You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/02/15 03:42:40 UTC

[16/36] directory-kerby git commit: Refine some codes.

Refine some codes.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b316a5a1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b316a5a1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b316a5a1

Branch: refs/heads/kadmin-remote
Commit: b316a5a135949648b1c401920e9552d4be4a1106
Parents: 5ccad97
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jan 25 15:39:25 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jan 25 15:39:25 2016 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/client/request/ArmoredRequest.java   | 2 +-
 .../kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java     | 8 +++++---
 .../org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java | 1 -
 3 files changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b316a5a1/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
index 4bc99ed..a52d652 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.java
@@ -186,7 +186,7 @@ public class ArmoredRequest {
      */
     private EncryptionKey makeArmorKey(EncryptionKey subKey, EncryptionKey armorCacheKey)
         throws KrbException {
-        EncryptionKey armorKey = FastUtil.cf2(subKey, "subkeyarmor", armorCacheKey, "ticketarmor");
+        EncryptionKey armorKey = FastUtil.makeArmorKey(subKey, armorCacheKey);
         return armorKey;
     }
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b316a5a1/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
index 2a1d05e..f4981a8 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
@@ -121,7 +121,9 @@ public class PkinitCrypto {
             LOG.error(errMsg);
             throw new KrbException(KrbErrorCode.KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, errMsg);
         }
-        checkDHWellknown(cryptoctx, dhParameter, dhPrimeBits);
+        if (!checkDHWellknown(cryptoctx, dhParameter, dhPrimeBits)) {
+            throw new KrbException(KrbErrorCode.KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED);
+        }
     }
 
     /**
@@ -199,7 +201,7 @@ public class PkinitCrypto {
     }
 
     /**
-     * The contentType field of the type ContentInfo
+     * RFC4556: The contentType field of the type ContentInfo
      * is id-signedData (1.2.840.113549.1.7.2),
      * and the content field is a SignedData.
      * The eContentType field for the type SignedData is
@@ -214,7 +216,7 @@ public class PkinitCrypto {
      * @param certificateSet The certificate set
      * @param crls The revocation info choices
      * @param signerInfos The signerInfos
-     * @return The encoded
+     * @return The encoded signed data bytes
      * @throws KrbException e
      */
     public static byte[] cmsSignedDataCreate(byte[] data, String oid, int version,

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b316a5a1/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
index 1bab24f..0d92eb3 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
@@ -31,7 +31,6 @@ import java.nio.charset.StandardCharsets;
  */
 public class FastUtil {
 
-
     /**
      * Call the PRF function multiple times with the pepper prefixed with
      * a count byte to get enough bits of output.