You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/10/02 05:16:54 UTC
svn commit: r581130 -
/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/
Author: erodriguez
Date: Mon Oct 1 20:16:53 2007
New Revision: 581130
URL: http://svn.apache.org/viewvc?rev=581130&view=rev
Log:
Message objects for PKINIT.
Added:
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java (with props)
directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java (with props)
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+import java.util.List;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+
+/**
+ * AuthPack ::= SEQUENCE {
+ * pkAuthenticator [0] PKAuthenticator,
+ * clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+ * -- Type SubjectPublicKeyInfo is defined in
+ * -- [RFC3280].
+ * -- Specifies Diffie-Hellman domain parameters
+ * -- and the client's public key value [IEEE1363].
+ * -- The DH public key value is encoded as a BIT
+ * -- STRING according to [RFC3279].
+ * -- This field is present only if the client wishes
+ * -- to use the Diffie-Hellman key agreement method.
+ * supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
+ * OPTIONAL,
+ * -- Type AlgorithmIdentifier is defined in
+ * -- [RFC3280].
+ * -- List of CMS algorithm [RFC3370] identifiers
+ * -- that identify key transport algorithms, or
+ * -- content encryption algorithms, or signature
+ * -- algorithms supported by the client in order of
+ * -- (decreasing) preference.
+ * clientDHNonce [3] DHNonce OPTIONAL,
+ * -- Present only if the client indicates that it
+ * -- wishes to reuse DH keys or to allow the KDC to
+ * -- do so.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class AuthPack
+{
+ private PkAuthenticator pkAuthenticator;
+
+ /**
+ * Type SubjectPublicKeyInfo is defined in [RFC3280]. Specifies Diffie-Hellman
+ * domain parameters and the client's public key value [IEEE1363]. The DH public
+ * key value is encoded as a BIT STRING according to [RFC3279]. This field is
+ * present only if the client wishes to use the Diffie-Hellman key agreement method.
+ */
+ private byte[] clientPublicValue;
+
+ /**
+ * Type AlgorithmIdentifier is defined in [RFC3280]. List of CMS algorithm
+ * [RFC3370] identifiers that identify key transport algorithms, or content
+ * encryption algorithms, or signature algorithms supported by the client in
+ * order of (decreasing) preference.
+ */
+ private List<AlgorithmIdentifier> supportedCMSTypes;
+
+ /**
+ * Present only if the client indicates that it wishes to reuse DH keys or to
+ * allow the KDC to do so.
+ */
+ private byte[] clientDHNonce;
+
+
+ /**
+ * Creates a new instance of AuthPack.
+ *
+ * @param pkAuthenticator
+ * @param clientPublicValue
+ * @param supportedCMSTypes
+ * @param clientDHNonce
+ */
+ public AuthPack( PkAuthenticator pkAuthenticator, byte[] clientPublicValue,
+ List<AlgorithmIdentifier> supportedCMSTypes, byte[] clientDHNonce )
+ {
+ this.pkAuthenticator = pkAuthenticator;
+ this.clientPublicValue = clientPublicValue;
+ this.supportedCMSTypes = supportedCMSTypes;
+ this.clientDHNonce = clientDHNonce;
+ }
+
+
+ /**
+ * Creates a new instance of AuthPack.
+ *
+ * @param encodedAuthPack
+ */
+ public AuthPack( byte[] encodedAuthPack )
+ {
+ // TODO - Decode the AuthPack.
+ }
+
+
+ /**
+ * @return the pkAuthenticator
+ */
+ public PkAuthenticator getPkAuthenticator()
+ {
+ return pkAuthenticator;
+ }
+
+
+ /**
+ * @return the clientPublicValue
+ */
+ public byte[] getClientPublicValue()
+ {
+ return clientPublicValue;
+ }
+
+
+ /**
+ * @return the supportedCMSTypes
+ */
+ public List<AlgorithmIdentifier> getSupportedCMSTypes()
+ {
+ return supportedCMSTypes;
+ }
+
+
+ /**
+ * @return the clientDHNonce
+ */
+ public byte[] getClientDHNonce()
+ {
+ return clientDHNonce;
+ }
+
+
+ /**
+ * @return the encoded
+ */
+ public byte[] getEncoded()
+ {
+ return new byte[0];
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/AuthPack.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+/**
+ * DHRepInfo ::= SEQUENCE {
+ * dhSignedData [0] IMPLICIT OCTET STRING,
+ * -- Contains a CMS type ContentInfo encoded according
+ * -- to [RFC3852].
+ * -- The contentType field of the type ContentInfo is
+ * -- id-signedData (1.2.840.113549.1.7.2), and the
+ * -- content field is a SignedData.
+ * -- The eContentType field for the type SignedData is
+ * -- id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the
+ * -- eContent field contains the DER encoding of the
+ * -- type KDCDHKeyInfo.
+ * -- KDCDHKeyInfo is defined below.
+ * serverDHNonce [1] DHNonce OPTIONAL,
+ * -- Present if and only if dhKeyExpiration is
+ * -- present.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class DhRepInfo
+{
+ /**
+ * Contains a CMS type ContentInfo encoded according to [RFC3852]. The contentType
+ * field of the type ContentInfo is id-signedData (1.2.840.113549.1.7.2), and the
+ * content field is a SignedData. The eContentType field for the type SignedData
+ * is id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the eContent field contains the
+ * DER encoding of the type KDCDHKeyInfo.
+ */
+ private byte[] dhSignedData;
+
+ /**
+ * Present if and only if dhKeyExpiration is present.
+ */
+ private byte[] serverDHNonce;
+
+
+ /**
+ * Creates a new instance of DhRepInfo.
+ *
+ * @param dhSignedData
+ * @param serverDHNonce
+ */
+ public DhRepInfo( byte[] dhSignedData, byte[] serverDHNonce )
+ {
+ this.dhSignedData = dhSignedData;
+ this.serverDHNonce = serverDHNonce;
+ }
+
+
+ /**
+ * @return the dhSignedData
+ */
+ public byte[] getDhSignedData()
+ {
+ return dhSignedData;
+ }
+
+
+ /**
+ * @return the serverDHNonce
+ */
+ public byte[] getServerDHNonce()
+ {
+ return serverDHNonce;
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/DhRepInfo.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+/**
+ * ExternalPrincipalIdentifier ::= SEQUENCE {
+ * subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
+ * -- Contains a PKIX type Name encoded according to
+ * -- [RFC3280].
+ * -- Identifies the certificate subject by the
+ * -- distinguished subject name.
+ * -- REQUIRED when there is a distinguished subject
+ * -- name present in the certificate.
+ * issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
+ * -- Contains a CMS type IssuerAndSerialNumber encoded
+ * -- according to [RFC3852].
+ * -- Identifies a certificate of the subject.
+ * -- REQUIRED for TD-INVALID-CERTIFICATES and
+ * -- TD-TRUSTED-CERTIFIERS.
+ * subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL,
+ * -- Identifies the subject's public key by a key
+ * -- identifier. When an X.509 certificate is
+ * -- referenced, this key identifier matches the X.509
+ * -- subjectKeyIdentifier extension value. When other
+ * -- certificate formats are referenced, the documents
+ * -- that specify the certificate format and their use
+ * -- with the CMS must include details on matching the
+ * -- key identifier to the appropriate certificate
+ * -- field.
+ * -- RECOMMENDED for TD-TRUSTED-CERTIFIERS.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ExternalPrincipalIdentifier
+{
+ /**
+ * Contains a PKIX type Name encoded according to [RFC3280]. Identifies the
+ * certificate subject by the distinguished subject name. REQUIRED when there
+ * is a distinguished subject name present in the certificate.
+ */
+ private byte[] subjectName;
+
+ /**
+ * Contains a CMS type IssuerAndSerialNumber encoded according to [RFC3852].
+ * Identifies a certificate of the subject. REQUIRED for TD-INVALID-CERTIFICATES
+ * and TD-TRUSTED-CERTIFIERS.
+ */
+ private byte[] issuerAndSerialNumber;
+
+ /**
+ * Identifies the subject's public key by a key identifier. When an X.509 certificate
+ * is referenced, this key identifier matches the X.509 subjectKeyIdentifier extension
+ * value. When other certificate formats are referenced, the documents that specify
+ * the certificate format and their use with the CMS must include details on matching
+ * the key identifier to the appropriate certificate field. RECOMMENDED for
+ * TD-TRUSTED-CERTIFIERS.
+ */
+ private byte[] subjectKeyIdentifier;
+
+
+ /**
+ * Creates a new instance of ExternalPrincipalIdentifier.
+ *
+ * @param subjectName
+ * @param issuerAndSerialNumber
+ * @param subjectKeyIdentifier
+ */
+ public ExternalPrincipalIdentifier( byte[] subjectName, byte[] issuerAndSerialNumber, byte[] subjectKeyIdentifier )
+ {
+ this.subjectName = subjectName;
+ this.issuerAndSerialNumber = issuerAndSerialNumber;
+ this.subjectKeyIdentifier = subjectKeyIdentifier;
+ }
+
+
+ /**
+ * @return the subjectName
+ */
+ public byte[] getSubjectName()
+ {
+ return subjectName;
+ }
+
+
+ /**
+ * @return the issuerAndSerialNumber
+ */
+ public byte[] getIssuerAndSerialNumber()
+ {
+ return issuerAndSerialNumber;
+ }
+
+
+ /**
+ * @return the subjectKeyIdentifier
+ */
+ public byte[] getSubjectKeyIdentifier()
+ {
+ return subjectKeyIdentifier;
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ExternalPrincipalIdentifier.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+
+
+/**
+ * KDCDHKeyInfo ::= SEQUENCE {
+ * subjectPublicKey [0] BIT STRING,
+ * -- The KDC's DH public key.
+ * -- The DH public key value is encoded as a BIT
+ * -- STRING according to [RFC3279].
+ * nonce [1] INTEGER (0..4294967295),
+ * -- Contains the nonce in the pkAuthenticator field
+ * -- in the request if the DH keys are NOT reused,
+ * -- 0 otherwise.
+ * dhKeyExpiration [2] KerberosTime OPTIONAL,
+ * -- Expiration time for KDC's key pair,
+ * -- present if and only if the DH keys are reused.
+ * -- If present, the KDC's DH public key MUST not be
+ * -- used past the point of this expiration time.
+ * -- If this field is omitted then the serverDHNonce
+ * -- field MUST also be omitted.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class KdcDhKeyInfo
+{
+ /**
+ * The KDC's DH public key. The DH public key value is encoded as a BIT STRING
+ * according to [RFC3279].
+ */
+ private byte[] subjectPublicKey;
+
+ /**
+ * Contains the nonce in the pkAuthenticator field in the request if the DH
+ * keys are NOT reused, 0 otherwise.
+ */
+ private int nonce;
+
+ /**
+ * Expiration time for KDC's key pair, present if and only if the DH keys are
+ * reused. If present, the KDC's DH public key MUST not be used past the point
+ * of this expiration time. If this field is omitted then the serverDHNonce
+ * field MUST also be omitted.
+ */
+ private KerberosTime dhKeyExpiration;
+
+
+ /**
+ * Creates a new instance of KdcDhKeyInfo.
+ *
+ * @param subjectPublicKey
+ * @param nonce
+ * @param dhKeyExpiration
+ */
+ public KdcDhKeyInfo( byte[] subjectPublicKey, int nonce, KerberosTime dhKeyExpiration )
+ {
+ this.subjectPublicKey = subjectPublicKey;
+ this.nonce = nonce;
+ this.dhKeyExpiration = dhKeyExpiration;
+ }
+
+
+ /**
+ * Creates a new instance of KdcDhKeyInfo.
+ *
+ * @param encodedKdcDhKeyInfo
+ */
+ public KdcDhKeyInfo( byte[] encodedKdcDhKeyInfo )
+ {
+ // TODO - Decode.
+ }
+
+
+ /**
+ * @return the subjectPublicKey
+ */
+ public byte[] getSubjectPublicKey()
+ {
+ return subjectPublicKey;
+ }
+
+
+ /**
+ * @return the nonce
+ */
+ public int getNonce()
+ {
+ return nonce;
+ }
+
+
+ /**
+ * @return the dhKeyExpiration
+ */
+ public KerberosTime getDhKeyExpiration()
+ {
+ return dhKeyExpiration;
+ }
+
+
+ /**
+ * @return the encoded
+ */
+ public byte[] getEncoded()
+ {
+ return new byte[0];
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/KdcDhKeyInfo.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.bouncycastle.asn1.DERSequence;
+
+
+/**
+ * KRB5PrincipalName ::= SEQUENCE {
+ * realm [0] Realm,
+ * principalName [1] PrincipalName
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class Krb5PrincipalName
+{
+ private String realm;
+
+ private PrincipalName principalName;
+
+
+ /**
+ * @return the realm
+ */
+ public String getRealm()
+ {
+ return realm;
+ }
+
+
+ /**
+ * @return the principalName
+ */
+ public PrincipalName getPrincipalName()
+ {
+ return principalName;
+ }
+
+
+ /**
+ * @return the sequence
+ */
+ public DERSequence getSequence()
+ {
+ return new DERSequence();
+ }
+
+
+ /**
+ * @return the encoded
+ */
+ public byte[] getEncoded()
+ {
+ return new byte[0];
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/Krb5PrincipalName.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+/**
+ * PA-PK-AS-REP ::= CHOICE {
+ * dhInfo [0] DHRepInfo,
+ * -- Selected when Diffie-Hellman key exchange is
+ * -- used.
+ * encKeyPack [1] IMPLICIT OCTET STRING,
+ * -- Selected when public key encryption is used.
+ * -- Contains a CMS type ContentInfo encoded
+ * -- according to [RFC3852].
+ * -- The contentType field of the type ContentInfo is
+ * -- id-envelopedData (1.2.840.113549.1.7.3).
+ * -- The content field is an EnvelopedData.
+ * -- The contentType field for the type EnvelopedData
+ * -- is id-signedData (1.2.840.113549.1.7.2).
+ * -- The eContentType field for the inner type
+ * -- SignedData (when unencrypted) is
+ * -- id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the
+ * -- eContent field contains the DER encoding of the
+ * -- type ReplyKeyPack.
+ * -- ReplyKeyPack is defined below.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class PaPkAsRep
+{
+ /**
+ * Selected when Diffie-Hellman key exchange is used.
+ */
+ private DhRepInfo dhInfo;
+
+ /**
+ * Selected when public key encryption is used. Contains a CMS type ContentInfo
+ * encoded according to [RFC3852]. The contentType field of the type ContentInfo
+ * is id-envelopedData (1.2.840.113549.1.7.3). The content field is an EnvelopedData.
+ * The contentType field for the type EnvelopedData is id-signedData (1.2.840.113549.1.7.2).
+ * The eContentType field for the inner type SignedData (when unencrypted) is
+ * id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the eContent field contains the
+ * DER encoding of the type ReplyKeyPack.
+ */
+ private byte[] encKeyPack;
+
+
+ /**
+ * Creates a new instance of PaPkAsRep using the Diffie-Hellman key exchange method.
+ *
+ * @param dhInfo
+ */
+ public PaPkAsRep( DhRepInfo dhInfo )
+ {
+ this.dhInfo = dhInfo;
+ }
+
+
+ /**
+ * Creates a new instance of PaPkAsRep using the public key method.
+ *
+ * @param encKeyPack
+ */
+ public PaPkAsRep( byte[] encKeyPack )
+ {
+ this.encKeyPack = encKeyPack;
+ }
+
+
+ /**
+ * @return the dhInfo
+ */
+ public DhRepInfo getDhInfo()
+ {
+ return dhInfo;
+ }
+
+
+ /**
+ * @return the encKeyPack
+ */
+ public byte[] getEncKeyPack()
+ {
+ return encKeyPack;
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsRep.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+import java.util.List;
+
+
+/**
+ * PA-PK-AS-REQ ::= SEQUENCE {
+ * signedAuthPack [0] IMPLICIT OCTET STRING,
+ * -- Contains a CMS type ContentInfo encoded
+ * -- according to [RFC3852].
+ * -- The contentType field of the type ContentInfo
+ * -- is id-signedData (1.2.840.113549.1.7.2),
+ * -- and the content field is a SignedData.
+ * -- The eContentType field for the type SignedData is
+ * -- id-pkinit-authData (1.3.6.1.5.2.3.1), and the
+ * -- eContent field contains the DER encoding of the
+ * -- type AuthPack.
+ * -- AuthPack is defined below.
+ * trustedCertifiers [1] SEQUENCE OF
+ * ExternalPrincipalIdentifier OPTIONAL,
+ * -- Contains a list of CAs, trusted by the client,
+ * -- that can be used to certify the KDC.
+ * -- Each ExternalPrincipalIdentifier identifies a CA
+ * -- or a CA certificate (thereby its public key).
+ * -- The information contained in the
+ * -- trustedCertifiers SHOULD be used by the KDC as
+ * -- hints to guide its selection of an appropriate
+ * -- certificate chain to return to the client.
+ * kdcPkId [2] IMPLICIT OCTET STRING
+ * OPTIONAL,
+ * -- Contains a CMS type SignerIdentifier encoded
+ * -- according to [RFC3852].
+ * -- Identifies, if present, a particular KDC
+ * -- public key that the client already has.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class PaPkAsReq
+{
+ /**
+ * Contains a CMS type ContentInfo encoded according to [RFC3852]. The contentType
+ * field of the type ContentInfo is id-signedData (1.2.840.113549.1.7.2), and the
+ * content field is a SignedData. The eContentType field for the type SignedData
+ * is id-pkinit-authData (1.3.6.1.5.2.3.1), and the eContent field contains the
+ * DER encoding of the type AuthPack.
+ */
+ private byte[] signedAuthPack;
+
+ /**
+ * Contains a list of CAs, trusted by the client, that can be used to certify
+ * the KDC. Each ExternalPrincipalIdentifier identifies a CA or a CA certificate
+ * (thereby its public key). The information contained in the trustedCertifiers
+ * SHOULD be used by the KDC as hints to guide its selection of an appropriate
+ * certificate chain to return to the client.
+ */
+ private List<ExternalPrincipalIdentifier> trustedCertifiers;
+
+ /**
+ * Contains a CMS type SignerIdentifier encoded according to [RFC3852]. Identifies,
+ * if present, a particular KDC public key that the client already has.
+ */
+ private byte[] kdcPkId;
+
+
+ /**
+ * Creates a new instance of PaPkAsReq.
+ *
+ * @param signedAuthPack
+ * @param trustedCertifiers
+ * @param kdcPkId
+ */
+ public PaPkAsReq( byte[] signedAuthPack, List<ExternalPrincipalIdentifier> trustedCertifiers, byte[] kdcPkId )
+ {
+ this.signedAuthPack = signedAuthPack;
+ this.trustedCertifiers = trustedCertifiers;
+ this.kdcPkId = kdcPkId;
+ }
+
+
+ /**
+ * @return the signedAuthPack
+ */
+ public byte[] getSignedAuthPack()
+ {
+ return signedAuthPack;
+ }
+
+
+ /**
+ * @return the trustedCertifiers
+ */
+ public List<ExternalPrincipalIdentifier> getTrustedCertifiers()
+ {
+ return trustedCertifiers;
+ }
+
+
+ /**
+ * @return the kdcPkId
+ */
+ public byte[] getKdcPkId()
+ {
+ return kdcPkId;
+ }
+
+
+ /**
+ * Returns the encoded form.
+ *
+ * @return The encoded form.
+ */
+ public byte[] getEncoded()
+ {
+ return new byte[0];
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PaPkAsReq.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+
+
+/**
+ * PKAuthenticator ::= SEQUENCE {
+ * cusec [0] INTEGER (0..999999),
+ * ctime [1] KerberosTime,
+ * -- cusec and ctime are used as in [RFC4120], for
+ * -- replay prevention.
+ * nonce [2] INTEGER (0..4294967295),
+ * -- Chosen randomly; this nonce does not need to
+ * -- match with the nonce in the KDC-REQ-BODY.
+ * paChecksum [3] OCTET STRING OPTIONAL,
+ * -- MUST be present.
+ * -- Contains the SHA1 checksum, performed over
+ * -- KDC-REQ-BODY.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class PkAuthenticator
+{
+ /**
+ * cusec is used as in [RFC4120], for replay prevention.
+ */
+ private int cusec;
+
+ /**
+ * ctime is used as in [RFC4120], for replay prevention.
+ */
+ private KerberosTime ctime;
+
+ /**
+ * Chosen randomly; this nonce does not need to match with the nonce in the
+ * KDC-REQ-BODY.
+ */
+ private int nonce;
+
+ /**
+ * MUST be present. Contains the SHA1 checksum, performed over KDC-REQ-BODY.
+ */
+ private byte[] paChecksum;
+
+
+ /**
+ * Creates a new instance of PkAuthenticator.
+ *
+ * @param cusec
+ * @param ctime
+ * @param nonce
+ * @param paChecksum
+ */
+ public PkAuthenticator( int cusec, KerberosTime ctime, int nonce, byte[] paChecksum )
+ {
+ this.cusec = cusec;
+ this.ctime = ctime;
+ this.nonce = nonce;
+ this.paChecksum = paChecksum;
+ }
+
+
+ /**
+ * @return the cusec
+ */
+ public int getCusec()
+ {
+ return cusec;
+ }
+
+
+ /**
+ * @return the ctime
+ */
+ public KerberosTime getCtime()
+ {
+ return ctime;
+ }
+
+
+ /**
+ * @return the nonce
+ */
+ public int getNonce()
+ {
+ return nonce;
+ }
+
+
+ /**
+ * @return the paChecksum
+ */
+ public byte[] getPaChecksum()
+ {
+ return paChecksum;
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/PkAuthenticator.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java?rev=581130&view=auto
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java (added)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java Mon Oct 1 20:16:53 2007
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.pkinit.io;
+
+
+import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+
+
+/**
+ * ReplyKeyPack ::= SEQUENCE {
+ * replyKey [0] EncryptionKey,
+ * -- Contains the session key used to encrypt the
+ * -- enc-part field in the AS-REP, i.e., the
+ * -- AS reply key.
+ * asChecksum [1] Checksum,
+ * -- Contains the checksum of the AS-REQ
+ * -- corresponding to the containing AS-REP.
+ * -- The checksum is performed over the type AS-REQ.
+ * -- The protocol key [RFC3961] of the checksum is the
+ * -- replyKey and the key usage number is 6.
+ * -- If the replyKey's enctype is "newer" [RFC4120]
+ * -- [RFC4121], the checksum is the required
+ * -- checksum operation [RFC3961] for that enctype.
+ * -- The client MUST verify this checksum upon receipt
+ * -- of the AS-REP.
+ * ...
+ * }
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ReplyKeyPack
+{
+ /**
+ * Contains the session key used to encrypt the enc-part field in the AS-REP,
+ * i.e., the AS reply key.
+ */
+ private EncryptionKey replyKey;
+
+ /**
+ * Contains the checksum of the AS-REQ corresponding to the containing AS-REP.
+ * The checksum is performed over the type AS-REQ. The protocol key [RFC3961]
+ * of the checksum is the replyKey and the key usage number is 6. If the replyKey's
+ * enctype is "newer" [RFC4120] [RFC4121], the checksum is the required checksum
+ * operation [RFC3961] for that enctype. The client MUST verify this checksum
+ * upon receipt of the AS-REP.
+ */
+ private Checksum asChecksum;
+
+
+ /**
+ * Creates a new instance of ReplyKeyPack.
+ *
+ * @param replyKey
+ * @param asChecksum
+ */
+ public ReplyKeyPack( EncryptionKey replyKey, Checksum asChecksum )
+ {
+ this.replyKey = replyKey;
+ this.asChecksum = asChecksum;
+ }
+
+
+ /**
+ * @return the replyKey
+ */
+ public EncryptionKey getReplyKey()
+ {
+ return replyKey;
+ }
+
+
+ /**
+ * @return the asChecksum
+ */
+ public Checksum getAsChecksum()
+ {
+ return asChecksum;
+ }
+
+
+ /**
+ * @return the encoded
+ */
+ public byte[] getEncoded()
+ {
+ return new byte[0];
+ }
+}
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/io/ReplyKeyPack.java
------------------------------------------------------------------------------
svn:executable = *