You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/12 14:06:40 UTC
[32/50] [abbrv] directory-kerberos git commit: Added missing files
Added missing files
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/14a98c34
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/14a98c34
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/14a98c34
Branch: refs/heads/master
Commit: 14a98c34f704cfabc6ed0744fa1721af3a3427eb
Parents: ad6242c
Author: Drankye <dr...@gmail.com>
Authored: Thu Dec 25 17:35:41 2014 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Thu Dec 25 17:35:41 2014 +0800
----------------------------------------------------------------------
.../java/org/apache/kerberos/kerb/KrbThrow.java | 16 +++
.../java/org/apache/kerberos/kerb/Message.java | 24 ++++
.../org/apache/kerberos/kerb/MessageCode.java | 5 +
.../kerberos/kerb/common/EncryptionUtil.java | 79 ++++++++++++++
.../kerberos/kerb/common/KrbConfHelper.java | 23 ++++
.../kerberos/kerb/common/KrbErrorUtil.java | 48 ++++++++
.../kerb/common/KrbStreamingDecoder.java | 23 ++++
.../apache/kerberos/kerb/common/KrbUtil.java | 30 +++++
.../apache/kerberos/kerb/preauth/PaFlag.java | 30 +++++
.../apache/kerberos/kerb/preauth/PaFlags.java | 18 +++
.../kerb/preauth/PluginRequestContext.java | 8 ++
.../kerb/preauth/PreauthPluginMeta.java | 13 +++
.../kerb/preauth/builtin/EncTsPreauthMeta.java | 26 +++++
.../kerb/preauth/builtin/TgtPreauthMeta.java | 29 +++++
.../kerb/preauth/pkinit/IdentityOpts.java | 25 +++++
.../kerb/preauth/pkinit/IdentityType.java | 10 ++
.../kerb/preauth/pkinit/PkinitIdenity.java | 109 +++++++++++++++++++
.../kerb/preauth/pkinit/PkinitPreauthMeta.java | 27 +++++
.../kerb/preauth/pkinit/PluginOpts.java | 48 ++++++++
.../kerb/preauth/token/TokenPreauthMeta.java | 27 +++++
20 files changed, 618 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java
new file mode 100644
index 0000000..ed6ebaf
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb;
+
+public class KrbThrow {
+
+ public static KrbException out(MessageCode messageCode) throws KrbException {
+ throw new KrbException(Message.getMessage(messageCode));
+ }
+
+ public static void out(MessageCode messageCode, Exception e) throws KrbException {
+ throw new KrbException(Message.getMessage(messageCode), e);
+ }
+
+ public static void out(MessageCode messageCode, String message) throws KrbException {
+ throw new KrbException(Message.getMessage(messageCode) + ":" + message);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java
new file mode 100644
index 0000000..f3f807c
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class Message {
+ private static Map<MessageCode, String> entries = new HashMap<MessageCode, String>();
+
+ public static void init() {
+
+ }
+
+ public static void define(MessageCode code, String message) {
+ entries.put(code, message);
+ }
+
+ public static String getMessage(MessageCode code) {
+ String msg = entries.get(code);
+ if (msg == null) {
+ msg = code.getCodeName();
+ }
+ return msg;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java
new file mode 100644
index 0000000..a33aa5c
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java
@@ -0,0 +1,5 @@
+package org.apache.kerberos.kerb;
+
+public interface MessageCode {
+ public String getCodeName();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java
new file mode 100644
index 0000000..020f6b4
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java
@@ -0,0 +1,79 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.haox.asn1.type.AbstractAsn1Type;
+import org.apache.haox.asn1.type.Asn1Type;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class EncryptionUtil {
+
+ public static List<EncryptionKey> generateKeys(List<EncryptionType> encryptionTypes) throws KrbException {
+ List<EncryptionKey> results = new ArrayList<EncryptionKey>(encryptionTypes.size());
+ EncryptionKey encKey;
+ for (EncryptionType eType : encryptionTypes) {
+ encKey = EncryptionHandler.random2Key(eType);
+ results.add(encKey);
+ }
+
+ return results;
+ }
+
+ public static List<EncryptionKey> generateKeys(String principal, String passwd,
+ List<EncryptionType> encryptionTypes) throws KrbException {
+ List<EncryptionKey> results = new ArrayList<EncryptionKey>(encryptionTypes.size());
+ EncryptionKey encKey;
+ for (EncryptionType eType : encryptionTypes) {
+ encKey = EncryptionHandler.string2Key(principal, passwd, eType);
+ results.add(encKey);
+ }
+
+ return results;
+ }
+
+ public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
+ List<EncryptionType> configuredTypes) {
+ for (EncryptionType encryptionType : configuredTypes) {
+ if (requestedTypes.contains(encryptionType)) {
+ return encryptionType;
+ }
+ }
+
+ return null;
+ }
+
+ public static EncryptedData seal(AbstractAsn1Type asn1Type,
+ EncryptionKey key, KeyUsage usage) throws KrbException {
+ byte[] encoded = asn1Type.encode();
+ EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
+ return encrypted;
+ }
+
+ public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey key,
+ KeyUsage usage, Class<T> krbType) throws KrbException {
+ byte[] encoded = EncryptionHandler.decrypt(encrypted, key, usage);
+ return KrbCodec.decode(encoded, krbType);
+ }
+
+ public static byte[] encrypt(EncryptionKey key,
+ byte[] plaintext, int usage) throws KrbException {
+ EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
+ byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage);
+ return cipherData;
+ }
+
+ public static byte[] decrypt(EncryptionKey key,
+ byte[] cipherData, int usage) throws KrbException {
+ EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
+ byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage);
+ return plainData;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
new file mode 100644
index 0000000..fb37813
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KrbConfHelper {
+
+ public static List<EncryptionType> getEncryptionTypes(List<String> encTypeNames) {
+ List<EncryptionType> results = new ArrayList<EncryptionType>(encTypeNames.size());
+
+ EncryptionType etype;
+ for (String etypeName : encTypeNames) {
+ etype = EncryptionType.fromName(etypeName);
+ if (etype != EncryptionType.NONE) {
+ results.add(etype);
+ }
+ }
+ return results;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java
new file mode 100644
index 0000000..89ffbf5
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class KrbErrorUtil {
+
+ public static List<EncryptionType> getEtypes(KrbError error) throws IOException {
+ MethodData methodData = new MethodData();
+ methodData.decode(error.getEdata());
+
+ for( PaDataEntry pd : methodData.getElements()) {
+ if( pd.getPaDataType() == PaDataType.ETYPE_INFO2 ) {
+ return getEtypes2(pd.getPaDataValue());
+ }
+ else if( pd.getPaDataType() == PaDataType.ETYPE_INFO ) {
+ return getEtypes(pd.getPaDataValue());
+ }
+ }
+ return Collections.EMPTY_LIST;
+ }
+
+ private static List<EncryptionType> getEtypes(byte[] data) throws IOException {
+ EtypeInfo info = new EtypeInfo();
+ info.decode(data);
+ List<EncryptionType> results = new ArrayList<EncryptionType>();
+ for( EtypeInfoEntry entry : info.getElements() ) {
+ results.add(entry.getEtype());
+ }
+ return results;
+ }
+
+ private static List<EncryptionType> getEtypes2(byte[] data) throws IOException {
+ EtypeInfo2 info2 = new EtypeInfo2();
+ info2.decode(data);
+ List<EncryptionType> results = new ArrayList<EncryptionType>();
+ for( EtypeInfo2Entry entry : info2.getElements() ) {
+ results.add(entry.getEtype());
+ }
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java
new file mode 100644
index 0000000..bb91f14
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.haox.transport.tcp.DecodingCallback;
+import org.apache.haox.transport.tcp.StreamingDecoder;
+
+import java.nio.ByteBuffer;
+
+public class KrbStreamingDecoder implements StreamingDecoder {
+
+ @Override
+ public void decode(ByteBuffer streamingBuffer, DecodingCallback callback) {
+ if (streamingBuffer.remaining() >= 4) {
+ int len = streamingBuffer.getInt();
+ if (streamingBuffer.remaining() >= len) {
+ callback.onMessageComplete(len + 4);
+ } else {
+ callback.onMoreDataNeeded(len + 4);
+ }
+ } else {
+ callback.onMoreDataNeeded();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java
new file mode 100644
index 0000000..749fb94
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.haox.transport.Transport;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class KrbUtil {
+
+ public static void sendMessage(KrbMessage message, Transport transport) {
+ int bodyLen = message.encodingLength();
+ ByteBuffer buffer = ByteBuffer.allocate(bodyLen + 4);
+ buffer.putInt(bodyLen);
+ message.encode(buffer);
+ buffer.flip();
+ transport.sendMessage(buffer);
+ }
+
+ public static KrbMessage decodeMessage(ByteBuffer message) throws IOException {
+ int bodyLen = message.getInt();
+ assert (message.remaining() >= bodyLen);
+
+ KrbMessage krbMessage = KrbCodec.decodeMessage(message);
+
+ return krbMessage;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java
new file mode 100644
index 0000000..bacbf46
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.preauth;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum PaFlag implements KrbEnum {
+ NONE(-1),
+ PA_REAL(0x01),
+ PA_INFO(0x02);
+
+ private final int value;
+
+ private PaFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static PaFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (PaFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java
new file mode 100644
index 0000000..2ef4e84
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java
@@ -0,0 +1,18 @@
+package org.apache.kerberos.kerb.preauth;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+public class PaFlags extends KrbFlags {
+
+ public PaFlags() {
+ this(0);
+ }
+
+ public PaFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isReal() {
+ return isFlagSet(PaFlag.PA_REAL);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java
new file mode 100644
index 0000000..288164c
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.preauth;
+
+/**
+ * Per request per module
+ */
+public interface PluginRequestContext {
+ // Nothing here, just as a type mark
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java
new file mode 100644
index 0000000..d7c8724
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.preauth;
+
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public interface PreauthPluginMeta {
+
+ public String getName();
+
+ public int getVersion();
+
+ public PaDataType[] getPaTypes();
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
new file mode 100644
index 0000000..390bdc3
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
@@ -0,0 +1,26 @@
+package org.apache.kerberos.kerb.preauth.builtin;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class EncTsPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "encrypted_timestamp";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.ENC_TIMESTAMP
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
new file mode 100644
index 0000000..d6a4662
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.preauth.builtin;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+/**
+ * A faked preauth module for TGS request handling
+ */
+public class TgtPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "TGT_preauth";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.TGS_REQ
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java
new file mode 100644
index 0000000..a45e025
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java
@@ -0,0 +1,25 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class IdentityOpts {
+
+ // From MIT Krb5 _pkinit_identity_opts
+ public String identity;
+ public List<String> AltIdentities = new ArrayList<String>(1);
+ public List<String> anchors = new ArrayList<String>(4);
+ public List<String> intermediates = new ArrayList<String>(2);
+ public List<String> crls = new ArrayList<String>(2);
+ public String ocsp;
+ public IdentityType idType;
+ public String certFile;
+ public String keyFile;
+
+ // PKCS11
+ public String p11ModuleName;
+ public int slotid;
+ public String tokenLabel;
+ public String certId;
+ public String certLabel;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java
new file mode 100644
index 0000000..e62098b
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+public enum IdentityType {
+ NONE,
+ FILE,
+ DIR,
+ PKCS11,
+ PKCS12,
+ ENVVAR,
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
new file mode 100644
index 0000000..753011b
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
@@ -0,0 +1,109 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+public class PkinitIdenity {
+
+ public static void processIdentityOption(IdentityOpts identityOpts, String value) {
+ IdentityType idType = IdentityType.NONE;
+ String residual = null;
+ if (value.contains(":")) {
+ if (value.startsWith("FILE:")) {
+ idType = IdentityType.FILE;
+ } else if (value.startsWith("PKCS11:")) {
+ idType = IdentityType.PKCS11;
+ } else if (value.startsWith("PKCS12:")) {
+ idType = IdentityType.PKCS12;
+ } else if (value.startsWith("DIR:")) {
+ idType = IdentityType.DIR;
+ } else if (value.startsWith("ENV:")) {
+ idType = IdentityType.ENVVAR;
+ } else {
+ throw new RuntimeException("Invalid Identity option format: " + value);
+ }
+ } else {
+ residual = value;
+ idType = IdentityType.FILE;
+ }
+
+ identityOpts.idType = idType;
+ switch (idType) {
+ case ENVVAR:
+ processIdentityOption(identityOpts, System.getenv(residual));
+ break;
+ case FILE:
+ parseFileOption(identityOpts, residual);
+ break;
+ case PKCS11:
+ parsePkcs11Option(identityOpts, residual);
+ break;
+ case PKCS12:
+ parsePkcs12Option(identityOpts, residual);
+ break;
+ case DIR:
+ identityOpts.certFile = residual;
+ break;
+ }
+ }
+
+ public static void parseFileOption(IdentityOpts identityOpts, String residual) {
+ String[] parts = residual.split(",");
+ String certName = null;
+ String keyName = null;
+
+ certName = parts[0];
+ if (parts.length > 1) {
+ keyName = parts[1];
+ }
+
+ identityOpts.certFile = certName;
+ identityOpts.keyFile = keyName;
+ }
+
+ public static void parsePkcs12Option(IdentityOpts identityOpts, String residual) {
+ identityOpts.certFile = residual;
+ identityOpts.keyFile = residual;
+ }
+
+ public static void parsePkcs11Option(IdentityOpts identityOpts, String residual) {
+ // TODO
+ }
+
+ public static void loadCerts(IdentityOpts identityOpts, PrincipalName principal) {
+ switch (identityOpts.idType) {
+ case FILE:
+ loadCertsFromFile(identityOpts, principal);
+ break;
+ case DIR:
+ loadCertsFromDir(identityOpts, principal);
+ break;
+ case PKCS11:
+ loadCertsAsPkcs11(identityOpts, principal);
+ break;
+ case PKCS12:
+ loadCertsAsPkcs12(identityOpts, principal);
+ break;
+ }
+ }
+
+ private static void loadCertsAsPkcs12(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsAsPkcs11(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsFromDir(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsFromFile(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ public static void initialize(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
new file mode 100644
index 0000000..8fe593a
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class PkinitPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "PKINIT";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.PK_AS_REQ,
+ PaDataType.PK_AS_REP,
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java
new file mode 100644
index 0000000..7aae8d7
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import org.apache.haox.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerberos.kerb.spec.pa.pkinit.AlgorithmIdentifiers;
+import org.apache.kerberos.kerb.spec.pa.pkinit.TrustedCertifiers;
+import org.apache.kerberos.kerb.spec.x509.AlgorithmIdentifier;
+
+public class PluginOpts {
+
+ // From MIT Krb5 _pkinit_plg_opts
+
+ // require EKU checking (default is true)
+ public boolean requireEku = true;
+ // accept secondary EKU (default is false)
+ public boolean acceptSecondaryEku = false;
+ // allow UPN-SAN instead of pkinit-SAN
+ public boolean allowUpn = true;
+ // selects DH or RSA based pkinit
+ public boolean usingRsa = true;
+ // require CRL for a CA (default is false)
+ public boolean requireCrlChecking = false;
+ // the size of the Diffie-Hellman key the client will attempt to use.
+ // The acceptable values are 1024, 2048, and 4096. The default is 2048.
+ public int dhMinBits = 2048;
+
+ public AlgorithmIdentifiers createSupportedCMSTypes() {
+ AlgorithmIdentifiers cmsAlgorithms = new AlgorithmIdentifiers();
+ AlgorithmIdentifier des3Alg = new AlgorithmIdentifier();
+ cmsAlgorithms.add(des3Alg);
+
+ String oidStr = "DES3-OID";
+ Asn1ObjectIdentifier des3Oid = new Asn1ObjectIdentifier(oidStr);
+ des3Alg.setAlgorithm(des3Oid);
+ des3Alg.setParameters(null);
+
+ return cmsAlgorithms;
+ }
+
+ public TrustedCertifiers createTrustedCertifiers() {
+ TrustedCertifiers trustedCertifiers = new TrustedCertifiers();
+
+ return trustedCertifiers;
+ }
+
+ public byte[] createIssuerAndSerial() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/14a98c34/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java
new file mode 100644
index 0000000..de3d5dc
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.preauth.token;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class TokenPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "TokenPreauth";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.TOKEN_CHALLENGE,
+ PaDataType.TOKEN_REQUEST
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}