You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 22:47:57 UTC
[18/45] directory-kerberos git commit: DIRKRB-149 New layout
structure with the new name "Apache Kerby"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java
new file mode 100644
index 0000000..1dc83bf
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.common;
+
+import org.apache.kerby.config.ConfigKey;
+
+/**
+ * Config Keys with section name.
+ * Use by MIT Kerberos config keys.
+ */
+public interface SectionConfigKey extends ConfigKey {
+
+ public String getSectionName();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlag.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlag.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlag.java
new file mode 100644
index 0000000..1b68c2a
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlag.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbEnum;
+
+public enum PaFlag implements KrbEnum {
+ NONE(-1),
+ PA_REAL(0x01),
+ PA_INFO(0x02);
+
+ private final int value;
+
+ private PaFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static PaFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (PaFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlags.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlags.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlags.java
new file mode 100644
index 0000000..e3f89a3
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PaFlags.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbFlags;
+
+public class PaFlags extends KrbFlags {
+
+ public PaFlags() {
+ this(0);
+ }
+
+ public PaFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isReal() {
+ return isFlagSet(PaFlag.PA_REAL);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PluginRequestContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PluginRequestContext.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PluginRequestContext.java
new file mode 100644
index 0000000..852deed
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PluginRequestContext.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth;
+
+/**
+ * Per request per module
+ */
+public interface PluginRequestContext {
+ // Nothing here, just as a type mark
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PreauthPluginMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PreauthPluginMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PreauthPluginMeta.java
new file mode 100644
index 0000000..22d38ac
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/PreauthPluginMeta.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth;
+
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+
+public interface PreauthPluginMeta {
+
+ public String getName();
+
+ public int getVersion();
+
+ public PaDataType[] getPaTypes();
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
new file mode 100644
index 0000000..a669e18
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.builtin;
+
+import org.apache.kerby.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+
+public class EncTsPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "encrypted_timestamp";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.ENC_TIMESTAMP
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
new file mode 100644
index 0000000..04bb47b
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.builtin;
+
+import org.apache.kerby.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+
+/**
+ * A faked preauth module for TGS request handling
+ */
+public class TgtPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "TGT_preauth";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.TGS_REQ
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityOpts.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityOpts.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityOpts.java
new file mode 100644
index 0000000..a909170
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityOpts.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.pkinit;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class IdentityOpts {
+
+ // From MIT Krb5 _pkinit_identity_opts
+ public String identity;
+ public List<String> AltIdentities = new ArrayList<String>(1);
+ public List<String> anchors = new ArrayList<String>(4);
+ public List<String> intermediates = new ArrayList<String>(2);
+ public List<String> crls = new ArrayList<String>(2);
+ public String ocsp;
+ public IdentityType idType;
+ public String certFile;
+ public String keyFile;
+
+ // PKCS11
+ public String p11ModuleName;
+ public int slotid;
+ public String tokenLabel;
+ public String certId;
+ public String certLabel;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityType.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityType.java
new file mode 100644
index 0000000..23ec26b
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/IdentityType.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.pkinit;
+
+public enum IdentityType {
+ NONE,
+ FILE,
+ DIR,
+ PKCS11,
+ PKCS12,
+ ENVVAR,
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
new file mode 100644
index 0000000..f080231
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+
+public class PkinitIdenity {
+
+ public static void processIdentityOption(IdentityOpts identityOpts, String value) {
+ IdentityType idType = IdentityType.NONE;
+ String residual = null;
+ if (value.contains(":")) {
+ if (value.startsWith("FILE:")) {
+ idType = IdentityType.FILE;
+ } else if (value.startsWith("PKCS11:")) {
+ idType = IdentityType.PKCS11;
+ } else if (value.startsWith("PKCS12:")) {
+ idType = IdentityType.PKCS12;
+ } else if (value.startsWith("DIR:")) {
+ idType = IdentityType.DIR;
+ } else if (value.startsWith("ENV:")) {
+ idType = IdentityType.ENVVAR;
+ } else {
+ throw new RuntimeException("Invalid Identity option format: " + value);
+ }
+ } else {
+ residual = value;
+ idType = IdentityType.FILE;
+ }
+
+ identityOpts.idType = idType;
+ switch (idType) {
+ case ENVVAR:
+ processIdentityOption(identityOpts, System.getenv(residual));
+ break;
+ case FILE:
+ parseFileOption(identityOpts, residual);
+ break;
+ case PKCS11:
+ parsePkcs11Option(identityOpts, residual);
+ break;
+ case PKCS12:
+ parsePkcs12Option(identityOpts, residual);
+ break;
+ case DIR:
+ identityOpts.certFile = residual;
+ break;
+ }
+ }
+
+ public static void parseFileOption(IdentityOpts identityOpts, String residual) {
+ String[] parts = residual.split(",");
+ String certName = null;
+ String keyName = null;
+
+ certName = parts[0];
+ if (parts.length > 1) {
+ keyName = parts[1];
+ }
+
+ identityOpts.certFile = certName;
+ identityOpts.keyFile = keyName;
+ }
+
+ public static void parsePkcs12Option(IdentityOpts identityOpts, String residual) {
+ identityOpts.certFile = residual;
+ identityOpts.keyFile = residual;
+ }
+
+ public static void parsePkcs11Option(IdentityOpts identityOpts, String residual) {
+ // TODO
+ }
+
+ public static void loadCerts(IdentityOpts identityOpts, PrincipalName principal) {
+ switch (identityOpts.idType) {
+ case FILE:
+ loadCertsFromFile(identityOpts, principal);
+ break;
+ case DIR:
+ loadCertsFromDir(identityOpts, principal);
+ break;
+ case PKCS11:
+ loadCertsAsPkcs11(identityOpts, principal);
+ break;
+ case PKCS12:
+ loadCertsAsPkcs12(identityOpts, principal);
+ break;
+ }
+ }
+
+ private static void loadCertsAsPkcs12(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsAsPkcs11(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsFromDir(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsFromFile(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ public static void initialize(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
new file mode 100644
index 0000000..9d196d9
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerby.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+
+public class PkinitPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "PKINIT";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.PK_AS_REQ,
+ PaDataType.PK_AS_REP,
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
new file mode 100644
index 0000000..38295fa
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.AlgorithmIdentifiers;
+import org.apache.kerby.kerberos.kerb.spec.pa.pkinit.TrustedCertifiers;
+import org.apache.kerby.kerberos.kerb.spec.x509.AlgorithmIdentifier;
+
+public class PluginOpts {
+
+ // From MIT Krb5 _pkinit_plg_opts
+
+ // require EKU checking (default is true)
+ public boolean requireEku = true;
+ // accept secondary EKU (default is false)
+ public boolean acceptSecondaryEku = false;
+ // allow UPN-SAN instead of pkinit-SAN
+ public boolean allowUpn = true;
+ // selects DH or RSA based pkinit
+ public boolean usingRsa = true;
+ // require CRL for a CA (default is false)
+ public boolean requireCrlChecking = false;
+ // the size of the Diffie-Hellman key the client will attempt to use.
+ // The acceptable values are 1024, 2048, and 4096. The default is 2048.
+ public int dhMinBits = 2048;
+
+ public AlgorithmIdentifiers createSupportedCMSTypes() {
+ AlgorithmIdentifiers cmsAlgorithms = new AlgorithmIdentifiers();
+ AlgorithmIdentifier des3Alg = new AlgorithmIdentifier();
+ cmsAlgorithms.add(des3Alg);
+
+ String oidStr = "DES3-OID";
+ Asn1ObjectIdentifier des3Oid = new Asn1ObjectIdentifier(oidStr);
+ des3Alg.setAlgorithm(des3Oid);
+ des3Alg.setParameters(null);
+
+ return cmsAlgorithms;
+ }
+
+ public TrustedCertifiers createTrustedCertifiers() {
+ TrustedCertifiers trustedCertifiers = new TrustedCertifiers();
+
+ return trustedCertifiers;
+ }
+
+ public byte[] createIssuerAndSerial() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
new file mode 100644
index 0000000..f393d15
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.preauth.token;
+
+import org.apache.kerby.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+
+public class TokenPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "TokenPreauth";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.TOKEN_CHALLENGE,
+ PaDataType.TOKEN_REQUEST
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/pom.xml b/kerby-kerb/kerb-core-test/pom.xml
new file mode 100644
index 0000000..bf980e6
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/pom.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-core-test</artifactId>
+
+ <name>kerby-kerb-coreTest</name>
+ <description>Kerb core tests</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data b/kerby-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data
new file mode 100644
index 0000000..7f3b582
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/aes128-key-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/aes128-key-data b/kerby-kerb/kerb-core-test/src/main/resources/aes128-key-data
new file mode 100644
index 0000000..4ba2540
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/main/resources/aes128-key-data
@@ -0,0 +1 @@
+�����\���U�s�7�"
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/aes128-spnego-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/aes128-spnego-data b/kerby-kerb/kerb-core-test/src/main/resources/aes128-spnego-data
new file mode 100644
index 0000000..13c89e6
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/aes128-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data b/kerby-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data
new file mode 100644
index 0000000..b7d539f
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/aes256-key-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/aes256-key-data b/kerby-kerb/kerb-core-test/src/main/resources/aes256-key-data
new file mode 100644
index 0000000..24792c1
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/aes256-key-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/aes256-spnego-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/aes256-spnego-data b/kerby-kerb/kerb-core-test/src/main/resources/aes256-spnego-data
new file mode 100644
index 0000000..6a7e55c
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/aes256-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/asrep.token
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/asrep.token b/kerby-kerb/kerb-core-test/src/main/resources/asrep.token
new file mode 100644
index 0000000..d77cff7
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/asrep.token differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/asreq.token
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/asreq.token b/kerby-kerb/kerb-core-test/src/main/resources/asreq.token
new file mode 100644
index 0000000..6d503b3
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/asreq.token differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/des-kerberos-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/des-kerberos-data b/kerby-kerb/kerb-core-test/src/main/resources/des-kerberos-data
new file mode 100644
index 0000000..3db6963
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/des-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/des-key-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/des-key-data b/kerby-kerb/kerb-core-test/src/main/resources/des-key-data
new file mode 100644
index 0000000..84a0c50
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/main/resources/des-key-data
@@ -0,0 +1 @@
+��2�^�L�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/des-pac-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/des-pac-data b/kerby-kerb/kerb-core-test/src/main/resources/des-pac-data
new file mode 100644
index 0000000..7408111
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/des-pac-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/des-spnego-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/des-spnego-data b/kerby-kerb/kerb-core-test/src/main/resources/des-spnego-data
new file mode 100644
index 0000000..04a56e8
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/des-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/exceptions.properties
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/exceptions.properties b/kerby-kerb/kerb-core-test/src/main/resources/exceptions.properties
new file mode 100644
index 0000000..c9cc814
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/main/resources/exceptions.properties
@@ -0,0 +1,55 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+object.cast.fail=Unable to cast object from {0} to {1}.
+
+spnego.token.empty=Empty SPNego token.
+spnego.token.invalid=Not a valid SPNego token: {0}.
+spnego.token.malformed=Malformed SPNego token.
+spnego.field.invalid=Not a valid SPNego token field: {0}.
+
+
+kerberos.object.cast=Unable to cast Kerberos object from {0} to {1}.
+kerberos.token.empty=Empty Kerberos token.
+kerberos.token.invalid=Not a Kerberos token.
+kerberos.token.malformed=Malformed Kerberos token.
+kerberos.kdcReq.empty=Empty message.
+kerberos.kdcReq.invalid=Not a KRB_AP_REQ message.
+kerberos.ticket.empty=Empty Kerberos ticket.
+kerberos.ticket.invalid=Not a Kerberos v5 ticket.
+kerberos.ticket.malformed=Malformed Kerberos ticket.
+kerberos.field.invalid=Not a valid Kerberos ticket field: {0}.
+kerberos.field.malformed=Malformed Kerberos ticket field.
+kerberos.key.notfound=Unable to find appropriate key of type {0}.
+kerberos.version.invalid=Invalid version of Kerberos ticket: {0}.
+kerberos.login.fail=Unable to get server keys.
+kerberos.decrypt.fail=Unable to decrypt encrypted data using key of type {0}.
+
+pac.token.empty=Empty PAC token.
+pac.token.malformed=Malformed PAC token.
+pac.logoninfo.malformed=Malformed PAC logon info.
+pac.signature.malformed=Malformed PAC signature.
+pac.signature.invalid=Invalid PAC signature.
+pac.string.notempty=String not empty while expected null.
+pac.string.malformed.size=Inconsistent string lengths.
+pac.string.invalid.size=Inconsistent string size: {1}, expecting {0}.
+pac.groups.invalid.size=Group count ({0}) doesn't match the real number of groups ({1}) in the PAC.
+pac.extrasids.invalid.size=Extra SID count ({0}) doesn't match the real number of extra SID ({1}) in the PAC.
+pac.resourcegroups.invalid.size=Resource group count ({0}) doesn't match the real number of resource groups ({1}) in the PAC.
+pac.sid.malformed.size=Inconsistent SID length.
+pac.subauthority.malformed.size=Incorrect byte array length: {0}; must be multiple of 4.
+pac.version.invalid=Invalid version of PAC token: {0}.
+pac.check.fail=Unable to check PAC signature.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data b/kerby-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data
new file mode 100644
index 0000000..6be7086
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/rc4-key-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/rc4-key-data b/kerby-kerb/kerb-core-test/src/main/resources/rc4-key-data
new file mode 100644
index 0000000..64f9d9c
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/main/resources/rc4-key-data
@@ -0,0 +1 @@
+l�܇y#�l�mv��k�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/rc4-pac-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/rc4-pac-data b/kerby-kerb/kerb-core-test/src/main/resources/rc4-pac-data
new file mode 100644
index 0000000..df45f91
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/rc4-pac-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/rc4-spnego-data
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/rc4-spnego-data b/kerby-kerb/kerb-core-test/src/main/resources/rc4-spnego-data
new file mode 100644
index 0000000..91cbe26
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/rc4-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/server.keytab
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/server.keytab b/kerby-kerb/kerb-core-test/src/main/resources/server.keytab
new file mode 100644
index 0000000..b44347c
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/server.keytab differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/tgsrep.token
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/tgsrep.token b/kerby-kerb/kerb-core-test/src/main/resources/tgsrep.token
new file mode 100644
index 0000000..25d6270
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/tgsrep.token differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/main/resources/tgsreq.token
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/main/resources/tgsreq.token b/kerby-kerb/kerb-core-test/src/main/resources/tgsreq.token
new file mode 100644
index 0000000..69f6b46
Binary files /dev/null and b/kerby-kerb/kerb-core-test/src/main/resources/tgsreq.token differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/README.txt
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/README.txt b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/README.txt
new file mode 100644
index 0000000..f1e0a3f
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/README.txt
@@ -0,0 +1,5 @@
+This project is simple for integration testing purpose. It's inspired by and originated from JaasLaunge.
+Eventually I will replace most of the codes by mine or get the granting permission of the author.
+
+http://jaaslounge.sourceforge.net/
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/AuthzDataUtil.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
new file mode 100644
index 0000000..fce9bb4
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerby.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.spec.common.AuthorizationDataEntry;
+import org.apache.kerby.kerberos.kerb.spec.common.AuthorizationType;
+
+import java.io.IOException;
+import java.util.List;
+
+public class AuthzDataUtil {
+
+ public static Pac getPac(AuthorizationData authzData, byte[] serverKey) throws IOException, KrbException {
+ AuthorizationDataEntry ifRelevantAd = null;
+ for (AuthorizationDataEntry entry : authzData.getElements()) {
+ if (entry.getAuthzType() == AuthorizationType.AD_IF_RELEVANT) {
+ ifRelevantAd = entry;
+ break;
+ }
+ }
+
+ if (ifRelevantAd != null) {
+ List<AuthorizationDataEntry> entries = decode(ifRelevantAd);
+ for (AuthorizationDataEntry entry : entries) {
+ if (entry.getAuthzType() == AuthorizationType.AD_WIN2K_PAC) {
+ return decodeAsPac(entry, serverKey);
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static List<AuthorizationDataEntry> decode(AuthorizationDataEntry entry) throws IOException {
+ AuthorizationData authzData = new AuthorizationData();
+ authzData.decode(entry.getAuthzData());
+ return authzData.getElements();
+ }
+
+ public static Pac decodeAsPac(AuthorizationDataEntry entry, byte[] key) throws IOException, KrbException {
+ if (entry.getAuthzType() != AuthorizationType.AD_WIN2K_PAC) {
+ throw new IllegalArgumentException("Not AD_WIN2K_PAC type: " + entry.getAuthzType().name());
+ }
+
+ return new Pac(entry.getAuthzData(), key);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosApRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosApRequest.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosApRequest.java
new file mode 100644
index 0000000..4266ea6
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosApRequest.java
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.kerberos;
+
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerby.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerby.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.IOException;
+
+public class KerberosApRequest {
+ private ApReq apReq;
+ private KerberosTicket ticket;
+
+ public KerberosApRequest(byte[] token, EncryptionKey key) throws Exception {
+ if(token.length <= 0) {
+ throw new IOException("kerberos request empty");
+ }
+
+ apReq = KrbCodec.decode(token, ApReq.class);
+ ticket = new KerberosTicket(apReq.getTicket(), apReq.getApOptions(), key);
+ }
+
+ public ApOptions getApOptions() throws KrbException {
+ return apReq.getApOptions();
+ }
+
+ public KerberosTicket getTicket() {
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosConstants.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosConstants.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosConstants.java
new file mode 100644
index 0000000..a02cda3
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosConstants.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.kerberos;
+
+public interface KerberosConstants {
+
+ static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
+ static final String KERBEROS_VERSION = "5";
+
+ static final String KERBEROS_AP_REQ = "14";
+
+ static final int AF_INTERNET = 2;
+ static final int AF_CHANET = 5;
+ static final int AF_XNS = 6;
+ static final int AF_ISO = 7;
+
+ static final int AUTH_DATA_RELEVANT = 1;
+ static final int AUTH_DATA_PAC = 128;
+
+ static final int DES_ENC_TYPE = 3;
+ static final int RC4_ENC_TYPE = 23;
+ static final String RC4_ALGORITHM = "ARCFOUR";
+ static final String HMAC_ALGORITHM = "HmacMD5";
+ static final int CONFOUNDER_SIZE = 8;
+ static final int CHECKSUM_SIZE = 16;
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosCredentials.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosCredentials.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosCredentials.java
new file mode 100644
index 0000000..087fe42
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosCredentials.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class KerberosCredentials {
+
+ private static Keytab keytab;
+
+ private static void init() throws IOException {
+ InputStream kis = KerberosCredentials.class.getResourceAsStream("/server.keytab");
+ keytab = new Keytab();
+ keytab.load(kis);
+ }
+
+ public static EncryptionKey getServerKey(EncryptionType etype) throws IOException {
+ if (keytab == null) {
+ init();
+ }
+
+ for (PrincipalName principal : keytab.getPrincipals()) {
+ for (KeytabEntry entry : keytab.getKeytabEntries(principal)) {
+ if (entry.getKey().getKeyType() == etype) {
+ return entry.getKey();
+ }
+ }
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosTicket.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosTicket.java
new file mode 100644
index 0000000..a47f0ef
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosTicket.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerby.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerby.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerby.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+
+import java.util.Arrays;
+
+public class KerberosTicket {
+ private String serverPrincipalName;
+ private String serverRealm;
+ private Ticket ticket;
+
+ public KerberosTicket(Ticket ticket, ApOptions apOptions, EncryptionKey key)
+ throws Exception {
+ this.ticket = ticket;
+
+ byte[] decrypted = EncryptionHandler.decrypt(
+ ticket.getEncryptedEncPart(), key, KeyUsage.KDC_REP_TICKET);
+
+ EncTicketPart encPart = KrbCodec.decode(decrypted, EncTicketPart.class);
+ ticket.setEncPart(encPart);
+
+ /**
+ * Also test encryption by the way
+ */
+ EncryptedData encrypted = EncryptionHandler.encrypt(
+ decrypted, key, KeyUsage.KDC_REP_TICKET);
+
+ byte[] decrypted2 = EncryptionHandler.decrypt(
+ encrypted, key, KeyUsage.KDC_REP_TICKET);
+ if (!Arrays.equals(decrypted, decrypted2)) {
+ throw new KrbException("Encryption checking failed after decryption");
+ }
+ }
+
+ public String getUserPrincipalName() throws KrbException {
+ return ticket.getEncPart().getCname().getName();
+ }
+
+ public String getUserRealm() throws KrbException {
+ return ticket.getEncPart().getCrealm();
+ }
+
+ public String getServerPrincipalName() throws KrbException {
+ return ticket.getSname().getName();
+ }
+
+ public String getServerRealm() throws KrbException {
+ return ticket.getRealm();
+ }
+
+ public AuthorizationData getAuthorizationData() throws KrbException {
+ return ticket.getEncPart().getAuthorizationData();
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosToken.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosToken.java
new file mode 100644
index 0000000..f3488c3
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/kerberos/KerberosToken.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerby.asn1.Asn1InputBuffer;
+import org.apache.kerby.asn1.type.Asn1Item;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.IOException;
+
+public class KerberosToken {
+
+ private KerberosApRequest apRequest;
+
+ public KerberosToken(byte[] token) throws Exception {
+ this(token, null);
+ }
+
+ public KerberosToken(byte[] token, EncryptionKey key) throws Exception {
+
+ if(token.length <= 0)
+ throw new IOException("kerberos.token.empty");
+
+ Asn1InputBuffer buffer = new Asn1InputBuffer(token);
+
+ Asn1Item value = (Asn1Item) buffer.read();
+ if(! value.isAppSpecific() && ! value.isConstructed())
+ throw new IOException("kerberos.token.malformed");
+
+ buffer = new Asn1InputBuffer(value.getBodyContent());
+ buffer.skipNext();
+
+ buffer.skipBytes(2);
+
+ apRequest = new KerberosApRequest(buffer.readAllLeftBytes(), key);
+ }
+
+ public KerberosApRequest getApRequest() {
+ return apRequest;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/Pac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/Pac.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/Pac.java
new file mode 100644
index 0000000..9a3d0e0
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/Pac.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.crypto.CheckSumHandler;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.common.KeyUsage;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+
+public class Pac {
+
+ private PacLogonInfo logonInfo;
+ private PacCredentialType credentialType;
+ private PacSignature serverSignature;
+ private PacSignature kdcSignature;
+
+ public Pac(byte[] data, byte[] key) throws KrbException {
+ byte[] checksumData = data.clone();
+ try {
+ PacDataInputStream pacStream = new PacDataInputStream(new DataInputStream(
+ new ByteArrayInputStream(data)));
+
+ if(data.length <= 8)
+ throw new IOException("pac.token.empty");
+
+ int bufferCount = pacStream.readInt();
+ int version = pacStream.readInt();
+
+ if(version != PacConstants.PAC_VERSION) {
+ Object[] args = new Object[]{version};
+ throw new IOException("pac.version.invalid");
+ }
+
+ for(int bufferIndex = 0; bufferIndex < bufferCount; bufferIndex++) {
+ int bufferType = pacStream.readInt();
+ int bufferSize = pacStream.readInt();
+ long bufferOffset = pacStream.readLong();
+ byte[] bufferData = new byte[bufferSize];
+ System.arraycopy(data, (int)bufferOffset, bufferData, 0, bufferSize);
+
+ switch (bufferType) {
+ case PacConstants.LOGON_INFO:
+ // PAC Credential Information
+ logonInfo = new PacLogonInfo(bufferData);
+ break;
+ case PacConstants.CREDENTIAL_TYPE:
+ // PAC Credential Type
+ credentialType = new PacCredentialType(bufferData);
+ break;
+ case PacConstants.SERVER_CHECKSUM:
+ // PAC Server Signature
+ serverSignature = new PacSignature(bufferData);
+ // Clear signature from checksum copy
+ for(int i = 0; i < bufferSize; i++)
+ checksumData[(int)bufferOffset + 4 + i] = 0;
+ break;
+ case PacConstants.PRIVSVR_CHECKSUM:
+ // PAC KDC Signature
+ kdcSignature = new PacSignature(bufferData);
+ // Clear signature from checksum copy
+ for(int i = 0; i < bufferSize; i++)
+ checksumData[(int)bufferOffset + 4 + i] = 0;
+ break;
+ default:
+ }
+ }
+ } catch(IOException e) {
+ throw new KrbException("pac.token.malformed", e);
+ }
+
+ CheckSum checksum = new CheckSum(serverSignature.getType(), serverSignature.getChecksum());
+ if (! CheckSumHandler.verifyWithKey(checksum, checksumData, key, KeyUsage.APP_DATA_CKSUM)) {
+ throw new KrbException("Check sum verifying failed");
+ }
+ }
+
+ public PacLogonInfo getLogonInfo() {
+ return logonInfo;
+ }
+
+ public PacCredentialType getCredentialType() {
+ return credentialType;
+ }
+
+ public PacSignature getServerSignature() {
+ return serverSignature;
+ }
+
+ public PacSignature getKdcSignature() {
+ return kdcSignature;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacConstants.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacConstants.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacConstants.java
new file mode 100644
index 0000000..3aea971
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacConstants.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+public interface PacConstants {
+
+ static final int PAC_VERSION = 0;
+
+ static final int LOGON_INFO = 1;
+ static final int CREDENTIAL_TYPE = 2;
+ static final int SERVER_CHECKSUM = 6;
+ static final int PRIVSVR_CHECKSUM = 7;
+
+ static final int LOGON_EXTRA_SIDS = 0x20;
+ static final int LOGON_RESOURCE_GROUPS = 0x200;
+
+ static final long FILETIME_BASE = -11644473600000L;
+
+ static final int MD5_KRB_SALT = 17;
+ static final int MD5_BLOCK_LENGTH = 64;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacCredentialType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacCredentialType.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacCredentialType.java
new file mode 100644
index 0000000..9e395f2
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacCredentialType.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import java.io.IOException;
+
+public class PacCredentialType {
+
+ private static final int MINIMAL_BUFFER_SIZE = 32;
+
+ private byte[] credentialType;
+
+ public PacCredentialType(byte[] data) throws IOException {
+ credentialType = data;
+ if(!isCredentialTypeCorrect()) {
+ throw new IOException("pac.credentialtype.malformed");
+ }
+ }
+
+ public boolean isCredentialTypeCorrect() {
+ return credentialType != null && credentialType.length < MINIMAL_BUFFER_SIZE;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacDataInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacDataInputStream.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacDataInputStream.java
new file mode 100644
index 0000000..74e21db
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacDataInputStream.java
@@ -0,0 +1,158 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.Date;
+
+public class PacDataInputStream {
+
+ private DataInputStream dis;
+ private int size;
+
+ public PacDataInputStream(InputStream in) throws IOException {
+ dis = new DataInputStream(in);
+ size = in.available();
+ }
+
+ public void align(int mask) throws IOException {
+ int position = size - dis.available();
+ int shift = position & mask - 1;
+ if(mask != 0 && shift != 0)
+ dis.skip(mask - shift);
+ }
+
+ public int available() throws IOException {
+ return dis.available();
+ }
+
+ public void readFully(byte[] b) throws IOException {
+ dis.readFully(b);
+ }
+
+ public void readFully(byte[] b, int off, int len) throws IOException {
+ dis.readFully(b, off, len);
+ }
+
+ public char readChar() throws IOException {
+ align(2);
+ return dis.readChar();
+ }
+
+ public byte readByte() throws IOException {
+ return dis.readByte();
+ }
+
+ public short readShort() throws IOException {
+ align(2);
+ return Short.reverseBytes((short)dis.readShort());
+ }
+
+ public int readInt() throws IOException {
+ align(4);
+ return Integer.reverseBytes(dis.readInt());
+ }
+
+ public long readLong() throws IOException {
+ align(8);
+ return Long.reverseBytes(dis.readLong());
+ }
+
+ public int readUnsignedByte() throws IOException {
+ return ((int)readByte()) & 0xff;
+ }
+
+ public long readUnsignedInt() throws IOException {
+ return ((long)readInt()) & 0xffffffffL;
+ }
+
+ public int readUnsignedShort() throws IOException {
+ return ((int)readShort()) & 0xffff;
+ }
+
+ public Date readFiletime() throws IOException {
+ Date date = null;
+
+ long last = readUnsignedInt();
+ long first = readUnsignedInt();
+ if(first != 0x7fffffffL && last != 0xffffffffL) {
+ BigInteger lastBigInt = BigInteger.valueOf(last);
+ BigInteger firstBigInt = BigInteger.valueOf(first);
+ BigInteger completeBigInt = lastBigInt.add(firstBigInt.shiftLeft(32));
+ completeBigInt = completeBigInt.divide(BigInteger.valueOf(10000L));
+ completeBigInt = completeBigInt.add(BigInteger.valueOf(PacConstants.FILETIME_BASE));
+ date = new Date(completeBigInt.longValue());
+ }
+
+ return date;
+ }
+
+ public PacUnicodeString readUnicodeString() throws IOException {
+ short length = readShort();
+ short maxLength = readShort();
+ int pointer = readInt();
+
+ if(maxLength < length) {
+ throw new IOException("pac.string.malformed.size");
+ }
+
+ return new PacUnicodeString(length, maxLength, pointer);
+ }
+
+ public String readString() throws IOException {
+ int totalChars = readInt();
+ int unusedChars = readInt();
+ int usedChars = readInt();
+
+ if(unusedChars > totalChars || usedChars > totalChars - unusedChars)
+ throw new IOException("pac.string.malformed.size");
+
+ dis.skip(unusedChars * 2);
+ char[] chars = new char[usedChars];
+ for(int l = 0; l < usedChars; l++)
+ chars[l] = (char)readShort();
+
+ return new String(chars);
+ }
+
+ public PacSid readId() throws IOException {
+ byte[] bytes = new byte[4];
+ readFully(bytes);
+
+ return PacSid.createFromSubs(bytes);
+ }
+
+ public PacSid readSid() throws IOException {
+ int sidSize = readInt();
+
+ byte[] bytes = new byte[8 + sidSize * 4];
+ readFully(bytes);
+
+ return new PacSid(bytes);
+ }
+
+ public int skipBytes(int n) throws IOException {
+ return dis.skipBytes(n);
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacGroup.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacGroup.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacGroup.java
new file mode 100644
index 0000000..a3d9bb5
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacGroup.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+public class PacGroup {
+
+ private PacSid id;
+ private int attributes;
+
+ public PacGroup(PacSid id, int attributes) {
+ super();
+ this.id = id;
+ this.attributes = attributes;
+ }
+
+ public PacSid getId() {
+ return id;
+ }
+
+ public int getAttributes() {
+ return attributes;
+ }
+
+}