You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/27 09:18:27 UTC
[17/17] directory-kerby git commit: Merge from master.
Merge from master.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/67c2bb6e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/67c2bb6e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/67c2bb6e
Branch: refs/heads/pkinit-support
Commit: 67c2bb6e249b92017dc091f5c38271309b58919c
Parents: b948567 af7deb6
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri Nov 27 16:24:39 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri Nov 27 16:24:39 2015 +0800
----------------------------------------------------------------------
.../org/apache/kerby/asn1/Asn1OutputBuffer.java | 5 -
.../org/apache/kerby/asn1/EncodingOption.java | 202 -------------------
.../org/apache/kerby/asn1/TaggingOption.java | 4 +-
.../org/apache/kerby/asn1/UniversalTag.java | 3 +-
.../kerby/asn1/type/AbstractAsn1Type.java | 147 +++++++++-----
.../org/apache/kerby/asn1/type/Asn1Any.java | 39 +++-
.../apache/kerby/asn1/type/Asn1BmpString.java | 3 +-
.../org/apache/kerby/asn1/type/Asn1Boolean.java | 2 +-
.../org/apache/kerby/asn1/type/Asn1Choice.java | 6 -
.../apache/kerby/asn1/type/Asn1Collection.java | 7 +-
.../kerby/asn1/type/Asn1CollectionType.java | 7 +-
.../apache/kerby/asn1/type/Asn1EnumType.java | 13 +-
.../apache/kerby/asn1/type/Asn1Enumerated.java | 64 ++++++
.../apache/kerby/asn1/type/Asn1FieldInfo.java | 43 +++-
.../org/apache/kerby/asn1/type/Asn1Flags.java | 10 +-
.../org/apache/kerby/asn1/type/Asn1Simple.java | 7 +-
.../org/apache/kerby/asn1/type/Asn1Tagging.java | 55 +++--
.../org/apache/kerby/asn1/type/Asn1Type.java | 96 ++++++++-
.../apache/kerby/asn1/type/ExplicitField.java | 44 ++++
.../apache/kerby/asn1/type/ImplicitField.java | 44 ++++
.../kerby/asn1/type/TaggingCollection.java | 82 ++++++--
.../apache/kerby/asn1/type/TaggingSequence.java | 5 +-
.../org/apache/kerby/asn1/type/TaggingSet.java | 5 +-
.../org/apache/kerby/asn1/PersonnelRecord.java | 40 ++--
.../org/apache/kerby/asn1/TestAsn1Boolean.java | 8 +-
.../org/apache/kerby/asn1/TestAsn1Flags.java | 2 +-
.../org/apache/kerby/asn1/TestAsn1Integer.java | 4 +-
.../kerby/asn1/TestAsn1ObjectIdentifier.java | 4 +-
.../org/apache/kerby/asn1/TestAsn1UtcTime.java | 4 +-
.../apache/kerby/asn1/TestTaggingEncoding.java | 12 +-
.../identitybackend/LdapIdentityBackend.java | 2 +-
.../org/apache/kerby/KrbIdentitySerializer.java | 2 +-
.../apache/kerby/config/IniConfigLoader.java | 4 +-
.../kerb/integration/test/Transport.java | 4 +-
.../kerb/integration/test/gss/GssAppClient.java | 4 +-
.../kerb/integration/test/gss/GssAppServer.java | 4 +-
.../kerb/integration/test/jaas/TokenCache.java | 6 +-
.../integration/test/sasl/SaslAppClient.java | 8 +-
.../integration/test/sasl/SaslAppServer.java | 4 +-
.../client/preauth/pkinit/PkinitPreauth.java | 9 +-
.../kerby/kerberos/kerb/preauth/PaFlag.java | 4 +-
.../kerb/preauth/pkinit/PluginOpts.java | 2 +-
.../kerby/kerberos/kerb/codec/CodecTest.java | 2 +
.../kerberos/kerb/codec/TestAsReqCodec.java | 8 +-
.../kerberos/kerb/codec/TestTgsReqCodec.java | 8 +-
kerby-kerb/kerb-core/pom.xml | 5 +
.../apache/kerby/kerberos/kerb/KrbCodec.java | 3 +-
.../kerby/kerberos/kerb/KrbErrorCode.java | 4 +-
.../kerberos/kerb/spec/KerberosString.java | 1 +
.../kerberos/kerb/spec/KrbAppSequenceType.java | 6 +-
.../kerberos/kerb/spec/KrbSequenceType.java | 4 +-
.../kerby/kerberos/kerb/spec/ad/AdToken.java | 3 +-
.../kerb/spec/ad/AuthorizationDataEntry.java | 7 +-
.../kerb/spec/ad/AuthorizationType.java | 4 +-
.../kerby/kerberos/kerb/spec/ap/ApOption.java | 4 +-
.../kerby/kerberos/kerb/spec/ap/ApRep.java | 9 +-
.../kerby/kerberos/kerb/spec/ap/ApReq.java | 13 +-
.../kerberos/kerb/spec/ap/Authenticator.java | 19 +-
.../kerberos/kerb/spec/ap/EncAPRepPart.java | 9 +-
.../kerby/kerberos/kerb/spec/base/CheckSum.java | 7 +-
.../kerberos/kerb/spec/base/CheckSumType.java | 4 +-
.../kerberos/kerb/spec/base/EncryptedData.java | 9 +-
.../kerberos/kerb/spec/base/EncryptionKey.java | 7 +-
.../kerberos/kerb/spec/base/EncryptionType.java | 4 +-
.../kerb/spec/base/EtypeInfo2Entry.java | 7 +-
.../kerberos/kerb/spec/base/EtypeInfoEntry.java | 5 +-
.../kerberos/kerb/spec/base/HostAddrType.java | 4 +-
.../kerberos/kerb/spec/base/HostAddress.java | 7 +-
.../kerby/kerberos/kerb/spec/base/KeyUsage.java | 4 +-
.../kerby/kerberos/kerb/spec/base/KrbError.java | 27 +--
.../kerberos/kerb/spec/base/KrbMessage.java | 4 +-
.../kerberos/kerb/spec/base/KrbMessageType.java | 4 +-
.../kerby/kerberos/kerb/spec/base/KrbToken.java | 7 +-
.../kerberos/kerb/spec/base/LastReqEntry.java | 7 +-
.../kerberos/kerb/spec/base/LastReqType.java | 4 +-
.../kerby/kerberos/kerb/spec/base/NameType.java | 4 +-
.../kerberos/kerb/spec/base/PrincipalName.java | 7 +-
.../kerby/kerberos/kerb/spec/base/SamType.java | 4 +-
.../kerberos/kerb/spec/base/TokenFormat.java | 4 +-
.../kerb/spec/base/TransitedEncoding.java | 5 +-
.../kerb/spec/base/TransitedEncodingType.java | 4 +-
.../kerb/spec/cms/AlgorithmIdentifier.java | 61 ------
.../kerberos/kerb/spec/cms/DHParameter.java | 51 -----
.../kerb/spec/cms/SubjectPublicKeyInfo.java | 60 ------
.../kerberos/kerb/spec/fast/ArmorType.java | 4 +-
.../kerberos/kerb/spec/fast/FastOption.java | 4 +-
.../kerberos/kerb/spec/fast/KrbFastArmor.java | 7 +-
.../kerb/spec/fast/KrbFastArmoredRep.java | 3 +-
.../kerb/spec/fast/KrbFastArmoredReq.java | 7 +-
.../kerb/spec/fast/KrbFastFinished.java | 7 +-
.../kerberos/kerb/spec/fast/KrbFastReq.java | 7 +-
.../kerb/spec/fast/KrbFastResponse.java | 9 +-
.../kerberos/kerb/spec/fast/PaAuthnEntry.java | 9 +-
.../kerberos/kerb/spec/fast/PaFxFastReply.java | 3 +-
.../kerb/spec/fast/PaFxFastRequest.java | 3 +-
.../kerberos/kerb/spec/kdc/EncKdcRepPart.java | 25 +--
.../kerby/kerberos/kerb/spec/kdc/KdcOption.java | 4 +-
.../kerby/kerberos/kerb/spec/kdc/KdcRep.java | 15 +-
.../kerby/kerberos/kerb/spec/kdc/KdcReq.java | 9 +-
.../kerberos/kerb/spec/kdc/KdcReqBody.java | 27 +--
.../kerb/spec/pa/PaAuthenticationSetElem.java | 9 +-
.../kerberos/kerb/spec/pa/PaDataEntry.java | 7 +-
.../kerby/kerberos/kerb/spec/pa/PaDataType.java | 4 +-
.../kerby/kerberos/kerb/spec/pa/PaEncTsEnc.java | 5 +-
.../kerberos/kerb/spec/pa/otp/OtpTokenInfo.java | 19 +-
.../kerb/spec/pa/otp/PaOtpChallenge.java | 11 +-
.../spec/pa/pkinit/AlgorithmIdentifiers.java | 2 +-
.../kerberos/kerb/spec/pa/pkinit/AuthPack.java | 11 +-
.../kerb/spec/pa/pkinit/DHParameter.java | 51 +++++
.../kerberos/kerb/spec/pa/pkinit/DHRepInfo.java | 6 +-
.../pa/pkinit/ExternalPrincipalIdentifier.java | 7 +-
.../kerb/spec/pa/pkinit/KdcDHKeyInfo.java | 7 +-
.../kerb/spec/pa/pkinit/Krb5PrincipalName.java | 5 +-
.../kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java | 6 +-
.../kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java | 8 +-
.../kerb/spec/pa/pkinit/PkAuthenticator.java | 9 +-
.../kerb/spec/pa/pkinit/ReplyKeyPack.java | 5 +-
.../kerb/spec/pa/token/PaTokenChallenge.java | 3 +-
.../kerb/spec/pa/token/PaTokenRequest.java | 5 +-
.../kerberos/kerb/spec/pa/token/TokenFlag.java | 4 +-
.../kerberos/kerb/spec/pa/token/TokenFlags.java | 2 +-
.../kerberos/kerb/spec/pa/token/TokenInfo.java | 5 +-
.../kerb/spec/ticket/EncTicketPart.java | 23 ++-
.../kerby/kerberos/kerb/spec/ticket/Ticket.java | 9 +-
.../kerberos/kerb/spec/ticket/TicketFlag.java | 4 +-
.../kerberos/kerb/spec/ticket/TicketFlags.java | 2 +-
.../kerberos/kerb/crypto/CheckSumHandler.java | 4 +-
.../kerberos/kerb/crypto/EncryptionHandler.java | 6 +-
.../kerb/crypto/cksum/HmacMd5Rc4CheckSum.java | 4 +-
.../kerberos/kerb/crypto/enc/KeKiCmacEnc.java | 4 +-
.../kerb/crypto/enc/KeKiHmacSha1Enc.java | 4 +-
.../kerberos/kerb/crypto/fast/FastUtil.java | 4 +-
.../kerb/crypto/key/AbstractKeyMaker.java | 18 +-
.../kerberos/kerb/crypto/key/AesKeyMaker.java | 8 +-
.../kerb/crypto/key/CamelliaKeyMaker.java | 8 +-
.../kerby/kerberos/kerb/crypto/util/Rc4.java | 4 +-
.../kerb/identity/backend/BackendTest.java | 4 +-
.../server/preauth/pkinit/PkinitPreauth.java | 1 -
.../kerby/kerberos/kerb/KrbInputStream.java | 4 +-
.../kerby/kerberos/kerb/KrbOutputStream.java | 4 +-
.../kerb/ccache/CredCacheOutputStream.java | 10 +-
.../kerby/kerberos/kerb/ccache/Credential.java | 2 +-
.../kerb/keytab/KeytabOutputStream.java | 4 +-
kerby-pkix/pom.xml | 37 ++++
.../org/apache/kerby/cms/type/Attribute.java | 66 ++++++
.../cms/type/AttributeCertificateInfoV1.java | 147 ++++++++++++++
.../kerby/cms/type/AttributeCertificateV1.java | 73 +++++++
.../kerby/cms/type/AttributeCertificateV2.java | 29 +++
.../org/apache/kerby/cms/type/Certificate.java | 76 +++++++
.../kerby/cms/type/CertificateChoices.java | 93 +++++++++
.../apache/kerby/cms/type/CertificateList.java | 77 +++++++
.../apache/kerby/cms/type/CertificateSet.java | 29 +++
.../org/apache/kerby/cms/type/CmsVersion.java | 53 +++++
.../apache/kerby/cms/type/CompressedData.java | 77 +++++++
.../org/apache/kerby/cms/type/ContentInfo.java | 69 +++++++
.../cms/type/DigestAlgorithmIdentifier.java | 28 +++
.../cms/type/DigestAlgorithmIdentifiers.java | 28 +++
.../kerby/cms/type/EncapsulatedContentInfo.java | 64 ++++++
.../kerby/cms/type/ExtendedCertificate.java | 70 +++++++
.../kerby/cms/type/ExtendedCertificateInfo.java | 71 +++++++
.../kerby/cms/type/IssuerAndSerialNumber.java | 66 ++++++
.../kerby/cms/type/OtherCertificateFormat.java | 63 ++++++
.../cms/type/OtherRevocationInfoFormat.java | 62 ++++++
.../cms/type/RelativeDistinguishedName.java | 29 +++
.../kerby/cms/type/RevocationInfoChoice.java | 60 ++++++
.../kerby/cms/type/RevocationInfoChoices.java | 28 +++
.../org/apache/kerby/cms/type/Signature.java | 28 +++
.../cms/type/SignatureAlgorithmIdentifier.java | 28 +++
.../apache/kerby/cms/type/SignatureValue.java | 28 +++
.../apache/kerby/cms/type/SignedAttributes.java | 28 +++
.../org/apache/kerby/cms/type/SignedData.java | 108 ++++++++++
.../apache/kerby/cms/type/SignerIdentifier.java | 66 ++++++
.../org/apache/kerby/cms/type/SignerInfo.java | 119 +++++++++++
.../org/apache/kerby/cms/type/SignerInfos.java | 28 +++
.../java/org/apache/kerby/cms/type/Subject.java | 65 ++++++
.../kerby/cms/type/UnsignedAttributes.java | 28 +++
.../kerby/x500/type/AttributeTypeAndValue.java | 63 ++++++
.../java/org/apache/kerby/x500/type/Name.java | 49 +++++
.../org/apache/kerby/x500/type/RDNSequence.java | 28 +++
.../x500/type/RelativeDistinguishedName.java | 28 +++
.../kerby/x509/type/AccessDescription.java | 63 ++++++
.../kerby/x509/type/AlgorithmIdentifier.java | 62 ++++++
.../apache/kerby/x509/type/AttCertIssuer.java | 63 ++++++
.../kerby/x509/type/AttCertValidityPeriod.java | 62 ++++++
.../org/apache/kerby/x509/type/Attribute.java | 62 ++++++
.../kerby/x509/type/AttributeCertificate.java | 73 +++++++
.../x509/type/AttributeCertificateInfo.java | 145 +++++++++++++
.../apache/kerby/x509/type/AttributeValues.java | 27 +++
.../org/apache/kerby/x509/type/Attributes.java | 43 ++++
.../x509/type/AuthorityInformationAccess.java | 41 ++++
.../kerby/x509/type/AuthorityKeyIdentifier.java | 80 ++++++++
.../kerby/x509/type/BasicConstraints.java | 69 +++++++
.../apache/kerby/x509/type/CRLDistPoint.java | 31 +++
.../org/apache/kerby/x509/type/CRLNumber.java | 31 +++
.../org/apache/kerby/x509/type/CRLReason.java | 66 ++++++
.../apache/kerby/x509/type/CertPolicyId.java | 31 +++
.../org/apache/kerby/x509/type/Certificate.java | 73 +++++++
.../apache/kerby/x509/type/CertificateList.java | 75 +++++++
.../apache/kerby/x509/type/CertificatePair.java | 64 ++++++
.../kerby/x509/type/CertificatePolicies.java | 32 +++
.../x509/type/CertificateSerialNumber.java | 26 +++
.../apache/kerby/x509/type/DSAParameter.java | 66 ++++++
.../org/apache/kerby/x509/type/DigestInfo.java | 62 ++++++
.../kerby/x509/type/DigestedObjectType.java | 53 +++++
.../apache/kerby/x509/type/DirectoryString.java | 100 +++++++++
.../org/apache/kerby/x509/type/DisplayText.java | 87 ++++++++
.../kerby/x509/type/DistributionPoint.java | 74 +++++++
.../kerby/x509/type/DistributionPointName.java | 64 ++++++
.../apache/kerby/x509/type/EDIPartyName.java | 62 ++++++
.../kerby/x509/type/ExtendedKeyUsage.java | 31 +++
.../org/apache/kerby/x509/type/Extension.java | 77 +++++++
.../org/apache/kerby/x509/type/Extensions.java | 37 ++++
.../org/apache/kerby/x509/type/GeneralName.java | 147 ++++++++++++++
.../apache/kerby/x509/type/GeneralNames.java | 26 +++
.../apache/kerby/x509/type/GeneralSubtree.java | 77 +++++++
.../apache/kerby/x509/type/GeneralSubtrees.java | 25 +++
.../java/org/apache/kerby/x509/type/Holder.java | 78 +++++++
.../apache/kerby/x509/type/IetfAttrSyntax.java | 69 +++++++
.../kerby/x509/type/IetfAttrSyntaxChoice.java | 78 +++++++
.../kerby/x509/type/IetfAttrSyntaxChoices.java | 26 +++
.../apache/kerby/x509/type/IssuerSerial.java | 73 +++++++
.../x509/type/IssuingDistributionPoint.java | 107 ++++++++++
.../apache/kerby/x509/type/KeyIdentifier.java | 32 +++
.../apache/kerby/x509/type/KeyPurposeId.java | 36 ++++
.../org/apache/kerby/x509/type/KeyUsage.java | 62 ++++++
.../apache/kerby/x509/type/NameConstraints.java | 60 ++++++
.../apache/kerby/x509/type/NoticeNumbers.java | 31 +++
.../apache/kerby/x509/type/NoticeReference.java | 63 ++++++
.../kerby/x509/type/ObjectDigestInfo.java | 93 +++++++++
.../org/apache/kerby/x509/type/OtherName.java | 66 ++++++
.../kerby/x509/type/PolicyConstraints.java | 67 ++++++
.../kerby/x509/type/PolicyInformation.java | 61 ++++++
.../apache/kerby/x509/type/PolicyMapping.java | 62 ++++++
.../apache/kerby/x509/type/PolicyMappings.java | 34 ++++
.../kerby/x509/type/PolicyQualifierId.java | 35 ++++
.../kerby/x509/type/PolicyQualifierInfo.java | 66 ++++++
.../kerby/x509/type/PolicyQualifierInfos.java | 31 +++
.../kerby/x509/type/PrivateKeyUsagePeriod.java | 63 ++++++
.../org/apache/kerby/x509/type/ReasonFlags.java | 61 ++++++
.../kerby/x509/type/RevokedCertificate.java | 75 +++++++
.../kerby/x509/type/RevokedCertificates.java | 38 ++++
.../org/apache/kerby/x509/type/RoleSyntax.java | 63 ++++++
.../x509/type/SubjectDirectoryAttributes.java | 39 ++++
.../kerby/x509/type/SubjectKeyIdentifier.java | 32 +++
.../kerby/x509/type/SubjectPublicKeyInfo.java | 60 ++++++
.../org/apache/kerby/x509/type/TBSCertList.java | 128 ++++++++++++
.../apache/kerby/x509/type/TBSCertificate.java | 155 ++++++++++++++
.../java/org/apache/kerby/x509/type/Target.java | 74 +++++++
.../org/apache/kerby/x509/type/TargetCert.java | 70 +++++++
.../kerby/x509/type/TargetInformation.java | 34 ++++
.../org/apache/kerby/x509/type/Targets.java | 45 +++++
.../java/org/apache/kerby/x509/type/Time.java | 66 ++++++
.../org/apache/kerby/x509/type/UserNotice.java | 63 ++++++
.../java/org/apache/kerby/x509/type/V2Form.java | 77 +++++++
.../provider/token/JwtTokenDecoder.java | 4 +-
.../provider/token/JwtTokenEncoder.java | 4 +-
.../kerby/kerberos/tool/token/TokenCache.java | 6 +-
.../main/java/org/apache/kerby/util/Utf8.java | 14 +-
pom.xml | 1 +
259 files changed, 7673 insertions(+), 930 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-asn1/src/main/java/org/apache/kerby/asn1/UniversalTag.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index ae8ff74,0a69a04..096045b
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@@ -38,13 -31,9 +38,11 @@@ import org.apache.kerby.kerberos.kerb.p
import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity;
import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
- import org.apache.kerby.kerberos.kerb.spec.cms.AlgorithmIdentifier;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.cms.DHParameter;
- import org.apache.kerby.kerberos.kerb.spec.cms.SubjectPublicKeyInfo;
import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
@@@ -52,24 -41,11 +50,29 @@@ import org.apache.kerby.kerberos.kerb.s
import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PaPkAsReq;
import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PkAuthenticator;
import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.TrustedCertifiers;
++
++import org.apache.kerby.x509.type.AlgorithmIdentifier;
+ import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
+
++
+
-@SuppressWarnings("PMD")
public class PkinitPreauth extends AbstractPreauthPlugin {
+ private static final Logger LOG = LoggerFactory.getLogger(PkinitPreauth.class);
private PkinitContext pkinitContext;
@@@ -234,69 -175,20 +237,69 @@@
boolean usingRsa = reqCtx.requestOpts.usingRsa;
reqCtx.paType = PaDataType.PK_AS_REQ;
- pkAuthen.setCtime(ctime);
pkAuthen.setCusec(cusec);
+ pkAuthen.setCtime(ctime);
pkAuthen.setNonce(nonce);
- pkAuthen.setPaChecksum(checksum);
+// pkAuthen.setPaChecksum(checkSum.getChecksum());
+
+ pkAuthen.setPaChecksum(checkSum.encode());
authPack.setPkAuthenticator(pkAuthen);
- DHNonce dhNonce = new DHNonce();
- authPack.setClientDhNonce(dhNonce);
- authPack.setClientPublicValue(pubInfo);
- authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
+// authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
+
+ if (!usingRsa) {
+ // DH case
+ LOG.info("DH key transport algorithm.");
+
+ AlgorithmIdentifier dhAlg = new AlgorithmIdentifier();
+
+// byte[] dh_oid = new byte[]{0, 7, (byte) 0x2A, (byte) 0x86, (byte) 0x48, (byte) 0xce,
+// (byte) 0x3e, (byte) 0x02, (byte) 0x01};
+// String dhOidStr = Utf8.toString(dh_oid);
+// String dhOidStr = "0.7.42.840.10046.2.1";
+
+ String content = "0x06 07 2A 86 48 ce 3e 02 01";
+ Asn1ObjectIdentifier decoded = new Asn1ObjectIdentifier();
- decoded.getEncodingOption().useDer();
++ decoded.useDER();
+ try {
+ decoded.decode(Util.hex2bytes(content));
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ dhAlg.setAlgorithm(decoded);
+
+ DhClient client = new DhClient();
+
+ DHPublicKey clientPubKey = null;
+ try {
+ clientPubKey = client.init(DhGroup.MODP_GROUP14);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ kdcRequest.setDhClient(client);
+
+ DHParameterSpec spec = clientPubKey.getParams();
+ BigInteger q = spec.getP().shiftRight(1);
+ DHParameter dhParameter = new DHParameter();
+ dhParameter.setP(spec.getP());
+ dhParameter.setG(spec.getG());
+ dhParameter.setQ(q);
+ dhAlg.setParameters(dhParameter);
+
+ SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo();
+ pubInfo.setAlgorithm(dhAlg);
+
+ Asn1Integer publickey = new Asn1Integer(clientPubKey.getY());
+ pubInfo.setSubjectPubKey(publickey.encode());
+
+ authPack.setClientPublicValue(pubInfo);
+
+// DHNonce dhNonce = new DHNonce();
+// authPack.setClientDhNonce(dhNonce);
- if (usingRsa) {
- System.out.println(); // DH case
} else {
authPack.setClientPublicValue(null);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
index d3b214a,f5543f7..abc4164
--- a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/CodecTest.java
@@@ -57,26 -41,7 +57,28 @@@ public class CodecTest
assertThat(restored).isNotNull();
assertThat(restored.getCksumtype()).isEqualTo(mcs.getCksumtype());
assertThat(mcs.getChecksum()).isEqualTo(restored.getChecksum());
+ assertThat(restored.tagNo()).isEqualTo(mcs.tagNo());
+ assertThat(restored.tagFlags()).isEqualTo(mcs.tagFlags());
}
+
+ @Test
+ public void testDecode() throws IOException {
+ AsReq expected = new AsReq();
+
+ KdcReqBody body = new KdcReqBody();
+
+ expected.setReqBody(body);
+
+ Asn1InputBuffer ib = new Asn1InputBuffer(expected.encode());
+ Asn1Type fd1 = ib.read();
+ Asn1Type fd2 = ib.read();
+ Asn1Type fd3 = ib.read();
+ Asn1Type fd4 = ib.read();
+ Asn1Type fd5 = ib.read();
+ Asn1Type fd6 = ib.read();
+ Asn1Type fd7 = ib.read();
+ Asn1Type fd8 = ib.read();
+ Asn1Type fd9 = ib.read();
+
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/NameType.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/DHParameter.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/DHParameter.java
index 0000000,0000000..8675820
new file mode 100644
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/DHParameter.java
@@@ -1,0 -1,0 +1,51 @@@
++package org.apache.kerby.kerberos.kerb.spec.pa.pkinit;
++
++import org.apache.kerby.asn1.type.Asn1FieldInfo;
++import org.apache.kerby.asn1.type.Asn1Integer;
++import org.apache.kerby.asn1.type.Asn1SequenceType;
++
++import java.math.BigInteger;
++
++public class DHParameter extends Asn1SequenceType {
++
++ private static final int P = 0;
++ private static final int G = 1;
++ private static final int Q = 2;
++
++ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
++ new Asn1FieldInfo(P, Asn1Integer.class),
++ new Asn1FieldInfo(G, Asn1Integer.class),
++ new Asn1FieldInfo(Q, Asn1Integer.class),
++ };
++
++ public DHParameter() {
++ super(fieldInfos);
++ }
++
++ public void setP(BigInteger p) {
++ setFieldAsBigInteger(P, p);
++ }
++
++ public BigInteger getP() {
++ Asn1Integer p = getFieldAs(P, Asn1Integer.class);
++ return p.getValue();
++ }
++
++ public void setG(BigInteger g) {
++ setFieldAsBigInteger(G, g);
++ }
++
++ public BigInteger getG() {
++ Asn1Integer g = getFieldAs(G, Asn1Integer.class);
++ return g.getValue();
++ }
++
++ public void setQ(BigInteger q) {
++ setFieldAsBigInteger(Q, q);
++ }
++
++ public BigInteger getQ() {
++ Asn1Integer q = getFieldAs(Q, Asn1Integer.class);
++ return q.getValue();
++ }
++}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
index ed01f43,b5e23f4..bc60921
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
@@@ -38,9 -39,9 +39,9 @@@ public class KdcDHKeyInfo extends KrbSe
private static final int DH_KEY_EXPIRATION = 2;
static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new Asn1FieldInfo(SUBJECT_PUBLIC_KEY, Asn1BitString.class),
- new Asn1FieldInfo(NONCE, Asn1Integer.class),
- new Asn1FieldInfo(DH_KEY_EXPIRATION, KerberosTime.class)
- new ExplicitField(SUBJECT_PUBLICK_KEY, Asn1BitString.class),
++ new ExplicitField(SUBJECT_PUBLIC_KEY, Asn1BitString.class),
+ new ExplicitField(NONCE, Asn1Integer.class),
+ new ExplicitField(DH_KEY_EXPIRATION, KerberosTime.class)
};
public KdcDHKeyInfo() {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 8d99bbe,08baa0e..fd933f3
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@@ -35,42 -26,13 +35,41 @@@ import org.apache.kerby.kerberos.kerb.p
import org.apache.kerby.kerberos.kerb.server.KdcContext;
import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.cms.DHParameter;
- import org.apache.kerby.kerberos.kerb.spec.cms.SubjectPublicKeyInfo;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcOption;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.AuthPack;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.DHRepInfo;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.KdcDHKeyInfo;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PaPkAsRep;
import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PaPkAsReq;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.PkAuthenticator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import javax.crypto.interfaces.DHPublicKey;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Scanner;
public class PkinitPreauth extends AbstractPreauthPlugin {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/67c2bb6e/pom.xml
----------------------------------------------------------------------