec( clientPubKeyEnc );
- PublicKey clientPubKey = serverKeyFac.generatePublic( x509KeySpec );
+ KeyFactory serverKeyFac = KeyFactory.getInstance("DH");
+ X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(clientPubKeyEnc);
+ PublicKey clientPubKey = serverKeyFac.generatePublic(x509KeySpec);
/*
* The server gets the DH parameters associated with the client's public
* key. The server must use the same parameters when it generates its own key pair.
*/
- DHParameterSpec dhParamSpec = ( ( DHPublicKey ) clientPubKey ).getParams();
+ DHParameterSpec dhParamSpec = ((DHPublicKey) clientPubKey).getParams();
// The server creates its own DH key pair.
- KeyPairGenerator serverKpairGen = KeyPairGenerator.getInstance( "DH" );
- serverKpairGen.initialize( dhParamSpec );
+ KeyPairGenerator serverKpairGen = KeyPairGenerator.getInstance("DH");
+ serverKpairGen.initialize(dhParamSpec);
KeyPair serverKpair = serverKpairGen.generateKeyPair();
// The server creates and initializes its DH KeyAgreement object.
- serverKeyAgree = KeyAgreement.getInstance( "DH" );
- serverKeyAgree.init( serverKpair.getPrivate() );
+ serverKeyAgree = KeyAgreement.getInstance("DH");
+ serverKeyAgree.init(serverKpair.getPrivate());
/*
* The server uses the client's public key for the only phase of its
* side of the DH protocol.
*/
- serverKeyAgree.doPhase( clientPubKey, true );
+ serverKeyAgree.doPhase(clientPubKey, true);
// The server encodes its public key, and sends it over to the client.
return serverKpair.getPublic().getEncoded();
}
- byte[] generateKey( byte[] clientDhNonce, byte[] serverDhNonce )
- {
+ byte[] generateKey(byte[] clientDhNonce, byte[] serverDhNonce) {
// ZZ length will be same as public key.
byte[] dhSharedSecret = serverKeyAgree.generateSecret();
byte[] x = dhSharedSecret;
- if ( ( clientDhNonce != null && clientDhNonce.length > 0 )
- && ( serverDhNonce != null && serverDhNonce.length > 0 ) )
- {
- x = concatenateBytes( dhSharedSecret, clientDhNonce );
- x = concatenateBytes( x, serverDhNonce );
+ if (clientDhNonce != null && clientDhNonce.length > 0
+ && serverDhNonce != null && serverDhNonce.length > 0) {
+ x = concatenateBytes(dhSharedSecret, clientDhNonce);
+ x = concatenateBytes(x, serverDhNonce);
}
- byte[] secret = OctetString2Key.kTruncate( dhSharedSecret.length, x );
- serverAesKey = new SecretKeySpec( secret, 0, 16, "AES" );
+ byte[] secret = OctetString2Key.kTruncate(dhSharedSecret.length, x);
+ serverAesKey = new SecretKeySpec(secret, 0, 16, "AES");
return serverAesKey.getEncoded();
}
@@ -109,31 +105,27 @@ class DhServer
/**
* Encrypt using AES in CTS mode.
*
- * @param cleartext
+ * @param clearText
* @return The cipher text.
* @throws Exception
*/
- byte[] encryptAes( byte[] clearText ) throws Exception
- {
+ byte[] encryptAes(byte[] clearText) throws Exception {
// Use the secret key to encrypt/decrypt data.
- Cipher serverCipher = Cipher.getInstance( "AES/CTS/NoPadding" );
- serverCipher.init( Cipher.ENCRYPT_MODE, serverAesKey, AES_IV );
+ Cipher serverCipher = Cipher.getInstance("AES/CTS/NoPadding");
+ serverCipher.init(Cipher.ENCRYPT_MODE, serverAesKey, aesIv);
- return serverCipher.doFinal( clearText );
+ return serverCipher.doFinal(clearText);
}
- byte[] concatenateBytes( byte[] array1, byte[] array2 )
- {
- byte concatenatedBytes[] = new byte[array1.length + array2.length];
+ byte[] concatenateBytes(byte[] array1, byte[] array2) {
+ byte[] concatenatedBytes = new byte[array1.length + array2.length];
- for ( int i = 0; i < array1.length; i++ )
- {
+ for (int i = 0; i < array1.length; i++) {
concatenatedBytes[i] = array1[i];
}
- for ( int j = array1.length; j < concatenatedBytes.length; j++ )
- {
+ for (int j = array1.length; j < concatenatedBytes.length; j++) {
concatenatedBytes[j] = array2[j - array1.length];
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngine.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngine.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngine.java
index 523711e..1daa6a5 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngine.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/EnvelopedDataEngine.java
@@ -45,21 +45,20 @@ import java.util.Iterator;
/**
* Encapsulates working with PKINIT enveloped data structures.
- *
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class EnvelopedDataEngine
-{
+public class EnvelopedDataEngine {
/**
* Uses a certificate to encrypt data in a CMS EnvelopedData structure and
* returns the encoded EnvelopedData as bytes.
- *
+ * <p/>
* 'encKeyPack' contains a CMS type ContentInfo encoded according to [RFC3852].
* The contentType field of the type ContentInfo is id-envelopedData (1.2.840.113549.1.7.3).
* The content field is an EnvelopedData. The contentType field for the type
* EnvelopedData is id-signedData (1.2.840.113549.1.7.2).
- *
+ *
* @param dataToEnvelope
* @param certificate
* @return The EnvelopedData bytes.
@@ -68,15 +67,14 @@ public class EnvelopedDataEngine
* @throws CMSException
* @throws NoSuchProviderException
*/
- public static byte[] getEnvelopedReplyKeyPack( byte[] dataToEnvelope, X509Certificate certificate )
- throws NoSuchAlgorithmException, IOException, CMSException, NoSuchProviderException
- {
- CMSProcessableByteArray content = new CMSProcessableByteArray( dataToEnvelope );
+ public static byte[] getEnvelopedReplyKeyPack(byte[] dataToEnvelope, X509Certificate certificate)
+ throws NoSuchAlgorithmException, IOException, CMSException, NoSuchProviderException {
+ CMSProcessableByteArray content = new CMSProcessableByteArray(dataToEnvelope);
String algorithm = CMSEnvelopedDataGenerator.DES_EDE3_CBC;
CMSEnvelopedDataGenerator envelopeGenerator = new CMSEnvelopedDataGenerator();
- envelopeGenerator.addKeyTransRecipient( certificate );
- CMSEnvelopedData envdata = envelopeGenerator.generate( content, algorithm, "BC" );
+ envelopeGenerator.addKeyTransRecipient(certificate);
+ CMSEnvelopedData envdata = envelopeGenerator.generate(content, algorithm, "BC");
return envdata.getEncoded();
}
@@ -97,30 +95,27 @@ public class EnvelopedDataEngine
* @throws CertStoreException
*/
@SuppressWarnings("unchecked")
- public static byte[] getUnenvelopedData( byte[] envelopedDataBytes, X509Certificate certificate,
- PrivateKey privateKey ) throws NoSuchProviderException, InvalidAlgorithmParameterException, CMSException,
- NoSuchAlgorithmException, CertStoreException
- {
- CMSEnvelopedData envelopedData = new CMSEnvelopedData( envelopedDataBytes );
+ public static byte[] getUnenvelopedData(byte[] envelopedDataBytes, X509Certificate certificate,
+ PrivateKey privateKey)
+ throws NoSuchProviderException, InvalidAlgorithmParameterException, CMSException,
+ NoSuchAlgorithmException, CertStoreException {
+ CMSEnvelopedData envelopedData = new CMSEnvelopedData(envelopedDataBytes);
// Set up to iterate through the recipients.
RecipientInformationStore recipients = envelopedData.getRecipientInfos();
- CertStore certStore = CertStore.getInstance( "Collection", new CollectionCertStoreParameters( Collections
- .singleton( certificate ) ), "BC" );
+ CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections
+ .singleton(certificate)), "BC");
Iterator<RecipientInformation> it = recipients.getRecipients().iterator();
- while ( it.hasNext() )
- {
+ while (it.hasNext()) {
RecipientInformation recipient = it.next();
- if ( recipient instanceof KeyTransRecipientInformation )
- {
+ if (recipient instanceof KeyTransRecipientInformation) {
// Match the recipient ID.
- Collection<? extends Certificate> matches = certStore.getCertificates( recipient.getRID() );
+ Collection<? extends Certificate> matches = certStore.getCertificates(recipient.getRID());
- if ( !matches.isEmpty() )
- {
+ if (!matches.isEmpty()) {
// Decrypt the data.
- return recipient.getContent( privateKey, "BC" );
+ return recipient.getContent(privateKey, "BC");
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2Key.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2Key.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2Key.java
index ccfab38..c9ff804 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2Key.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/OctetString2Key.java
@@ -26,28 +26,27 @@ import java.security.NoSuchAlgorithmException;
/**
* From RFC 4556:
- *
+ * <p/>
* Define the function octetstring2key() as follows:
- *
- * octetstring2key(x) == random-to-key(K-truncate(
- * SHA1(0x00 | x) |
- * SHA1(0x01 | x) |
- * SHA1(0x02 | x) |
- * ...
- * ))
- *
+ * <p/>
+ * octetstring2key(x) == random-to-key(K-truncate(
+ * SHA1(0x00 | x) |
+ * SHA1(0x01 | x) |
+ * SHA1(0x02 | x) |
+ * ...
+ * ))
+ * <p/>
* where x is an octet string; | is the concatenation operator; 0x00,
* 0x01, 0x02, etc. are each represented as a single octet; random-
* to-key() is an operation that generates a protocol key from a
* bitstring of length K; and K-truncate truncates its input to the
* first K bits. Both K and random-to-key() are as defined in the
* kcrypto profile [RFC3961] for the enctype of the AS reply key.
- *
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class OctetString2Key
-{
+public class OctetString2Key {
/**
* Performs the function K-truncate to generate the AS reply key k.
*
@@ -55,27 +54,22 @@ public class OctetString2Key
* @param x
* @return The AS reply key value.
*/
- public static byte[] kTruncate( int k, byte[] x )
- {
+ public static byte[] kTruncate(int k, byte[] x) {
int numberOfBytes = k / 8;
byte[] result = new byte[numberOfBytes];
int count = 0;
- byte[] filler = calculateIntegrity( ( byte ) count, x );
+ byte[] filler = calculateIntegrity((byte) count, x);
int position = 0;
- for ( int i = 0; i < numberOfBytes; i++ )
- {
- if ( position < filler.length )
- {
+ for (int i = 0; i < numberOfBytes; i++) {
+ if (position < filler.length) {
result[i] = filler[position];
position++;
- }
- else
- {
+ } else {
count++;
- filler = calculateIntegrity( ( byte ) count, x );
+ filler = calculateIntegrity((byte) count, x);
position = 0;
result[i] = filler[position];
position++;
@@ -86,17 +80,13 @@ public class OctetString2Key
}
- private static byte[] calculateIntegrity( byte count, byte[] data )
- {
- try
- {
- MessageDigest digester = MessageDigest.getInstance( "SHA1" );
- digester.update( count );
+ private static byte[] calculateIntegrity(byte count, byte[] data) {
+ try {
+ MessageDigest digester = MessageDigest.getInstance("SHA1");
+ digester.update(count);
- return digester.digest( data );
- }
- catch ( NoSuchAlgorithmException nsae )
- {
+ return digester.digest(data);
+ } catch (NoSuchAlgorithmException nsae) {
return new byte[0];
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitContext.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
index b7902b4..3e4f136 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
@@ -1,21 +1,20 @@
/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.kerby.kerberos.kerb.client.preauth.pkinit;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitCrypto.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitCrypto.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitCrypto.java
index 2af1dc0..34e3558 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitCrypto.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitCrypto.java
@@ -1,21 +1,20 @@
/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.kerby.kerberos.kerb.client.preauth.pkinit;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ServerConfiguration.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ServerConfiguration.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ServerConfiguration.java
index 44635d9..ce15e93 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ServerConfiguration.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/ServerConfiguration.java
@@ -25,16 +25,15 @@ import javax.crypto.spec.DHParameterSpec;
/**
* Server configuration settings.
- *
+ * <p/>
* TODO - Whether to use user cert vs. SAN binding.
* TODO - What trusted roots to use.
* TODO - The minimum allowed enc_types.
- *
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class ServerConfiguration
-{
+public class ServerConfiguration {
/**
* Whether or not to use Diffie-Hellman. The alternative is the "public key"
* method.
@@ -65,8 +64,7 @@ public class ServerConfiguration
/**
* @return the isDhUsed
*/
- public boolean isDhUsed()
- {
+ public boolean isDhUsed() {
return isDhUsed;
}
@@ -74,8 +72,7 @@ public class ServerConfiguration
/**
* @param isDhUsed the isDhUsed to set
*/
- public void setDhUsed( boolean isDhUsed )
- {
+ public void setDhUsed(boolean isDhUsed) {
this.isDhUsed = isDhUsed;
}
@@ -83,8 +80,7 @@ public class ServerConfiguration
/**
* @return the dhGroup
*/
- public DHParameterSpec getDhGroup()
- {
+ public DHParameterSpec getDhGroup() {
return dhGroup;
}
@@ -92,8 +88,7 @@ public class ServerConfiguration
/**
* @param dhGroup the dhGroup to set
*/
- public void setDhGroup( DHParameterSpec dhGroup )
- {
+ public void setDhGroup(DHParameterSpec dhGroup) {
this.dhGroup = dhGroup;
}
@@ -101,8 +96,7 @@ public class ServerConfiguration
/**
* @return the isDhKeysReused
*/
- public boolean isDhKeysReused()
- {
+ public boolean isDhKeysReused() {
return isDhKeysReused;
}
@@ -110,8 +104,7 @@ public class ServerConfiguration
/**
* @param isDhKeysReused the isDhKeysReused to set
*/
- public void setDhKeysReused( boolean isDhKeysReused )
- {
+ public void setDhKeysReused(boolean isDhKeysReused) {
this.isDhKeysReused = isDhKeysReused;
}
@@ -119,8 +112,7 @@ public class ServerConfiguration
/**
* @return the dhKeyExpiration
*/
- public long getDhKeyExpiration()
- {
+ public long getDhKeyExpiration() {
return dhKeyExpiration;
}
@@ -128,8 +120,7 @@ public class ServerConfiguration
/**
* @param dhKeyExpiration the dhKeyExpiration to set
*/
- public void setDhKeyExpiration( long dhKeyExpiration )
- {
+ public void setDhKeyExpiration(long dhKeyExpiration) {
this.dhKeyExpiration = dhKeyExpiration;
}
@@ -137,8 +128,7 @@ public class ServerConfiguration
/**
* @return the dhNonceLength
*/
- public int getDhNonceLength()
- {
+ public int getDhNonceLength() {
return dhNonceLength;
}
@@ -146,8 +136,7 @@ public class ServerConfiguration
/**
* @param dhNonceLength the dhNonceLength to set
*/
- public void setDhNonceLength( int dhNonceLength )
- {
+ public void setDhNonceLength(int dhNonceLength) {
this.dhNonceLength = dhNonceLength;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngine.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngine.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngine.java
index 5a5a09a..15fa6ec 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngine.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/SignedDataEngine.java
@@ -57,7 +57,6 @@ public class SignedDataEngine {
private static final String ID_PKINIT_DHKEYDATA = "1.3.6.1.5.2.3.2";
private static final String ID_PKINIT_RKEYDATA = "1.3.6.1.5.2.3.3";
-
/**
* Uses a private key to sign data in a CMS SignedData structure and returns
* the encoded CMS SignedData as bytes.
@@ -81,8 +80,8 @@ public class SignedDataEngine {
* @throws IOException
*/
public static byte[] getSignedAuthPack(PrivateKey privateKey, X509Certificate certificate, AuthPack authPack)
- throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
- CertStoreException, CMSException, IOException {
+ throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException,
+ CertStoreException, CMSException, IOException {
return getSignedData(privateKey, certificate, authPack.encode(), ID_PKINIT_AUTHDATA);
}
@@ -110,8 +109,9 @@ public class SignedDataEngine {
* @throws IOException
*/
public static byte[] getSignedKdcDhKeyInfo(PrivateKey privateKey, X509Certificate certificate,
- KdcDHKeyInfo kdcDhKeyInfo) throws NoSuchAlgorithmException, NoSuchProviderException,
- InvalidAlgorithmParameterException, CertStoreException, CMSException, IOException {
+ KdcDHKeyInfo kdcDhKeyInfo)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidAlgorithmParameterException, CertStoreException, CMSException, IOException {
return getSignedData(privateKey, certificate, kdcDhKeyInfo.encode(), ID_PKINIT_DHKEYDATA);
}
@@ -138,15 +138,16 @@ public class SignedDataEngine {
* @throws IOException
*/
public static byte[] getSignedReplyKeyPack(PrivateKey privateKey, X509Certificate certificate,
- ReplyKeyPack replyKeyPack) throws NoSuchAlgorithmException, NoSuchProviderException,
- InvalidAlgorithmParameterException, CertStoreException, CMSException, IOException {
+ ReplyKeyPack replyKeyPack)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidAlgorithmParameterException, CertStoreException, CMSException, IOException {
return getSignedData(privateKey, certificate, replyKeyPack.encode(), ID_PKINIT_RKEYDATA);
}
static byte[] getSignedData(PrivateKey privateKey, X509Certificate certificate, byte[] dataToSign,
String eContentType) throws NoSuchAlgorithmException, NoSuchProviderException,
- InvalidAlgorithmParameterException, CertStoreException, CMSException, IOException {
+ InvalidAlgorithmParameterException, CertStoreException, CMSException, IOException {
CMSSignedDataGenerator signedGenerator = new CMSSignedDataGenerator();
signedGenerator.addSigner(privateKey, certificate, CMSSignedGenerator.DIGEST_SHA1);
@@ -181,7 +182,7 @@ public class SignedDataEngine {
while (it.hasNext()) {
final SignerInformation signer = it.next();
- Collection<? extends Certificate> certCollection = certs.getCertificates( signer.getSID() );
+ Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
/*Collection<? extends Certificate> certCollection = certs
.getCertificates(new CertSelector() {
@Override
@@ -192,10 +193,9 @@ public class SignedDataEngine {
*/
Iterator<? extends Certificate> certIt = certCollection.iterator();
- X509Certificate cert = ( X509Certificate ) certIt.next();
+ X509Certificate cert = (X509Certificate) certIt.next();
- if ( signer.verify( cert.getPublicKey(), "BC" ) )
- {
+ if (signer.verify(cert.getPublicKey(), "BC")) {
return true;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactory.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactory.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactory.java
index 0eac8c6..c4614c5 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactory.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/CertificateChainFactory.java
@@ -41,19 +41,20 @@ import java.security.spec.InvalidKeySpecException;
*/
public class CertificateChainFactory {
/**
- * The logger for this class.
+ * The log for this class.
*/
- private static final Logger logger = LoggerFactory.getLogger(CertificateChainFactory.class);
+ private static final Logger LOG = LoggerFactory.getLogger(CertificateChainFactory.class);
- private static int TRUST_ANCHOR_LEVEL = 2;
+ private static int trustAnchorLevel = 2;
- private static int INTERMEDIATE_LEVEL = 1;
+ private static int intermediateLevel = 1;
- private static int END_ENTITY_LEVEL = 0;
+ private static int endEntityLevel = 0;
private static SecureRandom secureRandom = new SecureRandom();
- private static String container = "C=US, ST=Maryland, L=Forest Hill, O=Apache Software Foundation, OU=Apache Directory, CN=";
+ private static String container =
+ "C=US, ST=Maryland, L=Forest Hill, O=Apache Software Foundation, OU=Apache Directory, CN=";
private static boolean isGenerated = false;
@@ -111,51 +112,51 @@ public class CertificateChainFactory {
String dn = container + friendlyName;
int validityDays = 730;
- KeyPair keyPair = getKeyPair(TRUST_ANCHOR_LEVEL);
+ KeyPair keyPair = getKeyPair(trustAnchorLevel);
PrivateKey trustAnchorPrivateKey = keyPair.getPrivate();
PublicKey trustAnchorPublicKey = keyPair.getPublic();
X509Certificate trustAnchorCert = TrustAnchorGenerator.generate(trustAnchorPublicKey, trustAnchorPrivateKey,
- dn, validityDays, friendlyName);
+ dn, validityDays, friendlyName);
trustAnchorCert.checkValidity();
trustAnchorCert.verify(trustAnchorPublicKey);
- logger.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
+ LOG.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
// Make intermediate client CA.
friendlyName = "Client Test CA 1";
dn = container + friendlyName;
validityDays = 365;
- keyPair = getKeyPair(INTERMEDIATE_LEVEL);
+ keyPair = getKeyPair(intermediateLevel);
PrivateKey clientCaPrivateKey = keyPair.getPrivate();
PublicKey clientCaPublicKey = keyPair.getPublic();
X509Certificate clientCaCert = IntermediateCaGenerator.generate(trustAnchorCert, trustAnchorPrivateKey,
- clientCaPublicKey, dn, validityDays, friendlyName);
+ clientCaPublicKey, dn, validityDays, friendlyName);
clientCaCert.checkValidity();
clientCaCert.verify(trustAnchorPublicKey);
- logger.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
+ LOG.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
// Make client certificate.
friendlyName = "hnelson@EXAMPLE.COM UPN";
dn = container + friendlyName;
validityDays = 30;
- keyPair = getKeyPair(END_ENTITY_LEVEL);
+ keyPair = getKeyPair(endEntityLevel);
clientPrivateKey = keyPair.getPrivate();
PublicKey clientPublicKey = keyPair.getPublic();
X509Certificate clientCert = EndEntityGenerator.generate(clientCaCert, clientCaPrivateKey, clientPublicKey,
- dn, validityDays, friendlyName);
+ dn, validityDays, friendlyName);
clientCert.checkValidity();
clientCert.verify(clientCaPublicKey);
- logger.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
+ LOG.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
// Build client chain.
clientChain = new X509Certificate[3];
@@ -172,51 +173,51 @@ public class CertificateChainFactory {
String dn = container + friendlyName;
int validityDays = 730;
- KeyPair keyPair = getKeyPair(TRUST_ANCHOR_LEVEL);
+ KeyPair keyPair = getKeyPair(trustAnchorLevel);
PrivateKey trustAnchorPrivateKey = keyPair.getPrivate();
PublicKey trustAnchorPublicKey = keyPair.getPublic();
X509Certificate trustAnchorCert = TrustAnchorGenerator.generate(trustAnchorPublicKey, trustAnchorPrivateKey,
- dn, validityDays, friendlyName);
+ dn, validityDays, friendlyName);
trustAnchorCert.checkValidity();
trustAnchorCert.verify(trustAnchorPublicKey);
- logger.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
+ LOG.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
// Make intermediate KDC CA.
friendlyName = "KDC Test CA 1";
dn = container + friendlyName;
validityDays = 365;
- keyPair = getKeyPair(INTERMEDIATE_LEVEL);
+ keyPair = getKeyPair(intermediateLevel);
PrivateKey kdcCaPrivateKey = keyPair.getPrivate();
PublicKey kdcCaPublicKey = keyPair.getPublic();
X509Certificate kdcCaCert = IntermediateCaGenerator.generate(trustAnchorCert, trustAnchorPrivateKey,
- kdcCaPublicKey, dn, validityDays, friendlyName);
+ kdcCaPublicKey, dn, validityDays, friendlyName);
kdcCaCert.checkValidity();
kdcCaCert.verify(trustAnchorPublicKey);
- logger.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
+ LOG.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
// Make KDC certificate.
friendlyName = "krbtgt/EXAMPLE.COM@EXAMPLE.COM KDC";
dn = container + friendlyName;
validityDays = 30;
- keyPair = getKeyPair(END_ENTITY_LEVEL);
+ keyPair = getKeyPair(endEntityLevel);
kdcPrivateKey = keyPair.getPrivate();
PublicKey kdcPublicKey = keyPair.getPublic();
X509Certificate kdcCert = EndEntityGenerator.generate(kdcCaCert, kdcCaPrivateKey, kdcPublicKey, dn,
- validityDays, friendlyName);
+ validityDays, friendlyName);
kdcCert.checkValidity();
kdcCert.verify(kdcCaPublicKey);
- logger.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
+ LOG.debug("Generated cert for friendly name '{}', valid for {} days.", friendlyName, validityDays);
// Build KDC chain.
kdcChain = new X509Certificate[3];
@@ -239,7 +240,7 @@ public class CertificateChainFactory {
* @throws InvalidKeySpecException
*/
private static KeyPair getKeyPair(int level) throws NoSuchAlgorithmException, NoSuchProviderException,
- InvalidKeySpecException {
+ InvalidKeySpecException {
if (isGenerated) {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024, secureRandom);
@@ -261,7 +262,7 @@ public class CertificateChainFactory {
* @throws InvalidKeySpecException
*/
private static KeyPair getStaticKeyPair(int level) throws NoSuchAlgorithmException, NoSuchProviderException,
- InvalidKeySpecException {
+ InvalidKeySpecException {
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
switch (level) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/EndEntityGenerator.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/EndEntityGenerator.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/EndEntityGenerator.java
index 1836273..e51b8d7 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/EndEntityGenerator.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/EndEntityGenerator.java
@@ -19,8 +19,6 @@
*/
package org.apache.kerby.kerberos.kerb.client.preauth.pkinit.certs;
-
-import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.Krb5PrincipalName;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -52,50 +50,49 @@ import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
-
/**
* Generates an X.509 "end entity" certificate programmatically.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class EndEntityGenerator
-{
+@SuppressWarnings({"PMD.UnusedPrivateField"})
+public class EndEntityGenerator {
/**
* id-pkinit-san OBJECT IDENTIFIER ::=
- * { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509SanAN (2) }
+ * { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509SanAN (2) }
*/
- private static final DERObjectIdentifier ID_PKINIT_SAN = new DERObjectIdentifier( "1.3.6.1.5.2.2" );
+ private static final DERObjectIdentifier ID_PKINIT_SAN = new DERObjectIdentifier("1.3.6.1.5.2.2");
/**
* id-pkinit-KPClientAuth OBJECT IDENTIFIER ::=
* { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) keyPurposeClientAuth(4) }
- * -- PKINIT client authentication.
- * -- Key usage bits that MUST be consistent:
- * -- digitalSignature.
+ * -- PKINIT client authentication.
+ * -- Key usage bits that MUST be consistent:
+ * -- digitalSignature.
*/
- private static final DERObjectIdentifier ID_PKINIT_KPCLIENTAUTH = new DERObjectIdentifier( "1.3.6.1.5.2.3.4" );
+ private static final DERObjectIdentifier ID_PKINIT_KPCLIENTAUTH = new DERObjectIdentifier("1.3.6.1.5.2.3.4");
/**
* id-pkinit-KPKdc OBJECT IDENTIFIER ::=
- * { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) keyPurposeKdc(5) }
- * -- Signing KDC responses.
- * -- Key usage bits that MUST be consistent:
- * -- digitalSignature.
+ * { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) keyPurposeKdc(5) }
+ * -- Signing KDC responses.
+ * -- Key usage bits that MUST be consistent:
+ * -- digitalSignature.
*/
- private static final DERObjectIdentifier ID_PKINIT_KPKDC = new DERObjectIdentifier( "1.3.6.1.5.2.3.5" );
+ private static final DERObjectIdentifier ID_PKINIT_KPKDC = new DERObjectIdentifier("1.3.6.1.5.2.3.5");
- private static final DERObjectIdentifier ID_MS_KP_SC_LOGON = new DERObjectIdentifier( "1.3.6.1.4.1.311.20.2.2" );
+ private static final DERObjectIdentifier ID_MS_KP_SC_LOGON = new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.2");
- private static final DERObjectIdentifier ID_MS_SAN_SC_LOGON_UPN = new DERObjectIdentifier( "1.3.6.1.4.1.311.20.2.3" );
+ private static final DERObjectIdentifier ID_MS_SAN_SC_LOGON_UPN = new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3");
/**
* Generate certificate.
- *
- * @param issuerCert
- * @param issuerPrivateKey
- * @param publicKey
+ *
+ * @param issuerCert
+ * @param issuerPrivateKey
+ * @param publicKey
* @param dn
* @param validityDays
* @param friendlyName
@@ -107,64 +104,65 @@ public class EndEntityGenerator
* @throws DataLengthException
* @throws CertificateException
*/
- public static X509Certificate generate( X509Certificate issuerCert, PrivateKey issuerPrivateKey,
- PublicKey publicKey, String dn, int validityDays, String friendlyName ) throws InvalidKeyException,
- SecurityException, SignatureException, NoSuchAlgorithmException, DataLengthException, CertificateException
- {
+ public static X509Certificate generate(X509Certificate issuerCert, PrivateKey issuerPrivateKey,
+ PublicKey publicKey, String dn, int validityDays,
+ String friendlyName)
+ throws InvalidKeyException, SecurityException, SignatureException,
+ NoSuchAlgorithmException, DataLengthException, CertificateException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
// Set certificate attributes.
- certGen.setSerialNumber( BigInteger.valueOf( System.currentTimeMillis() ) );
+ certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
- certGen.setIssuerDN( PrincipalUtil.getSubjectX509Principal( issuerCert ) );
- certGen.setSubjectDN( new X509Principal( dn ) );
+ certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(issuerCert));
+ certGen.setSubjectDN(new X509Principal(dn));
- certGen.setNotBefore( new Date() );
+ certGen.setNotBefore(new Date());
Calendar expiry = Calendar.getInstance();
- expiry.add( Calendar.DAY_OF_YEAR, validityDays );
+ expiry.add(Calendar.DAY_OF_YEAR, validityDays);
- certGen.setNotAfter( expiry.getTime() );
+ certGen.setNotAfter(expiry.getTime());
- certGen.setPublicKey( publicKey );
- certGen.setSignatureAlgorithm( "SHA1WithRSAEncryption" );
+ certGen.setPublicKey(publicKey);
+ certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
certGen
- .addExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure( publicKey ) );
+ .addExtension(X509Extensions.SubjectKeyIdentifier, false,
+ new SubjectKeyIdentifierStructure(publicKey));
// MAY set BasicConstraints=false or not at all.
- certGen.addExtension( X509Extensions.BasicConstraints, true, new BasicConstraints( false ) );
+ certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
- certGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(
- issuerCert ) );
+ certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
+ new AuthorityKeyIdentifierStructure(issuerCert));
- certGen.addExtension( X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature
- | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment ) );
+ certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
+ | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment));
ASN1EncodableVector keyPurposeVector = new ASN1EncodableVector();
- keyPurposeVector.add( KeyPurposeId.id_kp_smartcardlogon );
+ keyPurposeVector.add(KeyPurposeId.id_kp_smartcardlogon);
//keyPurposeVector.add( KeyPurposeId.id_kp_serverAuth );
- DERSequence keyPurposeOids = new DERSequence( keyPurposeVector );
+ DERSequence keyPurposeOids = new DERSequence(keyPurposeVector);
// If critical, will throw unsupported EKU.
- certGen.addExtension( X509Extensions.ExtendedKeyUsage, false, keyPurposeOids );
+ certGen.addExtension(X509Extensions.ExtendedKeyUsage, false, keyPurposeOids);
- Krb5PrincipalName principalName = new Krb5PrincipalName();
ASN1EncodableVector pkinitSanVector = new ASN1EncodableVector();
- pkinitSanVector.add( ID_PKINIT_SAN );
- pkinitSanVector.add( new DERTaggedObject( 0, new DERSequence()));
- DERSequence pkinitSan = new DERSequence( pkinitSanVector );
+ pkinitSanVector.add(ID_PKINIT_SAN);
+ pkinitSanVector.add(new DERTaggedObject(0, new DERSequence()));
+ DERSequence pkinitSan = new DERSequence(pkinitSanVector);
String dnsName = "localhost";
ASN1EncodableVector sanVector = new ASN1EncodableVector();
- sanVector.add( new GeneralName( GeneralName.otherName, pkinitSan ) );
- sanVector.add( new GeneralName( GeneralName.dNSName, dnsName ) );
- DERSequence san = new DERSequence( sanVector );
+ sanVector.add(new GeneralName(GeneralName.otherName, pkinitSan));
+ sanVector.add(new GeneralName(GeneralName.dNSName, dnsName));
+ DERSequence san = new DERSequence(sanVector);
- GeneralNames sanGeneralNames = new GeneralNames( san );
+ GeneralNames sanGeneralNames = new GeneralNames(san);
- certGen.addExtension( X509Extensions.SubjectAlternativeName, true, sanGeneralNames );
+ certGen.addExtension(X509Extensions.SubjectAlternativeName, true, sanGeneralNames);
/*
* The KDC MAY require the presence of an Extended Key Usage (EKU) KeyPurposeId
@@ -244,13 +242,13 @@ public class EndEntityGenerator
* the account that has this UserPrincipalName value).
*/
- X509Certificate cert = certGen.generate( issuerPrivateKey );
+ X509Certificate cert = certGen.generate(issuerPrivateKey);
- PKCS12BagAttributeCarrier bagAttr = ( PKCS12BagAttributeCarrier ) cert;
+ PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert;
- bagAttr.setBagAttribute( PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString( friendlyName ) );
- bagAttr.setBagAttribute( PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(
- publicKey ) );
+ bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName));
+ bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(
+ publicKey));
return cert;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/IntermediateCaGenerator.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/IntermediateCaGenerator.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/IntermediateCaGenerator.java
index 4364647..27c8c9e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/IntermediateCaGenerator.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/IntermediateCaGenerator.java
@@ -51,14 +51,13 @@ import java.util.Date;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class IntermediateCaGenerator
-{
+public class IntermediateCaGenerator {
/**
* Create certificate.
- *
- * @param issuerCert
- * @param issuerPrivateKey
- * @param publicKey
+ *
+ * @param issuerCert
+ * @param issuerPrivateKey
+ * @param publicKey
* @param dn
* @param validityDays
* @param friendlyName
@@ -70,46 +69,48 @@ public class IntermediateCaGenerator
* @throws DataLengthException
* @throws CertificateException
*/
- public static X509Certificate generate( X509Certificate issuerCert, PrivateKey issuerPrivateKey,
- PublicKey publicKey, String dn, int validityDays, String friendlyName ) throws InvalidKeyException,
- SecurityException, SignatureException, NoSuchAlgorithmException, DataLengthException, CertificateException
- {
+ public static X509Certificate generate(X509Certificate issuerCert, PrivateKey issuerPrivateKey,
+ PublicKey publicKey, String dn, int validityDays,
+ String friendlyName)
+ throws InvalidKeyException, SecurityException, SignatureException,
+ NoSuchAlgorithmException, DataLengthException, CertificateException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
// Set certificate attributes.
- certGen.setSerialNumber( BigInteger.valueOf( System.currentTimeMillis() ) );
+ certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
- certGen.setIssuerDN( PrincipalUtil.getSubjectX509Principal( issuerCert ) );
- certGen.setSubjectDN( new X509Principal( dn ) );
+ certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(issuerCert));
+ certGen.setSubjectDN(new X509Principal(dn));
- certGen.setNotBefore( new Date() );
+ certGen.setNotBefore(new Date());
Calendar expiry = Calendar.getInstance();
- expiry.add( Calendar.DAY_OF_YEAR, validityDays );
+ expiry.add(Calendar.DAY_OF_YEAR, validityDays);
- certGen.setNotAfter( expiry.getTime() );
+ certGen.setNotAfter(expiry.getTime());
- certGen.setPublicKey( publicKey );
- certGen.setSignatureAlgorithm( "SHA1WithRSAEncryption" );
+ certGen.setPublicKey(publicKey);
+ certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
certGen
- .addExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure( publicKey ) );
+ .addExtension(X509Extensions.SubjectKeyIdentifier, false,
+ new SubjectKeyIdentifierStructure(publicKey));
- certGen.addExtension( X509Extensions.BasicConstraints, true, new BasicConstraints( 0 ) );
+ certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
- certGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(
- issuerCert ) );
+ certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
+ new AuthorityKeyIdentifierStructure(issuerCert));
- certGen.addExtension( X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature
- | KeyUsage.keyCertSign | KeyUsage.cRLSign ) );
+ certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
+ | KeyUsage.keyCertSign | KeyUsage.cRLSign));
- X509Certificate cert = certGen.generate( issuerPrivateKey );
+ X509Certificate cert = certGen.generate(issuerPrivateKey);
- PKCS12BagAttributeCarrier bagAttr = ( PKCS12BagAttributeCarrier ) cert;
+ PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert;
- bagAttr.setBagAttribute( PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString( friendlyName ) );
- bagAttr.setBagAttribute( PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(
- publicKey ) );
+ bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName));
+ bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(
+ publicKey));
return cert;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4e7a3c0c/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/KeyPairSpec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/KeyPairSpec.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/KeyPairSpec.java
index 12cf8f9..b7d2136 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/KeyPairSpec.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/certs/KeyPairSpec.java
@@ -31,84 +31,84 @@ import java.security.spec.RSAPublicKeySpec;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-class KeyPairSpec
-{
+@SuppressWarnings("checkstyle:linelength")
+class KeyPairSpec {
// End-entity keys.
static RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger(
- "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
- 16 ), new BigInteger( "11", 16 ) );
+ new BigInteger(
+ "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
+ 16), new BigInteger("11", 16));
static RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger(
- "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
- 16 ),
- new BigInteger( "11", 16 ),
- new BigInteger(
- "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
- 16 ), new BigInteger( "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16 ),
- new BigInteger( "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16 ), new BigInteger(
- "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16 ), new BigInteger(
- "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16 ), new BigInteger(
- "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16 ) );
+ new BigInteger(
+ "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
+ 16),
+ new BigInteger("11", 16),
+ new BigInteger(
+ "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
+ 16), new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
+ new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), new BigInteger(
+ "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), new BigInteger(
+ "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), new BigInteger(
+ "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
// Intermediate keys.
static RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec(
- new BigInteger(
- "8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69",
- 16 ), new BigInteger( "ffff", 16 ) );
+ new BigInteger(
+ "8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69",
+ 16), new BigInteger("ffff", 16));
static RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger(
- "8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69",
- 16 ),
- new BigInteger( "ffff", 16 ),
- new BigInteger(
- "7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff",
- 16 ),
- new BigInteger(
- "ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649",
- 16 ),
- new BigInteger(
- "97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721",
- 16 ),
- new BigInteger(
- "6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f",
- 16 ),
- new BigInteger(
- "70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f",
- 16 ),
- new BigInteger(
- "e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d",
- 16 ) );
+ new BigInteger(
+ "8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69",
+ 16),
+ new BigInteger("ffff", 16),
+ new BigInteger(
+ "7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff",
+ 16),
+ new BigInteger(
+ "ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649",
+ 16),
+ new BigInteger(
+ "97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721",
+ 16),
+ new BigInteger(
+ "6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f",
+ 16),
+ new BigInteger(
+ "70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f",
+ 16),
+ new BigInteger(
+ "e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d",
+ 16));
// Trust anchor keys.
static RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
- new BigInteger(
- "b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5",
- 16 ), new BigInteger( "11", 16 ) );
+ new BigInteger(
+ "b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5",
+ 16), new BigInteger("11", 16));
static RSAPrivateCrtKeySpec caPrivKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger(
- "b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5",
- 16 ),
- new BigInteger( "11", 16 ),
- new BigInteger(
- "92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619",
- 16 ),
- new BigInteger(
- "f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03",
- 16 ),
- new BigInteger(
- "b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947",
- 16 ),
- new BigInteger(
- "1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5",
- 16 ),
- new BigInteger(
- "6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded",
- 16 ),
- new BigInteger(
- "dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339",
- 16 ) );
+ new BigInteger(
+ "b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5",
+ 16),
+ new BigInteger("11", 16),
+ new BigInteger(
+ "92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619",
+ 16),
+ new BigInteger(
+ "f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03",
+ 16),
+ new BigInteger(
+ "b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947",
+ 16),
+ new BigInteger(
+ "1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5",
+ 16),
+ new BigInteger(
+ "6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded",
+ 16),
+ new BigInteger(
+ "dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339",
+ 16));
}