You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/10 14:30:45 UTC
[01/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Repository: directory-kerberos
Updated Branches:
refs/heads/master c4dc328ed -> 23c1fd120
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeysTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeysTest.java b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeysTest.java
new file mode 100644
index 0000000..bc2ce21
--- /dev/null
+++ b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeysTest.java
@@ -0,0 +1,62 @@
+package org.apache.kerberos.kerb.util;
+
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.keytab.Keytab;
+import org.apache.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+
+/*
+The principal was created with password '123456'
+KVNO Principal
+---- --------------------------------------------------------------------------
+ 1 test@SH.INTEL.COM (des-cbc-crc)
+ 1 test@SH.INTEL.COM (des3-cbc-sha1)
+ 1 test@SH.INTEL.COM (des-hmac-sha1)
+ 1 test@SH.INTEL.COM (aes256-cts-hmac-sha1-96)
+ 1 test@SH.INTEL.COM (aes128-cts-hmac-sha1-96)
+ 1 test@SH.INTEL.COM (arcfour-hmac)
+ 1 test@SH.INTEL.COM (camellia256-cts-cmac)
+ 1 test@SH.INTEL.COM (camellia128-cts-cmac)
+ */
+public class KeysTest {
+ private static String TEST_PASSWORD = "123456";
+
+ private Keytab keytab;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream kis = KeysTest.class.getResourceAsStream("/test.keytab");
+ keytab = new Keytab();
+ keytab.load(kis);
+ }
+
+ @Test
+ public void testString2Key() throws KrbException {
+ List<PrincipalName> principals = keytab.getPrincipals();
+ PrincipalName principal = principals.get(0);
+ List<KeytabEntry> entries = keytab.getKeytabEntries(principal);
+ EncryptionKey genKey;
+ EncryptionType keyType;
+ for (KeytabEntry ke : entries) {
+ keyType = ke.getKey().getKeyType();
+ if (EncryptionHandler.isImplemented(keyType)) {
+ genKey = EncryptionHandler.string2Key(principal.getName(),
+ TEST_PASSWORD, keyType);
+ if(! ke.getKey().equals(genKey)) {
+ Assert.fail("str2key failed for key type: " + keyType.getName());
+ //System.err.println("str2key failed for key type: " + keyType.getName());
+ }
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeytabTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeytabTest.java b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeytabTest.java
new file mode 100644
index 0000000..c37c6ed
--- /dev/null
+++ b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/KeytabTest.java
@@ -0,0 +1,57 @@
+package org.apache.kerberos.kerb.util;
+
+import org.apache.kerberos.kerb.keytab.Keytab;
+import org.apache.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+
+/*
+The principal was created with password '123456'
+
+KVNO Principal
+---- --------------------------------------------------------------------------
+ 1 test@SH.INTEL.COM (des-cbc-crc)
+ 1 test@SH.INTEL.COM (des3-cbc-sha1)
+ 1 test@SH.INTEL.COM (des-hmac-sha1)
+ 1 test@SH.INTEL.COM (aes256-cts-hmac-sha1-96)
+ 1 test@SH.INTEL.COM (aes128-cts-hmac-sha1-96)
+ 1 test@SH.INTEL.COM (arcfour-hmac)
+ 1 test@SH.INTEL.COM (camellia256-cts-cmac)
+ 1 test@SH.INTEL.COM (camellia128-cts-cmac)
+ */
+public class KeytabTest {
+
+ private Keytab keytab;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream kis = KeytabTest.class.getResourceAsStream("/test.keytab");
+ keytab = new Keytab();
+ keytab.load(kis);
+ }
+
+ @Test
+ public void testKeytab() {
+ Assert.assertNotNull(keytab);
+
+ List<PrincipalName> principals = keytab.getPrincipals();
+ PrincipalName principal = principals.get(0);
+ List<KeytabEntry> entries = keytab.getKeytabEntries(principal);
+ for (KeytabEntry ke : entries) {
+ Assert.assertTrue(ke.getKvno() == 1);
+ }
+ }
+
+ public static void main(String[] args) throws IOException {
+ InputStream kis = KeytabTest.class.getResourceAsStream("test.keytab");
+ Keytab keytab = new Keytab();
+ keytab.load(kis);
+ System.out.println("Principals:" + keytab.getPrincipals().size());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/aes128-cts-hmac-sha1-96.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/aes128-cts-hmac-sha1-96.cc b/haox-kerb/kerb-util/src/test/resources/aes128-cts-hmac-sha1-96.cc
new file mode 100644
index 0000000..2ae9f6e
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/aes128-cts-hmac-sha1-96.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/aes256-cts-hmac-sha1-96.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/aes256-cts-hmac-sha1-96.cc b/haox-kerb/kerb-util/src/test/resources/aes256-cts-hmac-sha1-96.cc
new file mode 100644
index 0000000..929c40e
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/aes256-cts-hmac-sha1-96.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/arcfour-hmac.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/arcfour-hmac.cc b/haox-kerb/kerb-util/src/test/resources/arcfour-hmac.cc
new file mode 100644
index 0000000..f7bb88d
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/arcfour-hmac.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/camellia-expect-vt.txt
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/camellia-expect-vt.txt b/haox-kerb/kerb-util/src/test/resources/camellia-expect-vt.txt
new file mode 100644
index 0000000..e6ebe8a
--- /dev/null
+++ b/haox-kerb/kerb-util/src/test/resources/camellia-expect-vt.txt
@@ -0,0 +1,1036 @@
+
+KEYSIZE=128
+
+KEY=00000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=07923A39EB0A817D1C4D87BDB82D1F1C
+
+I=2
+PT=40000000000000000000000000000000
+CT=48CD6419809672D2349260D89A08D3D3
+
+I=3
+PT=20000000000000000000000000000000
+CT=D07493CCB2E95CE0B4945A05ACC97D82
+
+I=4
+PT=10000000000000000000000000000000
+CT=5DBE1EAC9F7080A88DBED7F6DA101448
+
+I=5
+PT=08000000000000000000000000000000
+CT=F01EE477D199DF2701027034B229622F
+
+I=6
+PT=04000000000000000000000000000000
+CT=C841587ABD9A912E563774CB569D051E
+
+I=7
+PT=02000000000000000000000000000000
+CT=1D9BC0C04546F0915C8CCD11391A455C
+
+I=8
+PT=01000000000000000000000000000000
+CT=05E6EBB4BA167F5C479CEFF3152F943B
+
+I=9
+PT=00800000000000000000000000000000
+CT=93211E0F788845B9FC0E4551FFE92AC9
+
+I=10
+PT=00400000000000000000000000000000
+CT=B6D35701CD8FADDE383BBE8E6B70BAF7
+
+I=11
+PT=00200000000000000000000000000000
+CT=8358F9F4EBCFEE348CB30551ACB151A0
+
+I=12
+PT=00100000000000000000000000000000
+CT=D57516EB5AD93C523E40521BF447AFCE
+
+I=13
+PT=00080000000000000000000000000000
+CT=66B2534C279C439133F52E5AD8B439A9
+
+I=14
+PT=00040000000000000000000000000000
+CT=A71C69184A9F63C2992A5F18F77C1FE9
+
+I=15
+PT=00020000000000000000000000000000
+CT=1ADCBE49AEACB9ECEBBD492B10E82C7B
+
+I=16
+PT=00010000000000000000000000000000
+CT=27E3BCFB227C5561DB6CF7FC30387036
+
+I=17
+PT=00008000000000000000000000000000
+CT=F4AE20365CC9D06B0CAE6B695ED2CEC1
+
+I=18
+PT=00004000000000000000000000000000
+CT=3DD682F0B641ED32AD3D43EA2A0456E4
+
+I=19
+PT=00002000000000000000000000000000
+CT=6E5D14A95ECC290B509EA6B673652E3A
+
+I=20
+PT=00001000000000000000000000000000
+CT=F1CDF0F8D7B3FFD95422D7CC0CF40B7B
+
+I=21
+PT=00000800000000000000000000000000
+CT=A9253D459A34C385A1F1B2CFFA3935C5
+
+I=22
+PT=00000400000000000000000000000000
+CT=291024D99FF09A47A1DEE45BA700AE52
+
+I=23
+PT=00000200000000000000000000000000
+CT=49241D9459B277187BB10081C60361C0
+
+I=24
+PT=00000100000000000000000000000000
+CT=AD9BA365CC4DD5553D2D9FE303841D88
+
+I=25
+PT=00000080000000000000000000000000
+CT=C2ECA616664A249DC622CC11196B4AE1
+
+I=26
+PT=00000040000000000000000000000000
+CT=6E1A2D4794BB0DC08777A0BC7523E70E
+
+I=27
+PT=00000020000000000000000000000000
+CT=6DB1F0CF59656BDD235E82B8CEF0BE8E
+
+I=28
+PT=00000010000000000000000000000000
+CT=52F239C5EAF401EBDC54D2F011FF4B6A
+
+I=29
+PT=00000008000000000000000000000000
+CT=6B58A08F648414B67FD6847D2AA51CBF
+
+I=30
+PT=00000004000000000000000000000000
+CT=2959DD5367885A75EB48053CF3251A36
+
+I=31
+PT=00000002000000000000000000000000
+CT=630B292E3B88EF641CDFD531E206605E
+
+I=32
+PT=00000001000000000000000000000000
+CT=4BBB88EF82B70593FCC56AFD91540FDB
+
+I=33
+PT=00000000800000000000000000000000
+CT=0A13055B118A45C606999257BD191426
+
+I=34
+PT=00000000400000000000000000000000
+CT=5CF8E5C9F15D7E4F865020224853EB77
+
+I=35
+PT=00000000200000000000000000000000
+CT=3898805042C7A4315C5EE51AF2DE47E2
+
+I=36
+PT=00000000100000000000000000000000
+CT=8D3F96372E87CBB0B375425B3A10B9E7
+
+I=37
+PT=00000000080000000000000000000000
+CT=4D9510A378BD784A70A66BCC75B7D3C8
+
+I=38
+PT=00000000040000000000000000000000
+CT=70DB1902D37CFBDFB98F7C516F79D416
+
+I=39
+PT=00000000020000000000000000000000
+CT=383C6C2AABEF7FDE25CD470BF774A331
+
+I=40
+PT=00000000010000000000000000000000
+CT=47CBCB5288349B1A15DC9F81FBEE6B8F
+
+I=41
+PT=00000000008000000000000000000000
+CT=21DA34D4468EEB13AED95DAE0FF48310
+
+I=42
+PT=00000000004000000000000000000000
+CT=021C9A8E6BD36FBD036411E5D852A80F
+
+I=43
+PT=00000000002000000000000000000000
+CT=6A459E2F839AF60ACDE83774D0BB5574
+
+I=44
+PT=00000000001000000000000000000000
+CT=C19255121F1B933CAE09E58AEC0E9977
+
+I=45
+PT=00000000000800000000000000000000
+CT=7BA949E27B2BE148A6B801F9305F43D5
+
+I=46
+PT=00000000000400000000000000000000
+CT=E8CEB1026BCF7BCEA32E8A380EA76DB7
+
+I=47
+PT=00000000000200000000000000000000
+CT=63F97747ED56A8F521B20CC65F6F9465
+
+I=48
+PT=00000000000100000000000000000000
+CT=2091CFDC629819106188424AC694F75B
+
+I=49
+PT=00000000000080000000000000000000
+CT=A91BDF8E8B88407942423CCE000527C4
+
+I=50
+PT=00000000000040000000000000000000
+CT=73F9B44B9635A3FD683DBF8D49E9825B
+
+I=51
+PT=00000000000020000000000000000000
+CT=9DC64B2133FAD5069FD9A7CC2FFFD1CC
+
+I=52
+PT=00000000000010000000000000000000
+CT=28240F81FEC36B71E13F1FEA7A7641E3
+
+I=53
+PT=00000000000008000000000000000000
+CT=20DD39FEE96CD2EFF972872A692B28FD
+
+I=54
+PT=00000000000004000000000000000000
+CT=47A9E40483EC1925B635E47E964E8E93
+
+I=55
+PT=00000000000002000000000000000000
+CT=9C0EBD822C49FB3D853DF5B315A87BA0
+
+I=56
+PT=00000000000001000000000000000000
+CT=C18D813FDB45A594C6DC24E5A1F6CE32
+
+I=57
+PT=00000000000000800000000000000000
+CT=7E5467FF245ECF80CB55C2D8E91F0711
+
+I=58
+PT=00000000000000400000000000000000
+CT=394D4365B77954FDEA4145FCF7A7A041
+
+I=59
+PT=00000000000000200000000000000000
+CT=B1D8311A492ED11F11E57B29221610C4
+
+I=60
+PT=00000000000000100000000000000000
+CT=E5FBB947A63AEA90163AF04AD6951EF8
+
+I=61
+PT=00000000000000080000000000000000
+CT=CA0627DDF580F0E7D59562825C9D0492
+
+I=62
+PT=00000000000000040000000000000000
+CT=EF98FFD1AED295AAE1860F0274C8F555
+
+I=63
+PT=00000000000000020000000000000000
+CT=8C698E5CFFF08FACE10C2DC5FF1E2A81
+
+I=64
+PT=00000000000000010000000000000000
+CT=35A7767E02032C35B5CE1A6F49C57C28
+
+I=65
+PT=00000000000000008000000000000000
+CT=AB36F8734E76EBA306CF00D6763D90B0
+
+I=66
+PT=00000000000000004000000000000000
+CT=E854EB66D4EC66889B5E6CD4F44A5806
+
+I=67
+PT=00000000000000002000000000000000
+CT=15B66DF1455ACD640B8716BCF5DB2D69
+
+I=68
+PT=00000000000000001000000000000000
+CT=4C57AB5333E5C2D4B7E30A007E449F48
+
+I=69
+PT=00000000000000000800000000000000
+CT=BA3E7FF28EB38EA09D8DB1440A9A3552
+
+I=70
+PT=00000000000000000400000000000000
+CT=64E60227AFD80C40C70186CC94804C1A
+
+I=71
+PT=00000000000000000200000000000000
+CT=CEB4423C20B4C91C2551F6FC227C9514
+
+I=72
+PT=00000000000000000100000000000000
+CT=F736894B843EF32DA28576DE500D448C
+
+I=73
+PT=00000000000000000080000000000000
+CT=58FDA98B678D15053D4B6C060368108C
+
+I=74
+PT=00000000000000000040000000000000
+CT=E28CAE384E578F47657755EBCD97996C
+
+I=75
+PT=00000000000000000020000000000000
+CT=0A64617BD4B5B166668240D105B7B6A2
+
+I=76
+PT=00000000000000000010000000000000
+CT=4BD090C7E3D365B5EA80F19B4798881E
+
+I=77
+PT=00000000000000000008000000000000
+CT=BC7B6CB9BFF4F72973BB2CD20A512C06
+
+I=78
+PT=00000000000000000004000000000000
+CT=4C7ADDC5C867594E9EE75F0AA6AB9C23
+
+I=79
+PT=00000000000000000002000000000000
+CT=1FBD05C71A36691AC6566A5298101D53
+
+I=80
+PT=00000000000000000001000000000000
+CT=42D7D6B1F499D412F8793972BD968DA2
+
+I=81
+PT=00000000000000000000800000000000
+CT=260EC86E2786FC68824576B934F32814
+
+I=82
+PT=00000000000000000000400000000000
+CT=576C26DFD7046F9357F34BEA7DFB26A0
+
+I=83
+PT=00000000000000000000200000000000
+CT=6D55E54BFB6F927174A02294C95E0F8F
+
+I=84
+PT=00000000000000000000100000000000
+CT=1A6CE91DD458229C7675A34950D10E23
+
+I=85
+PT=00000000000000000000080000000000
+CT=DAD0D5E7E000652825AA34D228EA8D8F
+
+I=86
+PT=00000000000000000000040000000000
+CT=E68013F48D75EAD2BBC0B0BDA5E690BF
+
+I=87
+PT=00000000000000000000020000000000
+CT=A07D92312FBAE37BFE8A834210AE4F9C
+
+I=88
+PT=00000000000000000000010000000000
+CT=6EEE5F8544CD7D456366EB448813989A
+
+I=89
+PT=00000000000000000000008000000000
+CT=F8E5C7FF4B79D7ABE8BFA2DD148820A8
+
+I=90
+PT=00000000000000000000004000000000
+CT=C6349D75C7472BBD66F95B3A07C79C91
+
+I=91
+PT=00000000000000000000002000000000
+CT=B85713C12D8658951CD1AD21C74D2CD2
+
+I=92
+PT=00000000000000000000001000000000
+CT=907AA00B9F7D47A97623FB55BA911F29
+
+I=93
+PT=00000000000000000000000800000000
+CT=DC3CD0ED23D11776FAB43A2A6A8F3557
+
+I=94
+PT=00000000000000000000000400000000
+CT=4BFE58A8FD69179C14765B09AB70B705
+
+I=95
+PT=00000000000000000000000200000000
+CT=A23996E0EA67EC280356E5F77130A551
+
+I=96
+PT=00000000000000000000000100000000
+CT=CDEADE859B3AACD273CCA85A3E2E45F2
+
+I=97
+PT=00000000000000000000000080000000
+CT=E0FC78489857D84DA03F40CE97147174
+
+I=98
+PT=00000000000000000000000040000000
+CT=7615EA6351F6BB12855E8579C6995D8E
+
+I=99
+PT=00000000000000000000000020000000
+CT=13E184344FE28C2E70ED0E4D0A8037F9
+
+I=100
+PT=00000000000000000000000010000000
+CT=A5FE395F568482B87BC3EB208C81C942
+
+I=101
+PT=00000000000000000000000008000000
+CT=B3103E11AF06C85565823F8CAA3159F6
+
+I=102
+PT=00000000000000000000000004000000
+CT=7EBC2234D271B89C519C396985300030
+
+I=103
+PT=00000000000000000000000002000000
+CT=0661D338F2E0C939BA1687820A768467
+
+I=104
+PT=00000000000000000000000001000000
+CT=EC2B42667C0195A90715499617884DA5
+
+I=105
+PT=00000000000000000000000000800000
+CT=AE077BA19D24E7188DDD3682FF196892
+
+I=106
+PT=00000000000000000000000000400000
+CT=98823C24B9C65A66073C7952DC2B4B5E
+
+I=107
+PT=00000000000000000000000000200000
+CT=6AB58432CBB3C2F503DA2D16796CC297
+
+I=108
+PT=00000000000000000000000000100000
+CT=EEB5EBB3A53E4196C2F22BC1A4DDF5E8
+
+I=109
+PT=00000000000000000000000000080000
+CT=33DC40AC5FDC126D38878416AF6C0FA6
+
+I=110
+PT=00000000000000000000000000040000
+CT=38EDDC08E18B4AD982CEA921D2765A9A
+
+I=111
+PT=00000000000000000000000000020000
+CT=7D6BEA038E9347C642E18631660A9558
+
+I=112
+PT=00000000000000000000000000010000
+CT=FDA57921A473B5EE3700AD5ADF035019
+
+I=113
+PT=00000000000000000000000000008000
+CT=699B4812E200337E9C1D2C397F0DFE4E
+
+I=114
+PT=00000000000000000000000000004000
+CT=7A1EADF68B0807145D6C414852DECFC8
+
+I=115
+PT=00000000000000000000000000002000
+CT=1645FFAA8AD76689C01DA8C40882781F
+
+I=116
+PT=00000000000000000000000000001000
+CT=BA0C053BE702FA62FC66D8FEB12FC97E
+
+I=117
+PT=00000000000000000000000000000800
+CT=841FD8AF69CF2C31F7D4D7B6959662B5
+
+I=118
+PT=00000000000000000000000000000400
+CT=F675D59BDB33231861268F539829DA0B
+
+I=119
+PT=00000000000000000000000000000200
+CT=A4967F45ABB4E8C7DC5E3806680F35E0
+
+I=120
+PT=00000000000000000000000000000100
+CT=4D7E08081CC82F92ABA7C58C99F8343F
+
+I=121
+PT=00000000000000000000000000000080
+CT=9AEFDB287C119B82353612B60ECCBFD8
+
+I=122
+PT=00000000000000000000000000000040
+CT=979BB6A1553A17592A86E78DF144A699
+
+I=123
+PT=00000000000000000000000000000020
+CT=A6FA8CAB06FD2E5BF3A858983C01757A
+
+I=124
+PT=00000000000000000000000000000010
+CT=BE8511254C31E25420B91D6FEF1710ED
+
+I=125
+PT=00000000000000000000000000000008
+CT=F589A908D18A21894971C0433581E1A5
+
+I=126
+PT=00000000000000000000000000000004
+CT=4237585130E7C9F715235EB1D8C94DE7
+
+I=127
+PT=00000000000000000000000000000002
+CT=DEFE3E0B5C54C94B4F2A0F5A46F6210D
+
+I=128
+PT=00000000000000000000000000000001
+CT=F5574ACC3148DFCB9015200631024DF9
+
+==========
+
+KEYSIZE=256
+
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=B0C6B88AEA518AB09E847248E91B1B9D
+
+I=2
+PT=40000000000000000000000000000000
+CT=B8D7684E35FA1DB15BDCEE7A48659858
+
+I=3
+PT=20000000000000000000000000000000
+CT=F0CAD59AF92FBB79F36951E697492750
+
+I=4
+PT=10000000000000000000000000000000
+CT=117100F6635389560DC4A2DA24EBA70F
+
+I=5
+PT=08000000000000000000000000000000
+CT=DBDD62355553019ED84C35886421E532
+
+I=6
+PT=04000000000000000000000000000000
+CT=9CB8D04FA506F19848F7B9110518BFC8
+
+I=7
+PT=02000000000000000000000000000000
+CT=E4308E253BC3444D293500701BA82C6A
+
+I=8
+PT=01000000000000000000000000000000
+CT=EA2FAE53F7F30C0170A20E95A068503E
+
+I=9
+PT=00800000000000000000000000000000
+CT=14B14839EA221880B2C64D1FE000B93D
+
+I=10
+PT=00400000000000000000000000000000
+CT=A5CFC075B342D5101AACC334E73058BB
+
+I=11
+PT=00200000000000000000000000000000
+CT=477EA56B2EBAD0F8AC5E1936866560FF
+
+I=12
+PT=00100000000000000000000000000000
+CT=107E8598418404196EC59F63E45B7F6D
+
+I=13
+PT=00080000000000000000000000000000
+CT=FF6A891E7C1C074A68FEC291928FDD8D
+
+I=14
+PT=00040000000000000000000000000000
+CT=F64C250A13F45D377ADB7545B2B157A9
+
+I=15
+PT=00020000000000000000000000000000
+CT=FAD0F252086F11C830C65B63197CBC38
+
+I=16
+PT=00010000000000000000000000000000
+CT=9DCB89B209441F02AD0D25C6AB826629
+
+I=17
+PT=00008000000000000000000000000000
+CT=E62E4ED4E4F34EDC563710D960E09D4C
+
+I=18
+PT=00004000000000000000000000000000
+CT=98A1B926BA06895C3F2E84CCBACBC356
+
+I=19
+PT=00002000000000000000000000000000
+CT=29BE0BE4DB7F4D196718AEA38F3B0BFD
+
+I=20
+PT=00001000000000000000000000000000
+CT=F670C4EBECBA0B43E71F6D752BFD4854
+
+I=21
+PT=00000800000000000000000000000000
+CT=7D7666B4484CDB7E3605468E093A787C
+
+I=22
+PT=00000400000000000000000000000000
+CT=562D06B181C091DA6C43642AE99460C6
+
+I=23
+PT=00000200000000000000000000000000
+CT=AB0EFB5975E6186B7D76BC9672453488
+
+I=24
+PT=00000100000000000000000000000000
+CT=10C0756538E7BFF88D19AE2B1F7B859A
+
+I=25
+PT=00000080000000000000000000000000
+CT=AF7FCD5248F8C72F1695AA05DD1CADE0
+
+I=26
+PT=00000040000000000000000000000000
+CT=9841E555655609A75D7BE20B8A90EF1E
+
+I=27
+PT=00000020000000000000000000000000
+CT=27F9546E6A1B7464780000561783569C
+
+I=28
+PT=00000010000000000000000000000000
+CT=8671D935D7A8354EECB7288803D42D7A
+
+I=29
+PT=00000008000000000000000000000000
+CT=0DA44F508DEBC6F044394624FCEB8EBE
+
+I=30
+PT=00000004000000000000000000000000
+CT=AB137369BE6D93FBB18006BDB236EC09
+
+I=31
+PT=00000002000000000000000000000000
+CT=EB90C4E597A7E1779FFA260886E26F75
+
+I=32
+PT=00000001000000000000000000000000
+CT=618CF3588D5C128EAF252616230E08F7
+
+I=33
+PT=00000000800000000000000000000000
+CT=98DC4DB49D197AB9152D12B9DE2D73CA
+
+I=34
+PT=00000000400000000000000000000000
+CT=5BDDE24B15702A35E1F140C57D206443
+
+I=35
+PT=00000000200000000000000000000000
+CT=CF755809882BED8BA2F9F1A4ED296A2B
+
+I=36
+PT=00000000100000000000000000000000
+CT=F1A8DBB999538AE89D16F92A7F4D1DF1
+
+I=37
+PT=00000000080000000000000000000000
+CT=775222FDDAAECB81CF675C4E0B98179E
+
+I=38
+PT=00000000040000000000000000000000
+CT=12A648CADCD153C760A965826683119A
+
+I=39
+PT=00000000020000000000000000000000
+CT=0503FB10AB241E7CF45D8CDEEE474335
+
+I=40
+PT=00000000010000000000000000000000
+CT=3D299C0070CBBD831B802690B8E7CA24
+
+I=41
+PT=00000000008000000000000000000000
+CT=33105BD4D11D66753DC34D128BEFE3F4
+
+I=42
+PT=00000000004000000000000000000000
+CT=5EFCE2B4B987C0F77D27B44836881682
+
+I=43
+PT=00000000002000000000000000000000
+CT=7835449454128035D7F0EA99E327577B
+
+I=44
+PT=00000000001000000000000000000000
+CT=27BEDDA0601BE35122FB1D272D73AB3E
+
+I=45
+PT=00000000000800000000000000000000
+CT=54C3F99FF48E318CC515EDE75800C4B3
+
+I=46
+PT=00000000000400000000000000000000
+CT=C627C329F8E48299F6FDB23B9DBEA0BB
+
+I=47
+PT=00000000000200000000000000000000
+CT=1B6578F9E23BD8C1845A02431C5F9AA3
+
+I=48
+PT=00000000000100000000000000000000
+CT=6DB2FB8C0B9344D0547C0FF1292020C6
+
+I=49
+PT=00000000000080000000000000000000
+CT=4FAD9B2C37C131493FBEF53581FA4F83
+
+I=50
+PT=00000000000040000000000000000000
+CT=47502A01E93D2C87BD5584F6AFD3D99D
+
+I=51
+PT=00000000000020000000000000000000
+CT=056E1C6F651BFE50271B3B7A18E76D84
+
+I=52
+PT=00000000000010000000000000000000
+CT=5632BAF6627B3D96AD4E06FA6A561F55
+
+I=53
+PT=00000000000008000000000000000000
+CT=E29807CAACDFA2D41A7D9E91FA7FD8EB
+
+I=54
+PT=00000000000004000000000000000000
+CT=81DD44BB5D1822DEE605F9E6FF01D7B3
+
+I=55
+PT=00000000000002000000000000000000
+CT=5C3649925E47D7FF96482A8FBD9666FD
+
+I=56
+PT=00000000000001000000000000000000
+CT=695415A836E66E737887845EC08A1ADB
+
+I=57
+PT=00000000000000800000000000000000
+CT=F5416BCE292D9E2CEA5D1CC70BBAEED1
+
+I=58
+PT=00000000000000400000000000000000
+CT=7AEC4F1388FC29C47F7FED74ADDE8485
+
+I=59
+PT=00000000000000200000000000000000
+CT=82A9F1A6CE08BC4876E649D8A8EA7EB6
+
+I=60
+PT=00000000000000100000000000000000
+CT=B6296C88ADF1A792908B065EEB04BFC2
+
+I=61
+PT=00000000000000080000000000000000
+CT=E766A39AECCA40BDBFBE6FF3FA292913
+
+I=62
+PT=00000000000000040000000000000000
+CT=C6D081454EA00D83C23B5A62C84359E1
+
+I=63
+PT=00000000000000020000000000000000
+CT=85D259A79CCA80484504D1603F7A8F53
+
+I=64
+PT=00000000000000010000000000000000
+CT=D8291FA1C6DC250078824B2D0A20883F
+
+I=65
+PT=00000000000000008000000000000000
+CT=95387CB74C48FFBD1F8D64A6CC45E074
+
+I=66
+PT=00000000000000004000000000000000
+CT=A17F975F538F56CDF629B516011DE837
+
+I=67
+PT=00000000000000002000000000000000
+CT=B50B615A1654C6E1CB6AB33716C097FE
+
+I=68
+PT=00000000000000001000000000000000
+CT=7BBB2CBB874DF6C8B821DA7FB0F9011B
+
+I=69
+PT=00000000000000000800000000000000
+CT=E9EFE074D096A275E47CD2E6206DF6A1
+
+I=70
+PT=00000000000000000400000000000000
+CT=88F2F8D5A836406AE8BBB98C65BBDA55
+
+I=71
+PT=00000000000000000200000000000000
+CT=F64620D8D87585A3EF038B9AD58F5EA0
+
+I=72
+PT=00000000000000000100000000000000
+CT=694438EC141C8ED5F2F898B4554A298F
+
+I=73
+PT=00000000000000000080000000000000
+CT=3E6226EC7726A1EE5F5FA9B18CCE8C44
+
+I=74
+PT=00000000000000000040000000000000
+CT=8AB6949E79911647800B9E87362AB97A
+
+I=75
+PT=00000000000000000020000000000000
+CT=093C5CF24EDAF7F9F1C8A80DE4FF50A9
+
+I=76
+PT=00000000000000000010000000000000
+CT=28A36E50061F19E240351ED0E378CBF4
+
+I=77
+PT=00000000000000000008000000000000
+CT=B93BB36CB88BF26EA79198652AA51D3C
+
+I=78
+PT=00000000000000000004000000000000
+CT=DE4948083D044FAC9BCA6DA8CD67B8A6
+
+I=79
+PT=00000000000000000002000000000000
+CT=6E778B5BDA6CA118117E47470D080D3C
+
+I=80
+PT=00000000000000000001000000000000
+CT=0A9107324DA32B4281D032A3487EF875
+
+I=81
+PT=00000000000000000000800000000000
+CT=18ED5635312D71ABD123CCE779D4D68A
+
+I=82
+PT=00000000000000000000400000000000
+CT=2E3C63F95C4BC1F944BAB06DEDC9AA8E
+
+I=83
+PT=00000000000000000000200000000000
+CT=ACCC869EF07004C8C3C709083BE7BA2F
+
+I=84
+PT=00000000000000000000100000000000
+CT=DF60B34FB1A59147CC1FB049C1578206
+
+I=85
+PT=00000000000000000000080000000000
+CT=4228DC636C08E41021054AA0E1E2227A
+
+I=86
+PT=00000000000000000000040000000000
+CT=7CE27F66EFD735FFD6B3E1738C50495B
+
+I=87
+PT=00000000000000000000020000000000
+CT=F8E74B33A9CDE351DA0BBC06D69093D7
+
+I=88
+PT=00000000000000000000010000000000
+CT=AE0D22A5B37B8DC5D81CC641EED334D0
+
+I=89
+PT=00000000000000000000008000000000
+CT=C181C6CA5E163743458B9167A0B6A16A
+
+I=90
+PT=00000000000000000000004000000000
+CT=5171F4F6095E4B276CFBA1F07223FBE6
+
+I=91
+PT=00000000000000000000002000000000
+CT=2732F4D3A8C9D1D8D493840D6E0B864F
+
+I=92
+PT=00000000000000000000001000000000
+CT=3EF04E0059A061D973532CA5C1DFBE7B
+
+I=93
+PT=00000000000000000000000800000000
+CT=6D9A8F23579E4978EBAA87B5ADEB77E5
+
+I=94
+PT=00000000000000000000000400000000
+CT=BBD08873CC44BA4253C0C41FEEB7F124
+
+I=95
+PT=00000000000000000000000200000000
+CT=72E4B2437CBD283F3809CE686F6A591E
+
+I=96
+PT=00000000000000000000000100000000
+CT=6E5580514B92512B1BF4B1B987B9AA1B
+
+I=97
+PT=00000000000000000000000080000000
+CT=5EF5D0C5BCBDCB604D3A083B68CE0FA3
+
+I=98
+PT=00000000000000000000000040000000
+CT=9D991FDD723AD2182777A15CA0E0F665
+
+I=99
+PT=00000000000000000000000020000000
+CT=24440626EFC8F86BEA7DE78085AB8A22
+
+I=100
+PT=00000000000000000000000010000000
+CT=17C3630D62D13C1E826C0FCCBD74A864
+
+I=101
+PT=00000000000000000000000008000000
+CT=4CF5AB86A56AB134A7FE46CCE3F9FCE9
+
+I=102
+PT=00000000000000000000000004000000
+CT=3E6B9C0388F6D9B8F458F30221907607
+
+I=103
+PT=00000000000000000000000002000000
+CT=AD9C926B8A5CD98EEE88200617E59958
+
+I=104
+PT=00000000000000000000000001000000
+CT=AFF8AED5E075E02AF720CA4BF0028B3B
+
+I=105
+PT=00000000000000000000000000800000
+CT=D90EAFF909202BB209BB3BB8C7F9A954
+
+I=106
+PT=00000000000000000000000000400000
+CT=2C709B00E6A22F00F64A7D8EE341853F
+
+I=107
+PT=00000000000000000000000000200000
+CT=CCEC598F0D9F0BF201B2F487136D54A4
+
+I=108
+PT=00000000000000000000000000100000
+CT=73B2883A0A166AAE1BF14E60A5195FA3
+
+I=109
+PT=00000000000000000000000000080000
+CT=E676867BD9AD5EF915143388496779D7
+
+I=110
+PT=00000000000000000000000000040000
+CT=CDCB73D1BFCFD4BE7F1DAA9B1C6A4055
+
+I=111
+PT=00000000000000000000000000020000
+CT=02A3A5C89DAA24CD2C517F7A73286A89
+
+I=112
+PT=00000000000000000000000000010000
+CT=C0FA2AC9E92EE58C2DD12D6D43AB7035
+
+I=113
+PT=00000000000000000000000000008000
+CT=EDC2CB1F7291353BDBF2385519E6AE16
+
+I=114
+PT=00000000000000000000000000004000
+CT=B4B62D16D197A98CD3B978812B9D9884
+
+I=115
+PT=00000000000000000000000000002000
+CT=5CDFC95A529A905101CEA26BC1B891ED
+
+I=116
+PT=00000000000000000000000000001000
+CT=CC7150CD3650B98363296C7C4ED368D1
+
+I=117
+PT=00000000000000000000000000000800
+CT=CC57706B0C6526B8E25A5DBD32EACBDB
+
+I=118
+PT=00000000000000000000000000000400
+CT=30D30456AD98B182D64C649648F6AEC9
+
+I=119
+PT=00000000000000000000000000000200
+CT=D7E9DA7F631938EB649A08AF82FBD75F
+
+I=120
+PT=00000000000000000000000000000100
+CT=B8DA2AF6600B07895B5D0FFAF4991469
+
+I=121
+PT=00000000000000000000000000000080
+CT=0F6F64F930BA6C178943322B98114599
+
+I=122
+PT=00000000000000000000000000000040
+CT=8B1F247802E47C91BEE2AA34ECFD7A01
+
+I=123
+PT=00000000000000000000000000000020
+CT=7A6985778D3A66E97F23E01F0D0E45E7
+
+I=124
+PT=00000000000000000000000000000010
+CT=BA664AC39855518DFDEE10D1B3111FAE
+
+I=125
+PT=00000000000000000000000000000008
+CT=7C92854D801A1648F65CA81813DDBF83
+
+I=126
+PT=00000000000000000000000000000004
+CT=6A3F25AAB7E92D9CF378E5D9C040F26B
+
+I=127
+PT=00000000000000000000000000000002
+CT=3D4B2CDE666761BA5DFB305178E667FB
+
+I=128
+PT=00000000000000000000000000000001
+CT=9CDB269B5D293BC5DB9C55B057D9B591
+
+==========
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/camellia128-cts-cmac.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/camellia128-cts-cmac.cc b/haox-kerb/kerb-util/src/test/resources/camellia128-cts-cmac.cc
new file mode 100644
index 0000000..5d6f8a5
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/camellia128-cts-cmac.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/camellia256-cts-cmac.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/camellia256-cts-cmac.cc b/haox-kerb/kerb-util/src/test/resources/camellia256-cts-cmac.cc
new file mode 100644
index 0000000..c9a6ecd
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/camellia256-cts-cmac.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/des-cbc-crc.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/des-cbc-crc.cc b/haox-kerb/kerb-util/src/test/resources/des-cbc-crc.cc
new file mode 100644
index 0000000..b43fe30
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/des-cbc-crc.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/des3-cbc-sha1.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/des3-cbc-sha1.cc b/haox-kerb/kerb-util/src/test/resources/des3-cbc-sha1.cc
new file mode 100644
index 0000000..ba2f6ea
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/des3-cbc-sha1.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/krbtgt.keytab
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/krbtgt.keytab b/haox-kerb/kerb-util/src/test/resources/krbtgt.keytab
new file mode 100644
index 0000000..08bd0c1
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/krbtgt.keytab differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/test.cc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/test.cc b/haox-kerb/kerb-util/src/test/resources/test.cc
new file mode 100644
index 0000000..22a27e8
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/test.cc differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/resources/test.keytab
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/resources/test.keytab b/haox-kerb/kerb-util/src/test/resources/test.keytab
new file mode 100644
index 0000000..5a9c733
Binary files /dev/null and b/haox-kerb/kerb-util/src/test/resources/test.keytab differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/pom.xml b/haox-kerb/pom.xml
new file mode 100644
index 0000000..0c1704e
--- /dev/null
+++ b/haox-kerb/pom.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-all</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>haox-kerb</artifactId>
+ <name>Haox-kerb Project</name>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>kerb-core</module>
+ <module>kerb-core-test</module>
+ <module>kerb-common</module>
+ <module>kerb-util</module>
+ <module>kerb-crypto</module>
+ <module>kerb-identity</module>
+ <module>kerb-client</module>
+ <module>kerb-server</module>
+ <module>kerb-kdc-test</module>
+ </modules>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..f08a00c
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.haox</groupId>
+ <artifactId>haox-all</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <name>Haox Project</name>
+ <description>Haox, just for the way</description>
+ <url>http://www.haox.org</url>
+ <inceptionYear>2014</inceptionYear>
+
+ <properties>
+ <scala.version>2.10.3</scala.version>
+ </properties>
+
+ <modules>
+ <module>3rdparty</module>
+ <module>contrib</module>
+ <module>haox-kerb</module>
+ <module>haox-kdc</module>
+ <module>benchmark</module>
+ </modules>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.1</version>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.4</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.16</version>
+ <configuration>
+ <reuseForks>false</reuseForks>
+ <systemPropertyVariables>
+ </systemPropertyVariables>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>compile</phase>
+ <goals>
+ <goal>compile</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
[33/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.raw
new file mode 100644
index 0000000..e1a45f0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.raw
@@ -0,0 +1 @@
+Salted__�'o��$�ό{��D��U�3�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.base64
new file mode 100644
index 0000000..99dd748
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.base64
@@ -0,0 +1 @@
+U2FsdGVkX19yAldtM0VmBsI9Ytjp5QsU6Mzz6K5Cx6k=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.raw
new file mode 100644
index 0000000..53f40c5
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.base64
new file mode 100644
index 0000000..828218d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+XADd70ffqUEeA1VFhMGkpmHOvUA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.raw
new file mode 100644
index 0000000..abff396
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ofb.raw
@@ -0,0 +1 @@
+Salted__(<�-���e'��"��j�i��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.base64
new file mode 100644
index 0000000..0e222ab
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.base64
@@ -0,0 +1 @@
+U2FsdGVkX18lyzI2kQJMPmBsJbfD/qTe1glRDiV+eg8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.raw
new file mode 100644
index 0000000..de71e30
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des.raw
@@ -0,0 +1 @@
+Salted__�F��5��9�tj����>3o�M061�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.base64
new file mode 100644
index 0000000..93206dd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19xx1chMmdJ8eFZxjVhq1fhRhtsaysJZK8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.raw
new file mode 100644
index 0000000..b02ab71
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cbc.raw
@@ -0,0 +1 @@
+Salted___����S���"�{b��UD�ߜ��LA
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.base64
new file mode 100644
index 0000000..8ccc633
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19CzdoZuqHCDLC8y4aOcB27o896yA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.raw
new file mode 100644
index 0000000..2bf1f0f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb.raw
@@ -0,0 +1 @@
+Salted__ 5���&|7F8�f�L��F��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.base64
new file mode 100644
index 0000000..3aa1ec4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+1JccDxVEzyR2M1fq0siQ30vISew==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.raw
new file mode 100644
index 0000000..1f8b413
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-cfb8.raw
@@ -0,0 +1 @@
+Salted__0��h}C��F�O�W
=��n�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.base64
new file mode 100644
index 0000000..f7a2dfe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+jiXx0gK6/kNCYTrQp3coct+4/tool1DI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.raw
new file mode 100644
index 0000000..acfb9ad
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ecb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.base64
new file mode 100644
index 0000000..03ee845
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19e9Hf5gd5q/jxs4KvuQAFaqdvqDw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.raw
new file mode 100644
index 0000000..23a4da2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2-ofb.raw
@@ -0,0 +1 @@
+Salted__���e��Q��g���1�'�s
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.base64
new file mode 100644
index 0000000..e303ade
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.base64
@@ -0,0 +1 @@
+U2FsdGVkX19r7Ho+1z5PhaPFqGv1u9oS5pbEQTcSdSM=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.raw
new file mode 100644
index 0000000..c7b83e7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des2.raw
@@ -0,0 +1 @@
+Salted__���0���ӶB��ʲ��I���� ;�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.base64
new file mode 100644
index 0000000..213899d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18FEUvYvCXnt3hL0NJYuxBUDTYkJs46F3I=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.raw
new file mode 100644
index 0000000..cf578c5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cbc.raw
@@ -0,0 +1 @@
+Salted__A+��@ZUi�s�7M�o�+�����n
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.base64
new file mode 100644
index 0000000..3ca902b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+uL6LyO88LVW6JSU1QggtMqXcJhA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.raw
new file mode 100644
index 0000000..3db917d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb.raw
@@ -0,0 +1 @@
+Salted__xC�l��%��7�y[��=�@��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.base64
new file mode 100644
index 0000000..1706aae
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+UVIXNkusZ2L9LJETZrgLvYQLx2Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.raw
new file mode 100644
index 0000000..35ef3a9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-cfb8.raw
@@ -0,0 +1 @@
+Salted__5b��bA������r���;=ܨ
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.base64
new file mode 100644
index 0000000..b196590
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/AmsUU5AMZi+SKgNJLzbdL7ksOeW4C2Gs=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.raw
new file mode 100644
index 0000000..d6a2aec
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ecb.raw
@@ -0,0 +1 @@
+Salted__����2ɱF��xi]�
����p��`�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.base64
new file mode 100644
index 0000000..ed5b9f6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+EdDdizgXHrefX3aa7etL0mlBz4A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.raw
new file mode 100644
index 0000000..863bb04
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3-ofb.raw
@@ -0,0 +1 @@
+Salted__�����h
��U�p֍"X��]�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.base64
new file mode 100644
index 0000000..dd14563
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/VhtA8kn/sl5vKUPdn26Y2HJ9GqS0yIO4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.raw
new file mode 100644
index 0000000..c6c0603
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des3.raw
@@ -0,0 +1 @@
+Salted__�r�*���k'�2ڼ�_�yd1���O
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.base64
new file mode 100644
index 0000000..99379d5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19CcOxqNCX3h+qaxYPx4f/RSMkfhfcg3+U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.raw
new file mode 100644
index 0000000..5f2ca5c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cbc.raw
@@ -0,0 +1 @@
+Salted__X&{�ʱ@+;���p�Òs�����YL
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.base64
new file mode 100644
index 0000000..34568e6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/UW5yNAn/CqR2XRuNBN7eL0fykgw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.raw
new file mode 100644
index 0000000..4feda43
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb.raw
@@ -0,0 +1 @@
+Salted__h�u}S1��KPf�.h@���!�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.base64
new file mode 100644
index 0000000..b2cd2ad
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18ENqZkND8kNxny3GS40O7vA+01RA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.raw
new file mode 100644
index 0000000..5d0f56a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-cfb8.raw
@@ -0,0 +1 @@
+Salted__�H�4g�� �(�`tc�C�"��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.base64
new file mode 100644
index 0000000..c3d8b5b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18SHI4bsA0ISfwzG74m3pq8LYHueA4kHX8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.raw
new file mode 100644
index 0000000..4f52e3e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ecb.raw
@@ -0,0 +1 @@
+Salted__<x��hwtf��]���e{��߱����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.base64
new file mode 100644
index 0000000..74d3d7f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/9caqCTHUYTMBXGcmTvpbwc1hFYQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.raw
new file mode 100644
index 0000000..f302d1b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost-ofb.raw
@@ -0,0 +1 @@
+Salted__�̩�Ԑ|��:������A7!�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.base64
new file mode 100644
index 0000000..7f608d4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.base64
@@ -0,0 +1 @@
+U2FsdGVkX19cp6LdmpT4Cy3MXExvnqpHAacdX1t49N8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.raw
new file mode 100644
index 0000000..b102fa1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost.raw
@@ -0,0 +1,2 @@
+Salted__s��b ������n������ʼ�
+��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.base64
new file mode 100644
index 0000000..a255c2b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+H27MlUg1vPsoZxpMW0YhUDsU83uBZto4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.raw
new file mode 100644
index 0000000..98ee138
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cbc.raw
@@ -0,0 +1 @@
+Salted__���.��K�dظ��d��
���5 ��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.base64
new file mode 100644
index 0000000..afb0b19
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX193E/5JnaVMzKSTVGJnVoHkW//6UQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.raw
new file mode 100644
index 0000000..50d10b4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb.raw
@@ -0,0 +1 @@
+Salted__PI*�֍���N����p����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.base64
new file mode 100644
index 0000000..8805e99
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+z2bNQFuQbctEp67XJS/07x7y7Ug==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.raw
new file mode 100644
index 0000000..3a077e2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-cfb8.raw
@@ -0,0 +1 @@
+Salted__W��J���yPQ���ЇQ�3��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.base64
new file mode 100644
index 0000000..d600b33
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/3aDVY8d8z2yMpkDMJRMidVosy7139sZQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.raw
new file mode 100644
index 0000000..95b75d5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ecb.raw
@@ -0,0 +1 @@
+Salted__;����3����_ ���Wf�,�8�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.base64
new file mode 100644
index 0000000..0a10ee5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/SzYHi7r+5pJl69a2iG5kSddrZ7Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.raw
new file mode 100644
index 0000000..31eecf6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147-ofb.raw
@@ -0,0 +1 @@
+Salted__%������;G�����=|`�ZS
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.base64
new file mode 100644
index 0000000..fd0fbb5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+NdJZXG4amPV/2Bb1A+BwpJjIk0xIlfhc=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.raw
new file mode 100644
index 0000000..55b3429
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/gost28147.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.base64
new file mode 100644
index 0000000..c06ddfd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/OtjE6TFh2zaXkr8avX9DMGUMTVYdjgho=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.raw
new file mode 100644
index 0000000..91c10c4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cbc.raw
@@ -0,0 +1 @@
+Salted__�ϵ�����ˤ¨����f�b���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.base64
new file mode 100644
index 0000000..504b806
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19PDheUQ+fz6/gv42IkjuN4yxYh/A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.raw
new file mode 100644
index 0000000..2a3ad57
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb.raw
@@ -0,0 +1,2 @@
+Salted__��
+��XT�e
<��;��w~��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.base64
new file mode 100644
index 0000000..d0fd71a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18WT/xrbSMFJZRt2HoN8QG9ikk/iw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.raw
new file mode 100644
index 0000000..d4179bb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-cfb8.raw
@@ -0,0 +1 @@
+Salted__q�_���k��ÂW�djO���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.base64
new file mode 100644
index 0000000..c4d6ae2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/zs/wt9YPU+8vAh/1Qseii6vrmPoLMhGA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.raw
new file mode 100644
index 0000000..1de519d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ecb.raw
@@ -0,0 +1,2 @@
+Salted__:���s>��l�k�hdV���
+DmQ��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.base64
new file mode 100644
index 0000000..55dd20a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+XANwaL1bEFrkxDddSGCleBTJQQg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.raw
new file mode 100644
index 0000000..f0a286c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea-ofb.raw
@@ -0,0 +1 @@
+Salted__��U����b��;Co8Y���QX
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.base64
new file mode 100644
index 0000000..5fc1bb9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+MBtM2j7TXdcefSxcgR2yvj+OqX4pDZXk=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.raw
new file mode 100644
index 0000000..7e71623
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/idea.raw
@@ -0,0 +1 @@
+Salted__��KI��}�����<�-��.ƾ���9
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.base64
new file mode 100644
index 0000000..31f33fa
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1890fJi9gA9RVpNI1DwMT1Vt51TkZmLyWs=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.raw
new file mode 100644
index 0000000..25e5f9c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cbc.raw
@@ -0,0 +1 @@
+Salted__. ����b��y��6����[�Y9�I
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.base64
new file mode 100644
index 0000000..9f43934
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/9CTBQbekwaKie03cWICyZs3KtFg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.raw
new file mode 100644
index 0000000..34c84f6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb.raw
@@ -0,0 +1 @@
+Salted__�q��sqhT:�,@�%Ck���S
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.base64
new file mode 100644
index 0000000..dfd79ae
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19rhbzIzceTg9Ye5JJVdmxmGjzhDQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.raw
new file mode 100644
index 0000000..abcd263
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-cfb8.raw
@@ -0,0 +1 @@
+Salted__H������H��.�����a���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.base64
new file mode 100644
index 0000000..4bed16c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19daAkC+zMJJplpf0zSowdMulhlBsFnUVs=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.raw
new file mode 100644
index 0000000..1de429d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ecb.raw
@@ -0,0 +1 @@
+Salted__97����./�����H%ˮ��A��7�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.base64
new file mode 100644
index 0000000..2a2f8fb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/19LIip0bg3xxQnKt+Kl0/34+i2A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.raw
new file mode 100644
index 0000000..a6a97aa
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40-ofb.raw
@@ -0,0 +1 @@
+Salted__A��j�V�r���ˋ�G$��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.base64
new file mode 100644
index 0000000..e9a220d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/3SRnzRmiIg1wLwR1/h+fXX+1e/GY202U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.raw
new file mode 100644
index 0000000..9e5c6c7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-40.raw
@@ -0,0 +1 @@
+Salted__kn���� �-��&��gLΰ�W��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.base64
new file mode 100644
index 0000000..88c35c7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19HgGgtz1lOzUsGkcd7YnWH7iB+t0TCPc4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.raw
new file mode 100644
index 0000000..ef12322
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cbc.raw
@@ -0,0 +1 @@
+Salted__��)Y������L�ee��?$���B�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.base64
new file mode 100644
index 0000000..ce92402
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+jFsOQfhGb6EMTiO5PogMI/TDEVQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.raw
new file mode 100644
index 0000000..092dbcb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb.raw
@@ -0,0 +1 @@
+Salted__�W�����$��X���]pR���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.base64
new file mode 100644
index 0000000..9eff43f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Vx4yMujZVjPpd9Fi1bSg/jF7Bxw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.raw
new file mode 100644
index 0000000..269c7cc
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-cfb8.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.base64
new file mode 100644
index 0000000..6adf1b2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19V5eWa4V73IGlV+5qb1zawiN+vnAiYmzY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.raw
new file mode 100644
index 0000000..936afba
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ecb.raw
@@ -0,0 +1 @@
+Salted__B�.A�l������Mv:��c�X���\
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.base64
new file mode 100644
index 0000000..496a220
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19GOsgWvk8zkm+x4QV5m1s4fdPu5Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.raw
new file mode 100644
index 0000000..2d0e2af
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64-ofb.raw
@@ -0,0 +1 @@
+Salted__ LV㛖O�����v1ġ6�t}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.base64
new file mode 100644
index 0000000..ba7b424
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+t696swrI4UPV7oNFDYmU87F0CoP6Vb+Q=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.raw
new file mode 100644
index 0000000..302cb49
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-64.raw
@@ -0,0 +1 @@
+Salted__�$�V��T����Gj0�>A�
���U
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.base64
new file mode 100644
index 0000000..eea5829
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19jUXYEywuyoP7NBdjrrZCqtJrFnXTPlaU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.raw
new file mode 100644
index 0000000..c2c1b61
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cbc.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.base64
new file mode 100644
index 0000000..6a25c21
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19N7VML8H7g1oM010jHxsI+4J3Eaw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.raw
new file mode 100644
index 0000000..c0cf0cd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb.raw
@@ -0,0 +1 @@
+Salted__
���9��n�ܦ��w�L�E��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.base64
new file mode 100644
index 0000000..4242b15
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Hc+EZIfLJzpgBhsT2O+8yMoQG+g==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.raw
new file mode 100644
index 0000000..a6eeb8b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-cfb8.raw
@@ -0,0 +1 @@
+Salted__X��z�S�ˊ���*M>�H+�\
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.base64
new file mode 100644
index 0000000..626d757
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX180vh9QgndcQX7pLj7vY6mjoFKdPy4DKKU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.raw
new file mode 100644
index 0000000..1360879
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ecb.raw
@@ -0,0 +1 @@
+Salted__!)��u���ti�����7P�t�ü_�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.base64
new file mode 100644
index 0000000..313ae46
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/iYmfwemCc/BruXulvHyLEqbOOgA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.raw
new file mode 100644
index 0000000..6bd7cdb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2-ofb.raw
@@ -0,0 +1 @@
+Salted__�z�ޢ��jV�����o�s��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.base64
new file mode 100644
index 0000000..82dd662
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.base64
@@ -0,0 +1 @@
+U2FsdGVkX19N6rCXehC+nOA5hSXpAYzwLaWrUbjVjOw=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.raw
new file mode 100644
index 0000000..30ddfb1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc2.raw
@@ -0,0 +1 @@
+Salted__�∎�-������r~����g"��)�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.base64
new file mode 100644
index 0000000..fc22b6a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX188GJJ5CN6i9uoi+gQ7MGXRI5hARw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.raw
new file mode 100644
index 0000000..7023417
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cbc.raw
@@ -0,0 +1 @@
+Salted__K�<�PGR�t�'�o��=iA!
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.base64
new file mode 100644
index 0000000..53c2751
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18odI9YC5G2YEXRbhdC4oAEZBoy8A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.raw
new file mode 100644
index 0000000..30a67c9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb.raw
@@ -0,0 +1 @@
+Salted__�
�$�Z�(*b"��|� ����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.base64
new file mode 100644
index 0000000..a1aa595
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/CZmQzq0Vy8q9v/UuFyivWuzzy/A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.raw
new file mode 100644
index 0000000..89067c5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb1.raw
@@ -0,0 +1 @@
+Salted__��3��!�����������ʞ
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.base64
new file mode 100644
index 0000000..596499d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1941/BbLOytQil4JxUbYgHhVRVTPw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.raw
new file mode 100644
index 0000000..cc8ec48
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-cfb8.raw
@@ -0,0 +1 @@
+Salted__���A�;EK��9���G7{��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.base64
new file mode 100644
index 0000000..addd651
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/wRwxSIU9NSFlHZQri5prYSp2VBQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.raw
new file mode 100644
index 0000000..d00c121
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ecb.raw
@@ -0,0 +1 @@
+Salted__r��]�濷�S>>�3�p��#�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.base64
new file mode 100644
index 0000000..0d6cc65
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19CkHOXcKSEyr7u+cfZdee1OIHuzw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.raw
new file mode 100644
index 0000000..bcf956b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40-ofb.raw
@@ -0,0 +1 @@
+Salted__T��N�/��|�wN�9:v��`�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.base64
new file mode 100644
index 0000000..12a7b89
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.base64
@@ -0,0 +1 @@
+U2FsdGVkX18EeGBBjdefS3HAHTqHfBG/3hCTAQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.raw
new file mode 100644
index 0000000..a49d2fa
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-40.raw
@@ -0,0 +1 @@
+Salted__�Q��_����y)j4�^�U[�W
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.base64
new file mode 100644
index 0000000..b57ddee
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19MH6/8ont1oCPgPGGrD07Uk2KFbw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.raw
new file mode 100644
index 0000000..58ad2d4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cbc.raw
@@ -0,0 +1 @@
+Salted__?f���U�P2e�Q��E��@&�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.base64
new file mode 100644
index 0000000..75b19e3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+XwaTkDMWYpe00BhDb6r23ndwWcg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.raw
new file mode 100644
index 0000000..1763fa5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb.raw
@@ -0,0 +1 @@
+Salted__)TC_�̯�s|4#��|�ҭ�D
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.base64
new file mode 100644
index 0000000..3c075dc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX19awuk1DmUWgwPY/aEmbOiOBEOl1A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.raw
new file mode 100644
index 0000000..ff8dc08
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb1.raw
@@ -0,0 +1 @@
+Salted__��n��h<��<���_����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.base64
new file mode 100644
index 0000000..ccae1fb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+5qdQ+OTXJaPidwUyxZIJ3poe4WA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.raw
new file mode 100644
index 0000000..d7297b4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-cfb8.raw
@@ -0,0 +1 @@
+Salted__윰�])��-�s��� ��|W�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.base64
new file mode 100644
index 0000000..8bf1eaa
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1//ZrZ/vbEZ3DLSgWD+riJhXeUBmw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.raw
new file mode 100644
index 0000000..f002c75
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ecb.raw
@@ -0,0 +1 @@
+Salted__"Q��|��`\I�E��&���*w
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.base64
new file mode 100644
index 0000000..84a89be
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Im3cQogwsf8Bmi3Putex1tcWQ3Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.raw
new file mode 100644
index 0000000..3e40896
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4-ofb.raw
@@ -0,0 +1 @@
+Salted__x��2S���#�����]m��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.base64
new file mode 100644
index 0000000..020815e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.base64
@@ -0,0 +1 @@
+U2FsdGVkX19dOFVejkLubJRxOAgiRXIhdtQjpg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.raw
new file mode 100644
index 0000000..3cd0f3d
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc4.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.base64
new file mode 100644
index 0000000..efa9b01
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19KZE6NwDpGJggjEqCSssSdGBuqdMMS/ac=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.raw
new file mode 100644
index 0000000..9ad3978
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cbc.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.base64
new file mode 100644
index 0000000..58d6a84
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/iYdy7fAxq6MgXfbbdhgpV0ZzMbA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.raw
new file mode 100644
index 0000000..2e140fc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb.raw
@@ -0,0 +1 @@
+Salted__-���7x�j�k�?�o��on�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.base64
new file mode 100644
index 0000000..5751c8d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+QRrNDT8pf9MjdWWXbv9prbDMeLw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.raw
new file mode 100644
index 0000000..7e749c1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-cfb8.raw
@@ -0,0 +1 @@
+Salted__���r��%������E��3��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.base64
new file mode 100644
index 0000000..37d8f49
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/9FfJfiaw3Io0Z0jxcNcn2z7/nwS5fW2U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.raw
new file mode 100644
index 0000000..6c71c4d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ecb.raw
@@ -0,0 +1 @@
+Salted__���SpH2�����$��Q,E�!�
�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.base64
new file mode 100644
index 0000000..e34064b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Wu2kziJkCUV0k3gLs9ST+Khhj7A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.raw
new file mode 100644
index 0000000..5aeed79
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5-ofb.raw
@@ -0,0 +1 @@
+Salted__��˿s�����^"@������3
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.base64
new file mode 100644
index 0000000..5be614d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.base64
@@ -0,0 +1 @@
+U2FsdGVkX19OPlXT1mBB8+CHrhbv+wgMQQRO6W9JmNA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.raw
new file mode 100644
index 0000000..a477e0e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc5.raw
@@ -0,0 +1,2 @@
+Salted__
+��1�T���9��m��;��,D:�c�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.base64
new file mode 100644
index 0000000..6c77177
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18zJfLwtPs3eGSOXxsDSLwxRwt88FMa8KQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.raw
new file mode 100644
index 0000000..b8a9c69
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cbc.raw
@@ -0,0 +1 @@
+Salted__~q�y}ݜ���C4;��P#:�b�.�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.base64
new file mode 100644
index 0000000..00b2115
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19+sI9PaxTdpflralMAgc1WiI0LxA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.raw
new file mode 100644
index 0000000..668db94
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb.raw
@@ -0,0 +1 @@
+Salted__��VQ�3U2�Pr()+S菌¢
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.base64
new file mode 100644
index 0000000..5967372
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19XSdlrGG6E+A5QqcShux77c0qGeg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.raw
new file mode 100644
index 0000000..8465eb0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-cfb8.raw
@@ -0,0 +1 @@
+Salted__;>�0G��n����`w��u���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.base64
new file mode 100644
index 0000000..ba70f6b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18hZXJjY4Ph0hTUfIl2u55YV6eJ6DTx23U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.raw
new file mode 100644
index 0000000..7ff49eb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ecb.raw
@@ -0,0 +1 @@
+Salted__�
�EX�ػ#��w\u�7U�\%�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.base64
new file mode 100644
index 0000000..5f7c88d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18myTpYCRMSdywhJDrjGBHrXcT/qQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.raw
new file mode 100644
index 0000000..a7ea4c1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6-ofb.raw
@@ -0,0 +1 @@
+Salted__�""�]�@�=z\��о�ʻ��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.base64
new file mode 100644
index 0000000..54fe771
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/rTycJEafQGVSXJ1+kU3PDaSyyaK7Tw1M=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.raw
new file mode 100644
index 0000000..d053f09
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rc6.raw
@@ -0,0 +1 @@
+Salted__iC��\�0?M����.�·�������
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.base64
new file mode 100644
index 0000000..a85d699
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+GLUqDaOBL1q65jZRVV94LQvz++bpKfrg=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.raw
new file mode 100644
index 0000000..702ae5d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cbc.raw
@@ -0,0 +1 @@
+Salted__�l���*��`=N� `���#�/��9u
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.base64
new file mode 100644
index 0000000..112de2e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+w0kb82u6IyxyLvDdjN8TFhrKQnA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.raw
new file mode 100644
index 0000000..86a6b98
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb.raw
@@ -0,0 +1 @@
+Salted__�J����ff�~��%Hi�;�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.base64
new file mode 100644
index 0000000..c24b2f8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/3OymmQVbiQVPgAZxjBlz0dH7cWQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.raw
new file mode 100644
index 0000000..15427a6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-cfb8.raw
@@ -0,0 +1 @@
+Salted__���P����@�u(��s=yi�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.base64
new file mode 100644
index 0000000..3ebeb0a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19AiEISrLHP341MAjkYJYdHL34x/fD3nfY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.raw
new file mode 100644
index 0000000..8567a88
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ecb.raw
@@ -0,0 +1 @@
+Salted__M��Ɇ�3��?�Uj��Է���f��i
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.base64
new file mode 100644
index 0000000..8ec0178
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+tQE34suS3sGO91eEI9xeZJnHbhg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.raw
new file mode 100644
index 0000000..2970b00
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael-ofb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.base64
new file mode 100644
index 0000000..60ff618
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/eW6CyBkiyuzAXOEQZYQ5b5SJiCxzQz7U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.raw
new file mode 100644
index 0000000..7112d3c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/rijndael.raw
@@ -0,0 +1 @@
+Salted__�T���#�㣚���������7X�e�
\ No newline at end of file
[20/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1InputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1InputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1InputStream.java
new file mode 100644
index 0000000..e68c231
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1InputStream.java
@@ -0,0 +1,420 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.EOFException;
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Vector;
+
+/**
+ * a general purpose ASN.1 decoder - note: this class differs from the
+ * others in that it returns null after it has read the last object in
+ * the stream. If an ASN.1 NULL is encountered a DER/BER Null object is
+ * returned.
+ */
+public class ASN1InputStream
+ extends FilterInputStream
+ implements DERTags {
+ private static final DERObject END_OF_STREAM = new DERObject() {
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ throw new IOException("Eeek!");
+ }
+ public int hashCode() {
+ return 0;
+ }
+ public boolean equals(
+ Object o) {
+ return o == this;
+ }
+ };
+
+ boolean eofFound = false;
+ int limit = Integer.MAX_VALUE;
+
+ public ASN1InputStream(
+ InputStream is) {
+ super(is);
+ }
+
+ /**
+ * Create an ASN1InputStream based on the input byte array. The length of DER objects in
+ * the stream is automatically limited to the length of the input array.
+ *
+ * @param input array containing ASN.1 encoded data.
+ */
+ public ASN1InputStream(
+ byte[] input) {
+ this(new ByteArrayInputStream(input), input.length);
+ }
+
+ /**
+ * Create an ASN1InputStream where no DER object will be longer than limit.
+ *
+ * @param input stream containing ASN.1 encoded data.
+ * @param limit maximum size of a DER encoded object.
+ */
+ public ASN1InputStream(
+ InputStream input,
+ int limit) {
+ super(input);
+ this.limit = limit;
+ }
+
+ protected int readLength()
+ throws IOException {
+ int length = read();
+ if (length < 0) {
+ throw new IOException("EOF found when length expected");
+ }
+
+ if (length == 0x80) {
+ return -1; // indefinite-length encoding
+ }
+
+ if (length > 127) {
+ int size = length & 0x7f;
+
+ if (size > 4) {
+ throw new IOException("DER length more than 4 bytes");
+ }
+
+ length = 0;
+ for (int i = 0; i < size; i++) {
+ int next = read();
+
+ if (next < 0) {
+ throw new IOException("EOF found reading length");
+ }
+
+ length = (length << 8) + next;
+ }
+
+ if (length < 0) {
+ throw new IOException("corrupted stream - negative length found");
+ }
+
+ if (length >= limit) // after all we must have read at least 1 byte
+ {
+ throw new IOException("corrupted stream - out of bounds length found");
+ }
+ }
+
+ return length;
+ }
+
+ protected void readFully(
+ byte[] bytes)
+ throws IOException {
+ int left = bytes.length;
+ int len;
+
+ if (left == 0) {
+ return;
+ }
+
+ while ((len = read(bytes, bytes.length - left, left)) > 0) {
+ if ((left -= len) == 0) {
+ return;
+ }
+ }
+
+ if (left != 0) {
+ throw new EOFException("EOF encountered in middle of object");
+ }
+ }
+
+ /** build an object given its tag and the number of bytes to construct it from. */
+ protected DERObject buildObject(
+ int tag,
+ int tagNo,
+ int length)
+ throws IOException {
+ if ((tag & APPLICATION) != 0) {
+ return new DERApplicationSpecific(tagNo, readDefiniteLengthFully(length));
+ }
+
+ boolean isConstructed = (tag & CONSTRUCTED) != 0;
+
+ if (isConstructed) {
+ switch (tag) {
+ case SEQUENCE | CONSTRUCTED:
+ return new DERSequence(buildDerEncodableVector(length));
+ case SET | CONSTRUCTED:
+ return new DERSet(buildDerEncodableVector(length), false);
+ case OCTET_STRING | CONSTRUCTED:
+ return buildDerConstructedOctetString(length);
+ default: {
+ //
+ // with tagged object tag number is bottom 5 bits
+ //
+ if ((tag & TAGGED) != 0) {
+ if (length == 0) // empty tag!
+ {
+ return new DERTaggedObject(false, tagNo, new DERSequence());
+ }
+
+ ASN1EncodableVector v = buildDerEncodableVector(length);
+
+ if (v.size() == 1) {
+ //
+ // explicitly tagged (probably!) - if it isn't we'd have to
+ // tell from the context
+ //
+ return new DERTaggedObject(tagNo, v.get(0));
+ }
+
+ return new DERTaggedObject(false, tagNo, new DERSequence(v));
+ }
+
+ return new DERUnknownTag(tag, readDefiniteLengthFully(length));
+ }
+ }
+ }
+
+ byte[] bytes = readDefiniteLengthFully(length);
+
+ switch (tag) {
+ case NULL:
+ return DERNull.INSTANCE;
+ case BOOLEAN:
+ return new DERBoolean(bytes);
+ case INTEGER:
+ return new DERInteger(bytes);
+ case ENUMERATED:
+ return new DEREnumerated(bytes);
+ case OBJECT_IDENTIFIER:
+ return new DERObjectIdentifier(bytes);
+ case BIT_STRING: {
+ int padBits = bytes[0];
+ byte[] data = new byte[bytes.length - 1];
+
+ System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
+
+ return new DERBitString(data, padBits);
+ }
+ case NUMERIC_STRING:
+ return new DERNumericString(bytes);
+ case UTF8_STRING:
+ return new DERUTF8String(bytes);
+ case PRINTABLE_STRING:
+ return new DERPrintableString(bytes);
+ case IA5_STRING:
+ return new DERIA5String(bytes);
+ case T61_STRING:
+ return new DERT61String(bytes);
+ case VISIBLE_STRING:
+ return new DERVisibleString(bytes);
+ case GENERAL_STRING:
+ return new DERGeneralString(bytes);
+ case UNIVERSAL_STRING:
+ return new DERUniversalString(bytes);
+ case BMP_STRING:
+ return new DERBMPString(bytes);
+ case OCTET_STRING:
+ return new DEROctetString(bytes);
+ case UTC_TIME:
+ return new DERUTCTime(bytes);
+ case GENERALIZED_TIME:
+ return new DERGeneralizedTime(bytes);
+ default: {
+ //
+ // with tagged object tag number is bottom 5 bits
+ //
+ if ((tag & TAGGED) != 0) {
+ if (bytes.length == 0) // empty tag!
+ {
+ return new DERTaggedObject(false, tagNo, DERNull.INSTANCE);
+ }
+
+ //
+ // simple type - implicit... return an octet string
+ //
+ return new DERTaggedObject(false, tagNo, new DEROctetString(bytes));
+ }
+
+ return new DERUnknownTag(tag, bytes);
+ }
+ }
+ }
+
+ private byte[] readDefiniteLengthFully(int length)
+ throws IOException {
+ byte[] bytes = new byte[length];
+ readFully(bytes);
+ return bytes;
+ }
+
+ /** read a string of bytes representing an indefinite length object. */
+ private byte[] readIndefiniteLengthFully()
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ int b, b1;
+
+ b1 = read();
+
+ while ((b = read()) >= 0) {
+ if (b1 == 0 && b == 0) {
+ break;
+ }
+
+ bOut.write(b1);
+ b1 = b;
+ }
+
+ return bOut.toByteArray();
+ }
+
+ private BERConstructedOctetString buildConstructedOctetString(DERObject sentinel)
+ throws IOException {
+ Vector octs = new Vector();
+ DERObject o;
+
+ while ((o = readObject()) != sentinel) {
+ octs.addElement(o);
+ }
+
+ return new BERConstructedOctetString(octs);
+ }
+
+ //
+ // yes, people actually do this...
+ //
+ private BERConstructedOctetString buildDerConstructedOctetString(int length)
+ throws IOException {
+ DefiniteLengthInputStream dIn = new DefiniteLengthInputStream(this, length);
+ ASN1InputStream aIn = new ASN1InputStream(dIn, length);
+
+ return aIn.buildConstructedOctetString(null);
+ }
+
+ private ASN1EncodableVector buildEncodableVector(DERObject sentinel)
+ throws IOException {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+ DERObject o;
+
+ while ((o = readObject()) != sentinel) {
+ v.add(o);
+ }
+
+ return v;
+ }
+
+ private ASN1EncodableVector buildDerEncodableVector(int length)
+ throws IOException {
+ DefiniteLengthInputStream dIn = new DefiniteLengthInputStream(this, length);
+ ASN1InputStream aIn = new ASN1InputStream(dIn, length);
+
+ return aIn.buildEncodableVector(null);
+ }
+
+ public DERObject readObject()
+ throws IOException {
+ int tag = read();
+ if (tag == -1) {
+ if (eofFound) {
+ throw new EOFException("attempt to read past end of file.");
+ }
+
+ eofFound = true;
+
+ return null;
+ }
+
+ int tagNo = 0;
+
+ if ((tag & TAGGED) != 0 || (tag & APPLICATION) != 0) {
+ tagNo = readTagNumber(tag);
+ }
+
+ int length = readLength();
+
+ if (length < 0) // indefinite length method
+ {
+ switch (tag) {
+ case NULL:
+ return BERNull.INSTANCE;
+ case SEQUENCE | CONSTRUCTED:
+ return new BERSequence(buildEncodableVector(END_OF_STREAM));
+ case SET | CONSTRUCTED:
+ return new BERSet(buildEncodableVector(END_OF_STREAM), false);
+ case OCTET_STRING | CONSTRUCTED:
+ return buildConstructedOctetString(END_OF_STREAM);
+ default: {
+ //
+ // with tagged object tag number is bottom 5 bits
+ //
+ if ((tag & TAGGED) != 0) {
+ //
+ // simple type - implicit... return an octet string
+ //
+ if ((tag & CONSTRUCTED) == 0) {
+ byte[] bytes = readIndefiniteLengthFully();
+
+ return new BERTaggedObject(false, tagNo, new DEROctetString(bytes));
+ }
+
+ //
+ // either constructed or explicitly tagged
+ //
+ ASN1EncodableVector v = buildEncodableVector(END_OF_STREAM);
+
+ if (v.size() == 0) // empty tag!
+ {
+ return new DERTaggedObject(tagNo);
+ }
+
+ if (v.size() == 1) {
+ //
+ // explicitly tagged (probably!) - if it isn't we'd have to
+ // tell from the context
+ //
+ return new BERTaggedObject(tagNo, v.get(0));
+ }
+
+ return new BERTaggedObject(false, tagNo, new BERSequence(v));
+ }
+
+ throw new IOException("unknown BER object encountered");
+ }
+ }
+ } else {
+ if (tag == 0 && length == 0) // end of contents marker.
+ {
+ return END_OF_STREAM;
+ }
+
+ return buildObject(tag, tagNo, length);
+ }
+ }
+
+ private int readTagNumber(int tag)
+ throws IOException {
+ int tagNo = tag & 0x1f;
+
+ if (tagNo == 0x1f) {
+ int b = read();
+
+ tagNo = 0;
+
+ while ((b >= 0) && ((b & 0x80) != 0)) {
+ tagNo |= (b & 0x7f);
+ tagNo <<= 7;
+ b = read();
+ }
+
+ if (b < 0) {
+ eofFound = true;
+ throw new EOFException("EOF found inside tag value.");
+ }
+
+ tagNo |= (b & 0x7f);
+ }
+
+ return tagNo;
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Null.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Null.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Null.java
new file mode 100644
index 0000000..7f56bbd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Null.java
@@ -0,0 +1,30 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** A NULL object. */
+public abstract class ASN1Null
+ extends ASN1Object {
+ public ASN1Null() {
+ }
+
+ public int hashCode() {
+ return 0;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof ASN1Null)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString() {
+ return "NULL";
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Object.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Object.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Object.java
new file mode 100644
index 0000000..a2ec57a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Object.java
@@ -0,0 +1,34 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public abstract class ASN1Object
+ extends DERObject {
+ /**
+ * Create a base ASN.1 object from a byte stream.
+ *
+ * @param data the byte stream to parse.
+ * @return the base ASN.1 object represented by the byte stream.
+ * @throws java.io.IOException if there is a problem parsing the data.
+ */
+ public static ASN1Object fromByteArray(byte[] data)
+ throws IOException {
+ ASN1InputStream aIn = new ASN1InputStream(data);
+
+ return (ASN1Object) aIn.readObject();
+ }
+
+ public final boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+
+ return (o instanceof DEREncodable) && asn1Equals(((DEREncodable) o).getDERObject());
+ }
+
+ public abstract int hashCode();
+
+ abstract void encode(DEROutputStream out) throws IOException;
+
+ abstract boolean asn1Equals(DERObject o);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1ObjectParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1ObjectParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1ObjectParser.java
new file mode 100644
index 0000000..ca2a576
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1ObjectParser.java
@@ -0,0 +1,55 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class ASN1ObjectParser {
+ private int _baseTag;
+ private int _tagNumber;
+
+ private ASN1StreamParser _aIn;
+
+ protected ASN1ObjectParser(
+ int baseTag,
+ int tagNumber,
+ InputStream contentStream) {
+ _baseTag = baseTag;
+ _tagNumber = tagNumber;
+ _aIn = new ASN1StreamParser(contentStream);
+ }
+
+ /**
+ * Return the tag number for this object.
+ *
+ * @return the tag number.
+ */
+ int getTagNumber() {
+ return _tagNumber;
+ }
+
+ int getBaseTag() {
+ return _baseTag;
+ }
+
+ DEREncodable readObject()
+ throws IOException {
+ return _aIn.readObject();
+ }
+
+ ASN1EncodableVector readVector()
+ throws IllegalStateException {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+ DEREncodable obj;
+
+ try {
+ while ((obj = readObject()) != null) {
+ v.add(obj.getDERObject());
+ }
+ }
+ catch (IOException e) {
+ throw new IllegalStateException(e.getMessage());
+ }
+
+ return v;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetString.java
new file mode 100644
index 0000000..10ab72e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetString.java
@@ -0,0 +1,137 @@
+package org.apache.commons.ssl.asn1;
+
+import org.apache.commons.ssl.util.Hex;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.Vector;
+
+public abstract class ASN1OctetString
+ extends ASN1Object
+ implements ASN1OctetStringParser {
+ byte[] string;
+
+ /**
+ * return an Octet String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want.
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static ASN1OctetString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /**
+ * return an Octet String from the given object.
+ *
+ * @param obj the object we want converted.
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static ASN1OctetString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof ASN1OctetString) {
+ return (ASN1OctetString) obj;
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ if (obj instanceof ASN1Sequence) {
+ Vector v = new Vector();
+ Enumeration e = ((ASN1Sequence) obj).getObjects();
+
+ while (e.hasMoreElements()) {
+ v.addElement(e.nextElement());
+ }
+
+ return new BERConstructedOctetString(v);
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /** @param string the octets making up the octet string. */
+ public ASN1OctetString(
+ byte[] string) {
+ this.string = string;
+ }
+
+ public ASN1OctetString(
+ DEREncodable obj) {
+ try {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ dOut.writeObject(obj);
+ dOut.close();
+
+ this.string = bOut.toByteArray();
+ }
+ catch (IOException e) {
+ throw new IllegalArgumentException("Error processing object : " + e.toString());
+ }
+ }
+
+ public InputStream getOctetStream() {
+ return new ByteArrayInputStream(string);
+ }
+
+ public ASN1OctetStringParser parser() {
+ return this;
+ }
+
+ public byte[] getOctets() {
+ return string;
+ }
+
+ public int hashCode() {
+ byte[] b = this.getOctets();
+ int value = 0;
+
+ for (int i = 0; i != b.length; i++) {
+ value ^= (b[i] & 0xff) << (i % 4);
+ }
+
+ return value;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof ASN1OctetString)) {
+ return false;
+ }
+
+ ASN1OctetString other = (ASN1OctetString) o;
+
+ byte[] b1 = other.string;
+ byte[] b2 = this.string;
+
+ if (b1.length != b2.length) {
+ return false;
+ }
+
+ for (int i = 0; i != b1.length; i++) {
+ if (b1[i] != b2[i]) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString() {
+ return "#" + Hex.encode(string);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetStringParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetStringParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetStringParser.java
new file mode 100644
index 0000000..b958534
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OctetStringParser.java
@@ -0,0 +1,8 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.InputStream;
+
+public interface ASN1OctetStringParser
+ extends DEREncodable {
+ public InputStream getOctetStream();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OutputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OutputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OutputStream.java
new file mode 100644
index 0000000..2cac08d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1OutputStream.java
@@ -0,0 +1,26 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class ASN1OutputStream
+ extends DEROutputStream {
+ public ASN1OutputStream(
+ OutputStream os) {
+ super(os);
+ }
+
+ public void writeObject(
+ Object obj)
+ throws IOException {
+ if (obj == null) {
+ writeNull();
+ } else if (obj instanceof DERObject) {
+ ((DERObject) obj).encode(this);
+ } else if (obj instanceof DEREncodable) {
+ ((DEREncodable) obj).getDERObject().encode(this);
+ } else {
+ throw new IOException("object not ASN1Encodable");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Sequence.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Sequence.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Sequence.java
new file mode 100644
index 0000000..699edd1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Sequence.java
@@ -0,0 +1,183 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.Vector;
+
+public abstract class ASN1Sequence
+ extends ASN1Object {
+ private Vector seq = new Vector();
+
+ /**
+ * return an ASN1Sequence from the given object.
+ *
+ * @param obj the object we want converted.
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static ASN1Sequence getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof ASN1Sequence) {
+ return (ASN1Sequence) obj;
+ }
+
+ throw new IllegalArgumentException("unknown object in getInstance");
+ }
+
+ /**
+ * Return an ASN1 sequence from a tagged object. There is a special
+ * case here, if an object appears to have been explicitly tagged on
+ * reading but we were expecting it to be implictly tagged in the
+ * normal course of events it indicates that we lost the surrounding
+ * sequence - so we need to add it back (this will happen if the tagged
+ * object is a sequence that contains other sequences). If you are
+ * dealing with implicitly tagged sequences you really <b>should</b>
+ * be using this method.
+ *
+ * @param obj the tagged object.
+ * @param explicit true if the object is meant to be explicitly tagged,
+ * false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static ASN1Sequence getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ if (explicit) {
+ if (!obj.isExplicit()) {
+ throw new IllegalArgumentException("object implicit - explicit expected.");
+ }
+
+ return (ASN1Sequence) obj.getObject();
+ } else {
+ //
+ // constructed object which appears to be explicitly tagged
+ // when it should be implicit means we have to add the
+ // surrounding sequence.
+ //
+ if (obj.isExplicit()) {
+ if (obj instanceof BERTaggedObject) {
+ return new BERSequence(obj.getObject());
+ } else {
+ return new DERSequence(obj.getObject());
+ }
+ } else {
+ if (obj.getObject() instanceof ASN1Sequence) {
+ return (ASN1Sequence) obj.getObject();
+ }
+ }
+ }
+
+ throw new IllegalArgumentException(
+ "unknown object in getInstanceFromTagged");
+ }
+
+ public Enumeration getObjects() {
+ return seq.elements();
+ }
+
+ public ASN1SequenceParser parser() {
+ final ASN1Sequence outer = this;
+
+ return new ASN1SequenceParser() {
+ private final int max = size();
+
+ private int index;
+
+ public DEREncodable readObject() throws IOException {
+ if (index == max) {
+ return null;
+ }
+
+ DEREncodable obj = getObjectAt(index++);
+ if (obj instanceof ASN1Sequence) {
+ return ((ASN1Sequence) obj).parser();
+ }
+ if (obj instanceof ASN1Set) {
+ return ((ASN1Set) obj).parser();
+ }
+
+ return obj;
+ }
+
+ public DERObject getDERObject() {
+ return outer;
+ }
+ };
+ }
+
+ /**
+ * return the object at the sequence postion indicated by index.
+ *
+ * @param index the sequence number (starting at zero) of the object
+ * @return the object at the sequence postion indicated by index.
+ */
+ public DEREncodable getObjectAt(
+ int index) {
+ return (DEREncodable) seq.elementAt(index);
+ }
+
+ /**
+ * return the number of objects in this sequence.
+ *
+ * @return the number of objects in this sequence.
+ */
+ public int size() {
+ return seq.size();
+ }
+
+ public int hashCode() {
+ Enumeration e = this.getObjects();
+ int hashCode = 0;
+
+ while (e.hasMoreElements()) {
+ Object o = e.nextElement();
+
+ if (o != null) {
+ hashCode ^= o.hashCode();
+ }
+ }
+
+ return hashCode;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof ASN1Sequence)) {
+ return false;
+ }
+
+ ASN1Sequence other = (ASN1Sequence) o;
+
+ if (this.size() != other.size()) {
+ return false;
+ }
+
+ Enumeration s1 = this.getObjects();
+ Enumeration s2 = other.getObjects();
+
+ while (s1.hasMoreElements()) {
+ DERObject o1 = ((DEREncodable) s1.nextElement()).getDERObject();
+ DERObject o2 = ((DEREncodable) s2.nextElement()).getDERObject();
+
+ if (o1 == o2 || (o1 != null && o1.equals(o2))) {
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+
+ protected void addObject(
+ DEREncodable obj) {
+ seq.addElement(obj);
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString() {
+ return seq.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SequenceParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SequenceParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SequenceParser.java
new file mode 100644
index 0000000..c64c93e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SequenceParser.java
@@ -0,0 +1,9 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public interface ASN1SequenceParser
+ extends DEREncodable {
+ DEREncodable readObject()
+ throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Set.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Set.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Set.java
new file mode 100644
index 0000000..549fc57
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Set.java
@@ -0,0 +1,281 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.Vector;
+
+abstract public class ASN1Set
+ extends ASN1Object {
+ protected Vector set = new Vector();
+
+ /**
+ * return an ASN1Set from the given object.
+ *
+ * @param obj the object we want converted.
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static ASN1Set getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof ASN1Set) {
+ return (ASN1Set) obj;
+ }
+
+ throw new IllegalArgumentException("unknown object in getInstance");
+ }
+
+ /**
+ * Return an ASN1 set from a tagged object. There is a special
+ * case here, if an object appears to have been explicitly tagged on
+ * reading but we were expecting it to be implictly tagged in the
+ * normal course of events it indicates that we lost the surrounding
+ * set - so we need to add it back (this will happen if the tagged
+ * object is a sequence that contains other sequences). If you are
+ * dealing with implicitly tagged sets you really <b>should</b>
+ * be using this method.
+ *
+ * @param obj the tagged object.
+ * @param explicit true if the object is meant to be explicitly tagged
+ * false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static ASN1Set getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ if (explicit) {
+ if (!obj.isExplicit()) {
+ throw new IllegalArgumentException("object implicit - explicit expected.");
+ }
+
+ return (ASN1Set) obj.getObject();
+ } else {
+ //
+ // constructed object which appears to be explicitly tagged
+ // and it's really implicit means we have to add the
+ // surrounding sequence.
+ //
+ if (obj.isExplicit()) {
+ ASN1Set set = new DERSet(obj.getObject());
+
+ return set;
+ } else {
+ if (obj.getObject() instanceof ASN1Set) {
+ return (ASN1Set) obj.getObject();
+ }
+
+ //
+ // in this case the parser returns a sequence, convert it
+ // into a set.
+ //
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ if (obj.getObject() instanceof ASN1Sequence) {
+ ASN1Sequence s = (ASN1Sequence) obj.getObject();
+ Enumeration e = s.getObjects();
+
+ while (e.hasMoreElements()) {
+ v.add((DEREncodable) e.nextElement());
+ }
+
+ return new DERSet(v, false);
+ }
+ }
+ }
+
+ throw new IllegalArgumentException(
+ "unknown object in getInstanceFromTagged");
+ }
+
+ public ASN1Set() {
+ }
+
+ public Enumeration getObjects() {
+ return set.elements();
+ }
+
+ /**
+ * return the object at the set postion indicated by index.
+ *
+ * @param index the set number (starting at zero) of the object
+ * @return the object at the set postion indicated by index.
+ */
+ public DEREncodable getObjectAt(
+ int index) {
+ return (DEREncodable) set.elementAt(index);
+ }
+
+ /**
+ * return the number of objects in this set.
+ *
+ * @return the number of objects in this set.
+ */
+ public int size() {
+ return set.size();
+ }
+
+ public ASN1SetParser parser() {
+ final ASN1Set outer = this;
+
+ return new ASN1SetParser() {
+ private final int max = size();
+
+ private int index;
+
+ public DEREncodable readObject() throws IOException {
+ if (index == max) {
+ return null;
+ }
+
+ DEREncodable obj = getObjectAt(index++);
+ if (obj instanceof ASN1Sequence) {
+ return ((ASN1Sequence) obj).parser();
+ }
+ if (obj instanceof ASN1Set) {
+ return ((ASN1Set) obj).parser();
+ }
+
+ return obj;
+ }
+
+ public DERObject getDERObject() {
+ return outer;
+ }
+ };
+ }
+
+ public int hashCode() {
+ Enumeration e = this.getObjects();
+ int hashCode = 0;
+
+ while (e.hasMoreElements()) {
+ hashCode ^= e.nextElement().hashCode();
+ }
+
+ return hashCode;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof ASN1Set)) {
+ return false;
+ }
+
+ ASN1Set other = (ASN1Set) o;
+
+ if (this.size() != other.size()) {
+ return false;
+ }
+
+ Enumeration s1 = this.getObjects();
+ Enumeration s2 = other.getObjects();
+
+ while (s1.hasMoreElements()) {
+ DERObject o1 = ((DEREncodable) s1.nextElement()).getDERObject();
+ DERObject o2 = ((DEREncodable) s2.nextElement()).getDERObject();
+
+ if (o1 == o2 || (o1 != null && o1.equals(o2))) {
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /** return true if a <= b (arrays are assumed padded with zeros). */
+ private boolean lessThanOrEqual(
+ byte[] a,
+ byte[] b) {
+ if (a.length <= b.length) {
+ for (int i = 0; i != a.length; i++) {
+ int l = a[i] & 0xff;
+ int r = b[i] & 0xff;
+
+ if (r > l) {
+ return true;
+ } else if (l > r) {
+ return false;
+ }
+ }
+
+ return true;
+ } else {
+ for (int i = 0; i != b.length; i++) {
+ int l = a[i] & 0xff;
+ int r = b[i] & 0xff;
+
+ if (r > l) {
+ return true;
+ } else if (l > r) {
+ return false;
+ }
+ }
+
+ return false;
+ }
+ }
+
+ private byte[] getEncoded(
+ DEREncodable obj) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ try {
+ aOut.writeObject(obj);
+ }
+ catch (IOException e) {
+ throw new IllegalArgumentException("cannot encode object added to SET");
+ }
+
+ return bOut.toByteArray();
+ }
+
+ protected void sort() {
+ if (set.size() > 1) {
+ boolean swapped = true;
+ int lastSwap = set.size() - 1;
+
+ while (swapped) {
+ int index = 0;
+ int swapIndex = 0;
+ byte[] a = getEncoded((DEREncodable) set.elementAt(0));
+
+ swapped = false;
+
+ while (index != lastSwap) {
+ byte[] b = getEncoded((DEREncodable) set.elementAt(index + 1));
+
+ if (lessThanOrEqual(a, b)) {
+ a = b;
+ } else {
+ Object o = set.elementAt(index);
+
+ set.setElementAt(set.elementAt(index + 1), index);
+ set.setElementAt(o, index + 1);
+
+ swapped = true;
+ swapIndex = index;
+ }
+
+ index++;
+ }
+
+ lastSwap = swapIndex;
+ }
+ }
+ }
+
+ protected void addObject(
+ DEREncodable obj) {
+ set.addElement(obj);
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString() {
+ return set.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SetParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SetParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SetParser.java
new file mode 100644
index 0000000..00ffbd0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1SetParser.java
@@ -0,0 +1,9 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public interface ASN1SetParser
+ extends DEREncodable {
+ public DEREncodable readObject()
+ throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1StreamParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1StreamParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1StreamParser.java
new file mode 100644
index 0000000..b1cd940
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1StreamParser.java
@@ -0,0 +1,193 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayInputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class ASN1StreamParser {
+ InputStream _in;
+
+ private int _limit;
+ private boolean _eofFound;
+
+ public ASN1StreamParser(
+ InputStream in) {
+ this(in, Integer.MAX_VALUE);
+ }
+
+ public ASN1StreamParser(
+ InputStream in,
+ int limit) {
+ this._in = in;
+ this._limit = limit;
+ }
+
+ public ASN1StreamParser(
+ byte[] encoding) {
+ this(new ByteArrayInputStream(encoding), encoding.length);
+ }
+
+ InputStream getParentStream() {
+ return _in;
+ }
+
+ private int readLength()
+ throws IOException {
+ int length = _in.read();
+ if (length < 0) {
+ throw new EOFException("EOF found when length expected");
+ }
+
+ if (length == 0x80) {
+ return -1; // indefinite-length encoding
+ }
+
+ if (length > 127) {
+ int size = length & 0x7f;
+
+ if (size > 4) {
+ throw new IOException("DER length more than 4 bytes");
+ }
+
+ length = 0;
+ for (int i = 0; i < size; i++) {
+ int next = _in.read();
+
+ if (next < 0) {
+ throw new EOFException("EOF found reading length");
+ }
+
+ length = (length << 8) + next;
+ }
+
+ if (length < 0) {
+ throw new IOException("corrupted stream - negative length found");
+ }
+
+ if (length >= _limit) // after all we must have read at least 1 byte
+ {
+ throw new IOException("corrupted stream - out of bounds length found");
+ }
+ }
+
+ return length;
+ }
+
+ public DEREncodable readObject()
+ throws IOException {
+ int tag = _in.read();
+ if (tag == -1) {
+ if (_eofFound) {
+ throw new EOFException("attempt to read past end of file.");
+ }
+
+ _eofFound = true;
+
+ return null;
+ }
+
+ //
+ // turn of looking for "00" while we resolve the tag
+ //
+ set00Check(false);
+
+ //
+ // calculate tag number
+ //
+ int baseTagNo = tag & ~DERTags.CONSTRUCTED;
+ int tagNo = baseTagNo;
+
+ if ((tag & DERTags.TAGGED) != 0) {
+ tagNo = tag & 0x1f;
+
+ //
+ // with tagged object tag number is bottom 5 bits, or stored at the start of the content
+ //
+ if (tagNo == 0x1f) {
+ tagNo = 0;
+
+ int b = _in.read();
+
+ while ((b >= 0) && ((b & 0x80) != 0)) {
+ tagNo |= (b & 0x7f);
+ tagNo <<= 7;
+ b = _in.read();
+ }
+
+ if (b < 0) {
+ _eofFound = true;
+
+ throw new EOFException("EOF encountered inside tag value.");
+ }
+
+ tagNo |= (b & 0x7f);
+ }
+ }
+
+ //
+ // calculate length
+ //
+ int length = readLength();
+
+ if (length < 0) // indefinite length
+ {
+ IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in);
+
+ switch (baseTagNo) {
+ case DERTags.NULL:
+ while (indIn.read() >= 0) {
+ // make sure we skip to end of object
+ }
+ return BERNull.INSTANCE;
+ case DERTags.OCTET_STRING:
+ return new BEROctetStringParser(new ASN1ObjectParser(tag, tagNo, indIn));
+ case DERTags.SEQUENCE:
+ return new BERSequenceParser(new ASN1ObjectParser(tag, tagNo, indIn));
+ case DERTags.SET:
+ return new BERSetParser(new ASN1ObjectParser(tag, tagNo, indIn));
+ default:
+ return new BERTaggedObjectParser(tag, tagNo, indIn);
+ }
+ } else {
+ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length);
+
+ switch (baseTagNo) {
+ case DERTags.INTEGER:
+ return new DERInteger(defIn.toByteArray());
+ case DERTags.NULL:
+ defIn.toByteArray(); // make sure we read to end of object bytes.
+ return DERNull.INSTANCE;
+ case DERTags.OBJECT_IDENTIFIER:
+ return new DERObjectIdentifier(defIn.toByteArray());
+ case DERTags.OCTET_STRING:
+ return new DEROctetString(defIn.toByteArray());
+ case DERTags.SEQUENCE:
+ return new DERSequence(loadVector(defIn, length)).parser();
+ case DERTags.SET:
+ return new DERSet(loadVector(defIn, length)).parser();
+ default:
+ return new BERTaggedObjectParser(tag, tagNo, defIn);
+ }
+ }
+ }
+
+ private void set00Check(boolean enabled) {
+ if (_in instanceof IndefiniteLengthInputStream) {
+ ((IndefiniteLengthInputStream) _in).setEofOn00(enabled);
+ }
+ }
+
+ private ASN1EncodableVector loadVector(InputStream in, int length)
+ throws IOException {
+ ASN1InputStream aIn = new ASN1InputStream(in, length);
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ DERObject obj;
+ while ((obj = aIn.readObject()) != null) {
+ v.add(obj);
+ }
+
+ return v;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObject.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObject.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObject.java
new file mode 100644
index 0000000..063569b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObject.java
@@ -0,0 +1,177 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/**
+ * ASN.1 TaggedObject - in ASN.1 nottation this is any object proceeded by
+ * a [n] where n is some number - these are assume to follow the construction
+ * rules (as with sequences).
+ */
+public abstract class ASN1TaggedObject
+ extends ASN1Object
+ implements ASN1TaggedObjectParser {
+ int tagNo;
+ boolean empty = false;
+ boolean explicit = true;
+ DEREncodable obj = null;
+
+ static public ASN1TaggedObject getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ if (explicit) {
+ return (ASN1TaggedObject) obj.getObject();
+ }
+
+ throw new IllegalArgumentException("implicitly tagged tagged object");
+ }
+
+ static public ASN1TaggedObject getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof ASN1TaggedObject) {
+ return (ASN1TaggedObject) obj;
+ }
+
+ throw new IllegalArgumentException("unknown object in getInstance");
+ }
+
+ /**
+ * Create a tagged object in the explicit style.
+ *
+ * @param tagNo the tag number for this object.
+ * @param obj the tagged object.
+ */
+ public ASN1TaggedObject(
+ int tagNo,
+ DEREncodable obj) {
+ this.explicit = true;
+ this.tagNo = tagNo;
+ this.obj = obj;
+ }
+
+ /**
+ * Create a tagged object with the style given by the value of explicit.
+ * <p>
+ * If the object implements ASN1Choice the tag style will always be changed
+ * to explicit in accordance with the ASN.1 encoding rules.
+ * </p>
+ *
+ * @param explicit true if the object is explicitly tagged.
+ * @param tagNo the tag number for this object.
+ * @param obj the tagged object.
+ */
+ public ASN1TaggedObject(
+ boolean explicit,
+ int tagNo,
+ DEREncodable obj) {
+ if (obj instanceof ASN1Choice) {
+ this.explicit = true;
+ } else {
+ this.explicit = explicit;
+ }
+
+ this.tagNo = tagNo;
+ this.obj = obj;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof ASN1TaggedObject)) {
+ return false;
+ }
+
+ ASN1TaggedObject other = (ASN1TaggedObject) o;
+
+ if (tagNo != other.tagNo || empty != other.empty || explicit != other.explicit) {
+ return false;
+ }
+
+ if (obj == null) {
+ if (other.obj != null) {
+ return false;
+ }
+ } else {
+ if (!(obj.getDERObject().equals(other.obj.getDERObject()))) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ public int hashCode() {
+ int code = tagNo;
+
+ if (obj != null) {
+ code ^= obj.hashCode();
+ }
+
+ return code;
+ }
+
+ public int getTagNo() {
+ return tagNo;
+ }
+
+ /**
+ * return whether or not the object may be explicitly tagged.
+ * <p/>
+ * Note: if the object has been read from an input stream, the only
+ * time you can be sure if isExplicit is returning the true state of
+ * affairs is if it returns false. An implicitly tagged object may appear
+ * to be explicitly tagged, so you need to understand the context under
+ * which the reading was done as well, see getObject below.
+ */
+ public boolean isExplicit() {
+ return explicit;
+ }
+
+ public boolean isEmpty() {
+ return empty;
+ }
+
+ /**
+ * return whatever was following the tag.
+ * <p/>
+ * Note: tagged objects are generally context dependent if you're
+ * trying to extract a tagged object you should be going via the
+ * appropriate getInstance method.
+ */
+ public DERObject getObject() {
+ if (obj != null) {
+ return obj.getDERObject();
+ }
+
+ return null;
+ }
+
+ /**
+ * Return the object held in this tagged object as a parser assuming it has
+ * the type of the passed in tag. If the object doesn't have a parser
+ * associated with it, the base object is returned.
+ */
+ public DEREncodable getObjectParser(
+ int tag,
+ boolean isExplicit) {
+ switch (tag) {
+ case DERTags.SET:
+ return ASN1Set.getInstance(this, isExplicit).parser();
+ case DERTags.SEQUENCE:
+ return ASN1Sequence.getInstance(this, isExplicit).parser();
+ case DERTags.OCTET_STRING:
+ return ASN1OctetString.getInstance(this, isExplicit).parser();
+ }
+
+ if (isExplicit) {
+ return getObject();
+ }
+
+ throw new RuntimeException("implicit tagging not implemented for tag: " + tag);
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString() {
+ return "[" + tagNo + "]" + obj;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObjectParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObjectParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObjectParser.java
new file mode 100644
index 0000000..7d24c6d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1TaggedObjectParser.java
@@ -0,0 +1,11 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public interface ASN1TaggedObjectParser
+ extends DEREncodable {
+ public int getTagNo();
+
+ public DEREncodable getObjectParser(int tag, boolean isExplicit)
+ throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedOctetString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedOctetString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedOctetString.java
new file mode 100644
index 0000000..750de3b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedOctetString.java
@@ -0,0 +1,137 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.Vector;
+
+public class BERConstructedOctetString
+ extends DEROctetString {
+ private static final int MAX_LENGTH = 1000;
+
+ /** convert a vector of octet strings into a single byte string */
+ static private byte[] toBytes(
+ Vector octs) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ for (int i = 0; i != octs.size(); i++) {
+ try {
+ DEROctetString o = (DEROctetString) octs.elementAt(i);
+
+ bOut.write(o.getOctets());
+ }
+ catch (ClassCastException e) {
+ throw new IllegalArgumentException(octs.elementAt(i).getClass().getName() + " found in input should only contain DEROctetString");
+ }
+ catch (IOException e) {
+ throw new IllegalArgumentException("exception converting octets " + e.toString());
+ }
+ }
+
+ return bOut.toByteArray();
+ }
+
+ private Vector octs;
+
+ /** @param string the octets making up the octet string. */
+ public BERConstructedOctetString(
+ byte[] string) {
+ super(string);
+ }
+
+ public BERConstructedOctetString(
+ Vector octs) {
+ super(toBytes(octs));
+
+ this.octs = octs;
+ }
+
+ public BERConstructedOctetString(
+ DERObject obj) {
+ super(obj);
+ }
+
+ public BERConstructedOctetString(
+ DEREncodable obj) {
+ super(obj.getDERObject());
+ }
+
+ public byte[] getOctets() {
+ return string;
+ }
+
+ /** return the DER octets that make up this string. */
+ public Enumeration getObjects() {
+ if (octs == null) {
+ return generateOcts().elements();
+ }
+
+ return octs.elements();
+ }
+
+ private Vector generateOcts() {
+ int start = 0;
+ int end = 0;
+ Vector vec = new Vector();
+
+ while ((end + 1) < string.length) {
+ if (string[end] == 0 && string[end + 1] == 0) {
+ byte[] nStr = new byte[end - start + 1];
+
+ System.arraycopy(string, start, nStr, 0, nStr.length);
+
+ vec.addElement(new DEROctetString(nStr));
+ start = end + 1;
+ }
+ end++;
+ }
+
+ byte[] nStr = new byte[string.length - start];
+
+ System.arraycopy(string, start, nStr, 0, nStr.length);
+
+ vec.addElement(new DEROctetString(nStr));
+
+ return vec;
+ }
+
+ public void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) {
+ out.write(CONSTRUCTED | OCTET_STRING);
+
+ out.write(0x80);
+
+ //
+ // write out the octet array
+ //
+ if (octs != null) {
+ for (int i = 0; i != octs.size(); i++) {
+ out.writeObject(octs.elementAt(i));
+ }
+ } else {
+ for (int i = 0; i < string.length; i += MAX_LENGTH) {
+ int end;
+
+ if (i + MAX_LENGTH > string.length) {
+ end = string.length;
+ } else {
+ end = i + MAX_LENGTH;
+ }
+
+ byte[] nStr = new byte[end - i];
+
+ System.arraycopy(string, i, nStr, 0, nStr.length);
+
+ out.writeObject(new DEROctetString(nStr));
+ }
+ }
+
+ out.write(0x00);
+ out.write(0x00);
+ } else {
+ super.encode(out);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedSequence.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedSequence.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedSequence.java
new file mode 100644
index 0000000..5cccfb6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERConstructedSequence.java
@@ -0,0 +1,29 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+/** @deprecated use BERSequence */
+public class BERConstructedSequence
+ extends DERConstructedSequence {
+ /*
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) {
+ out.write(SEQUENCE | CONSTRUCTED);
+ out.write(0x80);
+
+ Enumeration e = getObjects();
+ while (e.hasMoreElements()) {
+ out.writeObject(e.nextElement());
+ }
+
+ out.write(0x00);
+ out.write(0x00);
+ } else {
+ super.encode(out);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERGenerator.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERGenerator.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERGenerator.java
new file mode 100644
index 0000000..a81859b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERGenerator.java
@@ -0,0 +1,82 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+public class BERGenerator
+ extends ASN1Generator {
+ private boolean _tagged = false;
+ private boolean _isExplicit;
+ private int _tagNo;
+
+ protected BERGenerator(
+ OutputStream out) {
+ super(out);
+ }
+
+ public BERGenerator(
+ OutputStream out,
+ int tagNo,
+ boolean isExplicit) {
+ super(out);
+
+ _tagged = true;
+ _isExplicit = isExplicit;
+ _tagNo = tagNo;
+ }
+
+ public OutputStream getRawOutputStream() {
+ return _out;
+ }
+
+ private void writeHdr(
+ int tag)
+ throws IOException {
+ _out.write(tag);
+ _out.write(0x80);
+ }
+
+ protected void writeBERHeader(
+ int tag)
+ throws IOException {
+ if (_tagged) {
+ int tagNum = _tagNo | DERTags.TAGGED;
+
+ if (_isExplicit) {
+ writeHdr(tagNum | DERTags.CONSTRUCTED);
+ writeHdr(tag);
+ } else {
+ if ((tag & DERTags.CONSTRUCTED) != 0) {
+ writeHdr(tagNum | DERTags.CONSTRUCTED);
+ } else {
+ writeHdr(tagNum);
+ }
+ }
+ } else {
+ writeHdr(tag);
+ }
+ }
+
+ protected void writeBERBody(
+ InputStream contentStream)
+ throws IOException {
+ int ch;
+
+ while ((ch = contentStream.read()) >= 0) {
+ _out.write(ch);
+ }
+ }
+
+ protected void writeBEREnd()
+ throws IOException {
+ _out.write(0x00);
+ _out.write(0x00);
+
+ if (_tagged && _isExplicit) // write extra end for tag header
+ {
+ _out.write(0x00);
+ _out.write(0x00);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERInputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERInputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERInputStream.java
new file mode 100644
index 0000000..403b2ce
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERInputStream.java
@@ -0,0 +1,179 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Vector;
+
+/** @deprecated use ASN1InputStream */
+public class BERInputStream
+ extends DERInputStream {
+ private static final DERObject END_OF_STREAM = new DERObject() {
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ throw new IOException("Eeek!");
+ }
+ public int hashCode() {
+ return 0;
+ }
+ public boolean equals(
+ Object o) {
+ return o == this;
+ }
+ };
+ public BERInputStream(
+ InputStream is) {
+ super(is);
+ }
+
+ /** read a string of bytes representing an indefinite length object. */
+ private byte[] readIndefiniteLengthFully()
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ int b, b1;
+
+ b1 = read();
+
+ while ((b = read()) >= 0) {
+ if (b1 == 0 && b == 0) {
+ break;
+ }
+
+ bOut.write(b1);
+ b1 = b;
+ }
+
+ return bOut.toByteArray();
+ }
+
+ private BERConstructedOctetString buildConstructedOctetString()
+ throws IOException {
+ Vector octs = new Vector();
+
+ for (; ;) {
+ DERObject o = readObject();
+
+ if (o == END_OF_STREAM) {
+ break;
+ }
+
+ octs.addElement(o);
+ }
+
+ return new BERConstructedOctetString(octs);
+ }
+
+ public DERObject readObject()
+ throws IOException {
+ int tag = read();
+ if (tag == -1) {
+ throw new EOFException();
+ }
+
+ int length = readLength();
+
+ if (length < 0) // indefinite length method
+ {
+ switch (tag) {
+ case NULL:
+ return null;
+ case SEQUENCE | CONSTRUCTED:
+ BERConstructedSequence seq = new BERConstructedSequence();
+
+ for (; ;) {
+ DERObject obj = readObject();
+
+ if (obj == END_OF_STREAM) {
+ break;
+ }
+
+ seq.addObject(obj);
+ }
+ return seq;
+ case OCTET_STRING | CONSTRUCTED:
+ return buildConstructedOctetString();
+ case SET | CONSTRUCTED:
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ for (; ;) {
+ DERObject obj = readObject();
+
+ if (obj == END_OF_STREAM) {
+ break;
+ }
+
+ v.add(obj);
+ }
+ return new BERSet(v);
+ default:
+ //
+ // with tagged object tag number is bottom 5 bits
+ //
+ if ((tag & TAGGED) != 0) {
+ if ((tag & 0x1f) == 0x1f) {
+ throw new IOException("unsupported high tag encountered");
+ }
+
+ //
+ // simple type - implicit... return an octet string
+ //
+ if ((tag & CONSTRUCTED) == 0) {
+ byte[] bytes = readIndefiniteLengthFully();
+
+ return new BERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes));
+ }
+
+ //
+ // either constructed or explicitly tagged
+ //
+ DERObject dObj = readObject();
+
+ if (dObj == END_OF_STREAM) // empty tag!
+ {
+ return new DERTaggedObject(tag & 0x1f);
+ }
+
+ DERObject next = readObject();
+
+ //
+ // explicitly tagged (probably!) - if it isn't we'd have to
+ // tell from the context
+ //
+ if (next == END_OF_STREAM) {
+ return new BERTaggedObject(tag & 0x1f, dObj);
+ }
+
+ //
+ // another implicit object, we'll create a sequence...
+ //
+ seq = new BERConstructedSequence();
+
+ seq.addObject(dObj);
+
+ do {
+ seq.addObject(next);
+ next = readObject();
+ }
+ while (next != END_OF_STREAM);
+
+ return new BERTaggedObject(false, tag & 0x1f, seq);
+ }
+
+ throw new IOException("unknown BER object encountered");
+ }
+ } else {
+ if (tag == 0 && length == 0) // end of contents marker.
+ {
+ return END_OF_STREAM;
+ }
+
+ byte[] bytes = new byte[length];
+
+ readFully(bytes);
+
+ return buildObject(tag, bytes);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERNull.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERNull.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERNull.java
new file mode 100644
index 0000000..e5c1626
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERNull.java
@@ -0,0 +1,22 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** A BER NULL object. */
+public class BERNull
+ extends DERNull {
+ public static final BERNull INSTANCE = new BERNull();
+
+ public BERNull() {
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) {
+ out.write(NULL);
+ } else {
+ super.encode(out);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringGenerator.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringGenerator.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringGenerator.java
new file mode 100644
index 0000000..b21fade
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringGenerator.java
@@ -0,0 +1,86 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class BEROctetStringGenerator
+ extends BERGenerator {
+ public BEROctetStringGenerator(OutputStream out)
+ throws IOException {
+ super(out);
+
+ writeBERHeader(DERTags.CONSTRUCTED | DERTags.OCTET_STRING);
+ }
+
+ public BEROctetStringGenerator(
+ OutputStream out,
+ int tagNo,
+ boolean isExplicit)
+ throws IOException {
+ super(out, tagNo, isExplicit);
+
+ writeBERHeader(DERTags.CONSTRUCTED | DERTags.OCTET_STRING);
+ }
+
+ public OutputStream getOctetOutputStream() {
+ return getOctetOutputStream(new byte[1000]); // limit for CER encoding.
+ }
+
+ public OutputStream getOctetOutputStream(
+ byte[] buf) {
+ return new BufferedBEROctetStream(buf);
+ }
+
+ private class BufferedBEROctetStream
+ extends OutputStream {
+ private byte[] _buf;
+ private int _off;
+
+ BufferedBEROctetStream(
+ byte[] buf) {
+ _buf = buf;
+ _off = 0;
+ }
+
+ public void write(
+ int b)
+ throws IOException {
+ _buf[_off++] = (byte) b;
+
+ if (_off == _buf.length) {
+ _out.write(new DEROctetString(_buf).getEncoded());
+ _off = 0;
+ }
+ }
+
+ public void write(byte[] b, int off, int len) throws IOException {
+ while (len > 0) {
+ int numToCopy = Math.min(len, _buf.length - _off);
+ System.arraycopy(b, off, _buf, _off, numToCopy);
+
+ _off += numToCopy;
+ if (_off < _buf.length) {
+ break;
+ }
+
+ _out.write(new DEROctetString(_buf).getEncoded());
+ _off = 0;
+
+ off += numToCopy;
+ len -= numToCopy;
+ }
+ }
+
+ public void close()
+ throws IOException {
+ if (_off != 0) {
+ byte[] bytes = new byte[_off];
+ System.arraycopy(_buf, 0, bytes, 0, _off);
+
+ _out.write(new DEROctetString(bytes).getEncoded());
+ }
+
+ writeBEREnd();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringParser.java
new file mode 100644
index 0000000..2123c2b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROctetStringParser.java
@@ -0,0 +1,36 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class BEROctetStringParser
+ implements ASN1OctetStringParser {
+ private ASN1ObjectParser _parser;
+
+ protected BEROctetStringParser(
+ ASN1ObjectParser parser) {
+ _parser = parser;
+ }
+
+ public InputStream getOctetStream() {
+ return new ConstructedOctetStream(_parser);
+ }
+
+ public DERObject getDERObject() {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ InputStream in = this.getOctetStream();
+ int ch;
+
+ try {
+ while ((ch = in.read()) >= 0) {
+ bOut.write(ch);
+ }
+ }
+ catch (IOException e) {
+ throw new IllegalStateException("IOException converting stream to byte array: " + e.getMessage());
+ }
+
+ return new BERConstructedOctetString(bOut.toByteArray());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROutputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROutputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROutputStream.java
new file mode 100644
index 0000000..36f99ee
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BEROutputStream.java
@@ -0,0 +1,26 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class BEROutputStream
+ extends DEROutputStream {
+ public BEROutputStream(
+ OutputStream os) {
+ super(os);
+ }
+
+ public void writeObject(
+ Object obj)
+ throws IOException {
+ if (obj == null) {
+ writeNull();
+ } else if (obj instanceof DERObject) {
+ ((DERObject) obj).encode(this);
+ } else if (obj instanceof DEREncodable) {
+ ((DEREncodable) obj).getDERObject().encode(this);
+ } else {
+ throw new IOException("object not BEREncodable");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequence.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequence.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequence.java
new file mode 100644
index 0000000..cc7667e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequence.java
@@ -0,0 +1,44 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+public class BERSequence
+ extends DERSequence {
+ /** create an empty sequence */
+ public BERSequence() {
+ }
+
+ /** create a sequence containing one object */
+ public BERSequence(
+ DEREncodable obj) {
+ super(obj);
+ }
+
+ /** create a sequence containing a vector of objects. */
+ public BERSequence(
+ DEREncodableVector v) {
+ super(v);
+ }
+
+ /*
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) {
+ out.write(SEQUENCE | CONSTRUCTED);
+ out.write(0x80);
+
+ Enumeration e = getObjects();
+ while (e.hasMoreElements()) {
+ out.writeObject(e.nextElement());
+ }
+
+ out.write(0x00);
+ out.write(0x00);
+ } else {
+ super.encode(out);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceGenerator.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceGenerator.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceGenerator.java
new file mode 100644
index 0000000..0e821ce
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceGenerator.java
@@ -0,0 +1,36 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class BERSequenceGenerator
+ extends BERGenerator {
+ public BERSequenceGenerator(
+ OutputStream out)
+ throws IOException {
+ super(out);
+
+ writeBERHeader(DERTags.CONSTRUCTED | DERTags.SEQUENCE);
+ }
+
+ public BERSequenceGenerator(
+ OutputStream out,
+ int tagNo,
+ boolean isExplicit)
+ throws IOException {
+ super(out, tagNo, isExplicit);
+
+ writeBERHeader(DERTags.CONSTRUCTED | DERTags.SEQUENCE);
+ }
+
+ public void addObject(
+ DEREncodable object)
+ throws IOException {
+ object.getDERObject().encode(new DEROutputStream(_out));
+ }
+
+ public void close()
+ throws IOException {
+ writeBEREnd();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceParser.java
new file mode 100644
index 0000000..fb7dad3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSequenceParser.java
@@ -0,0 +1,21 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public class BERSequenceParser
+ implements ASN1SequenceParser {
+ private ASN1ObjectParser _parser;
+
+ BERSequenceParser(ASN1ObjectParser parser) {
+ this._parser = parser;
+ }
+
+ public DEREncodable readObject()
+ throws IOException {
+ return _parser.readObject();
+ }
+
+ public DERObject getDERObject() {
+ return new BERSequence(_parser.readVector());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSet.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSet.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSet.java
new file mode 100644
index 0000000..db80cf4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSet.java
@@ -0,0 +1,51 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+public class BERSet
+ extends DERSet {
+ /** create an empty sequence */
+ public BERSet() {
+ }
+
+ /** create a set containing one object */
+ public BERSet(
+ DEREncodable obj) {
+ super(obj);
+ }
+
+ /** @param v - a vector of objects making up the set. */
+ public BERSet(
+ DEREncodableVector v) {
+ super(v, false);
+ }
+
+ /** @param v - a vector of objects making up the set. */
+ BERSet(
+ DEREncodableVector v,
+ boolean needsSorting) {
+ super(v, needsSorting);
+ }
+
+ /*
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) {
+ out.write(SET | CONSTRUCTED);
+ out.write(0x80);
+
+ Enumeration e = getObjects();
+ while (e.hasMoreElements()) {
+ out.writeObject(e.nextElement());
+ }
+
+ out.write(0x00);
+ out.write(0x00);
+ } else {
+ super.encode(out);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSetParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSetParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSetParser.java
new file mode 100644
index 0000000..7f88189
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERSetParser.java
@@ -0,0 +1,21 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public class BERSetParser
+ implements ASN1SetParser {
+ private ASN1ObjectParser _parser;
+
+ BERSetParser(ASN1ObjectParser parser) {
+ this._parser = parser;
+ }
+
+ public DEREncodable readObject()
+ throws IOException {
+ return _parser.readObject();
+ }
+
+ public DERObject getDERObject() {
+ return new BERSet(_parser.readVector());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObject.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObject.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObject.java
new file mode 100644
index 0000000..c0be868
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObject.java
@@ -0,0 +1,94 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+/**
+ * BER TaggedObject - in ASN.1 nottation this is any object proceeded by
+ * a [n] where n is some number - these are assume to follow the construction
+ * rules (as with sequences).
+ */
+public class BERTaggedObject
+ extends DERTaggedObject {
+ /**
+ * @param tagNo the tag number for this object.
+ * @param obj the tagged object.
+ */
+ public BERTaggedObject(
+ int tagNo,
+ DEREncodable obj) {
+ super(tagNo, obj);
+ }
+
+ /**
+ * @param explicit true if an explicitly tagged object.
+ * @param tagNo the tag number for this object.
+ * @param obj the tagged object.
+ */
+ public BERTaggedObject(
+ boolean explicit,
+ int tagNo,
+ DEREncodable obj) {
+ super(explicit, tagNo, obj);
+ }
+
+ /**
+ * create an implicitly tagged object that contains a zero
+ * length sequence.
+ */
+ public BERTaggedObject(
+ int tagNo) {
+ super(false, tagNo, new BERSequence());
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) {
+ out.write(CONSTRUCTED | TAGGED | tagNo);
+ out.write(0x80);
+
+ if (!empty) {
+ if (!explicit) {
+ if (obj instanceof ASN1OctetString) {
+ Enumeration e;
+
+ if (obj instanceof BERConstructedOctetString) {
+ e = ((BERConstructedOctetString) obj).getObjects();
+ } else {
+ ASN1OctetString octs = (ASN1OctetString) obj;
+ BERConstructedOctetString berO = new BERConstructedOctetString(octs.getOctets());
+
+ e = berO.getObjects();
+ }
+
+ while (e.hasMoreElements()) {
+ out.writeObject(e.nextElement());
+ }
+ } else if (obj instanceof ASN1Sequence) {
+ Enumeration e = ((ASN1Sequence) obj).getObjects();
+
+ while (e.hasMoreElements()) {
+ out.writeObject(e.nextElement());
+ }
+ } else if (obj instanceof ASN1Set) {
+ Enumeration e = ((ASN1Set) obj).getObjects();
+
+ while (e.hasMoreElements()) {
+ out.writeObject(e.nextElement());
+ }
+ } else {
+ throw new RuntimeException("not implemented: " + obj.getClass().getName());
+ }
+ } else {
+ out.writeObject(obj);
+ }
+ }
+
+ out.write(0x00);
+ out.write(0x00);
+ } else {
+ super.encode(out);
+ }
+ }
+}
[39/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/tree.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/tree.html b/3rdparty/not-yet-commons-ssl/docs/tree.html
new file mode 100644
index 0000000..5d50525
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/tree.html
@@ -0,0 +1,1137 @@
+
+<pre><a href=".">.</a>
+ |-- <a href="./LICENSE.txt">LICENSE.txt</a>
+ |-- <a href="./NOTICE.txt">NOTICE.txt</a>
+ |-- <a href="./README.txt">README.txt</a>
+ |-- <a href="./build.xml">build.xml</a>
+ |-- <a href="./docs/">docs</a>
+ | |-- <a href="./docs/404.html">404.html</a>
+ | |-- <a href="./docs/TrustExample.java">TrustExample.java</a>
+ | |-- <a href="./docs/TrustExample.java.html">TrustExample.java.html</a>
+ | |-- <a href="./docs/about.html">about.html</a>
+ | |-- <a href="./docs/download.html">download.html</a>
+ | |-- <a href="./docs/index.html">index.html</a>
+ | |-- <a href="./docs/openssl/">openssl</a>
+ | | |-- <a href="./docs/openssl/compare.txt">compare.txt</a>
+ | | |-- <a href="./docs/openssl/profile.3.10">profile.3.10</a>
+ | | `-- <a href="./docs/openssl/profile.3.9">profile.3.9</a>
+ | |-- <a href="./docs/pbe.html">pbe.html</a>
+ | |-- <a href="./docs/ping.html">ping.html</a>
+ | |-- <a href="./docs/pkcs8.html">pkcs8.html</a>
+ | |-- <a href="./docs/rmi.html">rmi.html</a>
+ | |-- <a href="./docs/roadmap.html">roadmap.html</a>
+ | |-- <a href="./docs/source.html">source.html</a>
+ | |-- <a href="./docs/ssl.html">ssl.html</a>
+ | |-- <a href="./docs/tree.html">tree.html</a>
+ | `-- <a href="./docs/utilities.html">utilities.html</a>
+ |-- <a href="./javadocs/">javadocs</a>
+ |-- <a href="./lib/">lib</a>
+ | |-- <a href="./lib/bcprov-jdk16-143.jar">bcprov-jdk16-143.jar</a>
+ | |-- <a href="./lib/commons-httpclient-3.0.jar">commons-httpclient-3.0.jar</a>
+ | |-- <a href="./lib/commons-logging-1.0.4.jar">commons-logging-1.0.4.jar</a>
+ | |-- <a href="./lib/junit-3.8.1.jar">junit-3.8.1.jar</a>
+ | `-- <a href="./lib/log4j-1.2.13.jar">log4j-1.2.13.jar</a>
+ |-- <a href="./not-yet-commons-ssl-0.3.11.jar">not-yet-commons-ssl-0.3.11.jar</a>
+ |-- <a href="./not-yet-commons-ssl-0.3.11.zip">not-yet-commons-ssl-0.3.11.zip</a>
+ |-- <a href="./samples/">samples</a>
+ | |-- <a href="./samples/PASSWORD.txt">PASSWORD.txt</a>
+ | |-- <a href="./samples/README.txt">README.txt</a>
+ | |-- <a href="./samples/ca/">ca</a>
+ | | |-- <a href="./samples/ca/CA.sh">CA.sh</a>
+ | | |-- <a href="./samples/ca/clean.sh">clean.sh</a>
+ | | |-- <a href="./samples/ca/dsa-intermediate/">dsa-intermediate</a>
+ | | | |-- <a href="./samples/ca/dsa-intermediate/cacert.pem">cacert.pem</a>
+ | | | |-- <a href="./samples/ca/dsa-intermediate/dsa.params">dsa.params</a>
+ | | | |-- <a href="./samples/ca/dsa-intermediate/newcerts/">newcerts</a>
+ | | | `-- <a href="./samples/ca/dsa-intermediate/private/">private</a>
+ | | | `-- <a href="./samples/ca/dsa-intermediate/private/cakey.pem">cakey.pem</a>
+ | | |-- <a href="./samples/ca/openssl.cnf">openssl.cnf</a>
+ | | |-- <a href="./samples/ca/root/">root</a>
+ | | | |-- <a href="./samples/ca/root/cacert.pem">cacert.pem</a>
+ | | | |-- <a href="./samples/ca/root/newcerts/">newcerts</a>
+ | | | `-- <a href="./samples/ca/root/private/">private</a>
+ | | | `-- <a href="./samples/ca/root/private/cakey.pem">cakey.pem</a>
+ | | |-- <a href="./samples/ca/rsa-intermediate/">rsa-intermediate</a>
+ | | | |-- <a href="./samples/ca/rsa-intermediate/cacert.pem">cacert.pem</a>
+ | | | |-- <a href="./samples/ca/rsa-intermediate/newcerts/">newcerts</a>
+ | | | `-- <a href="./samples/ca/rsa-intermediate/private/">private</a>
+ | | | `-- <a href="./samples/ca/rsa-intermediate/private/cakey.pem">cakey.pem</a>
+ | | |-- <a href="./samples/ca/rsa.key">rsa.key</a>
+ | | |-- <a href="./samples/ca/test-dsa-cert.pem">test-dsa-cert.pem</a>
+ | | |-- <a href="./samples/ca/test-dsa-chain.pem">test-dsa-chain.pem</a>
+ | | |-- <a href="./samples/ca/test-rsa-cert.pem">test-rsa-cert.pem</a>
+ | | `-- <a href="./samples/ca/test-rsa-chain.pem">test-rsa-chain.pem</a>
+ | |-- <a href="./samples/createPBESamples.sh">createPBESamples.sh</a>
+ | |-- <a href="./samples/dsa/">dsa</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes128_cbc.pem">openssl_dsa_aes128_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes128_cfb.pem">openssl_dsa_aes128_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes128_ecb.pem">openssl_dsa_aes128_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes128_ofb.pem">openssl_dsa_aes128_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes192_cbc.pem">openssl_dsa_aes192_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes192_cfb.pem">openssl_dsa_aes192_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes192_ecb.pem">openssl_dsa_aes192_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes192_ofb.pem">openssl_dsa_aes192_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes256_cbc.pem">openssl_dsa_aes256_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes256_cfb.pem">openssl_dsa_aes256_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes256_ecb.pem">openssl_dsa_aes256_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_aes256_ofb.pem">openssl_dsa_aes256_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_blowfish_cbc.pem">openssl_dsa_blowfish_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_blowfish_cfb.pem">openssl_dsa_blowfish_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_blowfish_ecb.pem">openssl_dsa_blowfish_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_blowfish_ofb.pem">openssl_dsa_blowfish_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des1_cbc.pem">openssl_dsa_des1_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des1_cfb.pem">openssl_dsa_des1_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des1_ecb.pem">openssl_dsa_des1_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des1_ofb.pem">openssl_dsa_des1_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des2_cbc.pem">openssl_dsa_des2_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des2_cfb.pem">openssl_dsa_des2_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des2_ecb.pem">openssl_dsa_des2_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des2_ofb.pem">openssl_dsa_des2_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des3_cbc.pem">openssl_dsa_des3_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des3_cfb.pem">openssl_dsa_des3_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des3_ecb.pem">openssl_dsa_des3_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_des3_ofb.pem">openssl_dsa_des3_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_rc2_128_cbc.pem">openssl_dsa_rc2_128_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_rc2_128_cfb.pem">openssl_dsa_rc2_128_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_rc2_128_ecb.pem">openssl_dsa_rc2_128_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_rc2_128_ofb.pem">openssl_dsa_rc2_128_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_rc2_40_cbc.pem">openssl_dsa_rc2_40_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_rc2_64_cbc.pem">openssl_dsa_rc2_64_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_unencrypted.der">openssl_dsa_unencrypted.der</a>
+ | | |-- <a href="./samples/dsa/openssl_dsa_unencrypted.pem">openssl_dsa_unencrypted.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8_dsa_unencrypted.der">pkcs8_dsa_unencrypted.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8_dsa_unencrypted.pem">pkcs8_dsa_unencrypted.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der">pkcs8v1_dsa_md2_des1_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem">pkcs8v1_dsa_md2_des1_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der">pkcs8v1_dsa_md2_rc2_64_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem">pkcs8v1_dsa_md2_rc2_64_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der">pkcs8v1_dsa_md5_des1_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem">pkcs8v1_dsa_md5_des1_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der">pkcs8v1_dsa_md5_rc2_64_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem">pkcs8v1_dsa_md5_rc2_64_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der">pkcs8v1_dsa_sha1_des1_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem">pkcs8v1_dsa_sha1_des1_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der">pkcs8v1_dsa_sha1_des2_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem">pkcs8v1_dsa_sha1_des2_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der">pkcs8v1_dsa_sha1_des3_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem">pkcs8v1_dsa_sha1_des3_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der">pkcs8v1_dsa_sha1_rc2_128_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem">pkcs8v1_dsa_sha1_rc2_128_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der">pkcs8v1_dsa_sha1_rc2_40_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem">pkcs8v1_dsa_sha1_rc2_40_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der">pkcs8v1_dsa_sha1_rc2_64_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem">pkcs8v1_dsa_sha1_rc2_64_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der">pkcs8v1_dsa_sha1_rc4_128.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem">pkcs8v1_dsa_sha1_rc4_128.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der">pkcs8v1_dsa_sha1_rc4_40.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem">pkcs8v1_dsa_sha1_rc4_40.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_cbc.der">pkcs8v2_dsa_aes128_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_cbc.pem">pkcs8v2_dsa_aes128_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_cfb.der">pkcs8v2_dsa_aes128_cfb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_cfb.pem">pkcs8v2_dsa_aes128_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_ecb.der">pkcs8v2_dsa_aes128_ecb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_ecb.pem">pkcs8v2_dsa_aes128_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_ofb.der">pkcs8v2_dsa_aes128_ofb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes128_ofb.pem">pkcs8v2_dsa_aes128_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_cbc.der">pkcs8v2_dsa_aes192_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_cbc.pem">pkcs8v2_dsa_aes192_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_cfb.der">pkcs8v2_dsa_aes192_cfb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_cfb.pem">pkcs8v2_dsa_aes192_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_ecb.der">pkcs8v2_dsa_aes192_ecb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_ecb.pem">pkcs8v2_dsa_aes192_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_ofb.der">pkcs8v2_dsa_aes192_ofb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes192_ofb.pem">pkcs8v2_dsa_aes192_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_cbc.der">pkcs8v2_dsa_aes256_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_cbc.pem">pkcs8v2_dsa_aes256_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_cfb.der">pkcs8v2_dsa_aes256_cfb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_cfb.pem">pkcs8v2_dsa_aes256_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_ecb.der">pkcs8v2_dsa_aes256_ecb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_ecb.pem">pkcs8v2_dsa_aes256_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_ofb.der">pkcs8v2_dsa_aes256_ofb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_aes256_ofb.pem">pkcs8v2_dsa_aes256_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_blowfish_cbc.der">pkcs8v2_dsa_blowfish_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem">pkcs8v2_dsa_blowfish_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_cbc.der">pkcs8v2_dsa_des1_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_cbc.pem">pkcs8v2_dsa_des1_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_cfb.der">pkcs8v2_dsa_des1_cfb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_cfb.pem">pkcs8v2_dsa_des1_cfb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_ecb.der">pkcs8v2_dsa_des1_ecb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_ecb.pem">pkcs8v2_dsa_des1_ecb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_ofb.der">pkcs8v2_dsa_des1_ofb.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des1_ofb.pem">pkcs8v2_dsa_des1_ofb.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der">pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem">pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des3_cbc.der">pkcs8v2_dsa_des3_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_des3_cbc.pem">pkcs8v2_dsa_des3_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der">pkcs8v2_dsa_rc2_128_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem">pkcs8v2_dsa_rc2_128_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der">pkcs8v2_dsa_rc2_40_cbc.der</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem">pkcs8v2_dsa_rc2_40_cbc.pem</a>
+ | | |-- <a href="./samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der">pkcs8v2_dsa_rc2_64_cbc.der</a>
+ | | `-- <a href="./samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem">pkcs8v2_dsa_rc2_64_cbc.pem</a>
+ | |-- <a href="./samples/dsa.html">dsa.html</a>
+ | |-- <a href="./samples/dsa_result.html">dsa_result.html</a>
+ | |-- <a href="./samples/keystores/">keystores</a>
+ | | |-- <a href="./samples/keystores/BC.BKS.ks">BC.BKS.ks</a>
+ | | |-- <a href="./samples/keystores/BC.PKCS12-3DES-3DES.ks">BC.PKCS12-3DES-3DES.ks</a>
+ | | |-- <a href="./samples/keystores/BC.PKCS12-DEF-3DES-3DES.ks">BC.PKCS12-DEF-3DES-3DES.ks</a>
+ | | |-- <a href="./samples/keystores/BC.PKCS12-DEF.ks">BC.PKCS12-DEF.ks</a>
+ | | |-- <a href="./samples/keystores/BC.PKCS12.ks">BC.PKCS12.ks</a>
+ | | |-- <a href="./samples/keystores/BC.UBER.ks">BC.UBER.ks</a>
+ | | |-- <a href="./samples/keystores/README.txt">README.txt</a>
+ | | |-- <a href="./samples/keystores/Sun.2pass.jks.ks">Sun.2pass.jks.ks</a>
+ | | |-- <a href="./samples/keystores/Sun.jks.ks">Sun.jks.ks</a>
+ | | |-- <a href="./samples/keystores/SunJCE.jceks.ks">SunJCE.jceks.ks</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_dsa_rsa.ks">chain-rsa_dsa_rsa.ks</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_dsa_rsa.pem">chain-rsa_dsa_rsa.pem</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_dsa_rsa.pkcs12.der">chain-rsa_dsa_rsa.pkcs12.der</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_dsa_rsa.pkcs12.pem">chain-rsa_dsa_rsa.pkcs12.pem</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_rsa_rsa.ks">chain-rsa_rsa_rsa.ks</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_rsa_rsa.pem">chain-rsa_rsa_rsa.pem</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_rsa_rsa.pkcs12.der">chain-rsa_rsa_rsa.pkcs12.der</a>
+ | | |-- <a href="./samples/keystores/chain-rsa_rsa_rsa.pkcs12.pem">chain-rsa_rsa_rsa.pkcs12.pem</a>
+ | | |-- <a href="./samples/keystores/generate.sh">generate.sh</a>
+ | | `-- <a href="./samples/keystores/rsa.key">rsa.key</a>
+ | |-- <a href="./samples/pbe/">pbe</a>
+ | | |-- <a href="./samples/pbe/README.txt">README.txt</a>
+ | | |-- <a href="./samples/pbe/java/">java</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-cbc.base64">aes-128-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-cbc.raw">aes-128-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-cfb.base64">aes-128-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-cfb.raw">aes-128-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-cfb8.base64">aes-128-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-cfb8.raw">aes-128-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-ecb.base64">aes-128-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-ecb.raw">aes-128-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-ofb.base64">aes-128-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128-ofb.raw">aes-128-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128.base64">aes-128.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-128.raw">aes-128.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-cbc.base64">aes-192-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-cbc.raw">aes-192-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-cfb.base64">aes-192-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-cfb.raw">aes-192-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-cfb8.base64">aes-192-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-cfb8.raw">aes-192-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-ecb.base64">aes-192-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-ecb.raw">aes-192-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-ofb.base64">aes-192-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192-ofb.raw">aes-192-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192.base64">aes-192.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-192.raw">aes-192.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-cbc.base64">aes-256-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-cbc.raw">aes-256-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-cfb.base64">aes-256-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-cfb.raw">aes-256-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-cfb8.base64">aes-256-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-cfb8.raw">aes-256-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-ecb.base64">aes-256-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-ecb.raw">aes-256-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-ofb.base64">aes-256-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256-ofb.raw">aes-256-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256.base64">aes-256.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes-256.raw">aes-256.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-cbc.base64">aes128-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-cbc.raw">aes128-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-cfb.base64">aes128-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-cfb.raw">aes128-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-cfb8.base64">aes128-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-cfb8.raw">aes128-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-ecb.base64">aes128-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-ecb.raw">aes128-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-ofb.base64">aes128-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes128-ofb.raw">aes128-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes128.base64">aes128.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes128.raw">aes128.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-cbc.base64">aes192-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-cbc.raw">aes192-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-cfb.base64">aes192-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-cfb.raw">aes192-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-cfb8.base64">aes192-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-cfb8.raw">aes192-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-ecb.base64">aes192-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-ecb.raw">aes192-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-ofb.base64">aes192-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes192-ofb.raw">aes192-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes192.base64">aes192.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes192.raw">aes192.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-cbc.base64">aes256-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-cbc.raw">aes256-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-cfb.base64">aes256-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-cfb.raw">aes256-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-cfb8.base64">aes256-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-cfb8.raw">aes256-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-ecb.base64">aes256-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-ecb.raw">aes256-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-ofb.base64">aes256-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes256-ofb.raw">aes256-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/aes256.base64">aes256.base64</a>
+ | | | |-- <a href="./samples/pbe/java/aes256.raw">aes256.raw</a>
+ | | | |-- <a href="./samples/pbe/java/bf-cbc.base64">bf-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/bf-cbc.raw">bf-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/bf-cfb.base64">bf-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/bf-cfb.raw">bf-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/bf-cfb8.base64">bf-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/bf-cfb8.raw">bf-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/bf-ecb.base64">bf-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/bf-ecb.raw">bf-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/bf-ofb.base64">bf-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/bf-ofb.raw">bf-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/bf.base64">bf.base64</a>
+ | | | |-- <a href="./samples/pbe/java/bf.raw">bf.raw</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-cbc.base64">blowfish-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-cbc.raw">blowfish-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-cfb.base64">blowfish-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-cfb.raw">blowfish-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-cfb8.base64">blowfish-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-cfb8.raw">blowfish-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-ecb.base64">blowfish-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-ecb.raw">blowfish-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-ofb.base64">blowfish-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish-ofb.raw">blowfish-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish.base64">blowfish.base64</a>
+ | | | |-- <a href="./samples/pbe/java/blowfish.raw">blowfish.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-cbc.base64">camellia-128-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-cbc.raw">camellia-128-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-cfb.base64">camellia-128-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-cfb.raw">camellia-128-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-cfb8.base64">camellia-128-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-cfb8.raw">camellia-128-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-ecb.base64">camellia-128-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-ecb.raw">camellia-128-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-ofb.base64">camellia-128-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128-ofb.raw">camellia-128-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128.base64">camellia-128.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-128.raw">camellia-128.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-cbc.base64">camellia-192-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-cbc.raw">camellia-192-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-cfb.base64">camellia-192-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-cfb.raw">camellia-192-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-cfb8.base64">camellia-192-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-cfb8.raw">camellia-192-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-ecb.base64">camellia-192-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-ecb.raw">camellia-192-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-ofb.base64">camellia-192-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192-ofb.raw">camellia-192-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192.base64">camellia-192.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-192.raw">camellia-192.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-cbc.base64">camellia-256-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-cbc.raw">camellia-256-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-cfb.base64">camellia-256-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-cfb.raw">camellia-256-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-cfb8.base64">camellia-256-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-cfb8.raw">camellia-256-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-ecb.base64">camellia-256-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-ecb.raw">camellia-256-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-ofb.base64">camellia-256-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256-ofb.raw">camellia-256-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256.base64">camellia-256.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia-256.raw">camellia-256.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-cbc.base64">camellia128-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-cbc.raw">camellia128-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-cfb.base64">camellia128-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-cfb.raw">camellia128-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-cfb8.base64">camellia128-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-cfb8.raw">camellia128-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-ecb.base64">camellia128-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-ecb.raw">camellia128-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-ofb.base64">camellia128-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128-ofb.raw">camellia128-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128.base64">camellia128.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia128.raw">camellia128.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-cbc.base64">camellia192-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-cbc.raw">camellia192-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-cfb.base64">camellia192-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-cfb.raw">camellia192-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-cfb8.base64">camellia192-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-cfb8.raw">camellia192-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-ecb.base64">camellia192-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-ecb.raw">camellia192-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-ofb.base64">camellia192-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192-ofb.raw">camellia192-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192.base64">camellia192.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia192.raw">camellia192.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-cbc.base64">camellia256-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-cbc.raw">camellia256-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-cfb.base64">camellia256-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-cfb.raw">camellia256-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-cfb8.base64">camellia256-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-cfb8.raw">camellia256-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-ecb.base64">camellia256-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-ecb.raw">camellia256-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-ofb.base64">camellia256-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256-ofb.raw">camellia256-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256.base64">camellia256.base64</a>
+ | | | |-- <a href="./samples/pbe/java/camellia256.raw">camellia256.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-cbc.base64">cast5-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-cbc.raw">cast5-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-cfb.base64">cast5-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-cfb.raw">cast5-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-cfb8.base64">cast5-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-cfb8.raw">cast5-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-ecb.base64">cast5-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-ecb.raw">cast5-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-ofb.base64">cast5-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast5-ofb.raw">cast5-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast5.base64">cast5.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast5.raw">cast5.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-cbc.base64">cast6-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-cbc.raw">cast6-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-cfb.base64">cast6-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-cfb.raw">cast6-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-cfb8.base64">cast6-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-cfb8.raw">cast6-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-ecb.base64">cast6-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-ecb.raw">cast6-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-ofb.base64">cast6-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast6-ofb.raw">cast6-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/cast6.base64">cast6.base64</a>
+ | | | |-- <a href="./samples/pbe/java/cast6.raw">cast6.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-cbc.base64">des-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-cbc.raw">des-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-cfb.base64">des-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-cfb.raw">des-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-cfb8.base64">des-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-cfb8.raw">des-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ecb.base64">des-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ecb.raw">des-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-cbc.base64">des-ede-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-cbc.raw">des-ede-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-cfb.base64">des-ede-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-cfb.raw">des-ede-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-cfb8.base64">des-ede-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-cfb8.raw">des-ede-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-ecb.base64">des-ede-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-ecb.raw">des-ede-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-ofb.base64">des-ede-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede-ofb.raw">des-ede-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede.base64">des-ede.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede.raw">des-ede.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-cbc.base64">des-ede3-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-cbc.raw">des-ede3-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-cfb.base64">des-ede3-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-cfb.raw">des-ede3-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-cfb8.base64">des-ede3-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-cfb8.raw">des-ede3-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-ecb.base64">des-ede3-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-ecb.raw">des-ede3-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-ofb.base64">des-ede3-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3-ofb.raw">des-ede3-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3.base64">des-ede3.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ede3.raw">des-ede3.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des-ofb.base64">des-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des-ofb.raw">des-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des.base64">des.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des.raw">des.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des2-cbc.base64">des2-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des2-cbc.raw">des2-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des2-cfb.base64">des2-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des2-cfb.raw">des2-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des2-cfb8.base64">des2-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des2-cfb8.raw">des2-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des2-ecb.base64">des2-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des2-ecb.raw">des2-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des2-ofb.base64">des2-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des2-ofb.raw">des2-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des2.base64">des2.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des2.raw">des2.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des3-cbc.base64">des3-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des3-cbc.raw">des3-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des3-cfb.base64">des3-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des3-cfb.raw">des3-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des3-cfb8.base64">des3-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des3-cfb8.raw">des3-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des3-ecb.base64">des3-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des3-ecb.raw">des3-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des3-ofb.base64">des3-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des3-ofb.raw">des3-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/des3.base64">des3.base64</a>
+ | | | |-- <a href="./samples/pbe/java/des3.raw">des3.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost-cbc.base64">gost-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost-cbc.raw">gost-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost-cfb.base64">gost-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost-cfb.raw">gost-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost-cfb8.base64">gost-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost-cfb8.raw">gost-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost-ecb.base64">gost-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost-ecb.raw">gost-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost-ofb.base64">gost-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost-ofb.raw">gost-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost.base64">gost.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost.raw">gost.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-cbc.base64">gost28147-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-cbc.raw">gost28147-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-cfb.base64">gost28147-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-cfb.raw">gost28147-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-cfb8.base64">gost28147-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-cfb8.raw">gost28147-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-ecb.base64">gost28147-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-ecb.raw">gost28147-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-ofb.base64">gost28147-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147-ofb.raw">gost28147-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147.base64">gost28147.base64</a>
+ | | | |-- <a href="./samples/pbe/java/gost28147.raw">gost28147.raw</a>
+ | | | |-- <a href="./samples/pbe/java/idea-cbc.base64">idea-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/idea-cbc.raw">idea-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/idea-cfb.base64">idea-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/idea-cfb.raw">idea-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/idea-cfb8.base64">idea-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/idea-cfb8.raw">idea-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/idea-ecb.base64">idea-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/idea-ecb.raw">idea-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/idea-ofb.base64">idea-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/idea-ofb.raw">idea-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/idea.base64">idea.base64</a>
+ | | | |-- <a href="./samples/pbe/java/idea.raw">idea.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-cbc.base64">rc2-40-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-cbc.raw">rc2-40-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-cfb.base64">rc2-40-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-cfb.raw">rc2-40-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-cfb8.base64">rc2-40-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-cfb8.raw">rc2-40-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-ecb.base64">rc2-40-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-ecb.raw">rc2-40-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-ofb.base64">rc2-40-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40-ofb.raw">rc2-40-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40.base64">rc2-40.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-40.raw">rc2-40.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-cbc.base64">rc2-64-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-cbc.raw">rc2-64-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-cfb.base64">rc2-64-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-cfb.raw">rc2-64-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-cfb8.base64">rc2-64-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-cfb8.raw">rc2-64-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-ecb.base64">rc2-64-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-ecb.raw">rc2-64-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-ofb.base64">rc2-64-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64-ofb.raw">rc2-64-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64.base64">rc2-64.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-64.raw">rc2-64.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-cbc.base64">rc2-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-cbc.raw">rc2-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-cfb.base64">rc2-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-cfb.raw">rc2-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-cfb8.base64">rc2-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-cfb8.raw">rc2-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-ecb.base64">rc2-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-ecb.raw">rc2-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-ofb.base64">rc2-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2-ofb.raw">rc2-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc2.base64">rc2.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc2.raw">rc2.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cbc.base64">rc4-40-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cbc.raw">rc4-40-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cfb.base64">rc4-40-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cfb.raw">rc4-40-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cfb1.base64">rc4-40-cfb1.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cfb1.raw">rc4-40-cfb1.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cfb8.base64">rc4-40-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-cfb8.raw">rc4-40-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-ecb.base64">rc4-40-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-ecb.raw">rc4-40-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-ofb.base64">rc4-40-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40-ofb.raw">rc4-40-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40.base64">rc4-40.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-40.raw">rc4-40.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cbc.base64">rc4-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cbc.raw">rc4-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cfb.base64">rc4-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cfb.raw">rc4-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cfb1.base64">rc4-cfb1.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cfb1.raw">rc4-cfb1.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cfb8.base64">rc4-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-cfb8.raw">rc4-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-ecb.base64">rc4-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-ecb.raw">rc4-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-ofb.base64">rc4-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4-ofb.raw">rc4-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc4.base64">rc4.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc4.raw">rc4.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-cbc.base64">rc5-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-cbc.raw">rc5-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-cfb.base64">rc5-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-cfb.raw">rc5-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-cfb8.base64">rc5-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-cfb8.raw">rc5-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-ecb.base64">rc5-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-ecb.raw">rc5-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-ofb.base64">rc5-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc5-ofb.raw">rc5-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc5.base64">rc5.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc5.raw">rc5.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-cbc.base64">rc6-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-cbc.raw">rc6-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-cfb.base64">rc6-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-cfb.raw">rc6-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-cfb8.base64">rc6-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-cfb8.raw">rc6-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-ecb.base64">rc6-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-ecb.raw">rc6-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-ofb.base64">rc6-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc6-ofb.raw">rc6-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rc6.base64">rc6.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rc6.raw">rc6.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-cbc.base64">rijndael-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-cbc.raw">rijndael-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-cfb.base64">rijndael-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-cfb.raw">rijndael-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-cfb8.base64">rijndael-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-cfb8.raw">rijndael-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-ecb.base64">rijndael-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-ecb.raw">rijndael-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-ofb.base64">rijndael-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael-ofb.raw">rijndael-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael.base64">rijndael.base64</a>
+ | | | |-- <a href="./samples/pbe/java/rijndael.raw">rijndael.raw</a>
+ | | | |-- <a href="./samples/pbe/java/seed-cbc.base64">seed-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/seed-cbc.raw">seed-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/seed-cfb.base64">seed-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/seed-cfb.raw">seed-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/seed-cfb8.base64">seed-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/seed-cfb8.raw">seed-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/seed-ecb.base64">seed-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/seed-ecb.raw">seed-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/seed-ofb.base64">seed-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/seed-ofb.raw">seed-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/seed.base64">seed.base64</a>
+ | | | |-- <a href="./samples/pbe/java/seed.raw">seed.raw</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-cbc.base64">serpent-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-cbc.raw">serpent-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-cfb.base64">serpent-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-cfb.raw">serpent-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-cfb8.base64">serpent-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-cfb8.raw">serpent-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-ecb.base64">serpent-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-ecb.raw">serpent-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-ofb.base64">serpent-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/serpent-ofb.raw">serpent-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/serpent.base64">serpent.base64</a>
+ | | | |-- <a href="./samples/pbe/java/serpent.raw">serpent.raw</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-cbc.base64">skipjack-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-cbc.raw">skipjack-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-cfb.base64">skipjack-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-cfb.raw">skipjack-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-cfb8.base64">skipjack-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-cfb8.raw">skipjack-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-ecb.base64">skipjack-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-ecb.raw">skipjack-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-ofb.base64">skipjack-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack-ofb.raw">skipjack-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack.base64">skipjack.base64</a>
+ | | | |-- <a href="./samples/pbe/java/skipjack.raw">skipjack.raw</a>
+ | | | |-- <a href="./samples/pbe/java/tea-cbc.base64">tea-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/tea-cbc.raw">tea-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/tea-cfb.base64">tea-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/tea-cfb.raw">tea-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/tea-cfb8.base64">tea-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/tea-cfb8.raw">tea-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/tea-ecb.base64">tea-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/tea-ecb.raw">tea-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/tea-ofb.base64">tea-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/tea-ofb.raw">tea-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/tea.base64">tea.base64</a>
+ | | | |-- <a href="./samples/pbe/java/tea.raw">tea.raw</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-cbc.base64">twofish-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-cbc.raw">twofish-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-cfb.base64">twofish-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-cfb.raw">twofish-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-cfb8.base64">twofish-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-cfb8.raw">twofish-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-ecb.base64">twofish-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-ecb.raw">twofish-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-ofb.base64">twofish-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/twofish-ofb.raw">twofish-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/twofish.base64">twofish.base64</a>
+ | | | |-- <a href="./samples/pbe/java/twofish.raw">twofish.raw</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-cbc.base64">xtea-cbc.base64</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-cbc.raw">xtea-cbc.raw</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-cfb.base64">xtea-cfb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-cfb.raw">xtea-cfb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-cfb8.base64">xtea-cfb8.base64</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-cfb8.raw">xtea-cfb8.raw</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-ecb.base64">xtea-ecb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-ecb.raw">xtea-ecb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-ofb.base64">xtea-ofb.base64</a>
+ | | | |-- <a href="./samples/pbe/java/xtea-ofb.raw">xtea-ofb.raw</a>
+ | | | |-- <a href="./samples/pbe/java/xtea.base64">xtea.base64</a>
+ | | | `-- <a href="./samples/pbe/java/xtea.raw">xtea.raw</a>
+ | | `-- <a href="./samples/pbe/openssl/">openssl</a>
+ | | |-- <a href="./samples/pbe/openssl/README.txt">README.txt</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cbc.base64">aes-128-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cbc.raw">aes-128-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cfb.base64">aes-128-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cfb.raw">aes-128-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cfb1.base64">aes-128-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cfb1.raw">aes-128-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cfb8.base64">aes-128-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-cfb8.raw">aes-128-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-ecb.base64">aes-128-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-ecb.raw">aes-128-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-ofb.base64">aes-128-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-128-ofb.raw">aes-128-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cbc.base64">aes-192-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cbc.raw">aes-192-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cfb.base64">aes-192-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cfb.raw">aes-192-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cfb1.base64">aes-192-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cfb1.raw">aes-192-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cfb8.base64">aes-192-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-cfb8.raw">aes-192-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-ecb.base64">aes-192-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-ecb.raw">aes-192-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-ofb.base64">aes-192-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-192-ofb.raw">aes-192-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cbc.base64">aes-256-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cbc.raw">aes-256-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cfb.base64">aes-256-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cfb.raw">aes-256-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cfb1.base64">aes-256-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cfb1.raw">aes-256-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cfb8.base64">aes-256-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-cfb8.raw">aes-256-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-ecb.base64">aes-256-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-ecb.raw">aes-256-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-ofb.base64">aes-256-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes-256-ofb.raw">aes-256-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes128.base64">aes128.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes128.raw">aes128.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes192.base64">aes192.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes192.raw">aes192.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/aes256.base64">aes256.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/aes256.raw">aes256.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-cbc.base64">bf-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-cbc.raw">bf-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-cfb.base64">bf-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-cfb.raw">bf-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-ecb.base64">bf-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-ecb.raw">bf-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-ofb.base64">bf-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/bf-ofb.raw">bf-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/bf.base64">bf.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/bf.raw">bf.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/blowfish.base64">blowfish.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/blowfish.raw">blowfish.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cbc.base64">camellia-128-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cbc.raw">camellia-128-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cfb.base64">camellia-128-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cfb.raw">camellia-128-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cfb1.base64">camellia-128-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cfb1.raw">camellia-128-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cfb8.base64">camellia-128-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-cfb8.raw">camellia-128-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-ecb.base64">camellia-128-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-ecb.raw">camellia-128-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-ofb.base64">camellia-128-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-128-ofb.raw">camellia-128-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cbc.base64">camellia-192-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cbc.raw">camellia-192-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cfb.base64">camellia-192-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cfb.raw">camellia-192-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cfb1.base64">camellia-192-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cfb1.raw">camellia-192-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cfb8.base64">camellia-192-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-cfb8.raw">camellia-192-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-ecb.base64">camellia-192-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-ecb.raw">camellia-192-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-ofb.base64">camellia-192-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-192-ofb.raw">camellia-192-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cbc.base64">camellia-256-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cbc.raw">camellia-256-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cfb.base64">camellia-256-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cfb.raw">camellia-256-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cfb1.base64">camellia-256-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cfb1.raw">camellia-256-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cfb8.base64">camellia-256-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-cfb8.raw">camellia-256-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-ecb.base64">camellia-256-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-ecb.raw">camellia-256-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-ofb.base64">camellia-256-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia-256-ofb.raw">camellia-256-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia128.base64">camellia128.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia128.raw">camellia128.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia192.base64">camellia192.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia192.raw">camellia192.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia256.base64">camellia256.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/camellia256.raw">camellia256.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/cast-cbc.base64">cast-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/cast-cbc.raw">cast-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/cast.base64">cast.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/cast.raw">cast.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-cbc.base64">cast5-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-cbc.raw">cast5-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-cfb.base64">cast5-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-cfb.raw">cast5-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-ecb.base64">cast5-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-ecb.raw">cast5-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-ofb.base64">cast5-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/cast5-ofb.raw">cast5-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cbc.base64">des-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cbc.raw">des-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cfb.base64">des-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cfb.raw">des-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cfb1.base64">des-cfb1.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cfb1.raw">des-cfb1.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cfb8.base64">des-cfb8.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-cfb8.raw">des-cfb8.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ecb.base64">des-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ecb.raw">des-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede-cbc.base64">des-ede-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede-cbc.raw">des-ede-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede-cfb.base64">des-ede-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede-cfb.raw">des-ede-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede-ofb.base64">des-ede-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede-ofb.raw">des-ede-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede.base64">des-ede.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede.raw">des-ede.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3-cbc.base64">des-ede3-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3-cbc.raw">des-ede3-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3-cfb.base64">des-ede3-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3-cfb.raw">des-ede3-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3-ofb.base64">des-ede3-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3-ofb.raw">des-ede3-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3.base64">des-ede3.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ede3.raw">des-ede3.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ofb.base64">des-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des-ofb.raw">des-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des.base64">des.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des.raw">des.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/des3.base64">des3.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/des3.raw">des3.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-cbc.base64">idea-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-cbc.raw">idea-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-cfb.base64">idea-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-cfb.raw">idea-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-ecb.base64">idea-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-ecb.raw">idea-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-ofb.base64">idea-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/idea-ofb.raw">idea-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/idea.base64">idea.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/idea.raw">idea.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-40-cbc.base64">rc2-40-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-40-cbc.raw">rc2-40-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-64-cbc.base64">rc2-64-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-64-cbc.raw">rc2-64-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-cbc.base64">rc2-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-cbc.raw">rc2-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-cfb.base64">rc2-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-cfb.raw">rc2-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-ecb.base64">rc2-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-ecb.raw">rc2-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-ofb.base64">rc2-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2-ofb.raw">rc2-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2.base64">rc2.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc2.raw">rc2.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc4-40.base64">rc4-40.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc4-40.raw">rc4-40.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc4.base64">rc4.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc4.raw">rc4.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-cbc.base64">rc5-cbc.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-cbc.raw">rc5-cbc.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-cfb.base64">rc5-cfb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-cfb.raw">rc5-cfb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-ecb.base64">rc5-ecb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-ecb.raw">rc5-ecb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-ofb.base64">rc5-ofb.base64</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5-ofb.raw">rc5-ofb.raw</a>
+ | | |-- <a href="./samples/pbe/openssl/rc5.base64">rc5.base64</a>
+ | | `-- <a href="./samples/pbe/openssl/rc5.raw">rc5.raw</a>
+ | |-- <a href="./samples/pbe.tests">pbe.tests</a>
+ | |-- <a href="./samples/pkcs12/">pkcs12</a>
+ | | |-- <a href="./samples/pkcs12/pkcs12_client_cert.p12">pkcs12_client_cert.p12</a>
+ | | `-- <a href="./samples/pkcs12/pkcs12_client_cert.pem">pkcs12_client_cert.pem</a>
+ | |-- <a href="./samples/rsa/">rsa</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes128_cbc.pem">openssl_rsa_aes128_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes128_cfb.pem">openssl_rsa_aes128_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes128_ecb.pem">openssl_rsa_aes128_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes128_ofb.pem">openssl_rsa_aes128_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes192_cbc.pem">openssl_rsa_aes192_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes192_cfb.pem">openssl_rsa_aes192_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes192_ecb.pem">openssl_rsa_aes192_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes192_ofb.pem">openssl_rsa_aes192_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes256_cbc.pem">openssl_rsa_aes256_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes256_cfb.pem">openssl_rsa_aes256_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes256_ecb.pem">openssl_rsa_aes256_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_aes256_ofb.pem">openssl_rsa_aes256_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_blowfish_cbc.pem">openssl_rsa_blowfish_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_blowfish_cfb.pem">openssl_rsa_blowfish_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_blowfish_ecb.pem">openssl_rsa_blowfish_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_blowfish_ofb.pem">openssl_rsa_blowfish_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des1_cbc.pem">openssl_rsa_des1_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des1_cfb.pem">openssl_rsa_des1_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des1_ecb.pem">openssl_rsa_des1_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des1_ofb.pem">openssl_rsa_des1_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des2_cbc.pem">openssl_rsa_des2_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des2_cfb.pem">openssl_rsa_des2_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des2_ecb.pem">openssl_rsa_des2_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des2_ofb.pem">openssl_rsa_des2_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des3_cbc.pem">openssl_rsa_des3_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des3_cfb.pem">openssl_rsa_des3_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des3_ecb.pem">openssl_rsa_des3_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_des3_ofb.pem">openssl_rsa_des3_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_rc2_128_cbc.pem">openssl_rsa_rc2_128_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_rc2_128_cfb.pem">openssl_rsa_rc2_128_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_rc2_128_ecb.pem">openssl_rsa_rc2_128_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_rc2_128_ofb.pem">openssl_rsa_rc2_128_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_rc2_40.pem">openssl_rsa_rc2_40.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_rc2_64.pem">openssl_rsa_rc2_64.pem</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_unencrypted.der">openssl_rsa_unencrypted.der</a>
+ | | |-- <a href="./samples/rsa/openssl_rsa_unencrypted.pem">openssl_rsa_unencrypted.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8_rsa_unencrypted.der">pkcs8_rsa_unencrypted.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8_rsa_unencrypted.pem">pkcs8_rsa_unencrypted.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md2_des1.der">pkcs8v1_rsa_md2_des1.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md2_des1.pem">pkcs8v1_rsa_md2_des1.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md2_rc2_64.der">pkcs8v1_rsa_md2_rc2_64.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem">pkcs8v1_rsa_md2_rc2_64.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md5_des1.der">pkcs8v1_rsa_md5_des1.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md5_des1.pem">pkcs8v1_rsa_md5_des1.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md5_rc2_64.der">pkcs8v1_rsa_md5_rc2_64.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem">pkcs8v1_rsa_md5_rc2_64.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_des1.der">pkcs8v1_rsa_sha1_des1.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_des1.pem">pkcs8v1_rsa_sha1_des1.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_des2.der">pkcs8v1_rsa_sha1_des2.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_des2.pem">pkcs8v1_rsa_sha1_des2.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_des3.der">pkcs8v1_rsa_sha1_des3.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_des3.pem">pkcs8v1_rsa_sha1_des3.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der">pkcs8v1_rsa_sha1_rc2_128.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem">pkcs8v1_rsa_sha1_rc2_128.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der">pkcs8v1_rsa_sha1_rc2_40.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem">pkcs8v1_rsa_sha1_rc2_40.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der">pkcs8v1_rsa_sha1_rc2_64.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem">pkcs8v1_rsa_sha1_rc2_64.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der">pkcs8v1_rsa_sha1_rc4_128.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem">pkcs8v1_rsa_sha1_rc4_128.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der">pkcs8v1_rsa_sha1_rc4_40.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem">pkcs8v1_rsa_sha1_rc4_40.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_cbc.der">pkcs8v2_rsa_aes128_cbc.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_cbc.pem">pkcs8v2_rsa_aes128_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_cfb.der">pkcs8v2_rsa_aes128_cfb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_cfb.pem">pkcs8v2_rsa_aes128_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_ecb.der">pkcs8v2_rsa_aes128_ecb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_ecb.pem">pkcs8v2_rsa_aes128_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_ofb.der">pkcs8v2_rsa_aes128_ofb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes128_ofb.pem">pkcs8v2_rsa_aes128_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_cbc.der">pkcs8v2_rsa_aes192_cbc.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_cbc.pem">pkcs8v2_rsa_aes192_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_cfb.der">pkcs8v2_rsa_aes192_cfb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_cfb.pem">pkcs8v2_rsa_aes192_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_ecb.der">pkcs8v2_rsa_aes192_ecb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_ecb.pem">pkcs8v2_rsa_aes192_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_ofb.der">pkcs8v2_rsa_aes192_ofb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes192_ofb.pem">pkcs8v2_rsa_aes192_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_cbc.der">pkcs8v2_rsa_aes256_cbc.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_cbc.pem">pkcs8v2_rsa_aes256_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_cfb.der">pkcs8v2_rsa_aes256_cfb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_cfb.pem">pkcs8v2_rsa_aes256_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_ecb.der">pkcs8v2_rsa_aes256_ecb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_ecb.pem">pkcs8v2_rsa_aes256_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_ofb.der">pkcs8v2_rsa_aes256_ofb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_aes256_ofb.pem">pkcs8v2_rsa_aes256_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_blowfish_cbc.der">pkcs8v2_rsa_blowfish_cbc.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem">pkcs8v2_rsa_blowfish_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_cbc.der">pkcs8v2_rsa_des1_cbc.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_cbc.pem">pkcs8v2_rsa_des1_cbc.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_cfb.der">pkcs8v2_rsa_des1_cfb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_cfb.pem">pkcs8v2_rsa_des1_cfb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_ecb.der">pkcs8v2_rsa_des1_ecb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_ecb.pem">pkcs8v2_rsa_des1_ecb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_ofb.der">pkcs8v2_rsa_des1_ofb.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des1_ofb.pem">pkcs8v2_rsa_des1_ofb.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der">pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem">pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des3.der">pkcs8v2_rsa_des3.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_des3.pem">pkcs8v2_rsa_des3.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_rc2_128.der">pkcs8v2_rsa_rc2_128.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_rc2_128.pem">pkcs8v2_rsa_rc2_128.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_rc2_40.der">pkcs8v2_rsa_rc2_40.der</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_rc2_40.pem">pkcs8v2_rsa_rc2_40.pem</a>
+ | | |-- <a href="./samples/rsa/pkcs8v2_rsa_rc2_64.der">pkcs8v2_rsa_rc2_64.der</a>
+ | | `-- <a href="./samples/rsa/pkcs8v2_rsa_rc2_64.pem">pkcs8v2_rsa_rc2_64.pem</a>
+ | |-- <a href="./samples/rsa.html">rsa.html</a>
+ | |-- <a href="./samples/rsa_result.html">rsa_result.html</a>
+ | `-- <a href="./samples/x509/">x509</a>
+ | |-- <a href="./samples/x509/certificate.der">certificate.der</a>
+ | |-- <a href="./samples/x509/certificate.pem">certificate.pem</a>
+ | |-- <a href="./samples/x509/certificate_chain.pem">certificate_chain.pem</a>
+ | |-- <a href="./samples/x509/certificate_root_ca.der">certificate_root_ca.der</a>
+ | |-- <a href="./samples/x509/certificate_root_ca.pem">certificate_root_ca.pem</a>
+ | |-- <a href="./samples/x509/oscp.pem">oscp.pem</a>
+ | |-- <a href="./samples/x509/two-crls.pem">two-crls.pem</a>
+ | |-- <a href="./samples/x509/x509_foo.pem">x509_foo.pem</a>
+ | |-- <a href="./samples/x509/x509_foo_bar.pem">x509_foo_bar.pem</a>
+ | |-- <a href="./samples/x509/x509_foo_bar_hanako.pem">x509_foo_bar_hanako.pem</a>
+ | |-- <a href="./samples/x509/x509_hanako.pem">x509_hanako.pem</a>
+ | |-- <a href="./samples/x509/x509_no_cns_foo.pem">x509_no_cns_foo.pem</a>
+ | |-- <a href="./samples/x509/x509_three_cns_foo_bar_hanako.pem">x509_three_cns_foo_bar_hanako.pem</a>
+ | |-- <a href="./samples/x509/x509_wild_co_jp.pem">x509_wild_co_jp.pem</a>
+ | |-- <a href="./samples/x509/x509_wild_foo.pem">x509_wild_foo.pem</a>
+ | `-- <a href="./samples/x509/x509_wild_foo_bar_hanako.pem">x509_wild_foo_bar_hanako.pem</a>
+ |-- <a href="./source.html">source.html</a>
+ |-- <a href="./src/">src</a>
+ | |-- <a href="./src/java/">java</a>
+ | | `-- <a href="./src/java/org/">org</a>
+ | | `-- <a href="./src/java/org/apache/">apache</a>
+ | | `-- <a href="./src/java/org/apache/commons/">commons</a>
+ | | |-- <a href="./src/java/org/apache/commons/httpclient/">httpclient</a>
+ | | | `-- <a href="./src/java/org/apache/commons/httpclient/contrib/">contrib</a>
+ | | | `-- <a href="./src/java/org/apache/commons/httpclient/contrib/ssl/">ssl</a>
+ | | | |-- <a href="./src/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java">AuthSSLProtocolSocketFactory.java</a>
+ | | | |-- <a href="./src/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java">EasySSLProtocolSocketFactory.java</a>
+ | | | |-- <a href="./src/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java">StrictSSLProtocolSocketFactory.java</a>
+ | | | `-- <a href="./src/java/org/apache/com
<TRUNCATED>
[05/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
new file mode 100644
index 0000000..2342c82
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.Cmac;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class KeKiCmacEnc extends KeKiEnc {
+
+ public KeKiCmacEnc(EncryptProvider encProvider) {
+ super(encProvider, null);
+ }
+
+ @Override
+ public int paddingSize() {
+ return 0;
+ }
+
+ @Override
+ public int checksumSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ protected byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
+ throws KrbException {
+
+ // generate hash
+ byte[] hash = Cmac.cmac(encProvider(), key, data);
+
+ // truncate hash
+ byte[] output = new byte[hashSize];
+ System.arraycopy(hash, 0, output, 0, hashSize);
+ return output;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiEnc.java
new file mode 100644
index 0000000..5e49a35
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiEnc.java
@@ -0,0 +1,110 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class KeKiEnc extends AbstractEncTypeHandler {
+
+ public KeKiEnc(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ super(encProvider, hashProvider);
+ }
+
+ @Override
+ public int paddingSize() {
+ return 0;
+ }
+
+
+ @Override
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int inputLen = workLens[2];
+ int paddingLen = workLens[3];
+
+ byte[] Ke, Ki;
+ byte[] constant = new byte[5];
+ constant[0] = (byte) ((usage>>24)&0xff);
+ constant[1] = (byte) ((usage>>16)&0xff);
+ constant[2] = (byte) ((usage>>8)&0xff);
+ constant[3] = (byte) (usage&0xff);
+ constant[4] = (byte) 0xaa;
+ Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
+ constant[4] = (byte) 0x55;
+ Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ /**
+ * Instead of E(Confounder | Checksum | Plaintext | Padding),
+ * E(Confounder | Plaintext | Padding) | Checksum,
+ * so need to adjust the workBuffer arrangement
+ */
+
+ byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
+
+ // data
+ System.arraycopy(workBuffer, confounderLen + checksumLen,
+ tmpEnc, confounderLen, inputLen);
+
+ // padding
+ for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
+ tmpEnc[i] = 0;
+ }
+
+ // checksum & encrypt
+ byte[] checksum;
+ checksum = makeChecksum(Ki, tmpEnc, checksumLen);
+ encProvider().encrypt(Ke, iv, tmpEnc);
+
+ System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
+ System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
+ }
+
+ @Override
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+
+ byte[] Ke, Ki;
+ byte[] constant = new byte[5];
+ BytesUtil.int2bytes(usage, constant, 0, true);
+ constant[4] = (byte) 0xaa;
+ Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
+ constant[4] = (byte) 0x55;
+ Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ // decrypt and verify checksum
+
+ byte[] tmpEnc = new byte[confounderLen + dataLen];
+ System.arraycopy(workBuffer, 0,
+ tmpEnc, 0, confounderLen + dataLen);
+ byte[] checksum = new byte[checksumLen];
+ System.arraycopy(workBuffer, confounderLen + dataLen,
+ checksum, 0, checksumLen);
+
+ byte[] newChecksum;
+ encProvider().decrypt(Ke, iv, tmpEnc);
+ newChecksum = makeChecksum(Ki, tmpEnc, checksumLen);
+
+ if (! checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ }
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
+ return data;
+ }
+
+ protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
+ throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
new file mode 100644
index 0000000..4d5e268
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
@@ -0,0 +1,31 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class KeKiHmacSha1Enc extends KeKiEnc {
+
+ public KeKiHmacSha1Enc(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ super(encProvider, hashProvider);
+ }
+
+ @Override
+ public int paddingSize() {
+ return 0;
+ }
+
+ @Override
+ protected byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
+ throws KrbException {
+
+ // generate hash
+ byte[] hash = Hmac.hmac(hashProvider(), key, data);
+
+ // truncate hash
+ byte[] output = new byte[hashSize];
+ System.arraycopy(hash, 0, output, 0, hashSize);
+ return output;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
new file mode 100644
index 0000000..070c748
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -0,0 +1,130 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.Rc4;
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerberos.kerb.crypto.key.Rc4KeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Rc4HmacEnc extends AbstractEncTypeHandler {
+ private boolean exportable;
+
+ public Rc4HmacEnc() {
+ this(false);
+ }
+
+ public Rc4HmacEnc(boolean exportable) {
+ super(new Rc4Provider(), new Md5Provider());
+ keyMaker(new Rc4KeyMaker(this.encProvider()));
+ this.exportable = exportable;
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.ARCFOUR_HMAC;
+ }
+
+ @Override
+ public int confounderSize() {
+ return 8;
+ }
+
+ @Override
+ public int paddingSize() {
+ return 0;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_MD5_ARCFOUR;
+ }
+
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+
+ /**
+ * Instead of E(Confounder | Checksum | Plaintext | Padding),
+ * Checksum | E(Confounder | Plaintext)
+ */
+
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, workBuffer, checksumLen, confounderLen);
+
+ // no padding
+
+ /* checksum and encryption */
+ byte[] usageKey = makeUsageKey(key, usage);
+
+ byte[] checksum = Hmac.hmac(hashProvider(), usageKey, workBuffer,
+ checksumLen, confounderLen + dataLen);
+
+ byte[] encKey = makeEncKey(usageKey, checksum);
+
+ byte[] tmpEnc = new byte[confounderLen + dataLen];
+ System.arraycopy(workBuffer, checksumLen,
+ tmpEnc, 0, confounderLen + dataLen);
+ encProvider().encrypt(encKey, iv, tmpEnc);
+ System.arraycopy(checksum, 0, workBuffer, 0, checksumLen);
+ System.arraycopy(tmpEnc, 0, workBuffer, checksumLen, tmpEnc.length);
+ }
+
+ protected byte[] makeUsageKey(byte[] key, int usage) throws KrbException {
+ byte[] salt = Rc4.getSalt(usage, exportable);
+ byte[] usageKey = Hmac.hmac(hashProvider(), key, salt);
+ return usageKey;
+ }
+
+ protected byte[] makeEncKey(byte[] usageKey, byte[] checksum) throws KrbException {
+ byte[] tmpKey = usageKey;
+
+ if (exportable) {
+ tmpKey = BytesUtil.duplicate(usageKey);
+ for (int i = 0; i < 9; ++i) {
+ tmpKey[i + 7] = (byte) 0xab;
+ }
+ }
+
+ byte[] encKey = Hmac.hmac(hashProvider(), tmpKey, checksum);
+ return encKey;
+ }
+
+ @Override
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+
+ /* checksum and decryption */
+ byte[] usageKey = makeUsageKey(key, usage);
+
+ byte[] checksum = new byte[checksumLen];
+ System.arraycopy(workBuffer, 0, checksum, 0, checksumLen);
+
+ byte[] encKey = makeEncKey(usageKey, checksum);
+
+ byte[] tmpEnc = new byte[confounderLen + dataLen];
+ System.arraycopy(workBuffer, checksumLen,
+ tmpEnc, 0, confounderLen + dataLen);
+ encProvider().decrypt(encKey, iv, tmpEnc);
+
+ byte[] newChecksum = Hmac.hmac(hashProvider(), usageKey, tmpEnc);
+ if (! checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ }
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(tmpEnc, confounderLen,
+ data, 0, dataLen);
+
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java
new file mode 100644
index 0000000..adfde46
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Rc4HmacExpEnc extends Rc4HmacEnc {
+
+ public Rc4HmacExpEnc() {
+ super(true);
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.ARCFOUR_HMAC_EXP;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java
new file mode 100644
index 0000000..9d35e7a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java
@@ -0,0 +1,80 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractEncryptProvider implements EncryptProvider {
+ private int blockSize;
+ private int keyInputSize;
+ private int keySize;
+
+ public AbstractEncryptProvider(int blockSize, int keyInputSize, int keySize) {
+ this.blockSize = blockSize;
+ this.keyInputSize = keyInputSize;
+ this.keySize = keySize;
+ }
+
+ @Override
+ public int keyInputSize() {
+ return keyInputSize;
+ }
+
+ @Override
+ public int keySize() {
+ return keySize;
+ }
+
+ @Override
+ public int blockSize() {
+ return blockSize;
+ }
+
+ @Override
+ public byte[] initState(byte[] key, int keyUsage) {
+ return new byte[0];
+ }
+
+ @Override
+ public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
+ doEncrypt(data, key, cipherState, true);
+ }
+
+ @Override
+ public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
+ doEncrypt(data, key, cipherState, false);
+ }
+
+ @Override
+ public void encrypt(byte[] key, byte[] data) throws KrbException {
+ byte[] cipherState = new byte[blockSize()];
+ encrypt(key, cipherState, data);
+ }
+
+ @Override
+ public void decrypt(byte[] key, byte[] data) throws KrbException {
+ byte[] cipherState = new byte[blockSize()];
+ decrypt(key, cipherState, data);
+ }
+
+ protected abstract void doEncrypt(byte[] data, byte[] key, byte[] cipherState, boolean encrypt) throws KrbException;
+
+ @Override
+ public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean supportCbcMac() {
+ return false;
+ }
+
+ @Override
+ public void cleanState() {
+
+ }
+
+ @Override
+ public void cleanKey() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java
new file mode 100644
index 0000000..2efd4f0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Aes128Provider extends AesProvider {
+
+ public Aes128Provider() {
+ super(16, 16, 16);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java
new file mode 100644
index 0000000..377de2b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Aes256Provider extends AesProvider {
+
+ public Aes256Provider() {
+ super(16, 32, 32);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java
new file mode 100644
index 0000000..d2ecf6a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+public abstract class AesProvider extends AbstractEncryptProvider {
+
+ public AesProvider(int blockSize, int keyInputSize, int keySize) {
+ super(blockSize, keyInputSize, keySize);
+ }
+
+ @Override
+ protected void doEncrypt(byte[] data, byte[] key,
+ byte[] cipherState, boolean encrypt) throws KrbException {
+ Cipher cipher = null;
+ try {
+ cipher = Cipher.getInstance("AES/CTS/NoPadding");
+ } catch (GeneralSecurityException e) {
+ KrbException ke = new KrbException("JCE provider may not be installed. "
+ + e.getMessage());
+ ke.initCause(e);
+ throw ke;
+ }
+
+ try {
+ SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
+ IvParameterSpec param = new IvParameterSpec(cipherState);
+
+ cipher.init(encrypt ?
+ Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, param);
+ byte[] output = cipher.doFinal(data);
+ System.arraycopy(output, 0, data, 0, output.length);
+ } catch (GeneralSecurityException e) {
+ KrbException ke = new KrbException(e.getMessage());
+ ke.initCause(e);
+ throw ke;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java
new file mode 100644
index 0000000..3e8efaa
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Camellia128Provider extends CamelliaProvider {
+
+ public Camellia128Provider() {
+ super(16, 16, 16);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java
new file mode 100644
index 0000000..66efdb7
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Camellia256Provider extends CamelliaProvider {
+
+ public Camellia256Provider() {
+ super(16, 32, 32);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java
new file mode 100644
index 0000000..0e8e7b6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.crypto.Camellia;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class CamelliaProvider extends AbstractEncryptProvider {
+
+ public CamelliaProvider(int blockSize, int keyInputSize, int keySize) {
+ super(blockSize, keyInputSize, keySize);
+ }
+
+ @Override
+ protected void doEncrypt(byte[] data, byte[] key,
+ byte[] cipherState, boolean encrypt) throws KrbException {
+
+ Camellia cipher = new Camellia();
+ cipher.setKey(encrypt, key);
+ if (encrypt) {
+ cipher.encrypt(data, cipherState);
+ } else {
+ cipher.decrypt(data, cipherState);
+ }
+ }
+
+ @Override
+ public boolean supportCbcMac() {
+ return true;
+ }
+
+ @Override
+ public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) {
+ Camellia cipher = new Camellia();
+ cipher.setKey(true, key);
+
+ int blocksNum = data.length / blockSize();
+ cipher.cbcEnc(data, 0, blocksNum, cipherState);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java
new file mode 100644
index 0000000..a2b7e28
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java
@@ -0,0 +1,46 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.IvParameterSpec;
+import java.security.GeneralSecurityException;
+import java.security.spec.KeySpec;
+
+public class Des3Provider extends AbstractEncryptProvider {
+
+ public Des3Provider() {
+ super(8, 21, 24);
+ }
+
+ @Override
+ protected void doEncrypt(byte[] input, byte[] key,
+ byte[] cipherState, boolean encrypt) throws KrbException {
+
+ Cipher cipher = null;
+ try {
+ cipher = Cipher.getInstance("DESede/CBC/NoPadding");
+ } catch (GeneralSecurityException e) {
+ throw new KrbException("Failed to init cipher", e);
+ }
+
+ try {
+ IvParameterSpec params = new IvParameterSpec(cipherState);
+ KeySpec skSpec = new DESedeKeySpec(key, 0);
+
+ SecretKeyFactory skf = SecretKeyFactory.getInstance("desede");
+ SecretKey secretKey = skf.generateSecret(skSpec);
+
+ cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, params);
+
+ byte[] output = cipher.doFinal(input);
+ System.arraycopy(output, 0, input, 0, output.length);
+ } catch (GeneralSecurityException e) {
+ throw new KrbException("Failed to doEncrypt", e);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java
new file mode 100644
index 0000000..9a35500
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java
@@ -0,0 +1,79 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+public class DesProvider extends AbstractEncryptProvider {
+
+ public DesProvider() {
+ super(8, 7, 8);
+ }
+
+ @Override
+ protected void doEncrypt(byte[] input, byte[] key,
+ byte[] cipherState, boolean encrypt) throws KrbException {
+
+ Cipher cipher = null;
+ try {
+ cipher = Cipher.getInstance("DES/CBC/NoPadding");
+ } catch (GeneralSecurityException e) {
+ throw new KrbException("Failed to init cipher", e);
+ }
+ IvParameterSpec params = new IvParameterSpec(cipherState);
+ SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
+ try {
+ SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
+ SecretKey sk = (SecretKey) skSpec;
+
+ cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, sk, params);
+
+ byte[] output = cipher.doFinal(input);
+ System.arraycopy(output, 0, input, 0, output.length);
+ } catch (GeneralSecurityException e) {
+ KrbException ke = new KrbException(e.getMessage());
+ ke.initCause(e);
+ throw ke;
+ }
+ }
+
+ @Override
+ public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
+ Cipher cipher = null;
+ try {
+ cipher = Cipher.getInstance("DES/CBC/NoPadding");
+ } catch (GeneralSecurityException e) {
+ throw new KrbException("Failed to init cipher", e);
+ }
+ IvParameterSpec params = new IvParameterSpec(cipherState);
+ SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
+
+ byte[] output = null;
+ try {
+ SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
+ // SecretKey sk = skf.generateSecret(skSpec);
+ SecretKey sk = (SecretKey) skSpec;
+ cipher.init(Cipher.ENCRYPT_MODE, sk, params);
+ for (int i = 0; i < data.length / 8; i++) {
+ output = cipher.doFinal(data, i * 8, 8);
+ cipher.init(Cipher.ENCRYPT_MODE, sk, (new IvParameterSpec(output)));
+ }
+ }
+ catch (GeneralSecurityException e) {
+ KrbException ke = new KrbException(e.getMessage());
+ ke.initCause(e);
+ throw ke;
+ }
+ return output;
+ }
+
+ @Override
+ public boolean supportCbcMac() {
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java
new file mode 100644
index 0000000..3fbfece
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Rc4Provider extends AbstractEncryptProvider {
+
+ public Rc4Provider() {
+ super(1, 16, 16);
+ }
+
+ @Override
+ protected void doEncrypt(byte[] data, byte[] key,
+ byte[] cipherState, boolean encrypt) throws KrbException {
+ try {
+ Cipher cipher = Cipher.getInstance("ARCFOUR");
+ SecretKeySpec secretKey = new SecretKeySpec(key, "ARCFOUR");
+ cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey);
+ byte[] output = cipher.doFinal(data);
+ System.arraycopy(output, 0, data, 0, output.length);
+ } catch (GeneralSecurityException e) {
+ KrbException ke = new KrbException(e.getMessage());
+ ke.initCause(e);
+ throw ke;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java
new file mode 100644
index 0000000..5e12151
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java
@@ -0,0 +1,67 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.io.UnsupportedEncodingException;
+
+public abstract class AbstractKeyMaker implements KeyMaker {
+
+ protected static final byte[] KERBEROS_CONSTANT = "kerberos".getBytes();
+
+ private EncryptProvider encProvider;
+
+ public AbstractKeyMaker(EncryptProvider encProvider) {
+ this.encProvider = encProvider;
+ }
+
+ protected EncryptProvider encProvider() {
+ return encProvider;
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return new byte[0];
+ }
+
+ protected static char[] makePasswdSalt(String password, String salt) {
+ char[] result = new char[password.length() + salt.length()];
+ System.arraycopy(password.toCharArray(), 0, result, 0, password.length());
+ System.arraycopy(salt.toCharArray(), 0, result, password.length(), salt.length());
+
+ return result;
+ }
+
+ protected static int getIterCount(byte[] param, int defCount) {
+ int iterCount = defCount;
+
+ if (param != null) {
+ if (param.length != 4) {
+ throw new IllegalArgumentException("Invalid param to str2Key");
+ }
+ iterCount = BytesUtil.bytes2int(param, 0, true);
+ }
+
+ return iterCount;
+ }
+
+ protected static byte[] getSaltBytes(String salt, String pepper)
+ throws UnsupportedEncodingException {
+ byte[] saltBytes = salt.getBytes("UTF-8");
+ if (pepper != null && ! pepper.isEmpty()) {
+ byte[] pepperBytes = pepper.getBytes("UTF-8");
+ int len = saltBytes.length;
+ len += 1 + pepperBytes.length;
+ byte[] results = new byte[len];
+ System.arraycopy(pepperBytes, 0, results, 0, pepperBytes.length);
+ results[pepperBytes.length] = (byte) 0;
+ System.arraycopy(saltBytes, 0,
+ results, pepperBytes.length + 1, saltBytes.length);
+
+ return results;
+ } else {
+ return saltBytes;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java
new file mode 100644
index 0000000..7317657
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java
@@ -0,0 +1,46 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.Pbkdf;
+import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+
+public class AesKeyMaker extends DkKeyMaker {
+
+ public AesKeyMaker(AesProvider encProvider) {
+ super(encProvider);
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return randomBits;
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ int iterCount = getIterCount(param, 4096);
+
+ byte[] saltBytes = null;
+ try {
+ saltBytes = getSaltBytes(salt, null);
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ }
+
+ int keySize = encProvider().keySize();
+ byte[] random = new byte[0];
+ try {
+ random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize);
+ } catch (GeneralSecurityException e) {
+ throw new KrbException("PBKDF2 failed", e);
+ }
+
+ byte[] tmpKey = random2Key(random);
+ byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
+
+ return result;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
new file mode 100644
index 0000000..2d89178
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
@@ -0,0 +1,102 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Cmac;
+import org.apache.kerberos.kerb.crypto.Pbkdf;
+import org.apache.kerberos.kerb.crypto.enc.provider.CamelliaProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+
+public class CamelliaKeyMaker extends DkKeyMaker {
+
+ public CamelliaKeyMaker(CamelliaProvider encProvider) {
+ super(encProvider);
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return randomBits;
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ int iterCount = getIterCount(param, 32768);
+
+ byte[] saltBytes = null;
+ try {
+ saltBytes = getSaltBytes(salt, getPepper());
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ }
+
+ int keySize = encProvider().keySize();
+ byte[] random = new byte[0];
+ try {
+ random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize);
+ } catch (GeneralSecurityException e) {
+ throw new KrbException("PBKDF2 failed", e);
+ }
+
+ byte[] tmpKey = random2Key(random);
+ byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
+
+ return result;
+ }
+
+ private String getPepper() {
+ int keySize = encProvider().keySize();
+ String pepper = keySize == 16 ? "camellia128-cts-cmac" : "camellia256-cts-cmac";
+ return pepper;
+ }
+
+ /*
+ * NIST SP800-108 KDF in feedback mode (section 5.2).
+ */
+ @Override
+ protected byte[] dr(byte[] key, byte[] constant) throws KrbException {
+
+ int blocksize = encProvider().blockSize();
+ int keyInuptSize = encProvider().keyInputSize();
+ byte[] keyBytes = new byte[keyInuptSize];
+ byte[] Ki;
+
+ int len = 0;
+ // K(i-1): the previous block of PRF output, initially all-zeros.
+ len += blocksize;
+ // four-byte big-endian binary string giving the block counter
+ len += 4;
+ // the fixed derived-key input
+ len += constant.length;
+ // 0x00: separator byte
+ len += 1;
+ // four-byte big-endian binary string giving the output length
+ len += 4;
+
+ Ki = new byte[len];
+ System.arraycopy(constant, 0, Ki, blocksize + 4, constant.length);
+ BytesUtil.int2bytes(keyInuptSize * 8, Ki, len - 4, true);
+
+ int i, n = 0;
+ byte[] tmp;
+ for (i = 1, n = 0; n < keyInuptSize; i++) {
+ // Update the block counter
+ BytesUtil.int2bytes(i, Ki, blocksize, true);
+
+ // Compute a CMAC checksum, update Ki with the result
+ tmp = Cmac.cmac(encProvider(), key, Ki);
+ System.arraycopy(tmp, 0, Ki, 0, blocksize);
+
+ if (n + blocksize >= keyInuptSize) {
+ System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n);
+ break;
+ }
+
+ System.arraycopy(Ki, 0, keyBytes, n, blocksize);
+ n += blocksize;
+ }
+
+ return keyBytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
new file mode 100644
index 0000000..533f551
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
@@ -0,0 +1,67 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.Des;
+import org.apache.kerberos.kerb.crypto.Nfold;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+import java.io.UnsupportedEncodingException;
+
+public class Des3KeyMaker extends DkKeyMaker {
+
+ public Des3KeyMaker(EncryptProvider encProvider) {
+ super(encProvider);
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ char[] passwdSalt = makePasswdSalt(string, salt);
+ int keyInputSize = encProvider().keyInputSize();
+ try {
+ byte[] utf8Bytes = new String(passwdSalt).getBytes("UTF-8");
+ byte[] tmpKey = random2Key(Nfold.nfold(utf8Bytes, keyInputSize));
+ return dk(tmpKey, KERBEROS_CONSTANT);
+ } catch (UnsupportedEncodingException e) {
+ throw new KrbException("str2key failed", e);
+ }
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ if (randomBits.length != encProvider().keyInputSize()) {
+ throw new KrbException("Invalid random bits, not of correct bytes size");
+ }
+ /**
+ * Ref. k5_rand2key_des3 in random_to_key.c in MIT krb5
+ * Take the seven bytes, move them around into the top 7 bits of the
+ * 8 key bytes, then compute the parity bits. Do this three times.
+ */
+ byte[] key = new byte[encProvider().keySize()];
+ int nthByte;
+ int tmp;
+ for (int i = 0; i < 3; i++) {
+ System.arraycopy(randomBits, i * 7, key, i * 8, 7);
+ nthByte = i * 8;
+
+ key[nthByte + 7] = (byte) (((key[nthByte + 0] & 1) << 1) |
+ ((key[nthByte + 1] & 1) << 2) |
+ ((key[nthByte + 2] & 1) << 3) |
+ ((key[nthByte + 3] & 1) << 4) |
+ ((key[nthByte + 4] & 1) << 5) |
+ ((key[nthByte + 5] & 1) << 6) |
+ ((key[nthByte + 6] & 1) << 7));
+
+ for (int j = 0; j < 8; j++) {
+ tmp = key[nthByte + j] & 0xfe;
+ tmp |= (Integer.bitCount(tmp) & 1) ^ 1;
+ key[nthByte + j] = (byte) tmp;
+ }
+ }
+
+ for (int i = 0; i < 3; i++) {
+ Des.fixKey(key, i * 8, 8);
+ }
+
+ return key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
new file mode 100644
index 0000000..4a8dc56
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
@@ -0,0 +1,260 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Des;
+import org.apache.kerberos.kerb.crypto.Util;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public class DesKeyMaker extends AbstractKeyMaker {
+
+ public DesKeyMaker(EncryptProvider encProvider) {
+ super(encProvider);
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ String error = null;
+ int type = 0;
+
+ if (param != null) {
+ if (param.length != 1) {
+ error = "Invalid param to S2K";
+ }
+ type = param[0];
+ if (type != 0 && type != 1) {
+ error = "Invalid param to S2K";
+ }
+ }
+ if (type == 1) {
+ error = "AFS not supported yet";
+ }
+
+ if (error != null) {
+ throw new KrbException(error);
+ }
+
+ char[] passwdSalt = makePasswdSalt(string, salt);
+ byte[] key = toKey(passwdSalt);
+ return key;
+ }
+
+ /**
+ mit_des_string_to_key(string,salt) {
+ odd = 1;
+ s = string | salt;
+ tempstring = 0; // 56-bit string
+ pad(s); // with nulls to 8 byte boundary
+ for (8byteblock in s) {
+ 56bitstring = removeMSBits(8byteblock);
+ if (odd == 0) reverse(56bitstring);
+ odd = ! odd;
+ tempstring = tempstring XOR 56bitstring;
+ }
+ tempkey = key_correction(add_parity_bits(tempstring));
+ key = key_correction(DES-CBC-check(s,tempkey));
+ return(key);
+ }
+ */
+ private byte[] toKey(char[] passwdChars) throws KrbException {
+ int keySize = encProvider().keySize();
+
+ byte[] bytes = (new String(passwdChars)).getBytes();
+
+ // padded with zero-valued octets to a multiple of eight octets.
+ byte[] paddedBytes = BytesUtil.padding(bytes, keySize);
+
+ int blocksOfbytes8 = paddedBytes.length / keySize;
+ boolean odd = true;
+ byte[] bits56 = new byte[8];
+ byte[] tempString = new byte[8];
+ for (int i = 0; i < blocksOfbytes8; ++i) {
+ System.arraycopy(paddedBytes, 8 * i, bits56, 0, 8);
+ removeMSBits(bits56);
+ if (odd) {
+ reverse(bits56);
+ }
+ odd = ! odd;
+ Util.xor(bits56, 0, tempString);
+ }
+
+ byte[] keyBytes = addParityBits(tempString);
+ keyCorrection(keyBytes);
+
+ byte[] resultKey = null;
+ if (encProvider().supportCbcMac()) {
+ resultKey = encProvider().cbcMac(keyBytes, keyBytes, paddedBytes);
+ } else {
+ throw new KrbException("cbcMac should be supported by the provider: "
+ + encProvider().getClass());
+ }
+
+ keyCorrection(resultKey);
+
+ return resultKey;
+ }
+
+ /**
+ * Note this isn't hit any test yet, and very probably problematic
+ */
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ if (randomBits.length != encProvider().keyInputSize()) {
+ throw new KrbException("Invalid random bits, not of correct bytes size");
+ }
+
+ /**
+ * Ref. k5_rand2key_des in random_to_key.c in MIT krb5
+ * Take the seven bytes, move them around into the top 7 bits of the
+ * 8 key bytes, then compute the parity bits. Do this three times.
+ */
+ byte[] key = new byte[encProvider().keySize()];
+ int tmp;
+ System.arraycopy(randomBits, 0, key, 0, 7);
+
+ key[7] = (byte) (((key[0] & 1) << 1) |
+ ((key[1] & 1) << 2) |
+ ((key[2] & 1) << 3) |
+ ((key[3] & 1) << 4) |
+ ((key[4] & 1) << 5) |
+ ((key[5] & 1) << 6) |
+ ((key[6] & 1) << 7));
+
+ for (int i = 0; i < 8; i++) {
+ tmp = key[i] & 0xfe;
+ tmp |= (Integer.bitCount(tmp) & 1) ^ 1;
+ key[i] = (byte) tmp;
+ }
+
+ Des.fixKey(key, 0, 8);
+
+ return key;
+ }
+
+ // Processing an 8bytesblock
+ private static byte[] removeMSBits(byte[] bits56) {
+ /**
+ Treats a 64 bit block as 8 octets and removes the MSB in
+ each octet (in big endian mode) and concatenates the result.
+ E.g., the input octet string:
+ 01110000 01100001 11110011 01110011 11110111 01101111 11110010 01100100
+ =>
+ 1110000 1100001 1110011 1110011 1110111 1101111 1110010 1100100
+ */
+
+ /**
+ * We probably do nothing here, just pretending the MSB bit to be discarded,
+ * and ensure the MSB will not be used in the following processing.
+ */
+
+ return bits56;
+ }
+
+ // Processing an 56bitblock
+ private static void reverse(byte[] bits56) {
+ /**
+ Treats a 56-bit block as a binary string and reverses it.
+ E.g., the input string:
+ 1000001 1010100 1001000 1000101 1001110 1000001 0101110 1001101
+ =>
+ 1000001 0010101 0001001 1010001 0111001 1000001 0101110 1011001
+ =>
+ 1011001 0111010 1000001 0111001 1010001 0001001 0010101 1000001
+ */
+
+ // Reversing in a 7bit
+ int t1, t2;
+ byte bt;
+ for (int i = 0; i < 8; ++i) {
+ bt = bits56[i];
+
+ t1 = (bt >> 6) & 1;
+ t2 = (bt >> 0) & 1;
+ if (t1 != t2) bt ^= (1 << 6 | 1 << 0);
+
+ t1 = (bt >> 5) & 1;
+ t2 = (bt >> 1) & 1;
+ if (t1 != t2) bt ^= (1 << 5 | 1 << 1);
+
+ t1 = (bt >> 4) & 1;
+ t2 = (bt >> 2) & 1;
+ if (t1 != t2) bt ^= (1 << 4 | 1 << 2);
+
+ bits56[i] = bt;
+ }
+
+ // Reversing the 8 7bit
+ bt = bits56[7];
+ bits56[7] = bits56[0];
+ bits56[0] = bt;
+
+ bt = bits56[6];
+ bits56[6] = bits56[1];
+ bits56[1] = bt;
+
+ bt = bits56[5];
+ bits56[5] = bits56[2];
+ bits56[2] = bt;
+
+ bt = bits56[4];
+ bits56[4] = bits56[3];
+ bits56[3] = bt;
+ }
+
+ private static byte[] addParityBits(byte[] bits56) {
+ /**
+ Copies a 56-bit block into a 64-bit block, left shifts
+ content in each octet, and add DES parity bit.
+ E.g., the input string:
+ 1100000 0001111 0011100 0110100 1000101 1100100 0110110 0010111
+ =>
+ 11000001 00011111 00111000 01101000 10001010 11001000 01101101 00101111
+ */
+ byte bt;
+ for (int i = 0; i < 8; i++) {
+ bits56[i] <<= 1;
+ }
+ addParity(bits56);
+
+ return bits56;
+ }
+
+ private static void keyCorrection(byte[] key) {
+ addParity(key);
+ if (Des.isWeakKey(key, 0, key.length)) {
+ Des.fixKey(key, 0, key.length);
+ }
+ }
+
+ private static int smask(int step) {
+ return (1 << step) - 1;
+ }
+
+ private static byte pstep(byte x, int step) {
+ return (byte) ((x & smask(step)) ^ ((x >> step) & smask(step)));
+ }
+
+ private static byte parityChar(byte abyte) {
+ //#define smask(step) ((1<<step)-1)
+ //#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step)))
+ //#define parity_char(x) pstep(pstep(pstep((x),4),2),1)
+ return pstep(pstep(pstep(abyte, 4), 2), 1);
+ }
+
+ private static void addParity(byte[] key) {
+ for (int i = 0; i < key.length; ++i) {
+ key[i] &= 0xfe;
+ key[i] |= 1 ^ parityChar(key[i]);
+ }
+ }
+
+ // Returns true if the key has correct des parity
+ private static boolean checkKeyParity(byte[] key) {
+ for (int i = 0; i < key.length; ++i) {
+ if ((key[i] & 1) == parityChar((byte) (key[i] & 0xfe))) {
+ return false;
+ }
+ }
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java
new file mode 100644
index 0000000..a29e0e1
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java
@@ -0,0 +1,54 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.Nfold;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public abstract class DkKeyMaker extends AbstractKeyMaker {
+
+ public DkKeyMaker(EncryptProvider encProvider) {
+ super(encProvider);
+ }
+
+ // DK(Key, Constant) = random-to-key(DR(Key, Constant))
+ public byte[] dk(byte[] key, byte[] constant) throws KrbException {
+ return random2Key(dr(key, constant));
+ }
+
+ /*
+ * K1 = E(Key, n-fold(Constant), initial-cipher-state)
+ * K2 = E(Key, K1, initial-cipher-state)
+ * K3 = E(Key, K2, initial-cipher-state)
+ * K4 = ...
+ * DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)
+ */
+ protected byte[] dr(byte[] key, byte[] constant) throws KrbException {
+
+ int blocksize = encProvider().blockSize();
+ int keyInuptSize = encProvider().keyInputSize();
+ byte[] keyBytes = new byte[keyInuptSize];
+ byte[] Ki;
+
+ if (constant.length != blocksize) {
+ Ki = Nfold.nfold(constant, blocksize);
+ } else {
+ Ki = new byte[constant.length];
+ System.arraycopy(constant, 0, Ki, 0, constant.length);
+ }
+
+ int n = 0, len;
+ while (n < keyInuptSize) {
+ encProvider().encrypt(key, Ki);
+
+ if (n + blocksize >= keyInuptSize) {
+ System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n);
+ break;
+ }
+
+ System.arraycopy(Ki, 0, keyBytes, n, blocksize);
+ n += blocksize;
+ }
+
+ return keyBytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java
new file mode 100644
index 0000000..a0789d9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+
+public interface KeyMaker {
+
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException;
+
+ public byte[] random2Key(byte[] randomBits) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java
new file mode 100644
index 0000000..e64ffe3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+import sun.security.provider.MD4;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+
+public class Rc4KeyMaker extends AbstractKeyMaker {
+
+ public Rc4KeyMaker(EncryptProvider encProvider) {
+ super(encProvider);
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+
+ if (param != null && param.length > 0) {
+ throw new RuntimeException("Invalid param to str2Key");
+ }
+
+ try {
+ byte[] passwd = string.getBytes("UTF-16LE"); // to unicode
+ MessageDigest md = MD4.getInstance();
+ md.update(passwd);
+ return md.digest();
+ } catch (UnsupportedEncodingException e) {
+ throw new KrbException("str2key failed", e);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf b/haox-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf
new file mode 100644
index 0000000..d118dd1
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+ default_realm = {0}
+ udp_preference_limit = 1
+
+[realms]
+ {0} = '{'
+ kdc = {1}:{2}
+ '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/resources/kdc.ldiff b/haox-kerb/kerb-crypto/src/main/resources/kdc.ldiff
new file mode 100644
index 0000000..e344131
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/resources/kdc.ldiff
@@ -0,0 +1,30 @@
+dn: ou=users,dc=${0},dc=${1}
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: KDC Service
+sn: Service
+uid: krbtgt
+userPassword: secret
+krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
+krb5KeyVersionNumber: 0
+
+dn: uid=ldap,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: LDAP
+sn: Service
+uid: ldap
+userPassword: secret
+krb5PrincipalName: ldap/${4}@${2}.${3}
+krb5KeyVersionNumber: 0
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java
new file mode 100644
index 0000000..41bab8f
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java
@@ -0,0 +1,93 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class CamelliaEncTest {
+
+ private List<String> outputs = new ArrayList<String>();
+ private int keySize;
+
+ private byte[] plain = new byte[16];
+ private byte[] cipher = new byte[16];
+ private EncryptProvider encProvider;
+
+ private List<String> getExpectedLines() throws IOException {
+ InputStream res = CamelliaEncTest.class.getResourceAsStream("/camellia-expect-vt.txt");
+ BufferedReader br = new BufferedReader(new InputStreamReader(res));
+
+ List<String> results = new ArrayList<String>();
+ String line;
+ while ((line = br.readLine()) != null) {
+ line = line.trim();
+ if (! line.isEmpty()) {
+ results.add(line);
+ }
+ }
+ return results;
+ }
+
+ @Test
+ public void testEnc() throws IOException, KrbException {
+ List<String> expectedLines = getExpectedLines();
+
+ testWith(16);
+ outputs.add("==========");
+ testWith(32);
+ outputs.add("==========");
+
+ List<String> newLines = expectedLines;
+ Assert.assertEquals("Comparing new lines with expected lines",
+ expectedLines, outputs);
+ }
+
+ private void testWith(int keySize) throws KrbException {
+ this.keySize = keySize;
+ outputs.add("KEYSIZE=" + (keySize * 8));
+
+ encProvider = keySize == 16 ?
+ new Camellia128Provider() : new Camellia256Provider();
+
+ byte[] key = new byte[keySize];
+ Arrays.fill(key, (byte) 0);
+ hexDump("KEY", key);
+
+ for (int i = 0; i < 16 * 8; ++i) {
+ Arrays.fill(plain, (byte) 0);
+ setBit(plain, i);
+ outputs.add("I=" + (i + 1));
+ hexDump("PT", plain);
+ encWith(key);
+ hexDump("CT", cipher);
+ }
+ }
+
+ private void hexDump(String label, byte[] bytes) {
+ String line = label + "=" + TestUtil.bytesToHex(bytes);
+ outputs.add(line);
+ }
+
+ private static void setBit(byte[] bytes, int bitnum) {
+ int bytenum = bitnum / 8;
+ bitnum %= 8;
+ // First bit is the high bit!
+ bytes[bytenum] = (byte) (1 << (7 - bitnum));
+ }
+
+ private void encWith(byte[] key) throws KrbException {
+ System.arraycopy(plain, 0, cipher, 0, plain.length);
+ encProvider.encrypt(key, cipher);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java
new file mode 100644
index 0000000..caa501d
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java
@@ -0,0 +1,89 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.spec.common.*;
+import org.junit.Test;
+
+/**
+ * Only used to test for rsa-md4-des and rsa-md5-des
+ */
+public class CheckSumTest {
+
+ static class CksumTest {
+ CheckSumType cksumType;
+ String plainText;
+ String knownChecksum;
+
+ CksumTest(CheckSumType cksumType, String plainText, String knownChecksum) {
+ this.cksumType = cksumType;
+ this.plainText = plainText;
+ this.knownChecksum = knownChecksum;
+ }
+ }
+
+ static CksumTest[] testCases = new CksumTest[] {
+ new CksumTest(
+ CheckSumType.RSA_MD4_DES,
+ "this is a test",
+ "e3f76a07f3401e3536b43a3f54226c39422c35682c354835"
+ ),
+ new CksumTest(
+ CheckSumType.RSA_MD5_DES,
+ "this is a test",
+ "e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53"
+ )
+ };
+
+ static byte[] TESTKEY = { (byte)0x45, (byte)0x01, (byte)0x49, (byte)0x61, (byte)0x58,
+ (byte)0x19, (byte)0x1a, (byte)0x3d };
+
+ @Test
+ public void testCheckSums() {
+ for (CksumTest tc : testCases) {
+ System.err.println("Checksum testing for " + tc.cksumType.getName());
+ try {
+ testWith(tc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private void testWith(CksumTest testCase) throws Exception {
+ byte[] knownChecksum = TestUtil.hex2bytes(testCase.knownChecksum);
+ byte[] plainData = testCase.plainText.getBytes();
+ CheckSum newCksum;
+
+ if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
+ System.err.println("Checksum type not supported yet: "
+ + testCase.cksumType.getName());
+ return;
+ }
+
+ EncryptionKey key = new EncryptionKey(EncryptionType.DES_CBC_CRC, TESTKEY);
+
+ newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key.getKeyData(), KeyUsage.NONE);
+
+ if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+ System.err.println("Checksum verifying is OK for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum verifying failed for " + testCase.cksumType.getName());
+ }
+
+ // corrupt and verify again
+ byte[] cont = newCksum.getChecksum();
+ cont[0]++;
+ newCksum.setChecksum(cont);
+ if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+ System.err.println("Checksum verifying failed with corrupt data for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum verifying is OK with corrupt data for " + testCase.cksumType.getName());
+ }
+
+ CheckSum knwnCksum = new CheckSum(testCase.cksumType, knownChecksum);
+ if (CheckSumHandler.verifyWithKey(knwnCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+ System.err.println("Checksum verifying is OK with known checksum for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum verifying failed with known checksum for " + testCase.cksumType.getName());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java
new file mode 100644
index 0000000..5941b29
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java
@@ -0,0 +1,163 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.junit.Test;
+
+/**
+ * These are to test the checksums of good answers, and the checksums
+ * are deterministic. For other cases, look at CheckSumTest.
+ */
+public class CheckSumsTest {
+
+ static class CksumTest {
+ String plainText;
+ CheckSumType cksumType;
+ EncryptionType encType;
+ String key;
+ int keyUsage;
+ String answer;
+
+ CksumTest(String plainText, CheckSumType cksumType, EncryptionType encType,
+ int keyUsage, String key, String answer) {
+ this.plainText = plainText;
+ this.cksumType = cksumType;
+ this.encType = encType;
+ this.key = key;
+ this.keyUsage = keyUsage;
+ this.answer = answer;
+ }
+ }
+
+ static CksumTest[] testCases = new CksumTest[] {
+ new CksumTest(
+ "abc",
+ CheckSumType.CRC32, EncryptionType.NONE, 0, "",
+ "D09865CA"
+ ),
+ new CksumTest(
+ "one",
+ CheckSumType.RSA_MD4, EncryptionType.NONE, 0, "",
+ "305DCC2C0FDD5339969552C7B8996348"
+ ),
+ new CksumTest(
+ "two three four five",
+ CheckSumType.RSA_MD5, EncryptionType.NONE, 0, "",
+ "BAB5321551E1084490869635B3C26815"
+ ),
+ new CksumTest(
+ "",
+ CheckSumType.NIST_SHA, EncryptionType.NONE, 0, "",
+ "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"
+ ),
+ new CksumTest(
+ "six seven",
+ CheckSumType.HMAC_SHA1_DES3, EncryptionType.DES3_CBC_SHA1, 2,
+ "7A25DF8992296DCEDA0E135BC4046E2375B3C14C98FBC162",
+ "0EEFC9C3E049AABC1BA5C401677D9AB699082BB4"
+ ),
+ new CksumTest(
+ "eight nine ten eleven twelve thirteen",
+ CheckSumType.HMAC_SHA1_96_AES128, EncryptionType.AES128_CTS_HMAC_SHA1_96, 3,
+ "9062430C8CDA3388922E6D6A509F5B7A",
+ "01A4B088D45628F6946614E3"
+ ),
+ new CksumTest(
+ "fourteen",
+ CheckSumType.HMAC_SHA1_96_AES256, EncryptionType.AES256_CTS_HMAC_SHA1_96, 4,
+ "B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7",
+ "E08739E3279E2903EC8E3836"
+ ),
+ new CksumTest(
+ "fifteen sixteen",
+ CheckSumType.MD5_HMAC_ARCFOUR, EncryptionType.ARCFOUR_HMAC, 5,
+ "F7D3A155AF5E238A0B7A871A96BA2AB2",
+ "9F41DF304907DE735447001FD2A197B9"
+ ),
+ new CksumTest(
+ "seventeen eighteen nineteen twenty",
+ CheckSumType.HMAC_MD5_ARCFOUR, EncryptionType.ARCFOUR_HMAC, 6,
+ "F7D3A155AF5E238A0B7A871A96BA2AB2",
+ "EB38CC97E2230F59DA4117DC5859D7EC"
+ ),
+ new CksumTest(
+ "abcdefghijk",
+ CheckSumType.CMAC_CAMELLIA128, EncryptionType.CAMELLIA128_CTS_CMAC, 7,
+ "1DC46A8D763F4F93742BCBA3387576C3",
+ "1178E6C5C47A8C1AE0C4B9C7D4EB7B6B"
+ ),
+ new CksumTest(
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ CheckSumType.CMAC_CAMELLIA128, EncryptionType.CAMELLIA128_CTS_CMAC, 8,
+ "5027BC231D0F3A9D23333F1CA6FDBE7C",
+ "D1B34F7004A731F23A0C00BF6C3F753A"
+ ),
+ new CksumTest(
+ "123456789",
+ CheckSumType.CMAC_CAMELLIA256, EncryptionType.CAMELLIA256_CTS_CMAC, 9,
+ "B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B",
+ "87A12CFD2B96214810F01C826E7744B1"
+ ),
+ new CksumTest(
+ "!@#$%^&*()!@#$%^&*()!@#$%^&*()",
+ CheckSumType.CMAC_CAMELLIA256, EncryptionType.CAMELLIA256_CTS_CMAC, 10,
+ "32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05",
+ "3FA0B42355E52B189187294AA252AB64"
+ )
+ };
+
+ @Test
+ public void testCheckSums() {
+ for (CksumTest tc : testCases) {
+ System.err.println("Checksum testing for " + tc.cksumType.getName());
+ try {
+ testWith(tc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private void testWith(CksumTest testCase) throws Exception {
+ byte[] answer = TestUtil.hex2bytes(testCase.answer);
+ byte[] plainData = testCase.plainText.getBytes();
+ CheckSum newCksum;
+
+ if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
+ System.err.println("Checksum type not supported yet: "
+ + testCase.cksumType.getName());
+ return;
+ }
+
+ if (testCase.encType != EncryptionType.NONE) {
+ if (! EncryptionHandler.isImplemented(testCase.encType)) {
+ System.err.println("Key type not supported yet: " + testCase.encType.getName());
+ return;
+ }
+
+ byte[] key = TestUtil.hex2bytes(testCase.key);
+ KeyUsage keyUsage = KeyUsage.fromValue(testCase.keyUsage);
+ newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key, keyUsage);
+ if (CheckSumHandler.verifyWithKey(newCksum, plainData, key, keyUsage)) {
+ System.err.println("Checksum test OK for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum test failed for " + testCase.cksumType.getName());
+ }
+ } else {
+ newCksum = CheckSumHandler.checksum(testCase.cksumType, plainData);
+ if (CheckSumHandler.verify(newCksum, plainData)) {
+ System.err.println("Checksum and verifying OK for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum and verifying failed for " + testCase.cksumType.getName());
+ }
+ }
+
+ if (! newCksum.isEqual(answer)) {
+ System.err.println("Checksum test failed for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum test OK for " + testCase.cksumType.getName());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java
new file mode 100644
index 0000000..99a26af
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java
@@ -0,0 +1,65 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CmacTest {
+
+ /* All examples use the following Camellia-128 key. */
+ static String keyBytes = "2b7e151628aed2a6" +
+ "abf7158809cf4f3c";
+
+ /* Example inputs are this message truncated to 0, 16, 40, and 64 bytes. */
+ static String inputBytes = "6bc1bee22e409f96" +
+ "e93d7e117393172a" +
+ "ae2d8a571e03ac9c" +
+ "9eb76fac45af8e51" +
+ "30c81c46a35ce411" +
+ "e5fbc1191a0a52ef" +
+ "f69f2445df4f9b17" +
+ "ad2b417be66c3710";
+
+ /* Expected result of CMAC on empty inputBytes. */
+ static String cmac1 = "ba925782aaa1f5d9" +
+ "a00f89648094fc71";
+
+ /* Expected result of CMAC on first 16 bytes of inputBytes. */
+ static String cmac2 = "6d962854a3b9fda5" +
+ "6d7d45a95ee17993";
+
+ /* Expected result of CMAC on first 40 bytes of inputBytes. */
+ static String cmac3 = "5c18d119ccd67661" +
+ "44ac1866131d9f22";
+
+ /* Expected result of CMAC on all 64 bytes of inputBytes. */
+ static String cmac4 = "c2699a6eba55ce9d" +
+ "939a8a4e19466ee9";
+
+
+ @Test
+ public void testCmac() throws KrbException, KrbException {
+ byte[] key = TestUtil.hex2bytes(keyBytes);
+ byte[] input = TestUtil.hex2bytes(inputBytes);
+ EncryptProvider encProvider = new Camellia128Provider();
+ byte[] result;
+
+ // test 1
+ result = Cmac.cmac(encProvider, key, input, 0, 0);
+ Assert.assertArrayEquals("Test 1", TestUtil.hex2bytes(cmac1), result);
+
+ // test 2
+ result = Cmac.cmac(encProvider, key, input, 0, 16);
+ Assert.assertArrayEquals("Test 2", TestUtil.hex2bytes(cmac2), result);
+
+ // test 3
+ result = Cmac.cmac(encProvider, key, input, 0, 40);
+ Assert.assertArrayEquals("Test 3", TestUtil.hex2bytes(cmac3), result);
+
+ // test 4
+ result = Cmac.cmac(encProvider, key, input, 0, 64);
+ Assert.assertArrayEquals("Test 4", TestUtil.hex2bytes(cmac4), result);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java
new file mode 100644
index 0000000..f9b6b5d
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java
@@ -0,0 +1,99 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class Crc32Test {
+
+ static class TestCase {
+ String data;
+ long answer;
+
+ public TestCase(String data, long answer) {
+ this.data = data;
+ this.answer = answer;
+ }
+ }
+
+ static TestCase[] testCases = new TestCase[] {
+ new TestCase("01", 0x77073096),
+ new TestCase("02", 0xee0e612c),
+ new TestCase("04", 0x076dc419),
+ new TestCase("08", 0x0edb8832),
+ new TestCase("10", 0x1db71064),
+ new TestCase("20", 0x3b6e20c8),
+ new TestCase("40", 0x76dc4190),
+ new TestCase("80", 0xedb88320),
+ new TestCase("0100", 0x191b3141),
+ new TestCase("0200", 0x32366282),
+ new TestCase("0400", 0x646cc504),
+ new TestCase("0800", 0xc8d98a08),
+ new TestCase("1000", 0x4ac21251),
+ new TestCase("2000", 0x958424a2),
+ new TestCase("4000", 0xf0794f05),
+ new TestCase("8000", 0x3b83984b),
+ new TestCase("0001", 0x77073096),
+ new TestCase("0002", 0xee0e612c),
+ new TestCase("0004", 0x076dc419),
+ new TestCase("0008", 0x0edb8832),
+ new TestCase("0010", 0x1db71064),
+ new TestCase("0020", 0x3b6e20c8),
+ new TestCase("0040", 0x76dc4190),
+ new TestCase("0080", 0xedb88320),
+ new TestCase("01000000", 0xb8bc6765),
+ new TestCase("02000000", 0xaa09c88b),
+ new TestCase("04000000", 0x8f629757),
+ new TestCase("08000000", 0xc5b428ef),
+ new TestCase("10000000", 0x5019579f),
+ new TestCase("20000000", 0xa032af3e),
+ new TestCase("40000000", 0x9b14583d),
+ new TestCase("80000000", 0xed59b63b),
+ new TestCase("00010000", 0x01c26a37),
+ new TestCase("00020000", 0x0384d46e),
+ new TestCase("00040000", 0x0709a8dc),
+ new TestCase("00080000", 0x0e1351b8),
+ new TestCase("00100000", 0x1c26a370),
+ new TestCase("00200000", 0x384d46e0),
+ new TestCase("00400000", 0x709a8dc0),
+ new TestCase("00800000", 0xe1351b80),
+ new TestCase("00000100", 0x191b3141),
+ new TestCase("00000200", 0x32366282),
+ new TestCase("00000400", 0x646cc504),
+ new TestCase("00000800", 0xc8d98a08),
+ new TestCase("00001000", 0x4ac21251),
+ new TestCase("00002000", 0x958424a2),
+ new TestCase("00004000", 0xf0794f05),
+ new TestCase("00008000", 0x3b83984b),
+ new TestCase("00000001", 0x77073096),
+ new TestCase("00000002", 0xee0e612c),
+ new TestCase("00000004", 0x076dc419),
+ new TestCase("00000008", 0x0edb8832),
+ new TestCase("00000010", 0x1db71064),
+ new TestCase("00000020", 0x3b6e20c8),
+ new TestCase("00000040", 0x76dc4190),
+ new TestCase("00000080", 0xedb88320),
+ new TestCase("666F6F", 0x7332bc33),
+ new TestCase("7465737430313233343536373839", 0xb83e88d6),
+ new TestCase("4D4153534143485653455454532049" +
+ "4E53544954565445204F4620544543484E4F4C4F4759", 0xe34180f7)
+ };
+
+ @Test
+ public void testCrc32() {
+ boolean isOk = true;
+ for (TestCase tc : testCases) {
+ if (! testWith(tc)) {
+ isOk = false;
+ System.err.println("Test with data " + tc.data + " failed");
+ }
+ }
+
+ Assert.assertTrue(isOk);
+ }
+
+ private boolean testWith(TestCase testCase) {
+ byte[] data = TestUtil.hex2bytes(testCase.data);
+ long value = Crc32.crc(0, data, 0, data.length);
+ return value == testCase.answer;
+ }
+}
[29/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem
new file mode 100644
index 0000000..399da95
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE5DAcBgoqhkiG9w0BDAEBMA4ECOEwJ5V2GWbOAgIIAASCBMLjTg01txxBp1BY
+92SMQKEA5tENp6zTFZwB4L7ObAZsJJ0p7sE/vII982EsrVytM2V8gTjnRpk1rlG0
+Kow44HtQX4bI8DIlgnWdedP+Vmw8DwpiVBDC2TFZULlEXp/54pKEEcfWxK4PCTgM
+Ve5PDCPVJU4Qt+xPopzL7/sg76XI5a3OWhk50/TlkmC+IFPSqdZ5bOBQfiU0ofLv
+Ty4oHzBUdZ8X5U7B/FihGAzn+RExxgeKXQrLqUSr/ruMIIdon0s2hGGrxasQPJWA
+s7Qh+hnJuKQJPNqdXIECiZR0iBx1MfDCBlH4kd38H8SKr+J82DtP1AxJGwbTLl0u
+WQgQiP52KCw4jMLe62pKW/Pf/F84YSIvMDEcMLtn9CoSfOBvjtaNRggc8XWKtFnp
+fu9VAYgOVQWUglTIQTtWtX+xzpErCEkM2ceHKxIFdS3oYnrVf0lluiBWC9N+jDbE
+ciSor3Us2hM9O5IW5A7EKtjX45jUEexqq+66hLngK7BmzO2jXIDQ9DhkzurbC2GD
+SaUmqtWFRSOEXrXXhTK3BrPRPXCri7C5wWlQZhQi1Oj+glHg9YWp2dkcPdhUDsiC
+Bg+NL0zx/oZY3VXglHtQDP9wI7si0rVssCFDefO0xzJClssa6SEkFW6iYMkAYS1p
+ptxzrCXOVfeUWBvOttRKXhc4BYrktCfKhQYVec93LFHIIM9giS+mGXu3PAhrIuQm
+8dbXZK2VjsKP1WqS1Ao25+VP/aQZKZCcNA8meMEw9TYGfAd2VnzPOfDVEiU5+/ZJ
+9DRn1JH0M1z/iWkbH4cSipkK18BVcdOqzqL+BuxM6d48RESPof2155qOWWfHLYvq
+wAkF32MbTrkObKlmzr4ikEq07vhXAUH+y2I0vaLObOtvjL5WVMNyr29Z5DE/F5WK
+SX/BuXwQrsdqXMdunFxm3gYKgaZqvS0iDMAXBFi4JYPX08LVuLNG9KZurn/peTZ1
+TWDlVEmk/PME22Clkl7ya1H73o7u10jNCqPgVh5M+4JWmKSjuRB5F3NmyISdjxYy
+2e/YACDvole45B+SNgwKqS42akK9OFYJlak8Uu9Swycwt/+OIk8TLw7C9Jyt7TsL
+QSLBpG+mDMimwT/skpNbEn5IBFM42Ldde7oqc0ng2Y/xWePwFW27F6aisYoh7T/X
+nujylZipH8vUkeT41XfAWid4G909sirR2/KYo8IO8qbzfdKKkr2MSp3Wa9k5lYcR
+o5VQrzxcgy/x7zl/JOwOC40RGA5iojGMS+Y0dy+W6p1lN/XdJlZmGrUc9/yy/d6r
+cJ3nQzzqkrT/Vct+XAM2ZdBT+I30jXvTLw/959dyqOhejkDYuPG5TpsEJkCLr786
+k3j74NXTBRns8LT2NUQwSLQnuW5B2cKVIMWYtmhVEOVRkP4Btxs4d7KYvQTUsfU4
+eKGijUHAiPaKRJvgfCHxi84hFc6i8eGZyCS4J7Oac0Zpc5kni9VC8f2AURa5+7CE
+b16j/4oT1QvGRzjrbnwpRXckTNJJtyfg0LoIWHe03kB3YxHvbMJLx85bKo5x8tjn
+STARLMlqqgyN6KmvGHO+YIJRVAy/VIzvkyhOLkngWT9JoHw76mDSMvFlDKVa13D6
+Z6QnJfmE9gY=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der
new file mode 100644
index 0000000..e88e6aa
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem
new file mode 100644
index 0000000..dfc3a7d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE5DAcBgoqhkiG9w0BDAECMA4ECNcyq4Se/97zAgIIAASCBMLQXerEc8Amz1LQ
+HVVV57nwrBN+wGK9b0rlWZf/Mj6L1zFTAJFgoswzEP6zogWyrMciX2WIF2XopbL8
+GYy3VdUyIS4/rIHVjXZsVM3BqDwhPyPfzCPi0pxVVLJtJBH0rD04U/fHMTOv1Gox
+yWoLK3eyv3u6akZyTZNOA1wudOaIVokeQbXbpgYtN9JY/TYLUe7snv5OQSNYZlvk
+GfAJA4JIaZx2CpWt/kp4GaAamrAImUgvNLrMqvUE3YHh9P2JyVCR1iOCxMsMNJo8
+ckO4MsL3a5urh+X34HHDRAs7Jur7VCZJmnt5Ehh/mArLRdJKrpwuPVDeRXE6jU2s
+LJunc2t1hO/nHedzBE9ZfUUTzNLCLIPtmstMdelgt1A2OF6ZbOXMhJYwt80T5HpW
+PYiMa34qWzynTzSBiDT/F9foAT65xTleftIh/IqK9rkvJH4OjLiDQEtv8ffXfyj3
+mZLBOTJgIMX4x4hihXGT/W6aF2AAzgawlThpCE/o7BGJxNRuk3vEQ9K22PKMbMrM
+lQje8khpKSK9nJp/BTRIc5HDM1tVlgmcW/5RUywyzQtb35IOjtY+RAGII0U4q5YO
+lJNLjfy/ewftx3TxhdBNWWc6ODHhmqZwgX5QW7A62MiFbjs4zqfr0UZvK3ydOeMk
+ALk4OwmZxAENS398Vpx1mNdvuxi/wWjJ3Li+4lz3p80Mkisccfv8AezcaSPigUw8
+DEfF1DfLBBVFozRCeNIEV/qm0x3wuSIO/+0ZcriiJmNNm4s4oB/qDDRDAQ9ynCaL
+ek+xvP77CjXNCvx7RyYGE5ZjrGDHiRc8t0SeUCb9KslbQ87/SyaqaKWS4Y8RnSOq
+LHzAk5xIc6YwJXMjE4xH3SyUpw7lmSwv30a+c5mFfI6Ddu6R1GhU4K4t7CgXOMXV
+1TP+e8AEMpdrp/KCETMQDYwgFc8bGUOTojmkBdouLwphfB3as0ndikvsESZWJp2m
+rPRjzKhjFO9IGOcDKQgMH6lbov0trzN5qbEORuz3MAMmBkb/+64yqrSwaFh+a6Mn
+LroS1t3ng8+rilEp630TmPIu1XVkkLP1PCKxqZxX3nG06RCvMh7dGLGxS9U4O5fF
+7qCqr3eOCkg3nQIOgCohP/fIILrKRiu3ronb9oEMN1lh6bPcLaMhh58iE0nVNZeH
++3VoZA6p7qbAREgOpimMNH22yyyyx4naFlK1ajM+jLooRf3dYqQIhcTWw9HNMI08
+bHxYPLS1CMLadpxlfRJZOcDgwwZpVju08RVIuF+Pk6+knAe04OVhx+pPS6rLfDyF
+Tozrz+p5k22EffLauK8C/8PKbQfhSRY7o24t/mfTqjWXmQlC62b/HWvsHqWv3z48
+cmcB0tRBEGIr9mWuCLVCKB/2crJ9uCRCdz1y9egc1Yrplcl4epvjtPy3dYBl7ZGP
+7O20jZ1XAdePAE6DiPS9els9BUIgOXPPhKuUOI9KtnPZ+PuoEYR3kOUCFBIJuTnc
+1GkFixrlP6HrkLnM8eGBBlGzcCb9y33G/JoVe0l+fj7HIFE4WLr7Xvfl1GH85SAe
+66O+3K3ZpUoIXMN/tAaTHMj94e0iZua2+9v38HDHrVQ21EZvraonDe9P139lMvnz
+bpNCuk6sT28=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.der
new file mode 100644
index 0000000..df1f7df
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.pem
new file mode 100644
index 0000000..651de51
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQImXjLGxzpmkwCAggA
+MB0GCWCGSAFlAwQBAgQQf6Bn85WfZh3mHP1w0yubaQSCBNCS2Rvfoebwb7/sIbN4
+uBS2v30Q/fOtUsqbo0JGjJEZ2Qe0kRDoXlDdf+tk2dQaI7tdjhxCcIeJOuiV0qJ6
+g7y7tmcUhyFHJqm7L4ODpdH4jIGhKFod2szydrQ0lDQI7ZYjucRGd5zxb+wMphqV
+dDcjEw1HPsVnG30WTjMSJ6lKs+PXLv+jHsf56p+QAxmiy+5eD7fF/C6vxCk0E0wf
+63ZkSiprIYsmbM1kDBGnJwsH0fmTGi5XD3mXb6zpm3dc47VootC3jL6dG4259B/q
+gqXZ810mBDPaupS7zc1D7MQvqHwSAhSDFylfVxpwbKx9Lke8e81AyfZsmuUe1QnM
+fqqY0Ciu9LjxkE8CkitV9/2XwNkusyvQmTFALi735kO/l6bieShFl7m6DTK3R3E8
+iSx+ZB4dO8tH+/9DbXI8un0DptXFKER2goXBDzv1MElmdBdAQ94j14yT5aTX0oTU
+C7gaLgfzly70sEJAmrlbxFhgyrcdOZorFgga9qnri2w/0KoDjQGian+tH452pWZe
+0XadQcrAaNviFJHw6/EmjDgHX970rWj2ZXrbWI4cm8scc3BcPaCwTDP8PZrxVhLG
+0SJeAjEaME4n+Y7CT3cSdOJh6MiAzyqqTJxFMEovhDOTnyUKkJ56VONG12P9JLiT
+eIpQlV1ywkH3hTXPMe4Dpbmvn6dhy5dRdOAtRFHOdno4Ri+0+Kne1VGhX1t3i8nP
+HzRSLUg/tq3/hAwaMfHPtnE+3MXFteQgGd2eVzHiwMwcLYAoy9ewWW7+wvXjbDaS
+gQ+Oz+gDCm/U1dOMRFp33lSN/eAKluVr9ZNewJ6r8WHg530CeSMG1rp4gq5LX2vk
+SDQ0RPPAf++6G2tw79GWsCGNFIW/6xHIrBx37NT/zn/0P5/NMD4qZOrzRPdy2tBx
+ggszbUK20sXAikibVJp4YWHAZMpdexKLWcktPE41FylFc/4XI7+ddRyvcW6re/FT
+OCZFm0JZOmiopz9rOSGOgYklrUNWqAXWrkAiBo0mco6UdvBjGVFvk2Sw2b17S4Sr
+9glXPFBNMHLy1daN5mvWq1uBob2us27MiSc4+4Biz3S9FMO02HhMKxC9cnFw5ZZc
+aQHo1+USBQ1qJuvA0+od7JwCC5XEm+qunlnUDqDt8bC5WLXADDsVptV3IFIZ9ZB3
+xM5y2K2TBpXzjR+fVg0M2qnbQYv6SVszuLlPArZL1mrmMUj1mmddPBJQk9Sl3lsx
+ER2R5bDdLA9ct4mVLFjx2u7NNyYQqyvNOKGt1RD0PAlaP1nynVzuLEpnDAKrjCQI
+IDivXTsjc3UyVx5C2sc+L7HuUibi8726sBYIrlG6eU0rf4wfgstGp9l0A4yBlbRB
+cJRSBPdKN780IpEFx+SfzVeBvYUeVH0DFthaJfDOWAwD1XdQoxaPUhSel2iaaSCJ
+WK0eaYETMc1z1P2Yzr2BCHTSxOrL7YJEMDYb1Ii6MvT/xaNSk/yuqhz+rS8zqH0E
+qalCGoIi38YJy41a1Vau7MCjkxldexn62ZbI4J4dO0W2mX0Fe8aYxxGtL2EpCqnz
+9c7BBsGqGC2agru0qTkvwCKtk8duMg5RWOXnW29tBYuAyT2bmwmco20XOdTgXIUJ
+qsiX6xrG5S0T7vFExbxBIX2Jhg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.der
new file mode 100644
index 0000000..73b52f8
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.pem
new file mode 100644
index 0000000..1e87d53
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQId8Qhy+607E8CAggA
+MB0GCWCGSAFlAwQBBAQQac2kffj8EBtimaC+HXnM2wSCBMKaK+sjj94S1ZJ0El82
+Wt+oFB7t0Wi1oE4fCWofX4T04VGR+6NYzj0qZ+LiXS/4rw9AQjbCfkYm+WFhMs23
+b37+/jfwZ1N8WYMxfQ94Q4YiN6EknPouqBpKwUqUgXL+WJbmAzMfH877ok3Pc9YR
+5LKwShKJLAQkHlxkDMq6ZWRZuCSVhRzDOvR4bmrwxViE5nmyWJJZmdwz8uI2eEbz
+WA/hCON4N023fqAQrhFMrWtklPVvG78HtCTo9r9x8kNjdOF2rue7eE3TH7ysdr5J
+/xlWVDXjSOVuPzUOdeCmUusjpgC2vSqq+oKF+MsYDN04sUZ6MksZcJnt/aOESc09
+lOHmxoEo0fZ210HCKaCU8yDGvQNyUdAmfmoZ+yDoT7x0AD2WkNGPab6jsCOSaDxN
+RtMoQG7Py7OUElVj0wkidKd7oPOzxZx1WdNG1V/PoGfP/ITAxeBZhM6rq44pLvtL
+nfdkrasQ7zDHwbDO4f1K0KcgDrl3p3Gbj09Vh9Go6ENfImLoF7N4a/Vmh0vtfPJ/
+PsPXUv+fLP/lKJgd9fFPdBbaR2LWcl7sdDSxuFlgFkN0Z0EKT/9S4hWA2IETKGRc
+7lmq+PU2yljkISz6LgJOLO9LC71HavEbDB9VsBmfnj2RkvfXs94HpBQVATG3BF/o
+maTznQel8aMjglxhTZPwB/bGvxf3BYd2zGtDdbrBB4huhgKygyTaHAQMbb9UaIGx
+GtrUyD0mJ7Zj97z+WIbbTcCkqINeDtbatI00SQXCaldN4luSj9cF0+mHIaQJcEQK
+5/mQnDVYD06INUR7kOVI7/4EsBQ8TXkjwwjTAyRM9fcC2DKCt5RJuS++6G2eXm8s
+Iep9neO0YKF0NXARnLw+3qsY7PLUfUeWtTTpUfOBW+i44kW+mw3MqwxlgICgZfp6
+OmkArD0ZpdaMrIJi/EcAN/hqB+DEAkO6qd46cDK3PJkNGDBNCEM48bwNeRwzl5IG
+Dqq3gFyek0DaPpdiGBnP8W9VdG/mfzYCZkaMptRKQg01iN3KHujSZpTrJ+MPfwFc
+eDCIet7L2z8tI4p+Xm+XHBU4+7V4aiplXAqY3Bt3QgnyGe5L+r73nl21/2tpDNGM
+JdYvLecji7KK/uoSE7icYKXuZNM8F8vdEUE3UvSkv3UVStVijZdchV+0nHeTBo1k
+fD3LVWLTUw8SrrOUWpkFAUbNSmuoQxZti9vl+0cBaCipG1cc28opKuIEt1U/HYl+
+GTxOO2W+9vJy7nzm7cw7Tf+HC0ROAbrG0tPOFdePGAp1sWZyq+ox85PMcjqmeMPJ
+6SuMUXzZ/zeRa3MjifY9QywEJY8TsvtMadPAK+jm6otDxOneXcZwzuwHnd5Sygxo
+A1WwlcmrV9eq6748wopD330EZj1oSqz++6givL9nGxuk6IDi+HMmJCGgX0IXnB1q
+pqt2skUTVX5oWTrGnsbGb/JDBqmMl6q0NRGQInTr23GwRftIsBWPHIgpplqpBWPs
+lUXhdZWukX+RJX5oPL6esik5XJvN8d7souKmxWQjgPwzocn2FL1d9l+SfQeVjJVL
+zpyPCACnXFCygpwT6hqfYWz+yXSLQwOFc6CgHV6SAm8Sgz0CIfBVev8PYSgeuNFm
+momSCys=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.der
new file mode 100644
index 0000000..466e861
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.pem
new file mode 100644
index 0000000..8f1b2fe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIJ8UOV80biOECAggA
+MB0GCWCGSAFlAwQBAQQQAAAAAAAAAAAAAAAAAAAAAASCBNCnRcJxfi5+Xp/DG1nc
+jvQbvUTu4nlM1pD/5wg4D0rCuCLbCWv5/o+KZB5ASdJ0SjaOPx7TFM4xR7Dj0EzV
+/FePoNNqCiaGy8SVFz+nCWnG4B++IOKZgTRi/zMSNccenl1HkAFdUqEfwFcg6kMx
+TlWzYUR0X4DgNZzTjm/BhQpJFduh4wXkShzYQMV/LrZUaY9JZNWIWpiaSodQc9X7
+1rjftKvPljW5kSkeOgQCHeL5F/6aTHOdrjTGlzgL4ql9JbZccCs2E41yJ1cjqUNY
+zdh9fd76i/vfFuqZrFWI/IYM/NOmD9QXO5wKIe2dHDdXBaL4DrhPqV3w8qWoVEfX
+xBjQ0uNXwfTb48s7G9RRKoWf0Q/ehVlNVxwSJ2JAmyci68C9gyG5lZ4PLsUSwLAF
+HRjozR/LPhSOZoEB/z9nY8fEFQH3q1j5he4v4j80IPFv3xdd9b0v24g2SeAoEBgh
+9IHSVEcsx1S4cvICX7bOWXIGKNhq3TiSVD5X6VmKG83bNdUivbrmSWKOt8u3sKXz
+FmE7CSHFrsJI0I1sCfNEbNS38GZBYkQ1X6RJ2p3umR4syTSxfl19S2tWPE0HEpJi
+uD8WFm39lj03o27ujnp9yVPUPGTAP2qzIivG1voTUFJ32z+0rWRDqxP5AZfrTQfE
+DgI+uzsEBwCKLmnWaMAuHovf++7n6qhWkM4oXzb9uv0xUSfZdk8/1pR4zxjNazz1
+JgNd640tgqAoDrKLtW/4hP/N3yY1C8Hjwqt0GnqIK6UdGnju0n9zXiNfBLv9Um6L
+O0b+N3nUZ//RAkFTT5ZRPZ147EtrFIbLhvu3II3P76cJaJrpZ06/sYUmTjHn6JCo
+XXV8u+EXr7+Mt+Ml5GqewAOxs0yQw79bszmTS4U+aGQObSxMKFQKe2N0biTo8Xit
+EoqggCtSU9S5sukI/VAEoPEhojsu5kwXkdN98GibNKCg1A1e+wVWari1R8XWQtB4
+swe1jO9iUTWc7zc5EedzVyhIv3Yockxc2smNGmco3gF3PImi1kWtgMPKuu0YTdvE
+R+Elawccm3w9wmeCHDL8/jTU7vwGNKAN/MJ2RePGLXg7sPSruCwuzNz4TzRrHuqn
+jZGslqClmz5ASjNihun16ObAtP2q9nfnvhJh7I5smiSoAPbt74Fg8uAZfj7pJONd
+Z4QVs+zVlF1gi7VQqNrVB0zKnA2xDeobqZG8PonrwdfwcTlpwPA/olct8EHP9XAq
+kMRv22iKPIpfs2cTMDNj/1w4r6RkzWe5pfRe1hAwjLHlDKTiOJgAAOX5b+NbVwdG
+iwbd8ajh7sfn7q4PMxB9O4E9t3zXphafaTNqELAGndsmsOFuJGwmFvw/mFkbhxYg
+fbBIFsaxV1IlBEuxSKYymUnJqR4VVrhSEemB9HfAW0sgdPEJ6Lsh/c01WzqyzVbG
+9ElaC/YQpLsAqmpg0JrSN+4vbMSdPpVjWn5CYuBeTmJdZBLgYHitg3VSqMTHwUfJ
++P4oQMWHQegL5nuOsRZ1oeOlLqQhIYVyGn/Kgas4UWGvv8NbtoUXJhhIEo0EfzRy
+YUCB0b3yCWdJ3ZyqLvaCMmM60fBC7FHPA72oRL4OonUwRdbz9hY/k7XNxcQcIaGV
+fCkBBoVYSzzr7CdssamJDBLLUw==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.der
new file mode 100644
index 0000000..7bb364b
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.pem
new file mode 100644
index 0000000..4b57254
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes128_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIYBTitmleS5QCAggA
+MB0GCWCGSAFlAwQBAwQQfpTMeedMDwo4LcSfu3UjJgSCBMKtj63O160n7dTs3+YV
+ds1bZFbJ/8TvSMOVbJn6VZMy6l1Hh92CcGuGzLulWLz/XYYgIvsk44Rmi/gaf/Rl
+5Sv6EmfGmxzwb0RqbyL8DTfQie7wu417qwPOqomkFzlJ9/Ku3hfgFDykMEkjr4bV
+EHrTHB/PzHxhY5dfFoH5rGR6yoCbbOpg8p5TguKxAU3PdPd2xGHI3AdtsdrWFEES
+HahIa5TkHCjHQ3M7QvuVY9RI00gmf/N9OXccUCUXusoV381W8U2WBPuatQ2Az3aW
+iQF8XrY6QpOrvIDdiM84AabbWYk83JcMDL4JGjEyYHbNZA85fw8mD/OTeH/fPMmt
+4VKuA6mRjZuAyOpBh++4pWk+GF3/AiwbPFZCM1Hyg+Q4ozHgNOW8RmwExHfEFsQV
+cAgZBJS3j6ot6wxoc5R6n7cNJPTSSRceP7Nodd5nNyj4bB37nPZNgJm9FprsilEm
+LCM7IfsV+gi8DzrtbEi/e89ZMkm4ENTD+9lRjLdT1g36Qf3Kz6gUI81lAEoqEKSb
+yDTV3jkA/KOFdqzuqwXGIi6mD80X5cLOmVvjWmtQh76odSyIAesagWwksoTuMJsa
+/MmKsSszUy8/m2xYKTjQKADmMnRrrC5ZLpnRdpwKPXgEXVlKkPQz/Vw4lzGq4S8b
+m4qvVrtTYZnQwqyU/8TC9UMqwxLjRlKR63oQuqfEw/3QAQXPPtGo3P5Lz+bvtZ7h
+PEZr8Nzp7Z09lqEXFWww9cTQH8AS/Aq1jr3pFIf9yh/Jdqj0ZlEm382PNC8avUbc
+pS07LlgOeGLrTWZQhZVJSFm5X+y1ws4Row7wfgoscp94KczkvkToTQd7ckz0n3gp
+N1JuSCloxLzgnE6iJnELc7r3FHRqW9PZy+QhXTKkgG12sRpXeL2KTmyJke62vwTs
+MIvdXV5qJUM8LoqStkDFksqQT8q8Tmp3/wk9XHuI7b4omK+LEZT2MrK+Ot8FLpbx
+x8nDbXlnDt0sW3MjaEcfWKj6azitn7RIqAvIdgptj+JACwFHlDG+02v9wP/Scsfw
+s1NQgpPnBD6vYU537J/faWn37kp7ai3+8l3+9E+cF3s17QI/MBiRF2ZIW5Ps1aP9
+ZeqJF+irwEOs37DdkWpfZowXkW+YuFUTXUtRUqVBaAe7ZCbaS8e7jlS3+tKZ+yHp
+30JlArAtBgUymY4D5hqIs1EXGyrb7l75nxCuKcfnEz8l9BPHB+CelhWN7DJNE17t
+ncqT8wRF7/d+vSXxC40BQo4b4n+33MJ14RvTIamhZcKUv58lvFhoaltxazNFDx+8
+SxlCpuP6vK03t0ZufNpNJzppj2g6qSxRARkQTamQkg2SuAjbt7mNXIwg+VW3U6El
+WEyHJ+mewX91T4Bwidamw1Oe4uhWSx87vHJqcrvhpPjFACrZXxzBvyPoyDk1Bmln
+SH1p8awSS6s/8Agrng45ZBaWolez459R6xscXDqUAFwqe9In75Ojlj8ow/HJJu9Z
+kxLf3nWrrey+lug9E4p+Zx3CgpAVPxm9iJtCwBDFcOvu9VgOUleZO1CvKjDDFOE7
+z38j5mSmQcW2+1Tx36JK9uHoD6+p8i00wpBzeZiY6JMwx5G1vUYEwaNd00fL66ih
+TzcIMpE=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.der
new file mode 100644
index 0000000..92b4c02
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.pem
new file mode 100644
index 0000000..16ce386
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIFf5BlNNsxVkCAggA
+MB0GCWCGSAFlAwQBFgQQ6s1KV3GWRHthTWZh1wm0DwSCBNDNscsywNkbLh2xD/5h
+vn/IgPbkjZG1en4QEiX4bS0T06F7JVHNtV2nu7zkbDg7Moh3UyteIyTeGyTdqw1g
+y7GV4U/RwDU3QDY3k0OJJAYIosUxJSyc8g8aUSY/Q9CCo2XPAZ4wdAP6yDcZtYRq
+PaXcQIAKIKayKFvBTr/ekV5BY1V4xpAoVjKNDE5rICPY2M1M8qLgQJzvTdRqyevg
+uF98REPA7rSiO+Uj5bfHkNhK5RQx7pu+dM6GhOiItKgWpLBEfQN9Z6Oa6MihUtbb
+eSbNdkdx5PdztRPRRMeTxICG3fDReYdvaNAh1T3x/qfYutHlkToI+A2jYMd/NoVO
+eaHlpXIB4o4d4TKsIbhR0YrDqK2xJxr7dVbEkc1rY7TmByL+Y8fHw4KXAV1etmvU
+/9SGCEIajdyeVN+v3RiOJPyJvfZSSxiv1fRfmoUTpCyLkdZVq15yPO7bIwN9xDPX
+pg985onYKXxG6xy2Ck9ErVsX5iLb1wU8f+k5E2DAxF+oAZyIpItnH65/FEkGdAYu
+orYilxbOvtB+lVOZVgYuE1OIsOy1wc6GEtoZ4UKo8qkGHTrqtBypJRhUQanmKPOG
+DHMptPj1cyrLaAh58ZwebGaSi0gSVtbfmSppZOpc5O0tnEFr2+uAvKnP/tSyh1my
+SbTjkDH549C8Peu5T74TDjM+1ogjrecLWOyij5ZBVdFWp/s+lpX2Q7MQLsXrptd0
+nLrnIsMjphSXXCFLZHm/hSTI5fcZKVjEwNCbVj4UMOd16oO5s66KuIX3Wg2MG/8U
+isSfVsga5E+kIyChlag686on7p9mwnYVBNI2oGu6zXhSqjiGdwRmUvoayloGDR76
+vtIVB3vPQCJTMMdbDxJ45E4Avr43hngWCp3X4MvzXgvFnvbEmiautqnxCVwRXfFS
+dDWlGYKvb6dKKBrJ99muxYUik3iJ/riQpp+BiHbj+/Ox0pIJKpGhL41vkvuUCaUV
+zri5SdrPL4OPBPZwShrIglRSAgd6Ot0X7ZbeLV4hmkqE37hPECWS4lYt1wRyC7pz
+cB5DbKoE0GRCox7pOemWRgi8TPFtvMcMdUmx+bCZ+KNSfzYzLziAyBm3LC5iuH8C
+9O35aOihXyZ2pvQuQCQ37pSuVzm3ySQYO4YTSgY6o8J4ypi+ax8g9/StEJWP8MxN
+DwKMxHzW9rD8YKxgi38yW5gNQ38lqEyxgwG1PGmkfqRtk/2XOTJj6Xu1h14edYK+
+vXxeESy8iwBFoHUqBQDv/tPMXTvxRYnItODQY9efVLVAQ6jPOgvoiTubeQTdX3JR
+J7MBVHEqWDY1ZWi4RIJew1h4txFDC85UPHhiRrjff/EMyrQNzFoyF9ixM4Q+Wwof
+MlTrGI4839GtECTRdvonzOSNfyUGQS6B6v1Q49ogBqk+m+FNjfx5hYYL7rqtvuG8
+VVbQiV6ImkDRFme6gbmiNKrGMrd6Ntpah9tAD9v+RQJu4Y8TyNBeG5Jvta7GAk1Z
+PdUNF1Or53aeVIZ64pS1fruTiXB+Z1CnSHo8EareYFjnBIvTjU2Z/OJcnp9/vL7X
+GJXRJWcrnRcBaiwmKPqQ905mATsr/TCR57yWHhH26VWd5bvb3fNbtmbf68m+godP
+PtPPRfTKSh55tmrSvpQ0WsIUow==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.der
new file mode 100644
index 0000000..29becdf
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.pem
new file mode 100644
index 0000000..942fd9c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIwocEWtwMl2YCAggA
+MB0GCWCGSAFlAwQBGAQQEQR9w2BnPQ+TOMmn5o8SpASCBMLJgyqgJCp58K5DdDod
+wKj+IZVKl8KTgtYyYvhfFcYSYbpNamV1hipz/answ/ECJCi59iHlo9m5p7bYGcMh
+rs1QT757PUMVGHwGv6GUC1QDr4k/DTHJTcJ3Lk/vo6HkOUvr09XEiGL4L567t405
+Z8iZgvoCoCQLWmGvTAtsYaR+hk3foTii32fyn0O1uK8VKrI0Uf5X6mw6yGj+NUD2
+4+hSTU4ixsPWxEa3El/CPuBZ0JAxGr7IYMMLmLulQKW0hlkbGtUZlJlVyoopUuMK
+PoUN2GdzOnupyH4ekLSgnUdq6oFSH+jitmpIZeiFjLRP6SRrhhtVPVkquTUzV8Xe
+Czo03yGr6IY+HU4oc6EU13KrtQNL0oOzM+AnO4Wdl2QXi53U0z3Fz6kKDaZUGuQM
+rHs+/aE1AV2j4B64vQs9pvQWBLx4PyprYi0Grki5gaiDKBA+B7Qa6X27hB5+5y2N
+wZKQml+P0h8sOMOwovlh2atBSzEkiVbNWmTPW+vqiaGD4TPIMH5RZlpjOwkTd8mp
+IxHu+Kdf+wdsy1+rjBVUKuz5pCI8yLHqVqST6q41lHYsEZCpL0otz8AVxTNEQfio
+I56+208nZkzk6862uu/n1IfZvuKKkcNls04Bydj+Mh80Suk3ETDHCqzHI0J3towu
+HnS9DhjEB0yEkpIJJ10xxbQ2yj9i0eC2rmc0KlWhiWU/HHYfaEHoYJRCfs/cQmTv
+w+Jjxi9e0HYWqQ2givReDhkqVOSKW1jQiOFh6iTdq792NWCGPr6+sBNYxE6jCjU5
+4etyxD68NUuAWdPss6emTJzClnaNvhIt0oKidZME3fycan/Lu1BiRkQhw2wN3Xq3
+PhMFgiO6OL6VUqa6gnwed2s4kUXfvKDfmLau7VIYFMVDXVTL0PAC0+KM+n5M/2Ou
+t7ftFmbxrjZF4Yrj8pe0hgAad27ZjvnB6dr3Hvcf6s3/urQxF01SlKAyEgUsvG7m
+DJfRj0IU8lXkVO5kmUaW9nsjqF3mUiuqJ84/8su+/pQj2/3zya+8f1DXa97gStiz
+mH7vgbUir1Tea5c20Z7htQt+8sTVNWvoW6/9fJmFD655pmk4vJ4DK1LV2w7sJ37J
+L3gk5CjcPsrtswDiCg8s8gUh6NZvaKW6TmPjrK0Zttoam3dl2ypEkqnmsoSFCvnG
+Vbz6tfvKXwDCeqRrxEEmvI0Pr6UfedBcFBtlI+o0OORaWFstwS0UFx0mLCyusPzq
+zEBHdJyMKomPr30o82RQQdlFgo3O5ODaB/tXH+LzNC3qHaGSnqmJh5WLHV+n+Vne
+kkov6IamjmwBmYZkOgmHRkx/0ljpnpb3GGBnGOtJrrp+O6Nlm0C1iVgtTI6RC7Sx
+DC0n1E7vEeofQWamzPutmMrKluqHpei2kDBdcgk34KIbyQEwopjXosO/bRag/ekN
+akhogLBfYs3LR2R7PWgR1L19w1SdNqfaqJwRmq2svBHQaAZmsGvL/cDk01KDj8nR
+eic0pYG1SwPMFN4R4Iv4uYLH2Sm3oP7EpCkNFZv2j7UkRUXXA/BhdQMsn0f6ZBEC
+FpVcw9rwqv24nZrC8WLqSDuAdT1QcpxSBHeL0JCMVD2gNGn3n6JbAjJCGZ4+BzQF
+mXJqiis=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.der
new file mode 100644
index 0000000..fd32604
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.pem
new file mode 100644
index 0000000..412f57b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIpbFYsS5145wCAggA
+MB0GCWCGSAFlAwQBFQQQAAAAAAAAAAAAAAAAAAAAAASCBNBLAAueXBK5nlOxXmUj
+VM4UZJn2bfiK+3iLmqlip29aHS2eCHgieVZoSJ8wGSzERzNyTYefKGlVhSQ1az7L
+88sUC+NeT1jb6MdpLPiFprRuh/nWIBt8PzmrJnhwWVLiaSR6cNPdiHw0bkML2uzK
+zQNru45h2nz8PqaxDsyOAdpc7Jpn39aGXep8nZ2qpuJ/UV7zxsKWGvl6WBudrH43
+4lyM1ZPQJiM94UOX0YyvtGQkwWKdnJRq1xC3DLzW05NW1nhHhZaQZgAmtk83RH9s
+g1o4eRbjdnoTQyP9ybmzJT+LqXwIYuGXihL5dmrvUqA1LKthVrDyKrXKBOYNNPUq
+v6HFWYc+Qux3oQETeDVs0kjDbWbIwItFY9LAaKGINCJxnqJ8KaUbHapETj06pvSa
+gY/dEvICQp0NB/qS8KZRnbHsLMsosFdF7vFmtkRXCyIB4GZf5NYfndBufXT0i0GR
+Pha4lulIefrOlLCi5PhIN/rVoQplk6MVpk+wz+/zGEffvFD6g3uQSIgSEZOyr19a
+weZNIKf74ccUVqLVb93BL7nwOebBB/kiiHvLa/ubHpprFUtuxJij5g7odNQsDNEG
+MrFtOZqAaL1xDQHavIUcvyHPMfkskvToqdNNNXvwSnOBs5CtN2ErUxo6X7ZPoWGx
+O/1lBARNCEzjer8/zXYrU0WyzGdTm3hP2oO4aHEayIjDcbrnPmf6YMeQ9Z/uJgOz
+xiy9wL4DyFy+oVrBEA675jjXRAMEOpVabtG+DPW0aPnZImbc6kIM6hEKMIOseUAE
+t2zHLTyHS3zv3VseGsJOk3JMzrT1LHc21x9UUWLGiXWCYDde6FiCAgT4upvDyBDN
+Bv9Yjt2ymEjWkl126xDF5Eq0ew945iU9xD2caYXqpvlk+sOCn6jFyi4IigWluaui
+AGrFdeT7TJI+G8C0MRSG0eq4GwNg+2VxhaepYdKl52b4nVZBYcVCCL2ijBjWQdET
+APvb88WgAfCaOPdvRQ0qj6ZdV7HwhQxPgrc3GM4lgTlu66PtrYfZt0tLYp8lSFoY
+e/EMy16ZkJ5uIqzby76lPF6JSOaqAh4lrIjOISXYwvyEjfJMAib6IzgCnHrXHykq
+21pmZrrLaFHSILizQrohjPRnXFkUYWcpM5kl8NytQwpBpXBcxGV45TLJ9ykdsXhF
+UMyHQoyv7CM1xhYpu0huEKkm4ee1CYMDXU8j5xV3l44NwXc1UjACrL7TfAX6sJuM
+jJOG3gJLBnSCn3G1356nD/wXRkrn41DlbJentlGRh269+cqzwOOoKQYRgc7ClRVP
+L7g7XmfXm9BCn7IlMKVXfr9zkjQgkE9vi7Ann7EQeP8XL0IiW5zYD73tgFjt7Mzp
+B/O48zbBtT7vC/JyW2fM8fWhafShuML4pXFCUcwyhqP7Zri1X8cyNYfQZMImECD4
+HJzfszKGVSQAlBwMdma8BdKUKTKm83WnQqDT8ZxItxeHprYvK3ZxxKRNpHB44Wkn
+nUabNOeviSYf7LljVP5X8fGL1GM/HHcUs0FSniL0Z2g3lCS60ntEL4NpNej2EusZ
+Svfb27XJh11W2jLHsI0JaCnpWH3tFNgdcfohgtSLLDxAaT+/7dWO4WE7ZwQgEL3U
+6GiW9hdkhEsHoaYgEALVs2bsKA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.der
new file mode 100644
index 0000000..0f958d4
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.pem
new file mode 100644
index 0000000..2b0b2ff
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes192_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIAFIDSmTxSqcCAggA
+MB0GCWCGSAFlAwQBFwQQB/dDK9L/TLCwZUmXSzErFQSCBMIVw25Vc1S5+aa2nzx1
+33rZJL7h7UwaJJifFw1hCXLeOodR9iNSdTK0INnRwl/SQGB45nxTQ201o9FTNACX
+UowUCQP3AFr8/etdkZgBvv+Sc21o6VgP0nxQ2xE7tYmt6I4vWgsCdfZX0OjuXJTn
+X3xRFvmHwjb40iZCnxuptVB/kCPKQ4LqNBveKRAsV4MtODLtns2TWZaFy1u0zEG7
+6XNaTHzT6KjOlJCbEcYuKOrn6eUZLb4W4IBM/Chq+Q83yi3G5vKxc/MGw7yF80do
+7eEE/wnJyFt2EgAsutxDwOyJLN/cx2W827hIGPQY3N7Sp95vbpOBWGvBj/qw8hca
+Iy5quIBbkC86MUebqq/5eFYa6Fw+ArUpCkt5kmwGiVBBkPppxsqtW0SsNSFAyuEu
+BmA+/cjPqGx9rsqJhXCve6/tUOk8eTji3zyHPH8hGe2tkSfsN545yKOUPuZML56b
+deZCi5PjzUEGX2cLf+8KE63/Z+vqyVzBd2yGlxmwLoY3A77r4zefTwdu/ogoVZH0
+l4sPh5pRLfx3334hcglZ7ezh1M+633d0V6dhlzEFXTit+jaDXTIndSBwdLDgYHgX
+SEZOgqBtTowFTLMb5YPu/RObiDXucm1H/DKQZXOPM1th950Se/XQQq1gkQpqxvGv
+/FO202PD7PuZFE0yYkjb542YodXzuVKM04CjliSWjNlgNu36vE7yXyz1JX4B63OR
+kC/QbP9GKIwA0FLyusDs65wO7bJtW1IAnfm+HhjRgH1xh8lMb2Q05UhS458raJxb
+DstoQbgpW8FS1vTWPkJmRzkIDC5wuowgKnvrrWq0c0EtHH9kFmRmcJlTI0/di7Uo
+7rCdvf6Oi+lDM3/oTpiOKCN7Bt0TWz/HqWj4qo/OCaYOy01J1kaL/VDlbTkW6Qlo
+CpRtFqAVw+BpSaChKRAwaICvoPpSgHpc9kcot2Vb88Ar2PtWdWrrMylg7vMwlBXN
+Gp0RArOLybu7SLTF4fkONm1lK73f4ff5AB619FZFyytHKhj45QWQXIPAiuYHf7eN
+cpmBjQG6behKgMs2UbzS3pttrB0QVuF8wsE9K/3nC4WOclTrO9niwg9iQxRoaVAS
+0hR6fG7wN/Sskv9E0wHUIv1cZWouDxj3gxkav+/4efwi95h3XhStSVa824XmEsTB
+IG2bqislVvZlRl8kYdxcjSH/cV9iLnQoHU5Ng28VKFjIr2P1HhzFjtZYT9Vxecii
+urKS/8renQA86ONnJUkCIcx+aJtR/81+aNViX7ZBO1++l9I7ujU3PxkbGWaYFWjN
+papweOFGxUBDUF1KE5f0b3u9NfBx7vpzPsz1iKhkYrKaWUaXF83uB23zeWktnF9J
+xKeObzzTbLLg/xiFMDrJiqG/DLRLjXDOhqTSyWCUanXtsqlHOQ+nLKx3bGz0/z/N
+F+0PVBzPe/r6tU5l9ZAqjAbmpOZ5/rv9lumq+4BNSVvx6+h2HCoFWkDjrn1JPZ/B
+LQDMNwabOZ6i/Tj9IhMRYMRdN8wqRWUysX6s5auuNcp3ujZXVVZ0ot3zkhX8sXYo
+MD9XnXHzu/obCd68rl1UpuNTuXSplC5a4R2U3vuoQ+6eFGBKh4YTZN5xZppX4R6D
+J2IDxik=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.der
new file mode 100644
index 0000000..0e810ad
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.pem
new file mode 100644
index 0000000..8ccc57a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIacMv5EvHgDoCAggA
+MB0GCWCGSAFlAwQBKgQQCp2dvaZRkvo+B1rVXRkYBASCBNCcbb+6XB7kPjKT0wp5
+RsbuqnQZP8X5pdlCjCvDoIIpXtGFFgVu58tSO/VbUhvsJxm/R3AB/rQNb4IyKnnE
+Uhgo3DoqYyQQba+BoyOPz0JP9fEvyBGFxLSPxDfDKk/PNO/CRCHra8eX6+eKjKgx
+yAwQOg0PRgkugAy/fKwC8XqTlgpiKrWDmpPK1JtwfYFQmDXv//67CEyS5dqFEOVi
+S98BkbH+8doI7SWsF3sdpzI0ikv0mkpJwRpBjwLtMaiuY2ErYJOPzqkR6BVhd+FE
+OvRcAVmLjU2Nic5qYg6gNERowUTPMjOFjlOeUBJZe0cImQN2A1gTsJIokohootwL
+lZe5IJajBXCDA7Ps3LagWK6+WDZ6i+hieM6kH6UMzxiRyTqmE1HSVkOajUYJ57RY
+hicAp9lV6lmc3gTdvHWTPhidphzy7pdaCxLilygvBRPaIWlDY2lY3Wxfo/qy1QlN
+y42IzLKSsiSzynwiFVSWtCSEvxNWYCjuFYMeYpqZcauGA+tWOXPI51ys6oxYxemb
+8IDP9dwgjdbHrHavE2PwjoM8LQRBtb5+21UY4ygm5GFerTeGnlao2FUXULm9cnqW
+y5oKk0ghpGRt8lbVUUTriGWN88skf1fBjfUAbCBVcK9g3OiwiHLfQkaItkSP3Qq4
+qC2bQevt2iDDkoW2ilJC7eQzrkpuuA2n1WTmB7J563z8A3vatMp93tZvtCr0/tTh
+i8oXuavrmZTNcG998RpRGTydCP9A+YuxvEKg6hU89uzEEGABt0+ykmQ/6COydics
+UVvFfSph+aRu/QxFNCkrmuajCbDtFUzZRew4kYzS+ADrMhOpHqdd4qYWM/9KrCcx
++tz25jWLdtKUKLP/U0p4QuedBO2ncDeJVnhVYEh8NyOvDS4K6Q0GuFqMDLQzTWMj
+MM7YSyCcKe7VRbWrlzBasUTOqoGfz0qB9Cu2iy0FqMnJo7X96iRXRNvATFL5hxm1
+1+LHsYmaO6iAnA/SNOmieXJ8Ywad4xrAd81B8iN7K9+d/pHxGDQ/NknPRyTAUPBP
+lSzeqkcKdBbHKeo3dWGgJfWceTeVGGDt3gxgjVkGALoogxmHlpF+D61tkzrphVK8
+MqIuCAyHB6kJfOfOern/GuRYiiU9N8zNF6zQ/aIMAOfGA/CpXW0t/jaUUiL8syXu
+IfEWpfyb+slFPmkIg5aEGHj3t+tFbHQ2zlGbjqXx/XQMIf2Tqfc1U9eP8FnNfonD
+furVawdSy5UsSSDbl+hqrs2DrpfA4l8LaP+/FQctXxZc4s+cS7GZjpZObahG14ep
+RvT8Dza+Wfv0WfGxlN75Cg6NNCpKBpMaSmwygFM2JlFBxsE8HEkHxE172pw4cKg6
+y9DievnbsAKqU7lceljTYerqFQcQnC0SVVxpH23ailDPHTZjE/85VWX3PLbOejSU
+f+HiL8J4q5JiC7cWUS8FrEvGS8I4P3SrdS39rvgU+SrVrxAuAoK86TH9A9Xf0iU8
+ySLJKzAWbI6ioQm3RnRxh5mp0RHBzDZGLT0ViVXRS8r8BdnMlkAFJ9QdEmHmNvNL
+rkZpxMghheKkRcB7sh/UgWb6bd/SUwO3Me4V2Mj78uE6H3Ces4dfbyNntc4xYQ3P
+sVXaslDS3SXOoyMv9ifuQs+zmA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.der
new file mode 100644
index 0000000..3ccaa66
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.pem
new file mode 100644
index 0000000..19cda1a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQItWMJ9qt32P4CAggA
+MB0GCWCGSAFlAwQBLAQQrOcV8g02pInohv6kLjyZqQSCBMLVaid7VH8IMQ7h4QNR
+jRP4LLjcZcoYvBWmlyMMa7ihajhaLJf2T4q9kaONfYpPDHgehR6zT85LlvwSuRWt
+88p4cajWyJuPxZ6eEr6OCS5WTpssfVHAz8tBA4qnKJVtcNkVFIsFJz759aAxf1/c
+zh/4lHQNdLwZoOoYLRf8zDifQybJUqkFFD32cHezRyjOhI4qWQxgKmGG5gKyv0BG
+zBRjUCsj/0/e0Eo0vmGVeaGQwrIuJMESvfjysRGq1YfMNXBY2gHy3W1Hm6t22DwC
+Jncadc+cnsufYa38ATcyUbWkxa2pqPQZIASqqMGIGav/KHZoNyT/E/P+E2Cs7vhd
+FZUMeTR4/Fi+UKMt+V3KS+kFMnj8SP5L9c8TE0N/gBhtwQicvdNgmojQXD/3a7GM
+wckQ/eWz0VrbKNHQY03u5Ymrvf701CgfXjM0R1PVtbUHvI2A+2/2pDcrwxnZ1mdc
+xhMHSGN6WMoRVsjh1FWFeIA5MFG84AAk/G8x6XHZXEzaqpuB6ySk/rLlK3GLNfAi
+gMb8D42q5jF70crLD1wLBYQMMNtRovQ25rk0nlZG+gkpqie7HESngH6phRldM0KC
+OnlkBZT9Nnfnm8aLM/4vYIzF8qsLZ3UgEdPu/B8Z7hrUeETsHTr2g27E3DeJxmqe
+ysnVLVKsAqY0LF+IpnrO3v6asU0Og68DXq93Mo/U7kfSPeXol3QBmMKs1OSyT1vP
++3BfWN52TBIutLDKZN6QbCd17cJaUjQ6k0C4xoGJJz+BoP9rSMLlbDCatqo0tHBJ
+go1RFfkpooy+ZFVgBxMpEgiD68Gk2N/1zvqtwxMNPPJituY6x97DZwf8zYmEgKey
+t5RWS/cwIO4WwwCdy1riZey8DrgRqxZO5GKExnOkmFhH+k3TvskjYzwX2xrJbLGF
++xasm2AohpSTHd1BSCVo2lhVCDhRqrS36I3NNwI7qEOaWHSjzuS8f90CpV2fsf5l
+VTTzRc7c8296E0k1thpn4vq4bNH+4RmwHiPE2R40r1zPhaPH4uwmHRb6R1gbptM7
+aA3rTZwvRfmMtrBZ9uFgwJARn/k3tme9jjUOPg0BmVvSS02uM4B3mF1X8ON492j3
+Ibg1fwtZX7uER+JaHx+2ydteRdveL5bfx6xv62l/JifUIhlhkxmw44/SOX22rl45
+/v5PxTwQquVJq0OIHQLiegvb+SGROIulEsGSs9xpVRZsJT4MypkYDbuKXIcBnKvh
+0zefCiUM2r/UFLgDryRrQShaBPp4I4zc8iWw7OBOcZlR8spNd4pXce04Vs897aSw
+4dky+wizj++eOvPVyJhapFEqUbJDSbhM2dyffB4BI05GTpPuIWMgLeP84MjX8ba4
+OCI5IiFoyRyCt1weOxxXPHNiirUvNcXe7BCKbHcfkj5l3NI/5ncFVR8RoVReqgfF
+ewro+RJrhiewFRvC8qdA4r+RiNv1ZDn3btSwvH2oVvRVk1zzrJod4Y5rI0GcRldn
+NGvhzs+PULdS/V0COsWjyIACRR8dbPKd1GEM/veFVFb9zgs3yhSjLrQKig5ePFVn
+7u0Uz8URs0GLx0sRBtsS4f6SI2n531RULzOt37gfIYTf0aiEsJ2boHPajRoE6XKE
+px6YSso=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.der
new file mode 100644
index 0000000..ea4553a
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.pem
new file mode 100644
index 0000000..0e2281f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI8u+Z7SFPcE4CAggA
+MB0GCWCGSAFlAwQBKQQQAAAAAAAAAAAAAAAAAAAAAASCBNAw9xUq40IIV2tSyK+K
+gJp13md8srHqWafHfw1BAJv8aa7Gy3FIq7r5WFjxfaQwrdUSLbesT75o/tdahn13
+DDha0QORRk89Sm0CN1iId4DCicZliys5G0kieWJjemA7xBrgr3Zv2yakG6JUmM3K
+Kjt9bpp2yC0uC3YfkJ1uWD3dWUS8uesXeSJoXmgtR/GJSV30irVarR9lDERcaAaL
+YaL2qEtG3OQhTyKUj6nMyRxGU3RhPtLQ2OhHyLhGhvvq5FT0JIBT4uuSNRL7pMj7
+G5uZCCg84q21oN5xPvqeB6RUkxHAqOI++UiOKqq3nm268medqBmph6wmKmMvKFgH
+jGgihkPlwtfTWba1/P5Pk0HkVeAhKXUCRaU8uCSfXbc3o4PFez0Edh0dA6bSpMQ6
+okcBg4BfkhDsbzkZX6LpnBdm7ItfJYgeUL9JI8qAC1bVVnPrIVTODFxVQj1B3fTy
+QSDrB4WYkPAdUJXZOEYRcJNCzKM19T98nCpIz0Rrmx4IpSC7X1nCHyL/VMLuZNrA
+Q/rgcipfjbX3up8OsDm2WR9vkqeRHuCWNBdsdIvIB50Om8tFVx9q2ZqXLzpYEgBv
+8mwXGlunGi4nkQIo0GkMkPeVCXN/rtseQvAtcPRnXA8mr22L1icmIC9EeDP6sJK3
+p9k1ptex9WhvslHMJhJQe8wz5Vf9vVIoPH7qaaTVOf2CnQardQf/wrtRilPqDrii
+d7+8iA2loYxnuzbRHVrFg+utls2DWVT6Ox9fdUVHNsCFxvGkeD7vZ6wOTwZQSPFt
+oNLDjp0sjmtwy4cjYRhZrmMutAxC9/LaqzpbUe1MT+4k3jl4UbZ6PyijS1FFYvgb
+oREAyn1MXY+Whir2ldRn4JF0+4t31WvwfAnDKp461i64PEmvCm1wy43MRldqI7YG
+vZs5X0H4wqFkcIU5/CtTSNfHJ8mf+Kvr957ni6nQ50tRhlxZs7wpBq8dDPWynZEv
+a6+ftAiHWK7xajEp98hKsf7/oNuiz9frDHQYYNa2wKQa5F2rQ7nJqVy+46Qo8IRp
+e6H76WqeiXMfBfsuLs9dm2elGRZlAWiKlmYYpDxxUoEknDYcuKGCKFaoQ4MTna8u
+50HR4aegbaAoDX1CYQR1s8jbAOrCtf0kwCrz9pGTVLRo4CRSnYAmS4IZxUPpYuQk
+V+5433SptoRK05kB2eUkkULnS4614v2lqaVmPceCdSAfkMdc6YGJvyiohHZf6eAI
+lXuYVSRdCuo1B8+Wo4uxL2JTovjLg43pxxJnInwE3IEbGU9lGNn0xm45UHHuXoFh
+LN9htP/30O/Ls8chi5RhGGDKc/n/9nx1G6LkOpX3adXgEwib1KKZkdHrOGtl85Jh
+HxEDcCnOLZQV+WnRu4zsoFEs78E0lJDkaXoh8l3tV41uAZCwXZYnjwWCrgqdGk+o
+4QKeXaJGuaofopeB4RdJ9yEVz0X89MXsLxjeWgsFZhP5ZrhJpPw6D7PC2lxaLRHi
+RRgqZRPv9iGnooBibuSSVE7lxDpQwYQvu3Rh80plmd6FW733SWNWk8o2OJdDKOJi
+Uerpx2JtqJfYDfwQJS4TCvaLk655qfh9xzw81MO0uLKhQGA920/UPpgR+eD1Khop
+qUEOHQYtCQXw2DzL+/o99XsHeA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.der
new file mode 100644
index 0000000..c08d5b7
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.pem
new file mode 100644
index 0000000..ad67413
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_aes256_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIk9vmCD/4P6YCAggA
+MB0GCWCGSAFlAwQBKwQQDFaVAHk33vRfvl1jtNDfIASCBMJIyQ9pJV2GgNzenpFl
+6g+yCbi8b5siIo1qAKHX1sV0nkOVCPwgXdEfXvZISYitOx0AtnjTdXqRHG7dhQhV
+O1GRknfn/frhW2RQ6Q4X1zJ4a1U4oqVesrFHroWHdVh6BHbASCRZPnVEi2j3gC/f
+Aad5QtJx/HRSE2BH7fK5lxb4+xVQzhCpHlPcSE4VKL31V8qsrFav2pPPHroNZu3e
+qVVZPDgcd11rHBilCJK+F1iCuzc/JWU8qrleTXdkJQkmBOvYBkswbUnAV+sk/Lnr
+u0uBtgmdRfFauaTOgtMel8GjliMj73ZJbAX3eZE24sF67q8irdjZZ7vKLJWkmM/c
+dIu8rQ23rl7OvS8jASSojxl59wXdF4QmfkC87NGssARyY+Ii0xf7q9uQNJxPFsBg
+gtpC8xNnbB2A64Xs3KMYEJIt5w/6UeYccoffhchlc5GDqHldd0NGVw6cUMlzTo2i
+RSvllRvWXBQ4ffu+ApBVoWlhcHVUm+CzdiLlLeSh5IPO2NRpQ/pLKLfHTQAli2Mk
+eJuff+mRClcZTTMP8/zbCH+wugb16Q2DEVcwn3rXF7tcV3NaO+EBfcoQgmyR193S
+MAz9MMaWBCipGNC0ElTayESUgDXF87L43VzL6XM26MJrhVrTBkbOKhGcXjrvrIzu
+BkohTfPOnIgFR605Mbld03a/vtruP//3A4K9e7oB6xNs0jkV5LzoqP083mB2JTAg
+zhy7Qck6LinI9ewUNd/KrrU4hrAEpzRJ6O1fyyIRppDnL3ID5BdHSdcwbyLlUDaj
+dhKXCkLzWxnbpKHnsiH0DTcoabC7jx5s02eOZ56L5cEleGumhYDhCD70AUo6f9Vq
+mfv5TWIJGwQLO/YGtxQiDyfRq3wk25IBM2UID8aS1+rifukaaAficP8KmrQWKPyP
+ecC+Bf5035gYakUPhNgh0FNjFp8MQVTtYrWz92VQuPHnY2aBoSVNIybZa3/vf0cy
+V9jgsT50R6i0lN3mHu7vtYOZ6JjaWX7rcASLf8JFXJad0g9IQ2RTjYn+TG+cdFix
+i+19O87Vq8AUCajpCZ6nPr7NlyS/QyvdK3YEL3KbLNBx6AjMF2Z5qCLfsTXogKtl
+73JMmD5DzIsg6cmnkojKo3pruVOwVyZ663Ao3h/FZ7S0nQ2m4rM/4OZoNpPpmtJi
++8stPTy1Je0CNhQf64/jwA7ghVp2lSC67EkTSJ4Ds7B04aKnIoP44DqpY4gHxdJ/
+OFXLiecjZGAKOQlDJfHmcFiN01g3FRiB+DsdAACdWnaTqAlBwpJdw2op0IwCF9Yu
+65Y6lVCQZbp/EYwNNv0xPFInOknO84qmNI6ilNgVaBemfG4H5+SkruHrT9t9GvOu
+rqyoDMN03/LGaDehbLJrDvw4OK5blj+36yQA5QIY9hnWOw3jZpVhTw8w4+EJqvQL
+tKUkchaNyJT/6K7MxqH3yG1hiXviloLF5p/3hb3rrt+yYRbNrotl3GtP2AL3AFeN
+/q1M1ZGtgemtzrT+bX5JJDUr+6VdMgMoLYR2iPyo4OM8V5Cx3PdFpMCJQp1rf5DM
+1GhM8xspnLbukm+ING/4+RdQWZNrpbQB8p9G2+it4IHrlO5aSXmQGh/bTQ3Zxh6/
+u00h5/0=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.der
new file mode 100644
index 0000000..9d3222e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem
new file mode 100644
index 0000000..f22fd48
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDzBBBgkqhkiG9w0BBQ0wNDAbBgkqhkiG9w0BBQwwDgQI+SHyL0TmEd4CAggA
+MBUGCSsGAQQBl1UBAgQIe5OfjWHHpAMEggTIr/Ma8RAEsq65a1K/AooVkDgwtqRD
+Q6A5Wx5LOvXRvQ4RLd11ham+GCWxHKWHeMTnLLrW2gQyDdEvMPtM0TRoGmm31npu
+soEDFLIruE5XUmpzsKZkqztVhNl0pamzsqD6g7vSMlckFORsRInuWq3THVIDoHVi
+m54JE5RCa/tZMVjmvvYOt1KHJhAqUeyb+CQYZsO6c+mjNBZrvdNFDz4bgutVKreL
+FQMYJWr4sClAqnvHCvra2SV/mwIBZ1lYj920Qq885+HoSSQfgLOwar5XYCyEb7z1
+Q+NYMjaDqhEIWvlXsXu7B2YIYoSC6vse4bfXvi93fJtb1CXVjWnDKC8xJs9pqVCx
+t1P9JsztRHZ5g1daHwu6WQwD/7YRubi0y9pYjHB6H4M7KSWX3CEz/hDccUWoZHKH
+D/R6cNe12RqVqRr0a5tteUCvFwbXCcwKbTG8n5zd3MS+2FF29S8jvhqNXJOPuykS
+Sxq1wi73puQWCXAmw5aYy8RBlv9y3TlcaTDO37AkDdhJkWQLWbNy5MzLmh7dhNCQ
+R2Qy4wz9Mw/1GZYhOYM0kSovMSHcN1jIvw94YPAfflmL+k6VtI2C1iyD4BG8li1h
+ChCqL02fiLYjBsZquOdE5Fkg6tT6IucB0x35Qfjm8lTwcbVnjVRHnaQyPIMZeN9N
+UdZqzyb7nf0zI3rbrCHFMPsGX5741VGt2Mz9t/rQEXjezgkEuxn54Z/Q39Rm0vmX
+LfcKznYCVdMkomC0tIaYHBjVQWZerBRIHPGUhozdKwwASYco+FuJNNc9SZZnJ5AU
+ux2yD3NTec6c/fgseJXi3UT/qDDmUQxX9hjwnUw8CPHUjXWGTmJ/ihfQVGo1ypwg
+oRZWtF0AnxB7ZfdtnW3yq5/xCFzsIrKyFy4s/kdsylC8eGw4snGA19PN23eEyTZD
+bSuW5KLjgScbR+ro+e3Y1F3OTI6+VF2oMLY31XVyt8S1N2Zz1lpoN0JfKaWTrTTJ
+9Ic0oe2qtgqC42g11WHQizYAe83cZYNZgzU9mRa1FIqQD4kMQh+Vv9Cca6FpdPUv
+D4GS7/fA5Ez5jFV7VghOCFfK2+1Q95b+2RnQEpmHk60+U7tZG4dACXLL7i1hbJH6
+YuokBuw0Wjm5dicOSG2DptwzyqFfy7C2DYgB3Gi34fSNFxKis7CeKQLNMqppmBof
+q379AD8hY9Bc8gUWAwMONs9AreDiRCGyR+IokQPTgKRuVzR7ISoxWkKvfW5XIdNf
+Pd5kGLhX0HfGhikQCVP2XQMkOqsJw4ShV+FAcMfzaq54/PzXoemkRCOMsCzsDUde
+C6XGF1wviq52P+DnAr1tDmYGOP+jP+O0shzyXF/res1CZ0PjiLIyUb1JM8m5eMRH
+dEwzX/btO/A/OwNwy5FzS7VdFwaGUjFBXK3F/xyu8jl6ov02/ooddkpqNm5Cxko2
+ZlJG4LXdDbO1y3rbdwSgukYS2SeUmGqLpONlGi6u8kGRrgetcCAzkyT+XQkV3ZWg
+TFfGxr3q3NV0C35hIKBxLXr/+ZZHDP4Yx6/Ok6xYnUyJ7RoM6QE7Ppyo0hFPv0Q3
+VknhyfXk/85k81dxWLWV3DiXZbW/9gGa8TGRuZxliqTr1YjTRGiUwn+fCVx7YLyw
+PiNp
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.der
new file mode 100644
index 0000000..497e226
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.pem
new file mode 100644
index 0000000..e8c430c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cbc.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIGBflqeZFz8sCAggA
+MBEGBSsOAwIHBAgLbTq8mvQ7QASCBMhUPEBJHO0Uvu4bW2bfb0NIvczMuPbFQDQC
+GnmzPGsa6vLcE+z61rBmPLOT45ZWcbTf867wh0e0KKFERkDh70lgenwYACRcefoE
+ktuvdjRBpMiSAqr+ucD3ZwyIVp1+I5xUJqLhqxV1Wd5pkwFaZsqxUCRd6DQmZvH4
+kVw2ulaE1HfT0XTPGO/ewBQ72wZ/XiegYsP7yp4dNIfmwMk03A+V0K8PjQTY6Sui
+IHeoe9YT0b2J3ocsf38pHAiTmsgnl0ZtedcjlOYJ8yVxXu6h8FO+Xu0MXYGN387J
+m4OUqLFudtWt8oVTVQuevNO+EzP061gsZnTEUJNvQNwLajdQnmER5ht28snby3tM
+f4pzwu6asM5RHDD2FBSp5sBD5G/ev0hM6R5MkTBAEcz0CB/TYSMKq1IfWCqHkY1z
+bvd7Bm19vwoyszXBGEBmhaVC34kYXo3IoTw3ezvXPgSaNk6IUvFavZRvAuJLleWs
+cpN13G7pbi6WeCYQzml3L2hLP62DP+VLwkYyxUW3CvwLhVP1h2w12tb+cKC+4uih
+4Of7cjt0R99vNvyTuPJ4HDjcn22KT+NJwPDNviLcBrNs1XxCXFa211nZWDGDC2cf
+6lCd1JVQczewMfQuFX8lUMuZOfLoAN+wq+ZWLIEtIMC+4bciZWYxzKFijOWKqnd8
+JhnOTKZ3Ua1txrAYE4Z0jLYI4xXImnGoW42h882aEiWSzsGARD065zXiQr//b5ot
+TtFXfJ3IiJMMTyss93mirPPzcua8uoGvwvjw3GoxLbNIttX0hmR1NBGyM3MUnghy
+7lrQssx2FcENuI/zAq/6l3ZT2jGtixch+Eu8mrCBTthWRBap8KIcO428c38C/IJ3
+bdWmWJw0r401gqbZS2ZoSi0ia+RFM/DByrQl1Cww8Z81v6S4tedxMbmSiI5/vpXt
+TcM4xQctZr/shYU9CDpxLUznmaRXbnFb77S7ykrJdPgnk+Oq5GYIhrcrxXXwF7+S
+wg+72F5MVkFhqhzsZ8VGbgpgSw+BFDJd9wHiLM87ywQW4eHYqJfQtO1lPfzAkXfz
+oPDyGX/Q6Nisy7dVErZ4dTXlUKxXEXAfvZABA08/L+3w+p3HEWm1HJFpZitEKHas
+dheCNwnwmmyzItSjXBE2kBg9ZtH6Zx9mQpU2ra75dl+X2SvV8096lh7Xt0uHgjgq
+vtYl2Bc9yBnxcwf6ppI8+VzBTxT/Q3BBBTL5e8RuYlSB+9BTlsp/bgP2prMFL+Lr
+DJUisjPHJn3gPeG09lcWnAzTdw07/JN83WV3HHRjJ/ot8TdoVix/qlrtK7IPkTH3
+hyLhPA4V49aOz7f42Jg3Xb0/C3WUEaP3aJ6UEoCVd0856RN9CTOlG95SPH+IoDLP
+33oFlrRMlqQ0K8Y/j40h/3VbBxaHeWCNiZr3sN5ybxNkT8TaXOr2kWfePsYdGf7c
+Pbz3IEwUeOD3z/GzDdiYvOfEo4quECEEQj9dWedOVVxD2wtc5jbaaB+HEaxlPNg5
+5Sqd3F7IPtpoBGl9OOgigBJIP6JQWctjYJYjLGnVn4GpXt8pWclmkQ+SsCSCeYnX
+Hax2rVBqD3yMRpVw225Dzxb84R1hleqx/N6VJpjmk2agYCTwXKsMyd2tMROOJxo=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.der
new file mode 100644
index 0000000..3c9c35f
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.pem
new file mode 100644
index 0000000..5c96b17
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_cfb.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFBTA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIyrtLg/hL/L8CAggA
+MBEGBSsOAwIJBAitq97jfB2j+wSCBMLwmaT2ht4i5Kj6RAKRBOJJsF8sRCeDO/mO
+Q07e8OwmjgyAl9a2ZrBM6WLsxi9jm85+OOf4yhyqDa1nCcXKoGt1mb/SiAkZdYd9
+7tQrxF94+AZUJ0g/z8pnBKpx/1/99P0du8wxBDBoQhqfY/a/jXmmZsfvO1TeJgEb
+fnwiTHBk+8iUQcc257OaxUyYDbKBbzckAsleiep8Lco+8Mpl7MaPAc3phQDwHfVL
+9tNmcS97m6g+n5KkV7UR6f2ukxRAczmh6x7wjf2rqEI5KwSm2IPkCxPDGQKmeCNg
+F7ezrokU0lIx+DJQtxW02KCWgHLI4I55TdzhSyAwCsCFfl9zDalW64oqFKgJYG2b
+ZACYYGRIENsh/+qfZ5nJt+xhynQxX7eZZ8bcwXRDdPtPpCMmDq2K/cPVkSUcFPjP
+41a6yZk/dd+NQZ0pC8nPTbpCFmbugLS7Z06GmD+aRdDMxTLP9QY1BMu51+vlxsTs
+WhDkrH5BJb9z89FzcXuzR/qp4zQ6oEn49P/IhztUV2V75GvzCiw9ip+5+Sh8v5Q2
+GGyFgFx6qSE6h7Z6iu3BGeGsoFhbLLwgcM9YXdP3MuNdSJsZbzz/iRIHeHif2duQ
+vgEJpielRb80Anq18SsORqamYQCWCLLTyWgSluJfYxt6eGCuPGEJnK8njwjYmOU/
+hukosJDYE25jrSHNC7fySIFJIzxbu7ofXnOB8PaguS/d7CbLbhyKHLNWnsKDrFtV
+4sGbgcLp4CNDBhGruPUihtf3yNwZ/Kqknsy1wvJxKwateXtlqQpcCGoUTn034GAP
+BIA8GJOMiHUMjaSUrq1DxdUki8HAJRfM+CqERaVYNIDsH2AL2chVXkPWHlC/x8E+
+qKMHczBYjDhURrjWj1iGHN8aMw4nEKqT2Qs7J9Mbgz9Ibdycc4uXeSgOuOmOdgZt
+K135ThyHCUTUCjYxwiz+3+cG6bju1A/7dbS3o2W2bg5ESUlIXXf+shOCTHWVnW2N
+JGGYMA8u9Rib9GCchX4D+LqoocZFxO0g563/ADAU+Hg5ZS25lQmrLKuBKUNiyrf6
+W/WzyXH+8pNlWqKCOb692G1NRrBKpZwRv0NDo46dgYWwmSErahMC3dnmm+H19auu
+L9B6gsE+hQjv5NCpUrqNT4O9yVlocOLzL3jINGc1EaB/zCsb19Ksk9XQB0O0EoUS
+T4VFLoeGCxJ9/DrDqtuWiYwfJinJk/kED9zavFe5ETkmjglaw+WgUec6QORQY36/
+cGz5blwsiqf2TSksgLREdGBFQ2ATJh5cKmCp6yp/EEyiuhNyY0LXbhaG0UP0FJY+
+LJ2ihIzcnusp+QfclKOKEOajrI1BjAyFJkMQS0jcPgpQ3SAI8fTqNxpiQ5SuoceF
+FV7MCNnVtlc8j2rSLj0tXXes2Y0N5YfnQkkPuZSJpk+6Unv2RwlXUpda3YpIMkxw
+9rDF7j67tIlnogd4cDma7JbEdgPjvqDNKm1VEXgNhRZ167VyDGP8nTly8O+UGCqd
+tsAail/REaO3m2yNEdE0+7GPnW2v/znHcvqVWyq0R4NgyzugKb4Dxtzh2SWPosTt
+CbcdJKNKWrsNOX1pKp8+NuYS0JScGrUQQaAZmFJ7aAl+3mbYvZ5AGt8=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.der
new file mode 100644
index 0000000..112a8e3
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.pem
new file mode 100644
index 0000000..acb9765
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ecb.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIP260cva5DI4CAggA
+MBEGBSsOAwIGBAgAAAAAAAAAAASCBMhzhJsbVbG5HLxDzjiJunh1991nhCQOicEZ
+BHDgTKSGVu9upjcDVnD/wSdG8reMAM9NU/EoHH5dO5nzS9fHq5dqfIAzsXic46UK
+Puh65gxMFpGTfphkdoTjZRQ5mlqzrxYZsdaI0iIxgzshzTVDP5wobEoap/yskoip
+0845BDvdH3vQ8WeyGBIkCIimlDNBgCGwzsruQOREhMOpxiP3KC9qKi+pkcNgKcsL
+t/oU8B7i0pPphi/bTWJeF4TghS7yozwd910/KufBgpAm0BR17NIrldazXscrzykw
+epw3HEejdTI7QZHZ7NARz0mXW2r5+XAhNSLLYwYnn1HimrZYNAb6rTDuYAv5i3Wi
+itmMdNbzeGxSTTvaPPwVQMOSMtyJu0phDt0n4op1C/eK1m0AUfqX86HmLiB1GYbS
+PbZHZ5kj3tfcenTNzCnl7zAwc/BeRNe4ifTPc/glYlUJmvq3vPl9H02uuXxJVNDa
+Yq+B1d5DH8f/MbUXsbpzWDGSWVRauMnGp4ROGcYa7fwl10zgt9LPV9CX9OasO+IF
+/jQN9vjmYNIrjzPcHpeVmJzSw6vbaiJIViyfhXq58JVpJ+tqhkKN/QOxpmDgmDJU
+pPfg/eXpI5miDoHA0EoyTtIsN22fI5ux1WSO0+PezechJ+TFs1aLwfnniWFYhAJ9
+gxci9SFlnBUqUC1nRrmSLzr7R2KXWNNXi2ZSbuk4C8tVbBE5ibyFcpMwqIDBcBfD
+WMw//qS7R27EUcKdX/jHW6ZdIQGJhlXRF3/KovIRd6g8wqjCZ7hPZkJs7SoA+DbX
+lz3KxMTZi1SoD/YQxEqMWEuSffLsRFgNSW6+DyTxi0hBAdwRxJE/13ULZbkr+fd2
+d77i63g3Go4RpydTkIwTnfvg337bTFKASqYpV498ZE9gaGe1epk0TplAE/C0qcZn
+m3NkUIo8CPl4zid+Tn+2gqrRo4Byjl9f5+bqg7CdPB/dRu6bAksvjAgA1c+LM3Y2
+cOBhwe8GzQdNv9xOKufHq4JwwHrkn+tgUZRPgf4qof26jtRQKiPMRPGz7UM6ZOIk
+/b0BZUtBnYTowFOfOCqspkOQoKN3UCvBFjQNhyVqYIGsMxbBC5wABzHJY66pxX2u
+Ortb6MvTHEij3kyrTfrDaUFdoGxEiBT1kP+kbG1A3+p31JMOs3PAaosrEBTqWfdN
+VKI9shrmNIOJz7uxU8eajVi80DDRwovMp37kOCri8Ul0/yfqF1jWXUaDv5MQI5Ic
+PlUDd8LaxGtc8uJNXC+g7P4fRhU97EjMaaFRIBWIRlqbv1ct2+eFApY3RYm6BrIh
+u4cjV7x/9d6rAxBiJdtSq9UNSV6t2OIt86rwKS398HudbBbH4zIhGIbbzjn9GzSS
+6qEbyPYzO55Feo6KZRsQBvitgmQ7wpNotI7s7uKV5yHMdVCnIpMTHB1u1xIA2uiJ
+jbg8+F0EIggQoiXTTLGjj8M5ZXZ3CnqT34U7cMDeg257F40Tl9CZ/eQXyXmqvV4L
+GdlxKIOyYKcsMeJ0FlcxFJ2pTJRFtLvetPNaN5JHaOTRC8+zoqL964ubxikiH+LZ
+EfpWDUGkouqCGoc/6fNjtabJjwmBK2MG3fOhTpNH/4n2AUUulm4SPtBkp4uZj+8=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.der
new file mode 100644
index 0000000..8cb2506
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.pem
new file mode 100644
index 0000000..6a91ef1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des1_ofb.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFBTA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIbdCq00ZNZVcCAggA
+MBEGBSsOAwIIBAhCvoMFuBlNXwSCBMIvzvagl88RWujl4nG2RsaXP1eyr28SnH0j
+VEoKRp3XUKxfchwBmJFmgOZlDX8RRSb0Sr13RPGXij3RJTvyretkTkhmxGuISEtp
+XdTE0AMccTlJhdchhN8wCR2wPpIkf1zKHEwxwYzcw7/kd30MhbZ9FF7kZv9u85GM
+nBgyg9qApy7N9OcdeE0b3kltwnFBv4zlD/6YWZJSE4HdnLsyXqxZDNH6jGEXbJOP
+hQxvCB7v8LWT+97DW0wZCkq+IAmNUsdOWbz1PXUNbhDLimqfKv40jKn2vcr9PIAe
+3hVIAfYAUNBaR+AWl29DxlN5IwuEZI5Wzy5KImGY3UeIrncx2QPyE9C0oT5ec+tm
+XeHbM5qfDXZvIs7pv4GESGQxSdey8fh83tGiLg6jMPSGT4X9qh2AEM58dAGDudtG
+DCznUP90indqcSdFcij+UEafV46g6JfYPUXGWN/loaALD5aCednCddJPwUflw9lc
+CYFCFBWxkr/P+0MVcYuNKYIe7wiKulzG48ltQGvXXU7Q7Cqb1C7rIOHTP1ie45ll
+XJUjcAq049rfgwDtiICQYLvhfQri5VDfq3mEpRk3+nJV0OsS+NIWPVEzuwq4LGNi
+sn45h7rGlcix1NpNL273ZYgL6eO25XBz1UJ3Y04lV1KP1BEXq+vzKP6SuuJcU9rj
+Ny6T4krH5UT5T9et52TaHqy0P7wTYma0UeIbasdbQI/pgT3P53VI/pyHfumK1iTO
+GX8BLPWvMx6Ldfe4fA7eAogIWub0sk/eD5lKi55ZNLbh2WO7tNztscWxhbwET0HI
++sqoMHZDxMUOSZHkS7Wo2UpDx4Qxt3atSq1XPIi8ZGV5+MsIfR0P38V+1gzRA3GG
+8BSdbDaeMKBjIUdXvs3RwfkrCxIhbf0yZTqtd+JNoIDjQdCR6x5lxTc6V25E3qBN
+eAd5J+XsDkwfjZ9ASVvUVU8J/Y3ogd3JIjgwWFmQg9GT7lkb+JM531rCOiR9FdOj
+bMKYdoYN8sbPQjHJL4Dv1A21o9uuojZifx4sQH1CCw/NLWeqjwk6tFu7zBhK/1TQ
+/5ZLgMH2ZGk7B3LIoeDeh2pi746NJRE4rpmqLKrDdjHCfMEhdfa33Ql6ARZgq41x
+NEORrnB5eHpAJF94PErH/gwyk4TdTARAC9LcYV45I1qqqcfp5CZ7EzMVe2qwSJFP
+qfQsmBsKoFTx9ugwArl/jqeUl6bhZx1X/t5maHZGQPTjXr80OMsZvXLk7cQGg4sg
+6YmNeTEIpFsF/rLro3ipXjqThT08F+PgHcO60GtzomtkUI3nZfIosfrvGZ8iz9t4
+850/o/hmo0Vlk2m2+2fW7VSHmJTocus3R2B9OqHZHOpQpHMaUvL3zMdxaaWmD0RC
+L7AppW0y2fx3d2lHwC+rUpusJVl1nId/mrUI1YytQQs/Fy6kVx2WlQdb6BnGev/1
+IURmYDkwlie1oeLipL6e32DOQkpG9GWWW866MMuZpKsaL0q1v0N7SFIxm8Qv6lYv
+YQ8sKh83Kzoe0VN0g4mY5fAtmxJasFnT4f/dn1Aj2hsiQH0UiSJwEpAXSX/YlYSH
+R1zx2oD+uT+EYVc+OmBBw01bf2wmKx+e3zLjR/Q7zxckwOY/fgB3GQU=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der
new file mode 100644
index 0000000..5d3f1db
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem
new file mode 100644
index 0000000..05553fd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQInUCIat7eaGcCAggA
+MBEGBSsOAwIRBAgAAAAAAAAAAASCBMiKwGB+zBHFfHfmqr6jxf8CWeEuvoR3G6bs
+6BC5Rr+2yFtkt4/duBBgldL0oEBohVSd0NeoqCGAbVKjmaY7XyDeejuMsGBJ9fIc
+ki/fWc6H/eqOb1C8kbbb+mVivdrx6tpFxQ+8tKNW+A3rOWwjIrNPTWmsnU2/jRmq
+q/CwXeEZFAUBf1/pbxSe3FmLvIbukHJGIAuoG1CZoa1l1jr9Hukt+M3grDozOFlV
+QjRbvwLyT5k33R9S9PbPogeQiLuMFVXfvmt3u7tSsEnwlS7JZqXKGvNq7WEWH3FP
+BdyI1ZC/x1YqUsC9+ia9LObwseqYkWoETCWfPAwHyzYQ8VNBEWTvZuO7kIIoUPkM
+m0+BBljpc5IdLE/KIOhCI5IBn0tR8Qjvlmpr3oiEd6CsbNXCcW36wMnHKtnt4t2C
+yyEngoSuS1VZTFWr9ZhOOoiKzdQVTw7/MV1zsd4k9uX6B1I6wySlJ11LOi/Rnnqu
+ccqJTu5+IJAVf5AHCczbtUDqvzwckoTt5rDHb74QR8hcC0UW4cXXSgaGqeoJ9vie
+wH/8Z6pnZmJv1zAAHEqiUPJOOCYRE689kCTUmwI6x9nXeqk0oFFIP0AcVoPjagJc
+mhnoECLM++B5b9aLG5pUtotA5ig+FcsR4bdiNv0m/imP7Ip15WWQc/PT44VXAQQq
+os/Qm4IOEbe0N/DFgldoMXb4gEodumgsUg/3SiXIOW4CAZOcVT1ySfzUhGCB32l5
+Nsi7Gqet/rHeYeHAXGjS88QE0nKU/RsAi4YHHmvrTyirA5T5yEtL9ELPZwm7z/9j
+5F/odiIPh6E/d4vHBNQLFK56rKi9MEaNxvCaR+h8ThH+n44CaFW6A4nERR5ehsaY
+RAk4dtJGTR+b0T/DpbhxufqIc4f5hup9do+VIZwGLOqOGzACG23N2Ts7biiwH14E
+ZHGv5/bCw/onis8VIhyH0AUeYGswcvhs7XeBkWLNAfov4Uge0VT4age8jnM27Pv3
+9WRrbVi5YhYl9blNA1NAi73ABe9N1x29hWLRBMMgrqL8+KVxsdraQipBqshIO+SU
+i2rsRF9/vx8pm79qfInIGKxxl60ZSqebmNsTnCElFUUS/dyOwCZ3yGZ76Fsb8eXI
+6N+YCwXaMcJ5lYewTIdIrBZ2i6zF+gwKEESdIU8HdgsaUbu4aAIwGC2ChhO8gcpd
+xoKDZ9HXR1+5IH8/c0APIfKPbJkafzcpFpAEsYHGEbSYrThuqqxrzMSababkQSU3
+GIt1aYORWmd9bUHStqgs8py8kf8uPpyaudE9Iyzj77cCWoEmOW0GZURaKNBASV7U
+6HxNO1n2w/Bpe9zk/+eIpIWDYo7dgSC9fW2nZ/o/ULsyLhEUpmPTa8UAcIgn2rTP
+CSVnxBq06pkM4JgX25dmgJbOGkJ5Tian+X4D5BBTCDtrcJL5saXcWKnB15ScGhKM
+8++3TfRMkl54Xlc3ni9JZ3gXwg4hs2lsdj0FKvhUzvnLUhnbuBpR803RlgcyZsHd
+o27xL0Xyi7ZFbJlHEwZdrrqdBTe+TLcswpghjl6hsdE3ol65HiaCYkdkVzMW24RX
+dvaDFvVjCny6gQoJk7oXxfBVpRMAgIic4w3jBPP1mokDbXKkDqGcrRqi9VQantg=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.der
new file mode 100644
index 0000000..7736282
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.pem
new file mode 100644
index 0000000..97921d7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_des3.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqpcsbmHTx+gCAggA
+MBQGCCqGSIb3DQMHBAiEYtVFOafp9ASCBMhnk03sYcXPAU1eYthAr8vueotiNFFr
+xpbIbhB2cjC/bXd39GxyH/8X36KjVMuBJxFknY630SOBsdTn/H7lN/G8c+fEYTcq
+porajF/pxr7asdFl94xjnx/DGaQmUJooqqUp8p80On1Otj7xEZtTivlEISY5Pr6y
+6ou+fKIFKK5QzDzD9C+vLzYJMqhk4YamjxvDOwzYUoDFl+enMHXcuZYpA1yEvqze
+5lFk+9AxdTbHgOsPECqS3bkq64VGanrfFtqywqLLLhsakcnByjddcHdsFFvhu/dH
+raFdV3vsHppedqxTHbfFpvVl2+9XTpeBzwvb9XcJ2WUi4JUMtcR1gZwOo8S6q8LL
+UWzTbGjsZVG3ew4FZ5avAjUCGgiUR47LFleSJ34eWrllUptHzfVTpV5f787gfN1g
+BRhAJ1YJTWqcalIhd9YEKFxI3sjfWAOLdUW4at4z4yuRZh/uUck4V3ken8/M4JCG
+/Vy7B9Juf9uHRKFWtl3hYDY32UJoQt0cH7V76y/rjpbhvhVtKaAbcK4ccZ+4JuDb
+9qbs81Joe8jW4OZtYL/L+g4WboW/FSGlJXxJIP674lnglXXB5C8HT/I/7CzrEEgv
+wcKKAwZ25+aR7pCYqWdDLUaENQQ/Z1mARGDw9JGszonXJMdMWnQN89DXsmkp6qe/
+YkmZ3Sm4rrvz9LKc7mW+v+d+WnPTeJ4FBHmnUhGkuZroDl6SrCPjm3qFqj3zvyyV
+8Lk8xNMm6AEN8IOs7qeUAb811bdpfUzLebZkuNXDMl8KCoyt+nNF8UN7vpCXU3/c
+PEJahN+XxmRftOR0KKBIKCMKgnR90JenNmSyW2BJbT9D++7ujYoDlL0gTfbYa34a
+P4H3ChnU0s5KMA2h48UBkDUlwCOn4L860h4sZIDfRkWcptB3HFipeKP0npGAfWfb
+sQhueC7Ue8XpZIq5QBDOa+Zle3l8KZdmC4+sZYTsDoYm6jKX+LPgUAvvwyCBEUS7
+0zVrBgXTwFDFuGt5LYROcngfRggekAMa7gWTPbwb0mQgCIvKaVxlu3FO5cNi4ExX
+tlUUJyNualG+8qsbihqhHQBPs6QYhQ95y4ZndDqMtoyPWLhcOMo/Z/CLMQNhpXRl
+okJndM7TjzFW05Fqy+cQwl8LTdGVZKUOGW/RwYMD2TPxXEp/XGEDlnREHVjppToT
++SlUlc7Dh31PCz5PoRSTvpJrsV2LZAUO9hoGoDYjfBqfUbrd5mFIii/52eJva7o1
+RcrsHEkLTvu4BOk3Ztp3Zi26atBraADZ2T6UqwrfzZZrD1gI4sORuKN4/jmqt0KQ
+H4FMJkKZgvJ0Rfjpt6ZqRj99wSnwNfDvr7641WTpB07Ati2LI3Tr6Fx7f2Phfkg1
+SbzEC+qt3bixORhzFp0PbcULwamSsNVODf/EQic56bKZjOFEC+DFw3LKpvvBG1Fj
+kGWbfZhSA2GZFUghvhFbFOsuwKh/GDoetFwKXWcM8DM0+aHSPwL61Y5FQ0Kn4DnB
+ci3lJnSctD0fN3ckDIcTU/Nnza/RMJn1jRwBZc2Ql7/lA98jCM8uKTMVJy76ABf9
+8lQrLGp6tSMD6jo31DMLVmKA9qed7Mk4QeZiDTm0/6d2GZ6hO8xwvzFRQ6Qy1ETG
+W5c=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.der
new file mode 100644
index 0000000..f7b19c9
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.pem
new file mode 100644
index 0000000..d68b22b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_128.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFFjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQI4aRQrNlj6ZECAggA
+AgEQMBkGCCqGSIb3DQMCMA0CAToECG8qyWz/E/DoBIIEyFBBZXtbGNaIuDvM/J1u
+l8gKw+zfurof6G7BSxefE8zuVFVhRXc7MnLQml97awOeEzvnGC7y61JELsZ7ROqa
+1JWjdfURTsxxE4DGyUe+jOu2A1YSsnADCWq2bmvAkbFbV9N3Z1LqIkJNPtfS9KJQ
+ukDscB51M3m0Y8PaQDrGFBdsRK/lAErOxdLkfRYQItqUnzawF1FuysiYlcQiCC0e
+JrwiN9B/wW4bvnhQXABlQeI02MsfMPX8GLrlRfoNojLKTMCL1d+WK6dKuIA0QVRq
+bXzAkqWe2VjIaOHXcbzk9OcLmJAHkGX0pwkYpgSDyD2yqXB4thhkvCc9hlRQObMn
+Qvj2k5wyc3FzExWRwflTDZqpW9dFGCzjyzvOzfyJ+MWgS4e4a76vPEa79CMTWZcn
+UgNuSK65g7wRLFm6Ko15jxKAEP9zEGV+mKNBMmkRvL4aWWwbJOK48GYar9RaqC8u
+qbMTeQB/nfk//2JdxDR5W51dCSk5z64v/1ZEiLz96Y8GV8cc7PwVVjotW/yJEQv1
+mhWBqeiGLRQdymhU8AKwiNxhw2m1b/CW+pjOUpB21A7P8q3j2h5EqhD1VXneB6pH
++RTvFOUzYWp4mz21Ul8qXzc0CLsDm+Lywiqv9hDKMtaCe3cNrR/PFNoFuRYO6fZ7
+OOK3R7DQ/Us8cMpUJBCuYmBBwQB81fDxiHJdvtq8BmToJ6EYh4KzyTg4SGC1CPlh
+KjWkzIf0w7eZZj+hP4tKsrkeFsJ3/QSQW53bH7sNxp7uiSEwFpi3Sa/n3ABbOLit
+HR+O3GSfQIQMeLdZ5kcG2ww1SFEpaYBryBJZPfF7xF4rl5fWkrLasAPgUpTxsZ52
+UdD6bZb/8Ij3ZkjNJIRaGzCMlfWbUYpM4xBZ4bSQL2OGDYxC37T8TU4s6PIwGpB2
+zux3razpSBMFM6cT6ROw0zTzQpbDNF3U/wjOoyZmqRNpyr9AfXlsnxjXYzevmBUU
+IHEXUjEwhoGrVAv0U67YFgxLay9bWU76q6StODcz4flrcgf6Z1SK1J9WnX1FMYGK
+5HK0krzesjdFSqsx7T4VNv1paf5ql8mvMrIMTT2envm2vwMVG6EkOhGLjVeF/wPA
+0URcR8Fw9Wh9enObpocFnkqKiQfpyTOLBRIcYdJ07s/ER3HmqcnOPO4am5EqHeUu
++3YPVrNuV9E+BMNGKcMFzda5MIJi0rbYlF59Bz5xy8+nxiUqN2SvJYIMh/6egBue
+MEq/6O6ex5ypPFMlXItmubd3cqW6WMMOGuAxj0ciFLzZTxOwGDqh4G8GvPTZ6OtL
+fq2mitjPkLOKHplJ+Mjzd6qQIXxv5S7utPvpVnJPimD3jdwfWFXI5sO8pIjTVgbJ
+ZzkDw8ilLa5dR4e72+KHSlygjy0w2cvDX8kDfZyiRE30gIGQiHH7l/0Sv1GtOxpd
+2tmDTdA3zaI7W/gukmsMrpfBbGgHVC/YKlRVnfWFEh+a/4LLhc5gywqxyZzC59Dc
+nDRVPwSIPwWsx74ViClmviq4j0QV+n94JaQ2exgVvddBjluR7+9F+6+BSbfrgCeT
+nTAowzDF15LOg+/wXaAnSerzIwB1s9xfYyssGuKd31Rc6FBH+iZTZorVGS+8UARa
+yLHeQoz3pbRtiA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.der
new file mode 100644
index 0000000..6ae9150
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.pem
new file mode 100644
index 0000000..8a582f8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_40.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFFzBJBgkqhkiG9w0BBQ0wPDAeBgkqhkiG9w0BBQwwEQQIEE4B6fCGV+ECAggA
+AgEFMBoGCCqGSIb3DQMCMA4CAgCgBAgEbKm9AhH8KgSCBMhfarJG3ur5WGGeeRIn
+M31j4IfUqpBGofJzVT0HPSX0qMUCvfIGA9YLdKZKdM3r8KfF5uSSe9vdQwOZwTtg
+AsCgJu76cC/iRCbAZX0gJcVE29KjLfXKl92Jumuysjmd+Le38Pc38/T+gwTeNyyg
+aW/ABB75yqxQUbrBv1kE389jNctQqDfga/oW2LQu05EAxup5aRD1B4KNP+7vCok+
++kzDGRMkZmjalhnvPZUytX0W7MWNigVsg86krQUSGWrb6xPYUmSsYG40RCpPJtie
+0hWTuSHecI7ZP3H3UtUw6jOYvOXzJAmImp5HhGpUNhIyMNi1xJRd5KoKKWLcsChC
+OkLkf7nxPVBFShhwq7jRoPKnv3r0qDutB29iDZmD1V13pQ08gNsEX9sNwgEWMVQZ
+RGQSE3Ff1LmXcpaC0TcxRmoAvEZFsNfmsIC8E+InNfY2QcgGytes8t5FzHdR4ZdG
+G+fWMwSKzC07XestYJq1ung2hG+j4VmH4+yD3KY1iNg8veWmYC45yCp/IU/nBwf+
+AIE0UtitgeWG7GIzVZNasnb2gc/FAOb/6QeSt2l3gS1pzgHXO6iUIOylGLM/eWAa
+/jIaDI//bBOIhEaNNI3xAa04Jk/Lo0slTIUiXJpv2qefWbO2LtHlTel0FQlRWH5k
+rYFohxXeQ0TnZqNsVPdresFbxqsvGvp57gGpAFkUPfdyzhDMwEArTB5QuvuHSq0W
+lYYhAVIMBa/HgI93YuEqsLEM5wp+7NapZGJDUn0y93qn2med4a5xRUeBOVPelJUj
+aexagd9OF5YvT4+ZU2fDA1qaDUtH9ECDqqpaSRQlN6RBnsWCkd/rxOx4aV7w7kep
+8Ie5NtO6ANPkIFFA6q/RuH73MeAnQzABmSHYLYzDe56eGLPwutKeJqx4mp/7lvCZ
+IZQf2qOl8+onLmscESKwzzDN0O4zL6vgNyG+h6quP17LLTBzWijR03JPcC1uhl0q
+Bt8QZYTaD7hEJYB1LNiTG4x4N24/fvch19BiGXnMRomHHgQ4V5Exe3OKsV2UfRYw
+ZbG6ncMUTiWAEhbvpPgVWmvjkZdcyK1EhhED0j6NcOLhDc/BJRLPoczNWY+JYiol
+LbML/dj5MXkNBNOAAF5F9SL72XN+25Ylkxc64axoaOC8HjKIJqd0Kw1LKJ/YPxWJ
+ZxKV7J3jBDqlaGdtnrcWOhkEUw5mLewlOiabDBzYq+2A0PjdC54wzql5dhJ/vJFL
+FM4BxF7y9t811D35A/A8tVsviE27zfz/Re6wKteSaoadWmU5xBFHSO/I6b15GKw/
+/qQg2EdFJ0zx4C/+ZOJJzLpMyZAdOVdV8ZKXx6i0QaiAspdpK+xyuLt0YQiqlmp5
+VCVlmxEQEyoIGM3ec1f4Wrvg0dmaaahyRwxwWpojbe6HqO+QDmfdjX6tNhCL62xO
+J/f2N2suY4PnQAr2o1fKH/n9Tx7OYJp7tXr29/oQRGFcFb1SC+8ucrHROB1rdoMm
+5VQZU7Pzx6ixp/eoRGF4o/sXPrJ2MHzQ7Pr0X4Tz/vYxtA3NITPn+ARZMNxkBnkn
+c0rRtxepYJeNDWAP1dvpWDn3PfMKGDKNLAp69T3QVaI8xIPzx5xgQRT+HMtfqGjP
+km5ELjRjyzzarVI=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.der
new file mode 100644
index 0000000..14de077
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.pem
new file mode 100644
index 0000000..5c43ce2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v2_rsa_rc2_64.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFFjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIEK45YkGUmvECAggA
+AgEIMBkGCCqGSIb3DQMCMA0CAXgECPuUIT3jxRz3BIIEyNfj2MRyn+4lRb4k+M/h
+IAEefhbiYMZ3P2vRDX1zFe6zHqBpRxTD+vskLXG1YScwt6TQMpXxMqlgarwk9wXE
+L/RrpxJrXJ9X4UJoVM47Q/D0an8xkEF7L6YzFKgfngzqI36A8EqSO3MT4+UIHcCr
+LGoUev14l9FXhVar2sW2eeK/LSd2MgqbeMK8iLeWvSWRZYL95ji6PWnWO10Ggojp
+f2ttHty9FsvNigzE2qZutYG3zPL94i/Xz/v6qH278fCX0PHnGWCAsOqg2h648vhd
+tbUcBB+tC4dKiYVwcmprrzJVPEWQuXIPmWMZa+s0RgM7jqI0vkrkLHbgGxLxRvFM
+n4xxQRs+rNcw57sm/LeoNyosqbWEic8RqLV2sDp+e/A+Te/n7JwOuhYHhmeSVyds
+yF1V8k1ObAg4hsYyhwcZL+7X6af4miG3DVVPC8eR2UWOYLvML0LbvWegp/WyNwkh
+rOd+IXR0qWKGmmEpJQPrsTLH8x6ueNgtqKP1jQvRLVS91Y80nmnzHNyOx6z1pR9v
+GZ8dRAPUd+/fygLv8zpBUOt0yf6ZT0TKWg5C3wP81mfe311QkPm2+3AMF9v/QCYk
+hLvAgFFvuzIqzrIVXofBgzABFssUIeG1OmPdn13NFGFeW7QXIktt8hqt++dyBMV3
+ZkOZhVkK85c/sxPYOh+Q6N20xq22DZ/O5/UAVsBMY0NtUgUsJ7qjaSsy5gnhO5mu
+oEl9IgSOMnl+I+wLmgXn84nMmsjJBOX+VOBviArCEEPlY6Vf/vppFE6Fx4wlmNl2
+nuDf+Oe9drcw9JO97Axiu4JzLhTaGITWcuBQnIvmDi22P35DIqUvi20iif3el8eb
+AwtmNz4pyU8W7EiSn5kQPuP36PxnPSLuCvAZAcYrkxu6aCQIMpD4m/CH8UbCLHGZ
+0o2zX/eyYcLJLgNn+u41B0TFBDZ+Q4XovykjGdjl9vMP5i0tW8q5zAC2zdlusRQD
+s7nA9KNCOwOeZBpYrEOtZ0ALTudnKwNEfwr/h2oYdFv16H5RvefyEhn06nBZfxuT
+6xQO/+ayaGZLMcmwhfDkap/ubc8NNlolG8Hgy2QqRlooBM8cxq2KTQd1wgl6KLOR
+Ahj7ebU2+7Q3sqIvCwc7Y5SxclevRiAUbYuvxbKCAjW+iKml3G5rbTBuk4ocEVsM
+Kp6c+M1iCeyaKRja5y6QGYJpw/hB4K//rAvWmnLGYSsJEl2eKo33CvqwEAM70pg6
+o77K6Y6uMoJu5erR7siuybTGXa9tMGfhyQLQ4zQgsi0+YaAh//snDv8YtOOZHP5+
+wrVmfiVoMTj4eE3GeQsnQnYzkpIl4SGDnVRvxTFuMCgzJVLxWC9Yf/5U82bZUhjn
+MXwV16QDuHv9mYK33aDe5bjSwOTGSrLw9WisZLxokjcm/D6ippwADodlXEFb9mKo
+aOoqpeWJpOinMIyUGa89KH8gtdQ4YWvkiZdlugWFirE5/cTT9lR6KMTZxqILGgGC
+EI/jDj6p9pMY1FVUcU34CT//JxUdt7O9Fcy602RlfIxlB4jXMTOPAuwEWhrixk7s
+gwKnR09vcj+Jil0VPJ+Td5PPFnbCC+gKpFKyNIvHCMBKPaXV9hxRrZ9o5dZkRk2J
+iEMh5e/7Lh8dUg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa_result.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa_result.html b/3rdparty/not-yet-commons-ssl/samples/rsa_result.html
new file mode 100644
index 0000000..f5ceb97
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa_result.html
@@ -0,0 +1,38 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - Decrypting RSA Private Keys in Java</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+.nav span.hl a { color: white; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="../index.html">main</a> |
+<a href="../ssl.html">ssl</a> |
+<span class="hl"><a href="../pkcs8.html">pkcs8</a></span> |
+<a href="../pbe.html">pbe</a> |
+<a href="../rmi.html">rmi</a> |
+<a href="../utilities.html">utilities</a> |
+<a href="../source.html">source</a> |
+<a href="../javadocs/">javadocs</a> |
+<a href="../download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Decrypting RSA Private Keys in Java</h2>
+<p>Don't forget to install your JVM's <a href="http://java.sun.com/javase/downloads/">Unlimited Strength Jurisdiction Policy Files</a>
+if you want the AES-192 and AES-256 tests to pass.</p>
+<!--#include virtual="rsa.html" -->
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/certificate.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/certificate.der b/3rdparty/not-yet-commons-ssl/samples/x509/certificate.der
new file mode 100644
index 0000000..8fc0b96
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/x509/certificate.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/certificate.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/certificate.pem b/3rdparty/not-yet-commons-ssl/samples/x509/certificate.pem
new file mode 100644
index 0000000..0d710cd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/certificate.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:7f
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Nov 5 21:52:37 2006 GMT
+ Not After : Nov 5 21:52:37 2007 GMT
+ Subject: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_certificate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 70:2c:29:17:f6:55:3b:b0:f2:82:53:db:06:ac:01:8c:2c:40:
+ c2:59:30:58:78:af:17:d7:39:4b:87:f2:df:ed:cf:93:80:d5:
+ 05:ca:81:13:84:bc:d6:87:15:01:7e:45:f8:27:d9:3e:46:0a:
+ a5:92:0d:ce:71:25:b4:40:6b:17:16:e7:fd:d4:30:8c:9f:df:
+ 8a:f7:53:4f:91:e7:0d:ea:b7:06:03:f4:48:8b:6d:09:ea:cf:
+ 58:99:55:89:58:05:dc:8a:25:05:55:8d:19:65:87:f3:be:32:
+ b5:98:42:01:63:80:9b:25:ab:50:88:4b:e1:6d:09:7f:6a:27:
+ 7c:66:07:64:ac:a6:c1:d6:73:e6:05:30:4e:32:e9:7d:67:51:
+ 60:20:14:5e:b7:3c:71:c7:02:85:aa:57:16:66:56:3a:33:ce:
+ 85:ae:62:58:41:5c:66:88:ae:e6:3e:a7:7b:b2:e6:9c:7b:b9:
+ 29:2e:fb:0c:de:c4:73:5c:40:cf:a9:27:81:f1:f0:5a:a2:a5:
+ 71:0a:78:2c:77:1d:0c:88:fb:9e:49:8c:38:27:49:83:b5:14:
+ 53:4f:df:74:0b:18:02:15:e6:f2:d2:67:a6:f4:4b:19:ec:23:
+ 01:04:52:5b:43:8e:0d:8e:37:c6:a1:9a:21:f4:b5:ca:c6:21:
+ 4f:31:8b:54
+-----BEGIN CERTIFICATE-----
+MIIEQDCCAyigAwIBAgIJAIz+EYMBU6Z/MA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTEwNTIxNTIzN1oXDTA3MTEwNTIxNTIzN1owgZ4x
+CzAJBgNVBAYTAkNBMQswCQYDVQQIEwJCQzESMBAGA1UEBxMJVmFuY291dmVyMRYw
+FAYDVQQKEw13d3cuY3VjYmMuY29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEZMBcG
+A1UEAxQQZGVtb19jZXJ0aWZpY2F0ZTElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhj
+r5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho4O84
+X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA/Ztr
+lUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hNKXAb
+2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnGd87x
+QU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxpTKqy
+m93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
+HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8Ud78/
+OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNSyoemDT4N
+MA0GCSqGSIb3DQEBBQUAA4IBAQBwLCkX9lU7sPKCU9sGrAGMLEDCWTBYeK8X1zlL
+h/Lf7c+TgNUFyoEThLzWhxUBfkX4J9k+Rgqlkg3OcSW0QGsXFuf91DCMn9+K91NP
+kecN6rcGA/RIi20J6s9YmVWJWAXciiUFVY0ZZYfzvjK1mEIBY4CbJatQiEvhbQl/
+aid8ZgdkrKbB1nPmBTBOMul9Z1FgIBRetzxxxwKFqlcWZlY6M86FrmJYQVxmiK7m
+Pqd7suace7kpLvsM3sRzXEDPqSeB8fBaoqVxCngsdx0MiPueSYw4J0mDtRRTT990
+CxgCFeby0mem9EsZ7CMBBFJbQ44NjjfGoZoh9LXKxiFPMYtU
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/certificate_chain.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/certificate_chain.pem b/3rdparty/not-yet-commons-ssl/samples/x509/certificate_chain.pem
new file mode 100644
index 0000000..cb52090
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/certificate_chain.pem
@@ -0,0 +1,79 @@
+-----BEGIN CERTIFICATE-----
+MIIEQDCCAyigAwIBAgIJAIz+EYMBU6Z/MA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTEwNTIxNTIzN1oXDTA3MTEwNTIxNTIzN1owgZ4x
+CzAJBgNVBAYTAkNBMQswCQYDVQQIEwJCQzESMBAGA1UEBxMJVmFuY291dmVyMRYw
+FAYDVQQKEw13d3cuY3VjYmMuY29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEZMBcG
+A1UEAxQQZGVtb19jZXJ0aWZpY2F0ZTElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhj
+r5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho4O84
+X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA/Ztr
+lUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hNKXAb
+2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnGd87x
+QU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxpTKqy
+m93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
+HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8Ud78/
+OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNSyoemDT4N
+MA0GCSqGSIb3DQEBBQUAA4IBAQBwLCkX9lU7sPKCU9sGrAGMLEDCWTBYeK8X1zlL
+h/Lf7c+TgNUFyoEThLzWhxUBfkX4J9k+Rgqlkg3OcSW0QGsXFuf91DCMn9+K91NP
+kecN6rcGA/RIi20J6s9YmVWJWAXciiUFVY0ZZYfzvjK1mEIBY4CbJatQiEvhbQl/
+aid8ZgdkrKbB1nPmBTBOMul9Z1FgIBRetzxxxwKFqlcWZlY6M86FrmJYQVxmiK7m
+Pqd7suace7kpLvsM3sRzXEDPqSeB8fBaoqVxCngsdx0MiPueSYw4J0mDtRRTT990
+CxgCFeby0mem9EsZ7CMBBFJbQ44NjjfGoZoh9LXKxiFPMYtU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIJAJTNwZ6yNa5cMA0GCSqGSIb3DQEBBQUAMIGGMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxFjAUBgNVBAoTDXd3dy5jdWNiYy5jb20xFDAS
+BgNVBAsUC2NvbW1vbnNfc3NsMRUwEwYDVQQDFAxkZW1vX3Jvb3RfY2ExJTAjBgkq
+hkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDYxMTA1MjE0OTMx
+WhcNMDcxMTA1MjE0OTMxWjCBojELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIw
+EAYDVQQHEwlWYW5jb3V2ZXIxFjAUBgNVBAoTDXd3dy5jdWNiYy5jb20xFDASBgNV
+BAsUC2NvbW1vbnNfc3NsMR0wGwYDVQQDFBRkZW1vX2ludGVybWVkaWF0ZV9jYTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL0S4y3vUO0EM6lwqOEfK8fvrUprIbsikXaG
+XzejcZ+T3l2Dc7t8WtBfRf78i4JypMqJQSijrUicj3H6mOMIReKaXm6ls4hA5d8w
+Lhmgiqsz/kW+gA8SeWGWRN683BD/RbQmzOls6ynBvap9jZlthXWBrSIlPCQoBLXY
+KVaxGzbL4ezaq+XFMKMQSm2uKwVmHHQNbfmZlPsuendBVomb/ked53Ab9IH6dwwN
+qJH9WIrvIzIVEXWlpvQ5MCqozM7u1akU+G8cazr8theGPCaYkzoXnigWua4OjdpV
+9z5ZDknhfBzG1AjapdG07FIirwWWgIyZXqZSD96ikmLtwT29qnsCAwEAAaOB7jCB
+6zAdBgNVHQ4EFgQUe5raj5CZTlLSrNuzA1LKh6YNPg0wgbsGA1UdIwSBszCBsIAU
+rN8eFIvMiRFXXgDqKumS0/W2AhOhgYykgYkwgYYxCzAJBgNVBAYTAkNBMQswCQYD
+VQQIEwJCQzEWMBQGA1UEChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9u
+c19zc2wxFTATBgNVBAMUDGRlbW9fcm9vdF9jYTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbYIJAJTNwZ6yNa5bMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAIB4KMZvHD20pdKajFtMBpL7X4W4soq6EeTtjml3NYa9
+Qc52bsQEGNccKY9afYSBIndaQvFdtmz6HdoN+B8TjYShw2KhyjtKimGLpWYoi1YF
+e4aHdmA/Gp5xk8pZzR18FmooxC9RqBux+NAM2iTFSLgDtGIIj4sg2rbn6Bb6ZlQT
+1rg6VucXCA1629lNfMeNcu7CBNmUKIdaxHR/YJQallE0KfGRiOIWPrPj/VNk0YA6
+XFg0ocjqXJ2/N0N9rWVshMUaXgOh7m4D/5zga5/nuxDU+PoToA6mQ4bV6eCYqZbh
+aa1kQYtR9B4ZiG6pB82qVc2dCqStOH2FAEWos2gAVkQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIJAJTNwZ6yNa5bMA0GCSqGSIb3DQEBBQUAMIGGMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxFjAUBgNVBAoTDXd3dy5jdWNiYy5jb20xFDAS
+BgNVBAsUC2NvbW1vbnNfc3NsMRUwEwYDVQQDFAxkZW1vX3Jvb3RfY2ExJTAjBgkq
+hkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDYxMTA1MjEzNjQz
+WhcNMjYxMTA1MjEzNjQzWjCBhjELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRYw
+FAYDVQQKEw13d3cuY3VjYmMuY29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEVMBMG
+A1UEAxQMZGVtb19yb290X2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZpZXNA
+Z21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+OnocmJ
+79UeO2hlCwK+Cle5uZWnU6uwJl+08z5cvebb5tT64WL9+psDbfgUH/Gm9JsuxKTg
+w1tZO/4duIgnaLNSx4HoqaTjwigd/hR3TsoGEPXTCkz1ikgTCOEDvl+iMid6aOrd
+mViE8HhscxKZ+h5FE7oHZyuT6gFoiaIXhFq+xK2w4ZwDz9L+paiwqywyUJJMnh9U
+jKorY+nua81N0oxpIhHPspCanDU4neMzCzYOZyLR/LqV5xORvHcFY84GWMz5hI25
+JbgaWJsYKuCAvNsnQwVoqKPGa7x1fn7x6oGsXJaCVt8weUwIj2xwg1lxMhrNaisH
+EvKpEAEnGGwWKQIDAQABo4HuMIHrMB0GA1UdDgQWBBSs3x4Ui8yJEVdeAOoq6ZLT
+9bYCEzCBuwYDVR0jBIGzMIGwgBSs3x4Ui8yJEVdeAOoq6ZLT9bYCE6GBjKSBiTCB
+hjELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRYwFAYDVQQKEw13d3cuY3VjYmMu
+Y29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEVMBMGA1UEAxQMZGVtb19yb290X2Nh
+MSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZpZXNAZ21haWwuY29tggkAlM3BnrI1
+rlswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAlPl3/8h1LttR1svC
+S8RXbHpAWIT2BEDhGHUNjSmgDQNkE/itf/FCEXh0tlU4bYdtBSOHzflbnzOyIPId
+VZeSWs33V38xDFy6KoVg1gT8JxkLmE5S1vWkpsHIlpw/U6r7KD0Kx9FYx5AiXjw0
+lzz/zlVNuO2U09KIDwDPVG1mBzQiMiSWj1U1pM4KxINkWQwDy/fvu/I983s8lW5z
+hf2WuFNzQN3fcMK5dpBE9NVIu27oYuGYh2sak34v+7T700W2ooBB71qFXtm9P5rl
+Yp9RCEsg3KEEPNTtCBs8fROeXvLDrP0cmBIqwGYDuRNCxFDTOdjv6YGdA8nLOjaH
+2dDk0g==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.der b/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.der
new file mode 100644
index 0000000..02f710c
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.pem b/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.pem
new file mode 100644
index 0000000..5811d8e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/certificate_root_ca.pem
@@ -0,0 +1,87 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 94:cd:c1:9e:b2:35:ae:5b
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=www.cucbc.com, OU=commons_ssl, CN=demo_root_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Nov 5 21:36:43 2006 GMT
+ Not After : Nov 5 21:36:43 2026 GMT
+ Subject: C=CA, ST=BC, O=www.cucbc.com, OU=commons_ssl, CN=demo_root_ca/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:bf:e3:a7:a1:c9:89:ef:d5:1e:3b:68:65:0b:02:
+ be:0a:57:b9:b9:95:a7:53:ab:b0:26:5f:b4:f3:3e:
+ 5c:bd:e6:db:e6:d4:fa:e1:62:fd:fa:9b:03:6d:f8:
+ 14:1f:f1:a6:f4:9b:2e:c4:a4:e0:c3:5b:59:3b:fe:
+ 1d:b8:88:27:68:b3:52:c7:81:e8:a9:a4:e3:c2:28:
+ 1d:fe:14:77:4e:ca:06:10:f5:d3:0a:4c:f5:8a:48:
+ 13:08:e1:03:be:5f:a2:32:27:7a:68:ea:dd:99:58:
+ 84:f0:78:6c:73:12:99:fa:1e:45:13:ba:07:67:2b:
+ 93:ea:01:68:89:a2:17:84:5a:be:c4:ad:b0:e1:9c:
+ 03:cf:d2:fe:a5:a8:b0:ab:2c:32:50:92:4c:9e:1f:
+ 54:8c:aa:2b:63:e9:ee:6b:cd:4d:d2:8c:69:22:11:
+ cf:b2:90:9a:9c:35:38:9d:e3:33:0b:36:0e:67:22:
+ d1:fc:ba:95:e7:13:91:bc:77:05:63:ce:06:58:cc:
+ f9:84:8d:b9:25:b8:1a:58:9b:18:2a:e0:80:bc:db:
+ 27:43:05:68:a8:a3:c6:6b:bc:75:7e:7e:f1:ea:81:
+ ac:5c:96:82:56:df:30:79:4c:08:8f:6c:70:83:59:
+ 71:32:1a:cd:6a:2b:07:12:f2:a9:10:01:27:18:6c:
+ 16:29
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ AC:DF:1E:14:8B:CC:89:11:57:5E:00:EA:2A:E9:92:D3:F5:B6:02:13
+ X509v3 Authority Key Identifier:
+ keyid:AC:DF:1E:14:8B:CC:89:11:57:5E:00:EA:2A:E9:92:D3:F5:B6:02:13
+ DirName:/C=CA/ST=BC/O=www.cucbc.com/OU=commons_ssl/CN=demo_root_ca/emailAddress=juliusdavies@gmail.com
+ serial:94:CD:C1:9E:B2:35:AE:5B
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 94:f9:77:ff:c8:75:2e:db:51:d6:cb:c2:4b:c4:57:6c:7a:40:
+ 58:84:f6:04:40:e1:18:75:0d:8d:29:a0:0d:03:64:13:f8:ad:
+ 7f:f1:42:11:78:74:b6:55:38:6d:87:6d:05:23:87:cd:f9:5b:
+ 9f:33:b2:20:f2:1d:55:97:92:5a:cd:f7:57:7f:31:0c:5c:ba:
+ 2a:85:60:d6:04:fc:27:19:0b:98:4e:52:d6:f5:a4:a6:c1:c8:
+ 96:9c:3f:53:aa:fb:28:3d:0a:c7:d1:58:c7:90:22:5e:3c:34:
+ 97:3c:ff:ce:55:4d:b8:ed:94:d3:d2:88:0f:00:cf:54:6d:66:
+ 07:34:22:32:24:96:8f:55:35:a4:ce:0a:c4:83:64:59:0c:03:
+ cb:f7:ef:bb:f2:3d:f3:7b:3c:95:6e:73:85:fd:96:b8:53:73:
+ 40:dd:df:70:c2:b9:76:90:44:f4:d5:48:bb:6e:e8:62:e1:98:
+ 87:6b:1a:93:7e:2f:fb:b4:fb:d3:45:b6:a2:80:41:ef:5a:85:
+ 5e:d9:bd:3f:9a:e5:62:9f:51:08:4b:20:dc:a1:04:3c:d4:ed:
+ 08:1b:3c:7d:13:9e:5e:f2:c3:ac:fd:1c:98:12:2a:c0:66:03:
+ b9:13:42:c4:50:d3:39:d8:ef:e9:81:9d:03:c9:cb:3a:36:87:
+ d9:d0:e4:d2
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIJAJTNwZ6yNa5bMA0GCSqGSIb3DQEBBQUAMIGGMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxFjAUBgNVBAoTDXd3dy5jdWNiYy5jb20xFDAS
+BgNVBAsUC2NvbW1vbnNfc3NsMRUwEwYDVQQDFAxkZW1vX3Jvb3RfY2ExJTAjBgkq
+hkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDYxMTA1MjEzNjQz
+WhcNMjYxMTA1MjEzNjQzWjCBhjELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRYw
+FAYDVQQKEw13d3cuY3VjYmMuY29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEVMBMG
+A1UEAxQMZGVtb19yb290X2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZpZXNA
+Z21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+OnocmJ
+79UeO2hlCwK+Cle5uZWnU6uwJl+08z5cvebb5tT64WL9+psDbfgUH/Gm9JsuxKTg
+w1tZO/4duIgnaLNSx4HoqaTjwigd/hR3TsoGEPXTCkz1ikgTCOEDvl+iMid6aOrd
+mViE8HhscxKZ+h5FE7oHZyuT6gFoiaIXhFq+xK2w4ZwDz9L+paiwqywyUJJMnh9U
+jKorY+nua81N0oxpIhHPspCanDU4neMzCzYOZyLR/LqV5xORvHcFY84GWMz5hI25
+JbgaWJsYKuCAvNsnQwVoqKPGa7x1fn7x6oGsXJaCVt8weUwIj2xwg1lxMhrNaisH
+EvKpEAEnGGwWKQIDAQABo4HuMIHrMB0GA1UdDgQWBBSs3x4Ui8yJEVdeAOoq6ZLT
+9bYCEzCBuwYDVR0jBIGzMIGwgBSs3x4Ui8yJEVdeAOoq6ZLT9bYCE6GBjKSBiTCB
+hjELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRYwFAYDVQQKEw13d3cuY3VjYmMu
+Y29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEVMBMGA1UEAxQMZGVtb19yb290X2Nh
+MSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZpZXNAZ21haWwuY29tggkAlM3BnrI1
+rlswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAlPl3/8h1LttR1svC
+S8RXbHpAWIT2BEDhGHUNjSmgDQNkE/itf/FCEXh0tlU4bYdtBSOHzflbnzOyIPId
+VZeSWs33V38xDFy6KoVg1gT8JxkLmE5S1vWkpsHIlpw/U6r7KD0Kx9FYx5AiXjw0
+lzz/zlVNuO2U09KIDwDPVG1mBzQiMiSWj1U1pM4KxINkWQwDy/fvu/I983s8lW5z
+hf2WuFNzQN3fcMK5dpBE9NVIu27oYuGYh2sak34v+7T700W2ooBB71qFXtm9P5rl
+Yp9RCEsg3KEEPNTtCBs8fROeXvLDrP0cmBIqwGYDuRNCxFDTOdjv6YGdA8nLOjaH
+2dDk0g==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/oscp.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/oscp.pem b/3rdparty/not-yet-commons-ssl/samples/x509/oscp.pem
new file mode 100644
index 0000000..2f5177a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/oscp.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAwagAwIBAgIDPoz6MA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
+QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
+BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
+aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
+MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wNDA4
+MjcwOTEzMjNaFw0wNjA5MTcxNDQ4MjlaMIG/MQswCQYDVQQGEwJDQTEZMBcGA1UE
+CBMQQnJpdGlzaCBDb2x1bWJpYTESMBAGA1UEBxMJVmFuY291dmVyMSwwKgYDVQQK
+EyNWYW5jb3V2ZXIgQ2l0eSBTYXZpbmdzIENyZWRpdCBVbmlvbjEUMBIGA1UECxML
+V2ViIEhvc3RpbmcxGDAWBgNVBAMTD3d3dy52YW5jaXR5LmNvbTEjMCEGCSqGSIb3
+DQEJARYUaG9zdG1hc3RlckBjdWNiYy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBALtc21pS+6njj9KkWcrRQt5Yva75YNE8o2aQQTA4aDi8WO1nLkC0qSWw
+V/0wO8K0gIe1WV/RluAKNU7oOmz8DGMRDF+CS5zFLKgKQJ3CxYwaWNKISAWrRkQu
+lp+oAm5EPqAaxtPTE4Fghv1EnZkA4g12g6PxYkAa2KeT80/8M8aBAgMBAAGjgZ8w
+gZwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDkGA1UdHwQyMDAwLqAs
+oCqGKGh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVTZXJ2ZXJDQS5jcmwwMgYI
+KwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29t
+MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAiOi2YuiopBCQpCM6kJkp
+Tu251MgDkn82qx33rxYeZKuv68qvJfucfbiQgqrjVsp1X0Vuv0Uu3vpLs44Gq5Na
+05dDmmAzk3BRrOikMjOhZV4F/+e/NoUTjgi0QSWCavEZvEcW2Ids4xrRS1290TUS
+Fou+stRrYkGIyc3OUG4hZHY=
+-----END CERTIFICATE-----
\ No newline at end of file
[42/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
Initially import Haox codebase (https://github.com/drankye/haox)
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/23c1fd12
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/23c1fd12
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/23c1fd12
Branch: refs/heads/master
Commit: 23c1fd120d770c01b7513849c69badfff8eca8fd
Parents: c4dc328
Author: drankye <dr...@gmail.com>
Authored: Sun Jan 11 05:26:46 2015 +0800
Committer: drankye <dr...@gmail.com>
Committed: Sun Jan 11 05:26:46 2015 +0800
----------------------------------------------------------------------
.gitignore | 12 +
3rdparty/not-yet-commons-ssl/LICENSE.txt | 176 +++
3rdparty/not-yet-commons-ssl/NOTICE.txt | 10 +
3rdparty/not-yet-commons-ssl/README.txt | 9 +
3rdparty/not-yet-commons-ssl/build.xml | 166 +++
3rdparty/not-yet-commons-ssl/docs/.htaccess | 3 +
3rdparty/not-yet-commons-ssl/docs/404.html | 55 +
.../not-yet-commons-ssl/docs/TrustExample.java | 114 ++
.../docs/TrustExample.java.html | 131 ++
3rdparty/not-yet-commons-ssl/docs/about.html | 73 ++
3rdparty/not-yet-commons-ssl/docs/download.html | 263 ++++
3rdparty/not-yet-commons-ssl/docs/index.html | 119 ++
.../docs/openssl/compare.txt | 28 +
.../docs/openssl/profile.3.10 | 72 ++
.../docs/openssl/profile.3.9 | 72 ++
3rdparty/not-yet-commons-ssl/docs/pbe.html | 204 ++++
3rdparty/not-yet-commons-ssl/docs/ping.html | 93 ++
3rdparty/not-yet-commons-ssl/docs/pkcs8.html | 156 +++
3rdparty/not-yet-commons-ssl/docs/rmi.html | 102 ++
3rdparty/not-yet-commons-ssl/docs/roadmap.html | 86 ++
3rdparty/not-yet-commons-ssl/docs/source.html | 38 +
3rdparty/not-yet-commons-ssl/docs/ssl.html | 106 ++
3rdparty/not-yet-commons-ssl/docs/tree.html | 1137 ++++++++++++++++++
.../not-yet-commons-ssl/docs/utilities.html | 91 ++
.../not-yet-commons-ssl-0.3.16.jar | Bin 0 -> 273191 bytes
3rdparty/not-yet-commons-ssl/pom.xml | 80 ++
.../not-yet-commons-ssl/samples/PASSWORD.txt | 3 +
3rdparty/not-yet-commons-ssl/samples/README.txt | 3 +
3rdparty/not-yet-commons-ssl/samples/ca/CA.sh | 76 ++
.../not-yet-commons-ssl/samples/ca/clean.sh | 6 +
.../samples/ca/dsa-intermediate/cacert.pem | 137 +++
.../samples/ca/dsa-intermediate/dsa.params | 34 +
.../ca/dsa-intermediate/private/cakey.pem | 20 +
.../not-yet-commons-ssl/samples/ca/openssl.cnf | 313 +++++
.../samples/ca/root/cacert.pem | 85 ++
.../samples/ca/root/private/cakey.pem | 27 +
.../samples/ca/rsa-intermediate/cacert.pem | 86 ++
.../ca/rsa-intermediate/private/cakey.pem | 27 +
3rdparty/not-yet-commons-ssl/samples/ca/rsa.key | 27 +
.../samples/ca/test-dsa-cert.pem | 67 ++
.../samples/ca/test-dsa-chain.pem | 289 +++++
.../samples/ca/test-rsa-cert.pem | 83 ++
.../samples/ca/test-rsa-chain.pem | 254 ++++
...erts-with-78-entries-and-one-private-key.jks | Bin 0 -> 84754 bytes
.../samples/cacerts-with-78-entries.jks | Bin 0 -> 82586 bytes
.../samples/createPBESamples.sh | 106 ++
3rdparty/not-yet-commons-ssl/samples/dsa.html | 115 ++
.../samples/dsa/openssl_dsa_aes128_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_aes128_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_aes128_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_aes128_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_aes192_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_aes192_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_aes192_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_aes192_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_aes256_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_aes256_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_aes256_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_aes256_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_blowfish_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_blowfish_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_blowfish_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_blowfish_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_des1_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_des1_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_des1_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_des1_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_des2_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_des2_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_des2_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_des2_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_des3_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_des3_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_des3_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_des3_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_rc2_128_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_rc2_128_cfb.pem | 23 +
.../samples/dsa/openssl_dsa_rc2_128_ecb.pem | 23 +
.../samples/dsa/openssl_dsa_rc2_128_ofb.pem | 23 +
.../samples/dsa/openssl_dsa_rc2_40_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_rc2_64_cbc.pem | 23 +
.../samples/dsa/openssl_dsa_unencrypted.der | Bin 0 -> 834 bytes
.../samples/dsa/openssl_dsa_unencrypted.pem | 20 +
.../samples/dsa/pkcs8_dsa_unencrypted.der | Bin 0 -> 593 bytes
.../samples/dsa/pkcs8_dsa_unencrypted.pem | 15 +
.../samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der | Bin 0 -> 637 bytes
.../samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der | Bin 0 -> 637 bytes
.../samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der | Bin 0 -> 637 bytes
.../samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der | Bin 0 -> 637 bytes
.../samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der | Bin 0 -> 637 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der | Bin 0 -> 638 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der | Bin 0 -> 638 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem | 16 +
.../dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der | Bin 0 -> 638 bytes
.../dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der | Bin 0 -> 638 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der | Bin 0 -> 637 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der | Bin 0 -> 631 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem | 16 +
.../samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der | Bin 0 -> 631 bytes
.../samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem | 16 +
.../samples/dsa/pkcs8v2_dsa_aes128_cbc.der | Bin 0 -> 691 bytes
.../samples/dsa/pkcs8v2_dsa_aes128_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes128_cfb.der | Bin 0 -> 676 bytes
.../samples/dsa/pkcs8v2_dsa_aes128_cfb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes128_ecb.der | Bin 0 -> 691 bytes
.../samples/dsa/pkcs8v2_dsa_aes128_ecb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes128_ofb.der | Bin 0 -> 676 bytes
.../samples/dsa/pkcs8v2_dsa_aes128_ofb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes192_cbc.der | Bin 0 -> 691 bytes
.../samples/dsa/pkcs8v2_dsa_aes192_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes192_cfb.der | Bin 0 -> 676 bytes
.../samples/dsa/pkcs8v2_dsa_aes192_cfb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes192_ecb.der | Bin 0 -> 691 bytes
.../samples/dsa/pkcs8v2_dsa_aes192_ecb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes192_ofb.der | Bin 0 -> 676 bytes
.../samples/dsa/pkcs8v2_dsa_aes192_ofb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes256_cbc.der | Bin 0 -> 691 bytes
.../samples/dsa/pkcs8v2_dsa_aes256_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes256_cfb.der | Bin 0 -> 676 bytes
.../samples/dsa/pkcs8v2_dsa_aes256_cfb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes256_ecb.der | Bin 0 -> 691 bytes
.../samples/dsa/pkcs8v2_dsa_aes256_ecb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_aes256_ofb.der | Bin 0 -> 676 bytes
.../samples/dsa/pkcs8v2_dsa_aes256_ofb.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_blowfish_cbc.der | Bin 0 -> 675 bytes
.../samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_des1_cbc.der | Bin 0 -> 671 bytes
.../samples/dsa/pkcs8v2_dsa_des1_cbc.pem | 16 +
.../samples/dsa/pkcs8v2_dsa_des1_cfb.der | Bin 0 -> 664 bytes
.../samples/dsa/pkcs8v2_dsa_des1_cfb.pem | 16 +
.../samples/dsa/pkcs8v2_dsa_des1_ecb.der | Bin 0 -> 671 bytes
.../samples/dsa/pkcs8v2_dsa_des1_ecb.pem | 16 +
.../samples/dsa/pkcs8v2_dsa_des1_ofb.der | Bin 0 -> 664 bytes
.../samples/dsa/pkcs8v2_dsa_des1_ofb.pem | 16 +
.../dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der | Bin 0 -> 671 bytes
.../dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem | 16 +
.../samples/dsa/pkcs8v2_dsa_des3_cbc.der | Bin 0 -> 674 bytes
.../samples/dsa/pkcs8v2_dsa_des3_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der | Bin 0 -> 682 bytes
.../samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der | Bin 0 -> 683 bytes
.../samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem | 17 +
.../samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der | Bin 0 -> 682 bytes
.../samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem | 17 +
.../not-yet-commons-ssl/samples/dsa_result.html | 38 +
.../samples/keystores/BC.BKS.ks | Bin 0 -> 2204 bytes
.../samples/keystores/BC.PKCS12-3DES-3DES.ks | Bin 0 -> 2588 bytes
.../keystores/BC.PKCS12-DEF-3DES-3DES.ks | Bin 0 -> 2596 bytes
.../samples/keystores/BC.PKCS12-DEF.ks | Bin 0 -> 2580 bytes
.../samples/keystores/BC.PKCS12.ks | Bin 0 -> 2658 bytes
.../samples/keystores/BC.UBER.ks | Bin 0 -> 2208 bytes
.../samples/keystores/README.txt | 8 +
.../samples/keystores/Sun.2pass.jks.ks | Bin 0 -> 2214 bytes
.../samples/keystores/Sun.jks.ks | Bin 0 -> 2200 bytes
.../samples/keystores/SunJCE.jceks.ks | Bin 0 -> 2182 bytes
.../samples/keystores/chain-rsa_dsa_rsa.ks | Bin 0 -> 5058 bytes
.../samples/keystores/chain-rsa_dsa_rsa.pem | 289 +++++
.../keystores/chain-rsa_dsa_rsa.pkcs12.der | Bin 0 -> 5373 bytes
.../keystores/chain-rsa_dsa_rsa.pkcs12.pem | 112 ++
.../samples/keystores/chain-rsa_rsa_rsa.ks | Bin 0 -> 4740 bytes
.../samples/keystores/chain-rsa_rsa_rsa.pem | 254 ++++
.../keystores/chain-rsa_rsa_rsa.pkcs12.der | Bin 0 -> 5061 bytes
.../keystores/chain-rsa_rsa_rsa.pkcs12.pem | 105 ++
.../samples/keystores/generate.sh | 63 +
.../samples/keystores/rsa.key | 30 +
3rdparty/not-yet-commons-ssl/samples/pbe.tests | 45 +
.../not-yet-commons-ssl/samples/pbe/README.txt | 36 +
.../samples/pbe/java/aes-128-cbc.base64 | 1 +
.../samples/pbe/java/aes-128-cbc.raw | 1 +
.../samples/pbe/java/aes-128-cfb.base64 | 1 +
.../samples/pbe/java/aes-128-cfb.raw | 1 +
.../samples/pbe/java/aes-128-cfb8.base64 | 1 +
.../samples/pbe/java/aes-128-cfb8.raw | 1 +
.../samples/pbe/java/aes-128-ecb.base64 | 1 +
.../samples/pbe/java/aes-128-ecb.raw | 1 +
.../samples/pbe/java/aes-128-ofb.base64 | 1 +
.../samples/pbe/java/aes-128-ofb.raw | 1 +
.../samples/pbe/java/aes-128.base64 | 1 +
.../samples/pbe/java/aes-128.raw | 1 +
.../samples/pbe/java/aes-192-cbc.base64 | 1 +
.../samples/pbe/java/aes-192-cbc.raw | 1 +
.../samples/pbe/java/aes-192-cfb.base64 | 1 +
.../samples/pbe/java/aes-192-cfb.raw | 1 +
.../samples/pbe/java/aes-192-cfb8.base64 | 1 +
.../samples/pbe/java/aes-192-cfb8.raw | 1 +
.../samples/pbe/java/aes-192-ecb.base64 | 1 +
.../samples/pbe/java/aes-192-ecb.raw | 2 +
.../samples/pbe/java/aes-192-ofb.base64 | 1 +
.../samples/pbe/java/aes-192-ofb.raw | 1 +
.../samples/pbe/java/aes-192.base64 | 1 +
.../samples/pbe/java/aes-192.raw | 1 +
.../samples/pbe/java/aes-256-cbc.base64 | 1 +
.../samples/pbe/java/aes-256-cbc.raw | 1 +
.../samples/pbe/java/aes-256-cfb.base64 | 1 +
.../samples/pbe/java/aes-256-cfb.raw | 1 +
.../samples/pbe/java/aes-256-cfb8.base64 | 1 +
.../samples/pbe/java/aes-256-cfb8.raw | 1 +
.../samples/pbe/java/aes-256-ecb.base64 | 1 +
.../samples/pbe/java/aes-256-ecb.raw | 1 +
.../samples/pbe/java/aes-256-ofb.base64 | 1 +
.../samples/pbe/java/aes-256-ofb.raw | 1 +
.../samples/pbe/java/aes-256.base64 | 1 +
.../samples/pbe/java/aes-256.raw | 1 +
.../samples/pbe/java/aes128-cbc.base64 | 1 +
.../samples/pbe/java/aes128-cbc.raw | 1 +
.../samples/pbe/java/aes128-cfb.base64 | 1 +
.../samples/pbe/java/aes128-cfb.raw | 1 +
.../samples/pbe/java/aes128-cfb8.base64 | 1 +
.../samples/pbe/java/aes128-cfb8.raw | 1 +
.../samples/pbe/java/aes128-ecb.base64 | 1 +
.../samples/pbe/java/aes128-ecb.raw | 1 +
.../samples/pbe/java/aes128-ofb.base64 | 1 +
.../samples/pbe/java/aes128-ofb.raw | 1 +
.../samples/pbe/java/aes128.base64 | 1 +
.../samples/pbe/java/aes128.raw | 1 +
.../samples/pbe/java/aes192-cbc.base64 | 1 +
.../samples/pbe/java/aes192-cbc.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/aes192-cfb.base64 | 1 +
.../samples/pbe/java/aes192-cfb.raw | 2 +
.../samples/pbe/java/aes192-cfb8.base64 | 1 +
.../samples/pbe/java/aes192-cfb8.raw | 1 +
.../samples/pbe/java/aes192-ecb.base64 | 1 +
.../samples/pbe/java/aes192-ecb.raw | 1 +
.../samples/pbe/java/aes192-ofb.base64 | 1 +
.../samples/pbe/java/aes192-ofb.raw | 1 +
.../samples/pbe/java/aes192.base64 | 1 +
.../samples/pbe/java/aes192.raw | 1 +
.../samples/pbe/java/aes256-cbc.base64 | 1 +
.../samples/pbe/java/aes256-cbc.raw | 1 +
.../samples/pbe/java/aes256-cfb.base64 | 1 +
.../samples/pbe/java/aes256-cfb.raw | 2 +
.../samples/pbe/java/aes256-cfb8.base64 | 1 +
.../samples/pbe/java/aes256-cfb8.raw | 1 +
.../samples/pbe/java/aes256-ecb.base64 | 1 +
.../samples/pbe/java/aes256-ecb.raw | 1 +
.../samples/pbe/java/aes256-ofb.base64 | 1 +
.../samples/pbe/java/aes256-ofb.raw | 1 +
.../samples/pbe/java/aes256.base64 | 1 +
.../samples/pbe/java/aes256.raw | 1 +
.../samples/pbe/java/bf-cbc.base64 | 1 +
.../samples/pbe/java/bf-cbc.raw | 1 +
.../samples/pbe/java/bf-cfb.base64 | 1 +
.../samples/pbe/java/bf-cfb.raw | 1 +
.../samples/pbe/java/bf-cfb8.base64 | 1 +
.../samples/pbe/java/bf-cfb8.raw | 1 +
.../samples/pbe/java/bf-ecb.base64 | 1 +
.../samples/pbe/java/bf-ecb.raw | 1 +
.../samples/pbe/java/bf-ofb.base64 | 1 +
.../samples/pbe/java/bf-ofb.raw | 1 +
.../samples/pbe/java/bf.base64 | 1 +
.../not-yet-commons-ssl/samples/pbe/java/bf.raw | 1 +
.../samples/pbe/java/blowfish-cbc.base64 | 1 +
.../samples/pbe/java/blowfish-cbc.raw | 1 +
.../samples/pbe/java/blowfish-cfb.base64 | 1 +
.../samples/pbe/java/blowfish-cfb.raw | 1 +
.../samples/pbe/java/blowfish-cfb8.base64 | 1 +
.../samples/pbe/java/blowfish-cfb8.raw | 1 +
.../samples/pbe/java/blowfish-ecb.base64 | 1 +
.../samples/pbe/java/blowfish-ecb.raw | 1 +
.../samples/pbe/java/blowfish-ofb.base64 | 1 +
.../samples/pbe/java/blowfish-ofb.raw | 2 +
.../samples/pbe/java/blowfish.base64 | 1 +
.../samples/pbe/java/blowfish.raw | 1 +
.../samples/pbe/java/camellia-128-cbc.base64 | 1 +
.../samples/pbe/java/camellia-128-cbc.raw | 1 +
.../samples/pbe/java/camellia-128-cfb.base64 | 1 +
.../samples/pbe/java/camellia-128-cfb.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/camellia-128-cfb8.base64 | 1 +
.../samples/pbe/java/camellia-128-cfb8.raw | 1 +
.../samples/pbe/java/camellia-128-ecb.base64 | 1 +
.../samples/pbe/java/camellia-128-ecb.raw | 1 +
.../samples/pbe/java/camellia-128-ofb.base64 | 1 +
.../samples/pbe/java/camellia-128-ofb.raw | 1 +
.../samples/pbe/java/camellia-128.base64 | 1 +
.../samples/pbe/java/camellia-128.raw | 1 +
.../samples/pbe/java/camellia-192-cbc.base64 | 1 +
.../samples/pbe/java/camellia-192-cbc.raw | 1 +
.../samples/pbe/java/camellia-192-cfb.base64 | 1 +
.../samples/pbe/java/camellia-192-cfb.raw | 2 +
.../samples/pbe/java/camellia-192-cfb8.base64 | 1 +
.../samples/pbe/java/camellia-192-cfb8.raw | 1 +
.../samples/pbe/java/camellia-192-ecb.base64 | 1 +
.../samples/pbe/java/camellia-192-ecb.raw | 1 +
.../samples/pbe/java/camellia-192-ofb.base64 | 1 +
.../samples/pbe/java/camellia-192-ofb.raw | 1 +
.../samples/pbe/java/camellia-192.base64 | 1 +
.../samples/pbe/java/camellia-192.raw | 1 +
.../samples/pbe/java/camellia-256-cbc.base64 | 1 +
.../samples/pbe/java/camellia-256-cbc.raw | 1 +
.../samples/pbe/java/camellia-256-cfb.base64 | 1 +
.../samples/pbe/java/camellia-256-cfb.raw | 1 +
.../samples/pbe/java/camellia-256-cfb8.base64 | 1 +
.../samples/pbe/java/camellia-256-cfb8.raw | 1 +
.../samples/pbe/java/camellia-256-ecb.base64 | 1 +
.../samples/pbe/java/camellia-256-ecb.raw | 1 +
.../samples/pbe/java/camellia-256-ofb.base64 | 1 +
.../samples/pbe/java/camellia-256-ofb.raw | 1 +
.../samples/pbe/java/camellia-256.base64 | 1 +
.../samples/pbe/java/camellia-256.raw | 1 +
.../samples/pbe/java/camellia128-cbc.base64 | 1 +
.../samples/pbe/java/camellia128-cbc.raw | 1 +
.../samples/pbe/java/camellia128-cfb.base64 | 1 +
.../samples/pbe/java/camellia128-cfb.raw | 1 +
.../samples/pbe/java/camellia128-cfb8.base64 | 1 +
.../samples/pbe/java/camellia128-cfb8.raw | 1 +
.../samples/pbe/java/camellia128-ecb.base64 | 1 +
.../samples/pbe/java/camellia128-ecb.raw | 1 +
.../samples/pbe/java/camellia128-ofb.base64 | 1 +
.../samples/pbe/java/camellia128-ofb.raw | 1 +
.../samples/pbe/java/camellia128.base64 | 1 +
.../samples/pbe/java/camellia128.raw | 1 +
.../samples/pbe/java/camellia192-cbc.base64 | 1 +
.../samples/pbe/java/camellia192-cbc.raw | 1 +
.../samples/pbe/java/camellia192-cfb.base64 | 1 +
.../samples/pbe/java/camellia192-cfb.raw | 1 +
.../samples/pbe/java/camellia192-cfb8.base64 | 1 +
.../samples/pbe/java/camellia192-cfb8.raw | 1 +
.../samples/pbe/java/camellia192-ecb.base64 | 1 +
.../samples/pbe/java/camellia192-ecb.raw | 1 +
.../samples/pbe/java/camellia192-ofb.base64 | 1 +
.../samples/pbe/java/camellia192-ofb.raw | 1 +
.../samples/pbe/java/camellia192.base64 | 1 +
.../samples/pbe/java/camellia192.raw | 1 +
.../samples/pbe/java/camellia256-cbc.base64 | 1 +
.../samples/pbe/java/camellia256-cbc.raw | 1 +
.../samples/pbe/java/camellia256-cfb.base64 | 1 +
.../samples/pbe/java/camellia256-cfb.raw | 1 +
.../samples/pbe/java/camellia256-cfb8.base64 | 1 +
.../samples/pbe/java/camellia256-cfb8.raw | 1 +
.../samples/pbe/java/camellia256-ecb.base64 | 1 +
.../samples/pbe/java/camellia256-ecb.raw | 1 +
.../samples/pbe/java/camellia256-ofb.base64 | 1 +
.../samples/pbe/java/camellia256-ofb.raw | 1 +
.../samples/pbe/java/camellia256.base64 | 1 +
.../samples/pbe/java/camellia256.raw | 1 +
.../samples/pbe/java/cast5-cbc.base64 | 1 +
.../samples/pbe/java/cast5-cbc.raw | 1 +
.../samples/pbe/java/cast5-cfb.base64 | 1 +
.../samples/pbe/java/cast5-cfb.raw | 1 +
.../samples/pbe/java/cast5-cfb8.base64 | 1 +
.../samples/pbe/java/cast5-cfb8.raw | 1 +
.../samples/pbe/java/cast5-ecb.base64 | 1 +
.../samples/pbe/java/cast5-ecb.raw | 1 +
.../samples/pbe/java/cast5-ofb.base64 | 1 +
.../samples/pbe/java/cast5-ofb.raw | 1 +
.../samples/pbe/java/cast5.base64 | 1 +
.../samples/pbe/java/cast5.raw | 2 +
.../samples/pbe/java/cast6-cbc.base64 | 1 +
.../samples/pbe/java/cast6-cbc.raw | 1 +
.../samples/pbe/java/cast6-cfb.base64 | 1 +
.../samples/pbe/java/cast6-cfb.raw | 1 +
.../samples/pbe/java/cast6-cfb8.base64 | 1 +
.../samples/pbe/java/cast6-cfb8.raw | 1 +
.../samples/pbe/java/cast6-ecb.base64 | 1 +
.../samples/pbe/java/cast6-ecb.raw | 1 +
.../samples/pbe/java/cast6-ofb.base64 | 1 +
.../samples/pbe/java/cast6-ofb.raw | 1 +
.../samples/pbe/java/cast6.base64 | 1 +
.../samples/pbe/java/cast6.raw | 1 +
.../samples/pbe/java/des-cbc.base64 | 1 +
.../samples/pbe/java/des-cbc.raw | 1 +
.../samples/pbe/java/des-cfb.base64 | 1 +
.../samples/pbe/java/des-cfb.raw | 1 +
.../samples/pbe/java/des-cfb8.base64 | 1 +
.../samples/pbe/java/des-cfb8.raw | 1 +
.../samples/pbe/java/des-ecb.base64 | 1 +
.../samples/pbe/java/des-ecb.raw | 1 +
.../samples/pbe/java/des-ede-cbc.base64 | 1 +
.../samples/pbe/java/des-ede-cbc.raw | 1 +
.../samples/pbe/java/des-ede-cfb.base64 | 1 +
.../samples/pbe/java/des-ede-cfb.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/des-ede-cfb8.base64 | 1 +
.../samples/pbe/java/des-ede-cfb8.raw | 1 +
.../samples/pbe/java/des-ede-ecb.base64 | 1 +
.../samples/pbe/java/des-ede-ecb.raw | 1 +
.../samples/pbe/java/des-ede-ofb.base64 | 1 +
.../samples/pbe/java/des-ede-ofb.raw | 1 +
.../samples/pbe/java/des-ede.base64 | 1 +
.../samples/pbe/java/des-ede.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/des-ede3-cbc.base64 | 1 +
.../samples/pbe/java/des-ede3-cbc.raw | 1 +
.../samples/pbe/java/des-ede3-cfb.base64 | 1 +
.../samples/pbe/java/des-ede3-cfb.raw | 1 +
.../samples/pbe/java/des-ede3-cfb8.base64 | 1 +
.../samples/pbe/java/des-ede3-cfb8.raw | 1 +
.../samples/pbe/java/des-ede3-ecb.base64 | 1 +
.../samples/pbe/java/des-ede3-ecb.raw | 1 +
.../samples/pbe/java/des-ede3-ofb.base64 | 1 +
.../samples/pbe/java/des-ede3-ofb.raw | 1 +
.../samples/pbe/java/des-ede3.base64 | 1 +
.../samples/pbe/java/des-ede3.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/des-ofb.base64 | 1 +
.../samples/pbe/java/des-ofb.raw | 1 +
.../samples/pbe/java/des.base64 | 1 +
.../samples/pbe/java/des.raw | 1 +
.../samples/pbe/java/des2-cbc.base64 | 1 +
.../samples/pbe/java/des2-cbc.raw | 1 +
.../samples/pbe/java/des2-cfb.base64 | 1 +
.../samples/pbe/java/des2-cfb.raw | 1 +
.../samples/pbe/java/des2-cfb8.base64 | 1 +
.../samples/pbe/java/des2-cfb8.raw | 1 +
.../samples/pbe/java/des2-ecb.base64 | 1 +
.../samples/pbe/java/des2-ecb.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/des2-ofb.base64 | 1 +
.../samples/pbe/java/des2-ofb.raw | 1 +
.../samples/pbe/java/des2.base64 | 1 +
.../samples/pbe/java/des2.raw | 1 +
.../samples/pbe/java/des3-cbc.base64 | 1 +
.../samples/pbe/java/des3-cbc.raw | 1 +
.../samples/pbe/java/des3-cfb.base64 | 1 +
.../samples/pbe/java/des3-cfb.raw | 1 +
.../samples/pbe/java/des3-cfb8.base64 | 1 +
.../samples/pbe/java/des3-cfb8.raw | 1 +
.../samples/pbe/java/des3-ecb.base64 | 1 +
.../samples/pbe/java/des3-ecb.raw | 1 +
.../samples/pbe/java/des3-ofb.base64 | 1 +
.../samples/pbe/java/des3-ofb.raw | 1 +
.../samples/pbe/java/des3.base64 | 1 +
.../samples/pbe/java/des3.raw | 1 +
.../samples/pbe/java/gost-cbc.base64 | 1 +
.../samples/pbe/java/gost-cbc.raw | 1 +
.../samples/pbe/java/gost-cfb.base64 | 1 +
.../samples/pbe/java/gost-cfb.raw | 1 +
.../samples/pbe/java/gost-cfb8.base64 | 1 +
.../samples/pbe/java/gost-cfb8.raw | 1 +
.../samples/pbe/java/gost-ecb.base64 | 1 +
.../samples/pbe/java/gost-ecb.raw | 1 +
.../samples/pbe/java/gost-ofb.base64 | 1 +
.../samples/pbe/java/gost-ofb.raw | 1 +
.../samples/pbe/java/gost.base64 | 1 +
.../samples/pbe/java/gost.raw | 2 +
.../samples/pbe/java/gost28147-cbc.base64 | 1 +
.../samples/pbe/java/gost28147-cbc.raw | 1 +
.../samples/pbe/java/gost28147-cfb.base64 | 1 +
.../samples/pbe/java/gost28147-cfb.raw | 1 +
.../samples/pbe/java/gost28147-cfb8.base64 | 1 +
.../samples/pbe/java/gost28147-cfb8.raw | 1 +
.../samples/pbe/java/gost28147-ecb.base64 | 1 +
.../samples/pbe/java/gost28147-ecb.raw | 1 +
.../samples/pbe/java/gost28147-ofb.base64 | 1 +
.../samples/pbe/java/gost28147-ofb.raw | 1 +
.../samples/pbe/java/gost28147.base64 | 1 +
.../samples/pbe/java/gost28147.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/idea-cbc.base64 | 1 +
.../samples/pbe/java/idea-cbc.raw | 1 +
.../samples/pbe/java/idea-cfb.base64 | 1 +
.../samples/pbe/java/idea-cfb.raw | 2 +
.../samples/pbe/java/idea-cfb8.base64 | 1 +
.../samples/pbe/java/idea-cfb8.raw | 1 +
.../samples/pbe/java/idea-ecb.base64 | 1 +
.../samples/pbe/java/idea-ecb.raw | 2 +
.../samples/pbe/java/idea-ofb.base64 | 1 +
.../samples/pbe/java/idea-ofb.raw | 1 +
.../samples/pbe/java/idea.base64 | 1 +
.../samples/pbe/java/idea.raw | 1 +
.../samples/pbe/java/rc2-40-cbc.base64 | 1 +
.../samples/pbe/java/rc2-40-cbc.raw | 1 +
.../samples/pbe/java/rc2-40-cfb.base64 | 1 +
.../samples/pbe/java/rc2-40-cfb.raw | 1 +
.../samples/pbe/java/rc2-40-cfb8.base64 | 1 +
.../samples/pbe/java/rc2-40-cfb8.raw | 1 +
.../samples/pbe/java/rc2-40-ecb.base64 | 1 +
.../samples/pbe/java/rc2-40-ecb.raw | 1 +
.../samples/pbe/java/rc2-40-ofb.base64 | 1 +
.../samples/pbe/java/rc2-40-ofb.raw | 1 +
.../samples/pbe/java/rc2-40.base64 | 1 +
.../samples/pbe/java/rc2-40.raw | 1 +
.../samples/pbe/java/rc2-64-cbc.base64 | 1 +
.../samples/pbe/java/rc2-64-cbc.raw | 1 +
.../samples/pbe/java/rc2-64-cfb.base64 | 1 +
.../samples/pbe/java/rc2-64-cfb.raw | 1 +
.../samples/pbe/java/rc2-64-cfb8.base64 | 1 +
.../samples/pbe/java/rc2-64-cfb8.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/rc2-64-ecb.base64 | 1 +
.../samples/pbe/java/rc2-64-ecb.raw | 1 +
.../samples/pbe/java/rc2-64-ofb.base64 | 1 +
.../samples/pbe/java/rc2-64-ofb.raw | 1 +
.../samples/pbe/java/rc2-64.base64 | 1 +
.../samples/pbe/java/rc2-64.raw | 1 +
.../samples/pbe/java/rc2-cbc.base64 | 1 +
.../samples/pbe/java/rc2-cbc.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/rc2-cfb.base64 | 1 +
.../samples/pbe/java/rc2-cfb.raw | 1 +
.../samples/pbe/java/rc2-cfb8.base64 | 1 +
.../samples/pbe/java/rc2-cfb8.raw | 1 +
.../samples/pbe/java/rc2-ecb.base64 | 1 +
.../samples/pbe/java/rc2-ecb.raw | 1 +
.../samples/pbe/java/rc2-ofb.base64 | 1 +
.../samples/pbe/java/rc2-ofb.raw | 1 +
.../samples/pbe/java/rc2.base64 | 1 +
.../samples/pbe/java/rc2.raw | 1 +
.../samples/pbe/java/rc4-40-cbc.base64 | 1 +
.../samples/pbe/java/rc4-40-cbc.raw | 1 +
.../samples/pbe/java/rc4-40-cfb.base64 | 1 +
.../samples/pbe/java/rc4-40-cfb.raw | 1 +
.../samples/pbe/java/rc4-40-cfb1.base64 | 1 +
.../samples/pbe/java/rc4-40-cfb1.raw | 1 +
.../samples/pbe/java/rc4-40-cfb8.base64 | 1 +
.../samples/pbe/java/rc4-40-cfb8.raw | 1 +
.../samples/pbe/java/rc4-40-ecb.base64 | 1 +
.../samples/pbe/java/rc4-40-ecb.raw | 1 +
.../samples/pbe/java/rc4-40-ofb.base64 | 1 +
.../samples/pbe/java/rc4-40-ofb.raw | 1 +
.../samples/pbe/java/rc4-40.base64 | 1 +
.../samples/pbe/java/rc4-40.raw | 1 +
.../samples/pbe/java/rc4-cbc.base64 | 1 +
.../samples/pbe/java/rc4-cbc.raw | 1 +
.../samples/pbe/java/rc4-cfb.base64 | 1 +
.../samples/pbe/java/rc4-cfb.raw | 1 +
.../samples/pbe/java/rc4-cfb1.base64 | 1 +
.../samples/pbe/java/rc4-cfb1.raw | 1 +
.../samples/pbe/java/rc4-cfb8.base64 | 1 +
.../samples/pbe/java/rc4-cfb8.raw | 1 +
.../samples/pbe/java/rc4-ecb.base64 | 1 +
.../samples/pbe/java/rc4-ecb.raw | 1 +
.../samples/pbe/java/rc4-ofb.base64 | 1 +
.../samples/pbe/java/rc4-ofb.raw | 1 +
.../samples/pbe/java/rc4.base64 | 1 +
.../samples/pbe/java/rc4.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/rc5-cbc.base64 | 1 +
.../samples/pbe/java/rc5-cbc.raw | Bin 0 -> 32 bytes
.../samples/pbe/java/rc5-cfb.base64 | 1 +
.../samples/pbe/java/rc5-cfb.raw | 1 +
.../samples/pbe/java/rc5-cfb8.base64 | 1 +
.../samples/pbe/java/rc5-cfb8.raw | 1 +
.../samples/pbe/java/rc5-ecb.base64 | 1 +
.../samples/pbe/java/rc5-ecb.raw | 1 +
.../samples/pbe/java/rc5-ofb.base64 | 1 +
.../samples/pbe/java/rc5-ofb.raw | 1 +
.../samples/pbe/java/rc5.base64 | 1 +
.../samples/pbe/java/rc5.raw | 2 +
.../samples/pbe/java/rc6-cbc.base64 | 1 +
.../samples/pbe/java/rc6-cbc.raw | 1 +
.../samples/pbe/java/rc6-cfb.base64 | 1 +
.../samples/pbe/java/rc6-cfb.raw | 1 +
.../samples/pbe/java/rc6-cfb8.base64 | 1 +
.../samples/pbe/java/rc6-cfb8.raw | 1 +
.../samples/pbe/java/rc6-ecb.base64 | 1 +
.../samples/pbe/java/rc6-ecb.raw | 1 +
.../samples/pbe/java/rc6-ofb.base64 | 1 +
.../samples/pbe/java/rc6-ofb.raw | 1 +
.../samples/pbe/java/rc6.base64 | 1 +
.../samples/pbe/java/rc6.raw | 1 +
.../samples/pbe/java/rijndael-cbc.base64 | 1 +
.../samples/pbe/java/rijndael-cbc.raw | 1 +
.../samples/pbe/java/rijndael-cfb.base64 | 1 +
.../samples/pbe/java/rijndael-cfb.raw | 1 +
.../samples/pbe/java/rijndael-cfb8.base64 | 1 +
.../samples/pbe/java/rijndael-cfb8.raw | 1 +
.../samples/pbe/java/rijndael-ecb.base64 | 1 +
.../samples/pbe/java/rijndael-ecb.raw | 1 +
.../samples/pbe/java/rijndael-ofb.base64 | 1 +
.../samples/pbe/java/rijndael-ofb.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/rijndael.base64 | 1 +
.../samples/pbe/java/rijndael.raw | 1 +
.../samples/pbe/java/seed-cbc.base64 | 1 +
.../samples/pbe/java/seed-cbc.raw | 1 +
.../samples/pbe/java/seed-cfb.base64 | 1 +
.../samples/pbe/java/seed-cfb.raw | 1 +
.../samples/pbe/java/seed-cfb8.base64 | 1 +
.../samples/pbe/java/seed-cfb8.raw | 1 +
.../samples/pbe/java/seed-ecb.base64 | 1 +
.../samples/pbe/java/seed-ecb.raw | 1 +
.../samples/pbe/java/seed-ofb.base64 | 1 +
.../samples/pbe/java/seed-ofb.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/seed.base64 | 1 +
.../samples/pbe/java/seed.raw | 1 +
.../samples/pbe/java/serpent-cbc.base64 | 1 +
.../samples/pbe/java/serpent-cbc.raw | 1 +
.../samples/pbe/java/serpent-cfb.base64 | 1 +
.../samples/pbe/java/serpent-cfb.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/serpent-cfb8.base64 | 1 +
.../samples/pbe/java/serpent-cfb8.raw | 1 +
.../samples/pbe/java/serpent-ecb.base64 | 1 +
.../samples/pbe/java/serpent-ecb.raw | 1 +
.../samples/pbe/java/serpent-ofb.base64 | 1 +
.../samples/pbe/java/serpent-ofb.raw | 1 +
.../samples/pbe/java/serpent.base64 | 1 +
.../samples/pbe/java/serpent.raw | 2 +
.../samples/pbe/java/skipjack-cbc.base64 | 1 +
.../samples/pbe/java/skipjack-cbc.raw | 1 +
.../samples/pbe/java/skipjack-cfb.base64 | 1 +
.../samples/pbe/java/skipjack-cfb.raw | 1 +
.../samples/pbe/java/skipjack-cfb8.base64 | 1 +
.../samples/pbe/java/skipjack-cfb8.raw | 1 +
.../samples/pbe/java/skipjack-ecb.base64 | 1 +
.../samples/pbe/java/skipjack-ecb.raw | 1 +
.../samples/pbe/java/skipjack-ofb.base64 | 1 +
.../samples/pbe/java/skipjack-ofb.raw | 1 +
.../samples/pbe/java/skipjack.base64 | 1 +
.../samples/pbe/java/skipjack.raw | 1 +
.../samples/pbe/java/tea-cbc.base64 | 1 +
.../samples/pbe/java/tea-cbc.raw | 1 +
.../samples/pbe/java/tea-cfb.base64 | 1 +
.../samples/pbe/java/tea-cfb.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/tea-cfb8.base64 | 1 +
.../samples/pbe/java/tea-cfb8.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/tea-ecb.base64 | 1 +
.../samples/pbe/java/tea-ecb.raw | 1 +
.../samples/pbe/java/tea-ofb.base64 | 1 +
.../samples/pbe/java/tea-ofb.raw | 1 +
.../samples/pbe/java/tea.base64 | 1 +
.../samples/pbe/java/tea.raw | 1 +
.../samples/pbe/java/twofish-cbc.base64 | 1 +
.../samples/pbe/java/twofish-cbc.raw | 2 +
.../samples/pbe/java/twofish-cfb.base64 | 1 +
.../samples/pbe/java/twofish-cfb.raw | 1 +
.../samples/pbe/java/twofish-cfb8.base64 | 1 +
.../samples/pbe/java/twofish-cfb8.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/twofish-ecb.base64 | 1 +
.../samples/pbe/java/twofish-ecb.raw | 1 +
.../samples/pbe/java/twofish-ofb.base64 | 1 +
.../samples/pbe/java/twofish-ofb.raw | 1 +
.../samples/pbe/java/twofish.base64 | 1 +
.../samples/pbe/java/twofish.raw | 1 +
.../samples/pbe/java/xtea-cbc.base64 | 1 +
.../samples/pbe/java/xtea-cbc.raw | 1 +
.../samples/pbe/java/xtea-cfb.base64 | 1 +
.../samples/pbe/java/xtea-cfb.raw | 1 +
.../samples/pbe/java/xtea-cfb8.base64 | 1 +
.../samples/pbe/java/xtea-cfb8.raw | Bin 0 -> 28 bytes
.../samples/pbe/java/xtea-ecb.base64 | 1 +
.../samples/pbe/java/xtea-ecb.raw | 1 +
.../samples/pbe/java/xtea-ofb.base64 | 1 +
.../samples/pbe/java/xtea-ofb.raw | 1 +
.../samples/pbe/java/xtea.base64 | 1 +
.../samples/pbe/java/xtea.raw | 1 +
.../samples/pbe/openssl/README.txt | 5 +
.../samples/pbe/openssl/aes-128-cbc.base64 | 1 +
.../samples/pbe/openssl/aes-128-cbc.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/aes-128-cfb.base64 | 1 +
.../samples/pbe/openssl/aes-128-cfb.raw | 1 +
.../samples/pbe/openssl/aes-128-cfb1.base64 | 1 +
.../samples/pbe/openssl/aes-128-cfb1.raw | Bin 0 -> 28 bytes
.../samples/pbe/openssl/aes-128-cfb8.base64 | 1 +
.../samples/pbe/openssl/aes-128-cfb8.raw | 2 +
.../samples/pbe/openssl/aes-128-ecb.base64 | 1 +
.../samples/pbe/openssl/aes-128-ecb.raw | 1 +
.../samples/pbe/openssl/aes-128-ofb.base64 | 1 +
.../samples/pbe/openssl/aes-128-ofb.raw | 1 +
.../samples/pbe/openssl/aes-192-cbc.base64 | 1 +
.../samples/pbe/openssl/aes-192-cbc.raw | 1 +
.../samples/pbe/openssl/aes-192-cfb.base64 | 1 +
.../samples/pbe/openssl/aes-192-cfb.raw | 1 +
.../samples/pbe/openssl/aes-192-cfb1.base64 | 1 +
.../samples/pbe/openssl/aes-192-cfb1.raw | Bin 0 -> 28 bytes
.../samples/pbe/openssl/aes-192-cfb8.base64 | 1 +
.../samples/pbe/openssl/aes-192-cfb8.raw | 1 +
.../samples/pbe/openssl/aes-192-ecb.base64 | 1 +
.../samples/pbe/openssl/aes-192-ecb.raw | 1 +
.../samples/pbe/openssl/aes-192-ofb.base64 | 1 +
.../samples/pbe/openssl/aes-192-ofb.raw | 1 +
.../samples/pbe/openssl/aes-256-cbc.base64 | 1 +
.../samples/pbe/openssl/aes-256-cbc.raw | 1 +
.../samples/pbe/openssl/aes-256-cfb.base64 | 1 +
.../samples/pbe/openssl/aes-256-cfb.raw | 1 +
.../samples/pbe/openssl/aes-256-cfb1.base64 | 1 +
.../samples/pbe/openssl/aes-256-cfb1.raw | Bin 0 -> 28 bytes
.../samples/pbe/openssl/aes-256-cfb8.base64 | 1 +
.../samples/pbe/openssl/aes-256-cfb8.raw | 1 +
.../samples/pbe/openssl/aes-256-ecb.base64 | 1 +
.../samples/pbe/openssl/aes-256-ecb.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/aes-256-ofb.base64 | 1 +
.../samples/pbe/openssl/aes-256-ofb.raw | 1 +
.../samples/pbe/openssl/aes128.base64 | 1 +
.../samples/pbe/openssl/aes128.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/aes192.base64 | 1 +
.../samples/pbe/openssl/aes192.raw | 3 +
.../samples/pbe/openssl/aes256.base64 | 1 +
.../samples/pbe/openssl/aes256.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/bf-cbc.base64 | 1 +
.../samples/pbe/openssl/bf-cbc.raw | 1 +
.../samples/pbe/openssl/bf-cfb.base64 | 1 +
.../samples/pbe/openssl/bf-cfb.raw | Bin 0 -> 28 bytes
.../samples/pbe/openssl/bf-ecb.base64 | 1 +
.../samples/pbe/openssl/bf-ecb.raw | 1 +
.../samples/pbe/openssl/bf-ofb.base64 | 1 +
.../samples/pbe/openssl/bf-ofb.raw | 1 +
.../samples/pbe/openssl/bf.base64 | 1 +
.../samples/pbe/openssl/bf.raw | 1 +
.../samples/pbe/openssl/blowfish.base64 | 1 +
.../samples/pbe/openssl/blowfish.raw | 1 +
.../samples/pbe/openssl/camellia-128-cbc.base64 | 1 +
.../samples/pbe/openssl/camellia-128-cbc.raw | 1 +
.../samples/pbe/openssl/camellia-128-cfb.base64 | 1 +
.../samples/pbe/openssl/camellia-128-cfb.raw | 1 +
.../pbe/openssl/camellia-128-cfb1.base64 | 1 +
.../samples/pbe/openssl/camellia-128-cfb1.raw | Bin 0 -> 28 bytes
.../pbe/openssl/camellia-128-cfb8.base64 | 1 +
.../samples/pbe/openssl/camellia-128-cfb8.raw | 1 +
.../samples/pbe/openssl/camellia-128-ecb.base64 | 1 +
.../samples/pbe/openssl/camellia-128-ecb.raw | 1 +
.../samples/pbe/openssl/camellia-128-ofb.base64 | 1 +
.../samples/pbe/openssl/camellia-128-ofb.raw | 1 +
.../samples/pbe/openssl/camellia-192-cbc.base64 | 1 +
.../samples/pbe/openssl/camellia-192-cbc.raw | 1 +
.../samples/pbe/openssl/camellia-192-cfb.base64 | 1 +
.../samples/pbe/openssl/camellia-192-cfb.raw | 1 +
.../pbe/openssl/camellia-192-cfb1.base64 | 1 +
.../samples/pbe/openssl/camellia-192-cfb1.raw | Bin 0 -> 28 bytes
.../pbe/openssl/camellia-192-cfb8.base64 | 1 +
.../samples/pbe/openssl/camellia-192-cfb8.raw | 1 +
.../samples/pbe/openssl/camellia-192-ecb.base64 | 1 +
.../samples/pbe/openssl/camellia-192-ecb.raw | 1 +
.../samples/pbe/openssl/camellia-192-ofb.base64 | 1 +
.../samples/pbe/openssl/camellia-192-ofb.raw | Bin 0 -> 28 bytes
.../samples/pbe/openssl/camellia-256-cbc.base64 | 1 +
.../samples/pbe/openssl/camellia-256-cbc.raw | 1 +
.../samples/pbe/openssl/camellia-256-cfb.base64 | 1 +
.../samples/pbe/openssl/camellia-256-cfb.raw | 2 +
.../pbe/openssl/camellia-256-cfb1.base64 | 1 +
.../samples/pbe/openssl/camellia-256-cfb1.raw | Bin 0 -> 28 bytes
.../pbe/openssl/camellia-256-cfb8.base64 | 1 +
.../samples/pbe/openssl/camellia-256-cfb8.raw | 1 +
.../samples/pbe/openssl/camellia-256-ecb.base64 | 1 +
.../samples/pbe/openssl/camellia-256-ecb.raw | 1 +
.../samples/pbe/openssl/camellia-256-ofb.base64 | 1 +
.../samples/pbe/openssl/camellia-256-ofb.raw | 1 +
.../samples/pbe/openssl/camellia128.base64 | 1 +
.../samples/pbe/openssl/camellia128.raw | 1 +
.../samples/pbe/openssl/camellia192.base64 | 1 +
.../samples/pbe/openssl/camellia192.raw | 1 +
.../samples/pbe/openssl/camellia256.base64 | 1 +
.../samples/pbe/openssl/camellia256.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/cast-cbc.base64 | 1 +
.../samples/pbe/openssl/cast-cbc.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/cast.base64 | 1 +
.../samples/pbe/openssl/cast.raw | 1 +
.../samples/pbe/openssl/cast5-cbc.base64 | 1 +
.../samples/pbe/openssl/cast5-cbc.raw | 2 +
.../samples/pbe/openssl/cast5-cfb.base64 | 1 +
.../samples/pbe/openssl/cast5-cfb.raw | 1 +
.../samples/pbe/openssl/cast5-ecb.base64 | 1 +
.../samples/pbe/openssl/cast5-ecb.raw | 1 +
.../samples/pbe/openssl/cast5-ofb.base64 | 1 +
.../samples/pbe/openssl/cast5-ofb.raw | 2 +
.../samples/pbe/openssl/des-cbc.base64 | 1 +
.../samples/pbe/openssl/des-cbc.raw | 1 +
.../samples/pbe/openssl/des-cfb.base64 | 1 +
.../samples/pbe/openssl/des-cfb.raw | 1 +
.../samples/pbe/openssl/des-cfb1.base64 | 1 +
.../samples/pbe/openssl/des-cfb1.raw | Bin 0 -> 28 bytes
.../samples/pbe/openssl/des-cfb8.base64 | 1 +
.../samples/pbe/openssl/des-cfb8.raw | 1 +
.../samples/pbe/openssl/des-ecb.base64 | 1 +
.../samples/pbe/openssl/des-ecb.raw | Bin 0 -> 32 bytes
.../samples/pbe/openssl/des-ede-cbc.base64 | 1 +
.../samples/pbe/openssl/des-ede-cbc.raw | 1 +
.../samples/pbe/openssl/des-ede-cfb.base64 | 1 +
.../samples/pbe/openssl/des-ede-cfb.raw | 1 +
.../samples/pbe/openssl/des-ede-ofb.base64 | 1 +
.../samples/pbe/openssl/des-ede-ofb.raw | 1 +
.../samples/pbe/openssl/des-ede.base64 | 1 +
.../samples/pbe/openssl/des-ede.raw | 1 +
.../samples/pbe/openssl/des-ede3-cbc.base64 | 1 +
.../samples/pbe/openssl/des-ede3-cbc.raw | 2 +
.../samples/pbe/openssl/des-ede3-cfb.base64 | 1 +
.../samples/pbe/openssl/des-ede3-cfb.raw | 1 +
.../samples/pbe/openssl/des-ede3-ofb.base64 | 1 +
.../samples/pbe/openssl/des-ede3-ofb.raw | 1 +
.../samples/pbe/openssl/des-ede3.base64 | 1 +
.../samples/pbe/openssl/des-ede3.raw | 1 +
.../samples/pbe/openssl/des-ofb.base64 | 1 +
.../samples/pbe/openssl/des-ofb.raw | 1 +
.../samples/pbe/openssl/des.base64 | 1 +
.../samples/pbe/openssl/des.raw | 1 +
.../samples/pbe/openssl/des3.base64 | 1 +
.../samples/pbe/openssl/des3.raw | 1 +
.../samples/pbe/openssl/idea-cbc.base64 | 1 +
.../samples/pbe/openssl/idea-cbc.raw | 1 +
.../samples/pbe/openssl/idea-cfb.base64 | 1 +
.../samples/pbe/openssl/idea-cfb.raw | 1 +
.../samples/pbe/openssl/idea-ecb.base64 | 1 +
.../samples/pbe/openssl/idea-ecb.raw | 1 +
.../samples/pbe/openssl/idea-ofb.base64 | 1 +
.../samples/pbe/openssl/idea-ofb.raw | 1 +
.../samples/pbe/openssl/idea.base64 | 1 +
.../samples/pbe/openssl/idea.raw | 1 +
.../samples/pbe/openssl/rc2-40-cbc.base64 | 1 +
.../samples/pbe/openssl/rc2-40-cbc.raw | 1 +
.../samples/pbe/openssl/rc2-64-cbc.base64 | 1 +
.../samples/pbe/openssl/rc2-64-cbc.raw | 1 +
.../samples/pbe/openssl/rc2-cbc.base64 | 1 +
.../samples/pbe/openssl/rc2-cbc.raw | 1 +
.../samples/pbe/openssl/rc2-cfb.base64 | 1 +
.../samples/pbe/openssl/rc2-cfb.raw | 1 +
.../samples/pbe/openssl/rc2-ecb.base64 | 1 +
.../samples/pbe/openssl/rc2-ecb.raw | 1 +
.../samples/pbe/openssl/rc2-ofb.base64 | 1 +
.../samples/pbe/openssl/rc2-ofb.raw | 1 +
.../samples/pbe/openssl/rc2.base64 | 1 +
.../samples/pbe/openssl/rc2.raw | 1 +
.../samples/pbe/openssl/rc4-40.base64 | 1 +
.../samples/pbe/openssl/rc4-40.raw | 1 +
.../samples/pbe/openssl/rc4.base64 | 1 +
.../samples/pbe/openssl/rc4.raw | 1 +
.../samples/pbe/openssl/rc5-cbc.base64 | 1 +
.../samples/pbe/openssl/rc5-cbc.raw | 1 +
.../samples/pbe/openssl/rc5-cfb.base64 | 1 +
.../samples/pbe/openssl/rc5-cfb.raw | 1 +
.../samples/pbe/openssl/rc5-ecb.base64 | 1 +
.../samples/pbe/openssl/rc5-ecb.raw | 1 +
.../samples/pbe/openssl/rc5-ofb.base64 | 1 +
.../samples/pbe/openssl/rc5-ofb.raw | 1 +
.../samples/pbe/openssl/rc5.base64 | 1 +
.../samples/pbe/openssl/rc5.raw | 1 +
.../samples/pkcs12/pkcs12_client_cert.p12 | Bin 0 -> 4070 bytes
.../samples/pkcs12/pkcs12_client_cert.pem | 94 ++
3rdparty/not-yet-commons-ssl/samples/rsa.html | 115 ++
.../samples/rsa/openssl_rsa_aes128_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_aes128_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_aes128_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_aes128_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_aes192_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_aes192_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_aes192_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_aes192_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_aes256_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_aes256_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_aes256_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_aes256_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_blowfish_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_blowfish_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_blowfish_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_blowfish_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_des1_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_des1_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_des1_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_des1_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_des2_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_des2_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_des2_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_des2_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_des3_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_des3_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_des3_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_des3_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_rc2_128_cbc.pem | 30 +
.../samples/rsa/openssl_rsa_rc2_128_cfb.pem | 30 +
.../samples/rsa/openssl_rsa_rc2_128_ecb.pem | 30 +
.../samples/rsa/openssl_rsa_rc2_128_ofb.pem | 30 +
.../samples/rsa/openssl_rsa_rc2_40.pem | 30 +
.../samples/rsa/openssl_rsa_rc2_64.pem | 30 +
.../samples/rsa/openssl_rsa_unencrypted.der | Bin 0 -> 1192 bytes
.../samples/rsa/openssl_rsa_unencrypted.pem | 27 +
.../samples/rsa/pkcs8_rsa_unencrypted.der | Bin 0 -> 1218 bytes
.../samples/rsa/pkcs8_rsa_unencrypted.pem | 28 +
.../samples/rsa/pkcs8v1_rsa_md2_des1.der | Bin 0 -> 1261 bytes
.../samples/rsa/pkcs8v1_rsa_md2_des1.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_md2_rc2_64.der | Bin 0 -> 1261 bytes
.../samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_md5_des1.der | Bin 0 -> 1261 bytes
.../samples/rsa/pkcs8v1_rsa_md5_des1.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_md5_rc2_64.der | Bin 0 -> 1261 bytes
.../samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_des1.der | Bin 0 -> 1261 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_des1.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_des2.der | Bin 0 -> 1262 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_des2.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_des3.der | Bin 0 -> 1262 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_des3.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der | Bin 0 -> 1262 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der | Bin 0 -> 1262 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der | Bin 0 -> 1261 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der | Bin 0 -> 1256 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem | 29 +
.../samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der | Bin 0 -> 1256 bytes
.../samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem | 29 +
.../samples/rsa/pkcs8v2_rsa_aes128_cbc.der | Bin 0 -> 1315 bytes
.../samples/rsa/pkcs8v2_rsa_aes128_cbc.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes128_cfb.der | Bin 0 -> 1301 bytes
.../samples/rsa/pkcs8v2_rsa_aes128_cfb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes128_ecb.der | Bin 0 -> 1315 bytes
.../samples/rsa/pkcs8v2_rsa_aes128_ecb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes128_ofb.der | Bin 0 -> 1301 bytes
.../samples/rsa/pkcs8v2_rsa_aes128_ofb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes192_cbc.der | Bin 0 -> 1315 bytes
.../samples/rsa/pkcs8v2_rsa_aes192_cbc.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes192_cfb.der | Bin 0 -> 1301 bytes
.../samples/rsa/pkcs8v2_rsa_aes192_cfb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes192_ecb.der | Bin 0 -> 1315 bytes
.../samples/rsa/pkcs8v2_rsa_aes192_ecb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes192_ofb.der | Bin 0 -> 1301 bytes
.../samples/rsa/pkcs8v2_rsa_aes192_ofb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes256_cbc.der | Bin 0 -> 1315 bytes
.../samples/rsa/pkcs8v2_rsa_aes256_cbc.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes256_cfb.der | Bin 0 -> 1301 bytes
.../samples/rsa/pkcs8v2_rsa_aes256_cfb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes256_ecb.der | Bin 0 -> 1315 bytes
.../samples/rsa/pkcs8v2_rsa_aes256_ecb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_aes256_ofb.der | Bin 0 -> 1301 bytes
.../samples/rsa/pkcs8v2_rsa_aes256_ofb.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_blowfish_cbc.der | Bin 0 -> 1299 bytes
.../samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_des1_cbc.der | Bin 0 -> 1295 bytes
.../samples/rsa/pkcs8v2_rsa_des1_cbc.pem | 29 +
.../samples/rsa/pkcs8v2_rsa_des1_cfb.der | Bin 0 -> 1289 bytes
.../samples/rsa/pkcs8v2_rsa_des1_cfb.pem | 29 +
.../samples/rsa/pkcs8v2_rsa_des1_ecb.der | Bin 0 -> 1295 bytes
.../samples/rsa/pkcs8v2_rsa_des1_ecb.pem | 29 +
.../samples/rsa/pkcs8v2_rsa_des1_ofb.der | Bin 0 -> 1289 bytes
.../samples/rsa/pkcs8v2_rsa_des1_ofb.pem | 29 +
.../rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der | Bin 0 -> 1295 bytes
.../rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem | 29 +
.../samples/rsa/pkcs8v2_rsa_des3.der | Bin 0 -> 1298 bytes
.../samples/rsa/pkcs8v2_rsa_des3.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_rc2_128.der | Bin 0 -> 1306 bytes
.../samples/rsa/pkcs8v2_rsa_rc2_128.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_rc2_40.der | Bin 0 -> 1307 bytes
.../samples/rsa/pkcs8v2_rsa_rc2_40.pem | 30 +
.../samples/rsa/pkcs8v2_rsa_rc2_64.der | Bin 0 -> 1306 bytes
.../samples/rsa/pkcs8v2_rsa_rc2_64.pem | 30 +
.../not-yet-commons-ssl/samples/rsa_result.html | 38 +
.../samples/x509/certificate.der | Bin 0 -> 1092 bytes
.../samples/x509/certificate.pem | 85 ++
.../samples/x509/certificate_chain.pem | 79 ++
.../samples/x509/certificate_root_ca.der | Bin 0 -> 1156 bytes
.../samples/x509/certificate_root_ca.pem | 87 ++
.../not-yet-commons-ssl/samples/x509/oscp.pem | 22 +
.../samples/x509/two-crls.pem | 46 +
.../samples/x509/x509_foo.pem | 85 ++
.../samples/x509/x509_foo_bar.pem | 88 ++
.../samples/x509/x509_foo_bar_hanako.pem | 88 ++
.../samples/x509/x509_hanako.pem | 85 ++
.../samples/x509/x509_no_cns_foo.pem | 87 ++
.../x509/x509_three_cns_foo_bar_hanako.pem | 86 ++
.../samples/x509/x509_wild_co_jp.pem | 85 ++
.../samples/x509/x509_wild_foo.pem | 85 ++
.../samples/x509/x509_wild_foo_bar_hanako.pem | 88 ++
.../ssl/AuthSSLProtocolSocketFactory.java | 204 ++++
.../ssl/EasySSLProtocolSocketFactory.java | 101 ++
.../ssl/StrictSSLProtocolSocketFactory.java | 131 ++
.../ssl/TrustSSLProtocolSocketFactory.java | 207 ++++
.../org/apache/commons/ssl/ASN1Structure.java | 112 ++
.../java/org/apache/commons/ssl/ASN1Util.java | 211 ++++
.../java/org/apache/commons/ssl/Base64.java | 1048 ++++++++++++++++
.../apache/commons/ssl/Base64InputStream.java | 174 +++
.../apache/commons/ssl/Base64OutputStream.java | 198 +++
.../java/org/apache/commons/ssl/CRLSocket.java | 100 ++
.../java/org/apache/commons/ssl/CRLUtil.java | 75 ++
.../org/apache/commons/ssl/Certificates.java | 591 +++++++++
.../apache/commons/ssl/ComboInputStream.java | 96 ++
.../java/org/apache/commons/ssl/DerivedKey.java | 49 +
.../java/org/apache/commons/ssl/HostPort.java | 57 +
.../apache/commons/ssl/HostnameVerifier.java | 481 ++++++++
.../apache/commons/ssl/HttpSecureProtocol.java | 93 ++
.../java/org/apache/commons/ssl/Java13.java | 303 +++++
.../commons/ssl/Java13KeyManagerWrapper.java | 82 ++
.../commons/ssl/Java13TrustManagerWrapper.java | 103 ++
.../java/org/apache/commons/ssl/Java14.java | 272 +++++
.../commons/ssl/Java14KeyManagerWrapper.java | 82 ++
.../commons/ssl/Java14TrustManagerWrapper.java | 133 ++
.../java/org/apache/commons/ssl/JavaImpl.java | 256 ++++
.../org/apache/commons/ssl/KeyMaterial.java | 289 +++++
.../org/apache/commons/ssl/KeyStoreBuilder.java | 698 +++++++++++
.../java/org/apache/commons/ssl/LDAPSocket.java | 83 ++
.../java/org/apache/commons/ssl/LogHelper.java | 87 ++
.../java/org/apache/commons/ssl/LogWrapper.java | 295 +++++
.../java/org/apache/commons/ssl/OpenSSL.java | 718 +++++++++++
.../org/apache/commons/ssl/PBETestCreate.java | 79 ++
.../java/org/apache/commons/ssl/PEMItem.java | 106 ++
.../java/org/apache/commons/ssl/PEMUtil.java | 250 ++++
.../java/org/apache/commons/ssl/PKCS8Key.java | 1039 ++++++++++++++++
.../main/java/org/apache/commons/ssl/Ping.java | 474 ++++++++
.../ssl/ProbablyBadPasswordException.java | 51 +
.../commons/ssl/ProbablyNotPKCS8Exception.java | 50 +
.../commons/ssl/RMISocketFactoryImpl.java | 578 +++++++++
.../main/java/org/apache/commons/ssl/SSL.java | 612 ++++++++++
.../java/org/apache/commons/ssl/SSLClient.java | 226 ++++
.../org/apache/commons/ssl/SSLEchoServer.java | 149 +++
.../org/apache/commons/ssl/SSLProxyServer.java | 196 +++
.../java/org/apache/commons/ssl/SSLServer.java | 284 +++++
.../commons/ssl/SSLServerSocketWrapper.java | 182 +++
.../apache/commons/ssl/SSLSocketWrapper.java | 356 ++++++
.../apache/commons/ssl/SSLWrapperFactory.java | 110 ++
.../org/apache/commons/ssl/TomcatServerXML.java | 231 ++++
.../java/org/apache/commons/ssl/TrustChain.java | 219 ++++
.../org/apache/commons/ssl/TrustMaterial.java | 281 +++++
.../main/java/org/apache/commons/ssl/Util.java | 452 +++++++
.../java/org/apache/commons/ssl/Version.java | 197 +++
.../ssl/X509CertificateChainBuilder.java | 204 ++++
.../org/apache/commons/ssl/asn1/ASN1Choice.java | 13 +
.../apache/commons/ssl/asn1/ASN1Encodable.java | 74 ++
.../commons/ssl/asn1/ASN1EncodableVector.java | 10 +
.../apache/commons/ssl/asn1/ASN1Generator.java | 13 +
.../commons/ssl/asn1/ASN1InputStream.java | 420 +++++++
.../org/apache/commons/ssl/asn1/ASN1Null.java | 30 +
.../org/apache/commons/ssl/asn1/ASN1Object.java | 34 +
.../commons/ssl/asn1/ASN1ObjectParser.java | 55 +
.../commons/ssl/asn1/ASN1OctetString.java | 137 +++
.../commons/ssl/asn1/ASN1OctetStringParser.java | 8 +
.../commons/ssl/asn1/ASN1OutputStream.java | 26 +
.../apache/commons/ssl/asn1/ASN1Sequence.java | 183 +++
.../commons/ssl/asn1/ASN1SequenceParser.java | 9 +
.../org/apache/commons/ssl/asn1/ASN1Set.java | 281 +++++
.../apache/commons/ssl/asn1/ASN1SetParser.java | 9 +
.../commons/ssl/asn1/ASN1StreamParser.java | 193 +++
.../commons/ssl/asn1/ASN1TaggedObject.java | 177 +++
.../ssl/asn1/ASN1TaggedObjectParser.java | 11 +
.../ssl/asn1/BERConstructedOctetString.java | 137 +++
.../ssl/asn1/BERConstructedSequence.java | 29 +
.../apache/commons/ssl/asn1/BERGenerator.java | 82 ++
.../apache/commons/ssl/asn1/BERInputStream.java | 179 +++
.../org/apache/commons/ssl/asn1/BERNull.java | 22 +
.../ssl/asn1/BEROctetStringGenerator.java | 86 ++
.../commons/ssl/asn1/BEROctetStringParser.java | 36 +
.../commons/ssl/asn1/BEROutputStream.java | 26 +
.../apache/commons/ssl/asn1/BERSequence.java | 44 +
.../commons/ssl/asn1/BERSequenceGenerator.java | 36 +
.../commons/ssl/asn1/BERSequenceParser.java | 21 +
.../org/apache/commons/ssl/asn1/BERSet.java | 51 +
.../apache/commons/ssl/asn1/BERSetParser.java | 21 +
.../commons/ssl/asn1/BERTaggedObject.java | 94 ++
.../commons/ssl/asn1/BERTaggedObjectParser.java | 118 ++
.../ssl/asn1/ConstructedOctetStream.java | 92 ++
.../ssl/asn1/DERApplicationSpecific.java | 143 +++
.../apache/commons/ssl/asn1/DERBMPString.java | 104 ++
.../apache/commons/ssl/asn1/DERBitString.java | 245 ++++
.../org/apache/commons/ssl/asn1/DERBoolean.java | 96 ++
.../ssl/asn1/DERConstructedSequence.java | 46 +
.../commons/ssl/asn1/DERConstructedSet.java | 63 +
.../apache/commons/ssl/asn1/DEREncodable.java | 5 +
.../commons/ssl/asn1/DEREncodableVector.java | 31 +
.../apache/commons/ssl/asn1/DEREnumerated.java | 96 ++
.../commons/ssl/asn1/DERGeneralString.java | 75 ++
.../commons/ssl/asn1/DERGeneralizedTime.java | 242 ++++
.../apache/commons/ssl/asn1/DERGenerator.java | 108 ++
.../apache/commons/ssl/asn1/DERIA5String.java | 142 +++
.../apache/commons/ssl/asn1/DERInputStream.java | 237 ++++
.../org/apache/commons/ssl/asn1/DERInteger.java | 114 ++
.../org/apache/commons/ssl/asn1/DERNull.java | 20 +
.../commons/ssl/asn1/DERNumericString.java | 148 +++
.../org/apache/commons/ssl/asn1/DERObject.java | 18 +
.../commons/ssl/asn1/DERObjectIdentifier.java | 245 ++++
.../apache/commons/ssl/asn1/DEROctetString.java | 23 +
.../commons/ssl/asn1/DEROutputStream.java | 73 ++
.../commons/ssl/asn1/DERPrintableString.java | 172 +++
.../apache/commons/ssl/asn1/DERSequence.java | 62 +
.../commons/ssl/asn1/DERSequenceGenerator.java | 39 +
.../org/apache/commons/ssl/asn1/DERSet.java | 76 ++
.../org/apache/commons/ssl/asn1/DERString.java | 6 +
.../apache/commons/ssl/asn1/DERT61String.java | 103 ++
.../commons/ssl/asn1/DERTaggedObject.java | 74 ++
.../org/apache/commons/ssl/asn1/DERTags.java | 35 +
.../org/apache/commons/ssl/asn1/DERUTCTime.java | 214 ++++
.../apache/commons/ssl/asn1/DERUTF8String.java | 83 ++
.../commons/ssl/asn1/DERUniversalString.java | 100 ++
.../apache/commons/ssl/asn1/DERUnknownTag.java | 71 ++
.../commons/ssl/asn1/DERVisibleString.java | 103 ++
.../ssl/asn1/DefiniteLengthInputStream.java | 83 ++
.../ssl/asn1/IndefiniteLengthInputStream.java | 98 ++
.../commons/ssl/asn1/LimitedInputStream.java | 23 +
.../apache/commons/ssl/asn1/OIDTokenizer.java | 42 +
.../org/apache/commons/ssl/asn1/Strings.java | 195 +++
.../org/apache/commons/ssl/rmi/DateRMI.java | 69 ++
.../org/apache/commons/ssl/rmi/IntegerRMI.java | 69 ++
.../org/apache/commons/ssl/rmi/RemoteDate.java | 46 +
.../apache/commons/ssl/rmi/RemoteInteger.java | 45 +
.../java/org/apache/commons/ssl/rmi/Test.java | 200 +++
.../commons/ssl/util/ByteArrayReadLine.java | 32 +
.../java/org/apache/commons/ssl/util/Hex.java | 83 ++
.../commons/ssl/util/IPAddressParser.java | 183 +++
.../commons/ssl/util/PublicKeyDeriver.java | 82 ++
.../org/apache/commons/ssl/util/ReadLine.java | 91 ++
.../java/org/apache/commons/ssl/util/UTF8.java | 22 +
.../contrib/ssl/TestHttpclientContrib.java | 42 +
.../org/apache/commons/ssl/JUnitConfig.java | 46 +
.../java/org/apache/commons/ssl/TestBase64.java | 89 ++
.../apache/commons/ssl/TestCertificates.java | 87 ++
.../apache/commons/ssl/TestIPAddressParser.java | 77 ++
.../org/apache/commons/ssl/TestKeyMaterial.java | 118 ++
.../org/apache/commons/ssl/TestOpenSSL.java | 150 +++
.../org/apache/commons/ssl/TestPKCS8Key.java | 54 +
.../apache/commons/ssl/TestTrustMaterial.java | 65 +
3rdparty/not-yet-commons-ssl/version.txt | 1 +
3rdparty/pom.xml | 29 +
LICENSE | 201 ++++
README.md | 97 ++
benchmark/pom.xml | 114 ++
benchmark/src/main/resources/apreq.token | Bin 0 -> 1727 bytes
.../kerberos/benchmark/KrbCodecPerfTest.java | 60 +
contrib/haox-asn1/README.md | 284 +++++
contrib/haox-asn1/pom.xml | 14 +
.../java/org/apache/haox/asn1/Asn1Dump.java | 51 +
.../java/org/apache/haox/asn1/Asn1Factory.java | 25 +
.../org/apache/haox/asn1/Asn1InputBuffer.java | 63 +
.../org/apache/haox/asn1/Asn1OutputBuffer.java | 53 +
.../org/apache/haox/asn1/EncodingOption.java | 65 +
.../org/apache/haox/asn1/LimitedByteBuffer.java | 102 ++
.../java/org/apache/haox/asn1/TagClass.java | 55 +
.../org/apache/haox/asn1/TaggingOption.java | 49 +
.../java/org/apache/haox/asn1/UniversalTag.java | 87 ++
.../apache/haox/asn1/type/AbstractAsn1Type.java | 401 ++++++
.../java/org/apache/haox/asn1/type/Asn1Any.java | 28 +
.../apache/haox/asn1/type/Asn1BigInteger.java | 29 +
.../apache/haox/asn1/type/Asn1BitString.java | 67 ++
.../apache/haox/asn1/type/Asn1BmpString.java | 53 +
.../org/apache/haox/asn1/type/Asn1Boolean.java | 52 +
.../org/apache/haox/asn1/type/Asn1Choice.java | 154 +++
.../apache/haox/asn1/type/Asn1Collection.java | 118 ++
.../apache/haox/asn1/type/Asn1CollectionOf.java | 69 ++
.../haox/asn1/type/Asn1CollectionType.java | 176 +++
.../apache/haox/asn1/type/Asn1FieldInfo.java | 57 +
.../haox/asn1/type/Asn1GeneralString.java | 14 +
.../haox/asn1/type/Asn1GeneralizedTime.java | 115 ++
.../apache/haox/asn1/type/Asn1IA5String.java | 14 +
.../org/apache/haox/asn1/type/Asn1Integer.java | 27 +
.../org/apache/haox/asn1/type/Asn1Item.java | 136 +++
.../org/apache/haox/asn1/type/Asn1Null.java | 33 +
.../haox/asn1/type/Asn1NumericsString.java | 31 +
.../haox/asn1/type/Asn1ObjectIdentifier.java | 145 +++
.../apache/haox/asn1/type/Asn1OctetString.java | 32 +
.../haox/asn1/type/Asn1PrintableString.java | 14 +
.../org/apache/haox/asn1/type/Asn1Sequence.java | 11 +
.../apache/haox/asn1/type/Asn1SequenceOf.java | 19 +
.../apache/haox/asn1/type/Asn1SequenceType.java | 18 +
.../java/org/apache/haox/asn1/type/Asn1Set.java | 11 +
.../org/apache/haox/asn1/type/Asn1SetOf.java | 11 +
.../org/apache/haox/asn1/type/Asn1SetType.java | 18 +
.../org/apache/haox/asn1/type/Asn1Simple.java | 165 +++
.../org/apache/haox/asn1/type/Asn1String.java | 273 +++++
.../apache/haox/asn1/type/Asn1T61String.java | 14 +
.../haox/asn1/type/Asn1T61Utf8String.java | 24 +
.../org/apache/haox/asn1/type/Asn1Tagging.java | 85 ++
.../org/apache/haox/asn1/type/Asn1Type.java | 22 +
.../haox/asn1/type/Asn1UniversalString.java | 14 +
.../org/apache/haox/asn1/type/Asn1UtcTime.java | 70 ++
.../apache/haox/asn1/type/Asn1Utf8String.java | 28 +
.../haox/asn1/type/Asn1VisibleString.java | 14 +
.../haox/asn1/type/TaggingCollection.java | 86 ++
.../apache/haox/asn1/type/TaggingSequence.java | 16 +
.../org/apache/haox/asn1/type/TaggingSet.java | 16 +
.../org/apache/haox/asn1/PersonnelRecord.java | 190 +++
.../org/apache/haox/asn1/TestAsn1Boolean.java | 37 +
.../apache/haox/asn1/TestAsn1Collection.java | 36 +
.../org/apache/haox/asn1/TestAsn1Input.java | 16 +
.../org/apache/haox/asn1/TestAsn1Integer.java | 51 +
.../haox/asn1/TestAsn1ObjectIdentifier.java | 45 +
.../org/apache/haox/asn1/TestAsn1UtcTime.java | 51 +
.../java/org/apache/haox/asn1/TestData.java | 110 ++
.../apache/haox/asn1/TestPersonnelRecord.java | 107 ++
.../apache/haox/asn1/TestTaggingEncoding.java | 186 +++
.../test/java/org/apache/haox/asn1/Util.java | 53 +
contrib/haox-config/README | 1 +
contrib/haox-config/pom.xml | 22 +
.../main/java/org/apache/haox/config/Conf.java | 266 ++++
.../java/org/apache/haox/config/Config.java | 39 +
.../java/org/apache/haox/config/ConfigImpl.java | 325 +++++
.../java/org/apache/haox/config/ConfigKey.java | 6 +
.../org/apache/haox/config/ConfigLoader.java | 31 +
.../org/apache/haox/config/ConfigObject.java | 61 +
.../org/apache/haox/config/IniConfigLoader.java | 8 +
.../apache/haox/config/JsonConfigLoader.java | 8 +
.../org/apache/haox/config/MapConfigLoader.java | 15 +
.../haox/config/PropertiesConfigLoader.java | 24 +
.../haox/config/PropertiesFileConfigLoader.java | 14 +
.../java/org/apache/haox/config/Resource.java | 100 ++
.../org/apache/haox/config/XmlConfigLoader.java | 140 +++
.../java/org/apache/haox/config/ConfTest.java | 84 ++
contrib/haox-event/README | 1 +
contrib/haox-event/pom.xml | 18 +
.../apache/haox/event/AbstractEventHandler.java | 36 +
.../event/AbstractInternalEventHandler.java | 47 +
.../apache/haox/event/BufferedEventHandler.java | 34 +
.../java/org/apache/haox/event/Dispatcher.java | 10 +
.../main/java/org/apache/haox/event/Event.java | 24 +
.../org/apache/haox/event/EventHandler.java | 12 +
.../java/org/apache/haox/event/EventHub.java | 173 +++
.../java/org/apache/haox/event/EventType.java | 5 +
.../java/org/apache/haox/event/EventWaiter.java | 16 +
.../apache/haox/event/ExecutedEventHandler.java | 53 +
.../apache/haox/event/InternalEventHandler.java | 15 +
.../haox/event/LongRunningEventHandler.java | 58 +
.../org/apache/haox/event/WaitEventHandler.java | 109 ++
.../org/apache/haox/transport/Acceptor.java | 17 +
.../org/apache/haox/transport/BytesUtil.java | 144 +++
.../org/apache/haox/transport/Connector.java | 17 +
.../apache/haox/transport/MessageHandler.java | 23 +
.../java/org/apache/haox/transport/Network.java | 278 +++++
.../org/apache/haox/transport/Transport.java | 65 +
.../apache/haox/transport/TransportHandler.java | 15 +
.../haox/transport/TransportSelector.java | 81 ++
.../haox/transport/buffer/BufferPool.java | 14 +
.../haox/transport/buffer/BufferUtil.java | 23 +
.../haox/transport/buffer/RecvBuffer.java | 136 +++
.../haox/transport/buffer/TransBuffer.java | 30 +
.../haox/transport/event/AddressEvent.java | 20 +
.../haox/transport/event/MessageEvent.java | 22 +
.../haox/transport/event/TransportEvent.java | 37 +
.../transport/event/TransportEventType.java | 10 +
.../haox/transport/tcp/DecodingCallback.java | 19 +
.../haox/transport/tcp/StreamingDecoder.java | 7 +
.../apache/haox/transport/tcp/TcpAcceptor.java | 96 ++
.../haox/transport/tcp/TcpAddressEvent.java | 17 +
.../apache/haox/transport/tcp/TcpConnector.java | 75 ++
.../apache/haox/transport/tcp/TcpEventType.java | 8 +
.../apache/haox/transport/tcp/TcpTransport.java | 91 ++
.../haox/transport/tcp/TcpTransportHandler.java | 58 +
.../apache/haox/transport/udp/UdpAcceptor.java | 65 +
.../haox/transport/udp/UdpAddressEvent.java | 17 +
.../haox/transport/udp/UdpChannelEvent.java | 28 +
.../apache/haox/transport/udp/UdpConnector.java | 57 +
.../apache/haox/transport/udp/UdpEventType.java | 10 +
.../apache/haox/transport/udp/UdpTransport.java | 46 +
.../haox/transport/udp/UdpTransportHandler.java | 90 ++
.../java/org/apache/haox/event/TestBuffer.java | 31 +
.../haox/event/network/TestNetworkBase.java | 39 +
.../haox/event/network/TestNetworkClient.java | 193 +++
.../haox/event/network/TestNetworkServer.java | 91 ++
.../org/apache/haox/event/tcp/TestTcpBase.java | 38 +
.../apache/haox/event/tcp/TestTcpClient.java | 141 +++
.../apache/haox/event/tcp/TestTcpServer.java | 71 ++
.../org/apache/haox/event/udp/TestUdpBase.java | 22 +
.../apache/haox/event/udp/TestUdpClient.java | 130 ++
.../apache/haox/event/udp/TestUdpServer.java | 70 ++
contrib/haox-pkix/pom.xml | 25 +
.../src/main/java/org/haox/pki/Pkix.java | 68 ++
contrib/haox-pkix/src/main/resources/cacert.pem | 23 +
contrib/haox-pkix/src/main/resources/cakey.pem | 27 +
.../haox-pkix/src/main/resources/extensions.kdc | 20 +
.../haox-pkix/src/main/resources/kdccert.pem | 26 +
contrib/haox-pkix/src/main/resources/kdckey.pem | 27 +
.../haox-pkix/src/main/resources/usercert.pem | 26 +
.../haox-pkix/src/main/resources/userkey.pem | 27 +
.../src/test/java/org/haox/pki/PkixTest.java | 41 +
contrib/haox-token/pom.xml | 31 +
.../java/org/haox/token/AuthzDataEntry.java | 33 +
.../src/main/java/org/haox/token/KerbToken.java | 28 +
.../main/java/org/haox/token/TokenCache.java | 63 +
.../java/org/haox/token/TokenExtractor.java | 82 ++
.../src/main/java/org/haox/token/TokenTool.java | 105 ++
contrib/pom.xml | 33 +
docs/Accesstoken-profile.pdf | Bin 0 -> 197391 bytes
docs/Token-preauth.pdf | Bin 0 -> 266660 bytes
haox-kdc/README | 5 +
haox-kdc/kdc-server/pom.xml | 38 +
.../kerberos/kdc/server/ApacheKdcServer.java | 22 +
.../org/apache/kerberos/kdc/server/KdcTest.java | 52 +
haox-kdc/ldap-identity-backend/pom.xml | 28 +
.../identitybackend/LdapIdentityBackend.java | 58 +
haox-kdc/pom.xml | 21 +
haox-kdc/tools/pom.xml | 33 +
.../java/org/apache/kerberos/tool/Kinit.java | 23 +
haox-kerb/README | 2 +
haox-kerb/kerb-client/pom.xml | 48 +
.../apache/kerberos/kerb/client/KrbClient.java | 302 +++++
.../apache/kerberos/kerb/client/KrbConfig.java | 97 ++
.../kerberos/kerb/client/KrbConfigKey.java | 45 +
.../apache/kerberos/kerb/client/KrbContext.java | 78 ++
.../apache/kerberos/kerb/client/KrbHandler.java | 80 ++
.../apache/kerberos/kerb/client/KrbOption.java | 72 ++
.../apache/kerberos/kerb/client/KrbOptions.java | 77 ++
.../kerb/client/event/KrbClientEvent.java | 24 +
.../kerb/client/event/KrbClientEventType.java | 10 +
.../client/preauth/AbstractPreauthPlugin.java | 103 ++
.../kerb/client/preauth/FastContext.java | 17 +
.../kerb/client/preauth/KrbPreauth.java | 88 ++
.../kerb/client/preauth/PreauthContext.java | 89 ++
.../kerb/client/preauth/PreauthHandle.java | 53 +
.../kerb/client/preauth/PreauthHandler.java | 230 ++++
.../kerb/client/preauth/UserResponseItem.java | 12 +
.../kerb/client/preauth/UserResponser.java | 58 +
.../client/preauth/builtin/EncTsPreauth.java | 75 ++
.../kerb/client/preauth/builtin/TgtPreauth.java | 47 +
.../client/preauth/pkinit/PkinitContext.java | 11 +
.../client/preauth/pkinit/PkinitPreauth.java | 214 ++++
.../preauth/pkinit/PkinitRequestContext.java | 25 +
.../preauth/pkinit/PkinitRequestOpts.java | 21 +
.../kerb/client/preauth/token/TokenContext.java | 9 +
.../kerb/client/preauth/token/TokenPreauth.java | 105 ++
.../preauth/token/TokenRequestContext.java | 13 +
.../kerberos/kerb/client/request/AsRequest.java | 108 ++
.../kerb/client/request/AsRequestWithCert.java | 38 +
.../client/request/AsRequestWithPasswd.java | 31 +
.../kerb/client/request/AsRequestWithToken.java | 33 +
.../kerb/client/request/KdcRequest.java | 339 ++++++
.../kerb/client/request/TgsRequest.java | 117 ++
.../src/main/resources/kdc-krb5.conf | 25 +
.../kerb-client/src/main/resources/kdc.ldiff | 30 +
haox-kerb/kerb-common/pom.xml | 38 +
.../java/org/apache/kerberos/kerb/KrbThrow.java | 16 +
.../java/org/apache/kerberos/kerb/Message.java | 24 +
.../org/apache/kerberos/kerb/MessageCode.java | 5 +
.../kerberos/kerb/common/EncryptionUtil.java | 79 ++
.../kerberos/kerb/common/KrbConfHelper.java | 23 +
.../kerberos/kerb/common/KrbErrorUtil.java | 48 +
.../kerb/common/KrbStreamingDecoder.java | 23 +
.../apache/kerberos/kerb/common/KrbUtil.java | 30 +
.../apache/kerberos/kerb/preauth/PaFlag.java | 30 +
.../apache/kerberos/kerb/preauth/PaFlags.java | 18 +
.../kerb/preauth/PluginRequestContext.java | 8 +
.../kerb/preauth/PreauthPluginMeta.java | 13 +
.../kerb/preauth/builtin/EncTsPreauthMeta.java | 26 +
.../kerb/preauth/builtin/TgtPreauthMeta.java | 29 +
.../kerb/preauth/pkinit/IdentityOpts.java | 25 +
.../kerb/preauth/pkinit/IdentityType.java | 10 +
.../kerb/preauth/pkinit/PkinitIdenity.java | 109 ++
.../kerb/preauth/pkinit/PkinitPreauthMeta.java | 27 +
.../kerb/preauth/pkinit/PluginOpts.java | 48 +
.../kerb/preauth/token/TokenPreauthMeta.java | 27 +
haox-kerb/kerb-core-test/pom.xml | 33 +
.../src/main/resources/aes128-kerberos-data | Bin 0 -> 1712 bytes
.../src/main/resources/aes128-key-data | 1 +
.../src/main/resources/aes128-spnego-data | Bin 0 -> 1778 bytes
.../src/main/resources/aes256-kerberos-data | Bin 0 -> 1744 bytes
.../src/main/resources/aes256-key-data | Bin 0 -> 32 bytes
.../src/main/resources/aes256-spnego-data | Bin 0 -> 1810 bytes
.../src/main/resources/des-kerberos-data | Bin 0 -> 1773 bytes
.../src/main/resources/des-key-data | 1 +
.../src/main/resources/des-pac-data | Bin 0 -> 1072 bytes
.../src/main/resources/des-spnego-data | Bin 0 -> 1839 bytes
.../src/main/resources/exceptions.properties | 39 +
.../src/main/resources/rc4-kerberos-data | Bin 0 -> 1735 bytes
.../src/main/resources/rc4-key-data | 1 +
.../src/main/resources/rc4-pac-data | Bin 0 -> 1048 bytes
.../src/main/resources/rc4-spnego-data | Bin 0 -> 1801 bytes
.../src/main/resources/server.keytab | Bin 0 -> 387 bytes
.../org/apache/kerberos/kerb/codec/README.txt | 5 +
.../kerb/codec/kerberos/AuthzDataUtil.java | 48 +
.../kerb/codec/kerberos/KerberosApRequest.java | 32 +
.../kerb/codec/kerberos/KerberosConstants.java | 25 +
.../codec/kerberos/KerberosCredentials.java | 36 +
.../kerb/codec/kerberos/KerberosTicket.java | 67 ++
.../kerb/codec/kerberos/KerberosToken.java | 39 +
.../org/apache/kerberos/kerb/codec/pac/Pac.java | 94 ++
.../kerberos/kerb/codec/pac/PacConstants.java | 20 +
.../kerb/codec/pac/PacCredentialType.java | 22 +
.../kerb/codec/pac/PacDataInputStream.java | 139 +++
.../kerberos/kerb/codec/pac/PacGroup.java | 22 +
.../kerberos/kerb/codec/pac/PacLogonInfo.java | 303 +++++
.../apache/kerberos/kerb/codec/pac/PacSid.java | 111 ++
.../kerb/codec/pac/PacSidAttributes.java | 22 +
.../kerberos/kerb/codec/pac/PacSignature.java | 33 +
.../kerb/codec/pac/PacUnicodeString.java | 42 +
.../kerb/codec/spnego/SpnegoConstants.java | 12 +
.../kerb/codec/spnego/SpnegoInitToken.java | 34 +
.../kerb/codec/spnego/SpnegoTargToken.java | 22 +
.../kerberos/kerb/codec/spnego/SpnegoToken.java | 48 +
.../kerberos/kerb/codec/test/CodecTest.java | 27 +
.../kerberos/kerb/codec/test/TestKerberos.java | 248 ++++
.../kerberos/kerb/codec/test/TestPac.java | 135 +++
.../kerberos/kerb/codec/test/TestSpnego.java | 153 +++
haox-kerb/kerb-core/pom.xml | 24 +
.../org/apache/kerberos/kerb/KrbConstant.java | 7 +
.../org/apache/kerberos/kerb/KrbErrorCode.java | 109 ++
.../apache/kerberos/kerb/KrbErrorException.java | 16 +
.../org/apache/kerberos/kerb/KrbException.java | 24 +
.../apache/kerberos/kerb/codec/KrbCodec.java | 74 ++
.../kerberos/kerb/spec/KerberosString.java | 15 +
.../kerberos/kerb/spec/KerberosStrings.java | 24 +
.../apache/kerberos/kerb/spec/KerberosTime.java | 99 ++
.../kerberos/kerb/spec/KrbAppSequenceType.java | 38 +
.../org/apache/kerberos/kerb/spec/KrbEnum.java | 5 +
.../apache/kerberos/kerb/spec/KrbIntegers.java | 35 +
.../kerberos/kerb/spec/KrbSequenceOfType.java | 24 +
.../kerberos/kerb/spec/KrbSequenceType.java | 36 +
.../apache/kerberos/kerb/spec/ap/ApOption.java | 39 +
.../apache/kerberos/kerb/spec/ap/ApOptions.java | 14 +
.../org/apache/kerberos/kerb/spec/ap/ApRep.java | 46 +
.../org/apache/kerberos/kerb/spec/ap/ApReq.java | 70 ++
.../kerberos/kerb/spec/ap/Authenticator.java | 125 ++
.../kerberos/kerb/spec/ap/EncAPRepPart.java | 66 +
.../kerberos/kerb/spec/common/AdToken.java | 30 +
.../kerb/spec/common/AuthorizationData.java | 13 +
.../spec/common/AuthorizationDataEntry.java | 43 +
.../kerb/spec/common/AuthorizationType.java | 124 ++
.../kerberos/kerb/spec/common/CheckSum.java | 76 ++
.../kerberos/kerb/spec/common/CheckSumType.java | 96 ++
.../kerb/spec/common/EncryptedData.java | 77 ++
.../kerb/spec/common/EncryptionKey.java | 88 ++
.../kerb/spec/common/EncryptionType.java | 113 ++
.../kerberos/kerb/spec/common/EtypeInfo.java | 10 +
.../kerberos/kerb/spec/common/EtypeInfo2.java | 10 +
.../kerb/spec/common/EtypeInfo2Entry.java | 54 +
.../kerb/spec/common/EtypeInfoEntry.java | 42 +
.../kerberos/kerb/spec/common/HostAddrType.java | 81 ++
.../kerberos/kerb/spec/common/HostAddress.java | 90 ++
.../kerb/spec/common/HostAddresses.java | 24 +
.../kerberos/kerb/spec/common/KeyUsage.java | 109 ++
.../kerberos/kerb/spec/common/KrbError.java | 147 +++
.../kerberos/kerb/spec/common/KrbFlags.java | 99 ++
.../kerberos/kerb/spec/common/KrbMessage.java | 35 +
.../kerb/spec/common/KrbMessageType.java | 40 +
.../kerberos/kerb/spec/common/KrbToken.java | 80 ++
.../kerb/spec/common/KrbTokenEncoder.java | 9 +
.../kerberos/kerb/spec/common/LastReq.java | 13 +
.../kerberos/kerb/spec/common/LastReqEntry.java | 43 +
.../kerberos/kerb/spec/common/LastReqType.java | 43 +
.../kerberos/kerb/spec/common/MethodData.java | 11 +
.../kerberos/kerb/spec/common/NameType.java | 35 +
.../kerb/spec/common/PrincipalName.java | 180 +++
.../apache/kerberos/kerb/spec/common/Realm.java | 15 +
.../kerberos/kerb/spec/common/SamType.java | 47 +
.../kerberos/kerb/spec/common/TokenFormat.java | 31 +
.../kerb/spec/common/TransitedEncoding.java | 43 +
.../kerb/spec/common/TransitedEncodingType.java | 32 +
.../kerberos/kerb/spec/fast/ArmorType.java | 31 +
.../kerberos/kerb/spec/fast/FastOption.java | 32 +
.../kerberos/kerb/spec/fast/FastOptions.java | 14 +
.../kerberos/kerb/spec/fast/KrbFastArmor.java | 45 +
.../kerb/spec/fast/KrbFastArmoredRep.java | 33 +
.../kerb/spec/fast/KrbFastArmoredReq.java | 76 ++
.../kerb/spec/fast/KrbFastFinished.java | 63 +
.../kerberos/kerb/spec/fast/KrbFastReq.java | 59 +
.../kerb/spec/fast/KrbFastResponse.java | 71 ++
.../kerberos/kerb/spec/fast/PaAuthnEntry.java | 61 +
.../kerberos/kerb/spec/fast/PaAuthnSet.java | 10 +
.../kerberos/kerb/spec/fast/PaFxFastReply.java | 29 +
.../kerb/spec/fast/PaFxFastRequest.java | 29 +
.../apache/kerberos/kerb/spec/kdc/AsRep.java | 13 +
.../apache/kerberos/kerb/spec/kdc/AsReq.java | 12 +
.../kerberos/kerb/spec/kdc/EncAsRepPart.java | 12 +
.../kerberos/kerb/spec/kdc/EncKdcRepPart.java | 158 +++
.../kerberos/kerb/spec/kdc/EncTgsRepPart.java | 12 +
.../kerberos/kerb/spec/kdc/KdcOption.java | 60 +
.../kerberos/kerb/spec/kdc/KdcOptions.java | 14 +
.../apache/kerberos/kerb/spec/kdc/KdcRep.java | 97 ++
.../apache/kerberos/kerb/spec/kdc/KdcReq.java | 57 +
.../kerberos/kerb/spec/kdc/KdcReqBody.java | 190 +++
.../apache/kerberos/kerb/spec/kdc/TgsRep.java | 12 +
.../apache/kerberos/kerb/spec/kdc/TgsReq.java | 13 +
.../kerb/spec/pa/PaAuthenticationSet.java | 10 +
.../kerb/spec/pa/PaAuthenticationSetElem.java | 55 +
.../apache/kerberos/kerb/spec/pa/PaData.java | 22 +
.../kerberos/kerb/spec/pa/PaDataEntry.java | 50 +
.../kerberos/kerb/spec/pa/PaDataType.java | 73 ++
.../kerberos/kerb/spec/pa/PaEncTsEnc.java | 47 +
.../kerberos/kerb/spec/pa/otp/OtpTokenInfo.java | 50 +
.../kerb/spec/pa/otp/PaOtpChallenge.java | 36 +
.../spec/pa/pkinit/AdInitialVerifiedCas.java | 9 +
.../spec/pa/pkinit/AlgorithmIdentifiers.java | 11 +
.../kerberos/kerb/spec/pa/pkinit/AuthPack.java | 63 +
.../kerberos/kerb/spec/pa/pkinit/DHNonce.java | 9 +
.../kerberos/kerb/spec/pa/pkinit/DHRepInfo.java | 41 +
.../pa/pkinit/ExternalPrincipalIdentifier.java | 52 +
.../kerb/spec/pa/pkinit/KdcDHKeyInfo.java | 46 +
.../kerb/spec/pa/pkinit/Krb5PrincipalName.java | 42 +
.../kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java | 41 +
.../kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java | 52 +
.../kerb/spec/pa/pkinit/PkAuthenticator.java | 72 ++
.../kerb/spec/pa/pkinit/ReplyKeyPack.java | 42 +
.../kerb/spec/pa/pkinit/TdDhParameters.java | 7 +
.../kerb/spec/pa/pkinit/TrustedCertifiers.java | 10 +
.../kerb/spec/pa/token/PaTokenChallenge.java | 21 +
.../kerb/spec/pa/token/PaTokenRequest.java | 42 +
.../kerberos/kerb/spec/pa/token/TokenFlag.java | 32 +
.../kerberos/kerb/spec/pa/token/TokenFlags.java | 20 +
.../kerberos/kerb/spec/pa/token/TokenInfo.java | 43 +
.../kerberos/kerb/spec/pa/token/TokenInfos.java | 10 +
.../kerb/spec/ticket/AbstractServiceTicket.java | 30 +
.../kerb/spec/ticket/EncTicketPart.java | 145 +++
.../kerb/spec/ticket/ServiceTicket.java | 9 +
.../kerberos/kerb/spec/ticket/TgtTicket.java | 17 +
.../kerberos/kerb/spec/ticket/Ticket.java | 80 ++
.../kerberos/kerb/spec/ticket/TicketFlag.java | 43 +
.../kerberos/kerb/spec/ticket/TicketFlags.java | 20 +
.../kerberos/kerb/spec/ticket/Tickets.java | 10 +
.../kerb/spec/x509/AlgorithmIdentifier.java | 39 +
.../kerb/spec/x509/SubjectPublicKeyInfo.java | 41 +
haox-kerb/kerb-crypto/pom.xml | 28 +
.../kerb/crypto/AbstractCryptoTypeHandler.java | 49 +
.../apache/kerberos/kerb/crypto/BytesUtil.java | 144 +++
.../apache/kerberos/kerb/crypto/Camellia.java | 231 ++++
.../kerberos/kerb/crypto/CamelliaKey.java | 414 +++++++
.../kerberos/kerb/crypto/CheckSumHandler.java | 134 +++
.../kerb/crypto/CheckSumTypeHandler.java | 38 +
.../org/apache/kerberos/kerb/crypto/Cmac.java | 159 +++
.../apache/kerberos/kerb/crypto/Confounder.java | 14 +
.../org/apache/kerberos/kerb/crypto/Crc32.java | 59 +
.../kerberos/kerb/crypto/CryptoTypeHandler.java | 15 +
.../org/apache/kerberos/kerb/crypto/Des.java | 62 +
.../kerberos/kerb/crypto/EncTypeHandler.java | 39 +
.../kerberos/kerb/crypto/EncryptionHandler.java | 157 +++
.../org/apache/kerberos/kerb/crypto/Hmac.java | 63 +
.../org/apache/kerberos/kerb/crypto/Md4.java | 339 ++++++
.../org/apache/kerberos/kerb/crypto/Nfold.java | 83 ++
.../org/apache/kerberos/kerb/crypto/Nonce.java | 13 +
.../org/apache/kerberos/kerb/crypto/Pbkdf.java | 21 +
.../org/apache/kerberos/kerb/crypto/Random.java | 14 +
.../org/apache/kerberos/kerb/crypto/Rc4.java | 44 +
.../org/apache/kerberos/kerb/crypto/Util.java | 24 +
.../cksum/AbstractCheckSumTypeHandler.java | 93 ++
.../cksum/AbstractKeyedCheckSumTypeHandler.java | 56 +
.../crypto/cksum/CmacCamellia128CheckSum.java | 34 +
.../crypto/cksum/CmacCamellia256CheckSum.java | 34 +
.../kerb/crypto/cksum/CmacKcCheckSum.java | 17 +
.../crypto/cksum/ConfounderedDesCheckSum.java | 101 ++
.../kerb/crypto/cksum/Crc32CheckSum.java | 16 +
.../kerb/crypto/cksum/DesCbcCheckSum.java | 14 +
.../kerb/crypto/cksum/HashProvider.java | 16 +
.../kerb/crypto/cksum/HmacKcCheckSum.java | 18 +
.../kerb/crypto/cksum/HmacMd5Rc4CheckSum.java | 54 +
.../crypto/cksum/HmacSha1Aes128CheckSum.java | 34 +
.../crypto/cksum/HmacSha1Aes256CheckSum.java | 34 +
.../kerb/crypto/cksum/HmacSha1Des3CheckSum.java | 34 +
.../kerberos/kerb/crypto/cksum/KcCheckSum.java | 29 +
.../kerb/crypto/cksum/Md5HmacRc4CheckSum.java | 51 +
.../kerb/crypto/cksum/RsaMd4CheckSum.java | 16 +
.../kerb/crypto/cksum/RsaMd4DesCheckSum.java | 15 +
.../kerb/crypto/cksum/RsaMd5CheckSum.java | 16 +
.../kerb/crypto/cksum/RsaMd5DesCheckSum.java | 15 +
.../kerb/crypto/cksum/Sha1CheckSum.java | 16 +
.../cksum/provider/AbstractHashProvider.java | 33 +
.../AbstractUnkeyedCheckSumTypeHandler.java | 35 +
.../crypto/cksum/provider/Crc32Provider.java | 21 +
.../kerb/crypto/cksum/provider/Md4Provider.java | 15 +
.../kerb/crypto/cksum/provider/Md5Provider.java | 8 +
.../provider/MessageDigestHashProvider.java | 37 +
.../crypto/cksum/provider/Sha1Provider.java | 8 +
.../kerb/crypto/enc/AbstractEncTypeHandler.java | 141 +++
.../kerb/crypto/enc/Aes128CtsHmacSha1Enc.java | 29 +
.../kerb/crypto/enc/Aes256CtsHmacSha1Enc.java | 29 +
.../kerb/crypto/enc/Camellia128CtsCmacEnc.java | 22 +
.../kerb/crypto/enc/Camellia256CtsCmacEnc.java | 22 +
.../kerb/crypto/enc/Des3CbcSha1Enc.java | 23 +
.../kerberos/kerb/crypto/enc/DesCbcCrcEnc.java | 36 +
.../kerberos/kerb/crypto/enc/DesCbcEnc.java | 69 ++
.../kerberos/kerb/crypto/enc/DesCbcMd4Enc.java | 20 +
.../kerberos/kerb/crypto/enc/DesCbcMd5Enc.java | 20 +
.../kerb/crypto/enc/EncryptProvider.java | 24 +
.../kerberos/kerb/crypto/enc/KeKiCmacEnc.java | 34 +
.../kerberos/kerb/crypto/enc/KeKiEnc.java | 110 ++
.../kerb/crypto/enc/KeKiHmacSha1Enc.java | 31 +
.../kerberos/kerb/crypto/enc/Rc4HmacEnc.java | 130 ++
.../kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java | 14 +
.../enc/provider/AbstractEncryptProvider.java | 80 ++
.../crypto/enc/provider/Aes128Provider.java | 8 +
.../crypto/enc/provider/Aes256Provider.java | 8 +
.../kerb/crypto/enc/provider/AesProvider.java | 43 +
.../enc/provider/Camellia128Provider.java | 8 +
.../enc/provider/Camellia256Provider.java | 8 +
.../crypto/enc/provider/CamelliaProvider.java | 39 +
.../kerb/crypto/enc/provider/Des3Provider.java | 46 +
.../kerb/crypto/enc/provider/DesProvider.java | 79 ++
.../kerb/crypto/enc/provider/Rc4Provider.java | 30 +
.../kerb/crypto/key/AbstractKeyMaker.java | 67 ++
.../kerberos/kerb/crypto/key/AesKeyMaker.java | 46 +
.../kerb/crypto/key/CamelliaKeyMaker.java | 102 ++
.../kerberos/kerb/crypto/key/Des3KeyMaker.java | 67 ++
.../kerberos/kerb/crypto/key/DesKeyMaker.java | 260 ++++
.../kerberos/kerb/crypto/key/DkKeyMaker.java | 54 +
.../kerberos/kerb/crypto/key/KeyMaker.java | 10 +
.../kerberos/kerb/crypto/key/Rc4KeyMaker.java | 33 +
.../src/main/resources/kdc-krb5.conf | 25 +
.../kerb-crypto/src/main/resources/kdc.ldiff | 30 +
.../kerberos/kerb/crypto/CamelliaEncTest.java | 93 ++
.../kerberos/kerb/crypto/CheckSumTest.java | 89 ++
.../kerberos/kerb/crypto/CheckSumsTest.java | 163 +++
.../apache/kerberos/kerb/crypto/CmacTest.java | 65 +
.../apache/kerberos/kerb/crypto/Crc32Test.java | 99 ++
.../kerberos/kerb/crypto/DecryptionTest.java | 502 ++++++++
.../kerberos/kerb/crypto/KeyDeriveTest.java | 208 ++++
.../kerberos/kerb/crypto/String2keyTest.java | 432 +++++++
.../apache/kerberos/kerb/crypto/TestUtil.java | 39 +
.../src/test/resources/camellia-expect-vt.txt | 1036 ++++++++++++++++
haox-kerb/kerb-identity/pom.xml | 33 +
.../kerberos/kerb/identity/Attribute.java | 17 +
.../kerb/identity/ComplexAttribute.java | 23 +
.../apache/kerberos/kerb/identity/Identity.java | 48 +
.../kerberos/kerb/identity/IdentityService.java | 12 +
.../kerberos/kerb/identity/KrbAttributes.java | 6 +
.../kerberos/kerb/identity/KrbIdentity.java | 107 ++
.../kerberos/kerb/identity/SimpleAttribute.java | 18 +
.../backend/AbstractIdentityBackend.java | 7 +
.../backend/InMemoryIdentityBackend.java | 57 +
.../identity/backend/SimpleIdentityBackend.java | 27 +
haox-kerb/kerb-kdc-test/pom.xml | 48 +
.../kerberos/kerb/server/TestKdcServer.java | 103 ++
.../kerb-kdc-test/src/main/resources/cacert.pem | 23 +
.../kerb-kdc-test/src/main/resources/cakey.pem | 27 +
.../src/main/resources/extensions.kdc | 20 +
.../src/main/resources/kdc-krb5.conf | 25 +
.../kerb-kdc-test/src/main/resources/kdc.ldiff | 30 +
.../src/main/resources/kdccert.pem | 26 +
.../kerb-kdc-test/src/main/resources/kdckey.pem | 27 +
.../src/main/resources/usercert.pem | 26 +
.../src/main/resources/userkey.pem | 27 +
.../apache/kerberos/kerb/server/KdcTest.java | 30 +
.../kerberos/kerb/server/KdcTestBase.java | 49 +
.../kerberos/kerb/server/WithCertKdcTest.java | 71 ++
.../kerberos/kerb/server/WithTokenKdcTest.java | 38 +
haox-kerb/kerb-server/pom.xml | 48 +
.../apache/kerberos/kerb/server/KdcConfig.java | 105 ++
.../kerberos/kerb/server/KdcConfigKey.java | 47 +
.../apache/kerberos/kerb/server/KdcContext.java | 72 ++
.../apache/kerberos/kerb/server/KdcHandler.java | 129 ++
.../apache/kerberos/kerb/server/KdcServer.java | 164 +++
.../kerberos/kerb/server/SimpleKdcServer.java | 24 +
.../server/preauth/AbstractPreauthPlugin.java | 72 ++
.../kerb/server/preauth/FastContext.java | 17 +
.../kerb/server/preauth/KdcPreauth.java | 62 +
.../kerb/server/preauth/PreauthContext.java | 25 +
.../kerb/server/preauth/PreauthHandle.java | 37 +
.../kerb/server/preauth/PreauthHandler.java | 105 ++
.../server/preauth/builtin/EncTsPreauth.java | 41 +
.../kerb/server/preauth/builtin/TgtPreauth.java | 26 +
.../server/preauth/pkinit/PkinitKdcContext.java | 11 +
.../server/preauth/pkinit/PkinitPreauth.java | 74 ++
.../preauth/pkinit/PkinitRequestContext.java | 11 +
.../preauth/token/TokenRequestContext.java | 13 +
.../kerb/server/replay/CacheService.java | 7 +
.../kerb/server/replay/ReplayCheckService.java | 6 +
.../server/replay/ReplayCheckServiceImpl.java | 21 +
.../kerb/server/replay/RequestRecord.java | 39 +
.../kerb/server/replay/SimpleCacheService.java | 27 +
.../kerberos/kerb/server/request/AsRequest.java | 72 ++
.../kerb/server/request/KdcRequest.java | 502 ++++++++
.../kerb/server/request/TgsRequest.java | 177 +++
.../apache/kerberos/kerb/server/KdcTest.java | 51 +
haox-kerb/kerb-util/pom.xml | 33 +
.../apache/kerberos/kerb/KrbInputStream.java | 55 +
.../apache/kerberos/kerb/KrbOutputStream.java | 47 +
.../kerb/ccache/CredCacheInputStream.java | 148 +++
.../kerb/ccache/CredCacheOutputStream.java | 104 ++
.../apache/kerberos/kerb/ccache/Credential.java | 206 ++++
.../kerberos/kerb/ccache/CredentialCache.java | 259 ++++
.../kerb/ccache/KrbCredentialCache.java | 38 +
.../org/apache/kerberos/kerb/ccache/Tag.java | 15 +
.../org/apache/kerberos/kerb/ccache/ccache.txt | 98 ++
.../org/apache/kerberos/kerb/keytab/Keytab.java | 178 +++
.../kerberos/kerb/keytab/KeytabEntry.java | 102 ++
.../kerberos/kerb/keytab/KeytabInputStream.java | 70 ++
.../kerb/keytab/KeytabOutputStream.java | 44 +
.../apache/kerberos/kerb/keytab/KrbKeytab.java | 36 +
.../org/apache/kerberos/kerb/keytab/keytab.txt | 106 ++
.../apache/kerberos/kerb/util/CcacheTest.java | 38 +
.../kerberos/kerb/util/EncryptionTest.java | 129 ++
.../org/apache/kerberos/kerb/util/KeysTest.java | 62 +
.../apache/kerberos/kerb/util/KeytabTest.java | 57 +
.../test/resources/aes128-cts-hmac-sha1-96.cc | Bin 0 -> 691 bytes
.../test/resources/aes256-cts-hmac-sha1-96.cc | Bin 0 -> 725 bytes
.../src/test/resources/arcfour-hmac.cc | Bin 0 -> 692 bytes
.../src/test/resources/camellia-expect-vt.txt | 1036 ++++++++++++++++
.../src/test/resources/camellia128-cts-cmac.cc | Bin 0 -> 700 bytes
.../src/test/resources/camellia256-cts-cmac.cc | Bin 0 -> 734 bytes
.../kerb-util/src/test/resources/des-cbc-crc.cc | Bin 0 -> 676 bytes
.../src/test/resources/des3-cbc-sha1.cc | Bin 0 -> 724 bytes
.../kerb-util/src/test/resources/krbtgt.keytab | Bin 0 -> 594 bytes
haox-kerb/kerb-util/src/test/resources/test.cc | Bin 0 -> 890 bytes
.../kerb-util/src/test/resources/test.keytab | Bin 0 -> 466 bytes
haox-kerb/pom.xml | 27 +
pom.xml | 81 ++
1654 files changed, 67680 insertions(+)
----------------------------------------------------------------------
[08/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredReq.java
new file mode 100644
index 0000000..6d8ada4
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredReq.java
@@ -0,0 +1,76 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+
+/**
+ KrbFastArmoredReq ::= SEQUENCE {
+ armor [0] KrbFastArmor OPTIONAL,
+ -- Contains the armor that identifies the armor key.
+ -- MUST be present in AS-REQ.
+ req-checksum [1] Checksum,
+ -- For AS, contains the checksum performed over the type
+ -- KDC-REQ-BODY for the req-body field of the KDC-REQ
+ -- structure;
+ -- For TGS, contains the checksum performed over the type
+ -- AP-REQ in the PA-TGS-REQ padata.
+ -- The checksum key is the armor key, the checksum
+ -- type is the required checksum type for the enctype of
+ -- the armor key, and the key usage number is
+ -- KEY_USAGE_FAST_REQ_CHKSUM.
+ enc-fast-req [2] EncryptedData, -- KrbFastReq --
+ -- The encryption key is the armor key, and the key usage
+ -- number is KEY_USAGE_FAST_ENC.
+ }
+ */
+public class KrbFastArmoredReq extends KrbSequenceType {
+ private static int ARMOR = 0;
+ private static int REQ_CHECKSUM = 1;
+ private static int ENC_FAST_REQ = 2;
+
+ private KrbFastReq fastReq;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ARMOR, KrbFastArmor.class),
+ new Asn1FieldInfo(REQ_CHECKSUM, CheckSum.class),
+ new Asn1FieldInfo(ENC_FAST_REQ, EncryptedData.class),
+ };
+
+ public KrbFastArmoredReq() {
+ super(fieldInfos);
+ }
+
+ public KrbFastArmor getArmor() {
+ return getFieldAs(ARMOR, KrbFastArmor.class);
+ }
+
+ public void setArmor(KrbFastArmor armor) {
+ setFieldAs(ARMOR, armor);
+ }
+
+ public CheckSum getReqChecksum() {
+ return getFieldAs(REQ_CHECKSUM, CheckSum.class);
+ }
+
+ public void setReqChecksum(CheckSum checkSum) {
+ setFieldAs(REQ_CHECKSUM, checkSum);
+ }
+
+ public KrbFastReq getFastReq() {
+ return fastReq;
+ }
+
+ public void setFastReq(KrbFastReq fastReq) {
+ this.fastReq = fastReq;
+ }
+
+ public EncryptedData getEncryptedFastReq() {
+ return getFieldAs(ENC_FAST_REQ, EncryptedData.class);
+ }
+
+ public void setEncryptedFastReq(EncryptedData encFastReq) {
+ setFieldAs(ENC_FAST_REQ, encFastReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastFinished.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastFinished.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastFinished.java
new file mode 100644
index 0000000..8f2df04
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastFinished.java
@@ -0,0 +1,63 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+
+/**
+ KrbFastFinished ::= SEQUENCE {
+ timestamp [0] KerberosTime,
+ usec [1] Microseconds,
+ -- timestamp and usec represent the time on the KDC when
+ -- the reply was generated.
+ crealm [2] Realm,
+ cname [3] PrincipalName,
+ -- Contains the client realm and the client name.
+ ticket-checksum [4] Checksum,
+ -- checksum of the ticket in the KDC-REP using the armor
+ -- and the key usage is KEY_USAGE_FAST_FINISH.
+ -- The checksum type is the required checksum type
+ -- of the armor key.
+ }
+ */
+public class KrbFastFinished extends KrbSequenceType {
+ private static int FAST_OPTIONS = 0;
+ private static int PADATA = 1;
+ private static int REQ_BODY = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FAST_OPTIONS, KrbFastArmor.class),
+ new Asn1FieldInfo(PADATA, PaData.class),
+ new Asn1FieldInfo(REQ_BODY, EncryptedData.class),
+ };
+
+ public KrbFastFinished() {
+ super(fieldInfos);
+ }
+
+ public KrbFastArmor getArmor() {
+ return getFieldAs(FAST_OPTIONS, KrbFastArmor.class);
+ }
+
+ public void setArmor(KrbFastArmor armor) {
+ setFieldAs(FAST_OPTIONS, armor);
+ }
+
+ public CheckSum getReqChecksum() {
+ return getFieldAs(PADATA, CheckSum.class);
+ }
+
+ public void setReqChecksum(CheckSum checkSum) {
+ setFieldAs(PADATA, checkSum);
+ }
+
+ public EncryptedData getEncFastReq() {
+ return getFieldAs(REQ_BODY, EncryptedData.class);
+ }
+
+ public void setEncFastReq(EncryptedData encFastReq) {
+ setFieldAs(REQ_BODY, encFastReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastReq.java
new file mode 100644
index 0000000..ac6d85e
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastReq.java
@@ -0,0 +1,59 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+
+/**
+ KrbFastReq ::= SEQUENCE {
+ fast-options [0] FastOptions,
+ -- Additional options.
+ padata [1] SEQUENCE OF PA-DATA,
+ -- padata typed holes.
+ req-body [2] KDC-REQ-BODY,
+ -- Contains the KDC request body as defined in Section
+ -- 5.4.1 of [RFC4120].
+ -- This req-body field is preferred over the outer field
+ -- in the KDC request.
+ }
+ */
+public class KrbFastReq extends KrbSequenceType {
+ private static int FAST_OPTIONS = 0;
+ private static int PADATA = 1;
+ private static int REQ_BODY = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FAST_OPTIONS, KrbFastArmor.class),
+ new Asn1FieldInfo(PADATA, PaData.class),
+ new Asn1FieldInfo(REQ_BODY, EncryptedData.class),
+ };
+
+ public KrbFastReq() {
+ super(fieldInfos);
+ }
+
+ public KrbFastArmor getArmor() {
+ return getFieldAs(FAST_OPTIONS, KrbFastArmor.class);
+ }
+
+ public void setArmor(KrbFastArmor armor) {
+ setFieldAs(FAST_OPTIONS, armor);
+ }
+
+ public PaData getPaData() {
+ return getFieldAs(PADATA, PaData.class);
+ }
+
+ public void setPaData(PaData paData) {
+ setFieldAs(PADATA, paData);
+ }
+
+ public EncryptedData getEncFastReq() {
+ return getFieldAs(REQ_BODY, EncryptedData.class);
+ }
+
+ public void setEncFastReq(EncryptedData encFastReq) {
+ setFieldAs(REQ_BODY, encFastReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastResponse.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastResponse.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastResponse.java
new file mode 100644
index 0000000..faa6a7c
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastResponse.java
@@ -0,0 +1,71 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+
+/**
+ KrbFastResponse ::= SEQUENCE {
+ padata [0] SEQUENCE OF PA-DATA,
+ -- padata typed holes.
+ strengthen-key [1] EncryptionKey OPTIONAL,
+ -- This, if present, strengthens the reply key for AS and
+ -- TGS. MUST be present for TGS.
+ -- MUST be absent in KRB-ERROR.
+ finished [2] KrbFastFinished OPTIONAL,
+ -- Present in AS or TGS reply; absent otherwise.
+ nonce [3] UInt32,
+ -- Nonce from the client request.
+ }
+ */
+public class KrbFastResponse extends KrbSequenceType {
+ private static int PADATA = 0;
+ private static int STRENGTHEN_KEY = 1;
+ private static int FINISHED = 2;
+ private static int NONCE = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PADATA, PaData.class),
+ new Asn1FieldInfo(STRENGTHEN_KEY, EncryptionKey.class),
+ new Asn1FieldInfo(FINISHED, KrbFastFinished.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class)
+ };
+
+ public KrbFastResponse() {
+ super(fieldInfos);
+ }
+
+ public PaData getPaData() {
+ return getFieldAs(PADATA, PaData.class);
+ }
+
+ public void setPaData(PaData paData) {
+ setFieldAs(PADATA, paData);
+ }
+
+ public EncryptionKey getStrengthenKey() {
+ return getFieldAs(STRENGTHEN_KEY, EncryptionKey.class);
+ }
+
+ public void setStrengthenKey(EncryptionKey strengthenKey) {
+ setFieldAs(STRENGTHEN_KEY, strengthenKey);
+ }
+
+ public KrbFastFinished getFastFinished() {
+ return getFieldAs(FINISHED, KrbFastFinished.class);
+ }
+
+ public void setFastFinished(KrbFastFinished fastFinished) {
+ setFieldAs(FINISHED, fastFinished);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnEntry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnEntry.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnEntry.java
new file mode 100644
index 0000000..99b8a75
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnEntry.java
@@ -0,0 +1,61 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+/**
+ PA-AUTHENTICATION-SET-ELEM ::= SEQUENCE {
+ pa-type [0] Int32,
+ pa-hint [1] OCTET STRING OPTIONAL,
+ pa-value [2] OCTET STRING OPTIONAL,
+ }
+ */
+public class PaAuthnEntry extends KrbSequenceType {
+ private static int PA_TYPE = 0;
+ private static int PA_HINT = 1;
+ private static int PA_VALUE = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PA_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(PA_HINT, Asn1OctetString.class),
+ new Asn1FieldInfo(PA_VALUE, Asn1OctetString.class)
+ };
+
+ public PaAuthnEntry() {
+ super(fieldInfos);
+ }
+
+ public PaAuthnEntry(PaDataType type, byte[] paData) {
+ this();
+ setPaType(type);
+ setPaValue(paData);
+ }
+
+ public PaDataType getPaType() {
+ Integer value = getFieldAsInteger(PA_TYPE);
+ return PaDataType.fromValue(value);
+ }
+
+ public void setPaType(PaDataType paDataType) {
+ setFieldAsInt(PA_TYPE, paDataType.getValue());
+ }
+
+ public byte[] getPaHint() {
+ return getFieldAsOctets(PA_HINT);
+ }
+
+ public void setPaHint(byte[] paHint) {
+ setFieldAsOctets(PA_HINT, paHint);
+ }
+
+ public byte[] getPaValue() {
+ return getFieldAsOctets(PA_VALUE);
+ }
+
+ public void setPaValue(byte[] paValue) {
+ setFieldAsOctets(PA_VALUE, paValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnSet.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnSet.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnSet.java
new file mode 100644
index 0000000..88f1507
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaAuthnSet.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ PA-AUTHENTICATION-SET ::= SEQUENCE OF PA-AUTHENTICATION-SET-ELEM
+ */
+public class PaAuthnSet extends KrbSequenceOfType<PaAuthnEntry> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastReply.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastReply.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastReply.java
new file mode 100644
index 0000000..4c4b646
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastReply.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1Choice;
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+
+/**
+ PA-FX-FAST-REPLY ::= CHOICE {
+ armored-data [0] KrbFastArmoredRep,
+ }
+ */
+public class PaFxFastReply extends Asn1Choice {
+ private static int ARMORED_DATA = 0;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ARMORED_DATA, KrbFastArmoredRep.class)
+ };
+
+ public PaFxFastReply() {
+ super(fieldInfos);
+ }
+
+ public KrbFastArmoredRep getFastArmoredRep() {
+ return getFieldAs(ARMORED_DATA, KrbFastArmoredRep.class);
+ }
+
+ public void setFastArmoredRep(KrbFastArmoredRep fastArmoredRep) {
+ setFieldAs(ARMORED_DATA, fastArmoredRep);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastRequest.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastRequest.java
new file mode 100644
index 0000000..5d6fa43
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/PaFxFastRequest.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1Choice;
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+
+/**
+ PA-FX-FAST-REQUEST ::= CHOICE {
+ armored-data [0] KrbFastArmoredReq,
+ }
+ */
+public class PaFxFastRequest extends Asn1Choice {
+ private static int ARMORED_DATA = 0;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ARMORED_DATA, KrbFastArmoredReq.class)
+ };
+
+ public PaFxFastRequest() {
+ super(fieldInfos);
+ }
+
+ public KrbFastArmoredReq getFastArmoredReq() {
+ return getFieldAs(ARMORED_DATA, KrbFastArmoredReq.class);
+ }
+
+ public void setFastArmoredReq(KrbFastArmoredReq fastArmoredReq) {
+ setFieldAs(ARMORED_DATA, fastArmoredReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsRep.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsRep.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsRep.java
new file mode 100644
index 0000000..a6baeb0
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsRep.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+
+/**
+ AS-REP ::= [APPLICATION 11] KDC-REP
+ */
+public class AsRep extends KdcRep {
+
+ public AsRep() {
+ super(KrbMessageType.AS_REP);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsReq.java
new file mode 100644
index 0000000..3bbc043
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/AsReq.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+
+/**
+ AS-REQ ::= [APPLICATION 10] KDC-REQ
+ */
+public class AsReq extends KdcReq {
+ public AsReq() {
+ super(KrbMessageType.AS_REQ);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncAsRepPart.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncAsRepPart.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncAsRepPart.java
new file mode 100644
index 0000000..8680cdd
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncAsRepPart.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+/**
+EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
+*/
+public class EncAsRepPart extends EncKdcRepPart {
+ public static final int TAG = 25;
+
+ public EncAsRepPart() {
+ super(TAG);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncKdcRepPart.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncKdcRepPart.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncKdcRepPart.java
new file mode 100644
index 0000000..b49f502
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncKdcRepPart.java
@@ -0,0 +1,158 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.HostAddresses;
+import org.apache.kerberos.kerb.spec.common.LastReq;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
+
+/**
+ EncKDCRepPart ::= SEQUENCE {
+ key [0] EncryptionKey,
+ last-req [1] LastReq,
+ nonce [2] UInt32,
+ key-expiration [3] KerberosTime OPTIONAL,
+ flags [4] TicketFlags,
+ authtime [5] KerberosTime,
+ starttime [6] KerberosTime OPTIONAL,
+ endtime [7] KerberosTime,
+ renew-till [8] KerberosTime OPTIONAL,
+ srealm [9] Realm,
+ sname [10] PrincipalName,
+ caddr [11] HostAddresses OPTIONAL
+ }
+ */
+public abstract class EncKdcRepPart extends KrbAppSequenceType {
+ private static int KEY = 0;
+ private static int LAST_REQ = 1;
+ private static int NONCE = 2;
+ private static int KEY_EXPIRATION = 3;
+ private static int FLAGS = 4;
+ private static int AUTHTIME = 5;
+ private static int STARTTIME = 6;
+ private static int ENDTIME = 7;
+ private static int RENEW_TILL = 8;
+ private static int SREALM = 9;
+ private static int SNAME = 10;
+ private static int CADDR = 11;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(KEY, EncryptionKey.class),
+ new Asn1FieldInfo(LAST_REQ, LastReq.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class),
+ new Asn1FieldInfo(KEY_EXPIRATION, KerberosTime.class),
+ new Asn1FieldInfo(FLAGS, TicketFlags.class),
+ new Asn1FieldInfo(AUTHTIME, KerberosTime.class),
+ new Asn1FieldInfo(STARTTIME, KerberosTime.class),
+ new Asn1FieldInfo(ENDTIME, KerberosTime.class),
+ new Asn1FieldInfo(RENEW_TILL, KerberosTime.class),
+ new Asn1FieldInfo(SREALM, KerberosString.class),
+ new Asn1FieldInfo(SNAME, PrincipalName.class),
+ new Asn1FieldInfo(CADDR, HostAddresses.class)
+ };
+
+ public EncKdcRepPart(int tagNo) {
+ super(tagNo, fieldInfos);
+ }
+
+ public EncryptionKey getKey() {
+ return getFieldAs(KEY, EncryptionKey.class);
+ }
+
+ public void setKey(EncryptionKey key) {
+ setFieldAs(KEY, key);
+ }
+
+ public LastReq getLastReq() {
+ return getFieldAs(LAST_REQ, LastReq.class);
+ }
+
+ public void setLastReq(LastReq lastReq) {
+ setFieldAs(LAST_REQ, lastReq);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+
+ public KerberosTime getKeyExpiration() {
+ return getFieldAsTime(KEY_EXPIRATION);
+ }
+
+ public void setKeyExpiration(KerberosTime keyExpiration) {
+ setFieldAs(KEY_EXPIRATION, keyExpiration);
+ }
+
+ public TicketFlags getFlags() {
+ return getFieldAs(FLAGS, TicketFlags.class);
+ }
+
+ public void setFlags(TicketFlags flags) {
+ setFieldAs(FLAGS, flags);
+ }
+
+ public KerberosTime getAuthTime() {
+ return getFieldAsTime(AUTHTIME);
+ }
+
+ public void setAuthTime(KerberosTime authTime) {
+ setFieldAs(AUTHTIME, authTime);
+ }
+
+ public KerberosTime getStartTime() {
+ return getFieldAsTime(STARTTIME);
+ }
+
+ public void setStartTime(KerberosTime startTime) {
+ setFieldAs(STARTTIME, startTime);
+ }
+
+ public KerberosTime getEndTime() {
+ return getFieldAsTime(ENDTIME);
+ }
+
+ public void setEndTime(KerberosTime endTime) {
+ setFieldAs(ENDTIME, endTime);
+ }
+
+ public KerberosTime getRenewTill() {
+ return getFieldAsTime(RENEW_TILL);
+ }
+
+ public void setRenewTill(KerberosTime renewTill) {
+ setFieldAs(RENEW_TILL, renewTill);
+ }
+
+ public String getSrealm() {
+ return getFieldAsString(SREALM);
+ }
+
+ public void setSrealm(String srealm) {
+ setFieldAsString(SREALM, srealm);
+ }
+
+ public PrincipalName getSname() {
+ return getFieldAs(SNAME, PrincipalName.class);
+ }
+
+ public void setSname(PrincipalName sname) {
+ setFieldAs(SNAME, sname);
+ }
+
+ public HostAddresses getCaddr() {
+ return getFieldAs(CADDR, HostAddresses.class);
+ }
+
+ public void setCaddr(HostAddresses caddr) {
+ setFieldAs(CADDR, caddr);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncTgsRepPart.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncTgsRepPart.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncTgsRepPart.java
new file mode 100644
index 0000000..b4dc8d4
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/EncTgsRepPart.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+/**
+ EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
+ */
+public class EncTgsRepPart extends EncKdcRepPart {
+ public static final int TAG = 26;
+
+ public EncTgsRepPart() {
+ super(TAG);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOption.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOption.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOption.java
new file mode 100644
index 0000000..2e00127
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOption.java
@@ -0,0 +1,60 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum KdcOption implements KrbEnum {
+ NONE(-1),
+ //RESERVED(0x80000000),
+ FORWARDABLE(0x40000000),
+ FORWARDED(0x20000000),
+ PROXIABLE(0x10000000),
+ PROXY(0x08000000),
+ ALLOW_POSTDATE(0x04000000),
+ POSTDATED(0x02000000),
+ //UNUSED(0x01000000),
+ RENEWABLE(0x00800000),
+ //UNUSED(0x00400000),
+ //RESERVED(0x00200000),
+ //RESERVED(0x00100000),
+ //RESERVED(0x00080000),
+ //RESERVED(0x00040000),
+ CNAME_IN_ADDL_TKT(0x00020000),
+ CANONICALIZE(0x00010000),
+ REQUEST_ANONYMOUS(0x00008000),
+ //RESERVED(0x00004000),
+ //RESERVED(0x00002000),
+ //RESERVED(0x00001000),
+ //RESERVED(0x00000800),
+ //RESERVED(0x00000400),
+ //RESERVED(0x00000200),
+ //RESERVED(0x00000100),
+ //RESERVED(0x00000080),
+ //RESERVED(0x00000040),
+ DISABLE_TRANSITED_CHECK(0x00000020),
+ RENEWABLE_OK(0x00000010),
+ ENC_TKT_IN_SKEY(0x00000008),
+ //UNUSED(0x00000004),
+ RENEW(0x00000002),
+ VALIDATE(0x00000001);
+
+ private final int value;
+
+ private KdcOption(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static KdcOption fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (KdcOption) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOptions.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOptions.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOptions.java
new file mode 100644
index 0000000..a3c8867
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcOptions.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+public class KdcOptions extends KrbFlags {
+
+ public KdcOptions() {
+ this(0);
+ }
+
+ public KdcOptions(int value) {
+ setFlags(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcRep.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcRep.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcRep.java
new file mode 100644
index 0000000..2371e97
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcRep.java
@@ -0,0 +1,97 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+
+/**
+ KDC-REP ::= SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
+ padata [2] SEQUENCE OF PA-DATA OPTIONAL
+ -- NOTE: not empty --,
+ crealm [3] Realm,
+ cname [4] PrincipalName,
+ ticket [5] Ticket,
+ enc-part [6] EncryptedData
+ -- EncASRepPart or EncTGSRepPart,
+ -- as appropriate
+ }
+ */
+public class KdcRep extends KrbMessage {
+ private static int PADATA = 2;
+ private static int CREALM = 3;
+ private static int CNAME = 4;
+ private static int TICKET = 5;
+ private static int ENC_PART = 6;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(PADATA, PaData.class),
+ new Asn1FieldInfo(CREALM, KerberosString.class),
+ new Asn1FieldInfo(CNAME, PrincipalName.class),
+ new Asn1FieldInfo(TICKET, Ticket.class),
+ new Asn1FieldInfo(ENC_PART, EncryptedData.class)
+ };
+
+ private EncKdcRepPart encPart;
+
+ public KdcRep(KrbMessageType msgType) {
+ super(msgType, fieldInfos);
+ }
+
+ public PaData getPaData() {
+ return getFieldAs(PADATA, PaData.class);
+ }
+
+ public void setPaData(PaData paData) {
+ setFieldAs(PADATA, paData);
+ }
+
+ public PrincipalName getCname() {
+ return getFieldAs(CNAME, PrincipalName.class);
+ }
+
+ public void setCname(PrincipalName sname) {
+ setFieldAs(CNAME, sname);
+ }
+
+ public String getCrealm() {
+ return getFieldAsString(CREALM);
+ }
+
+ public void setCrealm(String realm) {
+ setFieldAs(CREALM, new KerberosString(realm));
+ }
+
+ public Ticket getTicket() {
+ return getFieldAs(TICKET, Ticket.class);
+ }
+
+ public void setTicket(Ticket ticket) {
+ setFieldAs(TICKET, ticket);
+ }
+
+ public EncryptedData getEncryptedEncPart() {
+ return getFieldAs(ENC_PART, EncryptedData.class);
+ }
+
+ public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
+ setFieldAs(ENC_PART, encryptedEncPart);
+ }
+
+ public EncKdcRepPart getEncPart() {
+ return encPart;
+ }
+
+ public void setEncPart(EncKdcRepPart encPart) {
+ this.encPart = encPart;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReq.java
new file mode 100644
index 0000000..b05b434
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReq.java
@@ -0,0 +1,57 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+
+/**
+ KDC-REQ ::= SEQUENCE {
+ -- NOTE: first tag is [1], not [0]
+ pvno [1] INTEGER (5) ,
+ msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
+ padata [3] SEQUENCE OF PA-DATA OPTIONAL
+ -- NOTE: not empty --,
+ req-encodeBody [4] KDC-REQ-BODY
+ }
+ */
+public class KdcReq extends KrbMessage {
+ private static int PADATA = 2;
+ private static int REQ_BODY = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, 1, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, 2, Asn1Integer.class),
+ new Asn1FieldInfo(PADATA, 3, PaData.class),
+ new Asn1FieldInfo(REQ_BODY, 4, KdcReqBody.class)
+ };
+
+ public KdcReq(KrbMessageType msgType) {
+ super(msgType, fieldInfos);
+ }
+
+ public PaData getPaData() {
+ return getFieldAs(PADATA, PaData.class);
+ }
+
+ public void setPaData(PaData paData) {
+ setFieldAs(PADATA, paData);
+ }
+
+ public void addPaData(PaDataEntry paDataEntry) {
+ if (getPaData() == null) {
+ setPaData(new PaData());
+ }
+ getPaData().addElement(paDataEntry);
+ }
+
+ public KdcReqBody getReqBody() {
+ return getFieldAs(REQ_BODY, KdcReqBody.class);
+ }
+
+ public void setReqBody(KdcReqBody reqBody) {
+ setFieldAs(REQ_BODY, reqBody);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReqBody.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReqBody.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReqBody.java
new file mode 100644
index 0000000..a86513d
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/KdcReqBody.java
@@ -0,0 +1,190 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbIntegers;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.ticket.Tickets;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ KDC-REQ-BODY ::= SEQUENCE {
+ kdc-options [0] KDCOptions,
+ cname [1] PrincipalName OPTIONAL
+ -- Used only in AS-REQ --,
+ realm [2] Realm
+ -- Server's realm
+ -- Also client's in AS-REQ --,
+ sname [3] PrincipalName OPTIONAL,
+ from [4] KerberosTime OPTIONAL,
+ till [5] KerberosTime,
+ rtime [6] KerberosTime OPTIONAL,
+ nonce [7] UInt32,
+ etype [8] SEQUENCE OF Int32 -- EncryptionType
+ -- in preference order --,
+ addresses [9] HostAddresses OPTIONAL,
+ enc-authorization-data [10] EncryptedData OPTIONAL
+ -- AuthorizationData --,
+ additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
+ -- NOTE: not empty
+ }
+ */
+public class KdcReqBody extends KrbSequenceType {
+ private static int KDC_OPTIONS = 0;
+ private static int CNAME = 1;
+ private static int REALM = 2;
+ private static int SNAME = 3;
+ private static int FROM = 4;
+ private static int TILL = 5;
+ private static int RTIME = 6;
+ private static int NONCE = 7;
+ private static int ETYPE = 8;
+ private static int ADDRESSES = 9;
+ private static int ENC_AUTHORIZATION_DATA = 10;
+ private static int ADDITIONAL_TICKETS = 11;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(KDC_OPTIONS, KdcOptions.class),
+ new Asn1FieldInfo(CNAME, PrincipalName.class),
+ new Asn1FieldInfo(REALM, KerberosString.class),
+ new Asn1FieldInfo(SNAME, PrincipalName.class),
+ new Asn1FieldInfo(FROM, KerberosTime.class),
+ new Asn1FieldInfo(TILL, KerberosTime.class),
+ new Asn1FieldInfo(RTIME, KerberosTime.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class),
+ new Asn1FieldInfo(ETYPE, KrbIntegers.class),
+ new Asn1FieldInfo(ADDRESSES, HostAddresses.class),
+ new Asn1FieldInfo(ENC_AUTHORIZATION_DATA, AuthorizationData.class),
+ new Asn1FieldInfo(ADDITIONAL_TICKETS, Tickets.class)
+ };
+
+ public KdcReqBody() {
+ super(fieldInfos);
+ }
+
+ private AuthorizationData authorizationData;
+
+ public KerberosTime getFrom() {
+ return getFieldAs(FROM, KerberosTime.class);
+ }
+
+ public void setFrom(KerberosTime from) {
+ setFieldAs(FROM, from);
+ }
+
+ public KerberosTime getTill() {
+ return getFieldAs(TILL, KerberosTime.class);
+ }
+
+ public void setTill(KerberosTime till) {
+ setFieldAs(TILL, till);
+ }
+
+ public KerberosTime getRtime() {
+ return getFieldAs(RTIME, KerberosTime.class);
+ }
+
+ public void setRtime(KerberosTime rtime) {
+ setFieldAs(RTIME, rtime);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+
+ public List<EncryptionType> getEtypes() {
+ KrbIntegers values = getFieldAs(ETYPE, KrbIntegers.class);
+ if (values == null) {
+ return Collections.emptyList();
+ }
+
+ List<EncryptionType> results = new ArrayList<EncryptionType>();
+ for (Integer value : values.getValues()) {
+ results.add(EncryptionType.fromValue(value));
+ }
+ return results;
+ }
+
+ public void setEtypes(List<EncryptionType> etypes) {
+ List<Integer> values = new ArrayList<Integer>();
+ for (EncryptionType etype: etypes) {
+ values.add(etype.getValue());
+ }
+ KrbIntegers value = new KrbIntegers(values);
+ setFieldAs(ETYPE, value);
+ }
+
+ public HostAddresses getAddresses() {
+ return getFieldAs(ADDRESSES, HostAddresses.class);
+ }
+
+ public void setAddresses(HostAddresses addresses) {
+ setFieldAs(ADDRESSES, addresses);
+ }
+
+ public EncryptedData getEncryptedAuthorizationData() {
+ return getFieldAs(ENC_AUTHORIZATION_DATA, EncryptedData.class);
+ }
+
+ public void setEncryptedAuthorizationData(EncryptedData encAuthorizationData) {
+ setFieldAs(ENC_AUTHORIZATION_DATA, encAuthorizationData);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return authorizationData;
+ }
+
+ public void setAuthorizationData(AuthorizationData authorizationData) {
+ this.authorizationData = authorizationData;
+ }
+
+ public Tickets getAdditionalTickets() {
+ return getFieldAs(ADDITIONAL_TICKETS, Tickets.class);
+ }
+
+ public void setAdditionalTickets(Tickets additionalTickets) {
+ setFieldAs(ADDITIONAL_TICKETS, additionalTickets);
+ }
+
+ public KdcOptions getKdcOptions() {
+ return getFieldAs(KDC_OPTIONS, KdcOptions.class);
+ }
+
+ public void setKdcOptions(KdcOptions kdcOptions) {
+ setFieldAs(KDC_OPTIONS, kdcOptions);
+ }
+
+ public PrincipalName getSname() {
+ return getFieldAs(SNAME, PrincipalName.class);
+ }
+
+ public void setSname(PrincipalName sname) {
+ setFieldAs(SNAME, sname);
+ }
+
+ public PrincipalName getCname() {
+ return getFieldAs(CNAME, PrincipalName.class);
+ }
+
+ public void setCname(PrincipalName cname) {
+ setFieldAs(CNAME, cname);
+ }
+
+ public String getRealm() {
+ return getFieldAsString(REALM);
+ }
+
+ public void setRealm(String realm) {
+ setFieldAs(REALM, new KerberosString(realm));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsRep.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsRep.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsRep.java
new file mode 100644
index 0000000..3fd91be
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsRep.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+
+/**
+ TGS-REP ::= [APPLICATION 13] KDC-REP
+ */
+public class TgsRep extends KdcRep {
+ public TgsRep() {
+ super(KrbMessageType.TGS_REP);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsReq.java
new file mode 100644
index 0000000..4841e5c
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/kdc/TgsReq.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.spec.kdc;
+
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+
+/**
+ TGS-REQ ::= [APPLICATION 12] KDC-REQ
+ */
+public class TgsReq extends KdcReq {
+
+ public TgsReq() {
+ super(KrbMessageType.TGS_REQ);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSet.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSet.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSet.java
new file mode 100644
index 0000000..df765ad
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSet.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.pa;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ PA-AUTHENTICATION-SET ::= SEQUENCE OF PA-AUTHENTICATION-SET-ELEM
+ */
+public class PaAuthenticationSet extends KrbSequenceOfType<PaAuthenticationSetElem> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSetElem.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSetElem.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSetElem.java
new file mode 100644
index 0000000..1f85fb9
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaAuthenticationSetElem.java
@@ -0,0 +1,55 @@
+package org.apache.kerberos.kerb.spec.pa;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-AUTHENTICATION-SET-ELEM ::= SEQUENCE {
+ pa-type [0] Int32,
+ -- same as padata-type.
+ pa-hint [1] OCTET STRING OPTIONAL,
+ pa-value [2] OCTET STRING OPTIONAL
+ }
+ */
+public class PaAuthenticationSetElem extends KrbSequenceType {
+ private static int PA_TYPE = 0;
+ private static int PA_HINT = 1;
+ private static int PA_VALUE = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PA_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(PA_HINT, Asn1OctetString.class),
+ new Asn1FieldInfo(PA_VALUE, Asn1OctetString.class)
+ };
+
+ public PaAuthenticationSetElem() {
+ super(fieldInfos);
+ }
+
+ public PaDataType getPaType() {
+ Integer value = getFieldAsInteger(PA_TYPE);
+ return PaDataType.fromValue(value);
+ }
+
+ public void setPaType(PaDataType paDataType) {
+ setFieldAsInt(PA_TYPE, paDataType.getValue());
+ }
+
+ public byte[] getPaHint() {
+ return getFieldAsOctets(PA_HINT);
+ }
+
+ public void setPaHint(byte[] paHint) {
+ setFieldAsOctets(PA_HINT, paHint);
+ }
+
+ public byte[] getPaValue() {
+ return getFieldAsOctets(PA_VALUE);
+ }
+
+ public void setPaValue(byte[] paDataValue) {
+ setFieldAsOctets(PA_VALUE, paDataValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaData.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaData.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaData.java
new file mode 100644
index 0000000..5e803a0
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaData.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.spec.pa;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ PA-DATA ::= SEQUENCE {
+ -- NOTE: first tag is [1], not [0]
+ padata-type [1] Int32,
+ padata-value [2] OCTET STRING -- might be encoded AP-REQ
+ }
+ */
+public class PaData extends KrbSequenceOfType<PaDataEntry> {
+
+ public PaDataEntry findEntry(PaDataType paType) {
+ for (PaDataEntry pae : getElements()) {
+ if (pae.getPaDataType() == paType) {
+ return pae;
+ }
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataEntry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataEntry.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataEntry.java
new file mode 100644
index 0000000..1c3c0ee
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataEntry.java
@@ -0,0 +1,50 @@
+package org.apache.kerberos.kerb.spec.pa;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-DATA ::= SEQUENCE {
+ -- NOTE: first tag is [1], not [0]
+ padata-type [1] Int32,
+ padata-value [2] OCTET STRING -- might be encoded AP-REQ
+ }
+ */
+public class PaDataEntry extends KrbSequenceType {
+ private static int PADATA_TYPE = 0;
+ private static int PADATA_VALUE = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PADATA_TYPE, 1, Asn1Integer.class),
+ new Asn1FieldInfo(PADATA_VALUE, 2, Asn1OctetString.class)
+ };
+
+ public PaDataEntry() {
+ super(fieldInfos);
+ }
+
+ public PaDataEntry(PaDataType type, byte[] paData) {
+ this();
+ setPaDataType(type);
+ setPaDataValue(paData);
+ }
+
+ public PaDataType getPaDataType() {
+ Integer value = getFieldAsInteger(PADATA_TYPE);
+ return PaDataType.fromValue(value);
+ }
+
+ public void setPaDataType(PaDataType paDataType) {
+ setFieldAsInt(PADATA_TYPE, paDataType.getValue());
+ }
+
+ public byte[] getPaDataValue() {
+ return getFieldAsOctets(PADATA_VALUE);
+ }
+
+ public void setPaDataValue(byte[] paDataValue) {
+ setFieldAsOctets(PADATA_VALUE, paDataValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataType.java
new file mode 100644
index 0000000..de577cd
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaDataType.java
@@ -0,0 +1,73 @@
+package org.apache.kerberos.kerb.spec.pa;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+/**
+ * From krb5.h
+ */
+public enum PaDataType implements KrbEnum {
+ NONE (0),
+ TGS_REQ (1),
+ AP_REQ (1),
+ ENC_TIMESTAMP (2), // RFC 4120
+ PW_SALT (3), // RFC 4120
+ ENC_ENCKEY (4), // Key encrypted within itself
+ ENC_UNIX_TIME (5), // timestamp encrypted in key. RFC 4120
+ ENC_SANDIA_SECURID (6), // SecurId passcode. RFC 4120
+ SESAME (7), // Sesame project. RFC 4120
+ OSF_DCE (8), // OSF DCE. RFC 4120
+ CYBERSAFE_SECUREID (9), // Cybersafe. RFC 4120
+ AFS3_SALT (10), // Cygnus. RFC 4120, 3961
+ ETYPE_INFO (11), // Etype info for preauth. RFC 4120
+ SAM_CHALLENGE (12), // SAM/OTP
+ SAM_RESPONSE (13), // SAM/OTP
+ PK_AS_REQ (16), // PKINIT. RFC 4556
+ PK_AS_REP (17), // PKINIT. RFC 4556
+ ETYPE_INFO2 (19), // RFC 4120
+ USE_SPECIFIED_KVNO (20), // RFC 4120
+ SVR_REFERRAL_INFO (20), // Windows 2000 referrals. RFC 6820
+ SAM_REDIRECT (21), // SAM/OTP. RFC 4120
+ GET_FROM_TYPED_DATA (22), // Embedded in typed data. RFC 4120
+ REFERRAL (25), // draft referral system
+ SAM_CHALLENGE_2 (30), // draft challenge system, updated
+ SAM_RESPONSE_2 (31), // draft challenge system, updated
+ /* MS-KILE */
+ PAC_REQUEST (128), // include Windows PAC
+ FOR_USER (129), // username protocol transition request
+ S4U_X509_USER (130), // certificate protocol transition request
+ AS_CHECKSUM (132), // AS checksum
+ FX_COOKIE (133), // RFC 6113
+ FX_FAST (136), // RFC 6113
+ FX_ERROR (137), // RFC 6113
+ ENCRYPTED_CHALLENGE (138), // RFC 6113
+ OTP_CHALLENGE (141), // RFC 6560 section 4.1
+ OTP_REQUEST (142), // RFC 6560 section 4.2
+ OTP_PIN_CHANGE (144), // RFC 6560 section 4.3
+ PKINIT_KX (147), // RFC 6112
+ ENCPADATA_REQ_ENC_PA_REP (149), // RFC 6806
+ TOKEN_REQUEST (148), // TokenPreauth
+ TOKEN_CHALLENGE (149);
+
+ private final int value;
+
+ private PaDataType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static PaDataType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (PaDataType) e;
+ }
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaEncTsEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaEncTsEnc.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaEncTsEnc.java
new file mode 100644
index 0000000..5fbe669
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/PaEncTsEnc.java
@@ -0,0 +1,47 @@
+package org.apache.kerberos.kerb.spec.pa;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-ENC-TS-ENC ::= SEQUENCE {
+ patimestamp [0] KerberosTime -- client's time --,
+ pausec [1] Microseconds OPTIONAL
+ }
+ */
+public class PaEncTsEnc extends KrbSequenceType {
+ private static int PATIMESTAMP = 0;
+ private static int PAUSEC = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PATIMESTAMP, 1, KerberosTime.class),
+ new Asn1FieldInfo(PAUSEC, 2, Asn1Integer.class)
+ };
+
+ public PaEncTsEnc() {
+ super(fieldInfos);
+ }
+
+ public KerberosTime getPaTimestamp() {
+ return getFieldAsTime(PATIMESTAMP);
+ }
+
+ public void setPaTimestamp(KerberosTime paTimestamp) {
+ setFieldAs(PATIMESTAMP, paTimestamp);
+ }
+
+ public int getPaUsec() {
+ return getFieldAsInt(PAUSEC);
+ }
+
+ public void setPaUsec(int paUsec) {
+ setFieldAsInt(PAUSEC, paUsec);
+ }
+
+ public KerberosTime getAllTime() {
+ KerberosTime paTimestamp = getPaTimestamp();
+ return paTimestamp.extend(getPaUsec() / 1000);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/OtpTokenInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/OtpTokenInfo.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/OtpTokenInfo.java
new file mode 100644
index 0000000..03626a1
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/OtpTokenInfo.java
@@ -0,0 +1,50 @@
+package org.apache.kerberos.kerb.spec.pa.otp;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.haox.asn1.type.Asn1Utf8String;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.pa.pkinit.AlgorithmIdentifiers;
+
+/**
+ OTP-TOKENINFO ::= SEQUENCE {
+ flags [0] OTPFlags,
+ otp-vendor [1] UTF8String OPTIONAL,
+ otp-challenge [2] OCTET STRING (SIZE(1..MAX)) OPTIONAL,
+ otp-length [3] Int32 OPTIONAL,
+ otp-format [4] OTPFormat OPTIONAL,
+ otp-tokenID [5] OCTET STRING OPTIONAL,
+ otp-algID [6] AnyURI OPTIONAL,
+ supportedHashAlg [7] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
+ iterationCount [8] Int32 OPTIONAL
+ }
+ */
+public class OtpTokenInfo extends KrbSequenceType {
+ private static int FLAGS = 0;
+ private static int OTP_VENDOR = 1;
+ private static int OTP_CHALLENGE = 2;
+ private static int OTP_LENGTH = 3;
+ private static int OTP_FORMAT = 4;
+ private static int OTP_TOKEN_ID = 5;
+ private static int OTP_ALG_ID = 6;
+ private static int SUPPORTED_HASH_ALG = 7;
+ private static int ITERATION_COUNT = 8;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FLAGS, Asn1OctetString.class, true),
+ new Asn1FieldInfo(OTP_VENDOR, Asn1Utf8String.class),
+ new Asn1FieldInfo(OTP_CHALLENGE, Asn1OctetString.class, true),
+ new Asn1FieldInfo(OTP_LENGTH, KerberosString.class),
+ new Asn1FieldInfo(OTP_FORMAT, Asn1OctetString.class, true),
+ new Asn1FieldInfo(OTP_TOKEN_ID, Asn1Utf8String.class),
+ new Asn1FieldInfo(OTP_ALG_ID, Asn1OctetString.class, true),
+ new Asn1FieldInfo(SUPPORTED_HASH_ALG, AlgorithmIdentifiers.class),
+ new Asn1FieldInfo(ITERATION_COUNT, Asn1Integer.class, true)
+ };
+
+ public OtpTokenInfo() {
+ super(fieldInfos);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/PaOtpChallenge.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/PaOtpChallenge.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/PaOtpChallenge.java
new file mode 100644
index 0000000..bbf48d3
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/otp/PaOtpChallenge.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.spec.pa.otp;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.haox.asn1.type.Asn1Utf8String;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-OTP-CHALLENGE ::= SEQUENCE {
+ nonce [0] OCTET STRING,
+ otp-service [1] UTF8String OPTIONAL,
+ otp-tokenInfo [2] SEQUENCE (SIZE(1..MAX)) OF OTP-TOKENINFO,
+ salt [3] KerberosString OPTIONAL,
+ s2kparams [4] OCTET STRING OPTIONAL,
+ }
+ */
+public class PaOtpChallenge extends KrbSequenceType {
+ private static int NONCE = 0;
+ private static int OTP_SERVICE = 1;
+ private static int OTP_TOKEN_INFO = 2;
+ private static int SALT = 3;
+ private static int S2KPARAMS = 4;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NONCE, Asn1OctetString.class, true),
+ new Asn1FieldInfo(OTP_SERVICE, Asn1Utf8String.class),
+ new Asn1FieldInfo(OTP_TOKEN_INFO, Asn1OctetString.class, true),
+ new Asn1FieldInfo(SALT, KerberosString.class),
+ new Asn1FieldInfo(S2KPARAMS, Asn1OctetString.class, true)
+ };
+
+ public PaOtpChallenge() {
+ super(fieldInfos);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AdInitialVerifiedCas.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AdInitialVerifiedCas.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AdInitialVerifiedCas.java
new file mode 100644
index 0000000..5c9f215
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AdInitialVerifiedCas.java
@@ -0,0 +1,9 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ * AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
+ */
+public class AdInitialVerifiedCas extends KrbSequenceOfType<ExternalPrincipalIdentifier> {
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AlgorithmIdentifiers.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AlgorithmIdentifiers.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AlgorithmIdentifiers.java
new file mode 100644
index 0000000..ccc7fde
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AlgorithmIdentifiers.java
@@ -0,0 +1,11 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+import org.apache.kerberos.kerb.spec.x509.AlgorithmIdentifier;
+
+/**
+ trustedCertifiers SEQUENCE OF AlgorithmIdentifier OPTIONAL,
+ */
+public class AlgorithmIdentifiers extends KrbSequenceOfType<AlgorithmIdentifier> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AuthPack.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AuthPack.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AuthPack.java
new file mode 100644
index 0000000..249edee
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/AuthPack.java
@@ -0,0 +1,63 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.x509.SubjectPublicKeyInfo;
+
+/**
+ AuthPack ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+ supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
+ clientDHNonce [3] DHNonce OPTIONAL
+ }
+ */
+public class AuthPack extends KrbSequenceType {
+ private static int PK_AUTHENTICATOR = 0;
+ private static int CLIENT_PUBLIC_VALUE = 1;
+ private static int SUPPORTED_CMS_TYPES = 2;
+ private static int CLIENT_DH_NONCE = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PK_AUTHENTICATOR, PkAuthenticator.class),
+ new Asn1FieldInfo(CLIENT_PUBLIC_VALUE, SubjectPublicKeyInfo.class),
+ new Asn1FieldInfo(SUPPORTED_CMS_TYPES, AlgorithmIdentifiers.class),
+ new Asn1FieldInfo(CLIENT_DH_NONCE, DHNonce.class)
+ };
+
+ public AuthPack() {
+ super(fieldInfos);
+ }
+
+ public PkAuthenticator getPkAuthenticator() {
+ return getFieldAs(PK_AUTHENTICATOR, PkAuthenticator.class);
+ }
+
+ public void setPkAuthenticator(PkAuthenticator pkAuthenticator) {
+ setFieldAs(PK_AUTHENTICATOR, pkAuthenticator);
+ }
+
+ public SubjectPublicKeyInfo getClientPublicValue() {
+ return getFieldAs(CLIENT_PUBLIC_VALUE, SubjectPublicKeyInfo.class);
+ }
+
+ public void setClientPublicValue(SubjectPublicKeyInfo clientPublicValue) {
+ setFieldAs(CLIENT_PUBLIC_VALUE, clientPublicValue);
+ }
+
+ public AlgorithmIdentifiers getsupportedCmsTypes() {
+ return getFieldAs(CLIENT_DH_NONCE, AlgorithmIdentifiers.class);
+ }
+
+ public void setsupportedCmsTypes(AlgorithmIdentifiers supportedCMSTypes) {
+ setFieldAs(CLIENT_DH_NONCE, supportedCMSTypes);
+ }
+
+ public DHNonce getClientDhNonce() {
+ return getFieldAs(CLIENT_DH_NONCE, DHNonce.class);
+ }
+
+ public void setClientDhNonce(DHNonce dhNonce) {
+ setFieldAs(CLIENT_DH_NONCE, dhNonce);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHNonce.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHNonce.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHNonce.java
new file mode 100644
index 0000000..7d8493a
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHNonce.java
@@ -0,0 +1,9 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1OctetString;
+
+/**
+ * DHNonce ::= OCTET STRING
+ */
+public class DHNonce extends Asn1OctetString {
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHRepInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHRepInfo.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHRepInfo.java
new file mode 100644
index 0000000..74e8513
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/DHRepInfo.java
@@ -0,0 +1,41 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ DHRepInfo ::= SEQUENCE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ serverDHNonce [1] DHNonce OPTIONAL
+ }
+ */
+public class DHRepInfo extends KrbSequenceType {
+ private static int DH_SIGNED_DATA = 0;
+ private static int SERVER_DH_NONCE = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(DH_SIGNED_DATA, Asn1OctetString.class, true),
+ new Asn1FieldInfo(SERVER_DH_NONCE, DHNonce.class)
+ };
+
+ public DHRepInfo() {
+ super(fieldInfos);
+ }
+
+ public byte[] getDHSignedData() {
+ return getFieldAsOctets(DH_SIGNED_DATA);
+ }
+
+ public void setDHSignedData(byte[] dhSignedData) {
+ setFieldAsOctets(DH_SIGNED_DATA, dhSignedData);
+ }
+
+ public DHNonce getServerDhNonce() {
+ return getFieldAs(SERVER_DH_NONCE, DHNonce.class);
+ }
+
+ public void setServerDhNonce(DHNonce dhNonce) {
+ setFieldAs(SERVER_DH_NONCE, dhNonce);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java
new file mode 100644
index 0000000..b05294b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ExternalPrincipalIdentifier.java
@@ -0,0 +1,52 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ ExternalPrincipalIdentifier ::= SEQUENCE {
+ subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
+ issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
+ subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL
+ }
+ */
+public class ExternalPrincipalIdentifier extends KrbSequenceType {
+ private static int SUBJECT_NAME = 0;
+ private static int ISSUER_AND_SERIAL_NUMBER = 1;
+ private static int SUBJECT_KEY_IDENTIFIER = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(SUBJECT_NAME, Asn1OctetString.class, true),
+ new Asn1FieldInfo(ISSUER_AND_SERIAL_NUMBER, Asn1OctetString.class, true),
+ new Asn1FieldInfo(SUBJECT_KEY_IDENTIFIER, Asn1OctetString.class, true)
+ };
+
+ public ExternalPrincipalIdentifier() {
+ super(fieldInfos);
+ }
+
+ public byte[] getSubjectName() {
+ return getFieldAsOctets(SUBJECT_NAME);
+ }
+
+ public void setSubjectName(byte[] subjectName) {
+ setFieldAsOctets(SUBJECT_NAME, subjectName);
+ }
+
+ public byte[] getIssuerSerialNumber() {
+ return getFieldAsOctets(ISSUER_AND_SERIAL_NUMBER);
+ }
+
+ public void setIssuerSerialNumber(byte[] issuerSerialNumber) {
+ setFieldAsOctets(ISSUER_AND_SERIAL_NUMBER, issuerSerialNumber);
+ }
+
+ public byte[] getSubjectKeyIdentifier() {
+ return getFieldAsOctets(SUBJECT_KEY_IDENTIFIER);
+ }
+
+ public void setSubjectKeyIdentifier(byte[] subjectKeyIdentifier) {
+ setFieldAsOctets(SUBJECT_KEY_IDENTIFIER, subjectKeyIdentifier);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
new file mode 100644
index 0000000..537fd6a
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/KdcDHKeyInfo.java
@@ -0,0 +1,46 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1BitString;
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ KDCDHKeyInfo ::= SEQUENCE {
+ subjectPublicKey [0] BIT STRING,
+ nonce [1] INTEGER (0..4294967295),
+ dhKeyExpiration [2] KerberosTime OPTIONAL,
+ }
+ */
+public class KdcDHKeyInfo extends KrbSequenceType {
+ private static int SUBJECT_PUBLICK_KEY = 0;
+ private static int NONCE = 1;
+ private static int DH_KEY_EXPIRATION = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(SUBJECT_PUBLICK_KEY, Asn1BitString.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class),
+ new Asn1FieldInfo(DH_KEY_EXPIRATION, KerberosTime.class)
+ };
+
+ public KdcDHKeyInfo() {
+ super(fieldInfos);
+ }
+
+ public byte[] getSubjectPublicKey() {
+ return getFieldAsOctets(SUBJECT_PUBLICK_KEY);
+ }
+
+ public void setSubjectPublicKey(byte[] subjectPublicKey) {
+ setFieldAsOctets(SUBJECT_PUBLICK_KEY, subjectPublicKey);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java
new file mode 100644
index 0000000..d8e451f
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/Krb5PrincipalName.java
@@ -0,0 +1,42 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.common.Realm;
+
+/**
+ KRB5PrincipalName ::= SEQUENCE {
+ realm [0] Realm,
+ principalName [1] PrincipalName
+ }
+ */
+public class Krb5PrincipalName extends KrbSequenceType {
+ private static int REALM = 0;
+ private static int PRINCIPAL_NAME = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(REALM, Realm.class),
+ new Asn1FieldInfo(PRINCIPAL_NAME, PrincipalName.class)
+ };
+
+ public Krb5PrincipalName() {
+ super(fieldInfos);
+ }
+
+ public String getRelm() {
+ return getFieldAsString(REALM);
+ }
+
+ public void setRealm(String realm) {
+ setFieldAsString(REALM, realm);
+ }
+
+ public PrincipalName getPrincipalName() {
+ return getFieldAs(PRINCIPAL_NAME, PrincipalName.class);
+ }
+
+ public void setPrincipalName(PrincipalName principalName) {
+ setFieldAs(PRINCIPAL_NAME, principalName);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java
new file mode 100644
index 0000000..50a257b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsRep.java
@@ -0,0 +1,41 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1Choice;
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1OctetString;
+
+/**
+ PA-PK-AS-REP ::= CHOICE {
+ dhInfo [0] DHRepInfo,
+ encKeyPack [1] IMPLICIT OCTET STRING,
+ }
+ */
+public class PaPkAsRep extends Asn1Choice {
+ private static int DH_INFO = 0;
+ private static int ENCKEY_PACK = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(DH_INFO, DHRepInfo.class),
+ new Asn1FieldInfo(ENCKEY_PACK, Asn1OctetString.class, true)
+ };
+
+ public PaPkAsRep() {
+ super(fieldInfos);
+ }
+
+ public DHRepInfo getDHRepInfo() {
+ return getFieldAs(DH_INFO, DHRepInfo.class);
+ }
+
+ public void setDHRepInfo(DHRepInfo dhRepInfo) {
+ setFieldAs(DH_INFO, dhRepInfo);
+ }
+
+ public byte[] getEncKeyPack() {
+ return getFieldAsOctets(ENCKEY_PACK);
+ }
+
+ public void setEncKeyPack(byte[] encKeyPack) {
+ setFieldAsOctets(ENCKEY_PACK, encKeyPack);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java
new file mode 100644
index 0000000..81073ae
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PaPkAsReq.java
@@ -0,0 +1,52 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-PK-AS-REQ ::= SEQUENCE {
+ signedAuthPack [0] IMPLICIT OCTET STRING,
+ trustedCertifiers [1] SEQUENCE OF ExternalPrincipalIdentifier OPTIONAL,
+ kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL
+ }
+ */
+public class PaPkAsReq extends KrbSequenceType {
+ private static int SIGNED_AUTH_PACK = 0;
+ private static int TRUSTED_CERTIFIERS = 1;
+ private static int KDC_PKID = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(SIGNED_AUTH_PACK, Asn1OctetString.class, true),
+ new Asn1FieldInfo(TRUSTED_CERTIFIERS, TrustedCertifiers.class),
+ new Asn1FieldInfo(KDC_PKID, Asn1OctetString.class, true)
+ };
+
+ public PaPkAsReq() {
+ super(fieldInfos);
+ }
+
+ public byte[] getSignedAuthPack() {
+ return getFieldAsOctets(SIGNED_AUTH_PACK);
+ }
+
+ public void setSignedAuthPack(byte[] signedAuthPack) {
+ setFieldAsOctets(SIGNED_AUTH_PACK, signedAuthPack);
+ }
+
+ public TrustedCertifiers getTrustedCertifiers() {
+ return getFieldAs(TRUSTED_CERTIFIERS, TrustedCertifiers.class);
+ }
+
+ public void setTrustedCertifiers(TrustedCertifiers trustedCertifiers) {
+ setFieldAs(TRUSTED_CERTIFIERS, trustedCertifiers);
+ }
+
+ public byte[] getKdcPkId() {
+ return getFieldAsOctets(KDC_PKID);
+ }
+
+ public void setKdcPkId(byte[] kdcPkId) {
+ setFieldAsOctets(KDC_PKID, kdcPkId);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java
new file mode 100644
index 0000000..280cb2c
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/PkAuthenticator.java
@@ -0,0 +1,72 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PKAuthenticator ::= SEQUENCE {
+ cusec [0] INTEGER (0..999999),
+ ctime [1] KerberosTime,
+ -- cusec and ctime are used as in [RFC4120], for
+ -- replay prevention.
+ nonce [2] INTEGER (0..4294967295),
+ -- Chosen randomly; this nonce does not need to
+ -- match with the nonce in the KDC-REQ-BODY.
+ paChecksum [3] OCTET STRING OPTIONAL,
+ -- MUST be present.
+ -- Contains the SHA1 checksum, performed over
+ -- KDC-REQ-BODY.
+ }
+ */
+public class PkAuthenticator extends KrbSequenceType {
+ private static int CUSEC = 0;
+ private static int CTIME = 1;
+ private static int NONCE = 2;
+ private static int PA_CHECKSUM = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(CUSEC, Asn1Integer.class),
+ new Asn1FieldInfo(CTIME, KerberosTime.class),
+ new Asn1FieldInfo(NONCE, Asn1Integer.class),
+ new Asn1FieldInfo(PA_CHECKSUM, Asn1OctetString.class)
+ };
+
+ public PkAuthenticator() {
+ super(fieldInfos);
+ }
+
+ public int getCusec() {
+ return getFieldAsInt(CUSEC);
+ }
+
+ public void setCusec(int cusec) {
+ setFieldAsInt(CUSEC, cusec);
+ }
+
+ public KerberosTime getCtime() {
+ return getFieldAsTime(CTIME);
+ }
+
+ public void setCtime(KerberosTime ctime) {
+ setFieldAs(CTIME, ctime);
+ }
+
+ public int getNonce() {
+ return getFieldAsInt(NONCE);
+ }
+
+ public void setNonce(int nonce) {
+ setFieldAsInt(NONCE, nonce);
+ }
+
+ public byte[] getPaChecksum() {
+ return getFieldAsOctets(PA_CHECKSUM);
+ }
+
+ public void setPaChecksum(byte[] paChecksum) {
+ setFieldAsOctets(PA_CHECKSUM, paChecksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java
new file mode 100644
index 0000000..f758b44
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/ReplyKeyPack.java
@@ -0,0 +1,42 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+
+/**
+ ReplyKeyPack ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ asChecksum [1] Checksum,
+ }
+ */
+public class ReplyKeyPack extends KrbSequenceType {
+ private static int REPLY_KEY = 0;
+ private static int AS_CHECKSUM = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(REPLY_KEY, EncryptionKey.class),
+ new Asn1FieldInfo(AS_CHECKSUM, CheckSum.class)
+ };
+
+ public ReplyKeyPack() {
+ super(fieldInfos);
+ }
+
+ public EncryptionKey getReplyKey() {
+ return getFieldAs(REPLY_KEY, EncryptionKey.class);
+ }
+
+ public void setReplyKey(EncryptionKey replyKey) {
+ setFieldAs(REPLY_KEY, replyKey);
+ }
+
+ public CheckSum getAsChecksum() {
+ return getFieldAs(AS_CHECKSUM, CheckSum.class);
+ }
+
+ public void setAsChecksum(CheckSum checkSum) {
+ setFieldAs(AS_CHECKSUM, checkSum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java
new file mode 100644
index 0000000..72bc128
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TdDhParameters.java
@@ -0,0 +1,7 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+/**
+ * TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+ */
+public class TdDhParameters extends AlgorithmIdentifiers {
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java
new file mode 100644
index 0000000..1cfe59a
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/pkinit/TrustedCertifiers.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.pa.pkinit;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ trustedCertifiers SEQUENCE OF ExternalPrincipalIdentifier OPTIONAL,
+ */
+public class TrustedCertifiers extends KrbSequenceOfType<ExternalPrincipalIdentifier> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenChallenge.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenChallenge.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenChallenge.java
new file mode 100644
index 0000000..6dd8d3c
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenChallenge.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.spec.pa.token;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ PA-TOKEN-CHALLENGE ::= SEQUENCE {
+ tokenInfos [0] SEQUENCE (SIZE(1..MAX)) OF TokenInfo,
+ }
+*/
+public class PaTokenChallenge extends KrbSequenceType {
+ private static int TOKENINFOS = 0;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TOKENINFOS, TokenInfos.class)
+ };
+
+ public PaTokenChallenge() {
+ super(fieldInfos);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenRequest.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenRequest.java
new file mode 100644
index 0000000..a2b2735
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/PaTokenRequest.java
@@ -0,0 +1,42 @@
+package org.apache.kerberos.kerb.spec.pa.token;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.KrbToken;
+
+/**
+ PA-TOKEN-REQUEST ::= SEQUENCE {
+ token [0] OCTET STRING,
+ tokenInfo [1] TokenInfo
+ }
+*/
+public class PaTokenRequest extends KrbSequenceType {
+ private static int TOKEN_INFO = 0;
+ private static int TOKEN = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TOKEN_INFO, TokenInfo.class),
+ new Asn1FieldInfo(TOKEN, KrbToken.class)
+ };
+
+ public PaTokenRequest() {
+ super(fieldInfos);
+ }
+
+ public KrbToken getToken() {
+ return getFieldAs(TOKEN, KrbToken.class);
+ }
+
+ public void setToken(KrbToken token) {
+ setFieldAs(TOKEN, token);
+ }
+
+ public String getTokenInfo() {
+ return getFieldAsString(TOKEN_INFO);
+ }
+
+ public void setTokenInfo(TokenInfo tokenInfo) {
+ setFieldAs(TOKEN_INFO, tokenInfo);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlag.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlag.java
new file mode 100644
index 0000000..2edf584
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlag.java
@@ -0,0 +1,32 @@
+package org.apache.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum TokenFlag implements KrbEnum {
+ NONE(-1),
+ ID_TOKEN_REQUIRED(0x40000000),
+ AC_TOKEN_REQUIRED(0x20000000),
+ BEARER_TOKEN_REQUIRED(0x10000000),
+ HOK_TOKEN_REQUIRED(0x08000000);
+
+ private final int value;
+
+ private TokenFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static TokenFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (TokenFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlags.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlags.java
new file mode 100644
index 0000000..e77a920
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenFlags.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+import static org.apache.kerberos.kerb.spec.ticket.TicketFlag.INVALID;
+
+public class TokenFlags extends KrbFlags {
+
+ public TokenFlags() {
+ this(0);
+ }
+
+ public TokenFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isInvalid() {
+ return isFlagSet(INVALID.getValue());
+ }
+}
[22/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java
new file mode 100644
index 0000000..fcf7c5c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/RMISocketFactoryImpl.java
@@ -0,0 +1,578 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/RMISocketFactoryImpl.java $
+ * $Revision: 166 $
+ * $Date: 2014-04-28 11:40:25 -0700 (Mon, 28 Apr 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ServerSocketFactory;
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLProtocolException;
+import javax.net.ssl.SSLSocket;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.net.UnknownHostException;
+import java.rmi.server.RMISocketFactory;
+import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.Map;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.TreeMap;
+import java.util.TreeSet;
+
+
+/**
+ * An RMISocketFactory ideal for using RMI over SSL. The server secures both
+ * the registry and the remote objects. The client assumes that either both
+ * the registry and the remote objects will use SSL, or both will use
+ * plain-socket. The client is able to auto detect plain-socket registries
+ * and downgrades itself to accomodate those.
+ * <p/>
+ * Unlike most existing RMI over SSL solutions in use (including Java 5's
+ * javax.rmi.ssl.SslRMIClientSocketFactory), this one does proper SSL hostname
+ * verification. From the client perspective this is straighforward. From
+ * the server perspective we introduce a clever trick: we perform an initial
+ * "hostname verification" by trying the current value of
+ * "java.rmi.server.hostname" against our server certificate. If the
+ * "java.rmi.server.hostname" System Property isn't set, we set it ourselves
+ * using the CN value we extract from our server certificate! (Some
+ * complications arise should a wildcard certificate show up, but we try our
+ * best to deal with those).
+ * <p/>
+ * An SSL server cannot be started without a private key. We have defined some
+ * default behaviour for trying to find a private key to use that we believe
+ * is convenient and sensible:
+ * <p/>
+ * If running from inside Tomcat, we try to re-use Tomcat's private key and
+ * certificate chain (assuming Tomcat-SSL on port 8443 is enabled). If this
+ * isn't available, we look for the "javax.net.ssl.keyStore" System property.
+ * Finally, if that isn't available, we look for "~/.keystore" and assume
+ * a password of "changeit".
+ * <p/>
+ * If after all these attempts we still failed to find a private key, the
+ * RMISocketFactoryImpl() constructor will throw an SSLException.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Apr-2005
+ */
+public class RMISocketFactoryImpl extends RMISocketFactory {
+ public final static String RMI_HOSTNAME_KEY = "java.rmi.server.hostname";
+ private final static LogWrapper log = LogWrapper.getLogger(RMISocketFactoryImpl.class);
+
+ private volatile SocketFactory defaultClient;
+ private volatile ServerSocketFactory sslServer;
+ private volatile String localBindAddress = null;
+ private volatile int anonymousPort = 31099;
+ private Map clientMap = new TreeMap();
+ private Map serverSockets = new HashMap();
+ private final SocketFactory plainClient = SocketFactory.getDefault();
+
+ public RMISocketFactoryImpl() throws GeneralSecurityException, IOException {
+ this(true);
+ }
+
+ /**
+ * @param createDefaultServer If false, then we only set the default
+ * client, and the default server is set to null.
+ * If true, then a default server is also created.
+ * @throws java.security.GeneralSecurityException bad things
+ * @throws java.io.IOException bad things
+ */
+ public RMISocketFactoryImpl(boolean createDefaultServer)
+ throws GeneralSecurityException, IOException {
+ SSLServer defaultServer = createDefaultServer ? new SSLServer() : null;
+ SSLClient defaultClient = new SSLClient();
+
+ // RMI calls to localhost will not check that host matches CN in
+ // certificate. Hopefully this is acceptable. (The registry server
+ // will followup the registry lookup with the proper DNS name to get
+ // the remote object, anyway).
+ HostnameVerifier verifier = HostnameVerifier.DEFAULT_AND_LOCALHOST;
+ defaultClient.setHostnameVerifier(verifier);
+ if (defaultServer != null) {
+ defaultServer.setHostnameVerifier(verifier);
+ // The RMI server will try to re-use Tomcat's "port 8443" SSL
+ // Certificate if possible.
+ defaultServer.useTomcatSSLMaterial();
+ X509Certificate[] x509 = defaultServer.getAssociatedCertificateChain();
+ if (x509 == null || x509.length < 1) {
+ throw new SSLException("Cannot initialize RMI-SSL Server: no KeyMaterial!");
+ }
+ setServer(defaultServer);
+ }
+ setDefaultClient(defaultClient);
+ }
+
+ public void setServer(ServerSocketFactory f)
+ throws GeneralSecurityException, IOException {
+ this.sslServer = f;
+ if (f instanceof SSLServer) {
+ final HostnameVerifier VERIFIER;
+ VERIFIER = HostnameVerifier.DEFAULT_AND_LOCALHOST;
+
+ final SSLServer ssl = (SSLServer) f;
+ final X509Certificate[] chain = ssl.getAssociatedCertificateChain();
+ String[] cns = Certificates.getCNs(chain[0]);
+ String[] subjectAlts = Certificates.getDNSSubjectAlts(chain[0]);
+ LinkedList names = new LinkedList();
+ if (cns != null && cns.length > 0) {
+ // Only first CN is used. Not going to get into the IE6 nonsense
+ // where all CN values are used.
+ names.add(cns[0]);
+ }
+ if (subjectAlts != null && subjectAlts.length > 0) {
+ names.addAll(Arrays.asList(subjectAlts));
+ }
+
+ String rmiHostName = System.getProperty(RMI_HOSTNAME_KEY);
+ // If "java.rmi.server.hostname" is already set, don't mess with it.
+ // But blowup if it's not going to work with our SSL Server
+ // Certificate!
+ if (rmiHostName != null) {
+ try {
+ VERIFIER.check(rmiHostName, cns, subjectAlts);
+ }
+ catch (SSLException ssle) {
+ String s = ssle.toString();
+ throw new SSLException(RMI_HOSTNAME_KEY + " of " + rmiHostName + " conflicts with SSL Server Certificate: " + s);
+ }
+ } else {
+ // If SSL Cert only contains one non-wild name, just use that and
+ // hope for the best.
+ boolean hopingForBest = false;
+ if (names.size() == 1) {
+ String name = (String) names.get(0);
+ if (!name.startsWith("*")) {
+ System.setProperty(RMI_HOSTNAME_KEY, name);
+ log.warn("commons-ssl '" + RMI_HOSTNAME_KEY + "' set to '" + name + "' as found in my SSL Server Certificate.");
+ hopingForBest = true;
+ }
+ }
+ if (!hopingForBest) {
+ // Help me, Obi-Wan Kenobi; you're my only hope. All we can
+ // do now is grab our internet-facing addresses, reverse-lookup
+ // on them, and hope that one of them validates against our
+ // server cert.
+ Set s = getMyInternetFacingIPs();
+ Iterator it = s.iterator();
+ while (it.hasNext()) {
+ String name = (String) it.next();
+ try {
+ VERIFIER.check(name, cns, subjectAlts);
+ System.setProperty(RMI_HOSTNAME_KEY, name);
+ log.warn("commons-ssl '" + RMI_HOSTNAME_KEY + "' set to '" + name + "' as found by reverse-dns against my own IP.");
+ hopingForBest = true;
+ break;
+ }
+ catch (SSLException ssle) {
+ // next!
+ }
+ }
+ }
+ if (!hopingForBest) {
+ throw new SSLException("'" + RMI_HOSTNAME_KEY + "' not present. Must work with my SSL Server Certificate's CN field: " + names);
+ }
+ }
+ }
+ trustOurself();
+ }
+
+ public void setLocalBindAddress(String localBindAddress) {
+ this.localBindAddress = localBindAddress;
+ }
+
+ public void setAnonymousPort(int port) {
+ this.anonymousPort = port;
+ }
+
+ public void setDefaultClient(SocketFactory f)
+ throws GeneralSecurityException, IOException {
+ this.defaultClient = f;
+ trustOurself();
+ }
+
+ public void setClient(String host, SocketFactory f)
+ throws GeneralSecurityException, IOException {
+ if (f != null && sslServer != null) {
+ boolean clientIsCommonsSSL = f instanceof SSLClient;
+ boolean serverIsCommonsSSL = sslServer instanceof SSLServer;
+ if (clientIsCommonsSSL && serverIsCommonsSSL) {
+ SSLClient c = (SSLClient) f;
+ SSLServer s = (SSLServer) sslServer;
+ trustEachOther(c, s);
+ }
+ }
+ Set names = hostnamePossibilities(host);
+ Iterator it = names.iterator();
+ synchronized (this) {
+ while (it.hasNext()) {
+ clientMap.put(it.next(), f);
+ }
+ }
+ }
+
+ public void removeClient(String host) {
+ Set names = hostnamePossibilities(host);
+ Iterator it = names.iterator();
+ synchronized (this) {
+ while (it.hasNext()) {
+ clientMap.remove(it.next());
+ }
+ }
+ }
+
+ public synchronized void removeClient(SocketFactory sf) {
+ Iterator it = clientMap.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry entry = (Map.Entry) it.next();
+ Object o = entry.getValue();
+ if (sf.equals(o)) {
+ it.remove();
+ }
+ }
+ }
+
+ private Set hostnamePossibilities(String host) {
+ host = host != null ? host.toLowerCase().trim() : "";
+ if ("".equals(host)) {
+ return Collections.EMPTY_SET;
+ }
+ TreeSet names = new TreeSet();
+ names.add(host);
+ InetAddress[] addresses;
+ try {
+ // If they gave us "hostname.com", this will give us the various
+ // IP addresses:
+ addresses = InetAddress.getAllByName(host);
+ for (int i = 0; i < addresses.length; i++) {
+ String name1 = addresses[i].getHostName();
+ String name2 = addresses[i].getHostAddress();
+ names.add(name1.trim().toLowerCase());
+ names.add(name2.trim().toLowerCase());
+ }
+ }
+ catch (UnknownHostException uhe) {
+ /* oh well, nothing found, nothing to add for this client */
+ }
+
+ try {
+ host = InetAddress.getByName(host).getHostAddress();
+
+ // If they gave us "1.2.3.4", this will hopefully give us
+ // "hostname.com" so that we can then try and find any other
+ // IP addresses associated with that name.
+ host = InetAddress.getByName(host).getHostName();
+ names.add(host.trim().toLowerCase());
+ addresses = InetAddress.getAllByName(host);
+ for (int i = 0; i < addresses.length; i++) {
+ String name1 = addresses[i].getHostName();
+ String name2 = addresses[i].getHostAddress();
+ names.add(name1.trim().toLowerCase());
+ names.add(name2.trim().toLowerCase());
+ }
+ }
+ catch (UnknownHostException uhe) {
+ /* oh well, nothing found, nothing to add for this client */
+ }
+ return names;
+ }
+
+ private void trustOurself()
+ throws GeneralSecurityException, IOException {
+ if (defaultClient == null || sslServer == null) {
+ return;
+ }
+ boolean clientIsCommonsSSL = defaultClient instanceof SSLClient;
+ boolean serverIsCommonsSSL = sslServer instanceof SSLServer;
+ if (clientIsCommonsSSL && serverIsCommonsSSL) {
+ SSLClient c = (SSLClient) defaultClient;
+ SSLServer s = (SSLServer) sslServer;
+ trustEachOther(c, s);
+ }
+ }
+
+ private void trustEachOther(SSLClient client, SSLServer server)
+ throws GeneralSecurityException, IOException {
+ if (client != null && server != null) {
+ // Our own client should trust our own server.
+ X509Certificate[] certs = server.getAssociatedCertificateChain();
+ if (certs != null && certs[0] != null) {
+ TrustMaterial tm = new TrustMaterial(certs[0]);
+ client.addTrustMaterial(tm);
+ }
+
+ // Our own server should trust our own client.
+ certs = client.getAssociatedCertificateChain();
+ if (certs != null && certs[0] != null) {
+ TrustMaterial tm = new TrustMaterial(certs[0]);
+ server.addTrustMaterial(tm);
+ }
+ }
+ }
+
+ public ServerSocketFactory getServer() { return sslServer; }
+
+ public SocketFactory getDefaultClient() { return defaultClient; }
+
+ public synchronized SocketFactory getClient(String host) {
+ host = host != null ? host.trim().toLowerCase() : "";
+ return (SocketFactory) clientMap.get(host);
+ }
+
+ public synchronized ServerSocket createServerSocket(int port)
+ throws IOException {
+ // Re-use existing ServerSocket if possible.
+ if (port == 0) {
+ port = anonymousPort;
+ }
+ Integer key = new Integer(port);
+ ServerSocket ss = (ServerSocket) serverSockets.get(key);
+ if (ss == null || ss.isClosed()) {
+ if (ss != null && ss.isClosed()) {
+ System.out.println("found closed server on port: " + port);
+ }
+ log.debug("commons-ssl RMI server-socket: listening on port " + port);
+ ss = sslServer.createServerSocket(port);
+ serverSockets.put(key, ss);
+ }
+ return ss;
+ }
+
+ public Socket createSocket(String host, int port)
+ throws IOException {
+ host = host != null ? host.trim().toLowerCase() : "";
+ InetAddress local = null;
+ String bindAddress = localBindAddress;
+ if (bindAddress == null) {
+ bindAddress = System.getProperty(RMI_HOSTNAME_KEY);
+ if (bindAddress != null) {
+ local = InetAddress.getByName(bindAddress);
+ if (!local.isLoopbackAddress()) {
+ String ip = local.getHostAddress();
+ Set myInternetIps = getMyInternetFacingIPs();
+ if (!myInternetIps.contains(ip)) {
+ log.warn("Cannot bind to " + ip + " since it doesn't exist on this machine.");
+ // Not going to be able to bind as this. Our RMI_HOSTNAME_KEY
+ // must be set to some kind of proxy in front of us. So we
+ // still want to use it, but we can't bind to it.
+ local = null;
+ bindAddress = null;
+ }
+ }
+ }
+ }
+ if (bindAddress == null) {
+ // Our last resort - let's make sure we at least use something that's
+ // internet facing!
+ bindAddress = getMyDefaultIP();
+ }
+ if (local == null && bindAddress != null) {
+ local = InetAddress.getByName(bindAddress);
+ localBindAddress = local.getHostName();
+ }
+
+ SocketFactory sf;
+ synchronized (this) {
+ sf = (SocketFactory) clientMap.get(host);
+ }
+ if (sf == null) {
+ sf = defaultClient;
+ }
+
+ Socket s = null;
+ SSLSocket ssl = null;
+ int soTimeout = Integer.MIN_VALUE;
+ IOException reasonForPlainSocket = null;
+ boolean tryPlain = false;
+ try {
+ s = sf.createSocket(host, port, local, 0);
+ soTimeout = s.getSoTimeout();
+ if (!(s instanceof SSLSocket)) {
+ // Someone called setClient() or setDefaultClient() and passed in
+ // a plain socket factory. Okay, nothing to see, move along.
+ return s;
+ } else {
+ ssl = (SSLSocket) s;
+ }
+
+ // If we don't get the peer certs in 15 seconds, revert to plain
+ // socket.
+ ssl.setSoTimeout(15000);
+ ssl.getSession().getPeerCertificates();
+
+ // Everything worked out okay, so go back to original soTimeout.
+ ssl.setSoTimeout(soTimeout);
+ return ssl;
+ }
+ catch (IOException ioe) {
+ // SSL didn't work. Let's analyze the IOException to see if maybe
+ // we're accidentally attempting to talk to a plain-socket RMI
+ // server.
+ Throwable t = ioe;
+ while (!tryPlain && t != null) {
+ tryPlain = tryPlain || t instanceof EOFException;
+ tryPlain = tryPlain || t instanceof InterruptedIOException;
+ tryPlain = tryPlain || t instanceof SSLProtocolException;
+ t = t.getCause();
+ }
+ if (!tryPlain && ioe instanceof SSLPeerUnverifiedException) {
+ try {
+ if (ssl != null) {
+ ssl.startHandshake();
+ }
+ }
+ catch (IOException ioe2) {
+ // Stacktrace from startHandshake() will be more descriptive
+ // then the one we got from getPeerCertificates().
+ ioe = ioe2;
+ t = ioe2;
+ while (!tryPlain && t != null) {
+ tryPlain = tryPlain || t instanceof EOFException;
+ tryPlain = tryPlain || t instanceof InterruptedIOException;
+ tryPlain = tryPlain || t instanceof SSLProtocolException;
+ t = t.getCause();
+ }
+ }
+ }
+ if (!tryPlain) {
+ log.debug("commons-ssl RMI-SSL failed: " + ioe);
+ throw ioe;
+ } else {
+ reasonForPlainSocket = ioe;
+ }
+ }
+ finally {
+ // Some debug logging:
+ boolean isPlain = tryPlain || (s != null && ssl == null);
+ String socket = isPlain ? "RMI plain-socket " : "RMI ssl-socket ";
+ String localIP = local != null ? local.getHostAddress() : "ANY";
+ StringBuffer buf = new StringBuffer(64);
+ buf.append(socket);
+ buf.append(localIP);
+ buf.append(" --> ");
+ buf.append(host);
+ buf.append(":");
+ buf.append(port);
+ log.debug(buf.toString());
+ }
+
+ // SSL didn't work. Remote server either timed out, or sent EOF, or
+ // there was some kind of SSLProtocolException. (Any other problem
+ // would have caused an IOException to be thrown, so execution wouldn't
+ // have made it this far). Maybe plain socket will work in these three
+ // cases.
+ sf = plainClient;
+ s = JavaImpl.connect(null, sf, host, port, local, 0, 15000, null);
+ if (soTimeout != Integer.MIN_VALUE) {
+ s.setSoTimeout(soTimeout);
+ }
+
+ try {
+ // Plain socket worked! Let's remember that for next time an RMI call
+ // against this host happens.
+ setClient(host, plainClient);
+ String msg = "RMI downgrading from SSL to plain-socket for " + host + " because of " + reasonForPlainSocket;
+ log.warn(msg, reasonForPlainSocket);
+ }
+ catch (GeneralSecurityException gse) {
+ throw new RuntimeException("can't happen because we're using plain socket", gse);
+ // won't happen because we're using plain socket, not SSL.
+ }
+
+ return s;
+ }
+
+
+ public static String getMyDefaultIP() {
+ String anInternetIP = "64.111.122.211";
+ String ip = null;
+ try {
+ DatagramSocket dg = new DatagramSocket();
+ dg.setSoTimeout(250);
+ // 64.111.122.211 is juliusdavies.ca.
+ // This code doesn't actually send any packets (so no firewalls can
+ // get in the way). It's just a neat trick for getting our
+ // internet-facing interface card.
+ InetAddress addr = Util.toInetAddress(anInternetIP);
+ dg.connect(addr, 12345);
+ InetAddress localAddr = dg.getLocalAddress();
+ ip = localAddr.getHostAddress();
+ // log.debug( "Using bogus UDP socket (" + anInternetIP + ":12345), I think my IP address is: " + ip );
+ dg.close();
+ if (localAddr.isLoopbackAddress() || "0.0.0.0".equals(ip)) {
+ ip = null;
+ }
+ }
+ catch (IOException ioe) {
+ log.debug("Bogus UDP didn't work: " + ioe);
+ }
+ return ip;
+ }
+
+ public static SortedSet getMyInternetFacingIPs() throws SocketException {
+ TreeSet set = new TreeSet();
+ Enumeration en = NetworkInterface.getNetworkInterfaces();
+ while (en.hasMoreElements()) {
+ NetworkInterface ni = (NetworkInterface) en.nextElement();
+ Enumeration en2 = ni.getInetAddresses();
+ while (en2.hasMoreElements()) {
+ InetAddress addr = (InetAddress) en2.nextElement();
+ if (!addr.isLoopbackAddress()) {
+ String ip = addr.getHostAddress();
+ String reverse = addr.getHostName();
+ // IP:
+ set.add(ip);
+ // Reverse-Lookup:
+ set.add(reverse);
+
+ }
+ }
+ }
+ return set;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
new file mode 100644
index 0000000..5f9f6dc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSL.java
@@ -0,0 +1,612 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSL.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.*;
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+/**
+ * Not thread-safe. (But who would ever share this thing across multiple
+ * threads???)
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since May 1, 2006
+ */
+public class SSL {
+ private final static String[] KNOWN_PROTOCOLS =
+ {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3", "SSLv2", "SSLv2Hello"};
+
+ // SUPPORTED_CIPHERS_ARRAY is initialized in the static constructor.
+ private final static String[] SUPPORTED_CIPHERS;
+
+ public final static SortedSet KNOWN_PROTOCOLS_SET;
+ public final static SortedSet SUPPORTED_CIPHERS_SET;
+
+ static {
+ TreeSet<String> ts = new TreeSet<String>(Collections.reverseOrder());
+ ts.addAll(Arrays.asList(KNOWN_PROTOCOLS));
+ KNOWN_PROTOCOLS_SET = Collections.unmodifiableSortedSet(ts);
+
+ // SSLSocketFactory.getDefault() sometimes blocks on FileInputStream
+ // reads of "/dev/random" (Linux only?). You might find you system
+ // stuck here. Move the mouse around a little!
+ SSLSocketFactory s = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ ts = new TreeSet<String>();
+ SUPPORTED_CIPHERS = s.getSupportedCipherSuites();
+ Arrays.sort(SUPPORTED_CIPHERS);
+ ts.addAll(Arrays.asList(SUPPORTED_CIPHERS));
+ SUPPORTED_CIPHERS_SET = Collections.unmodifiableSortedSet(ts);
+ }
+
+ private Object sslContext = null;
+ private int initCount = 0;
+ private SSLSocketFactory socketFactory = null;
+ private SSLServerSocketFactory serverSocketFactory = null;
+ private HostnameVerifier hostnameVerifier = HostnameVerifier.DEFAULT;
+ private boolean isSecure = true; // if false, the client-style operations only create plain sockets.
+ private boolean checkHostname = true;
+ private boolean checkCRL = true;
+ private boolean checkExpiry = true;
+ private boolean useClientMode = false;
+ private boolean useClientModeDefault = true;
+ private int soTimeout = 24 * 60 * 60 * 1000; // default: one day
+ private int connectTimeout = 60 * 60 * 1000; // default: one hour
+ private TrustChain trustChain = null;
+ private KeyMaterial keyMaterial = null;
+ private String[] enabledCiphers = null;
+ private String[] enabledProtocols = null;
+ private String defaultProtocol = "TLS";
+ private X509Certificate[] currentServerChain;
+ private X509Certificate[] currentClientChain;
+ private boolean wantClientAuth = true;
+ private boolean needClientAuth = false;
+ private SSLWrapperFactory sslWrapperFactory = SSLWrapperFactory.NO_WRAP;
+ private Map dnsOverride;
+
+ protected final boolean usingSystemProperties;
+
+ public SSL()
+ throws GeneralSecurityException, IOException {
+ boolean usingSysProps = false;
+ Properties props = System.getProperties();
+ boolean ksSet = props.containsKey("javax.net.ssl.keyStore");
+ boolean tsSet = props.containsKey("javax.net.ssl.trustStore");
+ if (ksSet) {
+ String path = System.getProperty("javax.net.ssl.keyStore");
+ String pwd = System.getProperty("javax.net.ssl.keyStorePassword");
+ pwd = pwd != null ? pwd : ""; // JSSE default is "".
+ File f = new File(path);
+ if (f.exists()) {
+ KeyMaterial km = new KeyMaterial(path, pwd.toCharArray());
+ setKeyMaterial(km);
+ usingSysProps = true;
+ }
+ }
+ boolean trustMaterialSet = false;
+ if (tsSet) {
+ String path = System.getProperty("javax.net.ssl.trustStore");
+ String pwd = System.getProperty("javax.net.ssl.trustStorePassword");
+ boolean pwdWasNull = pwd == null;
+ pwd = pwdWasNull ? "" : pwd; // JSSE default is "".
+ File f = new File(path);
+ if (f.exists()) {
+ TrustMaterial tm;
+ try {
+ tm = new TrustMaterial(path, pwd.toCharArray());
+ }
+ catch (GeneralSecurityException gse) {
+ // Probably a bad password. If we're using the default password,
+ // let's try and survive this setback.
+ if (pwdWasNull) {
+ tm = new TrustMaterial(path);
+ } else {
+ throw gse;
+ }
+ }
+
+ setTrustMaterial(tm);
+ usingSysProps = true;
+ trustMaterialSet = true;
+ }
+ }
+
+ /*
+ No default trust material was set. We'll use the JSSE standard way
+ where we test for "JSSE_CACERTS" first, and then fall back on
+ "CACERTS". We could just leave TrustMaterial null, but then our
+ setCheckCRL() and setCheckExpiry() features won't work. We need a
+ non-null TrustMaterial object in order to intercept and decorate
+ the JVM's default TrustManager.
+ */
+ if (!trustMaterialSet) {
+ setTrustMaterial(TrustMaterial.DEFAULT);
+ }
+ this.usingSystemProperties = usingSysProps;
+ dirtyAndReloadIfYoung();
+ }
+
+ private void dirty() {
+ this.sslContext = null;
+ this.socketFactory = null;
+ this.serverSocketFactory = null;
+ }
+
+ private void dirtyAndReloadIfYoung()
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ dirty();
+ if (initCount >= 0 && initCount <= 5) {
+ // The first five init's we do early (before any sockets are
+ // created) in the hope that will trigger any explosions nice
+ // and early, with the correct exception type.
+
+ // After the first five init's, we revert to a regular
+ // dirty / init pattern, and the "init" happens very late:
+ // just before the socket is created. If badness happens, a
+ // wrapping RuntimeException will be thrown.
+ init();
+ }
+ }
+
+ String dnsOverride(String host) {
+ if (dnsOverride != null && dnsOverride.containsKey(host)) {
+ String override = (String) dnsOverride.get(host);
+ if (override != null && !"".equals(override.trim())) {
+ return override;
+ }
+ }
+ return host;
+ }
+
+ public void setDnsOverride(Map m) {
+ this.dnsOverride = m;
+ }
+
+ public void setIsSecure(boolean b) {
+ this.isSecure = b;
+ }
+
+ public boolean isSecure() {
+ return isSecure;
+ }
+
+ public SSLContext getSSLContext()
+ throws GeneralSecurityException, IOException
+
+ {
+ Object obj = getSSLContextAsObject();
+ if (JavaImpl.isJava13()) {
+ try {
+ return (SSLContext) obj;
+ }
+ catch (ClassCastException cce) {
+ throw new ClassCastException("When using Java13 SSL, you must call SSL.getSSLContextAsObject() - " + cce);
+ }
+ }
+ return (SSLContext) obj;
+ }
+
+ /**
+ * @return com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending
+ * on the JSSE implementation we're using.
+ * @throws java.security.GeneralSecurityException problem creating SSLContext
+ * @throws java.io.IOException problem creating SSLContext
+ */
+ public Object getSSLContextAsObject()
+ throws GeneralSecurityException, IOException
+
+ {
+ if (sslContext == null) {
+ init();
+ }
+ return sslContext;
+ }
+
+ public void addTrustMaterial(TrustChain trustChain)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ if (this.trustChain == null || trustChain == TrustMaterial.TRUST_ALL) {
+ this.trustChain = trustChain;
+ } else {
+ this.trustChain.addTrustMaterial(trustChain);
+ }
+ dirtyAndReloadIfYoung();
+ }
+
+ public void setTrustMaterial(TrustChain trustChain)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ this.trustChain = trustChain;
+ dirtyAndReloadIfYoung();
+ }
+
+ public void setKeyMaterial(KeyMaterial keyMaterial)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ this.keyMaterial = keyMaterial;
+ dirtyAndReloadIfYoung();
+ }
+
+ public X509Certificate[] getAssociatedCertificateChain() {
+ if (keyMaterial != null) {
+ List list = keyMaterial.getAssociatedCertificateChains();
+ return (X509Certificate[]) list.get(0);
+ } else {
+ return null;
+ }
+ }
+
+ public String[] getEnabledCiphers() {
+ return enabledCiphers != null ? enabledCiphers : getDefaultCipherSuites();
+ }
+
+ public void setEnabledCiphers(String[] ciphers) {
+ HashSet<String> desired = new HashSet<String>(Arrays.asList(ciphers));
+ desired.removeAll(SUPPORTED_CIPHERS_SET);
+ if (!desired.isEmpty()) {
+ throw new IllegalArgumentException("following ciphers not supported: " + desired);
+ }
+ this.enabledCiphers = ciphers;
+ }
+
+ public String[] getEnabledProtocols() {
+ return enabledProtocols;
+ }
+
+ public void setEnabledProtocols(String[] protocols) {
+ this.enabledProtocols = protocols;
+ }
+
+ public String getDefaultProtocol() {
+ return defaultProtocol;
+ }
+
+ public void setDefaultProtocol(String protocol) {
+ this.defaultProtocol = protocol;
+ dirty();
+ }
+
+ public boolean getCheckHostname() {
+ return checkHostname;
+ }
+
+ public void setCheckHostname(boolean checkHostname) {
+ this.checkHostname = checkHostname;
+ }
+
+ public void setHostnameVerifier(HostnameVerifier verifier) {
+ if (verifier == null) {
+ verifier = HostnameVerifier.DEFAULT;
+ }
+ this.hostnameVerifier = verifier;
+ }
+
+ public HostnameVerifier getHostnameVerifier() {
+ return hostnameVerifier;
+ }
+
+ public boolean getCheckCRL() {
+ return checkCRL;
+ }
+
+ public void setCheckCRL(boolean checkCRL) {
+ this.checkCRL = checkCRL;
+ }
+
+ public boolean getCheckExpiry() {
+ return checkExpiry;
+ }
+
+ public void setCheckExpiry(boolean checkExpiry) {
+ this.checkExpiry = checkExpiry;
+ }
+
+ public void setSoTimeout(int soTimeout) {
+ if (soTimeout < 0) {
+ throw new IllegalArgumentException("soTimeout must not be negative");
+ }
+ this.soTimeout = soTimeout;
+ }
+
+ public int getSoTimeout() {
+ return soTimeout;
+ }
+
+ public void setConnectTimeout(int connectTimeout) {
+ if (connectTimeout < 0) {
+ throw new IllegalArgumentException("connectTimeout must not be negative");
+ }
+ this.connectTimeout = connectTimeout;
+ }
+
+ public void setUseClientMode(boolean useClientMode) {
+ this.useClientModeDefault = false;
+ this.useClientMode = useClientMode;
+ }
+
+ public boolean getUseClientModeDefault() {
+ return useClientModeDefault;
+ }
+
+ public boolean getUseClientMode() {
+ return useClientMode;
+ }
+
+ public void setWantClientAuth(boolean wantClientAuth) {
+ this.wantClientAuth = wantClientAuth;
+ }
+
+ public void setNeedClientAuth(boolean needClientAuth) {
+ this.needClientAuth = needClientAuth;
+ }
+
+ public boolean getWantClientAuth() {
+ return wantClientAuth;
+ }
+
+ public boolean getNeedClientAuth() {
+ return needClientAuth;
+ }
+
+ public SSLWrapperFactory getSSLWrapperFactory() {
+ return this.sslWrapperFactory;
+ }
+
+ public void setSSLWrapperFactory(SSLWrapperFactory wf) {
+ this.sslWrapperFactory = wf;
+ }
+
+ private void initThrowRuntime() {
+ try {
+ init();
+ }
+ catch (GeneralSecurityException gse) {
+ throw JavaImpl.newRuntimeException(gse);
+ }
+ catch (IOException ioe) {
+ throw JavaImpl.newRuntimeException(ioe);
+ }
+ }
+
+ private void init()
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ socketFactory = null;
+ serverSocketFactory = null;
+ this.sslContext = JavaImpl.init(this, trustChain, keyMaterial);
+ initCount++;
+ }
+
+ public void doPreConnectSocketStuff(Socket s) throws IOException {
+ if (s instanceof SSLSocket && !useClientModeDefault) {
+ ((SSLSocket) s).setUseClientMode(useClientMode);
+ }
+ if (soTimeout > 0) {
+ s.setSoTimeout(soTimeout);
+ }
+ if (s instanceof SSLSocket) {
+ if (enabledProtocols != null) {
+ JavaImpl.setEnabledProtocols(s, enabledProtocols);
+ }
+ if (enabledCiphers != null) {
+ ((SSLSocket) s).setEnabledCipherSuites(enabledCiphers);
+ }
+ }
+ }
+
+ public void doPostConnectSocketStuff(Socket s, String host)
+ throws IOException {
+ if (checkHostname && s instanceof SSLSocket) {
+ hostnameVerifier.check(host, (SSLSocket) s);
+ }
+ }
+
+ public Socket createSocket() throws IOException {
+ if (isSecure) {
+ return sslWrapperFactory.wrap(JavaImpl.createSocket(this));
+ } else {
+ Socket s = SocketFactory.getDefault().createSocket();
+ doPreConnectSocketStuff(s);
+ return s;
+ }
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the
+ * given time limit.
+ *
+ * @param remoteHost the host name/IP
+ * @param remotePort the port on the host
+ * @param localHost the local host name/IP to bind the socket to
+ * @param localPort the port on the local machine
+ * @param timeout the connection timeout (0==infinite)
+ * @return Socket a new socket
+ * @throws java.io.IOException if an I/O error occurs while creating the socket
+ * @throws java.net.UnknownHostException if the IP address of the host cannot be
+ * determined
+ */
+ public Socket createSocket(
+ String remoteHost, int remotePort, InetAddress localHost, int localPort, int timeout
+ ) throws IOException {
+ // Only use our factory-wide connectTimeout if this method was passed
+ // in a timeout of 0 (infinite).
+ int factoryTimeout = getConnectTimeout();
+ int connectTimeout = timeout == 0 ? factoryTimeout : timeout;
+ Socket s;
+ if (isSecure) {
+ s = JavaImpl.createSocket(
+ this, remoteHost, remotePort, localHost, localPort, connectTimeout
+ );
+ } else {
+ s = JavaImpl.createPlainSocket(
+ this, remoteHost, remotePort, localHost, localPort, connectTimeout
+ );
+ }
+ return sslWrapperFactory.wrap(s);
+ }
+
+ public Socket createSocket(
+ Socket s, String remoteHost, int remotePort, boolean autoClose
+ ) throws IOException {
+ SSLSocketFactory sf = getSSLSocketFactory();
+ s = sf.createSocket(s, remoteHost, remotePort, autoClose);
+ doPreConnectSocketStuff(s);
+ doPostConnectSocketStuff(s, remoteHost);
+ return sslWrapperFactory.wrap(s);
+ }
+
+ public ServerSocket createServerSocket() throws IOException {
+ SSLServerSocket ss = JavaImpl.createServerSocket(this);
+ return getSSLWrapperFactory().wrap(ss, this);
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the
+ * given time limit.
+ *
+ * @param localHost the local host name/IP to bind against (null == ANY)
+ * @param port the port to listen on
+ * @param backlog number of connections allowed to queue up for accept().
+ * @return SSLServerSocket a new server socket
+ * @throws java.io.IOException if an I/O error occurs while creating thesocket
+ */
+ public ServerSocket createServerSocket(int port, int backlog,
+ InetAddress localHost)
+ throws IOException {
+ SSLServerSocketFactory f = getSSLServerSocketFactory();
+ ServerSocket ss = f.createServerSocket(port, backlog, localHost);
+ SSLServerSocket s = (SSLServerSocket) ss;
+ doPreConnectServerSocketStuff(s);
+ return getSSLWrapperFactory().wrap(s, this);
+ }
+
+ public void doPreConnectServerSocketStuff(SSLServerSocket s)
+ throws IOException {
+ if (soTimeout > 0) {
+ s.setSoTimeout(soTimeout);
+ }
+ if (enabledProtocols != null) {
+ JavaImpl.setEnabledProtocols(s, enabledProtocols);
+ }
+ if (enabledCiphers != null) {
+ s.setEnabledCipherSuites(enabledCiphers);
+ }
+
+ /*
+ setNeedClientAuth( false ) has an annoying side effect: it seems to
+ reset setWantClient( true ) back to to false. So I do things this
+ way to make sure setting things "true" happens after setting things
+ "false" - giving "true" priority.
+ */
+ if (!wantClientAuth) {
+ JavaImpl.setWantClientAuth(s, false);
+ }
+ if (!needClientAuth) {
+ s.setNeedClientAuth(false);
+ }
+ if (wantClientAuth) {
+ JavaImpl.setWantClientAuth(s, true);
+ }
+ if (needClientAuth) {
+ s.setNeedClientAuth(true);
+ }
+ }
+
+ public SSLSocketFactory getSSLSocketFactory() {
+ if (sslContext == null) {
+ initThrowRuntime();
+ }
+ if (socketFactory == null) {
+ socketFactory = JavaImpl.getSSLSocketFactory(sslContext);
+ }
+ return socketFactory;
+ }
+
+ public SSLServerSocketFactory getSSLServerSocketFactory() {
+ if (sslContext == null) {
+ initThrowRuntime();
+ }
+ if (serverSocketFactory == null) {
+ serverSocketFactory = JavaImpl.getSSLServerSocketFactory(sslContext);
+ }
+ return serverSocketFactory;
+ }
+
+ public int getConnectTimeout() {
+ return connectTimeout;
+ }
+
+ public String[] getDefaultCipherSuites() {
+ return getSSLSocketFactory().getDefaultCipherSuites();
+ }
+
+ public String[] getSupportedCipherSuites() {
+ String[] s = new String[SUPPORTED_CIPHERS.length];
+ System.arraycopy(SUPPORTED_CIPHERS, 0, s, 0, s.length);
+ return s;
+ }
+
+ public TrustChain getTrustChain() {
+ return trustChain;
+ }
+
+ public void setCurrentServerChain(X509Certificate[] chain) {
+ this.currentServerChain = chain;
+ }
+
+ public void setCurrentClientChain(X509Certificate[] chain) {
+ this.currentClientChain = chain;
+ }
+
+ public X509Certificate[] getCurrentServerChain() {
+ return currentServerChain;
+ }
+
+ public X509Certificate[] getCurrentClientChain() {
+ return currentClientChain;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLClient.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLClient.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLClient.java
new file mode 100644
index 0000000..4bc9156
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLClient.java
@@ -0,0 +1,226 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLClient.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 27-Feb-2006
+ */
+public class SSLClient extends SSLSocketFactory {
+ private final SSL ssl;
+
+ public SSLClient()
+ throws GeneralSecurityException, IOException {
+ this.ssl = new SSL();
+ }
+
+ public void addTrustMaterial(TrustChain trustChain)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ ssl.addTrustMaterial(trustChain);
+ }
+
+ public void setTrustMaterial(TrustChain trustChain)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ ssl.setTrustMaterial(trustChain);
+ }
+
+ public void setKeyMaterial(KeyMaterial keyMaterial)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ ssl.setKeyMaterial(keyMaterial);
+ }
+
+ public void setIsSecure(boolean b) { ssl.setIsSecure(b); }
+
+ public void setDnsOverride(Map m) { ssl.setDnsOverride(m); }
+
+ public void setCheckCRL(boolean b) { ssl.setCheckCRL(b); }
+
+ public void setCheckExpiry(boolean b) { ssl.setCheckExpiry(b); }
+
+ public void setCheckHostname(boolean b) { ssl.setCheckHostname(b); }
+
+ public void setConnectTimeout(int i) { ssl.setConnectTimeout(i); }
+
+ public void setDefaultProtocol(String s) { ssl.setDefaultProtocol(s); }
+
+ public void setEnabledCiphers(String[] ciphers) {
+ ssl.setEnabledCiphers(ciphers);
+ }
+
+ public void setEnabledProtocols(String[] protocols) {
+ ssl.setEnabledProtocols(protocols);
+ }
+
+ public void setHostnameVerifier(HostnameVerifier verifier) {
+ ssl.setHostnameVerifier(verifier);
+ }
+
+ public void setSoTimeout(int soTimeout) { ssl.setSoTimeout(soTimeout); }
+
+ public void setSSLWrapperFactory(SSLWrapperFactory wf) {
+ ssl.setSSLWrapperFactory(wf);
+ }
+
+ public void setNeedClientAuth(boolean b) { ssl.setNeedClientAuth(b); }
+
+ public void setWantClientAuth(boolean b) { ssl.setWantClientAuth(b); }
+
+ public void setUseClientMode(boolean b) { ssl.setUseClientMode(b); }
+
+ public boolean isSecure() { return ssl.isSecure(); }
+
+ public X509Certificate[] getAssociatedCertificateChain() {
+ return ssl.getAssociatedCertificateChain();
+ }
+
+ public boolean getCheckCRL() { return ssl.getCheckCRL(); }
+
+ public boolean getCheckExpiry() { return ssl.getCheckExpiry(); }
+
+ public boolean getCheckHostname() { return ssl.getCheckHostname(); }
+
+ public int getConnectTimeout() { return ssl.getConnectTimeout(); }
+
+ public String getDefaultProtocol() { return ssl.getDefaultProtocol(); }
+
+ public String[] getEnabledCiphers() { return ssl.getEnabledCiphers(); }
+
+ public String[] getEnabledProtocols() { return ssl.getEnabledProtocols(); }
+
+ public HostnameVerifier getHostnameVerifier() {
+ return ssl.getHostnameVerifier();
+ }
+
+ public int getSoTimeout() { return ssl.getSoTimeout(); }
+
+ public SSLWrapperFactory getSSLWrapperFactory() {
+ return ssl.getSSLWrapperFactory();
+ }
+
+ public boolean getNeedClientAuth() { return ssl.getNeedClientAuth(); }
+
+ public boolean getWantClientAuth() { return ssl.getWantClientAuth(); }
+
+ public boolean getUseClientMode() { /* SSLClient's default is true. */
+ return ssl.getUseClientModeDefault() || ssl.getUseClientMode();
+ }
+
+ public SSLContext getSSLContext() throws GeneralSecurityException, IOException {
+ return ssl.getSSLContext();
+ }
+
+ public TrustChain getTrustChain() { return ssl.getTrustChain(); }
+
+ public X509Certificate[] getCurrentServerChain() {
+ return ssl.getCurrentServerChain();
+ }
+
+ public String[] getDefaultCipherSuites() {
+ return ssl.getDefaultCipherSuites();
+ }
+
+ public String[] getSupportedCipherSuites() {
+ return ssl.getSupportedCipherSuites();
+ }
+
+ public Socket createSocket() throws IOException {
+ return ssl.createSocket();
+ }
+
+ public Socket createSocket(String host, int port)
+ throws IOException {
+ return createSocket(host, port, null, 0);
+ }
+
+ public Socket createSocket(InetAddress host, int port)
+ throws IOException {
+ return createSocket(host.getHostName(), port);
+ }
+
+ public Socket createSocket(InetAddress host, int port,
+ InetAddress localHost, int localPort)
+ throws IOException {
+ return createSocket(host.getHostName(), port, localHost, localPort);
+ }
+
+ public Socket createSocket(String host, int port,
+ InetAddress localHost, int localPort)
+ throws IOException {
+ return createSocket(host, port, localHost, localPort, 0);
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the
+ * given time limit.
+ *
+ * @param host the host name/IP
+ * @param port the port on the host
+ * @param localHost the local host name/IP to bind the socket to
+ * @param localPort the port on the local machine
+ * @param timeout the connection timeout (0==infinite)
+ * @return Socket a new socket
+ * @throws java.io.IOException if an I/O error occurs while creating thesocket
+ * @throws java.net.UnknownHostException if the IP address of the host cannot be
+ * determined
+ */
+ public Socket createSocket(String host, int port, InetAddress localHost,
+ int localPort, int timeout)
+ throws IOException {
+ return ssl.createSocket(host, port, localHost, localPort, timeout);
+ }
+
+ public Socket createSocket(Socket s, String remoteHost, int remotePort,
+ boolean autoClose)
+ throws IOException {
+ return ssl.createSocket(s, remoteHost, remotePort, autoClose);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLEchoServer.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLEchoServer.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLEchoServer.java
new file mode 100644
index 0000000..7bf6941
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLEchoServer.java
@@ -0,0 +1,149 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLEchoServer.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.ReadLine;
+
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InterruptedIOException;
+import java.io.OutputStream;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 2-May-2006
+ */
+public class SSLEchoServer {
+
+ public static void main(String[] args) throws Exception {
+ int port = 7443;
+ if (args.length >= 1) {
+ port = Integer.parseInt(args[0]);
+ }
+
+ SSLServer ssl = new SSLServer();
+ ssl.setTrustMaterial(TrustMaterial.TRUST_ALL);
+ ssl.setCheckExpiry(false);
+ ssl.setCheckCRL(false);
+ ssl.setCheckHostname(false);
+ ssl.setWantClientAuth(true);
+
+ SSLServerSocket ss = (SSLServerSocket) ssl.createServerSocket(port, 3);
+ System.out.println("SSL Echo server listening on port: " + port);
+ while (true) {
+ SSLSocket s = (SSLSocket) ss.accept();
+ s.setSoTimeout(30000);
+ EchoRunnable r = new EchoRunnable(s);
+ new Thread(r).start();
+ }
+
+ }
+
+ public static class EchoRunnable implements Runnable {
+ private SSLSocket s;
+
+ public EchoRunnable(SSLSocket s) {
+ this.s = s;
+ }
+
+ public void run() {
+ InputStream in = null;
+ OutputStream out = null;
+ System.out.println("Socket accepted!");
+ try {
+ SSLSession session = s.getSession();
+
+ try {
+ Certificate[] certs = JavaImpl.getPeerCertificates(session);
+ if (certs != null) {
+ for (int i = 0; i < certs.length; i++) {
+ // log client cert info
+ X509Certificate cert = (X509Certificate) certs[i];
+ String s = "client cert " + i + ":";
+ s += JavaImpl.getSubjectX500(cert);
+ System.out.println(s);
+ System.out.println(Certificates.toString(cert));
+ }
+ }
+ }
+ catch (SSLPeerUnverifiedException sslpue) {
+ // oh well, no client cert for us
+ System.out.println(sslpue);
+ }
+
+ in = s.getInputStream();
+ out = s.getOutputStream();
+ ReadLine readLine = new ReadLine(in);
+ String line = readLine.next();
+ if (line != null && line.indexOf("HTTP") > 0) {
+ out.write("HTTP/1.1 200 OK\r\n\r\n".getBytes());
+ out.flush();
+ }
+ while (line != null) {
+ String echo = "ECHO:>" + line + "\n";
+ out.write(echo.getBytes());
+ out.flush();
+ line = readLine.next();
+ }
+ }
+ catch (IOException ioe) {
+ try {
+ if (out != null) {
+ out.close();
+ }
+ if (in != null) {
+ in.close();
+ }
+ s.close();
+ }
+ catch (Exception e) {
+ }
+
+ if (ioe instanceof InterruptedIOException) {
+ System.out.println("Socket closed after 30 second timeout.");
+ } else {
+ ioe.printStackTrace();
+ }
+
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLProxyServer.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLProxyServer.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLProxyServer.java
new file mode 100644
index 0000000..795dc88
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLProxyServer.java
@@ -0,0 +1,196 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLProxyServer.java $
+ * $Revision: 132 $
+ * $Date: 2008-01-11 21:20:26 -0800 (Fri, 11 Jan 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.ReadLine;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InterruptedIOException;
+import java.io.OutputStream;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 5-May-2006
+ */
+public class SSLProxyServer {
+
+ public static void main(String[] args) throws Exception {
+ int port = 7444;
+ if (args.length >= 1) {
+ port = Integer.parseInt(args[0]);
+ }
+
+ ServerSocket ss = new ServerSocket(port);
+
+ System.out.println("SSL Proxy server listening on port: " + port);
+ while (true) {
+ Socket s = ss.accept();
+ s.setSoTimeout(10000);
+ ProxyRunnable r = new ProxyRunnable(s);
+ new Thread(r).start();
+ }
+
+ }
+
+ public static class ProxyRunnable implements Runnable {
+ private Socket s;
+
+ public ProxyRunnable(Socket s) {
+ this.s = s;
+ }
+
+ public void run() {
+ InputStream in = null;
+ OutputStream out = null;
+ InputStream newIn = null;
+ OutputStream newOut = null;
+ Socket newSocket = new Socket();
+ System.out.println("Socket accepted!");
+ try {
+ in = s.getInputStream();
+ out = s.getOutputStream();
+ ReadLine readLine = new ReadLine(in);
+ String line = readLine.next();
+ line = line.trim();
+ String connect = line.substring(0, "CONNECT".length());
+ InetSocketAddress addr = null;
+ if ("CONNECT".equalsIgnoreCase(connect)) {
+ line = line.substring("CONNECT".length()).trim();
+ line = line.substring(0, line.length() - "HTTP/1.1".length()).trim();
+ HostPort hostPort = Util.toAddress(line, 443);
+ addr = new InetSocketAddress(hostPort.host, hostPort.port);
+ System.out.println("Attempting to proxy to: " + line);
+ } else {
+ throw new IOException("not a proxy request: " + line);
+ }
+
+ int avail = in.available();
+ in.skip(avail);
+ Thread.yield();
+ avail = in.available();
+ while (avail != 0) {
+ in.skip(avail);
+ Thread.yield();
+ avail = in.available();
+ }
+
+ InetSocketAddress local = new InetSocketAddress(0);
+ newSocket.setSoTimeout(10000);
+ newSocket.bind(local);
+ newSocket.connect(addr, 5000);
+ newIn = newSocket.getInputStream();
+ newOut = newSocket.getOutputStream();
+
+ out.write("HTTP/1.1 200 OKAY\r\n\r\n".getBytes());
+ out.flush();
+
+ final IOException[] e = new IOException[1];
+ final InputStream rIn = in;
+ final OutputStream rNewOut = newOut;
+ Runnable r = new Runnable() {
+ public void run() {
+ try {
+ byte[] buf = new byte[4096];
+ int read = rIn.read(buf);
+ while (read >= 0) {
+ if (read > 0) {
+ rNewOut.write(buf, 0, read);
+ rNewOut.flush();
+ }
+ read = rIn.read(buf);
+ }
+ }
+ catch (IOException ioe) {
+ e[0] = ioe;
+ }
+ }
+ };
+ new Thread(r).start();
+
+ byte[] buf = new byte[4096];
+ int read = newIn.read(buf);
+ while (read >= 0) {
+ if (read > 0) {
+ out.write(buf, 0, read);
+ out.flush();
+ }
+ if (e[0] != null) {
+ throw e[0];
+ }
+ read = newIn.read(buf);
+ }
+
+
+ }
+ catch (IOException ioe) {
+ try {
+ if (out != null) {
+ out.close();
+ }
+ if (in != null) {
+ in.close();
+ }
+ s.close();
+ }
+ catch (Exception e) {
+ }
+
+ try {
+ if (newOut != null) {
+ newOut.close();
+ }
+ if (newIn != null) {
+ newIn.close();
+ }
+ newSocket.close();
+ }
+ catch (Exception e) {
+ }
+
+
+ if (ioe instanceof InterruptedIOException) {
+ System.out.println("Socket closed after 10 second timeout.");
+ } else {
+ ioe.printStackTrace();
+ }
+
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
new file mode 100644
index 0000000..13472ed
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServer.java
@@ -0,0 +1,284 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLServer.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since May 1, 2006
+ */
+public class SSLServer extends SSLServerSocketFactory {
+ protected final SSL ssl;
+
+ public SSLServer()
+ throws GeneralSecurityException, IOException {
+ this.ssl = new SSL();
+ // client certs aren't usually tied down to a single host (and who knows
+ // if the DNS reverse-lookup will work!).
+ setCheckHostname(false);
+
+ // If "javax.net.ssl.keyStore" is set, then we won't bother with this
+ // silly SSLServer default behaviour.
+ if (!ssl.usingSystemProperties) {
+ // commons-ssl default KeyMaterial will be
+ // ~/.keystore with a password of "changeit".
+ useDefaultKeyMaterial();
+ }
+ }
+
+ /**
+ * Tries to extract the TrustMaterial and KeyMaterial being used by a Tomcat
+ * SSL server (usually on 8443) by analyzing Tomcat's "server.xml" file. If
+ * the extraction is successful, the TrustMaterial and KeyMaterial are
+ * applied to this SSLServer.
+ *
+ * @return true if the operation was successful.
+ * @throws java.security.GeneralSecurityException setKeyMaterial() failed
+ * @throws java.io.IOException setKeyMaterial() failed
+ */
+ public boolean useTomcatSSLMaterial()
+ throws GeneralSecurityException, IOException {
+ // If running inside Tomcat, let's try to re-use Tomcat's SSL
+ // certificate for our own stuff (e.g. RMI-SSL).
+ Integer p8443 = Integer.valueOf(8443);
+ KeyMaterial km;
+ TrustMaterial tm;
+ km = (KeyMaterial) TomcatServerXML.KEY_MATERIAL_BY_PORT.get(p8443);
+ tm = (TrustMaterial) TomcatServerXML.TRUST_MATERIAL_BY_PORT.get(p8443);
+
+ // If 8443 isn't set, let's take lowest secure port.
+ km = km == null ? TomcatServerXML.KEY_MATERIAL : km;
+ tm = tm == null ? TomcatServerXML.TRUST_MATERIAL : tm;
+ boolean success = false;
+ if (km != null) {
+ setKeyMaterial(km);
+ success = true;
+ if (tm != null && !TrustMaterial.DEFAULT.equals(tm)) {
+ setTrustMaterial(tm);
+ }
+ }
+ return success;
+ }
+
+ private boolean useDefaultKeyMaterial()
+ throws GeneralSecurityException, IOException {
+ // If we're not able to re-use Tomcat's SSLServerSocket configuration,
+ // commons-ssl default KeyMaterial will be ~/.keystore with a password
+ // of "changeit".
+ Properties props = System.getProperties();
+ boolean pwdSet = props.containsKey("javax.net.ssl.keyStorePassword");
+ String pwd = props.getProperty("javax.net.ssl.keyStorePassword");
+ pwd = pwdSet ? pwd : "changeit";
+
+ String userHome = System.getProperty("user.home");
+ String path = userHome + "/.keystore";
+ File f = new File(path);
+ boolean success = false;
+ if (f.exists()) {
+ KeyMaterial km = null;
+ try {
+ km = new KeyMaterial(path, pwd.toCharArray());
+ }
+ catch (Exception e) {
+ // Don't want to blowup just because this silly default
+ // behaviour didn't work out.
+ if (pwdSet) {
+ // Buf if the user has specified a non-standard password for
+ // "javax.net.ssl.keyStorePassword", then we will warn them
+ // that things didn't work out.
+ System.err.println("commons-ssl automatic loading of [" + path + "] failed. ");
+ System.err.println(e);
+ }
+ }
+ if (km != null) {
+ setKeyMaterial(km);
+ success = true;
+ }
+ }
+ return success;
+ }
+
+ public void setDnsOverride(Map m) { ssl.setDnsOverride(m); }
+
+ public void addTrustMaterial(TrustChain trustChain)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ ssl.addTrustMaterial(trustChain);
+ }
+
+ public void setTrustMaterial(TrustChain trustChain)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ ssl.setTrustMaterial(trustChain);
+ }
+
+ public void setKeyMaterial(KeyMaterial keyMaterial)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ KeyManagementException, IOException, CertificateException {
+ ssl.setKeyMaterial(keyMaterial);
+ }
+
+ public void setCheckCRL(boolean b) { ssl.setCheckCRL(b); }
+
+ public void setCheckExpiry(boolean b) { ssl.setCheckExpiry(b); }
+
+ public void setCheckHostname(boolean b) { ssl.setCheckHostname(b); }
+
+ public void setConnectTimeout(int i) { ssl.setConnectTimeout(i); }
+
+ public void setDefaultProtocol(String s) { ssl.setDefaultProtocol(s); }
+
+ public void setEnabledCiphers(String[] ciphers) {
+ ssl.setEnabledCiphers(ciphers);
+ }
+
+ public void setEnabledProtocols(String[] protocols) {
+ ssl.setEnabledProtocols(protocols);
+ }
+
+ public void setHostnameVerifier(HostnameVerifier verifier) {
+ ssl.setHostnameVerifier(verifier);
+ }
+
+ public void setSoTimeout(int soTimeout) { ssl.setSoTimeout(soTimeout); }
+
+ public void setSSLWrapperFactory(SSLWrapperFactory wf) {
+ ssl.setSSLWrapperFactory(wf);
+ }
+
+ public void setNeedClientAuth(boolean b) { ssl.setNeedClientAuth(b); }
+
+ public void setWantClientAuth(boolean b) { ssl.setWantClientAuth(b); }
+
+ public void setUseClientMode(boolean b) { ssl.setUseClientMode(b); }
+
+ public X509Certificate[] getAssociatedCertificateChain() {
+ return ssl.getAssociatedCertificateChain();
+ }
+
+ public boolean getCheckCRL() { return ssl.getCheckCRL(); }
+
+ public boolean getCheckExpiry() { return ssl.getCheckExpiry(); }
+
+ public boolean getCheckHostname() { return ssl.getCheckHostname(); }
+
+ public int getConnectTimeout() { return ssl.getConnectTimeout(); }
+
+ public String getDefaultProtocol() { return ssl.getDefaultProtocol(); }
+
+ public String[] getEnabledCiphers() { return ssl.getEnabledCiphers(); }
+
+ public String[] getEnabledProtocols() { return ssl.getEnabledProtocols(); }
+
+ public HostnameVerifier getHostnameVerifier() {
+ return ssl.getHostnameVerifier();
+ }
+
+ public int getSoTimeout() { return ssl.getSoTimeout(); }
+
+ public SSLWrapperFactory getSSLWrapperFactory() {
+ return ssl.getSSLWrapperFactory();
+ }
+
+ public boolean getNeedClientAuth() { return ssl.getNeedClientAuth(); }
+
+ public boolean getWantClientAuth() { return ssl.getWantClientAuth(); }
+
+ public boolean getUseClientMode() { /* SSLServer's default is false. */
+ return !ssl.getUseClientModeDefault() && ssl.getUseClientMode();
+ }
+
+ public SSLContext getSSLContext() throws GeneralSecurityException, IOException {
+ return ssl.getSSLContext();
+ }
+
+ public TrustChain getTrustChain() { return ssl.getTrustChain(); }
+
+ public X509Certificate[] getCurrentClientChain() {
+ return ssl.getCurrentClientChain();
+ }
+
+ public String[] getDefaultCipherSuites() {
+ return ssl.getDefaultCipherSuites();
+ }
+
+ public String[] getSupportedCipherSuites() {
+ return ssl.getSupportedCipherSuites();
+ }
+
+ public ServerSocket createServerSocket() throws IOException {
+ return ssl.createServerSocket();
+ }
+
+ public ServerSocket createServerSocket(int port)
+ throws IOException {
+ return createServerSocket(port, 50);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog)
+ throws IOException {
+ return createServerSocket(port, backlog, null);
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the
+ * given time limit.
+ *
+ * @param localHost the local host name/IP to bind against (null == ANY)
+ * @param port the port to listen on
+ * @param backlog number of connections allowed to queue up for accept().
+ * @return SSLServerSocket a new server socket
+ * @throws java.io.IOException if an I/O error occurs while creating thesocket
+ */
+ public ServerSocket createServerSocket(int port, int backlog,
+ InetAddress localHost)
+ throws IOException {
+ return ssl.createServerSocket(port, backlog, localHost);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServerSocketWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServerSocketWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServerSocketWrapper.java
new file mode 100644
index 0000000..c5d24d9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLServerSocketWrapper.java
@@ -0,0 +1,182 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLServerSocketWrapper.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.SocketException;
+import java.nio.channels.ServerSocketChannel;
+
+/**
+ * Wraps an SSLServerSocket - NOTE that the accept() method applies a number of
+ * important common-ssl settings before returning the SSLSocket!
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 20-Nov-2006
+ */
+public class SSLServerSocketWrapper extends SSLServerSocket {
+ protected SSLServerSocket s;
+ protected SSL ssl;
+ protected SSLWrapperFactory wf;
+
+ public SSLServerSocketWrapper(SSLServerSocket s, SSL ssl,
+ SSLWrapperFactory wf)
+ throws IOException {
+ super();
+ this.s = s;
+ this.ssl = ssl;
+ this.wf = wf;
+ }
+
+ /* javax.net.ssl.SSLServerSocket */
+
+ public Socket accept() throws IOException {
+ SSLSocket secureSocket = (SSLSocket) s.accept();
+
+ // Do the commons-ssl usual housekeeping for every socket:
+ ssl.doPreConnectSocketStuff(secureSocket);
+ InetAddress addr = secureSocket.getInetAddress();
+ String hostName = addr.getHostName();
+ ssl.doPostConnectSocketStuff(secureSocket, hostName);
+
+ return wf.wrap(secureSocket);
+ }
+
+ public String[] getEnabledCipherSuites() {
+ return s.getEnabledCipherSuites();
+ }
+
+ public String[] getEnabledProtocols() { return s.getEnabledProtocols(); }
+
+ public boolean getEnableSessionCreation() {
+ return s.getEnableSessionCreation();
+ }
+
+ public boolean getNeedClientAuth() { return s.getNeedClientAuth(); }
+
+ public String[] getSupportedCipherSuites() {
+ return s.getSupportedCipherSuites();
+ }
+
+ public String[] getSupportedProtocols() { return s.getSupportedProtocols(); }
+
+ public boolean getUseClientMode() { return s.getUseClientMode(); }
+
+ public boolean getWantClientAuth() { return s.getWantClientAuth(); }
+
+ public void setEnabledCipherSuites(String[] suites) {
+ s.setEnabledCipherSuites(suites);
+ }
+
+ public void setEnabledProtocols(String[] protocols) {
+ s.setEnabledProtocols(protocols);
+ }
+
+ public void setEnableSessionCreation(boolean flag) {
+ s.setEnableSessionCreation(flag);
+ }
+
+ public void setNeedClientAuth(boolean need) {
+ s.setNeedClientAuth(need);
+ }
+
+ public void setUseClientMode(boolean use) { s.setUseClientMode(use); }
+
+ public void setWantClientAuth(boolean want) {
+ s.setWantClientAuth(want);
+ }
+
+ /* java.net.Socket */
+
+ public void bind(SocketAddress endpoint) throws IOException {
+ s.bind(endpoint);
+ }
+
+ public void bind(SocketAddress ep, int bl) throws IOException {
+ s.bind(ep, bl);
+ }
+
+ public void close() throws IOException { s.close(); }
+
+ public ServerSocketChannel getChannel() { return s.getChannel(); }
+
+ public InetAddress getInetAddress() { return s.getInetAddress(); }
+
+ public int getLocalPort() { return s.getLocalPort(); }
+
+ public SocketAddress getLocalSocketAddress() {
+ return s.getLocalSocketAddress();
+ }
+
+ public int getReceiveBufferSize() throws SocketException {
+ return s.getReceiveBufferSize();
+ }
+
+ public boolean getReuseAddress() throws SocketException {
+ return s.getReuseAddress();
+ }
+
+ public int getSoTimeout() throws IOException { return s.getSoTimeout(); }
+
+ public boolean isBound() { return s.isBound(); }
+
+ public boolean isClosed() { return s.isClosed(); }
+
+ public void setReceiveBufferSize(int size) throws SocketException {
+ s.setReceiveBufferSize(size);
+ }
+
+ public void setReuseAddress(boolean on) throws SocketException {
+ s.setReuseAddress(on);
+ }
+
+ public void setSoTimeout(int timeout) throws SocketException {
+ s.setSoTimeout(timeout);
+ }
+
+ public String toString() { return s.toString(); }
+
+ /* Java 1.5
+ public void setPerformancePreferences(int connectionTime, int latency, int bandwidth)
+ {
+ s.setPerformancePreferences( connectionTime, latency, bandwidth );
+ }
+ */
+
+
+}
[34/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.raw
new file mode 100644
index 0000000..efbca29
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.raw
@@ -0,0 +1 @@
+Salted__hJ��~~���G8�#��WcQ�Ҡ���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.base64
new file mode 100644
index 0000000..38172a2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+1PFX6yjmLx//GKR/kI0JcI4BvOsFo54U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.raw
new file mode 100644
index 0000000..2536117
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cbc.raw
@@ -0,0 +1 @@
+Salted__1w�����?�X2rϡ�)\��I֦%+
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.base64
new file mode 100644
index 0000000..dadb997
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX183eIcxGvreiWgqXZzCXPTHbs9t1w==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.raw
new file mode 100644
index 0000000..7ab062b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb.raw
@@ -0,0 +1,2 @@
+Salted__�T��qS
+KeU�!����$��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.base64
new file mode 100644
index 0000000..44b6c5d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19seCs2x8/p8t0Dzsg0jG5HJpiyug==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.raw
new file mode 100644
index 0000000..f40fb94
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-cfb8.raw
@@ -0,0 +1 @@
+Salted___�oU������6�������
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.base64
new file mode 100644
index 0000000..1c42841
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+CklO63OMjBE7V60TyZdccAvOZSoHvdoY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.raw
new file mode 100644
index 0000000..9feac0e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ecb.raw
@@ -0,0 +1 @@
+Salted__���8�gs����_pT�ù����I7�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.base64
new file mode 100644
index 0000000..dc623be
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18MiDOnBD5OkXH/C+Ua2qcjGnVsNQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.raw
new file mode 100644
index 0000000..53e8bd6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256-ofb.raw
@@ -0,0 +1 @@
+Salted__����Ł(�z������ ���|
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.base64
new file mode 100644
index 0000000..2370b34
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/qurIuLg/OPdk3l+HU2cYuOfjbKPyU2IQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.raw
new file mode 100644
index 0000000..30b0252
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes256.raw
@@ -0,0 +1 @@
+Salted__4��'T�x��8%k�J"F3�Q
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.base64
new file mode 100644
index 0000000..ded04a6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18ezFO/IyruCLWgSXb8ub3xpSJ7ZKoGI+8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.raw
new file mode 100644
index 0000000..db3a502
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cbc.raw
@@ -0,0 +1 @@
+Salted__�>�K���g����9���;S�s����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.base64
new file mode 100644
index 0000000..135cdad
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+yi+2LyrXPbswy1jL1yAnXX+MjPA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.raw
new file mode 100644
index 0000000..6784823
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb.raw
@@ -0,0 +1 @@
+Salted__���#�5�P���Es�ҿ��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.base64
new file mode 100644
index 0000000..622299b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Uyb5uwUSF5vlUwT8sTYUUUquHwA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.raw
new file mode 100644
index 0000000..00c7c39
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-cfb8.raw
@@ -0,0 +1 @@
+Salted__V:�&'3)�T���_��ŕ�5
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.base64
new file mode 100644
index 0000000..fc5d780
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX181gpdrxNUzjZWSJrri+XaHTk8J2BiwgiY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.raw
new file mode 100644
index 0000000..8ed9cf4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ecb.raw
@@ -0,0 +1 @@
+Salted__��76�f���{Ou��PXJ�R��:A�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.base64
new file mode 100644
index 0000000..e86bec9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/Lzlz4ROS2VIJm3BDuISIlhXyqIA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.raw
new file mode 100644
index 0000000..2c55382
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf-ofb.raw
@@ -0,0 +1 @@
+Salted__T�<���H�F��>��U���B
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.base64
new file mode 100644
index 0000000..8d02877
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.base64
@@ -0,0 +1 @@
+U2FsdGVkX19e7ErlyQFrRuAvkXC+RpF8qq4NUNtwP0Y=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.raw
new file mode 100644
index 0000000..5368738
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/bf.raw
@@ -0,0 +1 @@
+Salted__m�O�T�5�T�ؾ��!����Zw|6�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.base64
new file mode 100644
index 0000000..4a9bc76
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/X9q7FxWKC+Nt4r1Tbx9Lq8iGgpYLA9VU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.raw
new file mode 100644
index 0000000..cbb2039
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cbc.raw
@@ -0,0 +1 @@
+Salted__�B�uk��$2�6+d.�����'�H
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.base64
new file mode 100644
index 0000000..e5cd0bf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+BMJfwsI5pN/TlN21qZpmkKZ+ZCQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.raw
new file mode 100644
index 0000000..760e562
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb.raw
@@ -0,0 +1 @@
+Salted__�F��<A�A� �j�c+��z�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.base64
new file mode 100644
index 0000000..06efdcf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19QNGPN4Mb7Bj9fdwfr2ICVZxIqyw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.raw
new file mode 100644
index 0000000..e13828b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-cfb8.raw
@@ -0,0 +1 @@
+Salted__K����T�ݬ���F{$L/���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.base64
new file mode 100644
index 0000000..28b6573
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/n+y1mOrx0j2A70eSTKaG7xu+WCNzzEkI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.raw
new file mode 100644
index 0000000..6ed74b3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ecb.raw
@@ -0,0 +1 @@
+Salted__�̍3�s2X�����Ϗ�y����o�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.base64
new file mode 100644
index 0000000..2f02531
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18skzs84vkC6FRTjlxDau6lzgx3Jg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.raw
new file mode 100644
index 0000000..754bf21
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish-ofb.raw
@@ -0,0 +1,2 @@
+Salted__���
+郖0`��]��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.base64
new file mode 100644
index 0000000..a490a9c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.base64
@@ -0,0 +1 @@
+U2FsdGVkX18wu3hD9dgyO87j8nRXmczPqDItEunKLUQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.raw
new file mode 100644
index 0000000..fe880fe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/blowfish.raw
@@ -0,0 +1 @@
+Salted__�E�
�rW1����އ�#��R�@��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.base64
new file mode 100644
index 0000000..8985e91
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18UUwHvDEACb8VSquyKXfA9Ht7vMiGa/Sc=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.raw
new file mode 100644
index 0000000..7f72b0a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cbc.raw
@@ -0,0 +1 @@
+Salted__�fF�kP{vJ �Bݐ1���|=�͑
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.base64
new file mode 100644
index 0000000..0a86dab
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/Q+yrw31FhRJYcii+47v+ekN09bg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.raw
new file mode 100644
index 0000000..f574d0f
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.base64
new file mode 100644
index 0000000..b259ca7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18/hQSHjwmpABUe/TaPQPR3gockqw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.raw
new file mode 100644
index 0000000..e0f16ea
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-cfb8.raw
@@ -0,0 +1 @@
+Salted__�'1&{���v/U�$���N���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.base64
new file mode 100644
index 0000000..be0e863
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19NFzHbs8FHT8Cv99Xgj1ZhPx5CY072tZA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.raw
new file mode 100644
index 0000000..adfafc5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ecb.raw
@@ -0,0 +1 @@
+Salted__����1�f0`8F��U��+PeE �#
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.base64
new file mode 100644
index 0000000..4c35120
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Q5WKPCdvjapTYHjJhZQQuPBrkcA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.raw
new file mode 100644
index 0000000..529bc7d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128-ofb.raw
@@ -0,0 +1 @@
+Salted__#�A���=��ɷɭ.��g��(
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.base64
new file mode 100644
index 0000000..09d8760
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.base64
@@ -0,0 +1 @@
+U2FsdGVkX18pM4u/Qtl2csttKUV+nu0wBwTi3joioNA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.raw
new file mode 100644
index 0000000..a9c64ac
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-128.raw
@@ -0,0 +1 @@
+Salted__e{yə�;_f`��c�5��3 E�q|�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.base64
new file mode 100644
index 0000000..4fab5d0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19hH0OOcN4S/DJcOixmApLIQKyU1wgtpOQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.raw
new file mode 100644
index 0000000..ac75809
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cbc.raw
@@ -0,0 +1 @@
+Salted__�A��IY����v��-�3��d����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.base64
new file mode 100644
index 0000000..e3dee68
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+4PAXIOayucO/VkxrUWXLbch6StA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.raw
new file mode 100644
index 0000000..6a6c380
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb.raw
@@ -0,0 +1,2 @@
+Salted__����)��D
+���f�SB��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.base64
new file mode 100644
index 0000000..625f35e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+5lUexVeB0SO+iMPa6ZwZk66DKag==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.raw
new file mode 100644
index 0000000..e8ecfa6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-cfb8.raw
@@ -0,0 +1 @@
+Salted__���y�
�6NӜ�:!dVH���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.base64
new file mode 100644
index 0000000..97f32b5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/fOdsaCQa26731P7m0VWbMA5c3Lhs3CjU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.raw
new file mode 100644
index 0000000..ebc6b97
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ecb.raw
@@ -0,0 +1 @@
+Salted__��U��s{�&^�s<���{4Z�Zr�b
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.base64
new file mode 100644
index 0000000..5959fa1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+atqsl2Yfj4LlRabl6AlyTOUhm5Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.raw
new file mode 100644
index 0000000..2a23190
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192-ofb.raw
@@ -0,0 +1 @@
+Salted__��Ez@�����{H�~͍����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.base64
new file mode 100644
index 0000000..f3beeb2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/XopevJykDpkmcOdCQ0WjGxvSOKCvrheI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.raw
new file mode 100644
index 0000000..0044d7f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-192.raw
@@ -0,0 +1 @@
+Salted__�OJ�)
O��z�1n���%�Z�G�g
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.base64
new file mode 100644
index 0000000..0765452
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX192V/ik6+M1vv4ezzXSKP/mrjtXi1XFaFM=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.raw
new file mode 100644
index 0000000..eaf4c12
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cbc.raw
@@ -0,0 +1 @@
+Salted__�!��+���ܼn'>�x��T3���H�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.base64
new file mode 100644
index 0000000..5cb9834
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18uQkCC3dp9kV1C1HcQ+iR7DNDkNQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.raw
new file mode 100644
index 0000000..19415b5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb.raw
@@ -0,0 +1 @@
+Salted___����\����{I�����/Ɖ
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.base64
new file mode 100644
index 0000000..e9b247f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/AjinqENb4F5Qz5UoLF4euYSUXtg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.raw
new file mode 100644
index 0000000..696b584
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-cfb8.raw
@@ -0,0 +1 @@
+Salted__I?k�x}�̀���Y���2��G
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.base64
new file mode 100644
index 0000000..fa856d9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+LDceo9kKIBEFjQgELUkN7Kub52saETYE=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.raw
new file mode 100644
index 0000000..ffbd183
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ecb.raw
@@ -0,0 +1 @@
+Salted__<���aUA<�6��V��<��B
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.base64
new file mode 100644
index 0000000..919b311
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+GkVrOLtvxbkF+hFDSsmAp6IIi/g==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.raw
new file mode 100644
index 0000000..1102772
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256-ofb.raw
@@ -0,0 +1 @@
+Salted__������5Y��Je��,�w�$
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.base64
new file mode 100644
index 0000000..918ac17
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/j884tRPxO0F0El64xyT3n+W83Wb9Z9nc=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.raw
new file mode 100644
index 0000000..50d7b8a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia-256.raw
@@ -0,0 +1 @@
+Salted__cvls6S��\�<{���.�Wv, ���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.base64
new file mode 100644
index 0000000..2a964ad
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+90QGejW9gW74l1S1eCmxQTa83xaYf5cg=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.raw
new file mode 100644
index 0000000..428af0c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cbc.raw
@@ -0,0 +1 @@
+Salted__wT�ػ��-zp��R�;^�P��õT
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.base64
new file mode 100644
index 0000000..07fc3cd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18OWnOuxyR4YO6FGRH/7yqDm3CmLQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.raw
new file mode 100644
index 0000000..c3f0470
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb.raw
@@ -0,0 +1 @@
+Salted__�睍_T�K�/^a�{��CՕ�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.base64
new file mode 100644
index 0000000..8362065
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18DU/8DbLesx+kp1xFyVzbL0oOGGw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.raw
new file mode 100644
index 0000000..1a9483e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-cfb8.raw
@@ -0,0 +1 @@
+Salted__�{��<����@w���Cc��~T
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.base64
new file mode 100644
index 0000000..9556b3b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+1iqH8lq6+SuZgeWxcbUoZ4dBYxTjVQ1I=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.raw
new file mode 100644
index 0000000..fde676e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ecb.raw
@@ -0,0 +1 @@
+Salted__j�q/3��i��l1!���\5�d�`��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.base64
new file mode 100644
index 0000000..89f0255
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX189RpQrEO2Xy/3zDHr7Or6Tg0c/AQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.raw
new file mode 100644
index 0000000..37caed2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128-ofb.raw
@@ -0,0 +1 @@
+Salted__
kr����^������2�f��D
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.base64
new file mode 100644
index 0000000..66c6feb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.base64
@@ -0,0 +1 @@
+U2FsdGVkX19fNMlxVQ+gfD1AF55ct5dna+5gIcFnHMI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.raw
new file mode 100644
index 0000000..e6f4e0a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia128.raw
@@ -0,0 +1 @@
+Salted__?A���//��YE�WA���C��V�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.base64
new file mode 100644
index 0000000..41f445b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/bDUbd0pqAOeDb1gNIpKqi3DK4iwO7YoA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.raw
new file mode 100644
index 0000000..29212ab
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cbc.raw
@@ -0,0 +1 @@
+Salted__+2!�ԭ�G��I)Ѿ��[��oRZ��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.base64
new file mode 100644
index 0000000..615f4b3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/jPapheHbcuHbq060VPb/lVaN60Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.raw
new file mode 100644
index 0000000..bba9f78
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb.raw
@@ -0,0 +1 @@
+Salted__�̱�*oV��&`�����t�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.base64
new file mode 100644
index 0000000..7c5829d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/L73xES8AWci9th/emGwI9bSXU0A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.raw
new file mode 100644
index 0000000..dd34c2d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-cfb8.raw
@@ -0,0 +1 @@
+Salted__���h"���..������.v?�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.base64
new file mode 100644
index 0000000..0313532
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+THzBGYxZA+1R9rza4Lv9SrWl/sPmmkso=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.raw
new file mode 100644
index 0000000..76ffb51
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ecb.raw
@@ -0,0 +1 @@
+Salted__VX$����H(g����FO��yE��ā
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.base64
new file mode 100644
index 0000000..f0a66bf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+fbFYKjBd8c3PMWewNTe+qTHYxjw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.raw
new file mode 100644
index 0000000..a9806c8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192-ofb.raw
@@ -0,0 +1 @@
+Salted__�t��%T�P�K||ACi�º�=
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.base64
new file mode 100644
index 0000000..3adc735
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/7J6aNaQ3OKgOvbscFo5no/fy72MJk5Fc=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.raw
new file mode 100644
index 0000000..4546f6d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia192.raw
@@ -0,0 +1 @@
+Salted__�opD�ƌ��u)۷���c�0d���T
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.base64
new file mode 100644
index 0000000..20369ea
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+l901jK4fyHQe8zTyOALNfuKuDLDNjNpI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.raw
new file mode 100644
index 0000000..4d58a2f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cbc.raw
@@ -0,0 +1 @@
+Salted__�.�F'������R.oRe ���#p�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.base64
new file mode 100644
index 0000000..aeed858
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX197NNyKW2xVNRjtMbyMbMKc89L68w==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.raw
new file mode 100644
index 0000000..3678157
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb.raw
@@ -0,0 +1 @@
+Salted__g�gA�Z��h�Q��<>7��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.base64
new file mode 100644
index 0000000..cedb3d3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/zIoOUOwApRSAN5J0Sr/j+Swe5nw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.raw
new file mode 100644
index 0000000..688f31e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-cfb8.raw
@@ -0,0 +1 @@
+Salted__(�]��ò~i��������,��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.base64
new file mode 100644
index 0000000..c8bd5c5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Tln+csf9eJsEYdZC45soI+sOC4dMfd4c=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.raw
new file mode 100644
index 0000000..27cf65b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ecb.raw
@@ -0,0 +1 @@
+Salted__�0.�0'/������K�d!qX�MP��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.base64
new file mode 100644
index 0000000..593bd2b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1896Yqjj8AfXnc0eFYKai5KxoCXzQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.raw
new file mode 100644
index 0000000..d49ef81
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256-ofb.raw
@@ -0,0 +1 @@
+Salted__���U�Ԟ��*+C�g2�Tl��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.base64
new file mode 100644
index 0000000..990ca5c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+oGF8zlK3aSF//rgeWimAvobywbD+PD0g=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.raw
new file mode 100644
index 0000000..83f0ac5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/camellia256.raw
@@ -0,0 +1 @@
+Salted__�x�������i�������.� ��A�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.base64
new file mode 100644
index 0000000..3a217bc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/aeco/gkhE72hth3Mn74hFGnCdFZfi3Q4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.raw
new file mode 100644
index 0000000..429fb3a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cbc.raw
@@ -0,0 +1 @@
+Salted__���%�cQL����O�Ŋ7�6�F*C
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.base64
new file mode 100644
index 0000000..cc97783
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+EbjjSoQ/tSg0b+dJNWWAkSFlARQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.raw
new file mode 100644
index 0000000..ae2cbbb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb.raw
@@ -0,0 +1 @@
+Salted__����ˉ���z�B�x%
��j
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.base64
new file mode 100644
index 0000000..fc3803e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18+YZ72SS+beeJ0eEqzEUWLKoBz+g==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.raw
new file mode 100644
index 0000000..f24154d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-cfb8.raw
@@ -0,0 +1 @@
+Salted__$/��+�1
������3�>�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.base64
new file mode 100644
index 0000000..448937a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1++7eyxWebJMaj41x5xlLEDODwl+wrhRaI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.raw
new file mode 100644
index 0000000..a94ff03
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ecb.raw
@@ -0,0 +1 @@
+Salted__��.�ݷG"�����{��d��8غ*v
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.base64
new file mode 100644
index 0000000..22dddf4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19hCVMpUfZQxakwK4dFKSTQuguAUw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.raw
new file mode 100644
index 0000000..e20f9fe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5-ofb.raw
@@ -0,0 +1 @@
+Salted__��cr�f����aO^��q�.��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.base64
new file mode 100644
index 0000000..44daae6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+ezI1ZQcPD4e1zE7jkWZlGFmScgZFucHY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.raw
new file mode 100644
index 0000000..dfbaaff
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast5.raw
@@ -0,0 +1,2 @@
+Salted__
+;�yl�������WI��^���˯�Y
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.base64
new file mode 100644
index 0000000..3608069
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/a8L9HYZcz3S1WhQ3o0R0ebahweJnv+IU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.raw
new file mode 100644
index 0000000..6bf7b34
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cbc.raw
@@ -0,0 +1 @@
+Salted__��Nۥ�뼫��Ԓ�;z!"���P}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.base64
new file mode 100644
index 0000000..adcf160
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+YfAvrxD0wSn/fpojGN9tJkg9DgA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.raw
new file mode 100644
index 0000000..8846469
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb.raw
@@ -0,0 +1 @@
+Salted__���v91�^@7xRw�)R���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.base64
new file mode 100644
index 0000000..11bfab4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+LpuG379U9ZMFOh0FUkcWovxPSqA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.raw
new file mode 100644
index 0000000..0522ed0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-cfb8.raw
@@ -0,0 +1 @@
+Salted__����1�Ku��SvZo��Hvl
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.base64
new file mode 100644
index 0000000..603266d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX192UiTkDb8gI6sTTfy7VGsbT30KNWOT02M=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.raw
new file mode 100644
index 0000000..44148b7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ecb.raw
@@ -0,0 +1 @@
+Salted__g0�@|�������U��8Y��(j/��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.base64
new file mode 100644
index 0000000..08722f1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Y0QSZwFfDFhEAflkjtX4PXaaifQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.raw
new file mode 100644
index 0000000..42ce837
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6-ofb.raw
@@ -0,0 +1 @@
+Salted__]�!�ɽ���L��,_�h��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.base64
new file mode 100644
index 0000000..cee1c7a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+QGJCVEnV4Fw5TlflsQhmEM67/RwhUcLY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.raw
new file mode 100644
index 0000000..b4c8ce3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/cast6.raw
@@ -0,0 +1 @@
+Salted__��*�P�}C��������b�.B��/�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.base64
new file mode 100644
index 0000000..69c2e01
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+qcAmoytN0qF45xG/KHt6ANo7zZXDN4L4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.raw
new file mode 100644
index 0000000..941dbdd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cbc.raw
@@ -0,0 +1 @@
+Salted__Bg�e�g�uنヌ�y���Q��"
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.base64
new file mode 100644
index 0000000..8da3e5c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+f4Sv6TZeWD5LH6tNPJJgMk4LuRQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.raw
new file mode 100644
index 0000000..b11801f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb.raw
@@ -0,0 +1 @@
+Salted__��
�Bj�fz O���zl�R��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.base64
new file mode 100644
index 0000000..bd26500
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18oeqMoo7b5vmE3Z5rV+qaIXfMqPg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.raw
new file mode 100644
index 0000000..4735615
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-cfb8.raw
@@ -0,0 +1 @@
+Salted__R�xBk+ɏ�� �YR��5��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.base64
new file mode 100644
index 0000000..6f88f13
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+pxNg2EC2+QBrrWM5OKERPVnMbHzxo1RE=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.raw
new file mode 100644
index 0000000..ccfe47e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ecb.raw
@@ -0,0 +1 @@
+Salted__��r���5����C�n��3�"y*]h
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.base64
new file mode 100644
index 0000000..58f7b77
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/y6JQizURIjWY6ofYIXeNloyn5rmiqFTs=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.raw
new file mode 100644
index 0000000..e410264
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cbc.raw
@@ -0,0 +1 @@
+Salted__ޞjcg�P��j�Cipk���eJ��
Y
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.base64
new file mode 100644
index 0000000..5fc132f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19f4EqhjsuGrFvzsLFuUFAF7Bcr4Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.raw
new file mode 100644
index 0000000..2489621
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.base64
new file mode 100644
index 0000000..5e8deb6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/VT6B35AlNLqWnVLQ9idrEG9x1eA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.raw
new file mode 100644
index 0000000..7398675
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-cfb8.raw
@@ -0,0 +1 @@
+Salted__.w�{�SX���{j���M(�d�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.base64
new file mode 100644
index 0000000..0033fee
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+Vfd7fjmNvFt3xWsYqPqTanguapFpJA+g=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.raw
new file mode 100644
index 0000000..d99acfb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ecb.raw
@@ -0,0 +1 @@
+Salted__����%�`��������a��:�H��)
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.base64
new file mode 100644
index 0000000..50a8747
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19ZQ1NUWofkQ1zmOoujP13zEGJvJw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.raw
new file mode 100644
index 0000000..9c7e058
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede-ofb.raw
@@ -0,0 +1 @@
+Salted__�t%�
����d��1���d���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.base64
new file mode 100644
index 0000000..f404eaa
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.base64
@@ -0,0 +1 @@
+U2FsdGVkX19E2uLiiey3EfQKaOsj6LBxjGMvHXxlpWY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.raw
new file mode 100644
index 0000000..623a797
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.base64
new file mode 100644
index 0000000..5dab2c3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/O0qdSWL/hUKtdgqExwqh+KXFQet9g8BI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.raw
new file mode 100644
index 0000000..185f518
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cbc.raw
@@ -0,0 +1 @@
+Salted__��q��D�Y# ��w���$ٝ��T�y
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.base64
new file mode 100644
index 0000000..05e05e3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19BwdOPwBsmzE/cH0yaVKBZhS/Icg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.raw
new file mode 100644
index 0000000..0df9165
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb.raw
@@ -0,0 +1 @@
+Salted__�61��T&�{�`ӭa��:�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.base64
new file mode 100644
index 0000000..f6e8818
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18dDuhVBwLJsMxfDYa/MTjTruLYQg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.raw
new file mode 100644
index 0000000..21e3b70
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-cfb8.raw
@@ -0,0 +1 @@
+Salted__��E�S�z�ԑjC�uBW��o
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.base64
new file mode 100644
index 0000000..7e5e36e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+WHqIW/MnLOisXHvYhVw3lxReySmIMF+E=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.raw
new file mode 100644
index 0000000..b0d3e54
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ecb.raw
@@ -0,0 +1 @@
+Salted__,K���M��PN{�$+�����[@&��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.base64
new file mode 100644
index 0000000..1b70a4d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/des-ede3-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19dgoM0LLrk/zilPkGQ5k1KVeUK2A==
[10/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacDataInputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacDataInputStream.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacDataInputStream.java
new file mode 100644
index 0000000..c668133
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacDataInputStream.java
@@ -0,0 +1,139 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.Date;
+
+public class PacDataInputStream {
+
+ private DataInputStream dis;
+ private int size;
+
+ public PacDataInputStream(InputStream in) throws IOException {
+ dis = new DataInputStream(in);
+ size = in.available();
+ }
+
+ public void align(int mask) throws IOException {
+ int position = size - dis.available();
+ int shift = position & mask - 1;
+ if(mask != 0 && shift != 0)
+ dis.skip(mask - shift);
+ }
+
+ public int available() throws IOException {
+ return dis.available();
+ }
+
+ public void readFully(byte[] b) throws IOException {
+ dis.readFully(b);
+ }
+
+ public void readFully(byte[] b, int off, int len) throws IOException {
+ dis.readFully(b, off, len);
+ }
+
+ public char readChar() throws IOException {
+ align(2);
+ return dis.readChar();
+ }
+
+ public byte readByte() throws IOException {
+ return dis.readByte();
+ }
+
+ public short readShort() throws IOException {
+ align(2);
+ return Short.reverseBytes((short)dis.readShort());
+ }
+
+ public int readInt() throws IOException {
+ align(4);
+ return Integer.reverseBytes(dis.readInt());
+ }
+
+ public long readLong() throws IOException {
+ align(8);
+ return Long.reverseBytes(dis.readLong());
+ }
+
+ public int readUnsignedByte() throws IOException {
+ return ((int)readByte()) & 0xff;
+ }
+
+ public long readUnsignedInt() throws IOException {
+ return ((long)readInt()) & 0xffffffffL;
+ }
+
+ public int readUnsignedShort() throws IOException {
+ return ((int)readShort()) & 0xffff;
+ }
+
+ public Date readFiletime() throws IOException {
+ Date date = null;
+
+ long last = readUnsignedInt();
+ long first = readUnsignedInt();
+ if(first != 0x7fffffffL && last != 0xffffffffL) {
+ BigInteger lastBigInt = BigInteger.valueOf(last);
+ BigInteger firstBigInt = BigInteger.valueOf(first);
+ BigInteger completeBigInt = lastBigInt.add(firstBigInt.shiftLeft(32));
+ completeBigInt = completeBigInt.divide(BigInteger.valueOf(10000L));
+ completeBigInt = completeBigInt.add(BigInteger.valueOf(PacConstants.FILETIME_BASE));
+ date = new Date(completeBigInt.longValue());
+ }
+
+ return date;
+ }
+
+ public PacUnicodeString readUnicodeString() throws IOException {
+ short length = readShort();
+ short maxLength = readShort();
+ int pointer = readInt();
+
+ if(maxLength < length) {
+ throw new IOException("pac.string.malformed.size");
+ }
+
+ return new PacUnicodeString(length, maxLength, pointer);
+ }
+
+ public String readString() throws IOException {
+ int totalChars = readInt();
+ int unusedChars = readInt();
+ int usedChars = readInt();
+
+ if(unusedChars > totalChars || usedChars > totalChars - unusedChars)
+ throw new IOException("pac.string.malformed.size");
+
+ dis.skip(unusedChars * 2);
+ char[] chars = new char[usedChars];
+ for(int l = 0; l < usedChars; l++)
+ chars[l] = (char)readShort();
+
+ return new String(chars);
+ }
+
+ public PacSid readId() throws IOException {
+ byte[] bytes = new byte[4];
+ readFully(bytes);
+
+ return PacSid.createFromSubs(bytes);
+ }
+
+ public PacSid readSid() throws IOException {
+ int sidSize = readInt();
+
+ byte[] bytes = new byte[8 + sidSize * 4];
+ readFully(bytes);
+
+ return new PacSid(bytes);
+ }
+
+ public int skipBytes(int n) throws IOException {
+ return dis.skipBytes(n);
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacGroup.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacGroup.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacGroup.java
new file mode 100644
index 0000000..73a2c18
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacGroup.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+public class PacGroup {
+
+ private PacSid id;
+ private int attributes;
+
+ public PacGroup(PacSid id, int attributes) {
+ super();
+ this.id = id;
+ this.attributes = attributes;
+ }
+
+ public PacSid getId() {
+ return id;
+ }
+
+ public int getAttributes() {
+ return attributes;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacLogonInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacLogonInfo.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacLogonInfo.java
new file mode 100644
index 0000000..972d6d6
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacLogonInfo.java
@@ -0,0 +1,303 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.util.Date;
+
+public class PacLogonInfo {
+
+ private Date logonTime;
+ private Date logoffTime;
+ private Date kickOffTime;
+ private Date pwdLastChangeTime;
+ private Date pwdCanChangeTime;
+ private Date pwdMustChangeTime;
+ private short logonCount;
+ private short badPasswordCount;
+ private String userName;
+ private String userDisplayName;
+ private String logonScript;
+ private String profilePath;
+ private String homeDirectory;
+ private String homeDrive;
+ private String serverName;
+ private String domainName;
+ private PacSid userSid;
+ private PacSid groupSid;
+ private PacSid[] groupSids;
+ private PacSid[] resourceGroupSids;
+ private PacSid[] extraSids;
+ private int userAccountControl;
+ private int userFlags;
+
+ public PacLogonInfo(byte[] data) throws IOException {
+ try {
+ PacDataInputStream pacStream = new PacDataInputStream(new DataInputStream(
+ new ByteArrayInputStream(data)));
+
+ // Skip firsts
+ pacStream.skipBytes(20);
+
+ // Dates
+ logonTime = pacStream.readFiletime();
+ logoffTime = pacStream.readFiletime();
+ kickOffTime = pacStream.readFiletime();
+ pwdLastChangeTime = pacStream.readFiletime();
+ pwdCanChangeTime = pacStream.readFiletime();
+ pwdMustChangeTime = pacStream.readFiletime();
+
+ // User related strings as UnicodeStrings
+ PacUnicodeString userNameString = pacStream.readUnicodeString();
+ PacUnicodeString userDisplayNameString = pacStream.readUnicodeString();
+ PacUnicodeString logonScriptString = pacStream.readUnicodeString();
+ PacUnicodeString profilePathString = pacStream.readUnicodeString();
+ PacUnicodeString homeDirectoryString = pacStream.readUnicodeString();
+ PacUnicodeString homeDriveString = pacStream.readUnicodeString();
+
+ // Some counts
+ logonCount = pacStream.readShort();
+ badPasswordCount = pacStream.readShort();
+
+ // IDs for user
+ PacSid userId = pacStream.readId();
+ PacSid groupId = pacStream.readId();
+
+ // Groups information
+ int groupCount = pacStream.readInt();
+ int groupPointer = pacStream.readInt();
+
+ // User flags about PAC Logon Info content
+ userFlags = pacStream.readInt();
+ boolean hasExtraSids = (userFlags & PacConstants.LOGON_EXTRA_SIDS) == PacConstants.LOGON_EXTRA_SIDS;
+ boolean hasResourceGroups = (userFlags & PacConstants.LOGON_RESOURCE_GROUPS) == PacConstants.LOGON_RESOURCE_GROUPS;
+
+ // Skip some reserved fields (User Session Key)
+ pacStream.skipBytes(16);
+
+ // Server related strings as UnicodeStrings
+ PacUnicodeString serverNameString = pacStream.readUnicodeString();
+ PacUnicodeString domainNameString = pacStream.readUnicodeString();
+
+ // ID for domain (used with relative IDs to get SIDs)
+ int domainIdPointer = pacStream.readInt();
+
+ // Skip some reserved fields
+ pacStream.skipBytes(8);
+
+ userAccountControl = pacStream.readInt();
+
+ // Skip some reserved fields
+ pacStream.skipBytes(28);
+
+ // Extra SIDs information
+ int extraSidCount = pacStream.readInt();
+ int extraSidPointer = pacStream.readInt();
+
+ // ID for resource groups domain (used with IDs to get SIDs)
+ int resourceDomainIdPointer = pacStream.readInt();
+
+ // Resource groups information
+ int resourceGroupCount = pacStream.readInt();
+ int resourceGroupPointer = pacStream.readInt();
+
+ // User related strings
+ userName = userNameString.check(pacStream.readString());
+ userDisplayName = userDisplayNameString.check(pacStream.readString());
+ logonScript = logonScriptString.check(pacStream.readString());
+ profilePath = profilePathString.check(pacStream.readString());
+ homeDirectory = homeDirectoryString.check(pacStream.readString());
+ homeDrive = homeDriveString.check(pacStream.readString());
+
+ // Groups data
+ PacGroup[] groups = new PacGroup[0];
+ if(groupPointer != 0) {
+ int realGroupCount = pacStream.readInt();
+ if(realGroupCount != groupCount) {
+ Object[] args = new Object[]{groupCount, realGroupCount};
+ throw new IOException("pac.groups.invalid.size");
+ }
+ groups = new PacGroup[groupCount];
+ for(int i = 0; i < groupCount; i++) {
+ pacStream.align(4);
+ PacSid id = pacStream.readId();
+ int attributes = pacStream.readInt();
+ groups[i] = new PacGroup(id, attributes);
+ }
+ }
+
+ // Server related strings
+ serverName = serverNameString.check(pacStream.readString());
+ domainName = domainNameString.check(pacStream.readString());
+
+ // ID for domain (used with relative IDs to get SIDs)
+ PacSid domainId = null;
+ if(domainIdPointer != 0)
+ domainId = pacStream.readSid();
+
+ // Extra SIDs data
+ PacSidAttributes[] extraSidAtts = new PacSidAttributes[0];
+ if(hasExtraSids && extraSidPointer != 0) {
+ int realExtraSidCount = pacStream.readInt();
+ if(realExtraSidCount != extraSidCount) {
+ Object[] args = new Object[]{extraSidCount, realExtraSidCount};
+ throw new IOException("pac.extrasids.invalid.size");
+ }
+ extraSidAtts = new PacSidAttributes[extraSidCount];
+ int[] pointers = new int[extraSidCount];
+ int[] attributes = new int[extraSidCount];
+ for(int i = 0; i < extraSidCount; i++) {
+ pointers[i] = pacStream.readInt();
+ attributes[i] = pacStream.readInt();
+ }
+ for(int i = 0; i < extraSidCount; i++) {
+ PacSid sid = (pointers[i] != 0) ? pacStream.readSid() : null;
+ extraSidAtts[i] = new PacSidAttributes(sid, attributes[i]);
+ }
+ }
+
+ // ID for resource domain (used with relative IDs to get SIDs)
+ PacSid resourceDomainId = null;
+ if(resourceDomainIdPointer != 0)
+ resourceDomainId = pacStream.readSid();
+
+ // Resource groups data
+ PacGroup[] resourceGroups = new PacGroup[0];
+ if(hasResourceGroups && resourceGroupPointer != 0) {
+ int realResourceGroupCount = pacStream.readInt();
+ if(realResourceGroupCount != resourceGroupCount) {
+ Object[] args = new Object[]{resourceGroupCount, realResourceGroupCount};
+ throw new IOException("pac.resourcegroups.invalid.size");
+ }
+ resourceGroups = new PacGroup[resourceGroupCount];
+ for(int i = 0; i < resourceGroupCount; i++) {
+ PacSid id = pacStream.readSid();
+ int attributes = pacStream.readInt();
+ resourceGroups[i] = new PacGroup(id, attributes);
+ }
+ }
+
+ // Extract Extra SIDs
+ extraSids = new PacSid[extraSidAtts.length];
+ for(int i = 0; i < extraSidAtts.length; i++) {
+ extraSids[i] = extraSidAtts[i].getId();
+ }
+
+ // Compute Resource Group IDs with Resource Domain ID to get SIDs
+ resourceGroupSids = new PacSid[resourceGroups.length];
+ for(int i = 0; i < resourceGroups.length; i++) {
+ resourceGroupSids[i] = PacSid.append(resourceDomainId, resourceGroups[i].getId());
+ }
+
+ // Compute User IDs with Domain ID to get User SIDs
+ // First extra is user if userId is empty
+ if(!userId.isEmpty() && !userId.isBlank()) {
+ userSid = PacSid.append(domainId, userId);
+ } else if(extraSids.length > 0) {
+ userSid = extraSids[0];
+ }
+ groupSid = PacSid.append(domainId, groupId);
+
+ // Compute Group IDs with Domain ID to get Group SIDs
+ groupSids = new PacSid[groups.length];
+ for(int i = 0; i < groups.length; i++) {
+ groupSids[i] = PacSid.append(domainId, groups[i].getId());
+ }
+ } catch(IOException e) {
+ throw new IOException("pac.logoninfo.malformed", e);
+ }
+ }
+
+ public Date getLogonTime() {
+ return logonTime;
+ }
+
+ public Date getLogoffTime() {
+ return logoffTime;
+ }
+
+ public Date getKickOffTime() {
+ return kickOffTime;
+ }
+
+ public Date getPwdLastChangeTime() {
+ return pwdLastChangeTime;
+ }
+
+ public Date getPwdCanChangeTime() {
+ return pwdCanChangeTime;
+ }
+
+ public Date getPwdMustChangeTime() {
+ return pwdMustChangeTime;
+ }
+
+ public short getLogonCount() {
+ return logonCount;
+ }
+
+ public short getBadPasswordCount() {
+ return badPasswordCount;
+ }
+
+ public String getUserName() {
+ return userName;
+ }
+
+ public String getUserDisplayName() {
+ return userDisplayName;
+ }
+
+ public String getLogonScript() {
+ return logonScript;
+ }
+
+ public String getProfilePath() {
+ return profilePath;
+ }
+
+ public String getHomeDirectory() {
+ return homeDirectory;
+ }
+
+ public String getHomeDrive() {
+ return homeDrive;
+ }
+
+ public String getServerName() {
+ return serverName;
+ }
+
+ public String getDomainName() {
+ return domainName;
+ }
+
+ public PacSid getUserSid() {
+ return userSid;
+ }
+
+ public PacSid getGroupSid() {
+ return groupSid;
+ }
+
+ public PacSid[] getGroupSids() {
+ return groupSids;
+ }
+
+ public PacSid[] getResourceGroupSids() {
+ return resourceGroupSids;
+ }
+
+ public PacSid[] getExtraSids() {
+ return extraSids;
+ }
+
+ public int getUserAccountControl() {
+ return userAccountControl;
+ }
+
+ public int getUserFlags() {
+ return userFlags;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSid.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSid.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSid.java
new file mode 100644
index 0000000..1262e52
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSid.java
@@ -0,0 +1,111 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import java.io.IOException;
+
+public class PacSid {
+
+ private static final String FORMAT = "%1$02x";
+
+ private byte revision;
+ private byte subCount;
+ private byte[] authority;
+ private byte[] subs;
+
+ public PacSid(byte[] bytes) throws IOException {
+ if(bytes.length < 8 || ((bytes.length - 8) % 4) != 0
+ || ((bytes.length - 8) / 4) != bytes[1])
+ throw new IOException("pac.sid.malformed.size");
+
+ this.revision = bytes[0];
+ this.subCount = bytes[1];
+ this.authority = new byte[6];
+ System.arraycopy(bytes, 2, this.authority, 0, 6);
+ this.subs = new byte[bytes.length - 8];
+ System.arraycopy(bytes, 8, this.subs, 0, bytes.length - 8);
+ }
+
+ public PacSid(PacSid sid) {
+ this.revision = sid.revision;
+ this.subCount = sid.subCount;
+ this.authority = new byte[6];
+ System.arraycopy(sid.authority, 0, this.authority, 0, 6);
+ this.subs = new byte[sid.subs.length];
+ System.arraycopy(sid.subs, 0, this.subs, 0, sid.subs.length);
+ }
+
+ public String toString() {
+ StringBuilder builder = new StringBuilder();
+
+ builder.append("\\").append(String.format(FORMAT, ((int)revision) & 0xff));
+ builder.append("\\").append(String.format(FORMAT, ((int)subCount) & 0xff));
+ for(int i = 0; i < authority.length; i++) {
+ int unsignedByte = ((int)authority[i]) & 0xff;
+ builder.append("\\").append(String.format(FORMAT, unsignedByte));
+ }
+ for(int i = 0; i < subs.length; i++) {
+ int unsignedByte = ((int)subs[i]) & 0xff;
+ builder.append("\\").append(String.format(FORMAT, unsignedByte));
+ }
+
+ return builder.toString();
+ }
+
+ public boolean isEmpty() {
+ return subCount == 0;
+ }
+
+ public boolean isBlank() {
+ boolean blank = true;
+ for(byte sub : subs)
+ blank = blank && (sub == 0);
+ return blank;
+ }
+
+ public byte[] getBytes() {
+ byte[] bytes = new byte[8 + subCount * 4];
+ bytes[0] = revision;
+ bytes[1] = subCount;
+ System.arraycopy(authority, 0, bytes, 2, 6);
+ System.arraycopy(subs, 0, bytes, 8, subs.length);
+
+ return bytes;
+ }
+
+ public static String toString(byte[] bytes) {
+ StringBuilder builder = new StringBuilder();
+
+ for(int i = 0; i < bytes.length; i++) {
+ int unsignedByte = ((int)bytes[i]) & 0xff;
+ builder.append("\\").append(String.format(FORMAT, unsignedByte));
+ }
+
+ return builder.toString();
+ }
+
+ public static PacSid createFromSubs(byte[] bytes) throws IOException {
+ if((bytes.length % 4) != 0) {
+ Object[] args = new Object[]{bytes.length};
+ throw new IOException("pac.subauthority.malformed.size");
+ }
+
+ byte[] sidBytes = new byte[8 + bytes.length];
+ sidBytes[0] = 1;
+ sidBytes[1] = (byte)(bytes.length / 4);
+ System.arraycopy(new byte[]{0, 0, 0, 0, 0, 5}, 0, sidBytes, 2, 6);
+ System.arraycopy(bytes, 0, sidBytes, 8, bytes.length);
+
+ return new PacSid(sidBytes);
+ }
+
+ public static PacSid append(PacSid sid1, PacSid sid2) {
+ PacSid sid = new PacSid(sid1);
+
+ sid.subCount += sid2.subCount;
+ sid.subs = new byte[sid.subCount * 4];
+ System.arraycopy(sid1.subs, 0, sid.subs, 0, sid1.subs.length);
+ System.arraycopy(sid2.subs, 0, sid.subs, sid1.subs.length, sid2.subs.length);
+
+ return sid;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSidAttributes.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSidAttributes.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSidAttributes.java
new file mode 100644
index 0000000..0e72278
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSidAttributes.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+public class PacSidAttributes {
+
+ private PacSid id;
+ private int attributes;
+
+ public PacSidAttributes(PacSid id, int attributes) {
+ super();
+ this.id = id;
+ this.attributes = attributes;
+ }
+
+ public PacSid getId() {
+ return id;
+ }
+
+ public int getAttributes() {
+ return attributes;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSignature.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSignature.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSignature.java
new file mode 100644
index 0000000..cffa307
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacSignature.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+
+public class PacSignature {
+
+ private int type;
+ private byte[] checksum;
+
+ public PacSignature(byte[] data) throws IOException {
+ try {
+ PacDataInputStream bufferStream = new PacDataInputStream(new DataInputStream(
+ new ByteArrayInputStream(data)));
+
+ type = bufferStream.readInt();
+ checksum = new byte[bufferStream.available()];
+ bufferStream.readFully(checksum);
+ } catch(IOException e) {
+ throw new IOException("pac.signature.malformed", e);
+ }
+ }
+
+ public int getType() {
+ return type;
+ }
+
+ public byte[] getChecksum() {
+ return checksum;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacUnicodeString.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacUnicodeString.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacUnicodeString.java
new file mode 100644
index 0000000..3bc5879
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacUnicodeString.java
@@ -0,0 +1,42 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import java.io.IOException;
+
+public class PacUnicodeString {
+
+ private short length;
+ private short maxLength;
+ private int pointer;
+
+ public PacUnicodeString(short length, short maxLength, int pointer) {
+ super();
+ this.length = length;
+ this.maxLength = maxLength;
+ this.pointer = pointer;
+ }
+
+ public short getLength() {
+ return length;
+ }
+
+ public short getMaxLength() {
+ return maxLength;
+ }
+
+ public int getPointer() {
+ return pointer;
+ }
+
+ public String check(String string) throws IOException {
+ if(pointer == 0 && string != null)
+ throw new IOException("pac.string.notempty");
+
+ int expected = length / 2;
+ if(string.length() != expected) {
+ Object[] args = new Object[]{expected, string.length()};
+ throw new IOException("pac.string.invalid.size");
+ }
+
+ return string;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java
new file mode 100644
index 0000000..2bf0116
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+public interface SpnegoConstants {
+
+ static final String SPNEGO_MECHANISM = "1.3.6.1.5.5.2";
+ static final String KERBEROS_MECHANISM = "1.2.840.113554.1.2.2";
+ static final String LEGACY_KERBEROS_MECHANISM = "1.2.840.48018.1.2.2";
+ static final String NTLMSSP_MECHANISM = "1.3.6.1.4.1.311.2.2.10";
+
+ static final String SPNEGO_OID = SPNEGO_MECHANISM;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java
new file mode 100644
index 0000000..7faf764
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public class SpnegoInitToken extends SpnegoToken {
+
+ public static final int DELEGATION = 0x40;
+ public static final int MUTUAL_AUTHENTICATION = 0x20;
+ public static final int REPLAY_DETECTION = 0x10;
+ public static final int SEQUENCE_CHECKING = 0x08;
+ public static final int ANONYMITY = 0x04;
+ public static final int CONFIDENTIALITY = 0x02;
+ public static final int INTEGRITY = 0x01;
+
+ private String[] mechanisms;
+ private int contextFlags;
+
+ public SpnegoInitToken(byte[] token) throws IOException {
+
+ }
+
+ public int getContextFlags() {
+ return contextFlags;
+ }
+
+ public boolean getContextFlag(int flag) {
+ return (getContextFlags() & flag) == flag;
+ }
+
+ public String[] getMechanisms() {
+ return mechanisms;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java
new file mode 100644
index 0000000..5255649
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public class SpnegoTargToken extends SpnegoToken {
+
+ public static final int UNSPECIFIED_RESULT = -1;
+ public static final int ACCEPT_COMPLETED = 0;
+ public static final int ACCEPT_INCOMPLETE = 1;
+ public static final int REJECTED = 2;
+
+ private int result = UNSPECIFIED_RESULT;
+
+ public SpnegoTargToken(byte[] token) throws IOException {
+
+ }
+
+ public int getResult() {
+ return result;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java
new file mode 100644
index 0000000..65ed48e
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public abstract class SpnegoToken {
+
+ // Default max size as 65K
+ public static int TOKEN_MAX_SIZE = 66560;
+
+ protected byte[] mechanismToken;
+ protected byte[] mechanismList;
+ protected String mechanism;
+
+ public static SpnegoToken parse(byte[] token) throws IOException {
+ SpnegoToken spnegoToken = null;
+
+ if(token.length <= 0)
+ throw new IOException("spnego.token.empty");
+
+ switch (token[0]) {
+ case (byte)0x60:
+ spnegoToken = new SpnegoInitToken(token);
+ break;
+ case (byte)0xa1:
+ spnegoToken = new SpnegoTargToken(token);
+ break;
+ default:
+ spnegoToken = null;
+ Object[] args = new Object[]{token[0]};
+ throw new IOException("spnego.token.invalid");
+ }
+
+ return spnegoToken;
+ }
+
+ public byte[] getMechanismToken() {
+ return mechanismToken;
+ }
+
+ public byte[] getMechanismList() {
+ return mechanismList;
+ }
+
+ public String getMechanism() {
+ return mechanism;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java
new file mode 100644
index 0000000..9c1d1ca
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import junit.framework.Assert;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+public class CodecTest {
+
+ @Test
+ public void testCodec() throws KrbException {
+ CheckSum mcs = new CheckSum();
+ mcs.setCksumtype(CheckSumType.CRC32);
+ mcs.setChecksum(new byte[] {0x10});
+ byte[] bytes = KrbCodec.encode(mcs);
+ Assert.assertNotNull(bytes);
+
+ CheckSum restored = KrbCodec.decode(bytes, CheckSum.class);
+ Assert.assertNotNull(restored);
+ Assert.assertEquals(mcs.getCksumtype(), restored.getCksumtype());
+ Assert.assertTrue(Arrays.equals(mcs.getChecksum(), restored.getChecksum()));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java
new file mode 100644
index 0000000..c489fe5
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java
@@ -0,0 +1,248 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import org.apache.kerberos.kerb.codec.kerberos.AuthzDataUtil;
+import org.apache.kerberos.kerb.codec.kerberos.KerberosCredentials;
+import org.apache.kerberos.kerb.codec.kerberos.KerberosTicket;
+import org.apache.kerberos.kerb.codec.kerberos.KerberosToken;
+import org.apache.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerberos.kerb.codec.pac.PacLogonInfo;
+import org.apache.kerberos.kerb.codec.pac.PacSid;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TestKerberos {
+
+ private byte[] rc4Token;
+ private byte[] desToken;
+ private byte[] aes128Token;
+ private byte[] aes256Token;
+ private byte[] corruptToken;
+ private EncryptionKey rc4Key;
+ private EncryptionKey desKey;
+ private EncryptionKey aes128Key;
+ private EncryptionKey aes256Key;
+ private EncryptionKey corruptKey;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream file;
+ byte[] keyData;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-kerberos-data");
+ rc4Token = new byte[file.available()];
+ file.read(rc4Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-kerberos-data");
+ desToken = new byte[file.available()];
+ file.read(desToken);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-kerberos-data");
+ aes128Token = new byte[file.available()];
+ file.read(aes128Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-kerberos-data");
+ aes256Token = new byte[file.available()];
+ file.read(aes256Token);
+ file.close();
+
+ corruptToken = new byte[]{1, 2, 3, 4, 5, 6};
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ rc4Key = new EncryptionKey(23, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ desKey = new EncryptionKey(3, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ aes128Key = new EncryptionKey(17, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ aes256Key = new EncryptionKey(18, keyData, 2);
+ file.close();
+
+ corruptKey = new EncryptionKey(23, new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3}, 2);
+ }
+
+ @Test
+ public void testRc4Ticket() throws Exception {
+ KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ //@Test
+ public void testDesTicket() throws Exception {
+ KerberosToken token = new KerberosToken(desToken, desKey);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test@domain.com", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testAes128Ticket() throws Exception {
+ KerberosToken token = null;
+ token = new KerberosToken(aes128Token, aes128Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testAes256Ticket() throws Exception {
+ KerberosToken token = null;
+ token = new KerberosToken(aes256Token, aes256Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testCorruptTicket() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(corruptToken, rc4Key);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testEmptyTicket() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(new byte[0], rc4Key);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testNullTicket() throws Exception {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(null, rc4Key);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testCorruptKey() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(rc4Token, corruptKey);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testNoMatchingKey() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(rc4Token, desKey);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testKerberosPac() throws Exception {
+ KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+
+ AuthorizationData authzData = ticket.getAuthorizationData();
+ Assert.assertNotNull(authzData);
+ Assert.assertTrue(authzData.getElements().size() > 0);
+
+ EncryptionType eType = ticket.getTicket().getEncPart().getKey().getKeyType();
+ Pac pac = AuthzDataUtil.getPac(authzData,
+ KerberosCredentials.getServerKey(eType).getKeyData());
+ Assert.assertNotNull(pac);
+
+ PacLogonInfo logonInfo = pac.getLogonInfo();
+ Assert.assertNotNull(logonInfo);
+
+ List<String> sids = new ArrayList<String>();
+ if(logonInfo.getGroupSid() != null)
+ sids.add(logonInfo.getGroupSid().toString());
+ for(PacSid pacSid : logonInfo.getGroupSids())
+ sids.add(pacSid.toString());
+ for(PacSid pacSid : logonInfo.getExtraSids())
+ sids.add(pacSid.toString());
+ for(PacSid pacSid : logonInfo.getResourceGroupSids())
+ sids.add(pacSid.toString());
+
+ Assert.assertEquals(ticket.getUserPrincipalName(), logonInfo.getUserName());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java
new file mode 100644
index 0000000..37cbeca
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java
@@ -0,0 +1,135 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.pac.Pac;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestPac {
+
+ private byte[] rc4Data;
+ private byte[] desData;
+ private byte[] corruptData;
+ private byte[] rc4Key;
+ private byte[] desKey;
+ private byte[] corruptKey;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream file;
+ byte[] keyData;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-pac-data");
+ rc4Data = new byte[file.available()];
+ file.read(rc4Data);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-pac-data");
+ desData = new byte[file.available()];
+ file.read(desData);
+ file.close();
+
+ corruptData = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ rc4Key = keyData;
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ desKey = keyData;
+ file.close();
+
+ corruptKey = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+ }
+
+ @Test
+ public void testRc4Pac() throws KrbException {
+ Pac pac = new Pac(rc4Data, rc4Key);
+
+ Assert.assertNotNull(pac);
+ Assert.assertNotNull(pac.getLogonInfo());
+
+ Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+ Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+ Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+ Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+ Assert.assertEquals(46, pac.getLogonInfo().getLogonCount());
+ Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+ Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+ }
+
+ @Test
+ public void testDesPac() throws KrbException {
+ Pac pac = new Pac(desData, desKey);
+
+ Assert.assertNotNull(pac);
+ Assert.assertNotNull(pac.getLogonInfo());
+
+ Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+ Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+ Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+ Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+ Assert.assertEquals(48, pac.getLogonInfo().getLogonCount());
+ Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+ Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+ }
+
+ @Test
+ public void testCorruptPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(corruptData, rc4Key);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testEmptyPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(new byte[0], rc4Key);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testNullPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(null, rc4Key);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(KrbException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testCorruptKey() {
+ Pac pac = null;
+ try {
+ pac = new Pac(rc4Data, corruptKey);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java
new file mode 100644
index 0000000..46e3099
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java
@@ -0,0 +1,153 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import org.apache.kerberos.kerb.codec.spnego.SpnegoConstants;
+import org.apache.kerberos.kerb.codec.spnego.SpnegoInitToken;
+import org.apache.kerberos.kerb.codec.spnego.SpnegoToken;
+import org.junit.Assert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestSpnego {
+
+ private byte[] rc4Token;
+ private byte[] desToken;
+ private byte[] aes128Token;
+ private byte[] aes256Token;
+ private byte[] corruptToken;
+
+ //@Before
+ public void setUp() throws IOException {
+ InputStream file;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-spnego-data");
+ rc4Token = new byte[file.available()];
+ file.read(rc4Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-spnego-data");
+ desToken = new byte[file.available()];
+ file.read(desToken);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-spnego-data");
+ aes128Token = new byte[file.available()];
+ file.read(aes128Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-spnego-data");
+ aes256Token = new byte[file.available()];
+ file.read(aes256Token);
+ file.close();
+
+ corruptToken = new byte[]{5, 4, 2, 1};
+ }
+
+ //@Test
+ public void testRc4Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(rc4Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < rc4Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testDesToken() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(desToken);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < desToken.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testAes128Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(aes128Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < aes128Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testAes256Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(aes256Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < aes256Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testEmptyToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(new byte[0]);
+ Assert.fail("Should have thrown DecodingException.");
+ } catch(IOException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+ //@Test
+ public void testCorruptToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(corruptToken);
+ Assert.fail("Should have thrown DecodingException.");
+ } catch(IOException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+ //@Test
+ public void testNullToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(null);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/pom.xml b/haox-kerb/kerb-core/pom.xml
new file mode 100644
index 0000000..5823424
--- /dev/null
+++ b/haox-kerb/kerb-core/pom.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-core</artifactId>
+
+ <name>Haox-kerb core</name>
+ <description>Haox-kerb core facilities</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbConstant.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbConstant.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbConstant.java
new file mode 100644
index 0000000..6075f67
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbConstant.java
@@ -0,0 +1,7 @@
+package org.apache.kerberos.kerb;
+
+public interface KrbConstant {
+ public final static int KRB_V5 = 5;
+
+ public final static String TGS_PRINCIPAL = "krbtgt";
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorCode.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorCode.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorCode.java
new file mode 100644
index 0000000..b7be499
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorCode.java
@@ -0,0 +1,109 @@
+package org.apache.kerberos.kerb;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum KrbErrorCode implements KrbEnum {
+ KDC_ERR_NONE(0, "No error"),
+ KDC_ERR_NAME_EXP(1, "Client's entry in database has expired"),
+ KDC_ERR_SERVICE_EXP(2, "Server's entry in database has expired"),
+ KDC_ERR_BAD_PVNO(3, "Requested protocol version number not supported"),
+ KDC_ERR_C_OLD_MAST_KVNO(4, "Client's key encrypted in old master key"),
+ KDC_ERR_S_OLD_MAST_KVNO(5, "Server's key encrypted in old master key"),
+ KDC_ERR_C_PRINCIPAL_UNKNOWN(6, "Client not found in Kerberos database"),
+ KDC_ERR_S_PRINCIPAL_UNKNOWN(7, "Server not found in Kerberos database"),
+ KDC_ERR_PRINCIPAL_NOT_UNIQUE(8, "Multiple principal entries in database"),
+ KDC_ERR_NULL_KEY(9, "The client or server has a null key"),
+ KDC_ERR_CANNOT_POSTDATE(10, "Ticket not eligible for postdating"),
+ KDC_ERR_NEVER_VALID(11, "Requested start time is later than end time"),
+ KDC_ERR_POLICY(12, "KDC policy rejects request"),
+ KDC_ERR_BADOPTION(13, "KDC cannot accommodate requested option"),
+ KDC_ERR_ETYPE_NOSUPP(14, "KDC has no support for encryption type"),
+ KDC_ERR_SUMTYPE_NOSUPP(15, "KDC has no support for checksum type"),
+ KDC_ERR_PADATA_TYPE_NOSUPP(16, "KDC has no support for padata type"),
+ KDC_ERR_TRTYPE_NOSUPP(17, "KDC has no support for transited type"),
+ KDC_ERR_CLIENT_REVOKED(18, "Clients credentials have been revoked"),
+ KDC_ERR_SERVICE_REVOKED(19, "Credentials for server have been revoked"),
+ KDC_ERR_TGT_REVOKED(20, "TGT has been revoked"),
+ KDC_ERR_CLIENT_NOTYET(21, "Client not yet valid; try again later"),
+ KDC_ERR_SERVICE_NOTYET(22, "Server not yet valid; try again later"),
+ KDC_ERR_KEY_EXPIRED(23, "Password has expired; change password to reset"),
+ KDC_ERR_PREAUTH_FAILED(24, "Pre-authentication information was invalid"),
+ KDC_ERR_PREAUTH_REQUIRED(25, "Additional pre-authentication required"),
+ KDC_ERR_SERVER_NOMATCH(26, "Requested server and ticket don't match"),
+ KDC_ERR_MUST_USE_USER2USER(27, "Server valid for user2user only"),
+ KDC_ERR_PATH_NOT_ACCEPTED(28, "KDC Policy rejects transited path"),
+ KDC_ERR_SVC_UNAVAILABLE(29, "A service is not available"),
+ KRB_AP_ERR_BAD_INTEGRITY(31, "Integrity check on decrypted field failed"),
+ KRB_AP_ERR_TKT_EXPIRED(32, "Ticket expired"),
+ KRB_AP_ERR_TKT_NYV(33, "Ticket not yet valid"),
+ KRB_AP_ERR_REPEAT(34, "Request is a replay"),
+ KRB_AP_ERR_NOT_US(35, "The ticket isn't for us"),
+ KRB_AP_ERR_BADMATCH(36, "Ticket and authenticator don't match"),
+ KRB_AP_ERR_SKEW(37, "Clock skew too great"),
+ KRB_AP_ERR_BADADDR(38, "Incorrect net address"),
+ KRB_AP_ERR_BADVERSION(39, "Protocol version mismatch"),
+ KRB_AP_ERR_MSG_TYPE(40, "Invalid msg type"),
+ KRB_AP_ERR_MODIFIED(41, "Message stream modified"),
+ KRB_AP_ERR_BADORDER(42, "Message out of order"),
+ KRB_AP_ERR_BADKEYVER(44, "Specified version of key is not available"),
+ KRB_AP_ERR_NOKEY(45, "Service key not available"),
+ KRB_AP_ERR_MUT_FAIL(46, "Mutual authentication failed"),
+ KRB_AP_ERR_BADDIRECTION(47, "Incorrect message direction"),
+ KRB_AP_ERR_METHOD(48, "Alternative authentication method required"),
+ KRB_AP_ERR_BADSEQ(49, "Incorrect sequence number in message"),
+ KRB_AP_ERR_INAPP_CKSUM(50, "Inappropriate type of checksum in message"),
+ KRB_AP_PATH_NOT_ACCEPTED(51, "Policy rejects transited path"),
+ RESPONSE_TOO_BIG(52, "Response too big for UDP; retry with TCP"),
+ KRB_ERR_GENERIC(60, "Generic error (description in e-text)"),
+ FIELD_TOOLONG(61, "Field is too long for this implementation"),
+ KDC_ERR_CLIENT_NOT_TRUSTED(62, "Client is not trusted"),
+ KDC_NOT_TRUSTED(63, "KDC is not trusted"),
+ KDC_ERR_INVALID_SIG(64, "Signature is invalid"),
+ KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED(65, "Diffie-Hellman (DH) key parameters not accepted."),
+ CERTIFICATE_MISMATCH(66, "Certificates do not match"),
+ KRB_AP_ERR_NO_TGT(67, "No TGT available to validate USER-TO-USER"),
+ WRONG_REALM(68, "Wrong realm"),
+ KRB_AP_ERR_USER_TO_USER_REQUIRED(69, "Ticket must be for USER-TO-USER"),
+ KDC_ERR_CANT_VERIFY_CERTIFICATE(70, "Can't verify certificate"),
+ KDC_ERR_INVALID_CERTIFICATE(71, "Invalid certificate"),
+ KDC_ERR_REVOKED_CERTIFICATE(72, "Revoked certificate"),
+ KDC_ERR_REVOCATION_STATUS_UNKNOWN(73, "Revocation status unknown"),
+ REVOCATION_STATUS_UNAVAILABLE(74, "Revocation status unavailable"),
+ KDC_ERR_CLIENT_NAME_MISMATCH(75, "Client names do not match"),
+ KDC_NAME_MISMATCH(76, "KDC names do not match"),
+ KDC_ERR_INCONSISTENT_KEY_PURPOSE(77, "Inconsistent key purpose"),
+ KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED(78, "Digest in certificate not accepted"),
+ KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED(79, "PA checksum must be included"),
+ KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED(80, "Digest in signed data not accepted"),
+ KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED(81, "Public key encryption not supported"),
+
+ KRB_TIMEOUT(5000, "Network timeout");
+
+ private final int value;
+ private final String message;
+
+ private KrbErrorCode(int value, String message) {
+ this.value = value;
+ this.message = message;
+ }
+
+ public static KrbErrorCode fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (KrbErrorCode) e;
+ }
+ }
+ }
+
+ return KRB_ERR_GENERIC;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public String getMessage() {
+ return message;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorException.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorException.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorException.java
new file mode 100644
index 0000000..bd6b0b4
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbErrorException.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb;
+
+import org.apache.kerberos.kerb.spec.common.KrbError;
+
+public class KrbErrorException extends KrbException {
+ private KrbError krbError;
+
+ public KrbErrorException(KrbError krbError) {
+ super(krbError.getErrorCode().getMessage());
+ this.krbError = krbError;
+ }
+
+ public KrbError getKrbError() {
+ return krbError;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbException.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbException.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbException.java
new file mode 100644
index 0000000..5e50f3c
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/KrbException.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb;
+
+public class KrbException extends Exception {
+
+ public KrbException(String message) {
+ super(message);
+ }
+
+ public KrbException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public KrbException(KrbErrorCode errorCode) {
+ super(errorCode.getMessage());
+ }
+
+ public KrbException(KrbErrorCode errorCode, Throwable cause) {
+ super(errorCode.getMessage(), cause);
+ }
+
+ public KrbException(KrbErrorCode errorCode, String message) {
+ super(message + " with error code: " + errorCode.name());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/codec/KrbCodec.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/codec/KrbCodec.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/codec/KrbCodec.java
new file mode 100644
index 0000000..a42a261
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/codec/KrbCodec.java
@@ -0,0 +1,74 @@
+package org.apache.kerberos.kerb.codec;
+
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.type.AbstractAsn1Type;
+import org.apache.haox.asn1.type.Asn1Type;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerberos.kerb.spec.kdc.AsRep;
+import org.apache.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerberos.kerb.spec.kdc.TgsRep;
+import org.apache.kerberos.kerb.spec.kdc.TgsReq;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class KrbCodec {
+
+ public static byte[] encode(Asn1Type krbObj) throws KrbException {
+ return krbObj.encode();
+ }
+
+ public static <T extends Asn1Type> T decode(byte[] content, Class<T> krbType) throws KrbException {
+ return decode(ByteBuffer.wrap(content), krbType);
+ }
+
+ public static <T extends Asn1Type> T decode(ByteBuffer content, Class<T> krbType) throws KrbException {
+ Asn1Type implObj = null;
+ try {
+ implObj = krbType.newInstance();
+ } catch (Exception e) {
+ throw new KrbException("Decoding failed", e);
+ }
+
+ try {
+ implObj.decode(content);
+ } catch (IOException e) {
+ throw new KrbException("Decoding failed", e);
+ }
+
+ return (T) implObj;
+ }
+
+ public static KrbMessage decodeMessage(ByteBuffer byteBuffer) throws IOException {
+ LimitedByteBuffer limitedBuffer = new LimitedByteBuffer(byteBuffer);
+ int tag = AbstractAsn1Type.readTag(limitedBuffer);
+ int tagNo = AbstractAsn1Type.readTagNo(limitedBuffer, tag);
+ int length = AbstractAsn1Type.readLength(limitedBuffer);
+ LimitedByteBuffer valueBuffer = new LimitedByteBuffer(limitedBuffer, length);
+
+ KrbMessage msg = null;
+ KrbMessageType msgType = KrbMessageType.fromValue(tagNo);
+ if (msgType == KrbMessageType.TGS_REQ) {
+ msg = new TgsReq();
+ } else if (msgType == KrbMessageType.AS_REP) {
+ msg = new AsRep();
+ } else if (msgType == KrbMessageType.AS_REQ) {
+ msg = new AsReq();
+ } else if (msgType == KrbMessageType.TGS_REP) {
+ msg = new TgsRep();
+ } else if (msgType == KrbMessageType.AP_REQ) {
+ msg = new ApReq();
+ } else if (msgType == KrbMessageType.AP_REP) {
+ msg = new ApReq();
+ } else {
+ throw new IOException("To be supported krb message type with tag: " + tag);
+ }
+ msg.decode(tag, tagNo, valueBuffer);
+
+ return msg;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosString.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosString.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosString.java
new file mode 100644
index 0000000..8a79018
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosString.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.spec;
+
+import org.apache.haox.asn1.type.Asn1GeneralString;
+
+/**
+ KerberosString ::= GeneralString -- (IA5String)
+ */
+public class KerberosString extends Asn1GeneralString {
+ public KerberosString() {
+ }
+
+ public KerberosString(String value) {
+ super(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosStrings.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosStrings.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosStrings.java
new file mode 100644
index 0000000..b902069
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosStrings.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.spec;
+
+import java.util.List;
+
+public class KerberosStrings extends KrbSequenceOfType<KerberosString> {
+
+ public KerberosStrings() {
+ super();
+ }
+
+ public KerberosStrings(List<String> strings) {
+ super();
+ setValues(strings);
+ }
+
+ public void setValues(List<String> values) {
+ clear();
+ if (values != null) {
+ for (String value : values) {
+ addElement(new KerberosString(value));
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosTime.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosTime.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosTime.java
new file mode 100644
index 0000000..2817077
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KerberosTime.java
@@ -0,0 +1,99 @@
+package org.apache.kerberos.kerb.spec;
+
+import org.apache.haox.asn1.type.Asn1GeneralizedTime;
+
+import java.util.Date;
+import java.util.TimeZone;
+
+/**
+ KerberosTime ::= GeneralizedTime -- with no fractional seconds
+ */
+public class KerberosTime extends Asn1GeneralizedTime {
+ private static final TimeZone UTC = TimeZone.getTimeZone("UTC");
+
+ public static final KerberosTime NEVER = new KerberosTime(Long.MAX_VALUE);
+
+ public static final int MINUTE = 60000;
+
+ public static final int DAY = MINUTE * 1440;
+
+ public static final int WEEK = MINUTE * 10080;
+
+ public KerberosTime() {
+ super(0L);
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public KerberosTime(long time) {
+ super(time);
+ }
+
+ /**
+ * Return time in milliseconds
+ */
+ public long getTime() {
+ if (getValue() != null) {
+ return getValue().getTime();
+ }
+ return 0L;
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public void setTime(long time) {
+ setValue(new Date(time));
+ }
+
+ public long getTimeInSeconds() {
+ return getTime() / 1000;
+ }
+
+ public boolean lessThan(KerberosTime ktime) {
+ return getValue().compareTo(ktime.getValue()) < 0;
+ }
+
+ public boolean lessThan(long time) {
+ return getValue().getTime() <= time * 1000;
+ }
+
+ public boolean greaterThan(KerberosTime ktime) {
+ return getValue().compareTo(ktime.getValue()) > 0;
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public boolean isInClockSkew(long clockSkew) {
+ long delta = Math.abs(getTime() - System.currentTimeMillis());
+
+ return delta < clockSkew;
+ }
+
+ public KerberosTime copy() {
+ long time = getTime();
+ KerberosTime result = new KerberosTime(time);
+ return result;
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public KerberosTime extend(long duration) {
+ long result = getTime() + duration;
+ return new KerberosTime(result);
+ }
+
+ /**
+ * Return diff time in milliseconds
+ */
+ public long diff(KerberosTime other) {
+ return getTime() - other.getTime();
+ }
+
+ public static KerberosTime now() {
+ return new KerberosTime(new Date().getTime());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbAppSequenceType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbAppSequenceType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbAppSequenceType.java
new file mode 100644
index 0000000..ce196af
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbAppSequenceType.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.spec;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.TaggingSequence;
+
+/**
+ * This is for application specific sequence tagged with a number.
+ */
+public abstract class KrbAppSequenceType extends TaggingSequence {
+ public KrbAppSequenceType(int tagNo, Asn1FieldInfo[] fieldInfos) {
+ super(tagNo, fieldInfos, true);
+ }
+
+ protected int getFieldAsInt(int index) {
+ Integer value = getFieldAsInteger(index);
+ if (value != null) {
+ return value.intValue();
+ }
+ return -1;
+ }
+
+ protected void setFieldAsString(int index, String value) {
+ setFieldAs(index, new KerberosString(value));
+ }
+
+ protected KerberosTime getFieldAsTime(int index) {
+ KerberosTime value = getFieldAs(index, KerberosTime.class);
+ return value;
+ }
+
+ protected void setFieldAsTime(int index, long value) {
+ setFieldAs(index, new KerberosTime(value));
+ }
+
+ protected void setField(int index, KrbEnum krbEnum) {
+ setFieldAsInt(index, krbEnum.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbEnum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbEnum.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbEnum.java
new file mode 100644
index 0000000..2457ad8
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbEnum.java
@@ -0,0 +1,5 @@
+package org.apache.kerberos.kerb.spec;
+
+public interface KrbEnum {
+ public int getValue();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbIntegers.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbIntegers.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbIntegers.java
new file mode 100644
index 0000000..cb86a79
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbIntegers.java
@@ -0,0 +1,35 @@
+package org.apache.kerberos.kerb.spec;
+
+import org.apache.haox.asn1.type.Asn1Integer;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KrbIntegers extends KrbSequenceOfType<Asn1Integer> {
+
+ public KrbIntegers() {
+ super();
+ }
+
+ public KrbIntegers(List<Integer> values) {
+ super();
+ setValues(values);
+ }
+
+ public void setValues(List<Integer> values) {
+ clear();
+ if (values != null) {
+ for (Integer value : values) {
+ addElement(new Asn1Integer(value));
+ }
+ }
+ }
+
+ public List<Integer> getValues() {
+ List<Integer> results = new ArrayList<Integer>();
+ for (Asn1Integer value : getElements()) {
+ results.add(value.getValue());
+ }
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceOfType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceOfType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceOfType.java
new file mode 100644
index 0000000..f3225da
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceOfType.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.spec;
+
+import org.apache.haox.asn1.type.Asn1SequenceOf;
+import org.apache.haox.asn1.type.Asn1String;
+import org.apache.haox.asn1.type.Asn1Type;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KrbSequenceOfType<T extends Asn1Type> extends Asn1SequenceOf<T> {
+
+ public List<String> getAsStrings() {
+ List<T> elements = getElements();
+ List<String> results = new ArrayList<String>();
+ for (T ele : elements) {
+ if (ele instanceof Asn1String) {
+ results.add(((Asn1String) ele).getValue());
+ } else {
+ throw new RuntimeException("The targeted field type isn't of string");
+ }
+ }
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceType.java
new file mode 100644
index 0000000..adf3828
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/KrbSequenceType.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.spec;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1SequenceType;
+
+public abstract class KrbSequenceType extends Asn1SequenceType {
+
+ public KrbSequenceType(Asn1FieldInfo[] fieldInfos) {
+ super(fieldInfos);
+ }
+
+ protected int getFieldAsInt(int index) {
+ Integer value = getFieldAsInteger(index);
+ if (value != null) {
+ return value.intValue();
+ }
+ return -1;
+ }
+
+ protected void setFieldAsString(int index, String value) {
+ setFieldAs(index, new KerberosString(value));
+ }
+
+ protected KerberosTime getFieldAsTime(int index) {
+ KerberosTime value = getFieldAs(index, KerberosTime.class);
+ return value;
+ }
+
+ protected void setFieldAsTime(int index, long value) {
+ setFieldAs(index, new KerberosTime(value));
+ }
+
+ protected void setField(int index, KrbEnum value) {
+ setFieldAsInt(index, value.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOption.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOption.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOption.java
new file mode 100644
index 0000000..6f9b5c2
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOption.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.spec.ap;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+/**
+ APOptions ::= KrbFlags
+ -- reserved(0),
+ -- use-session-key(1),
+ -- mutual-required(2)
+ */
+public enum ApOption implements KrbEnum {
+ NONE(-1),
+ RESERVED(0x80000000),
+ USE_SESSION_KEY(0x40000000),
+ MUTUAL_REQUIRED(0x20000000),
+ ETYPE_NEGOTIATION(0x00000002),
+ USE_SUBKEY(0x00000001);
+
+ private final int value;
+
+ private ApOption(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static ApOption fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (ApOption) e;
+ }
+ }
+
+ return NONE;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOptions.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOptions.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOptions.java
new file mode 100644
index 0000000..b829f35
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApOptions.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.spec.ap;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+public class ApOptions extends KrbFlags {
+
+ public ApOptions() {
+ this(0);
+ }
+
+ public ApOptions(int value) {
+ setFlags(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApRep.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApRep.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApRep.java
new file mode 100644
index 0000000..0cdc71b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApRep.java
@@ -0,0 +1,46 @@
+package org.apache.kerberos.kerb.spec.ap;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+
+/**
+ AP-REP ::= [APPLICATION 15] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (15),
+ enc-part [2] EncryptedData -- EncAPRepPart
+ }
+ */
+public class ApRep extends KrbMessage {
+ private static int ENC_PART = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, 0, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, 1, Asn1Integer.class),
+ new Asn1FieldInfo(ENC_PART, 2, EncryptedData.class)
+ };
+
+ public ApRep() {
+ super(KrbMessageType.AP_REP, fieldInfos);
+ }
+
+ private EncAPRepPart encRepPart;
+
+ public EncAPRepPart getEncRepPart() {
+ return encRepPart;
+ }
+
+ public void setEncRepPart(EncAPRepPart encRepPart) {
+ this.encRepPart = encRepPart;
+ }
+
+ public EncryptedData getEncryptedEncPart() {
+ return getFieldAs(ENC_PART, EncryptedData.class);
+ }
+
+ public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
+ setFieldAs(ENC_PART, encryptedEncPart);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApReq.java
new file mode 100644
index 0000000..7c7cba5
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/ApReq.java
@@ -0,0 +1,70 @@
+package org.apache.kerberos.kerb.spec.ap;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+
+/**
+ AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (14),
+ ap-options [2] APOptions,
+ ticket [3] Ticket,
+ authenticator [4] EncryptedData -- Authenticator
+ }
+ */
+public class ApReq extends KrbMessage {
+ private static int AP_OPTIONS = 2;
+ private static int TICKET = 3;
+ private static int AUTHENTICATOR = 4;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(AP_OPTIONS, ApOptions.class),
+ new Asn1FieldInfo(TICKET, Ticket.class),
+ new Asn1FieldInfo(AUTHENTICATOR, EncryptedData.class)
+ };
+
+ private Authenticator authenticator;
+
+ public ApReq() {
+ super(KrbMessageType.AP_REQ, fieldInfos);
+ }
+
+ public ApOptions getApOptions() {
+ return getFieldAs(AP_OPTIONS, ApOptions.class);
+ }
+
+ public void setApOptions(ApOptions apOptions) {
+ setFieldAs(AP_OPTIONS, apOptions);
+ }
+
+ public Ticket getTicket() {
+ return getFieldAs(TICKET, Ticket.class);
+ }
+
+ public void setTicket(Ticket ticket) {
+ setFieldAs(TICKET, ticket);
+ }
+
+ public Authenticator getAuthenticator() {
+ return authenticator;
+ }
+
+ public void setAuthenticator(Authenticator authenticator) {
+ this.authenticator = authenticator;
+ }
+
+ public EncryptedData getEncryptedAuthenticator() {
+ return getFieldAs(AUTHENTICATOR, EncryptedData.class);
+ }
+
+ public void setEncryptedAuthenticator(EncryptedData encryptedAuthenticator) {
+ setFieldAs(AUTHENTICATOR, encryptedAuthenticator);
+ }
+}
+
[06/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
new file mode 100644
index 0000000..02e8567
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
@@ -0,0 +1,63 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 hmac.c
+ */
+public class Hmac {
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockLen = hashProvider.blockSize();
+ byte[] innerPaddedKey = new byte[blockLen];
+ byte[] outerPaddedKey = new byte[blockLen];
+
+ // Create the inner padded key
+ Arrays.fill(innerPaddedKey, (byte)0x36);
+ for (int i = 0; i < key.length; i++) {
+ innerPaddedKey[i] ^= key[i];
+ }
+
+ // Create the outer padded key
+ Arrays.fill(outerPaddedKey, (byte)0x5c);
+ for (int i = 0; i < key.length; i++) {
+ outerPaddedKey[i] ^= key[i];
+ }
+
+ hashProvider.hash(innerPaddedKey);
+
+ hashProvider.hash(data, start, len);
+
+ byte[] tmp = hashProvider.output();
+
+ hashProvider.hash(outerPaddedKey);
+ hashProvider.hash(tmp);
+
+ tmp = hashProvider.output();
+ return tmp;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java
new file mode 100644
index 0000000..5877234
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java
@@ -0,0 +1,339 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+import java.security.MessageDigestSpi;
+
+/**
+ * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm.
+ * The MD4 algorithm is designed to be quite fast on 32-bit machines. In
+ * addition, the MD4 algorithm does not require any large substitution
+ * tables.
+ *
+ * @see The <a href="http://www.ietf.org/rfc/rfc1320.txt">MD4</a> Message-
+ * Digest Algorithm by R. Rivest.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ * @since MINA 2.0.0-M3
+ */
+
+/**
+ * Copied from Mina project and modified a bit
+ */
+public class Md4 extends MessageDigest {
+
+ /**
+ * The MD4 algorithm message digest length is 16 bytes wide.
+ */
+ public static final int BYTE_DIGEST_LENGTH = 16;
+
+ /**
+ * The MD4 algorithm block length is 64 bytes wide.
+ */
+ public static final int BYTE_BLOCK_LENGTH = 64;
+
+ /**
+ * The initial values of the four registers. RFC gives the values
+ * in LE so we converted it as JAVA uses BE endianness.
+ */
+ private final static int A = 0x67452301;
+
+ private final static int B = 0xefcdab89;
+
+ private final static int C = 0x98badcfe;
+
+ private final static int D = 0x10325476;
+
+ /**
+ * The four registers initialized with the above IVs.
+ */
+ private int a = A;
+
+ private int b = B;
+
+ private int c = C;
+
+ private int d = D;
+
+ /**
+ * Counts the total length of the data being digested.
+ */
+ private long msgLength;
+
+ /**
+ * The internal buffer is {@link BLOCK_LENGTH} wide.
+ */
+ private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH];
+
+ /**
+ * Default constructor.
+ */
+ public Md4() {
+ super("MD4");
+ engineReset();
+ }
+
+ /**
+ * Returns the digest length in bytes.
+ *
+ * @return the digest length in bytes.
+ */
+ protected int engineGetDigestLength() {
+ return BYTE_DIGEST_LENGTH;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte b) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ buffer[pos] = b;
+ msgLength++;
+
+ // If buffer contains enough data then process it.
+ if (pos == (BYTE_BLOCK_LENGTH - 1)) {
+ process(buffer, 0);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte[] b, int offset, int len) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos;
+ int blkStart = 0;
+
+ msgLength += len;
+
+ // Process each full block
+ if (len >= nbOfCharsToFillBuf) {
+ System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf);
+ process(buffer, 0);
+ for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) {
+ process(b, offset + blkStart);
+ }
+ pos = 0;
+ }
+
+ // Fill buffer with the remaining data
+ if (blkStart < len) {
+ System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected byte[] engineDigest() {
+ byte[] p = pad();
+ engineUpdate(p, 0, p.length);
+ byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8),
+ (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24),
+ (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) };
+
+ engineReset();
+
+ return digest;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected int engineDigest(byte[] buf, int offset, int len) throws DigestException {
+ if (offset < 0 || offset + len >= buf.length) {
+ throw new DigestException("Wrong offset or not enough space to store the digest");
+ }
+ int destLength = Math.min(len, BYTE_DIGEST_LENGTH);
+ System.arraycopy(engineDigest(), 0, buf, offset, destLength);
+ return destLength;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineReset() {
+ a = A;
+ b = B;
+ c = C;
+ d = D;
+ msgLength = 0;
+ }
+
+ /**
+ * Pads the buffer by appending the byte 0x80, then append as many zero
+ * bytes as necessary to make the buffer length a multiple of 64 bytes.
+ * The last 8 bytes will be filled with the length of the buffer in bits.
+ * If there's no room to store the length in bits in the block i.e the block
+ * is larger than 56 bytes then an additionnal 64-bytes block is appended.
+ *
+ * @see sections 3.1 & 3.2 of the RFC 1320.
+ *
+ * @return the pad byte array
+ */
+ private byte[] pad() {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int padLength = (pos < 56) ? (64 - pos) : (128 - pos);
+ byte[] pad = new byte[padLength];
+
+ // First bit of the padding set to 1
+ pad[0] = (byte) 0x80;
+
+ long bits = msgLength << 3;
+ int index = padLength - 8;
+ for (int i = 0; i < 8; i++) {
+ pad[index++] = (byte) (bits >>> (i << 3));
+ }
+
+ return pad;
+ }
+
+ /**
+ * Process one 64-byte block. Algorithm is constituted by three rounds.
+ * Note that F, G and H functions were inlined for improved performance.
+ *
+ * @param in the byte array to process
+ * @param offset the offset at which the 64-byte block is stored
+ */
+ private void process(byte[] in, int offset) {
+ // Save previous state.
+ int aa = a;
+ int bb = b;
+ int cc = c;
+ int dd = d;
+
+ // Copy the block to process into X array
+ int[] X = new int[16];
+ for (int i = 0; i < 16; i++) {
+ X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16
+ | (in[offset++] & 0xff) << 24;
+ }
+
+ // Round 1
+ a += ((b & c) | (~b & d)) + X[0];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[1];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[2];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[3];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[4];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[5];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[6];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[7];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[8];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[9];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[10];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[11];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[12];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[13];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[14];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[15];
+ b = b << 19 | b >>> (32 - 19);
+
+ // Round 2
+ a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+
+ // Round 3
+ a += (b ^ c ^ d) + X[0] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[8] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[4] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[12] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[2] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[10] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[6] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[14] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[1] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[9] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[5] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[13] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[3] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[11] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[7] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[15] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+
+ //Update state.
+ a += aa;
+ b += bb;
+ c += cc;
+ d += dd;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java
new file mode 100644
index 0000000..29c2362
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java
@@ -0,0 +1,83 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 nfold.c
+ */
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+public class Nfold {
+
+ /**
+ * representation: msb first, assume n and k are multiples of 8, and
+ * that k>=16. this is the case of all the cryptosystems which are
+ * likely to be used. this function can be replaced if that
+ * assumption ever fails.
+ */
+ public static byte[] nfold(byte[] inBytes, int size) {
+ int inBytesNum = inBytes.length; // count inBytes byte
+ int outBytesNum = size; // count inBytes byte
+
+ int a, b, c, lcm;
+ a = outBytesNum;
+ b = inBytesNum;
+
+ while (b != 0) {
+ c = b;
+ b = a % b;
+ a = c;
+ }
+ lcm = (outBytesNum * inBytesNum) / a;
+
+ byte[] outBytes = new byte[outBytesNum];
+ Arrays.fill(outBytes, (byte)0);
+
+ int tmpByte = 0;
+ int msbit, i, tmp;
+
+ for (i = lcm-1; i >= 0; i--) {
+ // first, start with the msbit inBytes the first, unrotated byte
+ tmp = ((inBytesNum<<3)-1);
+ // then, for each byte, shift to the right for each repetition
+ tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
+ // last, pick outBytes the correct byte within that shifted repetition
+ tmp += ((inBytesNum-(i%inBytesNum)) << 3);
+
+ msbit = tmp % (inBytesNum << 3);
+
+ // pull outBytes the byte value itself
+ tmp = ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
+ (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff))
+ >>>((msbit & 7)+1)) & 0xff;
+
+ tmpByte += tmp;
+ tmp = (outBytes[i % outBytesNum] & 0xff);
+ tmpByte += tmp;
+
+ outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+
+ // if there's a carry bit left over, add it back inBytes
+ if (tmpByte != 0) {
+ for (i = outBytesNum-1; i >= 0; i--) {
+ // do the addition
+ tmpByte += (outBytes[i] & 0xff);
+ outBytes[i] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+ }
+
+ return outBytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java
new file mode 100644
index 0000000..4dad9e6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public class Nonce {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static synchronized int value() {
+ int value = srand.nextInt();
+ return value & 0x7fffffff;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java
new file mode 100644
index 0000000..4869951
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Pbkdf {
+
+ public static byte[] PBKDF2(char[] secret, byte[] salt,
+ int count, int keySize) throws GeneralSecurityException {
+
+ PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8);
+ SecretKeyFactory skf =
+ SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ SecretKey key = skf.generateSecret(ks);
+ byte[] result = key.getEncoded();
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java
new file mode 100644
index 0000000..096a9b0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Random {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static byte[] makeBytes(int size) {
+ byte[] data = new byte[size];
+ srand.nextBytes(data);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
new file mode 100644
index 0000000..1253a8f
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
@@ -0,0 +1,44 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 enc_rc4.c
+ */
+public class Rc4 {
+
+ private static byte[] L40 = "fortybits".getBytes();
+
+ public static byte[] getSalt(int usage, boolean exportable) {
+ int newUsage = convertUsage(usage);
+ byte[] salt;
+
+ if (exportable) {
+ salt = new byte[14];
+ System.arraycopy(L40, 0, salt, 0, 9);
+ BytesUtil.int2bytes(newUsage, salt, 10, false);
+ } else {
+ salt = new byte[4];
+ BytesUtil.int2bytes(newUsage, salt, 0, false);
+ }
+
+ return salt;
+ }
+
+ private static int convertUsage(int usage) {
+ switch (usage) {
+ case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */
+ case 2: return 2; /* ticket from kdc */
+ case 3: return 8; /* as-rep encrypted part */
+ case 4: return 4; /* tgs-req authz data */
+ case 5: return 5; /* tgs-req authz data in subkey */
+ case 6: return 6; /* tgs-req authenticator cksum */
+ case 7: return 7; /* tgs-req authenticator */
+ case 8: return 8;
+ case 9: return 9; /* tgs-rep encrypted with subkey */
+ case 10: return 10; /* ap-rep authentication cksum (never used by MS) */
+ case 11: return 11; /* app-req authenticator */
+ case 12: return 12; /* app-rep encrypted part */
+ case 23: return 13; /* sign wrap token*/
+ default: return usage;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java
new file mode 100644
index 0000000..58117b9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.crypto;
+
+public class Util {
+
+ public static void xor(byte[] input, int offset, byte[] output) {
+ int a, b;
+ for (int i = 0; i < output.length / 4; ++i) {
+ a = BytesUtil.bytes2int(input, offset + i * 4, true);
+ b = BytesUtil.bytes2int(output, i * 4, true);
+ b = a ^ b;
+ BytesUtil.int2bytes(b, output, i * 4, true);
+ }
+ }
+
+ public static void xor(byte[] a, byte[] b, byte[] output) {
+ int av, bv, v;
+ for (int i = 0; i < a.length / 4; ++i) {
+ av = BytesUtil.bytes2int(a, i * 4, true);
+ bv = BytesUtil.bytes2int(b, i * 4, true);
+ v = av ^ bv;
+ BytesUtil.int2bytes(v, output, i * 4, true);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
new file mode 100644
index 0000000..cdf0b70
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
@@ -0,0 +1,93 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerberos.kerb.crypto.CheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractCheckSumTypeHandler
+ extends AbstractCryptoTypeHandler implements CheckSumTypeHandler {
+
+ private int computeSize;
+ private int outputSize;
+
+ public AbstractCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider);
+ this.computeSize = computeSize;
+ this.outputSize = outputSize;
+ }
+
+ @Override
+ public String name() {
+ return cksumType().getName();
+ }
+
+ @Override
+ public String displayName() {
+ return cksumType().getDisplayName();
+ }
+
+ @Override
+ public int computeSize() {
+ return computeSize;
+ }
+
+ @Override
+ public int outputSize() {
+ return outputSize;
+ }
+
+ public boolean isSafe() {
+ return false;
+ }
+
+ public int cksumSize() {
+ return 4;
+ }
+
+ public int keySize() {
+ return 0;
+ }
+
+ public int confounderSize() {
+ return 0;
+ }
+
+ @Override
+ public byte[] checksum(byte[] data) throws KrbException {
+ return checksum(data, 0, data.length);
+ }
+
+ @Override
+ public byte[] checksum(byte[] data, int start, int size) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean verify(byte[] data, byte[] checksum) throws KrbException {
+ return verify(data, 0, data.length, checksum);
+ }
+
+ @Override
+ public boolean verify(byte[] data, int start, int size, byte[] checksum) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int size,
+ byte[] key, int usage) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+ @Override
+ public boolean verifyWithKey(byte[] data,
+ byte[] key, int usage, byte[] checksum) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..3755b63
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
@@ -0,0 +1,56 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractKeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractKeyedCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int outputSize = outputSize();
+
+ byte[] tmp = doChecksumWithKey(data, start, len, key, usage);
+ if (outputSize < tmp.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(tmp, 0, output, 0, outputSize);
+ return output;
+ } else {
+ return tmp;
+ }
+ }
+
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ return new byte[0];
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data, byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksumWithKey(data, key, usage);
+ return checksumEqual(checksum, newCksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
new file mode 100644
index 0000000..1d62ae2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia128CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia128CheckSum() {
+ super(new Camellia128Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
new file mode 100644
index 0000000..5380813
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia256CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia256CheckSum() {
+ super(new Camellia256Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
new file mode 100644
index 0000000..796d260
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
@@ -0,0 +1,17 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Cmac;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class CmacKcCheckSum extends KcCheckSum {
+
+ public CmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, null, computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len);
+ return mac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
new file mode 100644
index 0000000..0b6d5a3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
@@ -0,0 +1,101 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.spec.DESKeySpec;
+import java.security.InvalidKeyException;
+
+public abstract class ConfounderedDesCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public ConfounderedDesCheckSum(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(new DesProvider(), hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ byte[] workBuffer = new byte[computeSize];
+
+ // confounder
+ byte[] conf = Confounder.makeBytes(blockSize);
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + len];
+ System.arraycopy(conf, 0, toHash, 0, blockSize);
+ System.arraycopy(data, start, toHash, blockSize, len);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] hash = hashProvider.output();
+
+ // confounder | hash
+ System.arraycopy(conf, 0, workBuffer, 0, blockSize);
+ System.arraycopy(hash, 0, workBuffer, blockSize, hashSize);
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().encrypt(newKey, workBuffer);
+ return workBuffer;
+ }
+
+ protected byte[] deriveKey(byte[] key) {
+ return fixKey(xorKey(key));
+ }
+
+ protected byte[] xorKey(byte[] key) {
+ byte[] xorKey = new byte[encProvider().keySize()];
+ System.arraycopy(key, 0, xorKey, 0, key.length);
+ for (int i = 0; i < xorKey.length; i++) {
+ xorKey[i] = (byte) (xorKey[i] ^ 0xf0);
+ }
+
+ return xorKey;
+ }
+
+ private byte[] fixKey(byte[] key) {
+ boolean isWeak = true;
+ try {
+ isWeak = DESKeySpec.isWeak(key, 0);
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ }
+ if (isWeak) {
+ key[7] = (byte)(key[7] ^ 0xF0);
+ }
+
+ return key;
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data,byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().decrypt(newKey, checksum);
+ byte[] decrypted = checksum; // confounder | hash
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + data.length];
+ System.arraycopy(decrypted, 0, toHash, 0, blockSize);
+ System.arraycopy(data, 0, toHash, blockSize, data.length);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] newHash = hashProvider.output();
+
+ return checksumEqual(newHash, decrypted, blockSize, hashSize);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
new file mode 100644
index 0000000..5fda3bb
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class Crc32CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Crc32CheckSum() {
+ super(new Crc32Provider(), 4, 4);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CRC32;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
new file mode 100644
index 0000000..0eaddfb
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class DesCbcCheckSum extends ConfounderedDesCheckSum {
+
+ public DesCbcCheckSum() {
+ super(null, 8, 8);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.DES_CBC;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java
new file mode 100644
index 0000000..2028419
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.KrbException;
+
+/**
+ * krb5_hash_provider
+ */
+public interface HashProvider {
+
+ public int hashSize();
+ public int blockSize();
+
+ public void hash(byte[] data, int start, int size) throws KrbException;
+ public void hash(byte[] data) throws KrbException;
+ public byte[] output();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
new file mode 100644
index 0000000..5e55617
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
@@ -0,0 +1,18 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class HmacKcCheckSum extends KcCheckSum {
+
+ public HmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, new Sha1Provider(), computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
new file mode 100644
index 0000000..ec9a6d3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -0,0 +1,54 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.Rc4;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public HmacMd5Rc4CheckSum() {
+ super(null, new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_MD5_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = null;
+ byte[] signKey = "signaturekey".getBytes();
+ byte[] newSignKey = new byte[signKey.length + 1];
+ System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
+ Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
new file mode 100644
index 0000000..23617c7
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes128CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes128CheckSum() {
+ super(new Aes128Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
new file mode 100644
index 0000000..974cfdf
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes256CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes256CheckSum() {
+ super(new Aes256Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 32; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
new file mode 100644
index 0000000..dfb38e9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Des3CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Des3CheckSum() {
+ super(new Des3Provider(), 20, 20);
+
+ keyMaker(new Des3KeyMaker(encProvider()));
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 20; // bytes
+ }
+
+ public int keySize() {
+ return 24; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java
new file mode 100644
index 0000000..ac58ecd
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class KcCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public KcCheckSum(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ byte[] Kc;
+ byte[] constant = new byte[5];
+ BytesUtil.int2bytes(usage, constant, 0, true);
+ constant[4] = (byte) 0x99;
+ Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ byte[] mac = mac(Kc, data, start, len);
+ return mac;
+ }
+
+ protected abstract byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
new file mode 100644
index 0000000..47b96ab
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
@@ -0,0 +1,51 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.Rc4;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class Md5HmacRc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public Md5HmacRc4CheckSum() {
+ super(new Rc4Provider(), new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.MD5_HMAC_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = key;
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
new file mode 100644
index 0000000..89679e7
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd4CheckSum() {
+ super(new Md4Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
new file mode 100644
index 0000000..6d023d0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4DesCheckSum extends ConfounderedDesCheckSum {
+
+ public RsaMd4DesCheckSum() {
+ super(new Md4Provider(), 24, 24);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
new file mode 100644
index 0000000..346f0e2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd5CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd5CheckSum() {
+ super(new Md5Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD5;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
new file mode 100644
index 0000000..47a337b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public final class RsaMd5DesCheckSum extends ConfounderedDesCheckSum {
+
+ public RsaMd5DesCheckSum() {
+ super(new Md5Provider(), 24, 24);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD5_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
new file mode 100644
index 0000000..fd9d443
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class Sha1CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Sha1CheckSum() {
+ super(new Sha1Provider(), 20, 20);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.NIST_SHA;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
new file mode 100644
index 0000000..f8decee
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractHashProvider implements HashProvider {
+ private int blockSize;
+ private int hashSize;
+
+ public AbstractHashProvider(int hashSize, int blockSize) {
+ this.hashSize = hashSize;
+ this.blockSize = blockSize;
+ }
+
+ protected void init() {
+
+ }
+
+ @Override
+ public int hashSize() {
+ return hashSize;
+ }
+
+ @Override
+ public int blockSize() {
+ return blockSize;
+ }
+
+ @Override
+ public void hash(byte[] data) throws KrbException {
+ hash(data, 0, data.length);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..99af260
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
@@ -0,0 +1,35 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.cksum.AbstractCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractUnkeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ public AbstractUnkeyedCheckSumTypeHandler(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(null, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ public byte[] checksum(byte[] data, int start, int len) throws KrbException {
+ int outputSize = outputSize();
+
+ HashProvider hp = hashProvider();
+ hp.hash(data, start, len);
+ byte[] workBuffer = hp.output();
+
+ if (outputSize < workBuffer.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(workBuffer, 0, output, 0, outputSize);
+ return output;
+ }
+ return workBuffer;
+ }
+
+ @Override
+ public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksum(data, start, len);
+ return checksumEqual(newCksum, checksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
new file mode 100644
index 0000000..303c506
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.Crc32;
+
+public class Crc32Provider extends AbstractHashProvider {
+ private byte[] output;
+
+ public Crc32Provider() {
+ super(4, 1);
+ }
+
+ @Override
+ public void hash(byte[] data, int start, int size) {
+ output = Crc32.crc(data, start, size);
+ }
+
+ @Override
+ public byte[] output() {
+ return output;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
new file mode 100644
index 0000000..f3147c3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.Md4;
+
+public class Md4Provider extends MessageDigestHashProvider {
+
+ public Md4Provider() {
+ super(16, 64, "MD4");
+ }
+
+ @Override
+ protected void init() {
+ messageDigest = new Md4();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
new file mode 100644
index 0000000..76ce18d
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+public class Md5Provider extends MessageDigestHashProvider {
+
+ public Md5Provider() {
+ super(16, 64, "MD5");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
new file mode 100644
index 0000000..c7903c6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
@@ -0,0 +1,37 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class MessageDigestHashProvider extends AbstractHashProvider {
+ private String algorithm;
+ protected MessageDigest messageDigest;
+
+ public MessageDigestHashProvider(int hashSize, int blockSize, String algorithm) {
+ super(hashSize, blockSize);
+ this.algorithm = algorithm;
+
+ init();
+ }
+
+ @Override
+ protected void init() {
+ try {
+ messageDigest = MessageDigest.getInstance(algorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException("Failed to init JCE provider", e);
+ }
+ }
+
+ @Override
+ public void hash(byte[] data, int start, int len) throws KrbException {
+ messageDigest.update(data, start, len);
+ }
+
+ @Override
+ public byte[] output() {
+ return messageDigest.digest();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
new file mode 100644
index 0000000..0fce138
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+public class Sha1Provider extends MessageDigestHashProvider {
+
+ public Sha1Provider() {
+ super(20, 64, "SHA1");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
new file mode 100644
index 0000000..0099db2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -0,0 +1,141 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractEncTypeHandler
+ extends AbstractCryptoTypeHandler implements EncTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractEncTypeHandler(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ super(encProvider, hashProvider);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public String name() {
+ return eType().getName();
+ }
+
+ @Override
+ public String displayName() {
+ return eType().getDisplayName();
+ }
+
+ protected int paddingLength(int inputLen) {
+ int payloadLen = confounderSize() + checksumSize() + inputLen;
+ int padding = paddingSize();
+
+ if (padding == 0 || (payloadLen % padding) == 0) {
+ return 0;
+ }
+
+ return padding - (payloadLen % padding);
+ }
+
+ @Override
+ public int keyInputSize() {
+ return encProvider().keyInputSize();
+ }
+
+ @Override
+ public int keySize() {
+ return encProvider().keySize();
+ }
+
+ @Override
+ public int confounderSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ public int checksumSize() {
+ return hashProvider().hashSize();
+ }
+
+ @Override
+ public int paddingSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ return keyMaker.str2key(string, salt, param);
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return keyMaker.random2Key(randomBits);
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return encrypt(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = confounderSize();
+ int checksumLen = checksumSize();
+ int headerLen = confounderLen + checksumLen;
+ int inputLen = data.length;
+ int paddingLen = paddingLength(inputLen);
+
+ /**
+ * E(Confounder | Checksum | Plaintext | Padding), or
+ * header | data | padding | trailer, where trailer may be absent
+ */
+
+ int workLength = headerLen + inputLen + paddingLen;
+
+ byte[] workBuffer = new byte[workLength];
+ System.arraycopy(data, 0, workBuffer, headerLen, data.length);
+
+ int [] workLens = new int[] {confounderLen, checksumLen,
+ inputLen, paddingLen};
+
+ encryptWith(workBuffer, workLens, key, iv, usage);
+ return workBuffer;
+ }
+
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+
+ }
+
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return decrypt(cipher, key, iv, usage);
+ }
+
+ public byte[] decrypt(byte[] cipher, byte[] key, byte[] iv, int usage)
+ throws KrbException {
+
+ int totalLen = cipher.length;
+ int confounderLen = confounderSize();
+ int checksumLen = checksumSize();
+ int dataLen = totalLen - (confounderLen + checksumLen);
+
+ int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
+ return decryptWith(cipher, workLens, key, iv, usage);
+ }
+
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
new file mode 100644
index 0000000..263864e
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Aes128CtsHmacSha1Enc extends KeKiHmacSha1Enc {
+
+ public Aes128CtsHmacSha1Enc() {
+ super(new Aes128Provider(), new Sha1Provider());
+ keyMaker(new AesKeyMaker((AesProvider) encProvider()));
+ }
+
+ @Override
+ public int checksumSize() {
+ return 96 / 8;
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.AES128_CTS_HMAC_SHA1_96;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
new file mode 100644
index 0000000..4911113
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Aes256CtsHmacSha1Enc extends KeKiHmacSha1Enc {
+
+ public Aes256CtsHmacSha1Enc() {
+ super(new Aes256Provider(), new Sha1Provider());
+ keyMaker(new AesKeyMaker((AesProvider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.AES256_CTS_HMAC_SHA1_96;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ @Override
+ public int checksumSize() {
+ return 96 / 8;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
new file mode 100644
index 0000000..bbfa63c
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Camellia128CtsCmacEnc extends KeKiCmacEnc {
+
+ public Camellia128CtsCmacEnc() {
+ super(new Camellia128Provider());
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.CAMELLIA128_CTS_CMAC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
new file mode 100644
index 0000000..ad4b42b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Camellia256CtsCmacEnc extends KeKiCmacEnc {
+
+ public Camellia256CtsCmacEnc() {
+ super(new Camellia256Provider());
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.CAMELLIA256_CTS_CMAC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
new file mode 100644
index 0000000..7ec07c2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Des3CbcSha1Enc extends KeKiHmacSha1Enc {
+
+ public Des3CbcSha1Enc() {
+ super(new Des3Provider(), new Sha1Provider());
+ keyMaker(new Des3KeyMaker(this.encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES3_CBC_SHA1;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
new file mode 100644
index 0000000..8318eef
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcCrcEnc extends DesCbcEnc {
+
+ public DesCbcCrcEnc() {
+ super(new Crc32Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_CRC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CRC32;
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ System.arraycopy(key, 0, iv, 0, key.length);
+ return encrypt(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ System.arraycopy(key, 0, iv, 0, key.length);
+ return decrypt(cipher, key, iv, usage);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java
new file mode 100644
index 0000000..162db4a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -0,0 +1,69 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerberos.kerb.crypto.key.DesKeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+abstract class DesCbcEnc extends AbstractEncTypeHandler {
+
+ public DesCbcEnc(HashProvider hashProvider) {
+ super(new DesProvider(), hashProvider);
+ keyMaker(new DesKeyMaker(this.encProvider()));
+ }
+
+ @Override
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+ int paddingLen = workLens[3];
+
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, workBuffer, 0, confounderLen);
+
+ // padding
+ for (int i = confounderLen + checksumLen + dataLen; i < paddingLen; ++i) {
+ workBuffer[i] = 0;
+ }
+
+ // checksum
+ hashProvider().hash(workBuffer);
+ byte[] cksum = hashProvider().output();
+ System.arraycopy(cksum, 0, workBuffer, confounderLen, checksumLen);
+
+ encProvider().encrypt(key, iv, workBuffer);
+ }
+
+ @Override
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+
+ encProvider().decrypt(key, iv, workBuffer);
+
+ byte[] checksum = new byte[checksumLen];
+ for (int i = 0; i < checksumLen; i++) {
+ checksum[i] = workBuffer[confounderLen + i];
+ workBuffer[confounderLen + i] = 0;
+ }
+
+ hashProvider().hash(workBuffer);
+ byte[] newChecksum = hashProvider().output();
+ if (! checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ }
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(workBuffer, confounderLen + checksumLen,
+ data, 0, dataLen);
+
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java
new file mode 100644
index 0000000..5a1520a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcMd4Enc extends DesCbcEnc {
+
+ public DesCbcMd4Enc() {
+ super(new Md4Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_MD4;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.RSA_MD4_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java
new file mode 100644
index 0000000..ba1c34b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcMd5Enc extends DesCbcEnc {
+
+ public DesCbcMd5Enc() {
+ super(new Md5Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_MD5;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.RSA_MD5_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java
new file mode 100644
index 0000000..3533e4b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbException;
+
+/**
+ * krb5_enc_provider
+ */
+public interface EncryptProvider {
+
+ public int keyInputSize(); //input size to make key
+ public int keySize(); //output key size
+ public int blockSize(); //crypto block size
+
+ public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException;
+ public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException;
+ public void encrypt(byte[] key, byte[] data) throws KrbException;
+ public void decrypt(byte[] key, byte[] data) throws KrbException;
+ public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException;
+ public boolean supportCbcMac();
+
+ public byte[] initState(byte[] key, int keyUsage);
+ public void cleanState();
+ public void cleanKey();
+}
[12/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/tools/src/main/java/org/apache/kerberos/tool/Kinit.java
----------------------------------------------------------------------
diff --git a/haox-kdc/tools/src/main/java/org/apache/kerberos/tool/Kinit.java b/haox-kdc/tools/src/main/java/org/apache/kerberos/tool/Kinit.java
new file mode 100644
index 0000000..a2ac435
--- /dev/null
+++ b/haox-kdc/tools/src/main/java/org/apache/kerberos/tool/Kinit.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.tool;
+
+import org.apache.kerberos.kerb.client.KrbClient;
+
+/**
+ * kinit like tool
+ */
+public class Kinit {
+
+ public static void main(String[] args) throws Exception {
+ if (args.length < 2 || args.length > 3) {
+ System.err.println(
+ "Usage: " + Kinit.class.getSimpleName() +
+ " <kdcHost> <kdcPort>");
+ return;
+ }
+
+ final String host = args[0];
+ final Integer port = Integer.parseInt(args[1]);
+ KrbClient krbClnt = new KrbClient(host, port.shortValue());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/README
----------------------------------------------------------------------
diff --git a/haox-kerb/README b/haox-kerb/README
new file mode 100644
index 0000000..e0a1507
--- /dev/null
+++ b/haox-kerb/README
@@ -0,0 +1,2 @@
+A Kerberos protocol and standards implementation with least dependencies (only relying on JCE).
+The provided APIs and facilities can be used as embedded.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/pom.xml b/haox-kerb/kerb-client/pom.xml
new file mode 100644
index 0000000..92aa0b0
--- /dev/null
+++ b/haox-kerb/kerb-client/pom.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-client</artifactId>
+
+ <name>Haox-kerb Client</name>
+ <description>Haox-kerb Client</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-event</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-pkix</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-token</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java
new file mode 100644
index 0000000..f8403e2
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbClient.java
@@ -0,0 +1,302 @@
+package org.apache.kerberos.kerb.client;
+
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.event.EventWaiter;
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.client.event.KrbClientEvent;
+import org.apache.kerberos.kerb.client.event.KrbClientEventType;
+import org.apache.kerberos.kerb.client.request.*;
+import org.apache.kerberos.kerb.common.KrbErrorUtil;
+import org.apache.kerberos.kerb.common.KrbStreamingDecoder;
+import org.apache.kerberos.kerb.KrbErrorException;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.KrbError;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+import org.haox.token.KerbToken;
+import org.apache.haox.transport.Connector;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.TransportEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.apache.haox.transport.tcp.TcpConnector;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+/**
+ * A krb client API for applications to interact with KDC
+ */
+public class KrbClient {
+
+ private EventHub eventHub;
+ private EventWaiter eventWaiter;
+ private Transport transport;
+
+ private KrbHandler krbHandler;
+ private KrbContext context;
+ private KrbConfig config;
+
+ /**
+ *
+ * @param kdcHost
+ * @param kdcPort
+ */
+ public KrbClient(String kdcHost, short kdcPort) {
+ this(new KrbConfig());
+
+ setKdcHost(kdcHost);
+ setKdcPort(kdcPort);
+ }
+
+ public KrbClient(KrbConfig config) {
+ this.config = config;
+ this.context = new KrbContext();
+ context.init(config);
+ }
+
+ /**
+ * Set KDC realm for ticket request
+ * @param realm
+ */
+ public void setKdcRealm(String realm) {
+ context.setKdcRealm(realm);
+ }
+
+ /**
+ *
+ * @param kdcHost
+ */
+ public void setKdcHost(String kdcHost) {
+ context.setKdcHost(kdcHost);
+ }
+
+ /**
+ *
+ * @param kdcPort
+ */
+ public void setKdcPort(short kdcPort) {
+ context.setKdcPort(kdcPort);
+ }
+
+ /**
+ * Set time out for connection
+ * @param timeout in seconds
+ */
+ public void setTimeout(long timeout) {
+ context.setTimeout(timeout);
+ }
+
+ public void init() {
+ this.krbHandler = new KrbHandler();
+ krbHandler.init(context);
+
+ this.eventHub = new EventHub();
+ eventHub.register(krbHandler);
+
+ Connector connector = new TcpConnector(new KrbStreamingDecoder());
+ eventHub.register(connector);
+
+ eventWaiter = eventHub.waitEvent(
+ TransportEventType.NEW_TRANSPORT,
+ KrbClientEventType.TGT_RESULT,
+ KrbClientEventType.TKT_RESULT
+ );
+
+ eventHub.start();
+
+ connector.connect(context.getKdcHost(), context.getKdcPort());
+ Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
+ transport = ((TransportEvent) event).getTransport();
+ }
+
+ /**
+ * Attempt to request a TGT and you'll be prompted to input a credential.
+ * Whatever credential requested to provide depends on KDC admin configuration.
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public TgtTicket requestTgtTicket(String principal, KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ AsRequest asRequest = new AsRequest(context);
+ asRequest.setKrbOptions(options);
+ return requestTgtTicket(principal, asRequest);
+ }
+
+ /**
+ * Request a TGT with user plain credential
+ * @param principal
+ * @param password
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public TgtTicket requestTgtTicket(String principal, String password,
+ KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ AsRequest asRequest = new AsRequestWithPasswd(context);
+ options.add(KrbOption.USER_PASSWD, password);
+ asRequest.setKrbOptions(options);
+ return requestTgtTicket(principal, asRequest);
+ }
+
+ /**
+ * Request a TGT with user x509 certificate credential
+ * @param principal
+ * @param certificate
+ * @param privateKey
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public TgtTicket requestTgtTicket(String principal, Certificate certificate,
+ PrivateKey privateKey, KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ AsRequestWithCert asRequest = new AsRequestWithCert(context);
+ options.add(KrbOption.PKINIT_X509_CERTIFICATE, certificate);
+ options.add(KrbOption.PKINIT_X509_PRIVATE_KEY, privateKey);
+ asRequest.setKrbOptions(options);
+ return requestTgtTicket(principal, asRequest);
+ }
+
+ /**
+ * Request a TGT with using Anonymous PKINIT
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public TgtTicket requestTgtTicket(KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ AsRequestWithCert asRequest = new AsRequestWithCert(context);
+ options.add(KrbOption.PKINIT_X509_ANONYMOUS);
+ asRequest.setKrbOptions(options);
+
+ String principal = AsRequestWithCert.ANONYMOUS_PRINCIPAL;
+ return requestTgtTicket(principal, asRequest);
+ }
+
+ /**
+ * Request a TGT with user token credential
+ * @param principal
+ * @param token
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public TgtTicket requestTgtTicket(String principal, KerbToken token,
+ KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ AsRequestWithToken asRequest = new AsRequestWithToken(context);
+ options.add(KrbOption.TOKEN_USER_ID_TOKEN, token);
+ asRequest.setKrbOptions(options);
+ return requestTgtTicket(principal, asRequest);
+ }
+
+ /**
+ * Request a service ticket targeting for a server with user plain credentials
+ * @param clientPrincipal
+ * @param password
+ * @param serverPrincipal
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public ServiceTicket requestServiceTicket(String clientPrincipal, String password,
+ String serverPrincipal, KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ TgtTicket tgt = requestTgtTicket(clientPrincipal, password, options);
+ return requestServiceTicket(tgt, serverPrincipal, options);
+ }
+
+ /**
+ * Request a service ticket targeting for a server with an user Access Token
+ * @param clientPrincipal
+ * @param token
+ * @param serverPrincipal
+ * @param options
+ * @return
+ * @throws KrbException
+ */
+ public ServiceTicket requestServiceTicket(String clientPrincipal, KerbToken token,
+ String serverPrincipal, KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ TgtTicket tgt = requestTgtTicket(clientPrincipal, token, options);
+ return requestServiceTicket(tgt, serverPrincipal, options);
+ }
+
+ private TgtTicket requestTgtTicket(String clientPrincipal, AsRequest tgtTktReq) throws KrbException {
+ tgtTktReq.setClientPrincipal(new PrincipalName(clientPrincipal));
+ tgtTktReq.setTransport(transport);
+
+ try {
+ return doRequestTgtTicket(tgtTktReq);
+ } catch(KrbErrorException e) {
+ KrbError krbError = e.getKrbError();
+ if (krbError.getErrorCode() == KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED) {
+ try {
+ tgtTktReq.setEncryptionTypes(KrbErrorUtil.getEtypes(krbError));
+ } catch (IOException ioe) {
+ throw new KrbException("Failed to decode and get etypes from krbError", ioe);
+ }
+ tgtTktReq.getPreauthContext().setPreauthRequired(true);
+ return requestTgtTicket(clientPrincipal, tgtTktReq);
+ }
+ throw e;
+ }
+ }
+
+ private TgtTicket doRequestTgtTicket(AsRequest tgtTktReq) throws KrbException {
+ eventHub.dispatch(KrbClientEvent.createTgtIntentEvent(tgtTktReq));
+ Event resultEvent = null;
+ try {
+ resultEvent = eventWaiter.waitEvent(KrbClientEventType.TGT_RESULT,
+ context.getTimeout(), TimeUnit.SECONDS);
+ } catch (TimeoutException e) {
+ throw new KrbException("Network timeout", e);
+ }
+ AsRequest asResponse = (AsRequest) resultEvent.getEventData();
+
+ return asResponse.getTicket();
+ }
+
+ /**
+ * Request a service ticket with a TGT targeting for a server
+ * @param tgt
+ * @param serverPrincipal
+ * @return
+ * @throws KrbException
+ */
+ public ServiceTicket requestServiceTicket(TgtTicket tgt, String serverPrincipal,
+ KrbOptions options) throws KrbException {
+ if (options == null) options = new KrbOptions();
+
+ TgsRequest ticketReq = new TgsRequest(context, tgt);
+ ticketReq.setServerPrincipal(new PrincipalName(serverPrincipal));
+ ticketReq.setTransport(transport);
+
+ eventHub.dispatch(KrbClientEvent.createTktIntentEvent(ticketReq));
+ Event resultEvent = null;
+ try {
+ resultEvent = eventWaiter.waitEvent(KrbClientEventType.TKT_RESULT,
+ context.getTimeout(), TimeUnit.SECONDS);
+ } catch (TimeoutException e) {
+ throw new KrbException("Network timeout", e);
+ }
+ TgsRequest tgsResponse = (TgsRequest) resultEvent.getEventData();
+
+ return tgsResponse.getServiceTicket();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
new file mode 100644
index 0000000..e661f48
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
@@ -0,0 +1,97 @@
+package org.apache.kerberos.kerb.client;
+
+import org.apache.haox.config.Conf;
+import org.apache.kerberos.kerb.common.KrbConfHelper;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+import java.util.List;
+
+public class KrbConfig {
+ protected Conf conf;
+
+ public KrbConfig() {
+ this.conf = new Conf();
+ }
+
+ public Conf getConf() {
+ return this.conf;
+ }
+
+ public boolean enableDebug() {
+ return conf.getBoolean(KrbConfigKey.KRB_DEBUG);
+ }
+
+ public String getKdcHost() {
+ return conf.getString(KrbConfigKey.KDC_HOST);
+ }
+
+ public short getKdcPort() {
+ Integer kdcPort = conf.getInt(KrbConfigKey.KDC_PORT);
+ return kdcPort.shortValue();
+ }
+
+ public String getKdcRealm() {
+ return conf.getString(KrbConfigKey.KDC_REALM);
+ }
+
+ public String getKdcDomain() {
+ return conf.getString(KrbConfigKey.KDC_DOMAIN);
+ }
+
+ public boolean isPreauthRequired() {
+ return conf.getBoolean(KrbConfigKey.PREAUTH_REQUIRED);
+ }
+
+ public String getTgsPrincipal() {
+ return conf.getString(KrbConfigKey.TGS_PRINCIPAL);
+ }
+
+ public long getAllowableClockSkew() {
+ return conf.getLong(KrbConfigKey.ALLOWABLE_CLOCKSKEW);
+ }
+
+ public boolean isEmptyAddressesAllowed() {
+ return conf.getBoolean(KrbConfigKey.EMPTY_ADDRESSES_ALLOWED);
+ }
+
+ public boolean isForwardableAllowed() {
+ return conf.getBoolean(KrbConfigKey.FORWARDABLE_ALLOWED);
+ }
+
+ public boolean isPostdatedAllowed() {
+ return conf.getBoolean(KrbConfigKey.POSTDATED_ALLOWED);
+ }
+
+ public boolean isProxiableAllowed() {
+ return conf.getBoolean(KrbConfigKey.PROXIABLE_ALLOWED);
+ }
+
+ public boolean isRenewableAllowed() {
+ return conf.getBoolean(KrbConfigKey.RENEWABLE_ALLOWED);
+ }
+
+ public long getMaximumRenewableLifetime() {
+ return conf.getLong(KrbConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
+ }
+
+ public long getMaximumTicketLifetime() {
+ return conf.getLong(KrbConfigKey.MAXIMUM_TICKET_LIFETIME);
+ }
+
+ public long getMinimumTicketLifetime() {
+ return conf.getLong(KrbConfigKey.MINIMUM_TICKET_LIFETIME);
+ }
+
+ public List<EncryptionType> getEncryptionTypes() {
+ return KrbConfHelper.getEncryptionTypes(
+ conf.getList(KrbConfigKey.ENCRYPTION_TYPES));
+ }
+
+ public boolean isPaEncTimestampRequired() {
+ return conf.getBoolean(KrbConfigKey.PA_ENC_TIMESTAMP_REQUIRED);
+ }
+
+ public boolean isBodyChecksumVerified() {
+ return conf.getBoolean(KrbConfigKey.VERIFY_BODY_CHECKSUM);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java
new file mode 100644
index 0000000..7c2f743
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfigKey.java
@@ -0,0 +1,45 @@
+package org.apache.kerberos.kerb.client;
+
+import org.apache.haox.config.ConfigKey;
+
+public enum KrbConfigKey implements ConfigKey {
+ KRB_DEBUG(true),
+ KDC_HOST("localhost"),
+ KDC_PORT(8015),
+ KDC_DOMAIN("example.com"),
+ KDC_REALM("EXAMPLE.COM"),
+ TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
+ PREAUTH_REQUIRED(true),
+ ALLOWABLE_CLOCKSKEW(5 * 60),
+ EMPTY_ADDRESSES_ALLOWED(true),
+ PA_ENC_TIMESTAMP_REQUIRED(true),
+ MAXIMUM_TICKET_LIFETIME(24 * 3600),
+ MINIMUM_TICKET_LIFETIME(1 * 3600),
+ MAXIMUM_RENEWABLE_LIFETIME(48 * 3600),
+ FORWARDABLE_ALLOWED(true),
+ POSTDATED_ALLOWED(true),
+ PROXIABLE_ALLOWED(true),
+ RENEWABLE_ALLOWED(true),
+ VERIFY_BODY_CHECKSUM(true),
+ ENCRYPTION_TYPES(new String[] { "aes128-cts-hmac-sha1-96" });
+
+ private Object defaultValue;
+
+ private KrbConfigKey() {
+ this.defaultValue = null;
+ }
+
+ private KrbConfigKey(Object defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ @Override
+ public String getPropertyKey() {
+ return name().toLowerCase();
+ }
+
+ @Override
+ public Object getDefaultValue() {
+ return this.defaultValue;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java
new file mode 100644
index 0000000..136a4be
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbContext.java
@@ -0,0 +1,78 @@
+package org.apache.kerberos.kerb.client;
+
+import org.apache.kerberos.kerb.client.preauth.PreauthHandler;
+import org.apache.kerberos.kerb.crypto.Nonce;
+
+public class KrbContext {
+
+ private String kdcRealm;
+ private KrbConfig config;
+ private String kdcHost;
+ private short kdcPort;
+ private long timeout = 10L;
+ private PreauthHandler preauthHandler;
+
+ public void init(KrbConfig config) {
+ this.config = config;
+ preauthHandler = new PreauthHandler();
+ preauthHandler.init(this);
+ }
+
+ public String getKdcHost() {
+ if (kdcHost != null) {
+ return kdcHost;
+ }
+ return config.getKdcHost();
+ }
+
+ public void setKdcHost(String kdcHost) {
+ this.kdcHost = kdcHost;
+ }
+
+ public short getKdcPort() {
+ if (kdcPort > 0) {
+ return kdcPort;
+ }
+ return config.getKdcPort();
+ }
+
+ public void setKdcPort(short kdcPort) {
+ this.kdcPort = kdcPort;
+ }
+
+ public void setTimeout(long timeout) {
+ this.timeout = timeout;
+ }
+
+ public long getTimeout() {
+ return this.timeout;
+ }
+
+ public KrbConfig getConfig() {
+ return config;
+ }
+
+ public void setKdcRealm(String realm) {
+ this.kdcRealm = realm;
+ }
+
+ public String getKdcRealm() {
+ if (kdcRealm != null) {
+ return kdcRealm;
+ }
+
+ return config.getKdcRealm();
+ }
+
+ public int generateNonce() {
+ return Nonce.value();
+ }
+
+ public long getTicketValidTime() {
+ return 8 * 60 * 60 * 1000;
+ }
+
+ public PreauthHandler getPreauthHandler() {
+ return preauthHandler;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java
new file mode 100644
index 0000000..c1ceb23
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbHandler.java
@@ -0,0 +1,80 @@
+package org.apache.kerberos.kerb.client;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.kerberos.kerb.client.event.KrbClientEvent;
+import org.apache.kerberos.kerb.client.event.KrbClientEventType;
+import org.apache.kerberos.kerb.client.preauth.PreauthHandler;
+import org.apache.kerberos.kerb.client.request.AsRequest;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.client.request.TgsRequest;
+import org.apache.kerberos.kerb.common.KrbUtil;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerberos.kerb.spec.kdc.KdcRep;
+import org.apache.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEventType;
+
+import java.nio.ByteBuffer;
+
+public class KrbHandler extends AbstractEventHandler {
+
+ private KrbContext context;
+ private PreauthHandler preauthHandler;
+
+ public void init(KrbContext context) {
+ this.context = context;
+ preauthHandler = new PreauthHandler();
+ preauthHandler.init(context);
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] {
+ TransportEventType.INBOUND_MESSAGE,
+ KrbClientEventType.TGT_INTENT,
+ KrbClientEventType.TKT_INTENT
+ };
+ }
+
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ EventType eventType = event.getEventType();
+
+ if (eventType == KrbClientEventType.TGT_INTENT ||
+ eventType == KrbClientEventType.TKT_INTENT) {
+ KdcRequest kdcRequest = (KdcRequest) event.getEventData();
+ handleKdcRequest(kdcRequest);
+ } else if (event.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ handleMessage((MessageEvent) event);
+ }
+ }
+
+ protected void handleKdcRequest(KdcRequest kdcRequest) throws KrbException {
+ kdcRequest.process();
+ KdcReq kdcReq = kdcRequest.getKdcReq();
+ Transport transport = kdcRequest.getTransport();
+ transport.setAttachment(kdcRequest);
+ KrbUtil.sendMessage(kdcReq, transport);
+ }
+
+ protected void handleMessage(MessageEvent event) throws Exception {
+ ByteBuffer message = event.getMessage();
+ KrbMessage kdcRep = KrbUtil.decodeMessage(message);
+
+ KrbMessageType messageType = kdcRep.getMsgType();
+ if (messageType == KrbMessageType.AS_REP) {
+ KdcRequest kdcRequest = (KdcRequest) event.getTransport().getAttachment();
+ kdcRequest.processResponse((KdcRep) kdcRep);
+ dispatch(KrbClientEvent.createTgtResultEvent((AsRequest) kdcRequest));
+ } else if (messageType == KrbMessageType.TGS_REP) {
+ KdcRequest kdcRequest = (KdcRequest) event.getTransport().getAttachment();
+ kdcRequest.processResponse((KdcRep) kdcRep);
+ dispatch(KrbClientEvent.createTktResultEvent((TgsRequest) kdcRequest));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java
new file mode 100644
index 0000000..c046e22
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOption.java
@@ -0,0 +1,72 @@
+package org.apache.kerberos.kerb.client;
+
+public enum KrbOption {
+ LIFE_TIME("-l lifetime"),
+ START_TIME("-s start time"),
+ RENEWABLE_TIME("-r renewable lifetime"),
+ FORWARDABLE("-f forwardable"),
+ NOT_FORWARDABLE("-F not forwardable"),
+ PROXIABLE("-p proxiable"),
+ NOT_PROXIABLE("-P not proxiable"),
+ ANONYMOUS("-n anonymous"),
+ INCLUDE_ADDRESSES("-a include addresses"),
+ NOT_INCLUDE_ADDRESSES("-A do not include addresses"),
+ VALIDATE("-v validate"),
+ RENEW("-R renew"),
+ CANONICALIZE("-C canonicalize"),
+ AS_ENTERPRISE_PN("-E client is enterprise principal name"),
+ USE_KEYTAB("-k use keytab"),
+ USE_DFT_KEYTAB("-i use default client keytab (with -k)"),
+ USER_KEYTAB_FILE("-t filename of keytab to use"),
+ KRB5_CACHE("-c Kerberos 5 cache name"),
+ SERVICE("-S service"),
+ ARMOR_CACHE("-T armor credential cache"),
+ XATTR("-X <attribute>[=<value>]"),
+
+ USER_PASSWD("user_passwd", "User plain password"),
+
+ PKINIT_X509_IDENTITY("x509_identities", "X509 user private key and cert"),
+ PKINIT_X509_PRIVATE_KEY("x509_privatekey", "X509 user private key"),
+ PKINIT_X509_CERTIFICATE("x509_cert", "X509 user certificate"),
+ PKINIT_X509_ANCHORS("x509_anchors", "X509 anchors"),
+ PKINIT_X509_ANONYMOUS("x509_anonymous", "X509 anonymous"),
+ PKINIT_USING_RSA("using_rsa_or_dh", "Using RSA or DH"),
+
+ TOKEN_USING_IDTOKEN("using_id_token", "Using identity token"),
+ TOKEN_USER_ID_TOKEN("user_id_token", "User identity token"),
+ TOKEN_USER_AC_TOKEN("user_ac_token", "User access token"),
+
+ ;
+
+ private String name;
+ private String description;
+ private Object value;
+
+ KrbOption(String description) {
+ this.description = description;
+ }
+
+ KrbOption(String name, String description) {
+ this.name = name;
+ this.description = description;
+ }
+
+ public String getName() {
+ if (name != null) {
+ return name;
+ }
+ return name();
+ }
+
+ public String getDescription() {
+ return this.description;
+ }
+
+ public void setValue(Object value) {
+ this.value = value;
+ }
+
+ public Object getValue() {
+ return value;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java
new file mode 100644
index 0000000..2bd5268
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbOptions.java
@@ -0,0 +1,77 @@
+package org.apache.kerberos.kerb.client;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class KrbOptions {
+
+ private Map<KrbOption, KrbOption> options = new HashMap<KrbOption, KrbOption>(4);
+
+ public void add(KrbOption option) {
+ if (option != null) {
+ options.put(option, option);
+ }
+ }
+
+ public void add(KrbOption option, Object optionValue) {
+ option.setValue(optionValue);
+ add(option);
+ }
+
+ public boolean contains(KrbOption option) {
+ return options.containsKey(option);
+ }
+
+ public KrbOption getOption(KrbOption option) {
+ if (! options.containsKey(option)) {
+ return null;
+ }
+
+ return options.get(option);
+ }
+
+ public Object getOptionValue(KrbOption option) {
+ if (! contains(option)) {
+ return null;
+ }
+ return options.get(option).getValue();
+ }
+
+ public String getStringOption(KrbOption option) {
+ Object value = getOptionValue(option);
+ if (value != null && value instanceof String) {
+ return (String) value;
+ }
+ return null;
+ }
+
+ public boolean getBooleanOption(KrbOption option) {
+ Object value = getOptionValue(option);
+ if (value != null) {
+ if (value instanceof String) {
+ String strVal = (String) value;
+ if (strVal.equalsIgnoreCase("true") ||
+ strVal.equalsIgnoreCase("yes") ||
+ strVal.equals("1")) {
+ return true;
+ }
+ } else if (value instanceof Boolean) {
+ return (Boolean) value;
+ }
+ }
+ return false;
+ }
+
+ public int getIntegerOption(KrbOption option) {
+ Object value = getOptionValue(option);
+ if (value != null) {
+ if (value instanceof String) {
+ String strVal = (String) value;
+ return Integer.valueOf(strVal);
+ } else if (value instanceof Integer) {
+ return (Integer) value;
+ }
+ }
+ return -1;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java
new file mode 100644
index 0000000..d070bc9
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEvent.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.client.event;
+
+import org.apache.haox.event.Event;
+import org.apache.kerberos.kerb.client.request.AsRequest;
+import org.apache.kerberos.kerb.client.request.TgsRequest;
+
+public class KrbClientEvent {
+
+ public static Event createTgtIntentEvent(AsRequest asRequest) {
+ return new Event(KrbClientEventType.TGT_INTENT, asRequest);
+ }
+
+ public static Event createTktIntentEvent(TgsRequest tgsRequest) {
+ return new Event(KrbClientEventType.TKT_INTENT, tgsRequest);
+ }
+
+ public static Event createTgtResultEvent(AsRequest asRequest) {
+ return new Event(KrbClientEventType.TGT_RESULT, asRequest);
+ }
+
+ public static Event createTktResultEvent(TgsRequest tgsRequest) {
+ return new Event(KrbClientEventType.TKT_RESULT, tgsRequest);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
new file mode 100644
index 0000000..163ed4a
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/event/KrbClientEventType.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.client.event;
+
+import org.apache.haox.event.EventType;
+
+public enum KrbClientEventType implements EventType {
+ TGT_INTENT,
+ TGT_RESULT,
+ TKT_INTENT,
+ TKT_RESULT
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
new file mode 100644
index 0000000..dc03532
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/AbstractPreauthPlugin.java
@@ -0,0 +1,103 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.preauth.PaFlag;
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.util.Collections;
+import java.util.List;
+
+public class AbstractPreauthPlugin implements KrbPreauth {
+
+ private PreauthPluginMeta pluginMeta;
+ protected KrbContext context;
+
+ public AbstractPreauthPlugin(PreauthPluginMeta meta) {
+ this.pluginMeta = meta;
+ }
+
+ @Override
+ public String getName() {
+ return pluginMeta.getName();
+ }
+
+ public int getVersion() {
+ return pluginMeta.getVersion();
+ }
+
+ public PaDataType[] getPaTypes() {
+ return pluginMeta.getPaTypes();
+ }
+
+ public void init(KrbContext context) {
+ this.context = context;
+ }
+
+ @Override
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
+ return null;
+ }
+
+ @Override
+ public void prepareQuestions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) throws KrbException {
+
+ kdcRequest.needAsKey();
+ }
+
+ @Override
+ public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) {
+ return Collections.emptyList();
+ }
+
+ @Override
+ public void setPreauthOptions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext, KrbOptions options) {
+
+ }
+
+ public void tryFirst(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaData outPadata) throws KrbException {
+
+ }
+
+ @Override
+ public boolean process(KdcRequest kdcRequest,
+ PluginRequestContext requestContext, PaDataEntry inPadata,
+ PaData outPadata) throws KrbException {
+
+ return false;
+ }
+
+ @Override
+ public boolean tryAgain(KdcRequest kdcRequest,
+ PluginRequestContext requestContext, PaDataType preauthType,
+ PaData errPadata, PaData outPadata) {
+ return false;
+ }
+
+ @Override
+ public PaFlags getFlags(PaDataType paType) {
+ PaFlags paFlags = new PaFlags(0);
+ paFlags.setFlag(PaFlag.PA_REAL);
+
+ return paFlags;
+ }
+
+ @Override
+ public void destroy() {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
new file mode 100644
index 0000000..5f046a1
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/FastContext.java
@@ -0,0 +1,17 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.fast.FastOptions;
+import org.apache.kerberos.kerb.spec.fast.KrbFastArmor;
+import org.apache.kerberos.kerb.spec.kdc.KdcReq;
+
+public class FastContext {
+
+ public KdcReq fastOuterRequest;
+ public EncryptionKey armorKey;
+ public KrbFastArmor fastArmor;
+ public FastOptions fastOptions;
+ public int nonce;
+ public int fastFlags;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
new file mode 100644
index 0000000..11dc2f5
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/KrbPreauth.java
@@ -0,0 +1,88 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.util.List;
+
+/**
+ * Client side preauth plugin module
+ */
+public interface KrbPreauth extends PreauthPluginMeta {
+
+ /**
+ * Initializing preauth plugin context
+ */
+ public void init(KrbContext krbContext);
+
+ /**
+ * Initializing request context
+ */
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest);
+
+ /**
+ * Prepare questions to prompt to you asking for credential
+ */
+ public void prepareQuestions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) throws KrbException;
+
+ /**
+ * Get supported encryption types
+ */
+ public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
+ PluginRequestContext requestContext);
+
+ /**
+ * Set krb options passed from user
+ */
+ public void setPreauthOptions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ KrbOptions preauthOptions);
+
+ /**
+ * Attempt to try any initial padata derived from user options
+ */
+ public void tryFirst(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaData outPadata) throws KrbException;
+
+ /**
+ * Process server returned paData and return back any result paData
+ * Return true indicating padata is added
+ */
+ public boolean process(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataEntry inPadata,
+ PaData outPadata) throws KrbException;
+
+ /**
+ * When another request to server in the 4 pass, any paData to provide?
+ * Return true indicating padata is added
+ */
+ public boolean tryAgain(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataType preauthType,
+ PaData errPadata,
+ PaData outPadata);
+
+ /**
+ * Return PA_REAL if pa_type is a real preauthentication type or PA_INFO if it is
+ * an informational type.
+ */
+ public PaFlags getFlags(PaDataType paType);
+
+ /**
+ * When exiting...
+ */
+ public void destroy();
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
new file mode 100644
index 0000000..175129c
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthContext.java
@@ -0,0 +1,89 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class PreauthContext {
+ private boolean preauthRequired = true;
+ private PaData inputPaData;
+ private PaData outputPaData;
+ private PaData errorPaData;
+ private UserResponser userResponser = new UserResponser();
+ private PaDataType selectedPaType;
+ private PaDataType allowedPaType;
+ private List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
+ private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
+
+ public PreauthContext() {
+ this.selectedPaType = PaDataType.NONE;
+ this.allowedPaType = PaDataType.NONE;
+ this.outputPaData = new PaData();
+ }
+
+ public boolean isPreauthRequired() {
+ return preauthRequired;
+ }
+
+ public void setPreauthRequired(boolean preauthRequired) {
+ this.preauthRequired = preauthRequired;
+ }
+
+ public UserResponser getUserResponser() {
+ return userResponser;
+ }
+
+ public boolean isPaTypeAllowed(PaDataType paType) {
+ return (allowedPaType == PaDataType.NONE ||
+ allowedPaType == paType);
+ }
+
+ public PaData getOutputPaData() throws KrbException {
+ return outputPaData;
+ }
+
+ public boolean hasInputPaData() {
+ return (inputPaData != null && ! inputPaData.isEmpty());
+ }
+
+ public PaData getInputPaData() {
+ return inputPaData;
+ }
+
+ public void setInputPaData(PaData inputPaData) {
+ this.inputPaData = inputPaData;
+ }
+
+ public PaData getErrorPaData() {
+ return errorPaData;
+ }
+
+ public void setErrorPaData(PaData errorPaData) {
+ this.errorPaData = errorPaData;
+ }
+
+ public void setAllowedPaType(PaDataType paType) {
+ this.allowedPaType = paType;
+ }
+
+ public List<PreauthHandle> getHandles() {
+ return handles;
+ }
+
+ public PaDataType getAllowedPaType() {
+ return allowedPaType;
+ }
+
+ public boolean checkAndPutTried(PaDataType paType) {
+ for (PaDataType pt : triedPaTypes) {
+ if (pt == paType) {
+ return true;
+ }
+ }
+ triedPaTypes.add(paType);
+ return false;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
new file mode 100644
index 0000000..82e62f3
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandle.java
@@ -0,0 +1,53 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class PreauthHandle {
+
+ public KrbPreauth preauth;
+ public PluginRequestContext requestContext;
+
+ public PreauthHandle(KrbPreauth preauth) {
+ this.preauth = preauth;
+ }
+
+ public void initRequestContext(KdcRequest kdcRequest) {
+ requestContext = preauth.initRequestContext(kdcRequest);
+ }
+
+ public void prepareQuestions(KdcRequest kdcRequest) throws KrbException {
+ preauth.prepareQuestions(kdcRequest, requestContext);
+ }
+
+ public void setPreauthOptions(KdcRequest kdcRequest,
+ KrbOptions preauthOptions) throws KrbException {
+ preauth.setPreauthOptions(kdcRequest, requestContext, preauthOptions);
+ }
+
+ public void tryFirst(KdcRequest kdcRequest, PaData outPadata) throws KrbException {
+ preauth.tryFirst(kdcRequest, requestContext, outPadata);
+ }
+
+ public boolean process(KdcRequest kdcRequest,
+ PaDataEntry inPadata, PaData outPadata) throws KrbException {
+ return preauth.process(kdcRequest, requestContext, inPadata, outPadata);
+ }
+
+ public boolean tryAgain(KdcRequest kdcRequest,
+ PaDataType paType, PaData errPadata, PaData paData) {
+ return preauth.tryAgain(kdcRequest, requestContext, paType, errPadata, paData);
+ }
+
+ public boolean isReal(PaDataType paType) {
+ PaFlags paFlags = preauth.getFlags(paType);
+ return paFlags.isReal();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
new file mode 100644
index 0000000..2652889
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/PreauthHandler.java
@@ -0,0 +1,230 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.preauth.builtin.EncTsPreauth;
+import org.apache.kerberos.kerb.client.preauth.builtin.TgtPreauth;
+import org.apache.kerberos.kerb.client.preauth.pkinit.PkinitPreauth;
+import org.apache.kerberos.kerb.client.preauth.token.TokenPreauth;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EtypeInfo;
+import org.apache.kerberos.kerb.spec.common.EtypeInfo2;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class PreauthHandler {
+ private KrbContext krbContext;
+ private List<KrbPreauth> preauths;
+
+ public void init(KrbContext krbContext) {
+ this.krbContext = krbContext;
+ loadPreauthPlugins(krbContext);
+ }
+
+ private void loadPreauthPlugins(KrbContext context) {
+ preauths = new ArrayList<KrbPreauth>();
+
+ KrbPreauth preauth = new EncTsPreauth();
+ preauth.init(context);
+ preauths.add(preauth);
+
+ preauth = new TgtPreauth();
+ preauth.init(context);
+ preauths.add(preauth);
+
+ preauth = new PkinitPreauth();
+ preauth.init(context);
+ preauths.add(preauth);
+
+ preauth = new TokenPreauth();
+ preauth.init(context);
+ preauths.add(preauth);
+ }
+
+ public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
+ PreauthContext preauthContext = new PreauthContext();
+ preauthContext.setPreauthRequired(krbContext.getConfig().isPreauthRequired());
+ for (KrbPreauth preauth : preauths) {
+ PreauthHandle handle = new PreauthHandle(preauth);
+ handle.initRequestContext(kdcRequest);
+ preauthContext.getHandles().add(handle);
+ }
+
+ return preauthContext;
+ }
+
+ /**
+ * Process preauth inputs and options, prepare and generate pdata to be out
+ */
+ public void preauth(KdcRequest kdcRequest) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ if (!preauthContext.isPreauthRequired()) {
+ return;
+ }
+
+ if (!preauthContext.hasInputPaData()) {
+ tryFirst(kdcRequest, preauthContext.getOutputPaData());
+ return;
+ }
+
+ attemptETypeInfo(kdcRequest, preauthContext.getInputPaData());
+
+ setPreauthOptions(kdcRequest, kdcRequest.getPreauthOptions());
+
+ prepareUserResponses(kdcRequest, preauthContext.getInputPaData());
+
+ preauthContext.getUserResponser().respondQuestions();
+
+ if (!kdcRequest.isRetrying()) {
+ process(kdcRequest, preauthContext.getInputPaData(),
+ preauthContext.getOutputPaData());
+ } else {
+ tryAgain(kdcRequest, preauthContext.getInputPaData(),
+ preauthContext.getOutputPaData());
+ }
+ }
+
+ public void prepareUserResponses(KdcRequest kdcRequest,
+ PaData inPadata) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ for (PaDataEntry pae : inPadata.getElements()) {
+ if (! preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
+ continue;
+ }
+
+ PreauthHandle handle = findHandle(kdcRequest, pae.getPaDataType());
+ if (handle == null) {
+ continue;
+ }
+
+ handle.prepareQuestions(kdcRequest);
+ }
+ }
+
+ public void setPreauthOptions(KdcRequest kdcRequest,
+ KrbOptions preauthOptions) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ for (PreauthHandle handle : preauthContext.getHandles()) {
+ handle.setPreauthOptions(kdcRequest, preauthOptions);
+ }
+ }
+
+ public void tryFirst(KdcRequest kdcRequest,
+ PaData outPadata) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ PreauthHandle handle = findHandle(kdcRequest,
+ preauthContext.getAllowedPaType());
+ handle.tryFirst(kdcRequest, outPadata);
+ }
+
+ public void process(KdcRequest kdcRequest,
+ PaData inPadata, PaData outPadata) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ /**
+ * Process all informational padata types, then the first real preauth type
+ * we succeed on
+ */
+ for (int real = 0; real <= 1; real ++) {
+ for (PaDataEntry pae : inPadata.getElements()) {
+
+ // Restrict real mechanisms to the chosen one if we have one
+ if (real >0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
+ continue;
+ }
+
+ PreauthHandle handle = findHandle(kdcRequest,
+ preauthContext.getAllowedPaType());
+ if (handle == null) {
+ continue;
+ }
+
+ // Make sure this type is for the current pass
+ int tmpReal = handle.isReal(pae.getPaDataType()) ? 1 : 0;
+ if (tmpReal != real) {
+ continue;
+ }
+
+ if (real > 0 && preauthContext.checkAndPutTried(pae.getPaDataType())) {
+ continue;
+ }
+
+ boolean gotData = handle.process(kdcRequest, pae, outPadata);
+ if (real > 0 && gotData) {
+ return;
+ }
+ }
+ }
+ }
+
+ public void tryAgain(KdcRequest kdcRequest,
+ PaData inPadata, PaData outPadata) {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ PreauthHandle handle;
+ for (PaDataEntry pae : inPadata.getElements()) {
+ handle = findHandle(kdcRequest, pae.getPaDataType());
+ if (handle == null) continue;
+
+ boolean gotData = handle.tryAgain(kdcRequest,
+ pae.getPaDataType(), preauthContext.getErrorPaData(), outPadata);
+ }
+ }
+
+ public void destroy() {
+ for (KrbPreauth preauth : preauths) {
+ preauth.destroy();
+ }
+ }
+
+ private PreauthHandle findHandle(KdcRequest kdcRequest,
+ PaDataType paType) {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ for (PreauthHandle handle : preauthContext.getHandles()) {
+ for (PaDataType pt : handle.preauth.getPaTypes()) {
+ if (pt == paType) {
+ return handle;
+ }
+ }
+ }
+ return null;
+ }
+
+ private void attemptETypeInfo(KdcRequest kdcRequest,
+ PaData inPadata) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ // Find an etype-info2 or etype-info element in padata
+ EtypeInfo etypeInfo = null;
+ EtypeInfo2 etypeInfo2 = null;
+ PaDataEntry pae = inPadata.findEntry(PaDataType.ETYPE_INFO);
+ if (pae != null) {
+ etypeInfo = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo.class);
+ } else {
+ pae = inPadata.findEntry(PaDataType.ETYPE_INFO2);
+ if (pae != null) {
+ etypeInfo2 = KrbCodec.decode(pae.getPaDataValue(), EtypeInfo2.class);
+ }
+ }
+
+ if (etypeInfo == null && etypeInfo2 == null) {
+ attemptSalt(kdcRequest, inPadata);
+ }
+ }
+
+ private void attemptSalt(KdcRequest kdcRequest,
+ PaData inPadata) throws KrbException {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
new file mode 100644
index 0000000..47ef365
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponseItem.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+public class UserResponseItem {
+ protected String question;
+ protected String challenge;
+ protected String answer;
+
+ public UserResponseItem(String question, String challenge) {
+ this.question = question;
+ this.challenge = challenge;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
new file mode 100644
index 0000000..df8ba92
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/UserResponser.java
@@ -0,0 +1,58 @@
+package org.apache.kerberos.kerb.client.preauth;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class UserResponser {
+
+ private List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
+
+ /**
+ * Let customize an interface like CMD or WEB UI to selectively respond all the questions
+ */
+ public void respondQuestions() {
+ // TODO
+ }
+
+ public UserResponseItem findQuestion(String question) {
+ for (UserResponseItem ri : items) {
+ if (ri.question.equals(question)) {
+ return ri;
+ }
+ }
+ return null;
+ }
+
+ public void askQuestion(String question, String challenge) {
+ UserResponseItem ri = findQuestion(question);
+ if (ri == null) {
+ items.add(new UserResponseItem(question, challenge));
+ } else {
+ ri.challenge = challenge;
+ }
+ }
+
+ public String getChallenge(String question) {
+ UserResponseItem ri = findQuestion(question);
+ if (ri != null) {
+ return ri.challenge;
+ }
+ return null;
+ }
+
+ public void setAnswer(String question, String answer) {
+ UserResponseItem ri = findQuestion(question);
+ if (ri == null) {
+ throw new IllegalArgumentException("Question isn't exist for the answer");
+ }
+ ri.answer = answer;
+ }
+
+ public String getAnswer(String question) {
+ UserResponseItem ri = findQuestion(question);
+ if (ri != null) {
+ return ri.answer;
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
new file mode 100644
index 0000000..8b832c8
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/EncTsPreauth.java
@@ -0,0 +1,75 @@
+package org.apache.kerberos.kerb.client.preauth.builtin;
+
+import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.preauth.PaFlag;
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.builtin.EncTsPreauthMeta;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerberos.kerb.spec.pa.PaEncTsEnc;
+
+public class EncTsPreauth extends AbstractPreauthPlugin {
+
+ public EncTsPreauth() {
+ super(new EncTsPreauthMeta());
+ }
+
+ @Override
+ public void prepareQuestions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) throws KrbException {
+
+ kdcRequest.needAsKey();
+ }
+
+ public void tryFirst(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaData outPadata) throws KrbException {
+
+ if (kdcRequest.getAsKey() == null) {
+ kdcRequest.needAsKey();
+ }
+ outPadata.addElement(makeEntry(kdcRequest));
+ }
+
+ @Override
+ public boolean process(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataEntry inPadata,
+ PaData outPadata) throws KrbException {
+
+ if (kdcRequest.getAsKey() == null) {
+ kdcRequest.needAsKey();
+ }
+ outPadata.addElement(makeEntry(kdcRequest));
+
+ return true;
+ }
+
+ @Override
+ public PaFlags getFlags(PaDataType paType) {
+ PaFlags paFlags = new PaFlags(0);
+ paFlags.setFlag(PaFlag.PA_REAL);
+
+ return paFlags;
+ }
+
+ private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
+ PaEncTsEnc paTs = new PaEncTsEnc();
+ paTs.setPaTimestamp(kdcRequest.getPreauthTime());
+
+ EncryptedData paDataValue = EncryptionUtil.seal(paTs,
+ kdcRequest.getAsKey(), KeyUsage.AS_REQ_PA_ENC_TS);
+ PaDataEntry tsPaEntry = new PaDataEntry();
+ tsPaEntry.setPaDataType(PaDataType.ENC_TIMESTAMP);
+ tsPaEntry.setPaDataValue(paDataValue.encode());
+
+ return tsPaEntry;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
new file mode 100644
index 0000000..db26f7d
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/builtin/TgtPreauth.java
@@ -0,0 +1,47 @@
+package org.apache.kerberos.kerb.client.preauth.builtin;
+
+import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.client.request.TgsRequest;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.builtin.TgtPreauthMeta;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class TgtPreauth extends AbstractPreauthPlugin {
+
+ public TgtPreauth() {
+ super(new TgtPreauthMeta());
+ }
+
+ public void tryFirst(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaData outPadata) throws KrbException {
+
+ outPadata.addElement(makeEntry(kdcRequest));
+ }
+
+ @Override
+ public boolean process(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataEntry inPadata,
+ PaData outPadata) throws KrbException {
+
+ outPadata.addElement(makeEntry(kdcRequest));
+
+ return true;
+ }
+
+ private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
+
+ TgsRequest tgsRequest = (TgsRequest) kdcRequest;
+
+ PaDataEntry paEntry = new PaDataEntry();
+ paEntry.setPaDataType(PaDataType.TGS_REQ);
+ paEntry.setPaDataValue(tgsRequest.getApReq().encode());
+
+ return paEntry;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
new file mode 100644
index 0000000..9c373cd
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitContext.java
@@ -0,0 +1,11 @@
+package org.apache.kerberos.kerb.client.preauth.pkinit;
+
+import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
+import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
+
+public class PkinitContext {
+
+ public PluginOpts pluginOpts = new PluginOpts();
+ public IdentityOpts identityOpts = new IdentityOpts();
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
new file mode 100644
index 0000000..6a9f856
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -0,0 +1,214 @@
+package org.apache.kerberos.kerb.client.preauth.pkinit;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOption;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.preauth.PaFlag;
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.pkinit.PkinitIdenity;
+import org.apache.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerberos.kerb.spec.pa.pkinit.*;
+import org.apache.kerberos.kerb.spec.x509.SubjectPublicKeyInfo;
+
+public class PkinitPreauth extends AbstractPreauthPlugin {
+
+ private PkinitContext pkinitContext;
+
+ public PkinitPreauth() {
+ super(new PkinitPreauthMeta());
+ }
+
+ @Override
+ public void init(KrbContext context) {
+ super.init(context);
+ this.pkinitContext = new PkinitContext();
+ }
+
+ @Override
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
+ PkinitRequestContext reqCtx = new PkinitRequestContext();
+
+ reqCtx.updateRequestOpts(pkinitContext.pluginOpts);
+
+ return reqCtx;
+ }
+
+ @Override
+ public void setPreauthOptions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ KrbOptions options) {
+ if (options.contains(KrbOption.PKINIT_X509_IDENTITY)) {
+ pkinitContext.identityOpts.identity =
+ options.getStringOption(KrbOption.PKINIT_X509_IDENTITY);
+ }
+
+ if (options.contains(KrbOption.PKINIT_X509_ANCHORS)) {
+ pkinitContext.identityOpts.anchors.add(
+ options.getStringOption(KrbOption.PKINIT_X509_ANCHORS));
+ }
+
+ if (options.contains(KrbOption.PKINIT_USING_RSA)) {
+ pkinitContext.pluginOpts.usingRsa =
+ options.getBooleanOption(KrbOption.PKINIT_USING_RSA);
+ }
+
+ }
+
+ @Override
+ public void prepareQuestions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) {
+
+ PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
+
+ if (!reqCtx.identityInitialized) {
+ PkinitIdenity.initialize(reqCtx.identityOpts, kdcRequest.getClientPrincipal());
+ reqCtx.identityInitialized = true;
+ }
+
+ // Might have questions asking for password to access the private key
+ }
+
+ public void tryFirst(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaData outPadata) throws KrbException {
+
+ }
+
+ @Override
+ public boolean process(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataEntry inPadata,
+ PaData outPadata) throws KrbException {
+
+ PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
+ if (inPadata == null) return false;
+
+ boolean processingRequest = false;
+ switch (inPadata.getPaDataType()) {
+ case PK_AS_REQ:
+ processingRequest = true;
+ break;
+ case PK_AS_REP:
+ break;
+ }
+
+ if (processingRequest) {
+ generateRequest(reqCtx, kdcRequest, outPadata);
+ } else {
+ EncryptionType encType = kdcRequest.getEncType();
+ processReply(kdcRequest, reqCtx, inPadata, encType);
+ }
+
+ return false;
+ }
+
+ private void generateRequest(PkinitRequestContext reqCtx, KdcRequest kdcRequest,
+ PaData outPadata) {
+
+ }
+
+ private PaPkAsReq makePaPkAsReq(PkinitContext pkinitContext, PkinitRequestContext reqCtx,
+ KerberosTime ctime, int cusec, int nonce, byte[] checksum,
+ PrincipalName client, PrincipalName server) {
+
+ PaPkAsReq paPkAsReq = new PaPkAsReq();
+ AuthPack authPack = new AuthPack();
+ SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo();
+ PkAuthenticator pkAuthen = new PkAuthenticator();
+
+ boolean usingRsa = reqCtx.requestOpts.usingRsa;
+ PaDataType paType = reqCtx.paType = PaDataType.PK_AS_REQ;
+
+ pkAuthen.setCtime(ctime);
+ pkAuthen.setCusec(cusec);
+ pkAuthen.setNonce(nonce);
+ pkAuthen.setPaChecksum(checksum);
+
+ authPack.setPkAuthenticator(pkAuthen);
+ DHNonce dhNonce = new DHNonce();
+ authPack.setClientDhNonce(dhNonce);
+ authPack.setClientPublicValue(pubInfo);
+
+ authPack.setsupportedCmsTypes(pkinitContext.pluginOpts.createSupportedCMSTypes());
+
+ if (usingRsa) {
+ // DH case
+ } else {
+ authPack.setClientPublicValue(null);
+ }
+
+ byte[] signedAuthPack = signAuthPack(pkinitContext, reqCtx, authPack);
+ paPkAsReq.setSignedAuthPack(signedAuthPack);
+
+ TrustedCertifiers trustedCertifiers = pkinitContext.pluginOpts.createTrustedCertifiers();
+ paPkAsReq.setTrustedCertifiers(trustedCertifiers);
+
+ byte[] kdcPkId = pkinitContext.pluginOpts.createIssuerAndSerial();
+ paPkAsReq.setKdcPkId(kdcPkId);
+
+ return paPkAsReq;
+ }
+
+ private byte[] signAuthPack(PkinitContext pkinitContext,
+ PkinitRequestContext reqCtx, AuthPack authPack) {
+ return null;
+ }
+
+ private void processReply(KdcRequest kdcRequest,
+ PkinitRequestContext reqCtx,
+ PaDataEntry inPadata,
+ EncryptionType encType) {
+
+ EncryptionKey asKey = null;
+
+ // TODO
+
+ kdcRequest.setAsKey(asKey);
+ }
+
+ @Override
+ public boolean tryAgain(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataType preauthType,
+ PaData errPadata,
+ PaData outPadata) {
+
+ PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
+ if (reqCtx.paType != preauthType && errPadata == null) {
+ return false;
+ }
+
+ boolean doAgain = false;
+ for (PaDataEntry pde : errPadata.getElements()) {
+ switch (pde.getPaDataType()) {
+ // TODO
+ }
+ }
+
+ if (doAgain) {
+ generateRequest(reqCtx, kdcRequest, outPadata);
+ }
+
+ return false;
+ }
+
+ @Override
+ public PaFlags getFlags(PaDataType paType) {
+ PaFlags paFlags = new PaFlags(0);
+ paFlags.setFlag(PaFlag.PA_REAL);
+
+ return paFlags;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
new file mode 100644
index 0000000..ef008cb
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
@@ -0,0 +1,25 @@
+package org.apache.kerberos.kerb.client.preauth.pkinit;
+
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
+import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class PkinitRequestContext implements PluginRequestContext {
+
+ public PkinitRequestOpts requestOpts = new PkinitRequestOpts();
+ public IdentityOpts identityOpts = new IdentityOpts();
+ public boolean doIdentityMatching;
+ public PaDataType paType;
+ public boolean rfc6112Kdc;
+ public boolean identityInitialized;
+ public boolean identityPrompted;
+
+ public void updateRequestOpts(PluginOpts pluginOpts) {
+ requestOpts.requireEku = pluginOpts.requireEku;
+ requestOpts.acceptSecondaryEku = pluginOpts.acceptSecondaryEku;
+ requestOpts.allowUpn = pluginOpts.allowUpn;
+ requestOpts.usingRsa = pluginOpts.usingRsa;
+ requestOpts.requireCrlChecking = pluginOpts.requireCrlChecking;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java
new file mode 100644
index 0000000..af31dc4
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/pkinit/PkinitRequestOpts.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.client.preauth.pkinit;
+
+public class PkinitRequestOpts {
+
+ // From MIT Krb5 _pkinit_plg_opts
+
+ // require EKU checking (default is true)
+ public boolean requireEku = true;
+ // accept secondary EKU (default is false)
+ public boolean acceptSecondaryEku = false;
+ // allow UPN-SAN instead of pkinit-SAN
+ public boolean allowUpn = true;
+ // selects DH or RSA based pkinit
+ public boolean usingRsa = true;
+ // require CRL for a CA (default is false)
+ public boolean requireCrlChecking = false;
+ // initial request DH modulus size (default=1024)
+ public int dhSize = 1024;
+
+ public boolean requireHostnameMatch = true;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java
new file mode 100644
index 0000000..cb3f3d4
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenContext.java
@@ -0,0 +1,9 @@
+package org.apache.kerberos.kerb.client.preauth.token;
+
+import org.haox.token.KerbToken;
+
+public class TokenContext {
+
+ public boolean usingIdToken = true;
+ public KerbToken token = null;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java
new file mode 100644
index 0000000..c8613f9
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenPreauth.java
@@ -0,0 +1,105 @@
+package org.apache.kerberos.kerb.client.preauth.token;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOption;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.client.request.KdcRequest;
+import org.apache.kerberos.kerb.preauth.PaFlag;
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.token.TokenPreauthMeta;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.haox.token.KerbToken;
+
+import java.util.Collections;
+import java.util.List;
+
+public class TokenPreauth extends AbstractPreauthPlugin {
+
+ private TokenContext tokenContext;
+
+ public TokenPreauth() {
+ super(new TokenPreauthMeta());
+ }
+
+ public void init(KrbContext context) {
+ super.init(context);
+ this.tokenContext = new TokenContext();
+ }
+
+ @Override
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
+ TokenRequestContext reqCtx = new TokenRequestContext();
+
+ return reqCtx;
+ }
+
+ @Override
+ public void prepareQuestions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) {
+
+ }
+
+ @Override
+ public List<EncryptionType> getEncTypes(KdcRequest kdcRequest,
+ PluginRequestContext requestContext) {
+ return Collections.emptyList();
+ }
+
+ @Override
+ public void setPreauthOptions(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ KrbOptions options) {
+
+ tokenContext.usingIdToken = options.getBooleanOption(KrbOption.TOKEN_USING_IDTOKEN);
+ if (tokenContext.usingIdToken) {
+ if (options.contains(KrbOption.TOKEN_USER_ID_TOKEN)) {
+ tokenContext.token =
+ (KerbToken) options.getOptionValue(KrbOption.TOKEN_USER_ID_TOKEN);
+ }
+ } else {
+ if (options.contains(KrbOption.TOKEN_USER_AC_TOKEN)) {
+ tokenContext.token =
+ (KerbToken) options.getOptionValue(KrbOption.TOKEN_USER_AC_TOKEN);
+ }
+ }
+
+ }
+
+ public void tryFirst(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaData outPadata) throws KrbException {
+
+ }
+
+ @Override
+ public boolean process(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataEntry inPadata,
+ PaData outPadata) throws KrbException {
+
+ return false;
+ }
+
+ @Override
+ public boolean tryAgain(KdcRequest kdcRequest,
+ PluginRequestContext requestContext,
+ PaDataType preauthType,
+ PaData errPadata,
+ PaData outPadata) {
+ return false;
+ }
+
+ @Override
+ public PaFlags getFlags(PaDataType paType) {
+ PaFlags paFlags = new PaFlags(0);
+ paFlags.setFlag(PaFlag.PA_REAL);
+
+ return paFlags;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java
new file mode 100644
index 0000000..a31e3d1
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/preauth/token/TokenRequestContext.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.client.preauth.token;
+
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class TokenRequestContext implements PluginRequestContext {
+
+ public boolean doIdentityMatching;
+ public PaDataType paType;
+ public boolean identityInitialized;
+ public boolean identityPrompted;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java
new file mode 100644
index 0000000..74b81e6
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequest.java
@@ -0,0 +1,108 @@
+package org.apache.kerberos.kerb.client.request;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.KrbConstant;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.kdc.*;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+
+import java.io.IOException;
+import java.util.List;
+
+public class AsRequest extends KdcRequest {
+
+ private PrincipalName clientPrincipal;
+ private EncryptionKey clientKey;
+
+ public AsRequest(KrbContext context) {
+ super(context);
+
+ setServerPrincipal(makeTgsPrincipal());
+ }
+
+ public PrincipalName getClientPrincipal() {
+ return clientPrincipal;
+ }
+
+ public void setClientPrincipal(PrincipalName clientPrincipal) {
+ this.clientPrincipal = clientPrincipal;
+ }
+
+ public void setClientKey(EncryptionKey clientKey) {
+ this.clientKey = clientKey;
+ }
+
+ public EncryptionKey getClientKey() throws KrbException {
+ return clientKey;
+ }
+
+ @Override
+ public void process() throws KrbException {
+ super.process();
+
+ KdcReqBody body = makeReqBody();
+
+ AsReq asReq = new AsReq();
+ asReq.setReqBody(body);
+ asReq.setPaData(getPreauthContext().getOutputPaData());
+
+ setKdcReq(asReq);
+ }
+
+ @Override
+ public void processResponse(KdcRep kdcRep) throws KrbException {
+ setKdcRep(kdcRep);
+
+ PrincipalName clientPrincipal = getKdcRep().getCname();
+ String clientRealm = getKdcRep().getCrealm();
+ clientPrincipal.setRealm(clientRealm);
+ if (! clientPrincipal.equals(getClientPrincipal())) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_NAME_MISMATCH);
+ }
+
+ byte[] decryptedData = decryptWithClientKey(getKdcRep().getEncryptedEncPart(),
+ KeyUsage.AS_REP_ENCPART);
+ EncKdcRepPart encKdcRepPart = new EncAsRepPart();
+ try {
+ encKdcRepPart.decode(decryptedData);
+ } catch (IOException e) {
+ throw new KrbException("Failed to decode EncAsRepPart", e);
+ }
+ getKdcRep().setEncPart(encKdcRepPart);
+
+ if (getChosenNonce() != encKdcRepPart.getNonce()) {
+ throw new KrbException("Nonce didn't match");
+ }
+
+ PrincipalName serverPrincipal = encKdcRepPart.getSname();
+ serverPrincipal.setRealm(encKdcRepPart.getSrealm());
+ if (! serverPrincipal.equals(getServerPrincipal())) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
+ }
+
+ HostAddresses hostAddresses = getHostAddresses();
+ if (hostAddresses != null) {
+ List<HostAddress> requestHosts = hostAddresses.getElements();
+ if (!requestHosts.isEmpty()) {
+ List<HostAddress> responseHosts = encKdcRepPart.getCaddr().getElements();
+ for (HostAddress h : requestHosts) {
+ if (!responseHosts.contains(h)) {
+ throw new KrbException("Unexpected client host");
+ }
+ }
+ }
+ }
+ }
+
+ public TgtTicket getTicket() {
+ TgtTicket TgtTicket = new TgtTicket(getKdcRep().getTicket(),
+ (EncAsRepPart) getKdcRep().getEncPart(), getKdcRep().getCname().getName());
+ return TgtTicket;
+ }
+
+ private PrincipalName makeTgsPrincipal() {
+ return new PrincipalName(KrbConstant.TGS_PRINCIPAL + "@" + getContext().getKdcRealm());
+ }
+}
[38/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/utilities.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/utilities.html b/3rdparty/not-yet-commons-ssl/docs/utilities.html
new file mode 100644
index 0000000..76ec47c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/utilities.html
@@ -0,0 +1,91 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - Utilities</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<span class="hl" href="utilities.html">utilities</span> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Ping</h2>
+
+<p>"org.apache.commons.ssl.Ping" contains a main method to help you diagnose SSL issues.
+It's modeled on OpenSSL's very handy "s_client" utility. We've been very careful to
+make sure "org.apache.commons.ssl.Ping" can execute without any additional jar files
+on the classpath (except if using Java 1.3 - then you'll need jsse.jar).</p>
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>"Ping" Utility Attempts "HEAD / HTTP/1.1" Request</b></u>
+This utility is very handy because it can get you the server's public
+certificate even if your client certificate is bad (so even though the SSL
+handshake fails). And unlike "openssl s_client", this utility can bind
+against any IP address available.
+
+Usage: java -jar not-yet-commons-ssl-0.3.13.jar [options]
+Version 0.3.13 compiled=[PST:2014-05-08/14:42:18.000]
+Options: (*=required)
+* -t --target [hostname[:port]] default port=443
+ -b --bind [hostname[:port]] default port=0 "ANY"
+ -r --proxy [hostname[:port]] default port=80
+ -tm --trust-cert [path to trust material] {pem, der, crt, jks}
+ -km --client-cert [path to client's private key] {jks, pkcs12, pkcs8}
+ -cc --cert-chain [path to client's cert chain for pkcs8/OpenSSL key]
+ -p --password [client cert password]
+ -h --host-header [http-host-header] in case -t is an IP address
+ -u --path [path for GET/HEAD request] default=/
+ -m --method [http method to use] default=HEAD
+
+Example:
+
+java -jar not-yet-commons-ssl.jar -t host.com:443 -c ./client.pfx -p `cat ./pass.txt`</pre><br clear="all"/>
+
+<p style="margin-top: 8px;"><b>TODO:</b><br/>Apparently Java 6.0 includes support for grabbing passwords from
+standard-in without echoing the typed characters. Would be nice to use that feature when it's
+available, instead of requiring the password to be specified as a command-line argument.</p>
+
+<hr/>
+<h2>KeyStoreBuilder</h2>
+<p>org.apache.commons.ssl.KeyStoreBuilder is able to convert OpenSSL style public/private keys into
+Java KeyStore files. It can also convert Java Keystore files into the PEM format that Apache likes.</p>
+
+<p><code>java -cp not-yet-commons-ssl-0.3.13.jar org.apache.commons.ssl.KeyStoreBuilder</code></p>
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>KeyStoreBuilder converts PKCS12 and PKCS8 to Java "Keystore"</b></u>
+
+KeyStoreBuilder: creates '[alias].jks' (Java Key Store)
+ -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8)
+[alias] will be set to the first CN value of the X509 certificate.
+-------------------------------------------------------------------
+Usage1: [password] [file:pkcs12]
+Usage2: [password] [file:private-key] [file:certificate-chain]
+Usage3: -topk8 [password] [file:jks]
+-------------------------------------------------------------------
+[private-key] can be openssl format, or pkcs8.
+[password] decrypts [private-key], and also encrypts outputted JKS file.
+All files can be PEM or DER.
+</pre><br clear="all"/>
+
+
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar b/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar
new file mode 100644
index 0000000..71fd59e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/not-yet-commons-ssl-0.3.16.jar differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/pom.xml
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/pom.xml b/3rdparty/not-yet-commons-ssl/pom.xml
new file mode 100644
index 0000000..5d79a5c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/pom.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>3rdparty</artifactId>
+ <groupId>org.haox</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>not-yet-commons-ssl</artifactId>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.18</version>
+ <configuration>
+ <skipTests>true</skipTests>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <profiles>
+ <profile>
+ <id>runTests</id>
+ <activation>
+ <property>
+ <name>runTests</name>
+ <value>true</value>
+ </property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <skipTests>false</skipTests>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-ext-jdk15on</artifactId>
+ <version>1.51</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.13</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.9.5</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/PASSWORD.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/PASSWORD.txt b/3rdparty/not-yet-commons-ssl/samples/PASSWORD.txt
new file mode 100644
index 0000000..ceda279
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/PASSWORD.txt
@@ -0,0 +1,3 @@
+Password for decrypting any of these files is
+always "changeit".
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/README.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/README.txt b/3rdparty/not-yet-commons-ssl/samples/README.txt
new file mode 100644
index 0000000..ceda279
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/README.txt
@@ -0,0 +1,3 @@
+Password for decrypting any of these files is
+always "changeit".
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/CA.sh
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/CA.sh b/3rdparty/not-yet-commons-ssl/samples/ca/CA.sh
new file mode 100644
index 0000000..22e9df6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/CA.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+echo
+echo "WARNING: This script creates fake test SSL certificates that expire after 2038."
+echo " Because of date/time issues on 32 bit unix with dates after 2038, this"
+echo " script can only be run on 64 bit unix machines."
+echo
+
+export DAYS=14610 # 40 years
+export ROOT_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=root/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export RSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=rsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export DSA_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=dsa-intermediate/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+export TEST_SUBJ="/1.2.840.113549.1.9.1=juliusdavies@gmail.com/CN=test/OU=not-yet-commons-ssl/O=juliusdavies.ca/L=Victoria/ST=BC/C=CA";
+
+export CA=root
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+export ROOT_PRIV=$PRIV
+mkdir -p $PRIV
+mkdir -p $CA/newcerts
+touch $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+ date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $ROOT_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config $CA.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -selfsign -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=rsa-intermediate
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+mkdir -p $PRIV
+mkdir -p $CA/newcerts
+touch $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+ date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl req -newkey rsa:2048 -days $DAYS -nodes -subj $RSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=dsa-intermediate
+sed s/demoCA/$CA/ openssl.cnf > $CA.cnf
+export PRIV=$CA/private
+mkdir -p $PRIV
+mkdir -p $CA/newcerts
+touch $CA/index.txt
+if [ ! -f "$CA/serial" ]; then
+ date +%Y%m%d > $CA/serial
+fi
+echo
+echo "Attempting to make $CA/cacert.pem"
+openssl dsaparam -genkey 2048 -out $CA/dsa.params
+openssl req -newkey dsa:$CA/dsa.params -days $DAYS -nodes -subj $DSA_SUBJ -keyout $PRIV/cakey.pem -out $CA/careq.pem
+openssl ca -config root.cnf -create_serial -out $CA/cacert.pem -days $DAYS -batch -keyfile $ROOT_PRIV/cakey.pem -extensions v3_ca -infiles $CA/careq.pem
+
+
+export CA=dsa-intermediate
+export PRIV=$CA/private
+echo
+echo "Attempting to make test-dsa-cert.pem"
+openssl req -new -key rsa.key -days $DAYS -subj $TEST_SUBJ -out testreq.pem
+openssl ca -config dsa-intermediate.cnf -create_serial -out test-dsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
+
+export CA=rsa-intermediate
+export PRIV=$CA/private
+echo
+echo "Attempting to make test-rsa-cert.pem"
+openssl ca -config rsa-intermediate.cnf -create_serial -out test-rsa-cert.pem -days $DAYS -batch -keyfile $PRIV/cakey.pem -infiles testreq.pem
+
+cat test-rsa-cert.pem rsa-intermediate/cacert.pem root/cacert.pem > test-rsa-chain.pem
+cat test-dsa-cert.pem dsa-intermediate/cacert.pem root/cacert.pem > test-dsa-chain.pem
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/clean.sh
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/clean.sh b/3rdparty/not-yet-commons-ssl/samples/ca/clean.sh
new file mode 100644
index 0000000..e190163
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/clean.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+find -iname \*.pem -exec rm {} \;
+find -iname \*.txt\* -exec rm {} \;
+find -iname \*serial\* -exec rm {} \;
+rm -f root.cnf rsa-intermediate.cnf dsa-intermediate.cnf dsa-intermediate/dsa.params
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/cacert.pem b/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/cacert.pem
new file mode 100644
index 0000000..5431c90
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/cacert.pem
@@ -0,0 +1,137 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462055 (0x20090527)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
+ e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
+ c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
+ f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
+ fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
+ cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
+ ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
+ 52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
+ 3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
+ d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
+ f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
+ 92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
+ 42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
+ 3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
+ 5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
+ f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
+ b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
+ cf
+ P:
+ 00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
+ 60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
+ fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
+ aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
+ 49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
+ 82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
+ 69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
+ 50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
+ 59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
+ 4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
+ 1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
+ f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
+ 9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
+ 7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
+ ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
+ 88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
+ 30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
+ f2:89
+ Q:
+ 00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
+ 12:82:05:7b:2e:af
+ G:
+ 00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
+ 26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
+ 5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
+ 90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
+ f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
+ 15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
+ c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
+ d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
+ 87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
+ 17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
+ 0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
+ 20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
+ 20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
+ b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
+ 93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
+ e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
+ 0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
+ 1e:a4
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
+ ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
+ 73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
+ 6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
+ 01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
+ 6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
+ 47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
+ 43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
+ 18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
+ 98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
+ bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
+ cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
+ ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
+ 48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
+ f2:97:8e:56
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/dsa.params
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/dsa.params b/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/dsa.params
new file mode 100644
index 0000000..5b4d97f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/dsa.params
@@ -0,0 +1,34 @@
+-----BEGIN DSA PARAMETERS-----
+MIICIQKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByuXHDo
+GzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRnsNLjD
+GyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487AiqpN
+BzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBucoMv8
+V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6tYc1
+YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIFey6v
+AoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0j24q
+D5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I5cTa
+DEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xebMqBh
+IG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0ryVhg
+twIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8SsauTOyD
+hfqY7Qujj6A1ONSflv3zsrWA1R6k
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPwIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
+XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
+NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
+iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
+oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
+tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
+ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
+j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
+5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
+MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
+yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
+TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAEv2b206JjZOeRVQ6R4gmCGhxCL6
+v8K/geGdHOzveYLGc+eaSfEP2X9F64rq4lf7kZSfjlwbCa7wPFiudQwTqIvtz6AO
+7tYfDk5BKsSqxfHChYHbTK5bUIvPapMH+aATdX0haXRRvNGY/V7lAPoBSwpWpPzG
+17rz29tysLZWvaDJK05Vwg+UmJB3AG4zyJGD/Zw2Ub/Eik1rL2N7p6ewa7EsTG4H
+pZAYwCJvAhidpaLfpoFxmF7VsMU+e/SwV++sbElb/a9szjbRc80jTyDHdxTO+hCS
+6MJjQkev4Bzy4+DO/PrCESoZymg4skRkVVc0knpSuGUviPZejvkdVo26mlsCFQCW
+c8bFDKclUXmeh6vxr7RGih+SKg==
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/private/cakey.pem b/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/private/cakey.pem
new file mode 100644
index 0000000..adc6d0b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/dsa-intermediate/private/cakey.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPgIBAAKCAQEAj1qANFPhUmiMz5vVegFgV2P5+AFVnlUXf/TMzdf79x42AByu
+XHDoGzPvuI2qaSpm8Ej9uyWC61a+rMpJbn8X/TthV6cUweuZXWuCA9scGColBRns
+NLjDGyxpiTd7hZvAqTmEQ/FgC5FQ4LWTPK0cuDNOmwDtzWBZm1cEe8D7LUlF487A
+iqpNBzpDoz0GcGb8n7KP1sUfpXsANqlCXlDbODSMSsb2OliapleT905Vi0bwsBuc
+oMv8V5G+bUdWqdFGzUN7/ySWCt3X2LdYjmqh6yq6QAr20VN8hAb8FBzVM3mIu0/6
+tYc1YQ2wewe7dHwwp6NgfXam0UYrhKKaKGHyiQIVAL+Htt2mYg+IokSlmay5EoIF
+ey6vAoIBAQCGN70dYBIl9QF/fuDn3ib0PdR1/pFBQbPGcH9xxl5OwQ8+zL6cC9+0
+j24qD5BbIBR1xzET4thzc3a2xPVfrLQqJk6Mr4cu9R14aRW1tLfTUuz0yG7FZb2I
+5cTaDEis0y2i2rBydQkdqtlkgLcYMVQH1nqL8763IoccOscvqUuNeQah/xzb8xeb
+MqBhIG43kusnoW+4Ig4mTXGas6Ca+/uRaFtSOyB11TamqsPcUgGHBlhoYiC4qr0r
+yVhgtwIuxE+/7LdDEz+QUWVlqbpIdJ48rZO2AD+TEefN6l8RRLJP0eP9Gai8Ssau
+TOyDhfqY7Qujj6A1ONSflv3zsrWA1R6kAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98
+FOdz1tI2a2LSVsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACf
+w9l1CY2C4MsHZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsur
+GKum+j4x849JdTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKL
+R5Itxh/7IzRW8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pK
+uJFhNUwAdvKyOr2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s8CFDIz
+Am1wgwvcQt/K9JADNgPY9gyS
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/openssl.cnf
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/openssl.cnf b/3rdparty/not-yet-commons-ssl/samples/ca/openssl.cnf
new file mode 100644
index 0000000..9e59020
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/openssl.cnf
@@ -0,0 +1,313 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/root/cacert.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/root/cacert.pem b/3rdparty/not-yet-commons-ssl/samples/ca/root/cacert.pem
new file mode 100644
index 0000000..bb8bf4b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/root/cacert.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:28 2009 GMT
+ Not After : May 25 21:44:28 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+ 59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+ e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+ dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+ 29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+ 28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+ f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+ 49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+ 89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+ f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+ 4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+ 3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+ 1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+ 8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+ a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+ 3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+ 7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+ d2:15
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+ af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+ 18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+ 7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+ ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+ 35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+ 65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+ 6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+ 2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+ 67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+ fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+ b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+ 29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+ f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+ 52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/root/private/cakey.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/root/private/cakey.pem b/3rdparty/not-yet-commons-ssl/samples/ca/root/private/cakey.pem
new file mode 100644
index 0000000..d4bb17a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/root/private/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAudsEFoxB65HEuNEacyhZCbh6tQVA208rY3u/AXDhDUwJOjtj
+niIT+lXRvOjdMXHfDaYLKSnM2r1pXMspfmyMk4LHiwDqC4w1XP4oEs+6ESRIvAru
+N1Sj8pvydpR9VsBSNfD/yIwIfrBJxS/9QZIG6MJxDfZw5ZOJgKITQ6xTVroaRESY
+zbr5OpMgcTSTDz80NC5TstdKIj6JCsNuEkC68yJtOGM78O9CKy300vipds4TN84a
+pL1CoHtx3w4/kxCdIgqLYZLGTP7nv1b0XNOFmJKi3NE9+G4+rOGHL+H7MNU9JPzZ
+0ay5ypxB/2Cq5Fd+sZOsT2S1CtNXThJoWxjSFQIDAQABAoIBAH6oCRMspkfZYQzq
+Q3IzDuqW89ilKdvLCjCTxkk/Gb+sD6XFj0/WvXKeRX7N2t+1UGLGw1hcCiUPa9w2
+/6IOa4ajW0UZbGZOOJeVBM49DfpclczATjMa1VeiewvgicIy8lOcV1PeSnO7w6pD
+1/11fIvm5pCzX6C0eMJWsXYu2+R/abc1VJPsm+lJ4dTErAM0MQNjbpSB7rth5AAh
+V4e1W6SU0IqMZbTfFYwwgwUHSW8Q3wk30yY0tiMoblNaDfYomoGK1ekfCpdE9eve
+okGGs5Nv3q4h1gJsUPF9oSWcCuMW3zTKH6DUtuuE08Q9x1Z/g1YralWV4WnApSSS
+iZy3k4kCgYEA4G5lOblwaZ3rmV4h76lwwOderqwdLs0T4p7TUalgg+fiy2ifC37d
+VXyk/ZEw9nqWH1C9QIUpM6VH0l/cYxCAt94ioYkZZYQmGZVGzBOdIA4LEdP1juN4
+fCOuesxSaRu2DEVf3J7U1XsOsLPT9cUb/UtgmUqVrcprSiYDmYWU+cMCgYEA0/+J
+qytZi5PFZWa+rBxm6zb1WXrIzs3AavVWG2ryGjZuLjO0ADLDDPTvNI6WGo807PpX
+2ISq7VAFCWm1kukgUFNc7a+uIAMHV4USW5MRnTtc91C71iBabYs2uYJnP9KZKjnz
+1kji6+jz4wbHyIddkMwKVCmMmdHHlhXpj4vUb0cCgYAdUE4IbCAyq13KenEUTJ1d
+lNrZFcH6Cu89+mC/mc/xaqhEyTV82uUt9UnXlM9AYmKZVIJjmwD2re/jmoG+rrkh
+SvJbBv06NTiEvuqwXR94wFzRx02bjDqAfGidwXJCKExu7eDHgDdsatZQXiyhPU2a
+l+3WF9fVC0tYM/7kXn5G4QKBgF1AnrIok28ORVphY6YZqDv3JN2DYSl24BksagAN
+fwmAv96a56berWXZqA8aWXS9Ya6MQHABi55wAIcvdKt22Lv8r3fuO03hhy08X+Lg
+QnNDVZWEcduyx5RAFIZtkjVE0hL9AwFTdl4HTqCirubKhKHY3wI+dJaE7KJcaSy3
+eW6pAoGAayYZFNrDqHJJl8urrX2k6K+m+VE0xU94h9Vx4MpRa/f9bZ0U8YVNdTkZ
+BR6kUHOpOFO166jcBZJX3V305IbQB5TeysIyYqBaMATDc6tAEB+Celoz3+hw/Je2
+bIiQgdtctH4MarQkGlokUGjEz2aMg0l7vecgxQE88l/svAF3vmA=
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/cacert.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/cacert.pem b/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/cacert.pem
new file mode 100644
index 0000000..ac2c117
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/cacert.pem
@@ -0,0 +1,86 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462054 (0x20090526)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:29 2009 GMT
+ Not After : May 25 21:44:29 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ce:1b:db:73:49:85:a4:3c:42:14:84:6a:7d:47:
+ 78:d2:e1:58:27:ed:e4:78:5e:5d:2b:ee:c3:29:c5:
+ a2:d2:6f:f3:0e:0a:d6:d6:7f:5a:f7:30:6f:c9:8f:
+ ad:fe:53:22:46:aa:5e:0b:f6:e8:21:f3:dc:5f:75:
+ 9b:55:c5:07:ab:75:54:fd:9b:2e:31:da:12:45:3c:
+ 7b:1e:27:f6:a1:5b:5d:ac:0a:b4:e8:dd:d3:ba:ff:
+ af:f1:43:31:4c:5b:5e:73:d4:a8:ce:93:b9:f1:9d:
+ 8b:17:1f:16:74:4f:9a:07:80:7c:1a:41:a6:49:21:
+ 2a:a8:83:75:18:3d:ed:17:8b:8b:b4:f8:46:d3:28:
+ 25:35:e1:17:df:e6:b4:f7:87:a7:71:0f:a0:b5:22:
+ 4d:48:35:2c:a3:dc:fc:58:33:76:fb:07:cf:fb:64:
+ e9:fa:05:a8:be:63:eb:32:48:01:10:fd:44:a2:79:
+ 72:5d:33:62:1b:ad:f4:60:3f:7d:59:9c:07:cf:9c:
+ b1:b5:e7:18:84:5e:ec:e0:78:6c:53:f0:cf:67:8d:
+ 91:95:73:72:de:70:c7:ca:ea:27:6f:d2:61:c8:7d:
+ a5:28:28:61:c8:c9:e9:6b:7e:ae:07:9d:36:87:04:
+ a4:97:1c:1d:f5:39:cb:b2:8a:32:8d:25:68:05:2d:
+ 86:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 03:b6:83:af:6c:ff:2b:21:12:b9:8a:cd:8e:2f:d9:1a:28:88:
+ 0c:9f:f1:6b:73:fb:76:3f:70:d8:cd:ce:5a:f6:0f:08:6a:0a:
+ a3:f7:ad:b2:72:19:eb:0e:9c:36:bb:a4:fb:3f:90:78:ba:45:
+ ee:da:c9:8e:a0:ef:b3:ac:05:4c:f4:b4:37:18:0d:bb:20:5d:
+ f4:e7:b3:77:ea:56:0c:ad:81:42:80:04:92:ca:3b:73:ed:35:
+ d5:35:f6:9f:95:a2:2d:81:4d:e6:3a:3c:13:64:f1:0f:36:7e:
+ 90:c2:a0:37:c6:19:9e:13:47:92:a3:e8:18:3d:f4:d8:a0:83:
+ 80:0f:7b:a7:57:9c:60:6c:6a:3e:d4:1d:cc:5e:8c:13:7f:1c:
+ d7:f6:df:ad:ae:0a:95:12:f1:71:c2:70:98:d1:2f:6c:f0:24:
+ 43:b4:7e:a4:e4:31:d4:bc:50:90:03:4b:34:ba:a3:d0:fd:f5:
+ 01:17:eb:11:83:44:86:65:17:bf:89:00:c7:93:d6:70:7e:0b:
+ 4b:93:dc:f9:92:50:4c:3e:11:23:c5:50:1c:49:bd:8c:0c:2c:
+ 60:1c:d8:e6:5f:a4:fa:21:db:8c:62:bf:74:a3:83:1c:8d:cc:
+ 8e:34:8c:16:1c:c6:71:63:89:c2:c4:45:0c:90:71:98:68:2f:
+ 9d:a7:87:f7
+-----BEGIN CERTIFICATE-----
+MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
+NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
+j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
+QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
+5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
+P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
+nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
+rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
+IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
+D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
+MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
+LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
+bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
+ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
+OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
+rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
+fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
+xEUMkHGYaC+dp4f3
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/private/cakey.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/private/cakey.pem b/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/private/cakey.pem
new file mode 100644
index 0000000..466f54a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/rsa-intermediate/private/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzhvbc0mFpDxCFIRqfUd40uFYJ+3keF5dK+7DKcWi0m/zDgrW
+1n9a9zBvyY+t/lMiRqpeC/boIfPcX3WbVcUHq3VU/ZsuMdoSRTx7Hif2oVtdrAq0
+6N3Tuv+v8UMxTFtec9SozpO58Z2LFx8WdE+aB4B8GkGmSSEqqIN1GD3tF4uLtPhG
+0yglNeEX3+a094encQ+gtSJNSDUso9z8WDN2+wfP+2Tp+gWovmPrMkgBEP1Eonly
+XTNiG630YD99WZwHz5yxtecYhF7s4HhsU/DPZ42RlXNy3nDHyuonb9JhyH2lKChh
+yMnpa36uB502hwSklxwd9TnLsooyjSVoBS2GZQIDAQABAoIBADajAdic69Vut+Gy
+fHw7Xxcf73ueP4t9EFveDlRbdN8uGBNn4i24UwfmCiw3b1tU9GghL48iY8TkXU3c
+4lGpSnA0SVR1N5i1g1RhRQ3ocCO0Ea/SosR8UW1n7F8bfc0NB4vTGvCwDoGzTrTR
+Y+VvWJiWgc+ACbGnHiTPvFGx0NEFjizCrBTWDCSMbHdujEkw/gZt1PhKgJg0DbUj
+M4zLG0YCIR/RSnNHYKgMEl2PXCKHLsMwyH52BMi/lmh47N2H0cC/5YSoCX6s1Y8I
+ZWojgMJVCN4SQInm630hiF8X0r3yQFvig1OYyebpJpqHSJUZ6GGQl5M6p8MFlgam
+BNFakH0CgYEA7F1+SJMOeWB+TnP7ilvYaXzE+aLvJ0/Wl5whyxJCCkMJsz+120Ui
+4ooKbohQF0h1IXJGeFS4hD/DK+3S/mjjBC8TQBtuvWzhk2+C7+Gigke4XjrdJXbB
+b87nDf1EPY9d1lGhVRmVh2APgPxgmw7mb3WgMN3lnh0xknhEoHPYbdMCgYEA3zrv
+pNAnGHg8ALJTHWiyEWrXRIhuOYOJa2oQB4cQeK6ou5UsfzQsd6w2UmwzghOTNtrM
+fvGeHECsTVh8AeNY9sT0GG5BY+DcOlYn3Dgs7UW0w8otZ/D/lmc9+Z/R4hBo/qcY
+h7WkcG5S0TeIiam9bq5EfTUAs5fFvbYRsdAGv+cCgYAuvrq33aVyKbwxBc0Mauec
+zRkjia6kZqy45R7ly2GWJ/XmJkZv6/dfOA+iFoFIaYMIr1HygEbRmM6fhHRC7jlf
+XXQALKy097CQ+O+7QzNhco+qyxdrTlYpJ5EYeishxZW4SgKPEvU4ha3rQ35TjBnU
+lz2sDGZZ48om/nQMC30VEwKBgQDKl5xiQZ8ZsBUUtMKF0Dy7XfGcew0+GUigOZPu
+oP+r5yevhoTptRoeSibKyvQ8OzPB9vTcyL+r+G3njESPGhvlaX32pimmUa7NKt/m
+Fv1/IWIaxuRKjwgHIg+2+vrqZeZEJrY2g/2HJDj5M6Mw/OG1D2eNEotecoG92P1a
+GOfnRQKBgQCe/zEs+IZxrnqMq+B5QIiSBTliZeGApOG7P+TS1MyvIijeIM5d1LNc
+oUtzPUSOz0CwQT669F8C4gOllnXImyHUkivBxgfwLJcOt6NqxfiTIcDqrf7jaNyp
+R8l/GuwFPz/DtBsFizfYmY9cXV5/Ihz9/gmnw0oFgVX2MLVv0CRKZA==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/rsa.key
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/rsa.key b/3rdparty/not-yet-commons-ssl/samples/ca/rsa.key
new file mode 100644
index 0000000..f540dcc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/rsa.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7Plp
+gpjUg4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc
+8BQcwHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTj
+HE5t7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindx
+OSAnAxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfD
+HArDqUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABAoIBAFd6vTKVVT0O/U04
+wTtiptA/p7fkDM5PHVBxh32Wxno5pj8PerIaiduKyuRVh7PvJRMJpw903BrAK95o
+847WWOVOaF7TcKGMBURJUS6maiJS7TboK1ZbUVnsg/I99ArhiVUKGDhlsl/Xd4np
+YPDYztzXLzLXpm7bS6CiuvP762x9dfVu8K+afP8cjH8pfXLq55ghZOUKidRQaYz1
+mNOTQyAQlCQdLRgKlYgqcRHlj0pb28XBJaln3W7Z7GFMWFPojkxx6LaCp8+Jyx2C
+tv54zIZQhMjF37tQyTnfK4Ocl3sCRb+jYV4FkrUnsQE9W2dey0Tms1XB31gfUJlx
+dRZu7zkCgYEA/nWcTwzot2OIAhXoJ2fnqTcpdmj05LHhGcayKjyix7BsVH2I0KpF
+9kXX066tr3+LxZTergl4UpWSl3yx/4kPBQM6np4VVRytn7+cQdEhOczZnBw6x7IZ
+fv81DSNruQDBRAlTtklW4KBY74JKLhaJSvF1F3x32+H+99i1MmCNJRMCgYEAyZpF
+h4c3pM9z+YlmgLdUh/G2abdoamugcQOFbzHbZowsRAxEzdEW9wj2McN6mt8Rn1tc
+tY/+PcYuIK+vcmk9k23GuzxRlJlkaDicHwlAebgVIulFcrStfTlSkXjpuOuusfD9
+2DuHMcUiPx3qElNB0dZJF/axpq7BjTIFENefhZ8CgYACn+vw1M1BtwEcJGW0olm9
+YRhIZGTCRyNvRKFp1h5HuQYlCPZ0UI1QMQA86rxX5xTmANcbLHXVRD2y2lJrtFo3
+TwU3xaGqsxUHZM6TzzhshDRqa9AfZzLkIHXHoOnnip5zuTTn2HHQ91ZzggCJ4Smh
+YEQ47cu+tOIQZGfaESzjiQKBgQCCfnZlDJRq/NFwA40y4fg4arANa+eNgw7+OC5F
+1HrUvQTmIx7iLmZ0Dvv1KDgTSTLJ+MRgzczexYoUJEQnhZGS/Wq2xYt06XlBsOr1
+d/KhFxOvXllSrzrhJJqaiS6YQQ36JijZr2aKQ7UwL7fUlsmy/safWVKStumX8Hmw
+9jFOtwKBgQDmtirdNQ8aKolokD/3bDHPcDsNcybEpiCu8BIltxZAs/LsN1IIxfcp
+mGP2AFt3mbblKbsRM8hDW/X9taeG9s2KGe5wlKOE5lV8YAo4hFoJYN2/0d8Y0K9X
+QAAYU3iPG1zL+a/7TFLJ0u/biqsBg9hnNbMnN/tOeSuKnH2Rx9F1rg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-cert.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-cert.pem b/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-cert.pem
new file mode 100644
index 0000000..d96dc66
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-cert.pem
@@ -0,0 +1,67 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: dsaWithSHA1
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+
+ Signature Algorithm: dsaWithSHA1
+ 30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
+ 83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
+ 48:c2:08:85:5b:9b:7d:07:46:6b:84
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-chain.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-chain.pem b/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-chain.pem
new file mode 100644
index 0000000..7418215
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/test-dsa-chain.pem
@@ -0,0 +1,289 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: dsaWithSHA1
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+
+ Signature Algorithm: dsaWithSHA1
+ 30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
+ 83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
+ 48:c2:08:85:5b:9b:7d:07:46:6b:84
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462055 (0x20090527)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
+ e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
+ c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
+ f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
+ fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
+ cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
+ ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
+ 52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
+ 3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
+ d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
+ f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
+ 92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
+ 42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
+ 3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
+ 5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
+ f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
+ b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
+ cf
+ P:
+ 00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
+ 60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
+ fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
+ aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
+ 49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
+ 82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
+ 69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
+ 50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
+ 59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
+ 4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
+ 1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
+ f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
+ 9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
+ 7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
+ ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
+ 88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
+ 30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
+ f2:89
+ Q:
+ 00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
+ 12:82:05:7b:2e:af
+ G:
+ 00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
+ 26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
+ 5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
+ 90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
+ f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
+ 15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
+ c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
+ d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
+ 87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
+ 17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
+ 0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
+ 20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
+ 20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
+ b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
+ 93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
+ e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
+ 0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
+ 1e:a4
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
+ ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
+ 73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
+ 6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
+ 01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
+ 6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
+ 47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
+ 43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
+ 18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
+ 98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
+ bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
+ cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
+ ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
+ 48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
+ f2:97:8e:56
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:28 2009 GMT
+ Not After : May 25 21:44:28 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+ 59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+ e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+ dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+ 29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+ 28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+ f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+ 49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+ 89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+ f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+ 4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+ 3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+ 1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+ 8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+ a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+ 3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+ 7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+ d2:15
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+ af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+ 18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+ 7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+ ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+ 35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+ 65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+ 6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+ 2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+ 67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+ fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+ b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+ 29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+ f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+ 52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-cert.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-cert.pem b/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-cert.pem
new file mode 100644
index 0000000..e4fa2f0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-cert.pem
@@ -0,0 +1,83 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 02:ea:45:04:9c:7b:79:4b:bc:24:7d:b4:5a:43:fa:cc:06:48:
+ d3:60:3f:a0:04:bc:42:ef:01:cc:0d:75:64:85:0a:86:37:e7:
+ 14:09:29:92:f0:e0:c1:d4:e5:c1:6b:82:82:74:74:74:ae:68:
+ ac:0d:08:d3:95:e4:aa:3b:6a:a7:fd:f6:ea:f1:de:7b:4d:7b:
+ 70:f8:a4:b1:21:a3:b2:e6:b1:5a:85:ca:c5:47:4b:c3:35:23:
+ 3d:cd:f3:f8:fa:07:35:7d:df:a9:7e:a5:11:86:83:8f:06:13:
+ b5:93:73:78:ab:35:90:0d:a1:7d:8a:11:e7:55:d8:15:bd:bd:
+ 54:e0:ae:6a:77:1a:13:ea:4c:23:11:64:d2:2f:2c:e1:04:2c:
+ 05:b4:c7:25:73:6d:3b:69:be:94:16:6d:28:00:bc:67:48:f8:
+ 1e:dd:1d:63:4c:6b:9f:85:e4:bb:10:ff:bf:b6:f2:2c:c8:53:
+ 3c:23:b6:55:85:fd:68:95:27:93:ff:34:d7:29:7b:18:19:4b:
+ 77:88:e8:75:a5:ba:2c:d6:64:f7:25:2e:fa:af:14:63:95:1b:
+ d1:77:3c:bc:0c:13:5f:37:5a:06:b7:92:22:ed:a0:d1:6c:b1:
+ e7:3f:af:95:c1:8a:7f:47:46:a0:74:ad:35:d0:52:59:31:b5:
+ 2b:3c:fe:3d
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlh
+dGUxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkw
+NTI1MjE0NDMxWhcNNDkwNTI1MjE0NDMxWjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNV
+BAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15
+ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHRlc3QxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDIY6+Wgj6MqdEdYq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2N
+gZWIaODvOF9uOEK2U0ZfJEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rk
+cs3qwP2ba5VKn/pSqNLlnKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7Ul
+WNO4TSlwG9qHZ1aoM3GIg5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr
+/AapxnfO8UFNxVWSOLW7ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGo
+lSU8aUyqspvd8IWJPd5d6HBHueXNAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBQu9M2htK0DhdivaZfV
+LZVA1r8SvzANBgkqhkiG9w0BAQUFAAOCAQEAAupFBJx7eUu8JH20WkP6zAZI02A/
+oAS8Qu8BzA11ZIUKhjfnFAkpkvDgwdTlwWuCgnR0dK5orA0I05Xkqjtqp/326vHe
+e017cPiksSGjsuaxWoXKxUdLwzUjPc3z+PoHNX3fqX6lEYaDjwYTtZNzeKs1kA2h
+fYoR51XYFb29VOCuancaE+pMIxFk0i8s4QQsBbTHJXNtO2m+lBZtKAC8Z0j4Ht0d
+Y0xrn4XkuxD/v7byLMhTPCO2VYX9aJUnk/801yl7GBlLd4jodaW6LNZk9yUu+q8U
+Y5Ub0Xc8vAwTXzdaBreSIu2g0Wyx5z+vlcGKf0dGoHStNdBSWTG1Kzz+PQ==
+-----END CERTIFICATE-----
[02/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java
new file mode 100644
index 0000000..b7d93aa
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java
@@ -0,0 +1,502 @@
+package org.apache.kerberos.kerb.server.request;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerberos.kerb.server.KdcConfig;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.server.preauth.FastContext;
+import org.apache.kerberos.kerb.server.preauth.PreauthContext;
+import org.apache.kerberos.kerb.server.preauth.PreauthHandler;
+import org.apache.kerberos.kerb.KrbConstant;
+import org.apache.kerberos.kerb.KrbErrorException;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.kdc.KdcOption;
+import org.apache.kerberos.kerb.spec.kdc.KdcOptions;
+import org.apache.kerberos.kerb.spec.kdc.KdcRep;
+import org.apache.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlag;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
+
+import java.net.InetAddress;
+import java.nio.ByteBuffer;
+import java.util.Date;
+import java.util.List;
+
+public abstract class KdcRequest {
+
+ protected KdcContext kdcContext;
+
+ private Ticket ticket;
+ private boolean isPreAuthenticated;
+ private KdcReq kdcReq;
+ private KdcRep reply;
+ private InetAddress clientAddress;
+ private boolean isTcp;
+ private EncryptionType encryptionType;
+ private EncryptionKey clientKey;
+ private KrbIdentity clientEntry;
+ private KrbIdentity serverEntry;
+ private EncryptionKey serverKey;
+ private KrbIdentity tgsEntry;
+ private PreauthContext preauthContext;
+ private FastContext fastContext;
+ private PrincipalName serverPrincipal;
+
+ public KdcRequest(KdcReq kdcReq, KdcContext kdcContext) {
+ this.kdcReq = kdcReq;
+ this.kdcContext = kdcContext;
+ this.preauthContext = kdcContext.getPreauthHandler()
+ .preparePreauthContext(this);
+ this.fastContext = new FastContext();
+ }
+
+ public KdcContext getKdcContext() {
+ return kdcContext;
+ }
+
+ public PreauthContext getPreauthContext() {
+ return preauthContext;
+ }
+
+ public void process() throws KrbException {
+ checkVersion();
+ checkClient();
+ checkServer();
+ preauth();
+ authenticate();
+ issueTicket();
+ makeReply();
+ }
+
+ public KdcReq getKdcReq() {
+ return kdcReq;
+ }
+
+ public KrbIdentity getTgsEntry() {
+ return tgsEntry;
+ }
+
+ public void setTgsEntry(KrbIdentity tgsEntry) {
+ this.tgsEntry = tgsEntry;
+ }
+
+ public boolean isTcp() {
+ return isTcp;
+ }
+
+ public void isTcp(boolean isTcp) {
+ this.isTcp = isTcp;
+ }
+
+ public KrbMessage getReply() {
+ return reply;
+ }
+
+ public void setReply(KdcRep reply) {
+ this.reply = reply;
+ }
+
+ public InetAddress getClientAddress() {
+ return clientAddress;
+ }
+
+ public void setClientAddress(InetAddress clientAddress) {
+ this.clientAddress = clientAddress;
+ }
+
+ public EncryptionType getEncryptionType() {
+ return encryptionType;
+ }
+
+ public void setEncryptionType(EncryptionType encryptionType) {
+ this.encryptionType = encryptionType;
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+
+ public void setTicket(Ticket ticket) {
+ this.ticket = ticket;
+ }
+
+ public boolean isPreAuthenticated() {
+ return isPreAuthenticated;
+ }
+
+ public void setPreAuthenticated(boolean isPreAuthenticated) {
+ this.isPreAuthenticated = isPreAuthenticated;
+ }
+
+ public KrbIdentity getServerEntry() {
+ return serverEntry;
+ }
+
+ public void setServerEntry(KrbIdentity serverEntry) {
+ this.serverEntry = serverEntry;
+ }
+
+ public KrbIdentity getClientEntry() {
+ return clientEntry;
+ }
+
+ public void setClientEntry(KrbIdentity clientEntry) {
+ this.clientEntry = clientEntry;
+ }
+
+ public EncryptionKey getClientKey(EncryptionType encType) throws KrbException {
+ return getClientEntry().getKey(encType);
+ }
+
+ public EncryptionKey getClientKey() {
+ return clientKey;
+ }
+
+ public void setClientKey(EncryptionKey clientKey) {
+ this.clientKey = clientKey;
+ }
+
+ public EncryptionKey getServerKey() {
+ return serverKey;
+ }
+
+ public void setServerKey(EncryptionKey serverKey) {
+ this.serverKey = serverKey;
+ }
+
+ public PrincipalName getTgsPrincipal() {
+ PrincipalName result = new PrincipalName(kdcContext.getConfig().getTgsPrincipal());
+ result.setRealm(kdcContext.getKdcRealm());
+ return result;
+ }
+
+ protected abstract void makeReply() throws KrbException;
+
+ protected void checkVersion() throws KrbException {
+ KdcReq request = getKdcReq();
+
+ int kerberosVersion = request.getPvno();
+ if (kerberosVersion != KrbConstant.KRB_V5) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_BAD_PVNO);
+ }
+ }
+
+ protected void checkPolicy() throws KrbException {
+ KrbIdentity entry = getClientEntry();
+
+ if (entry.isDisabled()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_REVOKED);
+ }
+
+ if (entry.isLocked()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_REVOKED);
+ }
+
+ if (entry.getExpireTime().lessThan(new Date().getTime())) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_REVOKED);
+ }
+ }
+
+ protected void checkClient() throws KrbException {
+ KdcReq request = getKdcReq();
+
+ PrincipalName clientPrincipal = request.getReqBody().getCname();
+ String clientRealm = request.getReqBody().getRealm();
+ if (clientRealm == null || clientRealm.isEmpty()) {
+ clientRealm = kdcContext.getServerRealm();
+ }
+ clientPrincipal.setRealm(clientRealm);
+
+ KrbIdentity clientEntry = getEntry(clientPrincipal.getName());
+ setClientEntry(clientEntry);
+
+ EncryptionType encType = request.getReqBody().getEtypes().listIterator().next();
+ EncryptionKey clientKey = clientEntry.getKeys().get(encType);
+ setClientKey(clientKey);
+ }
+
+ protected void preauth() throws KrbException {
+ KdcReq request = getKdcReq();
+
+ PaData preAuthData = request.getPaData();
+
+ if (preauthContext.isPreauthRequired()) {
+ if (preAuthData == null || preAuthData.isEmpty()) {
+ KrbError krbError = makePreAuthenticationError(kdcContext);
+ throw new KrbErrorException(krbError);
+ } else {
+ getPreauthHandler().verify(this, preAuthData);
+ }
+ }
+
+ setPreAuthenticated(true);
+ }
+
+ protected void setPreauthRequired(boolean preauthRequired) {
+ preauthContext.setPreauthRequired(preauthRequired);
+ }
+
+ protected boolean isPreauthRequired() {
+ return preauthContext.isPreauthRequired();
+ }
+
+ protected PreauthHandler getPreauthHandler() {
+ return kdcContext.getPreauthHandler();
+ }
+
+ protected void checkEncryptionType() throws KrbException {
+ List<EncryptionType> requestedTypes = getKdcReq().getReqBody().getEtypes();
+
+ EncryptionType bestType = EncryptionUtil.getBestEncryptionType(requestedTypes,
+ kdcContext.getConfig().getEncryptionTypes());
+
+ if (bestType == null) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP);
+ }
+
+ setEncryptionType(bestType);
+ }
+
+ protected void authenticate() throws KrbException {
+ checkEncryptionType();
+ checkPolicy();
+ }
+
+ protected void issueTicket() throws KrbException {
+ KdcReq request = getKdcReq();
+
+ EncryptionType encryptionType = getEncryptionType();
+ EncryptionKey serverKey = getServerEntry().getKeys().get(encryptionType);
+
+ PrincipalName ticketPrincipal = request.getReqBody().getSname();
+
+ EncTicketPart encTicketPart = new EncTicketPart();
+ KdcConfig config = kdcContext.getConfig();
+
+ TicketFlags ticketFlags = new TicketFlags();
+ encTicketPart.setFlags(ticketFlags);
+ ticketFlags.setFlag(TicketFlag.INITIAL);
+
+ if (isPreAuthenticated()) {
+ ticketFlags.setFlag(TicketFlag.PRE_AUTH);
+ }
+
+ if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.FORWARDABLE)) {
+ if (!config.isForwardableAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.FORWARDABLE);
+ }
+
+ if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.PROXIABLE)) {
+ if (!config.isProxiableAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.PROXIABLE);
+ }
+
+ if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.ALLOW_POSTDATE)) {
+ if (!config.isPostdatedAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.MAY_POSTDATE);
+ }
+
+ KdcOptions kdcOptions = request.getReqBody().getKdcOptions();
+
+ EncryptionKey sessionKey = EncryptionHandler.random2Key(getEncryptionType());
+ encTicketPart.setKey(sessionKey);
+
+ encTicketPart.setCname(request.getReqBody().getCname());
+ encTicketPart.setCrealm(request.getReqBody().getRealm());
+
+ TransitedEncoding transEnc = new TransitedEncoding();
+ encTicketPart.setTransited(transEnc);
+ String serverRealm = request.getReqBody().getRealm();
+
+ KerberosTime now = KerberosTime.now();
+ encTicketPart.setAuthTime(now);
+
+ KerberosTime krbStartTime = request.getReqBody().getFrom();
+ if (krbStartTime == null || krbStartTime.lessThan(now) ||
+ krbStartTime.isInClockSkew(config.getAllowableClockSkew())) {
+ krbStartTime = now;
+ }
+ if (krbStartTime.greaterThan(now)
+ && !krbStartTime.isInClockSkew(config.getAllowableClockSkew())
+ && !kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_CANNOT_POSTDATE);
+ }
+
+ if (kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
+ if (!config.isPostdatedAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.POSTDATED);
+ encTicketPart.setStartTime(krbStartTime);
+ }
+
+ KerberosTime krbEndTime = request.getReqBody().getTill();
+ if (krbEndTime == null) {
+ krbEndTime = krbStartTime.extend(config.getMaximumTicketLifetime() * 1000);
+ } else if (krbStartTime.greaterThan(krbEndTime)) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
+ }
+ encTicketPart.setEndTime(krbEndTime);
+
+ long ticketLifeTime = Math.abs(krbEndTime.diff(krbStartTime));
+ if (ticketLifeTime < config.getMinimumTicketLifetime()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
+ }
+
+ KerberosTime krbRtime = request.getReqBody().getRtime();
+ if (kdcOptions.isFlagSet(KdcOption.RENEWABLE_OK)) {
+ kdcOptions.setFlag(KdcOption.RENEWABLE);
+ }
+ if (kdcOptions.isFlagSet(KdcOption.RENEWABLE)) {
+ if (!config.isRenewableAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.RENEWABLE);
+
+ if (krbRtime == null) {
+ krbRtime = KerberosTime.NEVER;
+ }
+ KerberosTime allowedMaximumRenewableTime = krbStartTime;
+ allowedMaximumRenewableTime.extend(config.getMaximumRenewableLifetime() * 1000);
+ if (krbRtime.greaterThan(allowedMaximumRenewableTime)) {
+ krbRtime = allowedMaximumRenewableTime;
+ }
+ encTicketPart.setRenewtill(krbRtime);
+ }
+
+ HostAddresses hostAddresses = request.getReqBody().getAddresses();
+ if (hostAddresses == null || hostAddresses.isEmpty()) {
+ if (!config.isEmptyAddressesAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+ } else {
+ encTicketPart.setClientAddresses(hostAddresses);
+ }
+
+ EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart,
+ serverKey, KeyUsage.KDC_REP_TICKET);
+
+ Ticket newTicket = new Ticket();
+ newTicket.setSname(ticketPrincipal);
+ newTicket.setEncryptedEncPart(encryptedData);
+ newTicket.setRealm(serverRealm);
+ newTicket.setEncPart(encTicketPart);
+
+ setTicket(newTicket);
+ }
+
+ private void checkServer() throws KrbException {
+ KdcReq request = getKdcReq();
+
+ KrbIdentity tgsEntry = getEntry(getTgsPrincipal().getName());
+ setTgsEntry(tgsEntry);
+
+ PrincipalName principal = request.getReqBody().getSname();
+ String serverRealm = request.getReqBody().getRealm();
+ if (serverRealm == null || serverRealm.isEmpty()) {
+ serverRealm = kdcContext.getServerRealm();
+ }
+ principal.setRealm(serverRealm);
+
+ KrbIdentity serverEntry = getEntry(principal.getName());
+ setServerEntry(serverEntry);
+
+ EncryptionType encType = request.getReqBody().getEtypes().listIterator().next();
+ EncryptionKey serverKey = serverEntry.getKeys().get(encType);
+ setServerKey(serverKey);
+ }
+
+ protected KrbError makePreAuthenticationError(KdcContext kdcContext) throws KrbException {
+ EncryptionType requestedType = getEncryptionType();
+ List<EncryptionType> encryptionTypes = kdcContext.getConfig().getEncryptionTypes();
+ boolean isNewEtype = true;
+
+ EtypeInfo2 eTypeInfo2 = new EtypeInfo2();
+
+ EtypeInfo eTypeInfo = new EtypeInfo();
+
+ for (EncryptionType encryptionType : encryptionTypes) {
+ if (!isNewEtype) {
+ EtypeInfoEntry etypeInfoEntry = new EtypeInfoEntry();
+ etypeInfoEntry.setEtype(encryptionType);
+ etypeInfoEntry.setSalt(null);
+ eTypeInfo.add(etypeInfoEntry);
+ }
+
+ EtypeInfo2Entry etypeInfo2Entry = new EtypeInfo2Entry();
+ etypeInfo2Entry.setEtype(encryptionType);
+ eTypeInfo2.add(etypeInfo2Entry);
+ }
+
+ byte[] encTypeInfo = null;
+ byte[] encTypeInfo2 = null;
+ if (!isNewEtype) {
+ encTypeInfo = KrbCodec.encode(eTypeInfo);
+ }
+ encTypeInfo2 = KrbCodec.encode(eTypeInfo2);
+
+ MethodData methodData = new MethodData();
+ methodData.add(new PaDataEntry(PaDataType.ENC_TIMESTAMP, null));
+ if (!isNewEtype) {
+ methodData.add(new PaDataEntry(PaDataType.ETYPE_INFO, encTypeInfo));
+ }
+ methodData.add(new PaDataEntry(PaDataType.ETYPE_INFO2, encTypeInfo2));
+
+ KrbError krbError = new KrbError();
+ krbError.setErrorCode(KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED);
+ byte[] encodedData = KrbCodec.encode(methodData);
+ krbError.setEdata(encodedData);
+
+ return krbError;
+ }
+
+ protected KrbIdentity getEntry(String principal) throws KrbException {
+ KrbIdentity entry = null;
+ KrbErrorCode krbErrorCode = KrbErrorCode.KDC_ERR_C_PRINCIPAL_UNKNOWN;
+
+ try {
+ entry = kdcContext.getIdentityService().getIdentity(principal);
+ } catch (Exception e) {
+ throw new KrbException(krbErrorCode, e);
+ }
+
+ if (entry == null) {
+ throw new KrbException(krbErrorCode);
+ }
+
+ return entry;
+ }
+
+ public ByteBuffer getRequestBody() throws KrbException {
+ return null;
+ }
+
+ public EncryptionKey getArmorKey() throws KrbException {
+ return fastContext.armorKey;
+ }
+
+ public PrincipalName getServerPrincipal() {
+ return serverPrincipal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java
new file mode 100644
index 0000000..3437d88
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java
@@ -0,0 +1,177 @@
+package org.apache.kerberos.kerb.server.request;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.KrbConstant;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.ap.ApOption;
+import org.apache.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerberos.kerb.spec.ap.Authenticator;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.kdc.*;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlag;
+
+import java.nio.ByteBuffer;
+
+public class TgsRequest extends KdcRequest {
+
+ private EncryptionKey tgtSessionKey;
+
+ public TgsRequest(TgsReq tgsReq, KdcContext kdcContext) {
+ super(tgsReq, kdcContext);
+
+ setPreauthRequired(true);
+ }
+
+ public EncryptionKey getTgtSessionKey() {
+ return tgtSessionKey;
+ }
+
+ public void setTgtSessionKey(EncryptionKey tgtSessionKey) {
+ this.tgtSessionKey = tgtSessionKey;
+ }
+
+ public void verifyAuthenticator(PaDataEntry paDataEntry) throws KrbException {
+ ApReq apReq = KrbCodec.decode(paDataEntry.getPaDataValue(), ApReq.class);
+
+ if (apReq.getPvno() != KrbConstant.KRB_V5) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
+ }
+
+ if (apReq.getMsgType() != KrbMessageType.AP_REQ) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
+ }
+
+ EncryptionType encType = getKdcReq().getReqBody().getEtypes().listIterator().next();
+ EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
+
+ Ticket ticket = apReq.getTicket();
+ if (ticket.getTktvno() != KrbConstant.KRB_V5) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
+ }
+
+ EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(),
+ tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
+ ticket.setEncPart(encPart);
+
+ EncryptionKey encKey = null;
+ //if (apReq.getApOptions().isFlagSet(ApOptions.USE_SESSION_KEY)) {
+ encKey = ticket.getEncPart().getKey();
+
+ if (encKey == null) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY);
+ }
+ Authenticator authenticator = EncryptionUtil.unseal(apReq.getEncryptedAuthenticator(),
+ encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class);
+
+ if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH);
+ }
+
+ HostAddresses hostAddresses = ticket.getEncPart().getClientAddresses();
+ if (hostAddresses == null || hostAddresses.isEmpty()) {
+ if (!kdcContext.getConfig().isEmptyAddressesAllowed()) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
+ }
+ } else if (!hostAddresses.contains(getClientAddress())) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
+ }
+
+ PrincipalName serverPrincipal = ticket.getSname();
+ serverPrincipal.setRealm(ticket.getRealm());
+ PrincipalName clientPrincipal = authenticator.getCname();
+ clientPrincipal.setRealm(authenticator.getCrealm());
+
+ if (!authenticator.getCtime().isInClockSkew(
+ kdcContext.getConfig().getAllowableClockSkew() * 1000)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW);
+ }
+
+ KerberosTime now = KerberosTime.now();
+ KerberosTime startTime = ticket.getEncPart().getStartTime();
+ if (startTime == null) {
+ startTime = ticket.getEncPart().getAuthTime();
+ }
+ if (! startTime.lessThan(now)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV);
+ }
+
+ KerberosTime endTime = ticket.getEncPart().getEndTime();
+ if (! endTime.greaterThan(now)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED);
+ }
+
+ apReq.getApOptions().setFlag(ApOption.MUTUAL_REQUIRED);
+
+ setTgtSessionKey(ticket.getEncPart().getKey());
+ }
+
+ @Override
+ protected void makeReply() throws KrbException {
+ Ticket ticket = getTicket();
+
+ TgsRep reply = new TgsRep();
+
+ reply.setCname(getClientEntry().getPrincipal());
+ reply.setCrealm(kdcContext.getServerRealm());
+ reply.setTicket(ticket);
+
+ EncKdcRepPart encKdcRepPart = makeEncKdcRepPart();
+ reply.setEncPart(encKdcRepPart);
+
+ EncryptionKey sessionKey = getTgtSessionKey();
+ EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart,
+ sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY);
+ reply.setEncryptedEncPart(encryptedData);
+
+ setReply(reply);
+ }
+
+ private EncKdcRepPart makeEncKdcRepPart() {
+ KdcReq request = getKdcReq();
+ Ticket ticket = getTicket();
+
+ EncKdcRepPart encKdcRepPart = new EncTgsRepPart();
+
+ //session key
+ encKdcRepPart.setKey(ticket.getEncPart().getKey());
+
+ LastReq lastReq = new LastReq();
+ LastReqEntry entry = new LastReqEntry();
+ entry.setLrType(LastReqType.THE_LAST_INITIAL);
+ entry.setLrValue(new KerberosTime());
+ lastReq.add(entry);
+ encKdcRepPart.setLastReq(lastReq);
+
+ encKdcRepPart.setNonce(request.getReqBody().getNonce());
+
+ encKdcRepPart.setFlags(ticket.getEncPart().getFlags());
+ encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime());
+ encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime());
+ encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime());
+
+ if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) {
+ encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill());
+ }
+
+ encKdcRepPart.setSname(ticket.getSname());
+ encKdcRepPart.setSrealm(ticket.getRealm());
+ encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
+
+ return encKdcRepPart;
+ }
+
+ public ByteBuffer getRequestBody() throws KrbException {
+ return null;
+ }
+
+ public EncryptionKey getArmorKey() throws KrbException {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java b/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
new file mode 100644
index 0000000..09165f1
--- /dev/null
+++ b/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
@@ -0,0 +1,51 @@
+package org.apache.kerberos.kerb.server;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.SocketChannel;
+
+public class KdcTest {
+
+ private String serverHost = "localhost";
+ private short serverPort = 8089;
+
+ private SimpleKdcServer kdcServer;
+
+ @Before
+ public void setUp() throws Exception {
+ kdcServer = new SimpleKdcServer();
+ kdcServer.setKdcHost(serverHost);
+ kdcServer.setKdcPort(serverPort);
+ kdcServer.init();
+ kdcServer.start();
+ }
+
+ @Test
+ public void testKdc() throws IOException, InterruptedException {
+ Thread.sleep(15);
+
+ SocketChannel socketChannel = SocketChannel.open();
+ socketChannel.configureBlocking(true);
+ SocketAddress sa = new InetSocketAddress(serverHost, serverPort);
+ socketChannel.connect(sa);
+
+ String BAD_KRB_MESSAGE = "Hello World!";
+ ByteBuffer writeBuffer = ByteBuffer.allocate(4 + BAD_KRB_MESSAGE.getBytes().length);
+ writeBuffer.putInt(BAD_KRB_MESSAGE.getBytes().length);
+ writeBuffer.put(BAD_KRB_MESSAGE.getBytes());
+ writeBuffer.flip();
+
+ socketChannel.write(writeBuffer);
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ kdcServer.stop();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/pom.xml b/haox-kerb/kerb-util/pom.xml
new file mode 100644
index 0000000..e11d300
--- /dev/null
+++ b/haox-kerb/kerb-util/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-util</artifactId>
+
+ <name>Haox-kerb Util</name>
+ <description>Haox-kerb Utilities</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-crypto</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java
new file mode 100644
index 0000000..a011d8e
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java
@@ -0,0 +1,55 @@
+package org.apache.kerberos.kerb;
+
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+public abstract class KrbInputStream extends DataInputStream
+{
+ public KrbInputStream(InputStream in) {
+ super(in);
+ }
+
+ public KerberosTime readTime() throws IOException {
+ long value = readInt();
+ KerberosTime time = new KerberosTime(value * 1000);
+ return time;
+ }
+
+ public abstract PrincipalName readPrincipal(int version) throws IOException;
+
+ public EncryptionKey readKey(int version) throws IOException {
+ int eType = readShort();
+ EncryptionType encryptionType = EncryptionType.fromValue(eType);
+
+ byte[] keyData = readCountedOctets();
+ EncryptionKey key = new EncryptionKey(encryptionType, keyData);
+
+ return key;
+ }
+
+ public String readCountedString() throws IOException {
+ byte[] countedOctets = readCountedOctets();
+ // ASCII
+ return new String(countedOctets);
+ }
+
+ public byte[] readCountedOctets() throws IOException {
+ int len = readOctetsCount();
+ if (len == 0) {
+ return null;
+ }
+
+ byte[] data = new byte[len];
+ read(data);
+
+ return data;
+ }
+
+ public abstract int readOctetsCount() throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java
new file mode 100644
index 0000000..e97395f
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java
@@ -0,0 +1,47 @@
+package org.apache.kerberos.kerb;
+
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+public abstract class KrbOutputStream extends DataOutputStream
+{
+ public KrbOutputStream(OutputStream out) {
+ super(out);
+ }
+
+ public abstract void writePrincipal(PrincipalName principal, int version) throws IOException;
+
+ public void writeRealm(String realm) throws IOException {
+ writeCountedString(realm);
+ }
+
+ public abstract void writeKey(EncryptionKey key, int version) throws IOException;
+
+ public void writeTime(KerberosTime ktime) throws IOException {
+ int time = 0;
+ if (ktime != null) {
+ time = (int) (ktime.getValue().getTime() / 1000);
+ }
+ writeInt(time);
+ }
+
+ public void writeCountedString(String string) throws IOException {
+ byte[] data = string != null ? string.getBytes() : null; // ASCII
+
+ writeCountedOctets(data);
+ }
+
+ public void writeCountedOctets(byte[] data) throws IOException {
+ if (data != null) {
+ writeInt(data.length);
+ write(data);
+ } else {
+ writeInt(0);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java
new file mode 100644
index 0000000..da5aeba
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java
@@ -0,0 +1,148 @@
+package org.apache.kerberos.kerb.ccache;
+
+import org.apache.kerberos.kerb.KrbInputStream;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class CredCacheInputStream extends KrbInputStream
+{
+ public CredCacheInputStream(InputStream in) {
+ super(in);
+ }
+
+ @Override
+ public PrincipalName readPrincipal(int version) throws IOException {
+ NameType nameType = NameType.NT_UNKNOWN;
+ if (version != CredentialCache.FCC_FVNO_1) {
+ int typeValue = readInt();
+ nameType = NameType.fromValue(typeValue);
+ }
+
+ int numComponents = readInt();
+ if (version == CredentialCache.FCC_FVNO_1) {
+ numComponents -= 1;
+ }
+
+ String realm = readCountedString();
+
+ List<String> nameStrings = new ArrayList<String>();
+ String component;
+ for (int i = 0; i < numComponents; i++) { // sub 1 if version 0x501
+ component = readCountedString();
+ nameStrings.add(component);
+ }
+
+ PrincipalName principal = new PrincipalName(nameStrings, nameType);
+ principal.setRealm(realm);
+
+ return principal;
+ }
+
+ public EncryptionKey readKey(int version) throws IOException {
+ if (version == CredentialCache.FCC_FVNO_3) {
+ readShort(); // ignore keytype
+ }
+
+ return super.readKey(version);
+ }
+
+ public KerberosTime[] readTimes() throws IOException {
+ KerberosTime[] times = new KerberosTime[4];
+
+ for (int i = 0; i < times.length; ++i) {
+ times[i] = readTime();
+ }
+
+ return times;
+ }
+
+ public boolean readIsSkey() throws IOException {
+ int value = readByte();
+ return value == 1 ? true : false;
+ }
+
+ public HostAddresses readAddr() throws IOException {
+ int numAddresses = readInt();
+ if (numAddresses <= 0) {
+ return null;
+ }
+
+ HostAddress[] addresses = new HostAddress[numAddresses];
+ for (int i = 0; i < numAddresses; i++) {
+ addresses[i] = readAddress();
+ }
+
+ HostAddresses result = new HostAddresses();
+ result.addElements(addresses);
+ return result;
+ }
+
+ public HostAddress readAddress() throws IOException {
+ int typeValue = readShort();
+ HostAddrType addrType = HostAddrType.fromValue(typeValue);
+ byte[] addrData = readCountedOctets();
+
+ HostAddress addr = new HostAddress();
+ addr.setAddrType(addrType);
+ addr.setAddress(addrData);
+
+ return addr;
+ }
+
+ public AuthorizationData readAuthzData() throws IOException {
+ int numEntries = readInt();
+ if (numEntries <= 0) {
+ return null;
+ }
+
+ AuthorizationDataEntry[] authzData = new AuthorizationDataEntry[numEntries];
+ for (int i = 0; i < numEntries; i++) {
+ authzData[i] = readAuthzDataEntry();
+ }
+
+ AuthorizationData result = new AuthorizationData();
+ result.addElements(authzData);
+ return result;
+ }
+
+ public AuthorizationDataEntry readAuthzDataEntry() throws IOException {
+ int typeValue = readShort();
+ AuthorizationType authzType = AuthorizationType.fromValue(typeValue);
+ byte[] authzData = readCountedOctets();
+
+ AuthorizationDataEntry authzEntry = new AuthorizationDataEntry();
+ authzEntry.setAuthzType(authzType);
+ authzEntry.setAuthzData(authzData);
+
+ return authzEntry;
+ }
+
+ @Override
+ public int readOctetsCount() throws IOException {
+ return readInt();
+ }
+
+ public TicketFlags readTicketFlags() throws IOException {
+ int flags = readInt();
+ TicketFlags tktFlags = new TicketFlags(flags);
+ return tktFlags;
+ }
+
+ public Ticket readTicket() throws IOException {
+ byte[] ticketData = readCountedOctets();
+ if (ticketData == null) {
+ return null;
+ }
+
+ Ticket ticket = new Ticket();
+ ticket.decode(ticketData);
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java
new file mode 100644
index 0000000..04884e0
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java
@@ -0,0 +1,104 @@
+package org.apache.kerberos.kerb.ccache;
+
+import org.apache.kerberos.kerb.KrbOutputStream;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.List;
+
+public class CredCacheOutputStream extends KrbOutputStream
+{
+ public CredCacheOutputStream(OutputStream out) {
+ super(out);
+ }
+
+ @Override
+ public void writePrincipal(PrincipalName principal, int version) throws IOException {
+ List<String> nameComponents = principal.getNameStrings();
+
+ if (version != CredentialCache.FCC_FVNO_1) {
+ writeInt(principal.getNameType().getValue());
+ }
+
+ int numComponents = nameComponents.size();
+ if (version == CredentialCache.FCC_FVNO_1) {
+ numComponents ++;
+ }
+ writeInt(numComponents);
+
+ writeRealm(principal.getRealm());
+
+ for (String nameCom : nameComponents) {
+ writeCountedString(nameCom);
+ }
+ }
+
+ @Override
+ public void writeKey(EncryptionKey key, int version) throws IOException {
+ writeShort(key.getKeyType().getValue());
+ if (version == CredentialCache.FCC_FVNO_3) {
+ writeShort(key.getKeyType().getValue());
+ }
+
+ writeCountedOctets(key.getKeyData());
+ }
+
+ public void writeTimes(KerberosTime[] times) throws IOException {
+ for (int i = 0; i < times.length; ++i) {
+ writeTime(times[i]);
+ }
+ }
+
+ public void writeAddresses(HostAddresses addrs) throws IOException {
+ if (addrs == null) {
+ writeInt(0);
+ } else {
+ List<HostAddress> addresses = addrs.getElements();
+ write(addresses.size());
+ for (HostAddress addr : addresses) {
+ writeAddress(addr);
+ }
+ }
+ }
+
+ public void writeAddress(HostAddress address) throws IOException {
+ write(address.getAddrType().getValue());
+ write(address.getAddress().length);
+ write(address.getAddress(), 0,
+ address.getAddress().length);
+ }
+
+ public void writeAuthzData(AuthorizationData authData) throws IOException {
+ if (authData == null) {
+ writeInt(0);
+ } else {
+ for (AuthorizationDataEntry entry : authData.getElements()) {
+ write(entry.getAuthzType().getValue());
+ write(entry.getAuthzData().length);
+ write(entry.getAuthzData());
+ }
+ }
+ }
+
+ public void writeTicket(Ticket t) throws IOException {
+ if (t == null) {
+ writeInt(0);
+ } else {
+ byte[] bytes = t.encode();
+ writeInt(bytes.length);
+ write(bytes);
+ }
+ }
+
+ public void writeIsSkey(boolean isEncInSKey) throws IOException {
+ writeByte(isEncInSKey ? 1 : 0);
+ }
+
+ public void writeTicketFlags(TicketFlags ticketFlags) throws IOException {
+ writeInt(ticketFlags.getFlags());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java
new file mode 100644
index 0000000..59e9ad5
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java
@@ -0,0 +1,206 @@
+package org.apache.kerberos.kerb.ccache;
+
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.HostAddresses;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.kdc.EncKdcRepPart;
+import org.apache.kerberos.kerb.spec.ticket.AbstractServiceTicket;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
+
+import java.io.IOException;
+
+public class Credential
+{
+ private static String CONF_REALM = "X-CACHECONF:";
+
+ private PrincipalName clientName;
+ private String clientRealm;
+ private PrincipalName serverName;
+ private String serverRealm;
+ private EncryptionKey key;
+ private KerberosTime authTime;
+ private KerberosTime startTime;
+ private KerberosTime endTime;
+ private KerberosTime renewTill;
+ private HostAddresses clientAddresses;
+ private AuthorizationData authzData;
+ private boolean isEncInSKey;
+ private TicketFlags ticketFlags;
+ private Ticket ticket;
+ private Ticket secondTicket;
+
+ public Credential() {
+
+ }
+
+ public Credential(TgtTicket tgt) {
+ PrincipalName clientPrincipal = tgt.getClientPrincipal();
+
+ clientPrincipal.setRealm(tgt.getRealm());
+
+ init(tgt, clientPrincipal);
+ }
+
+ public Credential(AbstractServiceTicket tkt, PrincipalName clientPrincipal) {
+ init(tkt, clientPrincipal);
+ }
+
+ private void init(AbstractServiceTicket tkt, PrincipalName clientPrincipal) {
+ EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();
+
+ this.serverName = kdcRepPart.getSname();
+ this.serverRealm = kdcRepPart.getSrealm();
+ this.serverName.setRealm(serverRealm);
+
+ this.clientName = clientPrincipal;
+
+ this.key = kdcRepPart.getKey();
+ this.authTime = kdcRepPart.getAuthTime();
+ this.startTime = kdcRepPart.getStartTime();
+ this.endTime = kdcRepPart.getEndTime();
+
+ this.renewTill = kdcRepPart.getRenewTill();
+
+ this.ticketFlags = kdcRepPart.getFlags();
+ this.clientAddresses = kdcRepPart.getCaddr();
+
+ this.ticket = tkt.getTicket();
+
+ this.isEncInSKey = false;
+
+ this.secondTicket = null;
+ }
+
+ public PrincipalName getServicePrincipal() {
+ return serverName;
+ }
+
+ public KerberosTime getAuthTime() {
+ return authTime;
+ }
+
+ public KerberosTime getEndTime() {
+ return endTime;
+ }
+
+ public int getEType() {
+ return key.getKeyType().getValue();
+ }
+
+ public PrincipalName getClientName() {
+ return clientName;
+ }
+
+ public PrincipalName getServerName() {
+ return serverName;
+ }
+
+ public String getClientRealm() {
+ return clientRealm;
+ }
+
+ public EncryptionKey getKey() {
+ return key;
+ }
+
+ public KerberosTime getStartTime() {
+ return startTime;
+ }
+
+ public KerberosTime getRenewTill() {
+ return renewTill;
+ }
+
+ public HostAddresses getClientAddresses() {
+ return clientAddresses;
+ }
+
+ public AuthorizationData getAuthzData() {
+ return authzData;
+ }
+
+ public boolean isEncInSKey() {
+ return isEncInSKey;
+ }
+
+ public TicketFlags getTicketFlags() {
+ return ticketFlags;
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+
+ public Ticket getSecondTicket() {
+ return secondTicket;
+ }
+
+ public void load(CredCacheInputStream ccis, int version) throws IOException {
+ this.clientName = ccis.readPrincipal(version);
+ if (clientName == null) {
+ throw new IOException("Invalid client principal name");
+ }
+
+ this.serverName = ccis.readPrincipal(version);
+ if (serverName == null) {
+ throw new IOException("Invalid server principal name");
+ }
+
+ boolean isConfEntry = false;
+
+ if (serverName.getRealm().equals(CONF_REALM)) {
+ isConfEntry = true;
+ }
+
+ this.key = ccis.readKey(version);
+
+ KerberosTime[] times = ccis.readTimes();
+ this.authTime = times[0];
+ this.startTime = times[1];
+ this.endTime = times[2];
+ this.renewTill = times[3];
+
+ this.isEncInSKey = ccis.readIsSkey();
+
+ this.ticketFlags = ccis.readTicketFlags();
+
+ this.clientAddresses = ccis.readAddr();
+
+ this.authzData = ccis.readAuthzData();
+
+ if (isConfEntry) {
+ byte[] confData = ccis.readCountedOctets();
+ // ignoring confData for now
+ } else {
+ this.ticket = ccis.readTicket();
+ }
+
+ this.secondTicket = ccis.readTicket();
+
+ // might skip krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM in MIT KRB5
+ }
+
+ public void store(CredCacheOutputStream ccos, int version) throws IOException {
+ ccos.writePrincipal(clientName, version);
+ ccos.writePrincipal(serverName, version);
+ ccos.writeKey(key, version);
+
+ ccos.writeTimes(new KerberosTime[]{authTime, startTime, endTime, renewTill});
+
+ ccos.writeIsSkey(isEncInSKey);
+
+ ccos.writeTicketFlags(ticketFlags);
+
+ ccos.writeAddresses(clientAddresses);
+
+ ccos.writeAuthzData(authzData);
+
+ ccos.writeTicket(ticket);
+
+ ccos.writeTicket(secondTicket);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java
new file mode 100644
index 0000000..cec12f2
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java
@@ -0,0 +1,259 @@
+package org.apache.kerberos.kerb.ccache;
+
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+
+import java.io.*;
+import java.util.ArrayList;
+import java.util.List;
+
+public class CredentialCache implements KrbCredentialCache
+{
+ public static final int FCC_FVNO_1 = 0x501;
+ public static final int FCC_FVNO_2 = 0x502;
+ public static final int FCC_FVNO_3 = 0x503;
+ public static final int FCC_FVNO_4 = 0x504;
+
+ public static final int FCC_TAG_DELTATIME = 1;
+ public static final int NT_UNKNOWN = 0;
+ public static final int MAXNAMELENGTH = 1024;
+
+ private int version = FCC_FVNO_4;
+ private List<Tag> tags;
+ private PrincipalName primaryPrincipal;
+ private List<Credential> credentials = new ArrayList<Credential> ();
+
+ @Override
+ public void store(File ccacheFile) throws IOException {
+ OutputStream outputStream = new FileOutputStream(ccacheFile);
+
+ store(outputStream);
+ }
+
+ @Override
+ public void store(OutputStream outputStream) throws IOException {
+ if (outputStream == null) {
+ throw new IllegalArgumentException("Invalid and null output stream");
+ }
+
+ CredCacheOutputStream ccos = new CredCacheOutputStream(outputStream);
+
+ doStore(ccos);
+
+ ccos.close();
+ }
+
+ private void doStore(CredCacheOutputStream ccos) throws IOException {
+ this.version = FCC_FVNO_3;
+
+ writeVersion(ccos);
+
+ if (version == FCC_FVNO_4) {
+ writeTags(ccos);
+ }
+
+ ccos.writePrincipal(primaryPrincipal, version);
+
+ for (Credential cred : credentials) {
+ cred.store(ccos, version);
+ }
+ }
+
+ @Override
+ public void setVersion(int version) {
+ this.version = version;
+ }
+
+ @Override
+ public PrincipalName getPrimaryPrincipal() {
+ return primaryPrincipal;
+ }
+
+ @Override
+ public void setPrimaryPrincipal(PrincipalName principal) {
+ primaryPrincipal = principal;
+ }
+
+ @Override
+ public int getVersion() {
+ return version;
+ }
+
+ public void setTags(List<Tag> tags) {
+ this.tags = tags;
+ }
+
+ public List<Tag> getTags() {
+ return this.tags;
+ }
+
+ @Override
+ public List<Credential> getCredentials() {
+ return credentials;
+ }
+
+ @Override
+ public void addCredential(Credential credential) {
+ if (credential != null) {
+ this.credentials.add(credential);
+ }
+ }
+
+ @Override
+ public void addCredentials(List<Credential> credentials) {
+ if (credentials != null) {
+ this.credentials.addAll(credentials);
+ }
+ }
+
+ @Override
+ public void removeCredentials(List<Credential> credentials) {
+ if (credentials != null) {
+ for (Credential cred : credentials) {
+ removeCredential(cred);
+ }
+ }
+ }
+
+ @Override
+ public void removeCredential(Credential credential) {
+ if (credential != null) {
+ for (Credential cred : credentials) {
+ if (cred.equals(credential)) {
+ credentials.remove(cred);
+ break;
+ }
+ }
+ }
+ }
+
+ @Override
+ public void load(File ccacheFile) throws IOException {
+ if (! ccacheFile.exists() || ! ccacheFile.canRead()) {
+ throw new IllegalArgumentException("Invalid ccache file: " + ccacheFile.getAbsolutePath());
+ }
+
+ InputStream inputStream = new FileInputStream(ccacheFile);
+
+ load(inputStream);
+ }
+
+ @Override
+ public void load(InputStream inputStream) throws IOException {
+ if (inputStream == null) {
+ throw new IllegalArgumentException("Invalid and null input stream");
+ }
+
+ CredCacheInputStream ccis = new CredCacheInputStream(inputStream);
+
+ doLoad(ccis);
+
+ ccis.close();
+ }
+
+ private void doLoad(CredCacheInputStream ccis) throws IOException {
+ this.version = readVersion(ccis);
+
+ this.tags = readTags(ccis);
+
+ this.primaryPrincipal = ccis.readPrincipal(version);
+
+ this.credentials = readCredentials(ccis);
+ }
+
+ private List<Credential> readCredentials(CredCacheInputStream ccis) throws IOException {
+ List<Credential> results = new ArrayList<Credential>(2);
+
+ Credential cred;
+ while (ccis.available() > 0) {
+ cred = new Credential();
+ cred.load(ccis, version);
+
+ results.add(cred);
+ }
+
+ return results;
+ }
+
+ private int readVersion(CredCacheInputStream ccis) throws IOException {
+ int result = ccis.readShort();
+ return result;
+ }
+
+ private List<Tag> readTags(CredCacheInputStream ccis) throws IOException {
+ int len = ccis.readShort();
+ List<Tag> tags = new ArrayList<Tag>();
+
+ int tag, tagLen, time, usec;
+ while (len > 0) {
+ tag = ccis.readShort();
+ tagLen = ccis.readShort();
+ switch (tag) {
+ case FCC_TAG_DELTATIME:
+ time = ccis.readInt();
+ usec = ccis.readInt();
+ tags.add(new Tag(tag, time, usec));
+ break;
+ default:
+ ccis.read(new byte[tagLen], 0, tagLen); // ignore unknown tag
+ }
+ len = len - (4 + tagLen);
+ }
+
+ return tags;
+ }
+
+ private void writeVersion(CredCacheOutputStream ccos) throws IOException {
+ ccos.writeShort(version);
+ }
+
+ private void writeTags(CredCacheOutputStream ccos) throws IOException {
+ if (tags == null) {
+ ccos.writeShort(0);
+ return;
+ }
+
+ int length = 0;
+ for (Tag tag : tags) {
+ if (tag.tag != FCC_TAG_DELTATIME) {
+ continue;
+ }
+ length += tag.length;
+ }
+ ccos.writeShort(length);
+
+ for (Tag tag : tags) {
+ if (tag.tag != CredentialCache.FCC_TAG_DELTATIME) {
+ continue;
+ }
+ writeTag(ccos, tag);
+ }
+ }
+
+ private void writeTag(CredCacheOutputStream ccos, Tag tag) throws IOException {
+ ccos.writeShort(tag.tag);
+ ccos.writeShort(tag.length);
+ ccos.writeInt(tag.time);
+ ccos.writeInt(tag.usec);
+ }
+
+ public static void main(String[] args) throws IOException {
+ if (args.length != 2) {
+ System.err.println("Dump credential cache file");
+ System.err.println("Usage: CredentialCache <ccache-file>");
+ System.exit(1);
+ }
+
+ String cacheFile = args[1];
+ CredentialCache cc = new CredentialCache();
+ cc.load(new File(cacheFile));
+
+ Ticket tkt;
+ for (Credential cred : cc.getCredentials()) {
+ tkt = cred.getTicket();
+ System.out.println("Tkt server name: " + tkt.getSname().getName());
+ System.out.println("Tkt client name: " + cred.getClientName().getName());
+ System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java
new file mode 100644
index 0000000..959b548
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.ccache;
+
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.List;
+
+public interface KrbCredentialCache {
+
+ public PrincipalName getPrimaryPrincipal();
+
+ public void setPrimaryPrincipal(PrincipalName principal);
+
+ public int getVersion();
+
+ public void setVersion(int version);
+
+ public List<Credential> getCredentials();
+
+ public void addCredential(Credential credential);
+
+ public void addCredentials(List<Credential> credentials);
+
+ public void removeCredentials(List<Credential> credentials);
+
+ public void removeCredential(Credential credential);
+
+ public void load(File ccacheFile) throws IOException;
+
+ public void load(InputStream inputStream) throws IOException;
+
+ public void store(File ccacheFile) throws IOException;
+
+ public void store(OutputStream outputStream) throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java
new file mode 100644
index 0000000..317f5a0
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.ccache;
+
+public class Tag {
+ int tag = 0;
+ int tagLen = 8;
+ int time = 0;
+ int usec = 0;
+ int length = 2 + 2 + 8; // len(tag) + len(tagLen) + len(tagData);
+
+ public Tag(int tag, int time, int usec) {
+ this.tag = tag;
+ this.time = time;
+ this.usec = usec;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/ccache.txt
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/ccache.txt b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/ccache.txt
new file mode 100644
index 0000000..91453ea
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/ccache.txt
@@ -0,0 +1,98 @@
+The Kerberos Credential Cache Binary File Format
+Copyright (C) 2006-2013 Simon Josefsson <simon josefsson.org>
+http://josefsson.org/shishi/ccache.txt
+Last updated: Sat Sep 23 12:04:11 CEST 2006
+
+Like the MIT keytab binary format (see Michael B Allen's reverse
+engineered description in keytab.txt), the credential cache format is
+not standard nor documented anywhere.
+
+In C style notation, the MIT credential cache file format is as
+follows. All values are in network byte order. All text is ASCII.
+
+ccache {
+ uint16_t file_format_version; /* 0x0504 */
+ uint16_t headerlen; /* only if version is 0x0504 */
+ header headers[]; /* only if version is 0x0504 */
+ principal primary_principal;
+ credential credentials[*];
+};
+
+header {
+ uint16_t tag; /* 1 = DeltaTime */
+ uint16_t taglen;
+ uint8_t tagdata[taglen]
+};
+
+The ccache.taglen and ccache.tags fields are only present in 0x0504
+versions, not in earlier. Both MIT and Heimdal appear to correctly
+ignore unknown tags, so it appears safe to add them (although there is
+no central place to "register" tags).
+
+Currently only one tag is widely implemented, DeltaTime (0x0001). Its
+taglen is always 8, and tagdata will contain:
+
+DeltaTime {
+ uint32_t time_offset;
+ uint32_t usec_offset;
+};
+
+After reading the file_format_version, header tags, and default
+principal, a list of credentials follow. You deduce from the file
+length when there are no more credentials.
+
+credential {
+ principal client;
+ principal server;
+ keyblock key;
+ times time;
+ uint8_t is_skey; /* 1 if skey, 0 otherwise */
+ uint32_t tktflags; /* stored in reversed byte order */
+ uint32_t num_address;
+ address addrs[num_address];
+ uint32_t num_authdata;
+ authdata authdata[num_authdata];
+ counted_octet_string ticket;
+ counted_octet_string second_ticket;
+};
+
+keyblock {
+ uint16_t keytype;
+ uint16_t etype; /* only present if version 0x0503 */
+ uint32_t keylen; /* [drankye]: corrected, before it was uint16_t */
+ uint8_t keyvalue[keylen];
+};
+
+times {
+ uint32_t authtime;
+ uint32_t starttime;
+ uint32_t endtime;
+ uint32_t renew_till;
+};
+
+address {
+ uint16_t addrtype;
+ counted_octet_string addrdata;
+};
+
+authdata {
+ uint16_t authtype;
+ counted_octet_string authdata;
+};
+
+principal {
+ uint32_t name_type; /* not present if version 0x0501 */
+ uint32_t num_components; /* sub 1 if version 0x501 */
+ counted_octet_string realm;
+ counted_octet_string components[num_components];
+};
+
+counted_octet_string {
+ uint32_t length;
+ uint8_t data[length];
+};
+
+Permission to copy, modify, and distribute this document, with or
+without modification, for any purpose and without fee or royalty is
+hereby granted, provided that you include this copyright notice in ALL
+copies of the document or portions thereof, including modifications.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/Keytab.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/Keytab.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/Keytab.java
new file mode 100644
index 0000000..f20852f
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/Keytab.java
@@ -0,0 +1,178 @@
+package org.apache.kerberos.kerb.keytab;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.*;
+import java.nio.ByteBuffer;
+import java.util.*;
+
+public class Keytab implements KrbKeytab {
+
+ public static final int V501 = 0x0501;
+ public static final int V502 = 0x0502;
+
+ private int version = V502;
+
+ private Map<PrincipalName, List<KeytabEntry>> principalEntries;
+
+ public Keytab() {
+ this.principalEntries = new HashMap<PrincipalName, List<KeytabEntry>>();
+ }
+
+ @Override
+ public List<PrincipalName> getPrincipals() {
+ return new ArrayList<PrincipalName>(principalEntries.keySet());
+ }
+
+ @Override
+ public void addKeytabEntries(List<KeytabEntry> entries) {
+ for (KeytabEntry entry : entries) {
+ addEntry(entry);
+ }
+ }
+
+ @Override
+ public void removeKeytabEntries(PrincipalName principal) {
+ principalEntries.remove(principal);
+ }
+
+ @Override
+ public void removeKeytabEntry(KeytabEntry entry) {
+ PrincipalName principal = entry.getPrincipal();
+ List<KeytabEntry> entries = principalEntries.get(principal);
+ if (entries != null) {
+ Iterator<KeytabEntry> iter = entries.iterator();
+ KeytabEntry tmp;
+ while (iter.hasNext()) {
+ tmp = iter.next();
+ if (entry.equals(tmp)) {
+ iter.remove();
+ break;
+ }
+ }
+ }
+ }
+
+ @Override
+ public List<KeytabEntry> getKeytabEntries(PrincipalName principal) {
+ return principalEntries.get(principal);
+ }
+
+ @Override
+ public EncryptionKey getKey(PrincipalName principal, EncryptionType keyType) {
+ List<KeytabEntry> entries = getKeytabEntries(principal);
+ for (KeytabEntry ke : entries) {
+ if (ke.getKey().getKeyType() == keyType) {
+ return ke.getKey();
+ }
+ }
+
+ return null;
+ }
+
+ @Override
+ public void load(File keytabFile) throws IOException {
+ if (! keytabFile.exists() || ! keytabFile.canRead()) {
+ throw new IllegalArgumentException("Invalid keytab file: " + keytabFile.getAbsolutePath());
+ }
+
+ InputStream is = new FileInputStream(keytabFile);
+
+ load(is);
+ }
+
+ @Override
+ public void load(InputStream inputStream) throws IOException {
+ if (inputStream == null) {
+ throw new IllegalArgumentException("Invalid and null input stream");
+ }
+
+ KeytabInputStream kis = new KeytabInputStream(inputStream);
+
+ doLoad(kis);
+ }
+
+ private void doLoad(KeytabInputStream kis) throws IOException {
+ this.version = readVersion(kis);
+
+ List<KeytabEntry> entries = readEntries(kis);
+ addKeytabEntries(entries);
+ }
+
+ @Override
+ public void addEntry(KeytabEntry entry) {
+ PrincipalName principal = entry.getPrincipal();
+ List<KeytabEntry> entries = principalEntries.get(principal);
+ if (entries == null) {
+ entries = new ArrayList<KeytabEntry>();
+ principalEntries.put(principal, entries);
+ }
+ entries.add(entry);
+ }
+
+ private int readVersion(KeytabInputStream kis) throws IOException {
+ return kis.readShort();
+ }
+
+ private List<KeytabEntry> readEntries(KeytabInputStream kis) throws IOException {
+ List<KeytabEntry> entries = new ArrayList<KeytabEntry>();
+
+ int entrySize;
+ ByteBuffer entryData;
+ KeytabEntry entry;
+ while (kis.available() > 0) {
+ entrySize = kis.readInt();
+ if (kis.available() < entrySize) {
+ throw new IOException("Bad input stream with less data than expected: " + entrySize);
+ }
+ entry = readEntry(kis);
+ entries.add(entry);
+ }
+
+ return entries;
+ }
+
+ private KeytabEntry readEntry(KeytabInputStream kis) throws IOException {
+ KeytabEntry entry = new KeytabEntry();
+ entry.load(kis, version);
+ return entry;
+ }
+
+ @Override
+ public void store(File keytabFile) throws IOException {
+ OutputStream outputStream = new FileOutputStream(keytabFile);
+
+ store(outputStream);
+ }
+
+ @Override
+ public void store(OutputStream outputStream) throws IOException {
+ if (outputStream == null) {
+ throw new IllegalArgumentException("Invalid and null output stream");
+ }
+
+ KeytabOutputStream kos = new KeytabOutputStream(outputStream);
+
+ writeVersion(kos);
+ writeEntries(kos);
+ }
+
+ private void writeVersion(KeytabOutputStream kos) throws IOException {
+ byte[] bytes = new byte[2];
+ bytes[0] = (byte) 0x05;
+ bytes[1] = version == V502 ? (byte) 0x02 : (byte) 0x01;
+
+ kos.write(bytes);
+ }
+
+ private void writeEntries(KeytabOutputStream kos) throws IOException {
+ for (PrincipalName principal : principalEntries.keySet()) {
+ for (KeytabEntry entry : principalEntries.get(principal)) {
+ entry.store(kos);
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabEntry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabEntry.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabEntry.java
new file mode 100644
index 0000000..b0e6558
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabEntry.java
@@ -0,0 +1,102 @@
+package org.apache.kerberos.kerb.keytab;
+
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public class KeytabEntry
+{
+ private PrincipalName principal;
+ private KerberosTime timestamp;
+ private int kvno;
+ private EncryptionKey key;
+
+ public KeytabEntry(PrincipalName principal, KerberosTime timestamp,
+ int kvno, EncryptionKey key) {
+ this.principal = principal;
+ this.timestamp = timestamp;
+ this.kvno = kvno;
+ this.key = key;
+ }
+
+ public KeytabEntry() {
+
+ }
+
+ public void load(KeytabInputStream kis, int version) throws IOException {
+ this.principal = kis.readPrincipal(version);
+
+ this.timestamp = kis.readTime();
+
+ this.kvno = kis.readByte();
+
+ this.key = kis.readKey();
+ }
+
+ public void store(KeytabOutputStream kos) throws IOException {
+ byte[] body = null;
+
+ // compute entry body content first so that to get and write the size
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ KeytabOutputStream subKos = new KeytabOutputStream(baos);
+ writeBody(subKos, 0); // todo: consider the version
+ subKos.flush();
+ body = baos.toByteArray();
+
+ kos.writeInt(body.length);
+ kos.write(body);
+ }
+
+ public EncryptionKey getKey() {
+ return key;
+ }
+
+ public int getKvno() {
+ return kvno;
+ }
+
+ public PrincipalName getPrincipal() {
+ return principal;
+ }
+
+ public KerberosTime getTimestamp() {
+ return timestamp;
+ }
+
+ public void writeBody(KeytabOutputStream kos, int version) throws IOException {
+ kos.writePrincipal(principal, version);
+
+ kos.writeTime(timestamp);
+
+ kos.writeByte(kvno);
+
+ kos.writeKey(key, version);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ KeytabEntry that = (KeytabEntry) o;
+
+ if (kvno != that.kvno) return false;
+ if (!key.equals(that.key)) return false;
+ if (!principal.equals(that.principal)) return false;
+ if (!timestamp.equals(that.timestamp)) return false;
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = principal.hashCode();
+ result = 31 * result + timestamp.hashCode();
+ result = 31 * result + kvno;
+ result = 31 * result + key.hashCode();
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabInputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabInputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabInputStream.java
new file mode 100644
index 0000000..28cf1f1
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabInputStream.java
@@ -0,0 +1,70 @@
+package org.apache.kerberos.kerb.keytab;
+
+import org.apache.kerberos.kerb.KrbInputStream;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.NameType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class KeytabInputStream extends KrbInputStream
+{
+ public KeytabInputStream(InputStream in) {
+ super(in);
+ }
+
+ public KerberosTime readTime() throws IOException {
+ long value = readInt();
+ KerberosTime time = new KerberosTime(value * 1000);
+ return time;
+ }
+
+ @Override
+ public PrincipalName readPrincipal(int version) throws IOException {
+ int numComponents = readShort();
+ if (version == Keytab.V501) {
+ numComponents -= 1;
+ }
+
+ String realm = readCountedString();
+
+ List<String> nameStrings = new ArrayList<String>();
+ String component;
+ for (int i = 0; i < numComponents; i++) { // sub 1 if version 0x501
+ component = readCountedString();
+ nameStrings.add(component);
+ }
+ int type = readInt(); // not present if version 0x501
+ NameType nameType = NameType.fromValue(type);
+ PrincipalName principal = new PrincipalName(nameStrings, nameType);
+ principal.setRealm(realm);
+
+ return principal;
+ }
+
+ public EncryptionKey readKey() throws IOException {
+ int eType = readShort();
+ EncryptionType encryptionType = EncryptionType.fromValue(eType);
+
+ byte[] keyData = readCountedOctets();
+ EncryptionKey key = new EncryptionKey(encryptionType, keyData);
+
+ return key;
+ }
+
+ public String readCountedString() throws IOException {
+ byte[] countedOctets = readCountedOctets();
+ // ASCII
+ return new String(countedOctets);
+ }
+
+ @Override
+ public int readOctetsCount() throws IOException {
+ return readShort();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabOutputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabOutputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabOutputStream.java
new file mode 100644
index 0000000..01bd17d
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KeytabOutputStream.java
@@ -0,0 +1,44 @@
+package org.apache.kerberos.kerb.keytab;
+
+import org.apache.kerberos.kerb.KrbOutputStream;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.List;
+
+public class KeytabOutputStream extends KrbOutputStream
+{
+ public KeytabOutputStream(OutputStream out) {
+ super(out);
+ }
+
+ public void writePrincipal(PrincipalName principal, int version) throws IOException {
+ List<String> nameStrings = principal.getNameStrings();
+ int numComponents = principal.getNameStrings().size();
+ String realm = principal.getRealm();
+
+ writeShort(numComponents);
+
+ writeCountedString(realm);
+
+ for (String nameCom : nameStrings) {
+ writeCountedString(nameCom);
+ }
+
+ writeInt(principal.getNameType().getValue()); // todo: consider the version
+ }
+
+ @Override
+ public void writeKey(EncryptionKey key, int version) throws IOException {
+ writeShort(key.getKeyType().getValue());
+ writeCountedOctets(key.getKeyData());
+ }
+
+ @Override
+ public void writeCountedOctets(byte[] data) throws IOException {
+ writeShort(data.length);
+ write(data);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KrbKeytab.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KrbKeytab.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KrbKeytab.java
new file mode 100644
index 0000000..a31e4ab
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/KrbKeytab.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.keytab;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.List;
+
+public interface KrbKeytab {
+
+ public List<PrincipalName> getPrincipals();
+
+ public void addKeytabEntries(List<KeytabEntry> entries);
+
+ public void removeKeytabEntries(PrincipalName principal);
+
+ public void removeKeytabEntry(KeytabEntry entry);
+
+ public List<KeytabEntry> getKeytabEntries(PrincipalName principal);
+
+ public EncryptionKey getKey(PrincipalName principal, EncryptionType keyType);
+
+ public void load(File keytabFile) throws IOException;
+
+ public void load(InputStream inputStream) throws IOException;
+
+ void addEntry(KeytabEntry entry);
+
+ public void store(File keytabFile) throws IOException;
+
+ public void store(OutputStream outputStream) throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/keytab.txt
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/keytab.txt b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/keytab.txt
new file mode 100644
index 0000000..88a7b46
--- /dev/null
+++ b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/keytab/keytab.txt
@@ -0,0 +1,106 @@
+The Kerberos Keytab Binary File Format
+Copyright (C) 2006 Michael B Allen <mba2000 ioplex.com>
+http://www.ioplex.com/utilities/keytab.txt
+Last updated: Fri May 5 13:39:40 EDT 2006
+
+The MIT keytab binary format is not a standard format, nor is it
+documented anywhere in detail. The format has evolved and may continue
+to. It is however understood by several Kerberos implementations including
+Heimdal and of course MIT and keytab files are created by the ktpass.exe
+utility from Windows. So it has established itself as the defacto format
+for storing Kerberos keys.
+
+The following C-like structure definitions illustrate the MIT keytab
+file format. All values are in network byte order. All text is ASCII.
+
+ keytab {
+ uint16_t file_format_version; /* 0x502 */
+ keytab_entry entries[*];
+ };
+
+ keytab_entry {
+ int32_t size;
+ uint16_t num_components; /* sub 1 if version 0x501 */
+ counted_octet_string realm;
+ counted_octet_string components[num_components];
+ uint32_t name_type; /* not present if version 0x501 */
+ uint32_t timestamp;
+ uint8_t vno8;
+ keyblock key;
+ uint32_t vno; /* only present if >= 4 bytes left in entry */
+ };
+
+ counted_octet_string {
+ uint16_t length;
+ uint8_t data[length];
+ };
+
+ keyblock {
+ uint16_t type;
+ counted_octet_string;
+ };
+
+The keytab file format begins with the 16 bit file_format_version which
+at the time this document was authored is 0x502. The format of older
+keytabs is described at the end of this document.
+
+The file_format_version is immediately followed by an array of
+keytab_entry structures which are prefixed with a 32 bit size indicating
+the number of bytes that follow in the entry. Note that the size should be
+evaluated as signed. This is because a negative value indicates that the
+entry is in fact empty (e.g. it has been deleted) and that the negative
+value of that negative value (which is of course a positive value) is
+the offset to the next keytab_entry. Based on these size values alone
+the entire keytab file can be traversed.
+
+The size is followed by a 16 bit num_components field indicating the
+number of counted_octet_string components in the components array.
+
+The num_components field is followed by a counted_octet_string
+representing the realm of the principal.
+
+A counted_octet_string is simply an array of bytes prefixed with a 16
+bit length. For the realm and name components, the counted_octet_string
+bytes are ASCII encoded text with no zero terminator.
+
+Following the realm is the components array that represents the name of
+the principal. The text of these components may be joined with slashs
+to construct the typical SPN representation. For example, the service
+principal HTTP/www.foo.net@FOO.NET would consist of name components
+"HTTP" followed by "www.foo.net".
+
+Following the components array is the 32 bit name_type (e.g. 1 is
+KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In
+practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL.
+
+The 32 bit timestamp indicates the time the key was established for that
+principal. The value represents the number of seconds since Jan 1, 1970.
+
+The 8 bit vno8 field is the version number of the key. This value is
+overridden by the 32 bit vno field if it is present.
+
+The keyblock structure consists of a 16 bit value indicating the keytype
+(e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, 16 is des3-cbc-sha1,
+etc). This is followed by a counted_octet_string containing the key.
+
+The last field of the keytab_entry structure is optional. If the size of
+the keytab_entry indicates that there are at least 4 bytes remaining,
+a 32 bit value representing the key version number is present. This
+value supersedes the 8 bit vno8 value preceeding the keyblock.
+
+Older keytabs with a file_format_version of 0x501 are different in
+three ways:
+
+ 1) All integers are in host byte order [1].
+ 2) The num_components field is 1 too large (i.e. after decoding,
+ decrement by 1).
+ 3) The 32 bit name_type field is not present.
+
+[1] The file_format_version field should really be treated as two
+ separate 8 bit quantities representing the major and minor version
+ number respectively.
+
+Permission to copy, modify, and distribute this document, with or
+without modification, for any purpose and without fee or royalty is
+hereby granted, provided that you include this copyright notice in ALL
+copies of the document or portions thereof, including modifications.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/CcacheTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/CcacheTest.java b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/CcacheTest.java
new file mode 100644
index 0000000..1736e71
--- /dev/null
+++ b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/CcacheTest.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.util;
+
+import org.apache.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/*
+Default principal: drankye@SH.INTEL.COM
+
+Valid starting Expires Service principal
+08/05/2014 00:13:17 08/05/2014 10:13:17 krbtgt/SH.INTEL.COM@SH.INTEL.COM
+ Flags: FIA, Etype (skey, tkt): des3-cbc-sha1, des3-cbc-sha1
+ */
+public class CcacheTest {
+
+ private CredentialCache cc;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream cis = CcacheTest.class.getResourceAsStream("/test.cc");
+ cc = new CredentialCache();
+ cc.load(cis);
+ }
+
+ @Test
+ public void testCc() {
+ Assert.assertNotNull(cc);
+
+ PrincipalName princ = cc.getPrimaryPrincipal();
+ Assert.assertNotNull(princ);
+ Assert.assertTrue(princ.getName().equals("drankye@SH.INTEL.COM"));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/EncryptionTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/EncryptionTest.java b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/EncryptionTest.java
new file mode 100644
index 0000000..59b0d2c
--- /dev/null
+++ b/haox-kerb/kerb-util/src/test/java/org/apache/kerberos/kerb/util/EncryptionTest.java
@@ -0,0 +1,129 @@
+package org.apache.kerberos.kerb.util;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.keytab.Keytab;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.List;
+
+/*
+The principal keys for krbtgt/SH.INTEL.COM@SH.INTEL.COM
+
+KVNO Principal
+---- --------------------------------------------------------------------------
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (des-cbc-crc)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (des3-cbc-raw)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (des-hmac-sha1)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (aes256-cts-hmac-sha1-96)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (aes128-cts-hmac-sha1-96)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (arcfour-hmac)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (camellia256-cts-cmac)
+ 2 krbtgt/SH.INTEL.COM@SH.INTEL.COM (camellia128-cts-cmac)
+ */
+public class EncryptionTest {
+
+ private Keytab keytab;
+ private CredentialCache cc;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream kis = EncryptionTest.class.getResourceAsStream("/krbtgt.keytab");
+ keytab = new Keytab();
+ keytab.load(kis);
+ }
+
+ @Test
+ public void testAes128() throws IOException, KrbException {
+ testEncWith("aes128-cts-hmac-sha1-96.cc");
+ }
+
+ @Test
+ public void testAes256() throws IOException, KrbException {
+ testEncWith("aes256-cts-hmac-sha1-96.cc");
+ }
+
+ @Test
+ public void testRc4() throws IOException, KrbException {
+ testEncWith("arcfour-hmac.cc");
+ }
+
+ @Test
+ public void testCamellia128() throws IOException, KrbException {
+ testEncWith("camellia128-cts-cmac.cc");
+ }
+
+ @Test
+ public void testCamellia256() throws IOException, KrbException {
+ testEncWith("camellia256-cts-cmac.cc");
+ }
+
+ @Test
+ public void testDesCbcCrc() throws IOException, KrbException {
+ testEncWith("des-cbc-crc.cc");
+ }
+
+ @Test
+ public void testDes3CbcSha1() throws IOException, KrbException {
+ testEncWith("des3-cbc-sha1.cc");
+ }
+
+ private void testEncWith(String ccFile) throws IOException, KrbException, KrbException {
+ InputStream cis = CcacheTest.class.getResourceAsStream("/" + ccFile);
+ cc = new CredentialCache();
+ cc.load(cis);
+
+ Ticket ticket = getTicket();
+ EncryptionType keyType = ticket.getEncryptedEncPart().getEType();
+ EncryptionKey key = getServerKey(keyType);
+ if (! EncryptionHandler.isImplemented(keyType)) {
+ System.err.println("Key type not supported yet: " + keyType.getName());
+ return;
+ }
+
+ byte[] decrypted = EncryptionHandler.decrypt(
+ ticket.getEncryptedEncPart(), key, KeyUsage.KDC_REP_TICKET);
+ Assert.assertNotNull(decrypted);
+
+ EncTicketPart encPart = KrbCodec.decode(decrypted, EncTicketPart.class);
+ Assert.assertNotNull(encPart);
+ ticket.setEncPart(encPart);
+
+ EncryptedData encrypted = EncryptionHandler.encrypt(
+ decrypted, key, KeyUsage.KDC_REP_TICKET);
+
+ byte[] decrypted2 = EncryptionHandler.decrypt(
+ encrypted, key, KeyUsage.KDC_REP_TICKET);
+ if (! Arrays.equals(decrypted, decrypted2)) {
+ System.err.println("Encryption checking failed after decryption for key type: "
+ + keyType.getName());
+ }
+ }
+
+ private EncryptionKey getServerKey(EncryptionType keyType) {
+ return keytab.getKey(getServer(), keyType);
+ }
+
+ private PrincipalName getServer() {
+ // only one, krbtgt/SH.INTEL.COM@SH.INTEL.COM
+ List<PrincipalName> principals = keytab.getPrincipals();
+
+ PrincipalName server = principals.get(0);
+
+ return server;
+ }
+
+ private Ticket getTicket() {
+ return cc.getCredentials().get(0).getTicket();
+ }
+}
[11/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java
new file mode 100644
index 0000000..c905218
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithCert.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.client.request;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOption;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class AsRequestWithCert extends AsRequest {
+
+ public static final String ANONYMOUS_PRINCIPAL = "ANONYMOUS@WELLKNOWN:ANONYMOUS";
+
+ public AsRequestWithCert(KrbContext context) {
+ super(context);
+
+ setAllowedPreauth(PaDataType.PK_AS_REQ);
+ }
+
+ @Override
+ public void process() throws KrbException {
+ throw new RuntimeException("To be implemented");
+ }
+
+ @Override
+ public KrbOptions getPreauthOptions() {
+ KrbOptions results = new KrbOptions();
+
+ KrbOptions krbOptions = getKrbOptions();
+ results.add(krbOptions.getOption(KrbOption.PKINIT_X509_CERTIFICATE));
+ results.add(krbOptions.getOption(KrbOption.PKINIT_X509_ANCHORS));
+ results.add(krbOptions.getOption(KrbOption.PKINIT_X509_PRIVATE_KEY));
+ results.add(krbOptions.getOption(KrbOption.PKINIT_X509_IDENTITY));
+ results.add(krbOptions.getOption(KrbOption.PKINIT_USING_RSA));
+
+ return results;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java
new file mode 100644
index 0000000..bc9c1ab
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithPasswd.java
@@ -0,0 +1,31 @@
+package org.apache.kerberos.kerb.client.request;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOption;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class AsRequestWithPasswd extends AsRequest {
+
+ public AsRequestWithPasswd(KrbContext context) {
+ super(context);
+
+ setAllowedPreauth(PaDataType.ENC_TIMESTAMP);
+ }
+
+ public String getPassword() {
+ return getKrbOptions().getStringOption(KrbOption.USER_PASSWD);
+ }
+
+ @Override
+ public EncryptionKey getClientKey() throws KrbException {
+ if (super.getClientKey() == null) {
+ EncryptionKey tmpKey = EncryptionHandler.string2Key(getClientPrincipal().getName(),
+ getPassword(), getChosenEncryptionType());
+ setClientKey(tmpKey);
+ }
+ return super.getClientKey();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java
new file mode 100644
index 0000000..2e792f0
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/AsRequestWithToken.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.client.request;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOption;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class AsRequestWithToken extends AsRequest {
+
+ public AsRequestWithToken(KrbContext context) {
+ super(context);
+
+ setAllowedPreauth(PaDataType.TOKEN_REQUEST);
+ }
+
+ @Override
+ public void process() throws KrbException {
+ throw new RuntimeException("To be implemented");
+ }
+
+ @Override
+ public KrbOptions getPreauthOptions() {
+ KrbOptions results = new KrbOptions();
+
+ KrbOptions krbOptions = getKrbOptions();
+ results.add(krbOptions.getOption(KrbOption.TOKEN_USING_IDTOKEN));
+ results.add(krbOptions.getOption(KrbOption.TOKEN_USER_ID_TOKEN));
+ results.add(krbOptions.getOption(KrbOption.TOKEN_USER_AC_TOKEN));
+
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/KdcRequest.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/KdcRequest.java
new file mode 100644
index 0000000..ac7b732
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/KdcRequest.java
@@ -0,0 +1,339 @@
+package org.apache.kerberos.kerb.client.request;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.client.KrbOptions;
+import org.apache.kerberos.kerb.client.preauth.FastContext;
+import org.apache.kerberos.kerb.client.preauth.PreauthContext;
+import org.apache.kerberos.kerb.client.preauth.PreauthHandler;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.kdc.KdcOptions;
+import org.apache.kerberos.kerb.spec.kdc.KdcRep;
+import org.apache.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerberos.kerb.spec.kdc.KdcReqBody;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.haox.transport.Transport;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * A wrapper for KdcReq request
+ */
+public abstract class KdcRequest {
+ private KrbContext context;
+ private Transport transport;
+
+ private KrbOptions krbOptions;
+ private PrincipalName serverPrincipal;
+ private List<HostAddress> hostAddresses = new ArrayList<HostAddress>();
+ private KdcOptions kdcOptions = new KdcOptions();
+ private List<EncryptionType> encryptionTypes;
+ private EncryptionType chosenEncryptionType;
+ private int chosenNonce;
+ private KdcReq kdcReq;
+ private KdcRep kdcRep;
+ protected Map<String, Object> credCache;
+ private PreauthContext preauthContext;
+ private FastContext fastContext;
+ private EncryptionKey asKey;
+
+ private KrbError errorReply;
+ private boolean isRetrying;
+
+ public KdcRequest(KrbContext context) {
+ this.context = context;
+ this.isRetrying = false;
+ this.credCache = new HashMap<String, Object>();
+ this.preauthContext = context.getPreauthHandler()
+ .preparePreauthContext(this);
+ this.fastContext = new FastContext();
+ }
+
+ public void setTransport(Transport transport) {
+ this.transport = transport;
+ }
+
+ public Transport getTransport() {
+ return this.transport;
+ }
+
+ public void setKrbOptions(KrbOptions options) {
+ this.krbOptions = options;
+ }
+
+ public KrbOptions getKrbOptions() {
+ return krbOptions;
+ }
+
+ public boolean isRetrying() {
+ return isRetrying;
+ }
+
+ public void setAsKey(EncryptionKey asKey) {
+ this.asKey = asKey;
+ }
+
+ public EncryptionKey getAsKey() throws KrbException {
+ return asKey;
+ }
+
+ public void setAllowedPreauth(PaDataType paType) {
+ preauthContext.setAllowedPaType(paType);
+ }
+
+ public Map<String, Object> getCredCache() {
+ return credCache;
+ }
+
+ public void setPreauthRequired(boolean preauthRequired) {
+ preauthContext.setPreauthRequired(preauthRequired);
+ }
+
+ public PreauthContext getPreauthContext() {
+ return preauthContext;
+ }
+
+ protected void loadCredCache() {
+ // TODO
+ }
+
+ public KdcReq getKdcReq() {
+ return kdcReq;
+ }
+
+ public void setKdcReq(KdcReq kdcReq) {
+ this.kdcReq = kdcReq;
+ }
+
+ public KdcRep getKdcRep() {
+ return kdcRep;
+ }
+
+ public void setKdcRep(KdcRep kdcRep) {
+ this.kdcRep = kdcRep;
+ }
+
+ protected KdcReqBody makeReqBody() throws KrbException {
+ KdcReqBody body = new KdcReqBody();
+
+ long startTime = System.currentTimeMillis();
+ body.setFrom(new KerberosTime(startTime));
+
+ PrincipalName cName = null;
+ cName = getClientPrincipal();
+ body.setCname(cName);
+
+ body.setRealm(cName.getRealm());
+
+ PrincipalName sName = getServerPrincipal();
+ body.setSname(sName);
+
+ body.setTill(new KerberosTime(startTime + getTicketValidTime()));
+
+ int nonce = generateNonce();
+ body.setNonce(nonce);
+ setChosenNonce(nonce);
+
+ body.setKdcOptions(getKdcOptions());
+
+ HostAddresses addresses = getHostAddresses();
+ if (addresses != null) {
+ body.setAddresses(addresses);
+ }
+
+ body.setEtypes(getEncryptionTypes());
+
+ return body;
+ }
+
+ public KdcOptions getKdcOptions() {
+ return kdcOptions;
+ }
+
+ public HostAddresses getHostAddresses() {
+ HostAddresses addresses = null;
+ if (!hostAddresses.isEmpty()) {
+ addresses = new HostAddresses();
+ for(HostAddress ha : hostAddresses) {
+ addresses.addElement(ha);
+ }
+ }
+ return addresses;
+ }
+
+ public KrbContext getContext() {
+ return context;
+ }
+
+ protected byte[] decryptWithClientKey(EncryptedData data, KeyUsage usage) throws KrbException {
+ return EncryptionHandler.decrypt(data, getClientKey(), usage);
+ }
+
+ public void setContext(KrbContext context) {
+ this.context = context;
+ }
+
+ public void setHostAddresses(List<HostAddress> hostAddresses) {
+ this.hostAddresses = hostAddresses;
+ }
+
+ public void setKdcOptions(KdcOptions kdcOptions) {
+ this.kdcOptions = kdcOptions;
+ }
+
+ public abstract PrincipalName getClientPrincipal();
+
+ public PrincipalName getServerPrincipal() {
+ return serverPrincipal;
+ }
+
+ public void setServerPrincipal(PrincipalName serverPrincipal) {
+ this.serverPrincipal = serverPrincipal;
+ }
+
+ public List<EncryptionType> getEncryptionTypes() {
+ if (encryptionTypes == null) {
+ encryptionTypes = context.getConfig().getEncryptionTypes();
+ }
+ return encryptionTypes;
+ }
+
+ public void setEncryptionTypes(List<EncryptionType> encryptionTypes) {
+ this.encryptionTypes = encryptionTypes;
+ }
+
+ public EncryptionType getChosenEncryptionType() {
+ return chosenEncryptionType;
+ }
+
+ public void setChosenEncryptionType(EncryptionType chosenEncryptionType) {
+ this.chosenEncryptionType = chosenEncryptionType;
+ }
+
+ public int generateNonce() {
+ return context.generateNonce();
+ }
+
+ public int getChosenNonce() {
+ return chosenNonce;
+ }
+
+ public void setChosenNonce(int nonce) {
+ this.chosenNonce = nonce;
+ }
+
+ public abstract EncryptionKey getClientKey() throws KrbException;
+
+ public long getTicketValidTime() {
+ return context.getTicketValidTime();
+ }
+
+ public KerberosTime getTicketTillTime() {
+ long now = System.currentTimeMillis();
+ return new KerberosTime(now + KerberosTime.MINUTE * 60 * 1000);
+ }
+
+ public void addHost(String hostNameOrIpAddress) throws UnknownHostException {
+ InetAddress address = InetAddress.getByName(hostNameOrIpAddress);
+ hostAddresses.add(new HostAddress(address));
+ }
+
+ public void process() throws KrbException {
+ preauth();
+ }
+
+ public abstract void processResponse(KdcRep kdcRep) throws KrbException;
+
+ public KrbOptions getPreauthOptions() {
+ return new KrbOptions();
+ }
+
+ protected void preauth() throws KrbException {
+ loadCredCache();
+
+ List<EncryptionType> etypes = getEncryptionTypes();
+ if (etypes.isEmpty()) {
+ throw new KrbException("No encryption type is configured and available");
+ }
+ EncryptionType encryptionType = etypes.iterator().next();
+ setChosenEncryptionType(encryptionType);
+
+ getPreauthHandler().preauth(this);
+ }
+
+ protected PreauthHandler getPreauthHandler() {
+ return getContext().getPreauthHandler();
+ }
+
+ /**
+ * Indicate interest in the AS key.
+ */
+ public void needAsKey() throws KrbException {
+ EncryptionKey clientKey = getClientKey();
+ if (clientKey == null) {
+ throw new RuntimeException("Client key should be prepared or prompted at this time!");
+ }
+ setAsKey(clientKey);
+ }
+
+ /**
+ * Get the enctype expected to be used to encrypt the encrypted portion of
+ * the AS_REP packet. When handling a PREAUTH_REQUIRED error, this
+ * typically comes from etype-info2. When handling an AS reply, it is
+ * initialized from the AS reply itself.
+ */
+ public EncryptionType getEncType() {
+
+ return getChosenEncryptionType();
+ }
+
+ public void askQuestion(String question, String challenge) {
+ preauthContext.getUserResponser().askQuestion(question, challenge);
+ }
+
+ /**
+ * Get a pointer to the FAST armor key, or NULL if the client is not using FAST.
+ */
+ public EncryptionKey getArmorKey() {
+ return fastContext.armorKey;
+ }
+
+ /**
+ * Get the current time for use in a preauth response. If
+ * allow_unauth_time is true and the library has been configured to allow
+ * it, the current time will be offset using unauthenticated timestamp
+ * information received from the KDC in the preauth-required error, if one
+ * has been received. Otherwise, the timestamp in a preauth-required error
+ * will only be used if it is protected by a FAST channel. Only set
+ * allow_unauth_time if using an unauthenticated time offset would not
+ * create a security issue.
+ */
+ public KerberosTime getPreauthTime() {
+ return KerberosTime.now();
+ }
+
+ /**
+ * Get a state item from an input ccache, which may allow it
+ * to retrace the steps it took last time. The returned data string is an
+ * alias and should not be freed.
+ */
+ public Object getCacheValue(String key) {
+ return credCache.get(key);
+ }
+
+ /**
+ * Set a state item which will be recorded to an output
+ * ccache, if the calling application supplied one. Both key and data
+ * should be valid UTF-8 text.
+ */
+ public void cacheValue(String key, Object value) {
+ credCache.put(key, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/TgsRequest.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/TgsRequest.java
new file mode 100644
index 0000000..60c3ad3
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/request/TgsRequest.java
@@ -0,0 +1,117 @@
+package org.apache.kerberos.kerb.client.request;
+
+import org.apache.kerberos.kerb.client.KrbContext;
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerberos.kerb.spec.ap.Authenticator;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.kdc.*;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+
+public class TgsRequest extends KdcRequest {
+ private TgtTicket tgt;
+ private ApReq apReq;
+
+ public TgsRequest(KrbContext context, TgtTicket tgtTicket) {
+ super(context);
+ this.tgt = tgtTicket;
+
+ setAllowedPreauth(PaDataType.TGS_REQ);
+ }
+
+ public PrincipalName getClientPrincipal() {
+ return tgt.getClientPrincipal();
+ }
+
+ @Override
+ public EncryptionKey getClientKey() throws KrbException {
+ return getSessionKey();
+ }
+
+ public EncryptionKey getSessionKey() {
+ return tgt.getSessionKey();
+ }
+
+ @Override
+ protected void preauth() throws KrbException {
+ apReq = makeApReq();
+ super.preauth();
+ }
+
+ @Override
+ public void process() throws KrbException {
+ super.process();
+
+ TgsReq tgsReq = new TgsReq();
+
+ KdcReqBody tgsReqBody = makeReqBody();
+ tgsReq.setReqBody(tgsReqBody);
+ tgsReq.setPaData(getPreauthContext().getOutputPaData());
+
+ setKdcReq(tgsReq);
+ }
+
+ private ApReq makeApReq() throws KrbException {
+ ApReq apReq = new ApReq();
+
+ Authenticator authenticator = makeAuthenticator();
+ EncryptionKey sessionKey = tgt.getSessionKey();
+ EncryptedData authnData = EncryptionUtil.seal(authenticator,
+ sessionKey, KeyUsage.TGS_REQ_AUTH);
+ apReq.setEncryptedAuthenticator(authnData);
+
+ apReq.setTicket(tgt.getTicket());
+ ApOptions apOptions = new ApOptions();
+ apReq.setApOptions(apOptions);
+
+ return apReq;
+ }
+
+ private Authenticator makeAuthenticator() {
+ Authenticator authenticator = new Authenticator();
+ authenticator.setCname(getClientPrincipal());
+ authenticator.setCrealm(tgt.getRealm());
+
+ authenticator.setCtime(KerberosTime.now());
+ authenticator.setCusec(0);
+
+ EncryptionKey sessionKey = tgt.getSessionKey();
+ authenticator.setSubKey(sessionKey);
+
+ return authenticator;
+ }
+
+ @Override
+ public void processResponse(KdcRep kdcRep) throws KrbException {
+ setKdcRep(kdcRep);
+
+ TgsRep tgsRep = (TgsRep) getKdcRep();
+ EncTgsRepPart encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(),
+ getSessionKey(),
+ KeyUsage.TGS_REP_ENCPART_SESSKEY, EncTgsRepPart.class);
+
+ tgsRep.setEncPart(encTgsRepPart);
+
+ if (getChosenNonce() != encTgsRepPart.getNonce()) {
+ throw new KrbException("Nonce didn't match");
+ }
+ }
+
+ public ServiceTicket getServiceTicket() {
+ ServiceTicket serviceTkt = new ServiceTicket(getKdcRep().getTicket(),
+ (EncTgsRepPart) getKdcRep().getEncPart());
+ return serviceTkt;
+ }
+
+ public ApReq getApReq() {
+ return apReq;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/resources/kdc-krb5.conf b/haox-kerb/kerb-client/src/main/resources/kdc-krb5.conf
new file mode 100644
index 0000000..d118dd1
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/resources/kdc-krb5.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+ default_realm = {0}
+ udp_preference_limit = 1
+
+[realms]
+ {0} = '{'
+ kdc = {1}:{2}
+ '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-client/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/resources/kdc.ldiff b/haox-kerb/kerb-client/src/main/resources/kdc.ldiff
new file mode 100644
index 0000000..e344131
--- /dev/null
+++ b/haox-kerb/kerb-client/src/main/resources/kdc.ldiff
@@ -0,0 +1,30 @@
+dn: ou=users,dc=${0},dc=${1}
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: KDC Service
+sn: Service
+uid: krbtgt
+userPassword: secret
+krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
+krb5KeyVersionNumber: 0
+
+dn: uid=ldap,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: LDAP
+sn: Service
+uid: ldap
+userPassword: secret
+krb5PrincipalName: ldap/${4}@${2}.${3}
+krb5KeyVersionNumber: 0
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/pom.xml b/haox-kerb/kerb-common/pom.xml
new file mode 100644
index 0000000..9d43089
--- /dev/null
+++ b/haox-kerb/kerb-common/pom.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-common</artifactId>
+
+ <name>Haox-kerb Common</name>
+ <description>Haox-kerb Common facilities for both client and server</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-event</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-crypto</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java
new file mode 100644
index 0000000..ed6ebaf
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/KrbThrow.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb;
+
+public class KrbThrow {
+
+ public static KrbException out(MessageCode messageCode) throws KrbException {
+ throw new KrbException(Message.getMessage(messageCode));
+ }
+
+ public static void out(MessageCode messageCode, Exception e) throws KrbException {
+ throw new KrbException(Message.getMessage(messageCode), e);
+ }
+
+ public static void out(MessageCode messageCode, String message) throws KrbException {
+ throw new KrbException(Message.getMessage(messageCode) + ":" + message);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java
new file mode 100644
index 0000000..f3f807c
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/Message.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class Message {
+ private static Map<MessageCode, String> entries = new HashMap<MessageCode, String>();
+
+ public static void init() {
+
+ }
+
+ public static void define(MessageCode code, String message) {
+ entries.put(code, message);
+ }
+
+ public static String getMessage(MessageCode code) {
+ String msg = entries.get(code);
+ if (msg == null) {
+ msg = code.getCodeName();
+ }
+ return msg;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java
new file mode 100644
index 0000000..a33aa5c
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/MessageCode.java
@@ -0,0 +1,5 @@
+package org.apache.kerberos.kerb;
+
+public interface MessageCode {
+ public String getCodeName();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java
new file mode 100644
index 0000000..020f6b4
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/EncryptionUtil.java
@@ -0,0 +1,79 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.haox.asn1.type.AbstractAsn1Type;
+import org.apache.haox.asn1.type.Asn1Type;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class EncryptionUtil {
+
+ public static List<EncryptionKey> generateKeys(List<EncryptionType> encryptionTypes) throws KrbException {
+ List<EncryptionKey> results = new ArrayList<EncryptionKey>(encryptionTypes.size());
+ EncryptionKey encKey;
+ for (EncryptionType eType : encryptionTypes) {
+ encKey = EncryptionHandler.random2Key(eType);
+ results.add(encKey);
+ }
+
+ return results;
+ }
+
+ public static List<EncryptionKey> generateKeys(String principal, String passwd,
+ List<EncryptionType> encryptionTypes) throws KrbException {
+ List<EncryptionKey> results = new ArrayList<EncryptionKey>(encryptionTypes.size());
+ EncryptionKey encKey;
+ for (EncryptionType eType : encryptionTypes) {
+ encKey = EncryptionHandler.string2Key(principal, passwd, eType);
+ results.add(encKey);
+ }
+
+ return results;
+ }
+
+ public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
+ List<EncryptionType> configuredTypes) {
+ for (EncryptionType encryptionType : configuredTypes) {
+ if (requestedTypes.contains(encryptionType)) {
+ return encryptionType;
+ }
+ }
+
+ return null;
+ }
+
+ public static EncryptedData seal(AbstractAsn1Type asn1Type,
+ EncryptionKey key, KeyUsage usage) throws KrbException {
+ byte[] encoded = asn1Type.encode();
+ EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
+ return encrypted;
+ }
+
+ public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey key,
+ KeyUsage usage, Class<T> krbType) throws KrbException {
+ byte[] encoded = EncryptionHandler.decrypt(encrypted, key, usage);
+ return KrbCodec.decode(encoded, krbType);
+ }
+
+ public static byte[] encrypt(EncryptionKey key,
+ byte[] plaintext, int usage) throws KrbException {
+ EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
+ byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage);
+ return cipherData;
+ }
+
+ public static byte[] decrypt(EncryptionKey key,
+ byte[] cipherData, int usage) throws KrbException {
+ EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
+ byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage);
+ return plainData;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
new file mode 100644
index 0000000..fb37813
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KrbConfHelper {
+
+ public static List<EncryptionType> getEncryptionTypes(List<String> encTypeNames) {
+ List<EncryptionType> results = new ArrayList<EncryptionType>(encTypeNames.size());
+
+ EncryptionType etype;
+ for (String etypeName : encTypeNames) {
+ etype = EncryptionType.fromName(etypeName);
+ if (etype != EncryptionType.NONE) {
+ results.add(etype);
+ }
+ }
+ return results;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java
new file mode 100644
index 0000000..89ffbf5
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbErrorUtil.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class KrbErrorUtil {
+
+ public static List<EncryptionType> getEtypes(KrbError error) throws IOException {
+ MethodData methodData = new MethodData();
+ methodData.decode(error.getEdata());
+
+ for( PaDataEntry pd : methodData.getElements()) {
+ if( pd.getPaDataType() == PaDataType.ETYPE_INFO2 ) {
+ return getEtypes2(pd.getPaDataValue());
+ }
+ else if( pd.getPaDataType() == PaDataType.ETYPE_INFO ) {
+ return getEtypes(pd.getPaDataValue());
+ }
+ }
+ return Collections.EMPTY_LIST;
+ }
+
+ private static List<EncryptionType> getEtypes(byte[] data) throws IOException {
+ EtypeInfo info = new EtypeInfo();
+ info.decode(data);
+ List<EncryptionType> results = new ArrayList<EncryptionType>();
+ for( EtypeInfoEntry entry : info.getElements() ) {
+ results.add(entry.getEtype());
+ }
+ return results;
+ }
+
+ private static List<EncryptionType> getEtypes2(byte[] data) throws IOException {
+ EtypeInfo2 info2 = new EtypeInfo2();
+ info2.decode(data);
+ List<EncryptionType> results = new ArrayList<EncryptionType>();
+ for( EtypeInfo2Entry entry : info2.getElements() ) {
+ results.add(entry.getEtype());
+ }
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java
new file mode 100644
index 0000000..bb91f14
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbStreamingDecoder.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.haox.transport.tcp.DecodingCallback;
+import org.apache.haox.transport.tcp.StreamingDecoder;
+
+import java.nio.ByteBuffer;
+
+public class KrbStreamingDecoder implements StreamingDecoder {
+
+ @Override
+ public void decode(ByteBuffer streamingBuffer, DecodingCallback callback) {
+ if (streamingBuffer.remaining() >= 4) {
+ int len = streamingBuffer.getInt();
+ if (streamingBuffer.remaining() >= len) {
+ callback.onMessageComplete(len + 4);
+ } else {
+ callback.onMoreDataNeeded(len + 4);
+ }
+ } else {
+ callback.onMoreDataNeeded();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java
new file mode 100644
index 0000000..749fb94
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbUtil.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.common;
+
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.haox.transport.Transport;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class KrbUtil {
+
+ public static void sendMessage(KrbMessage message, Transport transport) {
+ int bodyLen = message.encodingLength();
+ ByteBuffer buffer = ByteBuffer.allocate(bodyLen + 4);
+ buffer.putInt(bodyLen);
+ message.encode(buffer);
+ buffer.flip();
+ transport.sendMessage(buffer);
+ }
+
+ public static KrbMessage decodeMessage(ByteBuffer message) throws IOException {
+ int bodyLen = message.getInt();
+ assert (message.remaining() >= bodyLen);
+
+ KrbMessage krbMessage = KrbCodec.decodeMessage(message);
+
+ return krbMessage;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java
new file mode 100644
index 0000000..bacbf46
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlag.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.preauth;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum PaFlag implements KrbEnum {
+ NONE(-1),
+ PA_REAL(0x01),
+ PA_INFO(0x02);
+
+ private final int value;
+
+ private PaFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static PaFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (PaFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java
new file mode 100644
index 0000000..2ef4e84
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PaFlags.java
@@ -0,0 +1,18 @@
+package org.apache.kerberos.kerb.preauth;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+public class PaFlags extends KrbFlags {
+
+ public PaFlags() {
+ this(0);
+ }
+
+ public PaFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isReal() {
+ return isFlagSet(PaFlag.PA_REAL);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java
new file mode 100644
index 0000000..288164c
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PluginRequestContext.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.preauth;
+
+/**
+ * Per request per module
+ */
+public interface PluginRequestContext {
+ // Nothing here, just as a type mark
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java
new file mode 100644
index 0000000..d7c8724
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/PreauthPluginMeta.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.preauth;
+
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public interface PreauthPluginMeta {
+
+ public String getName();
+
+ public int getVersion();
+
+ public PaDataType[] getPaTypes();
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
new file mode 100644
index 0000000..390bdc3
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
@@ -0,0 +1,26 @@
+package org.apache.kerberos.kerb.preauth.builtin;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class EncTsPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "encrypted_timestamp";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.ENC_TIMESTAMP
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
new file mode 100644
index 0000000..d6a4662
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.preauth.builtin;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+/**
+ * A faked preauth module for TGS request handling
+ */
+public class TgtPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "TGT_preauth";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.TGS_REQ
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java
new file mode 100644
index 0000000..a45e025
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityOpts.java
@@ -0,0 +1,25 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class IdentityOpts {
+
+ // From MIT Krb5 _pkinit_identity_opts
+ public String identity;
+ public List<String> AltIdentities = new ArrayList<String>(1);
+ public List<String> anchors = new ArrayList<String>(4);
+ public List<String> intermediates = new ArrayList<String>(2);
+ public List<String> crls = new ArrayList<String>(2);
+ public String ocsp;
+ public IdentityType idType;
+ public String certFile;
+ public String keyFile;
+
+ // PKCS11
+ public String p11ModuleName;
+ public int slotid;
+ public String tokenLabel;
+ public String certId;
+ public String certLabel;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java
new file mode 100644
index 0000000..e62098b
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/IdentityType.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+public enum IdentityType {
+ NONE,
+ FILE,
+ DIR,
+ PKCS11,
+ PKCS12,
+ ENVVAR,
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
new file mode 100644
index 0000000..753011b
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
@@ -0,0 +1,109 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+public class PkinitIdenity {
+
+ public static void processIdentityOption(IdentityOpts identityOpts, String value) {
+ IdentityType idType = IdentityType.NONE;
+ String residual = null;
+ if (value.contains(":")) {
+ if (value.startsWith("FILE:")) {
+ idType = IdentityType.FILE;
+ } else if (value.startsWith("PKCS11:")) {
+ idType = IdentityType.PKCS11;
+ } else if (value.startsWith("PKCS12:")) {
+ idType = IdentityType.PKCS12;
+ } else if (value.startsWith("DIR:")) {
+ idType = IdentityType.DIR;
+ } else if (value.startsWith("ENV:")) {
+ idType = IdentityType.ENVVAR;
+ } else {
+ throw new RuntimeException("Invalid Identity option format: " + value);
+ }
+ } else {
+ residual = value;
+ idType = IdentityType.FILE;
+ }
+
+ identityOpts.idType = idType;
+ switch (idType) {
+ case ENVVAR:
+ processIdentityOption(identityOpts, System.getenv(residual));
+ break;
+ case FILE:
+ parseFileOption(identityOpts, residual);
+ break;
+ case PKCS11:
+ parsePkcs11Option(identityOpts, residual);
+ break;
+ case PKCS12:
+ parsePkcs12Option(identityOpts, residual);
+ break;
+ case DIR:
+ identityOpts.certFile = residual;
+ break;
+ }
+ }
+
+ public static void parseFileOption(IdentityOpts identityOpts, String residual) {
+ String[] parts = residual.split(",");
+ String certName = null;
+ String keyName = null;
+
+ certName = parts[0];
+ if (parts.length > 1) {
+ keyName = parts[1];
+ }
+
+ identityOpts.certFile = certName;
+ identityOpts.keyFile = keyName;
+ }
+
+ public static void parsePkcs12Option(IdentityOpts identityOpts, String residual) {
+ identityOpts.certFile = residual;
+ identityOpts.keyFile = residual;
+ }
+
+ public static void parsePkcs11Option(IdentityOpts identityOpts, String residual) {
+ // TODO
+ }
+
+ public static void loadCerts(IdentityOpts identityOpts, PrincipalName principal) {
+ switch (identityOpts.idType) {
+ case FILE:
+ loadCertsFromFile(identityOpts, principal);
+ break;
+ case DIR:
+ loadCertsFromDir(identityOpts, principal);
+ break;
+ case PKCS11:
+ loadCertsAsPkcs11(identityOpts, principal);
+ break;
+ case PKCS12:
+ loadCertsAsPkcs12(identityOpts, principal);
+ break;
+ }
+ }
+
+ private static void loadCertsAsPkcs12(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsAsPkcs11(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsFromDir(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ private static void loadCertsFromFile(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+ public static void initialize(IdentityOpts identityOpts, PrincipalName principal) {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
new file mode 100644
index 0000000..8fe593a
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class PkinitPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "PKINIT";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.PK_AS_REQ,
+ PaDataType.PK_AS_REP,
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java
new file mode 100644
index 0000000..7aae8d7
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/pkinit/PluginOpts.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.preauth.pkinit;
+
+import org.apache.haox.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerberos.kerb.spec.pa.pkinit.AlgorithmIdentifiers;
+import org.apache.kerberos.kerb.spec.pa.pkinit.TrustedCertifiers;
+import org.apache.kerberos.kerb.spec.x509.AlgorithmIdentifier;
+
+public class PluginOpts {
+
+ // From MIT Krb5 _pkinit_plg_opts
+
+ // require EKU checking (default is true)
+ public boolean requireEku = true;
+ // accept secondary EKU (default is false)
+ public boolean acceptSecondaryEku = false;
+ // allow UPN-SAN instead of pkinit-SAN
+ public boolean allowUpn = true;
+ // selects DH or RSA based pkinit
+ public boolean usingRsa = true;
+ // require CRL for a CA (default is false)
+ public boolean requireCrlChecking = false;
+ // the size of the Diffie-Hellman key the client will attempt to use.
+ // The acceptable values are 1024, 2048, and 4096. The default is 2048.
+ public int dhMinBits = 2048;
+
+ public AlgorithmIdentifiers createSupportedCMSTypes() {
+ AlgorithmIdentifiers cmsAlgorithms = new AlgorithmIdentifiers();
+ AlgorithmIdentifier des3Alg = new AlgorithmIdentifier();
+ cmsAlgorithms.add(des3Alg);
+
+ String oidStr = "DES3-OID";
+ Asn1ObjectIdentifier des3Oid = new Asn1ObjectIdentifier(oidStr);
+ des3Alg.setAlgorithm(des3Oid);
+ des3Alg.setParameters(null);
+
+ return cmsAlgorithms;
+ }
+
+ public TrustedCertifiers createTrustedCertifiers() {
+ TrustedCertifiers trustedCertifiers = new TrustedCertifiers();
+
+ return trustedCertifiers;
+ }
+
+ public byte[] createIssuerAndSerial() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java
new file mode 100644
index 0000000..de3d5dc
--- /dev/null
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/preauth/token/TokenPreauthMeta.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.preauth.token;
+
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class TokenPreauthMeta implements PreauthPluginMeta {
+
+ private static String NAME = "TokenPreauth";
+ private static int VERSION = 1;
+ private static PaDataType[] PA_TYPES = new PaDataType[] {
+ PaDataType.TOKEN_CHALLENGE,
+ PaDataType.TOKEN_REQUEST
+ };
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ public int getVersion() {
+ return VERSION;
+ }
+
+ public PaDataType[] getPaTypes() {
+ return PA_TYPES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/pom.xml b/haox-kerb/kerb-core-test/pom.xml
new file mode 100644
index 0000000..bb7b730
--- /dev/null
+++ b/haox-kerb/kerb-core-test/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-core-test</artifactId>
+
+ <name>haox-kerb-coreTest</name>
+ <description>Kerb core tests</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data
new file mode 100644
index 0000000..7f3b582
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data b/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data
new file mode 100644
index 0000000..4ba2540
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data
@@ -0,0 +1 @@
+�����\���U�s�7�"
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data
new file mode 100644
index 0000000..13c89e6
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data
new file mode 100644
index 0000000..b7d539f
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data b/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data
new file mode 100644
index 0000000..24792c1
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data
new file mode 100644
index 0000000..6a7e55c
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data
new file mode 100644
index 0000000..3db6963
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/des-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-key-data b/haox-kerb/kerb-core-test/src/main/resources/des-key-data
new file mode 100644
index 0000000..84a0c50
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/des-key-data
@@ -0,0 +1 @@
+��2�^�L�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/des-pac-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-pac-data b/haox-kerb/kerb-core-test/src/main/resources/des-pac-data
new file mode 100644
index 0000000..7408111
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/des-pac-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data
new file mode 100644
index 0000000..04a56e8
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties b/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties
new file mode 100644
index 0000000..1695c63
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties
@@ -0,0 +1,39 @@
+object.cast.fail=Unable to cast object from {0} to {1}.
+
+spnego.token.empty=Empty SPNego token.
+spnego.token.invalid=Not a valid SPNego token: {0}.
+spnego.token.malformed=Malformed SPNego token.
+spnego.field.invalid=Not a valid SPNego token field: {0}.
+
+
+kerberos.object.cast=Unable to cast Kerberos object from {0} to {1}.
+kerberos.token.empty=Empty Kerberos token.
+kerberos.token.invalid=Not a Kerberos token.
+kerberos.token.malformed=Malformed Kerberos token.
+kerberos.kdcReq.empty=Empty message.
+kerberos.kdcReq.invalid=Not a KRB_AP_REQ message.
+kerberos.ticket.empty=Empty Kerberos ticket.
+kerberos.ticket.invalid=Not a Kerberos v5 ticket.
+kerberos.ticket.malformed=Malformed Kerberos ticket.
+kerberos.field.invalid=Not a valid Kerberos ticket field: {0}.
+kerberos.field.malformed=Malformed Kerberos ticket field.
+kerberos.key.notfound=Unable to find appropriate key of type {0}.
+kerberos.version.invalid=Invalid version of Kerberos ticket: {0}.
+kerberos.login.fail=Unable to get server keys.
+kerberos.decrypt.fail=Unable to decrypt encrypted data using key of type {0}.
+
+pac.token.empty=Empty PAC token.
+pac.token.malformed=Malformed PAC token.
+pac.logoninfo.malformed=Malformed PAC logon info.
+pac.signature.malformed=Malformed PAC signature.
+pac.signature.invalid=Invalid PAC signature.
+pac.string.notempty=String not empty while expected null.
+pac.string.malformed.size=Inconsistent string lengths.
+pac.string.invalid.size=Inconsistent string size: {1}, expecting {0}.
+pac.groups.invalid.size=Group count ({0}) doesn't match the real number of groups ({1}) in the PAC.
+pac.extrasids.invalid.size=Extra SID count ({0}) doesn't match the real number of extra SID ({1}) in the PAC.
+pac.resourcegroups.invalid.size=Resource group count ({0}) doesn't match the real number of resource groups ({1}) in the PAC.
+pac.sid.malformed.size=Inconsistent SID length.
+pac.subauthority.malformed.size=Incorrect byte array length: {0}; must be multiple of 4.
+pac.version.invalid=Invalid version of PAC token: {0}.
+pac.check.fail=Unable to check PAC signature.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data
new file mode 100644
index 0000000..6be7086
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data
new file mode 100644
index 0000000..64f9d9c
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data
@@ -0,0 +1 @@
+l�܇y#�l�mv��k�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data
new file mode 100644
index 0000000..df45f91
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data
new file mode 100644
index 0000000..91cbe26
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/main/resources/server.keytab
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/server.keytab b/haox-kerb/kerb-core-test/src/main/resources/server.keytab
new file mode 100644
index 0000000..b44347c
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/server.keytab differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/README.txt
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/README.txt b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/README.txt
new file mode 100644
index 0000000..f1e0a3f
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/README.txt
@@ -0,0 +1,5 @@
+This project is simple for integration testing purpose. It's inspired by and originated from JaasLaunge.
+Eventually I will replace most of the codes by mine or get the granting permission of the author.
+
+http://jaaslounge.sourceforge.net/
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
new file mode 100644
index 0000000..da2a610
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.AuthorizationDataEntry;
+import org.apache.kerberos.kerb.spec.common.AuthorizationType;
+
+import java.io.IOException;
+import java.util.List;
+
+public class AuthzDataUtil {
+
+ public static Pac getPac(AuthorizationData authzData, byte[] serverKey) throws IOException, KrbException {
+ AuthorizationDataEntry ifRelevantAd = null;
+ for (AuthorizationDataEntry entry : authzData.getElements()) {
+ if (entry.getAuthzType() == AuthorizationType.AD_IF_RELEVANT) {
+ ifRelevantAd = entry;
+ break;
+ }
+ }
+
+ if (ifRelevantAd != null) {
+ List<AuthorizationDataEntry> entries = decode(ifRelevantAd);
+ for (AuthorizationDataEntry entry : entries) {
+ if (entry.getAuthzType() == AuthorizationType.AD_WIN2K_PAC) {
+ return decodeAsPac(entry, serverKey);
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static List<AuthorizationDataEntry> decode(AuthorizationDataEntry entry) throws IOException {
+ AuthorizationData authzData = new AuthorizationData();
+ authzData.decode(entry.getAuthzData());
+ return authzData.getElements();
+ }
+
+ public static Pac decodeAsPac(AuthorizationDataEntry entry, byte[] key) throws IOException, KrbException {
+ if (entry.getAuthzType() != AuthorizationType.AD_WIN2K_PAC) {
+ throw new IllegalArgumentException("Not AD_WIN2K_PAC type: " + entry.getAuthzType().name());
+ }
+
+ return new Pac(entry.getAuthzData(), key);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java
new file mode 100644
index 0000000..61eb109
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java
@@ -0,0 +1,32 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.IOException;
+
+public class KerberosApRequest {
+ private ApReq apReq;
+ private KerberosTicket ticket;
+
+ public KerberosApRequest(byte[] token, EncryptionKey key) throws Exception {
+ if(token.length <= 0) {
+ throw new IOException("kerberos request empty");
+ }
+
+ apReq = KrbCodec.decode(token, ApReq.class);
+ ticket = new KerberosTicket(apReq.getTicket(), apReq.getApOptions(), key);
+ }
+
+ public ApOptions getApOptions() throws KrbException {
+ return apReq.getApOptions();
+ }
+
+ public KerberosTicket getTicket() {
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java
new file mode 100644
index 0000000..52d4a8e
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java
@@ -0,0 +1,25 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+public interface KerberosConstants {
+
+ static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
+ static final String KERBEROS_VERSION = "5";
+
+ static final String KERBEROS_AP_REQ = "14";
+
+ static final int AF_INTERNET = 2;
+ static final int AF_CHANET = 5;
+ static final int AF_XNS = 6;
+ static final int AF_ISO = 7;
+
+ static final int AUTH_DATA_RELEVANT = 1;
+ static final int AUTH_DATA_PAC = 128;
+
+ static final int DES_ENC_TYPE = 3;
+ static final int RC4_ENC_TYPE = 23;
+ static final String RC4_ALGORITHM = "ARCFOUR";
+ static final String HMAC_ALGORITHM = "HmacMD5";
+ static final int CONFOUNDER_SIZE = 8;
+ static final int CHECKSUM_SIZE = 16;
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java
new file mode 100644
index 0000000..1d0acdb
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerberos.kerb.keytab.Keytab;
+import org.apache.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class KerberosCredentials {
+
+ private static Keytab keytab;
+
+ private static void init() throws IOException {
+ InputStream kis = KerberosCredentials.class.getResourceAsStream("/server.keytab");
+ keytab = new Keytab();
+ keytab.load(kis);
+ }
+
+ public static EncryptionKey getServerKey(EncryptionType etype) throws IOException {
+ if (keytab == null) {
+ init();
+ }
+
+ for (PrincipalName principal : keytab.getPrincipals()) {
+ for (KeytabEntry entry : keytab.getKeytabEntries(principal)) {
+ if (entry.getKey().getKeyType() == etype) {
+ return entry.getKey();
+ }
+ }
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java
new file mode 100644
index 0000000..66ed831
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java
@@ -0,0 +1,67 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+
+import java.util.Arrays;
+
+public class KerberosTicket {
+ private String serverPrincipalName;
+ private String serverRealm;
+ private Ticket ticket;
+
+ public KerberosTicket(Ticket ticket, ApOptions apOptions, EncryptionKey key)
+ throws Exception {
+ this.ticket = ticket;
+
+ byte[] decrypted = EncryptionHandler.decrypt(
+ ticket.getEncryptedEncPart(), key, KeyUsage.KDC_REP_TICKET);
+
+ EncTicketPart encPart = KrbCodec.decode(decrypted, EncTicketPart.class);
+ ticket.setEncPart(encPart);
+
+ /**
+ * Also test encryption by the way
+ */
+ EncryptedData encrypted = EncryptionHandler.encrypt(
+ decrypted, key, KeyUsage.KDC_REP_TICKET);
+
+ byte[] decrypted2 = EncryptionHandler.decrypt(
+ encrypted, key, KeyUsage.KDC_REP_TICKET);
+ if (!Arrays.equals(decrypted, decrypted2)) {
+ throw new KrbException("Encryption checking failed after decryption");
+ }
+ }
+
+ public String getUserPrincipalName() throws KrbException {
+ return ticket.getEncPart().getCname().getName();
+ }
+
+ public String getUserRealm() throws KrbException {
+ return ticket.getEncPart().getCrealm();
+ }
+
+ public String getServerPrincipalName() throws KrbException {
+ return ticket.getSname().getName();
+ }
+
+ public String getServerRealm() throws KrbException {
+ return ticket.getRealm();
+ }
+
+ public AuthorizationData getAuthorizationData() throws KrbException {
+ return ticket.getEncPart().getAuthorizationData();
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java
new file mode 100644
index 0000000..8398f74
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.haox.asn1.Asn1InputBuffer;
+import org.apache.haox.asn1.type.Asn1Item;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.IOException;
+
+public class KerberosToken {
+
+ private KerberosApRequest apRequest;
+
+ public KerberosToken(byte[] token) throws Exception {
+ this(token, null);
+ }
+
+ public KerberosToken(byte[] token, EncryptionKey key) throws Exception {
+
+ if(token.length <= 0)
+ throw new IOException("kerberos.token.empty");
+
+ Asn1InputBuffer buffer = new Asn1InputBuffer(token);
+
+ Asn1Item value = (Asn1Item) buffer.read();
+ if(! value.isAppSpecific() && ! value.isConstructed())
+ throw new IOException("kerberos.token.malformed");
+
+ buffer = new Asn1InputBuffer(value.getBodyContent());
+ buffer.skipNext();
+
+ buffer.skipBytes(2);
+
+ apRequest = new KerberosApRequest(buffer.readAllLeftBytes(), key);
+ }
+
+ public KerberosApRequest getApRequest() {
+ return apRequest;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/Pac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/Pac.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/Pac.java
new file mode 100644
index 0000000..0761999
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/Pac.java
@@ -0,0 +1,94 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.CheckSumHandler;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+
+public class Pac {
+
+ private PacLogonInfo logonInfo;
+ private PacCredentialType credentialType;
+ private PacSignature serverSignature;
+ private PacSignature kdcSignature;
+
+ public Pac(byte[] data, byte[] key) throws KrbException {
+ byte[] checksumData = data.clone();
+ try {
+ PacDataInputStream pacStream = new PacDataInputStream(new DataInputStream(
+ new ByteArrayInputStream(data)));
+
+ if(data.length <= 8)
+ throw new IOException("pac.token.empty");
+
+ int bufferCount = pacStream.readInt();
+ int version = pacStream.readInt();
+
+ if(version != PacConstants.PAC_VERSION) {
+ Object[] args = new Object[]{version};
+ throw new IOException("pac.version.invalid");
+ }
+
+ for(int bufferIndex = 0; bufferIndex < bufferCount; bufferIndex++) {
+ int bufferType = pacStream.readInt();
+ int bufferSize = pacStream.readInt();
+ long bufferOffset = pacStream.readLong();
+ byte[] bufferData = new byte[bufferSize];
+ System.arraycopy(data, (int)bufferOffset, bufferData, 0, bufferSize);
+
+ switch (bufferType) {
+ case PacConstants.LOGON_INFO:
+ // PAC Credential Information
+ logonInfo = new PacLogonInfo(bufferData);
+ break;
+ case PacConstants.CREDENTIAL_TYPE:
+ // PAC Credential Type
+ credentialType = new PacCredentialType(bufferData);
+ break;
+ case PacConstants.SERVER_CHECKSUM:
+ // PAC Server Signature
+ serverSignature = new PacSignature(bufferData);
+ // Clear signature from checksum copy
+ for(int i = 0; i < bufferSize; i++)
+ checksumData[(int)bufferOffset + 4 + i] = 0;
+ break;
+ case PacConstants.PRIVSVR_CHECKSUM:
+ // PAC KDC Signature
+ kdcSignature = new PacSignature(bufferData);
+ // Clear signature from checksum copy
+ for(int i = 0; i < bufferSize; i++)
+ checksumData[(int)bufferOffset + 4 + i] = 0;
+ break;
+ default:
+ }
+ }
+ } catch(IOException e) {
+ throw new KrbException("pac.token.malformed", e);
+ }
+
+ CheckSum checksum = new CheckSum(serverSignature.getType(), serverSignature.getChecksum());
+ if (! CheckSumHandler.verifyWithKey(checksum, checksumData, key, KeyUsage.APP_DATA_CKSUM)) {
+ throw new KrbException("Check sum verifying failed");
+ }
+ }
+
+ public PacLogonInfo getLogonInfo() {
+ return logonInfo;
+ }
+
+ public PacCredentialType getCredentialType() {
+ return credentialType;
+ }
+
+ public PacSignature getServerSignature() {
+ return serverSignature;
+ }
+
+ public PacSignature getKdcSignature() {
+ return kdcSignature;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacConstants.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacConstants.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacConstants.java
new file mode 100644
index 0000000..3ade7b2
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacConstants.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+public interface PacConstants {
+
+ static final int PAC_VERSION = 0;
+
+ static final int LOGON_INFO = 1;
+ static final int CREDENTIAL_TYPE = 2;
+ static final int SERVER_CHECKSUM = 6;
+ static final int PRIVSVR_CHECKSUM = 7;
+
+ static final int LOGON_EXTRA_SIDS = 0x20;
+ static final int LOGON_RESOURCE_GROUPS = 0x200;
+
+ static final long FILETIME_BASE = -11644473600000L;
+
+ static final int MD5_KRB_SALT = 17;
+ static final int MD5_BLOCK_LENGTH = 64;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacCredentialType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacCredentialType.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacCredentialType.java
new file mode 100644
index 0000000..75fe338
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/pac/PacCredentialType.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.codec.pac;
+
+import java.io.IOException;
+
+public class PacCredentialType {
+
+ private static final int MINIMAL_BUFFER_SIZE = 32;
+
+ private byte[] credentialType;
+
+ public PacCredentialType(byte[] data) throws IOException {
+ credentialType = data;
+ if(!isCredentialTypeCorrect()) {
+ throw new IOException("pac.credentialtype.malformed");
+ }
+ }
+
+ public boolean isCredentialTypeCorrect() {
+ return credentialType != null && credentialType.length < MINIMAL_BUFFER_SIZE;
+ }
+
+}
[03/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/java/org/apache/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/java/org/apache/kerberos/kerb/server/TestKdcServer.java b/haox-kerb/kerb-kdc-test/src/main/java/org/apache/kerberos/kerb/server/TestKdcServer.java
new file mode 100644
index 0000000..fd1435f
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/java/org/apache/kerberos/kerb/server/TestKdcServer.java
@@ -0,0 +1,103 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerberos.kerb.keytab.Keytab;
+import org.apache.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.Properties;
+import java.util.UUID;
+
+public class TestKdcServer extends SimpleKdcServer {
+
+ public static final String ORG_DOMAIN = KdcConfigKey.KDC_DOMAIN.getPropertyKey();
+ public static final String KDC_REALM = KdcConfigKey.KDC_REALM.getPropertyKey();
+ public static final String KDC_HOST = KdcConfigKey.KDC_HOST.getPropertyKey();
+ public static final String KDC_PORT = KdcConfigKey.KDC_PORT.getPropertyKey();
+ public static final String WORK_DIR = KdcConfigKey.WORK_DIR.getPropertyKey();
+
+ private static final Properties DEFAULT_CONFIG = new Properties();
+ static {
+ DEFAULT_CONFIG.setProperty(KDC_HOST, "localhost");
+ DEFAULT_CONFIG.setProperty(KDC_PORT, "8018");
+ DEFAULT_CONFIG.setProperty(ORG_DOMAIN, "test.com");
+ DEFAULT_CONFIG.setProperty(KDC_REALM, "TEST.COM");
+ }
+
+ public static Properties createConf() {
+ return (Properties) DEFAULT_CONFIG.clone();
+ }
+
+ public TestKdcServer() {
+ this(createConf());
+ }
+
+ public TestKdcServer(Properties conf) {
+ super();
+ getConfig().getConf().addPropertiesConfig(conf);
+ }
+
+ @Override
+ public void init() {
+ super.init();
+
+ createPrincipals("krbtgt");
+ }
+
+ public String getKdcRealm() {
+ return getConfig().getKdcRealm();
+ }
+
+ public synchronized void createPrincipal(String principal, String password) {
+ KrbIdentity identity = new KrbIdentity(principal);
+ List<EncryptionType> encTypes = getConfig().getEncryptionTypes();
+ List<EncryptionKey> encKeys = null;
+ try {
+ encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to generate encryption keys", e);
+ }
+ identity.addKeys(encKeys);
+ getIdentityService().addIdentity(identity);
+ }
+
+ public void createPrincipals(String ... principals) {
+ String passwd;
+ for (String principal : principals) {
+ passwd = UUID.randomUUID().toString();
+ createPrincipal(fixPrincipal(principal), passwd);
+ }
+ }
+
+ private String fixPrincipal(String principal) {
+ if (! principal.contains("@")) {
+ principal += "@" + getKdcRealm();
+ }
+ return principal;
+ }
+
+ public void exportPrincipals(File keytabFile) throws IOException {
+ Keytab keytab = new Keytab();
+
+ List<KrbIdentity> identities = getIdentityService().getIdentities();
+ for (KrbIdentity identity : identities) {
+ PrincipalName principal = identity.getPrincipal();
+ KerberosTime timestamp = new KerberosTime();
+ for (EncryptionType encType : identity.getKeys().keySet()) {
+ EncryptionKey ekey = identity.getKeys().get(encType);
+ int keyVersion = ekey.getKvno();
+ keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+ }
+ }
+
+ keytab.store(keytabFile);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/cacert.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/cacert.pem b/haox-kerb/kerb-kdc-test/src/main/resources/cacert.pem
new file mode 100644
index 0000000..6b91561
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/cacert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgIJAMrZoeDxTzwWMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzEzMjdaFw0yNDA1MTAxMzEzMjdaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMCznJJ02ZUjCPvAwnBmfPs0akb5QRc/NKu8kCtAPWzgHS2JPTQfJhkDbTAD
+eIlg8IeJpOdrYnzdaBCzgxqjSkls+vxjYotOU0Zbrpy2bj0lRDqdYbNsiuConKgT
+MeuDEd/4ZI0X9NWLAi06Iv1F4mHXf36c6uqiUWTtXiofogrFUoTRwACKR2qeC95X
+Py+FDmpS9lz0mo0vDWjetLQC2IBngjjPFdR16n87QDIWfRBkk66rn7rEA6Li66b/
+cToajMSA/n+2Ud1mntSY4RdDdd0TBtAq9RrXtUOfzGaE7S6t+FtYyEprvT4FdOTU
+uyYgSNaI9ANVP1zhQ9LACKuudOECAwEAAaNQME4wHQYDVR0OBBYEFD91SVOejfwx
+u33+5N0TdYbHJbgAMB8GA1UdIwQYMBaAFD91SVOejfwxu33+5N0TdYbHJbgAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADsONtUqGNBPBXnRowcJwv+Y
+F1Vea+4dkBwYbhkiO6H5XMKr+waOnOD2eAvgP4aeYg/a0xOzzETRD9wi1Z1P1ZMy
+d/NzHQjj4egPENwDv1PH2voZgsXXzXIqUMOtz9t12TuJUrSA2SBW1tz/evckHhNY
+fHg4ThvTIgwEdV/yvrOEBLV9dXG5IhhF+NW1MegTGkt4SpOoH1pi3o9VekVRnix9
+xrIdaC4Ee6vQaR603HwDS9Y+a1c2KU7QoLX8Vaa904cQ+rxhGsTAkocnZXeo6Hl5
+V8BlDYXxeP86fzcWi04ll2BmEEw/RimHEOLpGqxTVHJ5p5BVSCHP8aCD0VJheaU=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem b/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem
new file mode 100644
index 0000000..66dc806
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
+NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
+s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
+AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
+usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
+Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
+Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
+IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
+Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
+zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
+0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
+tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
+GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
+L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
+pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
+YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
+/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
+XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
+VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
+ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
+XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
+IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
+OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
+oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
+5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc b/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
new file mode 100644
index 0000000..e0d1578
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
@@ -0,0 +1,20 @@
+[kdc_cert]
+basicConstraints=CA:FALSE
+keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=1.3.6.1.5.2.3.5
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm=EXP:0,GeneralString:${ENV::REALM}
+principal_name=EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type=EXP:0,INTEGER:1
+name_string=EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1=GeneralString:krbtgt
+princ2=GeneralString:${ENV::REALM}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf b/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
new file mode 100644
index 0000000..d118dd1
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+ default_realm = {0}
+ udp_preference_limit = 1
+
+[realms]
+ {0} = '{'
+ kdc = {1}:{2}
+ '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff b/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
new file mode 100644
index 0000000..e344131
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
@@ -0,0 +1,30 @@
+dn: ou=users,dc=${0},dc=${1}
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: KDC Service
+sn: Service
+uid: krbtgt
+userPassword: secret
+krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
+krb5KeyVersionNumber: 0
+
+dn: uid=ldap,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: LDAP
+sn: Service
+uid: ldap
+userPassword: secret
+krb5PrincipalName: ldap/${4}@${2}.${3}
+krb5KeyVersionNumber: 0
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem b/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem b/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem b/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/usercert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem b/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/main/resources/userkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
new file mode 100644
index 0000000..c199c44
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class KdcTest extends KdcTestBase {
+
+ private String password = "123456";
+
+ @Override
+ protected void setUpKdcServer() throws Exception {
+ super.setUpKdcServer();
+ kdcServer.createPrincipal(clientPrincipal, password);
+ }
+
+ @Test
+ public void testKdc() throws Exception {
+ kdcServer.start();
+ Assert.assertTrue(kdcServer.isStarted());
+
+ krbClnt.init();
+ TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
+ Assert.assertNotNull(tgt);
+
+ ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+ Assert.assertNotNull(tkt);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java
new file mode 100644
index 0000000..56f7741
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/KdcTestBase.java
@@ -0,0 +1,49 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.client.KrbClient;
+import org.apache.kerberos.kerb.server.TestKdcServer;
+import org.junit.After;
+import org.junit.Before;
+
+public abstract class KdcTestBase {
+
+ protected String kdcRealm;
+ protected String clientPrincipal;
+ protected String serverPrincipal;
+
+ protected String hostname = "localhost";
+ protected short port = 8088;
+
+ protected TestKdcServer kdcServer;
+ protected KrbClient krbClnt;
+
+ @Before
+ public void setUp() throws Exception {
+ setUpKdcServer();
+ setUpClient();
+ }
+
+ protected void setUpKdcServer() throws Exception {
+ kdcServer = new TestKdcServer();
+ kdcServer.setKdcHost(hostname);
+ kdcServer.setKdcPort(port);
+ kdcServer.init();
+
+ kdcRealm = kdcServer.getKdcRealm();
+ clientPrincipal = "drankye@" + kdcRealm;
+
+ serverPrincipal = "test-service/localhost@" + kdcRealm;
+ kdcServer.createPrincipals(serverPrincipal);
+ }
+
+ protected void setUpClient() throws Exception {
+ krbClnt = new KrbClient(hostname, port);
+ krbClnt.setTimeout(5);
+ krbClnt.setKdcRealm(kdcServer.getKdcRealm());
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ kdcServer.stop();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java
new file mode 100644
index 0000000..b72237d
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithCertKdcTest.java
@@ -0,0 +1,71 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+import org.haox.pki.Pkix;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+/**
+ openssl genrsa -out cakey.pem 2048
+ openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
+ vi extensions.kdc
+ openssl genrsa -out kdckey.pem 2048
+ openssl req -new -out kdc.req -key kdckey.pem
+ env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
+ -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
+ */
+public class WithCertKdcTest extends KdcTestBase {
+
+ private Certificate userCert;
+ private PrivateKey userKey;
+
+ @Override
+ protected void setUpClient() throws Exception {
+ super.setUpClient();
+
+ loadCredentials();
+ }
+
+ @Override
+ protected void setUpKdcServer() throws Exception {
+ super.setUpKdcServer();
+ kdcServer.createPrincipals(clientPrincipal);
+ }
+
+ //@Test
+ public void testKdc() throws Exception {
+ Assert.assertNotNull(userCert);
+
+ kdcServer.start();
+ Assert.assertTrue(kdcServer.isStarted());
+ krbClnt.init();
+
+ TgtTicket tgt = null;
+ try {
+ tgt = krbClnt.requestTgtTicket(clientPrincipal, userCert, userKey, null);
+ } catch (KrbException te) {
+ Assert.assertTrue(te.getMessage().contains("timeout"));
+ return;
+ }
+ Assert.assertNull(tgt);
+
+ ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+ Assert.assertNull(tkt);
+ }
+
+ private void loadCredentials() throws IOException, GeneralSecurityException {
+ InputStream res = getClass().getResourceAsStream("/usercert.pem");
+ userCert = Pkix.getCerts(res).iterator().next();
+
+ res = getClass().getResourceAsStream("/userkey.pem");
+ userKey = Pkix.getPrivateKey(res, null);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java
new file mode 100644
index 0000000..efbdf16
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/src/test/java/org/apache/kerberos/kerb/server/WithTokenKdcTest.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
+import org.haox.token.KerbToken;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class WithTokenKdcTest extends KdcTestBase {
+
+ private KerbToken token;
+
+ @Override
+ protected void setUpKdcServer() throws Exception {
+ super.setUpKdcServer();
+ kdcServer.createPrincipals(clientPrincipal);
+ }
+
+ //@Test
+ public void testKdc() throws Exception {
+ kdcServer.start();
+ Assert.assertTrue(kdcServer.isStarted());
+ krbClnt.init();
+
+ TgtTicket tgt = null;
+ try {
+ tgt = krbClnt.requestTgtTicket(clientPrincipal, token, null);
+ } catch (KrbException te) {
+ Assert.assertTrue(te.getMessage().contains("timeout"));
+ return;
+ }
+ Assert.assertNull(tgt);
+
+ ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+ Assert.assertNull(tkt);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/pom.xml b/haox-kerb/kerb-server/pom.xml
new file mode 100644
index 0000000..dfc8738
--- /dev/null
+++ b/haox-kerb/kerb-server/pom.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-server</artifactId>
+
+ <name>Haox-kerb Server</name>
+ <description>Haox-kerb Server</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-identity</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-event</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-pkix</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
new file mode 100644
index 0000000..8afff46
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
@@ -0,0 +1,105 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.haox.config.Conf;
+import org.apache.kerberos.kerb.common.KrbConfHelper;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+import java.util.List;
+
+public class KdcConfig {
+ protected Conf conf;
+
+ public KdcConfig() {
+ this.conf = new Conf();
+ }
+
+ public Conf getConf() {
+ return this.conf;
+ }
+
+ public boolean enableDebug() {
+ return conf.getBoolean(KdcConfigKey.KRB_DEBUG);
+ }
+
+ public String getKdcServiceName() {
+ return conf.getString(KdcConfigKey.KDC_SERVICE_NAME);
+ }
+
+ public String getWorkDir() {
+ return conf.getString(KdcConfigKey.WORK_DIR);
+ }
+
+ public String getKdcHost() {
+ return conf.getString(KdcConfigKey.KDC_HOST);
+ }
+
+ public short getKdcPort() {
+ Integer kdcPort = conf.getInt(KdcConfigKey.KDC_PORT);
+ return kdcPort.shortValue();
+ }
+
+ public String getKdcRealm() {
+ return conf.getString(KdcConfigKey.KDC_REALM);
+ }
+
+ public String getKdcDomain() {
+ return conf.getString(KdcConfigKey.KDC_DOMAIN);
+ }
+
+ public boolean isPreauthRequired() {
+ return conf.getBoolean(KdcConfigKey.PREAUTH_REQUIRED);
+ }
+
+ public String getTgsPrincipal() {
+ return conf.getString(KdcConfigKey.TGS_PRINCIPAL);
+ }
+
+ public long getAllowableClockSkew() {
+ return conf.getLong(KdcConfigKey.ALLOWABLE_CLOCKSKEW);
+ }
+
+ public boolean isEmptyAddressesAllowed() {
+ return conf.getBoolean(KdcConfigKey.EMPTY_ADDRESSES_ALLOWED);
+ }
+
+ public boolean isForwardableAllowed() {
+ return conf.getBoolean(KdcConfigKey.FORWARDABLE_ALLOWED);
+ }
+
+ public boolean isPostdatedAllowed() {
+ return conf.getBoolean(KdcConfigKey.POSTDATED_ALLOWED);
+ }
+
+ public boolean isProxiableAllowed() {
+ return conf.getBoolean(KdcConfigKey.PROXIABLE_ALLOWED);
+ }
+
+ public boolean isRenewableAllowed() {
+ return conf.getBoolean(KdcConfigKey.RENEWABLE_ALLOWED);
+ }
+
+ public long getMaximumRenewableLifetime() {
+ return conf.getLong(KdcConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
+ }
+
+ public long getMaximumTicketLifetime() {
+ return conf.getLong(KdcConfigKey.MAXIMUM_TICKET_LIFETIME);
+ }
+
+ public long getMinimumTicketLifetime() {
+ return conf.getLong(KdcConfigKey.MINIMUM_TICKET_LIFETIME);
+ }
+
+ public List<EncryptionType> getEncryptionTypes() {
+ List<String> eTypes = conf.getList(KdcConfigKey.ENCRYPTION_TYPES);
+ return KrbConfHelper.getEncryptionTypes(eTypes);
+ }
+
+ public boolean isPaEncTimestampRequired() {
+ return conf.getBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED);
+ }
+
+ public boolean isBodyChecksumVerified() {
+ return conf.getBoolean(KdcConfigKey.VERIFY_BODY_CHECKSUM);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
new file mode 100644
index 0000000..f6a53dd
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
@@ -0,0 +1,47 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.haox.config.ConfigKey;
+
+public enum KdcConfigKey implements ConfigKey {
+ KRB_DEBUG(true),
+ WORK_DIR,
+ KDC_SERVICE_NAME("Haox_KDC_Server"),
+ KDC_HOST("127.0.0.1"),
+ KDC_PORT(8015),
+ KDC_DOMAIN("example.com"),
+ KDC_REALM("EXAMPLE.COM"),
+ TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
+ PREAUTH_REQUIRED(true),
+ ALLOWABLE_CLOCKSKEW(5 * 60L),
+ EMPTY_ADDRESSES_ALLOWED(true),
+ PA_ENC_TIMESTAMP_REQUIRED(true),
+ MAXIMUM_TICKET_LIFETIME(24 * 3600L),
+ MINIMUM_TICKET_LIFETIME(1 * 3600L),
+ MAXIMUM_RENEWABLE_LIFETIME(48 * 3600L),
+ FORWARDABLE_ALLOWED(true),
+ POSTDATED_ALLOWED(true),
+ PROXIABLE_ALLOWED(true),
+ RENEWABLE_ALLOWED(true),
+ VERIFY_BODY_CHECKSUM(true),
+ ENCRYPTION_TYPES(new String[] { "aes128-cts-hmac-sha1-96", "des3-cbc-sha1-kd" });
+
+ private Object defaultValue;
+
+ private KdcConfigKey() {
+ this.defaultValue = null;
+ }
+
+ private KdcConfigKey(Object defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ @Override
+ public String getPropertyKey() {
+ return "kdc." + name().toLowerCase();
+ }
+
+ @Override
+ public Object getDefaultValue() {
+ return this.defaultValue;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java
new file mode 100644
index 0000000..3b090f7
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcContext.java
@@ -0,0 +1,72 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.identity.IdentityService;
+import org.apache.kerberos.kerb.server.preauth.PreauthHandler;
+import org.apache.kerberos.kerb.server.replay.ReplayCheckService;
+
+import java.util.List;
+
+public class KdcContext {
+ private KdcConfig config;
+ private List<String> supportedKdcRealms;
+ private String kdcRealm;
+ private IdentityService identityService;
+ private ReplayCheckService replayCache;
+ private PreauthHandler preauthHandler;
+
+ public void init(KdcConfig config) {
+ this.config = config;
+ }
+
+ public KdcConfig getConfig() {
+ return config;
+ }
+
+ public void setPreauthHandler(PreauthHandler preauthHandler) {
+ this.preauthHandler = preauthHandler;
+ }
+
+ public PreauthHandler getPreauthHandler() {
+ return this.preauthHandler;
+ }
+
+ public List<String> getSupportedKdcRealms() {
+ return supportedKdcRealms;
+ }
+
+ public void setSupportedKdcRealms(List<String> supportedKdcRealms) {
+ this.supportedKdcRealms = supportedKdcRealms;
+ }
+
+ public void setKdcRealm(String realm) {
+ this.kdcRealm = realm;
+ }
+
+ public String getServerRealm() {
+ return config.getKdcRealm();
+ }
+
+ public String getKdcRealm() {
+ if (kdcRealm != null) {
+ return kdcRealm;
+ }
+ return config.getKdcRealm();
+ }
+
+ public void setReplayCache(ReplayCheckService replayCache) {
+ this.replayCache = replayCache;
+ }
+
+ public ReplayCheckService getReplayCache() {
+ return replayCache;
+ }
+
+ public void setIdentityService(IdentityService identityService) {
+ this.identityService = identityService;
+ }
+
+
+ public IdentityService getIdentityService() {
+ return identityService;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java
new file mode 100644
index 0000000..fc0ebc5
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcHandler.java
@@ -0,0 +1,129 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.common.KrbUtil;
+import org.apache.kerberos.kerb.identity.IdentityService;
+import org.apache.kerberos.kerb.server.preauth.PreauthHandler;
+import org.apache.kerberos.kerb.server.replay.ReplayCheckService;
+import org.apache.kerberos.kerb.server.request.AsRequest;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.server.request.TgsRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerberos.kerb.spec.kdc.TgsReq;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.tcp.TcpTransport;
+
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class KdcHandler extends MessageHandler {
+
+ private List<String> kdcRealms = new ArrayList<String>(1);
+ private Map<String, KdcContext> kdcContexts;
+
+ private KdcConfig kdcConfig;
+ private PreauthHandler preauthHandler;
+
+ // TODO: per realm for below
+ private IdentityService identityService;
+ private ReplayCheckService replayCheckService;
+
+ /**
+ * Should be called when all the necessary properties are set
+ */
+ public void init() {
+ loadKdcRealms();
+
+ preauthHandler = new PreauthHandler();
+ preauthHandler.init(kdcConfig);
+
+ kdcContexts = new HashMap<String, KdcContext>(1);
+ for (String realm : kdcRealms) {
+ initRealmContext(realm);
+ }
+ }
+
+ private void initRealmContext(String kdcRealm) {
+ KdcContext kdcContext = new KdcContext();
+ kdcContext.init(kdcConfig);
+ kdcContext.setKdcRealm(kdcRealm);
+ kdcContext.setPreauthHandler(preauthHandler);
+ kdcContext.setIdentityService(identityService);
+ kdcContext.setReplayCache(replayCheckService);
+
+ kdcContexts.put(kdcRealm, kdcContext);
+ }
+
+ public void setKdcRealm(String realm) {
+ this.kdcRealms.add(realm);
+ }
+
+ public void setConfig(KdcConfig config) {
+ this.kdcConfig = config;
+ }
+
+ public void setIdentityService(IdentityService identityService) {
+ this.identityService = identityService;
+ }
+
+ @Override
+ protected void handleMessage(MessageEvent event) throws Exception {
+ ByteBuffer message = event.getMessage();
+ Transport transport = event.getTransport();
+
+ KrbMessage krbRequest = KrbUtil.decodeMessage(message);
+ KdcRequest kdcRequest = null;
+
+ KrbMessageType messageType = krbRequest.getMsgType();
+ if (messageType == KrbMessageType.TGS_REQ || messageType == KrbMessageType.AS_REQ) {
+ KdcReq kdcReq = (KdcReq) krbRequest;
+ String realm = getRequestRealm(kdcReq);
+ if (realm == null || !kdcContexts.containsKey(realm)) {
+ throw new KrbException("Invalid realm from kdc request: " + realm);
+ }
+
+ KdcContext kdcContext = kdcContexts.get(realm);
+ if (messageType == KrbMessageType.TGS_REQ) {
+ kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
+ } else if (messageType == KrbMessageType.AS_REQ) {
+ kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
+ }
+ }
+
+ InetSocketAddress clientAddress = transport.getRemoteAddress();
+ kdcRequest.setClientAddress(clientAddress.getAddress());
+ boolean isTcp = (transport instanceof TcpTransport);
+ kdcRequest.isTcp(isTcp);
+
+ kdcRequest.process();
+
+ KrbMessage krbResponse = kdcRequest.getReply();
+ KrbUtil.sendMessage(krbResponse, transport);
+ }
+
+ private void loadKdcRealms() {
+ if (kdcRealms.isEmpty()) {
+ kdcRealms.add(kdcConfig.getKdcRealm());
+ }
+ }
+
+ private String getRequestRealm(KdcReq kdcReq) {
+ String realm = kdcReq.getReqBody().getRealm();
+ if (realm == null && kdcReq.getReqBody().getCname() != null) {
+ realm = kdcReq.getReqBody().getCname().getRealm();
+ }
+ if (realm == null || realm.isEmpty()) {
+ realm = "NULL-KDC-REALM";
+ }
+ return realm;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java
new file mode 100644
index 0000000..41ce0de
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcServer.java
@@ -0,0 +1,164 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.haox.event.EventHub;
+import org.apache.kerberos.kerb.common.KrbStreamingDecoder;
+import org.apache.kerberos.kerb.identity.IdentityService;
+import org.apache.haox.transport.Acceptor;
+import org.apache.haox.transport.tcp.TcpAcceptor;
+
+import java.io.File;
+
+public class KdcServer {
+ private String kdcHost;
+ private short kdcPort;
+ private String kdcRealm;
+
+ private boolean started;
+ private String serviceName = "HaoxKdc";
+
+ private KdcHandler kdcHandler;
+ private EventHub eventHub;
+
+ protected KdcConfig kdcConfig;
+ protected IdentityService identityService;
+ protected File workDir;
+
+ public KdcServer() {
+ kdcConfig = new KdcConfig();
+ }
+
+ public void init() {
+ initConfig();
+
+ initWorkDir();
+ }
+
+ protected void initWorkDir() {
+ String path = kdcConfig.getWorkDir();
+ File file;
+ if (path != null) {
+ file = new File(path);
+ file.mkdirs();
+ } else {
+ file = new File(".");
+ }
+
+ this.workDir = file;
+ }
+
+ protected void initConfig() {}
+
+ public void start() {
+ try {
+ doStart();
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to start " + getServiceName(), e);
+ }
+
+ started = true;
+ }
+
+ public String getKdcRealm() {
+ if (kdcRealm != null) {
+ return kdcRealm;
+ }
+ return kdcConfig.getKdcRealm();
+ }
+
+ private String getKdcHost() {
+ if (kdcHost != null) {
+ return kdcHost;
+ }
+ return kdcConfig.getKdcHost();
+ }
+
+ private short getKdcPort() {
+ if (kdcPort > 0) {
+ return kdcPort;
+ }
+ return kdcConfig.getKdcPort();
+ }
+
+ public void setKdcHost(String kdcHost) {
+ this.kdcHost = kdcHost;
+ }
+
+ public void setKdcPort(short kdcPort) {
+ this.kdcPort = kdcPort;
+ }
+
+ public void setKdcRealm(String realm) {
+ this.kdcRealm = realm;
+ }
+
+ public boolean enableDebug() {
+ return kdcConfig.enableDebug();
+ }
+
+ protected void doStart() throws Exception {
+ prepareHandler();
+
+ this.eventHub = new EventHub();
+
+ eventHub.register(kdcHandler);
+
+ Acceptor acceptor = new TcpAcceptor(new KrbStreamingDecoder());
+ eventHub.register(acceptor);
+
+ eventHub.start();
+ acceptor.listen(getKdcHost(), getKdcPort());
+ }
+
+ private void prepareHandler() {
+ this.kdcHandler = new KdcHandler();
+ kdcHandler.setConfig(kdcConfig);
+ kdcHandler.setIdentityService(identityService);
+ if (kdcRealm != null) {
+ kdcHandler.setKdcRealm(kdcRealm);
+ }
+ kdcHandler.init();
+ }
+
+ public void stop() {
+ try {
+ doStop();
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to stop " + getServiceName());
+ }
+ }
+
+ protected void doStop() throws Exception {
+ eventHub.stop();
+ }
+
+ public KdcConfig getConfig() {
+ return kdcConfig;
+ }
+
+ public boolean isStarted() {
+ return started;
+ }
+
+ protected void setStarted( boolean started ) {
+ this.started = started;
+ }
+
+ protected void setServiceName( String name ) {
+ this.serviceName = name;
+ }
+
+ protected String getServiceName() {
+ if (serviceName != null) {
+ return serviceName;
+ }
+ return kdcConfig.getKdcServiceName();
+ }
+
+ public IdentityService getIdentityService() {
+ return identityService;
+ }
+
+ protected void setIdentityService(IdentityService identityService) {
+ this.identityService = identityService;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java
new file mode 100644
index 0000000..cf85161
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/SimpleKdcServer.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.server;
+
+import org.apache.kerberos.kerb.identity.IdentityService;
+import org.apache.kerberos.kerb.identity.backend.SimpleIdentityBackend;
+
+import java.io.File;
+
+public class SimpleKdcServer extends KdcServer {
+
+ public SimpleKdcServer() {
+ super();
+ }
+
+ public void init() {
+ super.init();
+ initIdentityService();
+ }
+
+ protected void initIdentityService() {
+ File identityFile = new File(workDir, "simplekdb.dat");
+ IdentityService identityService = new SimpleIdentityBackend(identityFile);
+ setIdentityService(identityService);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
new file mode 100644
index 0000000..d23a7e3
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
@@ -0,0 +1,72 @@
+package org.apache.kerberos.kerb.server.preauth;
+
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class AbstractPreauthPlugin implements KdcPreauth {
+
+ private PreauthPluginMeta pluginMeta;
+
+ public AbstractPreauthPlugin(PreauthPluginMeta meta) {
+ this.pluginMeta = meta;
+ }
+
+ @Override
+ public String getName() {
+ return pluginMeta.getName();
+ }
+
+ public int getVersion() {
+ return pluginMeta.getVersion();
+ }
+
+ public PaDataType[] getPaTypes() {
+ return pluginMeta.getPaTypes();
+ }
+
+ @Override
+ public void initWith(KdcContext kdcContext) {
+
+ }
+
+ @Override
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
+ return null;
+ }
+
+ @Override
+ public void provideEdata(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaData outPaData) throws KrbException {
+
+ }
+
+ @Override
+ public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataEntry paData) throws KrbException {
+ return false;
+ }
+
+ @Override
+ public void providePaData(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaData paData) {
+
+ }
+
+ @Override
+ public PaFlags getFlags(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataType paType) {
+ return null;
+ }
+
+ @Override
+ public void destroy() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java
new file mode 100644
index 0000000..e367fbf
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/FastContext.java
@@ -0,0 +1,17 @@
+package org.apache.kerberos.kerb.server.preauth;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.fast.FastOptions;
+import org.apache.kerberos.kerb.spec.fast.KrbFastArmor;
+import org.apache.kerberos.kerb.spec.kdc.KdcReq;
+
+public class FastContext {
+
+ public KdcReq fastOuterRequest;
+ public EncryptionKey armorKey;
+ public KrbFastArmor fastArmor;
+ public FastOptions fastOptions;
+ public int nonce;
+ public int fastFlags;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java
new file mode 100644
index 0000000..691a581
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/KdcPreauth.java
@@ -0,0 +1,62 @@
+package org.apache.kerberos.kerb.server.preauth;
+
+import org.apache.kerberos.kerb.preauth.PaFlags;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.PreauthPluginMeta;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+/**
+ * KDC side preauth plugin module
+ */
+public interface KdcPreauth extends PreauthPluginMeta {
+
+ /**
+ * Initializing plugin context for each realm
+ */
+ public void initWith(KdcContext context);
+
+ /**
+ * Initializing request context
+ */
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest);
+
+ /**
+ * Optional: provide pa_data to send to the client as part of the "you need to
+ * use preauthentication" error.
+ */
+ public void provideEdata(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaData outPaData) throws KrbException;
+
+ /**
+ * Optional: verify preauthentication data sent by the client, setting the
+ * TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
+ * field as appropriate.
+ */
+ public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataEntry paData) throws KrbException;
+
+ /**
+ * Optional: generate preauthentication response data to send to the client as
+ * part of the AS-REP.
+ */
+ public void providePaData(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaData paData);
+
+ /**
+ * Return PA_REAL if pa_type is a real preauthentication type or PA_INFO if it is
+ * an informational type.
+ */
+ public PaFlags getFlags(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataType paType);
+
+ /**
+ * When exiting...
+ */
+ public void destroy();
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java
new file mode 100644
index 0000000..67aa7f7
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthContext.java
@@ -0,0 +1,25 @@
+package org.apache.kerberos.kerb.server.preauth;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class PreauthContext {
+ private boolean preauthRequired = true;
+ private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
+
+ public PreauthContext() {
+
+ }
+
+ public boolean isPreauthRequired() {
+ return preauthRequired;
+ }
+
+ public void setPreauthRequired(boolean preauthRequired) {
+ this.preauthRequired = preauthRequired;
+ }
+
+ public List<PreauthHandle> getHandles() {
+ return handles;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java
new file mode 100644
index 0000000..88ff628
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandle.java
@@ -0,0 +1,37 @@
+package org.apache.kerberos.kerb.server.preauth;
+
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+
+public class PreauthHandle {
+
+ public KdcPreauth preauth;
+ public PluginRequestContext requestContext;
+
+ public PreauthHandle(KdcPreauth preauth) {
+ this.preauth = preauth;
+ }
+
+ public void initRequestContext(KdcRequest kdcRequest) {
+ requestContext = preauth.initRequestContext(kdcRequest);
+ }
+
+ public void provideEdata(KdcRequest kdcRequest, PaData outPaData) throws KrbException {
+ preauth.provideEdata(kdcRequest, requestContext, outPaData);
+ }
+
+ public void verify(KdcRequest kdcRequest, PaDataEntry paData) throws KrbException {
+ preauth.verify(kdcRequest, requestContext, paData);
+ }
+
+ public void providePaData(KdcRequest kdcRequest, PaData paData) {
+ preauth.providePaData(kdcRequest, requestContext, paData);
+ }
+
+ public void destroy() {
+ preauth.destroy();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java
new file mode 100644
index 0000000..2e2464f
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/PreauthHandler.java
@@ -0,0 +1,105 @@
+package org.apache.kerberos.kerb.server.preauth;
+
+import org.apache.kerberos.kerb.server.KdcConfig;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.server.preauth.builtin.EncTsPreauth;
+import org.apache.kerberos.kerb.server.preauth.builtin.TgtPreauth;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class PreauthHandler {
+
+ private List<KdcPreauth> preauths;
+
+ /**
+ * Should be called only once, for global
+ */
+ public void init(KdcConfig kdcConfig) {
+ loadPreauthPlugins(kdcConfig);
+ }
+
+ private void loadPreauthPlugins(KdcConfig kdcConfig) {
+ preauths = new ArrayList<KdcPreauth>();
+
+ KdcPreauth preauth = new EncTsPreauth();
+ preauths.add(preauth);
+
+ preauth = new TgtPreauth();
+ preauths.add(preauth);
+ }
+
+ /**
+ * Should be called per realm
+ * @param context
+ */
+ public void initWith(KdcContext context) {
+ for (KdcPreauth preauth : preauths) {
+ preauth.initWith(context);
+ }
+ }
+
+ public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
+ PreauthContext preauthContext = new PreauthContext();
+
+ KdcContext kdcContext = kdcRequest.getKdcContext();
+ preauthContext.setPreauthRequired(kdcContext.getConfig().isPreauthRequired());
+
+ for (KdcPreauth preauth : preauths) {
+ PreauthHandle handle = new PreauthHandle(preauth);
+ handle.initRequestContext(kdcRequest);
+ preauthContext.getHandles().add(handle);
+ }
+
+ return preauthContext;
+ }
+
+ public void provideEdata(KdcRequest kdcRequest, PaData outPaData) throws KrbException {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ for (PreauthHandle handle : preauthContext.getHandles()) {
+ handle.provideEdata(kdcRequest, outPaData);
+ }
+ }
+
+ public void verify(KdcRequest kdcRequest, PaData paData) throws KrbException {
+ for (PaDataEntry paEntry : paData.getElements()) {
+ PreauthHandle handle = findHandle(kdcRequest, paEntry.getPaDataType());
+ if (handle != null) {
+ handle.verify(kdcRequest, paEntry);
+ }
+ }
+ }
+
+ public void providePaData(KdcRequest kdcRequest, PaData paData) {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ for (PreauthHandle handle : preauthContext.getHandles()) {
+ handle.providePaData(kdcRequest, paData);
+ }
+ }
+
+ private PreauthHandle findHandle(KdcRequest kdcRequest, PaDataType paType) {
+ PreauthContext preauthContext = kdcRequest.getPreauthContext();
+
+ for (PreauthHandle handle : preauthContext.getHandles()) {
+ for (PaDataType pt : handle.preauth.getPaTypes()) {
+ if (pt == paType) {
+ return handle;
+ }
+ }
+ }
+ return null;
+ }
+
+ public void destroy() {
+ for (KdcPreauth preauth : preauths) {
+ preauth.destroy();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
new file mode 100644
index 0000000..77a6c59
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
@@ -0,0 +1,41 @@
+package org.apache.kerberos.kerb.server.preauth.builtin;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.builtin.EncTsPreauthMeta;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaEncTsEnc;
+
+public class EncTsPreauth extends AbstractPreauthPlugin {
+
+ public EncTsPreauth() {
+ super(new EncTsPreauthMeta());
+ }
+
+ @Override
+ public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataEntry paData) throws KrbException {
+ EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class);
+ EncryptionKey clientKey = kdcRequest.getClientKey(encData.getEType());
+ PaEncTsEnc timestamp = EncryptionUtil.unseal(encData, clientKey,
+ KeyUsage.AS_REQ_PA_ENC_TS, PaEncTsEnc.class);
+
+ KdcContext kdcContext = kdcRequest.getKdcContext();
+ long clockSkew = kdcContext.getConfig().getAllowableClockSkew() * 1000;
+ if (!timestamp.getAllTime().isInClockSkew(clockSkew)) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_PREAUTH_FAILED);
+ }
+
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
new file mode 100644
index 0000000..03bd54c
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
@@ -0,0 +1,26 @@
+package org.apache.kerberos.kerb.server.preauth.builtin;
+
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.builtin.TgtPreauthMeta;
+import org.apache.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.server.request.TgsRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+
+public class TgtPreauth extends AbstractPreauthPlugin {
+
+ public TgtPreauth() {
+ super(new TgtPreauthMeta());
+ }
+
+ @Override
+ public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataEntry paData) throws KrbException {
+
+ TgsRequest tgsRequest = (TgsRequest) kdcRequest;
+ tgsRequest.verifyAuthenticator(paData);
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java
new file mode 100644
index 0000000..01bb6cb
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitKdcContext.java
@@ -0,0 +1,11 @@
+package org.apache.kerberos.kerb.server.preauth.pkinit;
+
+import org.apache.kerberos.kerb.preauth.pkinit.IdentityOpts;
+import org.apache.kerberos.kerb.preauth.pkinit.PluginOpts;
+
+public class PkinitKdcContext {
+
+ public PluginOpts pluginOpts;
+ public IdentityOpts identityOpts;
+ public String realm;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
new file mode 100644
index 0000000..8c2f6cc
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -0,0 +1,74 @@
+package org.apache.kerberos.kerb.server.preauth.pkinit;
+
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
+import org.apache.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerberos.kerb.spec.pa.pkinit.PaPkAsReq;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class PkinitPreauth extends AbstractPreauthPlugin {
+
+ private Map<String, PkinitKdcContext> pkinitContexts;
+
+ public PkinitPreauth() {
+ super(new PkinitPreauthMeta());
+
+ pkinitContexts = new HashMap<String, PkinitKdcContext>(1);
+ }
+
+ @Override
+ public void initWith(KdcContext kdcContext) {
+ super.initWith(kdcContext);
+
+ PkinitKdcContext tmp = new PkinitKdcContext();
+ tmp.realm = kdcContext.getKdcRealm();
+ pkinitContexts.put(kdcContext.getKdcRealm(), tmp);
+ }
+
+ @Override
+ public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
+ PkinitRequestContext reqCtx = new PkinitRequestContext();
+
+ //reqCtx.updateRequestOpts(pkinitContext.pluginOpts);
+
+ return reqCtx;
+ }
+
+ @Override
+ public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext,
+ PaDataEntry paData) throws KrbException {
+
+ PkinitRequestContext reqCtx = (PkinitRequestContext) requestContext;
+ PkinitKdcContext pkinitContext = findContext(kdcRequest.getServerPrincipal());
+ if (pkinitContext == null) {
+ return false;
+ }
+
+ reqCtx.paType = paData.getPaDataType();
+ if (paData.getPaDataType() == PaDataType.PK_AS_REQ) {
+ PaPkAsReq paPkAsReq = KrbCodec.decode(paData.getPaDataValue(), PaPkAsReq.class);
+ if (paPkAsReq == null) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private PkinitKdcContext findContext(PrincipalName principal) {
+ String realm = principal.getRealm();
+ if (pkinitContexts.containsKey(realm)) {
+ return pkinitContexts.get(realm);
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java
new file mode 100644
index 0000000..b1e1631
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/pkinit/PkinitRequestContext.java
@@ -0,0 +1,11 @@
+package org.apache.kerberos.kerb.server.preauth.pkinit;
+
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+import org.apache.kerberos.kerb.spec.pa.pkinit.AuthPack;
+
+public class PkinitRequestContext implements PluginRequestContext {
+
+ public AuthPack authPack;
+ public PaDataType paType;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java
new file mode 100644
index 0000000..35d10be
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.server.preauth.token;
+
+import org.apache.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerberos.kerb.spec.pa.PaDataType;
+
+public class TokenRequestContext implements PluginRequestContext {
+
+ public boolean doIdentityMatching;
+ public PaDataType paType;
+ public boolean identityInitialized;
+ public boolean identityPrompted;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java
new file mode 100644
index 0000000..5b7daf9
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java
@@ -0,0 +1,7 @@
+package org.apache.kerberos.kerb.server.replay;
+
+public interface CacheService
+{
+ boolean checkAndCache(RequestRecord request);
+ void clear();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java
new file mode 100644
index 0000000..c9325df
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java
@@ -0,0 +1,6 @@
+package org.apache.kerberos.kerb.server.replay;
+
+public interface ReplayCheckService
+{
+ boolean checkReplay(String clientPrincipal, String serverPrincipal, long requestTime, int microseconds);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java
new file mode 100644
index 0000000..fa7057e
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.server.replay;
+
+public class ReplayCheckServiceImpl implements ReplayCheckService
+{
+ private CacheService cacheService;
+
+ public ReplayCheckServiceImpl(CacheService cacheService) {
+ this.cacheService = cacheService;
+ }
+
+ public ReplayCheckServiceImpl() {
+ this(new SimpleCacheService());
+ }
+
+ @Override
+ public boolean checkReplay(String clientPrincipal, String serverPrincipal,
+ long requestTime, int microseconds) {
+ RequestRecord record = new RequestRecord(clientPrincipal, serverPrincipal, requestTime, microseconds);
+ return cacheService.checkAndCache(record);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java
new file mode 100644
index 0000000..a89cee4
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.server.replay;
+
+public class RequestRecord {
+ private String clientPrincipal;
+ private String serverPrincipal;
+ private long requestTime;
+ private int microseconds;
+
+ public RequestRecord(String clientPrincipal, String serverPrincipal, long requestTime, int microseconds) {
+ this.clientPrincipal = clientPrincipal;
+ this.serverPrincipal = serverPrincipal;
+ this.requestTime = requestTime;
+ this.microseconds = microseconds;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ RequestRecord that = (RequestRecord) o;
+
+ if (microseconds != that.microseconds) return false;
+ if (requestTime != that.requestTime) return false;
+ if (!clientPrincipal.equals(that.clientPrincipal)) return false;
+ if (!serverPrincipal.equals(that.serverPrincipal)) return false;
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = clientPrincipal.hashCode();
+ result = 31 * result + serverPrincipal.hashCode();
+ result = 31 * result + (int) (requestTime ^ (requestTime >>> 32));
+ result = 31 * result + microseconds;
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java
new file mode 100644
index 0000000..fd7bd13
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.server.replay;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class SimpleCacheService implements CacheService {
+ private Set<RequestRecord> requests;
+
+ public SimpleCacheService() {
+ requests = new HashSet<RequestRecord>();
+ }
+
+ @Override
+ public boolean checkAndCache(RequestRecord request) {
+ if (requests.contains(request)) {
+ return true;
+ } else {
+ requests.add(request);
+ }
+ return false;
+ }
+
+ @Override
+ public void clear() {
+ requests.clear();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java
new file mode 100644
index 0000000..b54c849
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java
@@ -0,0 +1,72 @@
+package org.apache.kerberos.kerb.server.request;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerberos.kerb.server.KdcContext;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.*;
+import org.apache.kerberos.kerb.spec.kdc.*;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerberos.kerb.spec.ticket.TicketFlag;
+
+public class AsRequest extends KdcRequest {
+
+ public AsRequest(AsReq asReq, KdcContext kdcContext) {
+ super(asReq, kdcContext);
+ }
+
+ @Override
+ protected void makeReply() throws KrbException {
+ Ticket ticket = getTicket();
+
+ AsRep reply = new AsRep();
+
+ reply.setCname(getClientEntry().getPrincipal());
+ reply.setCrealm(kdcContext.getServerRealm());
+ reply.setTicket(ticket);
+
+ EncKdcRepPart encKdcRepPart = makeEncKdcRepPart();
+ reply.setEncPart(encKdcRepPart);
+
+ EncryptionKey clientKey = getClientKey();
+ EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart,
+ clientKey, KeyUsage.AS_REP_ENCPART);
+ reply.setEncryptedEncPart(encryptedData);
+
+ setReply(reply);
+ }
+
+ protected EncKdcRepPart makeEncKdcRepPart() {
+ KdcReq request = getKdcReq();
+ Ticket ticket = getTicket();
+
+ EncKdcRepPart encKdcRepPart = new EncAsRepPart();
+
+ //session key
+ encKdcRepPart.setKey(ticket.getEncPart().getKey());
+
+ LastReq lastReq = new LastReq();
+ LastReqEntry entry = new LastReqEntry();
+ entry.setLrType(LastReqType.THE_LAST_INITIAL);
+ entry.setLrValue(new KerberosTime());
+ lastReq.add(entry);
+ encKdcRepPart.setLastReq(lastReq);
+
+ encKdcRepPart.setNonce(request.getReqBody().getNonce());
+
+ encKdcRepPart.setFlags(ticket.getEncPart().getFlags());
+ encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime());
+ encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime());
+ encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime());
+
+ if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) {
+ encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill());
+ }
+
+ encKdcRepPart.setSname(ticket.getSname());
+ encKdcRepPart.setSrealm(ticket.getRealm());
+ encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
+
+ return encKdcRepPart;
+ }
+}
[21/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLSocketWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLSocketWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLSocketWrapper.java
new file mode 100644
index 0000000..4abeb11
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLSocketWrapper.java
@@ -0,0 +1,356 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLSocketWrapper.java $
+ * $Revision: 155 $
+ * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.SocketException;
+import java.nio.channels.SocketChannel;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Aug-2006
+ */
+public class SSLSocketWrapper extends SSLSocket {
+ protected Socket s;
+
+ public SSLSocketWrapper(Socket s) {
+ this.s = s;
+ }
+
+ /* javax.net.ssl.SSLSocket */
+
+ public void addHandshakeCompletedListener(HandshakeCompletedListener hcl) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).addHandshakeCompletedListener(hcl);
+ }
+ }
+
+ public void removeHandshakeCompletedListener(HandshakeCompletedListener hcl) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).removeHandshakeCompletedListener(hcl);
+ }
+ }
+
+ public String[] getSupportedCipherSuites() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getSupportedCipherSuites();
+ } else {
+ return null;
+ }
+ }
+
+ public boolean getEnableSessionCreation() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getEnableSessionCreation();
+ } else {
+ return false;
+ }
+ }
+
+ public String[] getEnabledCipherSuites() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getEnabledCipherSuites();
+ } else {
+ return null;
+ }
+ }
+
+ public String[] getSupportedProtocols() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getSupportedProtocols();
+ } else {
+ return null;
+ }
+ }
+
+ public String[] getEnabledProtocols() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getEnabledProtocols();
+ } else {
+ return null;
+ }
+ }
+
+ public SSLSession getSession() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getSession();
+ } else {
+ return null;
+ }
+ }
+
+ public boolean getUseClientMode() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getUseClientMode();
+ } else {
+ return false;
+ }
+ }
+
+ public boolean getNeedClientAuth() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getNeedClientAuth();
+ } else {
+ return false;
+ }
+ }
+
+ public boolean getWantClientAuth() {
+ if (s instanceof SSLSocket) {
+ return ((SSLSocket) s).getWantClientAuth();
+ } else {
+ return false;
+ }
+ }
+
+ public void setEnabledCipherSuites(String[] cs) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).setEnabledCipherSuites(cs);
+ }
+ }
+
+ public void setEnabledProtocols(String[] ep) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).setEnabledProtocols(ep);
+ }
+ }
+
+ public void startHandshake() throws IOException {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).startHandshake();
+ }
+ }
+
+ public void setUseClientMode(boolean b) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).setUseClientMode(b);
+ }
+ }
+
+ public void setNeedClientAuth(boolean b) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).setNeedClientAuth(b);
+ }
+ }
+
+ public void setWantClientAuth(boolean b) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).setWantClientAuth(b);
+ }
+ }
+
+ public void setEnableSessionCreation(boolean b) {
+ if (s instanceof SSLSocket) {
+ ((SSLSocket) s).setEnableSessionCreation(b);
+ }
+ }
+
+ /* java.net.Socket */
+
+ public SocketChannel getChannel() {
+ return s.getChannel();
+ }
+
+ public InetAddress getInetAddress() {
+ return s.getInetAddress();
+ }
+
+ public boolean getKeepAlive() throws SocketException {
+ return s.getKeepAlive();
+ }
+
+ public InetAddress getLocalAddress() {
+ return s.getLocalAddress();
+ }
+
+ public int getLocalPort() {
+ return s.getLocalPort();
+ }
+
+ public SocketAddress getLocalSocketAddress() {
+ return s.getLocalSocketAddress();
+ }
+
+ public boolean getOOBInline() throws SocketException {
+ return s.getOOBInline();
+ }
+
+ public int getPort() {
+ return s.getPort();
+ }
+
+ public int getReceiveBufferSize() throws SocketException {
+ return s.getReceiveBufferSize();
+ }
+
+ public SocketAddress getRemoteSocketAddress() {
+ return s.getRemoteSocketAddress();
+ }
+
+ public boolean getReuseAddress() throws SocketException {
+ return s.getReuseAddress();
+ }
+
+ public int getSendBufferSize() throws SocketException {
+ return s.getSendBufferSize();
+ }
+
+ public int getSoLinger() throws SocketException {
+ return s.getSoLinger();
+ }
+
+ public int getSoTimeout() throws SocketException {
+ return s.getSoTimeout();
+ }
+
+ public boolean getTcpNoDelay() throws SocketException {
+ return s.getTcpNoDelay();
+ }
+
+ public int getTrafficClass() throws SocketException {
+ return s.getTrafficClass();
+ }
+
+ public boolean isBound() {
+ return s.isBound();
+ }
+
+ public boolean isClosed() {
+ return s.isClosed();
+ }
+
+ public boolean isConnected() {
+ return s.isConnected();
+ }
+
+ public boolean isInputShutdown() {
+ return s.isInputShutdown();
+ }
+
+ public boolean isOutputShutdown() {
+ return s.isOutputShutdown();
+ }
+
+ public void sendUrgentData(int data) throws IOException {
+ s.sendUrgentData(data);
+ }
+
+ public void setKeepAlive(boolean on) throws SocketException {
+ s.setKeepAlive(on);
+ }
+
+ public void setOOBInline(boolean on) throws SocketException {
+ s.setOOBInline(on);
+ }
+
+ public void setReceiveBufferSize(int size) throws SocketException {
+ s.setReceiveBufferSize(size);
+ }
+
+ public void setReuseAddress(boolean on) throws SocketException {
+ s.setReuseAddress(on);
+ }
+
+ public void setSendBufferSize(int size) throws SocketException {
+ s.setSendBufferSize(size);
+ }
+
+ public void setSoLinger(boolean on, int l) throws SocketException {
+ s.setSoLinger(on, l);
+ }
+
+ public void setSoTimeout(int timeout) throws SocketException {
+ s.setSoTimeout(timeout);
+ }
+
+ public void setTcpNoDelay(boolean on) throws SocketException {
+ s.setTcpNoDelay(on);
+ }
+
+ public void setTrafficClass(int tc) throws SocketException {
+ s.setTrafficClass(tc);
+ }
+
+ public void shutdownInput() throws IOException {
+ s.shutdownInput();
+ }
+
+ public void shutdownOutput() throws IOException {
+ s.shutdownOutput();
+ }
+
+ public String toString() {
+ return s.toString();
+ }
+
+ /* Java 1.5
+ public void setPerformancePreferences(int connectionTime, int latency, int bandwidth)
+ {
+ s.setPerformancePreferences( connectionTime, latency, bandwidth );
+ }
+ */
+
+ public void bind(SocketAddress bindpoint) throws IOException {
+ s.bind(bindpoint);
+ }
+
+ public void close() throws IOException {
+ s.close();
+ }
+
+ public void connect(SocketAddress endpoint) throws IOException {
+ s.connect(endpoint);
+ }
+
+ public void connect(SocketAddress endpoint, int timeout) throws IOException {
+ s.connect(endpoint, timeout);
+ }
+
+ public InputStream getInputStream() throws IOException {
+ return s.getInputStream();
+ }
+
+ public OutputStream getOutputStream() throws IOException {
+ return s.getOutputStream();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
new file mode 100644
index 0000000..c8fa432
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/SSLWrapperFactory.java
@@ -0,0 +1,110 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/SSLWrapperFactory.java $
+ * $Revision: 155 $
+ * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.net.Socket;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 19-Sep-2006
+ */
+public interface SSLWrapperFactory {
+
+ /**
+ * Wraps an SSLSSocket.
+ *
+ * @param s SSLSocket to wrap.
+ * @return The new wrapped SSLSocket.
+ * @throws java.io.IOException if wrapping failed
+ */
+ public Socket wrap(Socket s) throws IOException;
+
+ /**
+ * Wraps an SSLServerSocket.
+ *
+ * @param s The SSLServerSocket to wrap.
+ * @param ssl The SSL object that created the SSLServerSocket.
+ * This way some important commons-ssl config can be applied
+ * to the returned socket.
+ * @return The new wrapped SSLServerSocket.
+ * @throws java.io.IOException if wrapping failed
+ */
+ public SSLServerSocket wrap(SSLServerSocket s, SSL ssl)
+ throws IOException;
+
+
+ /**
+ * NO_WRAP doesn't wrap the SSLSocket. It does wrap the SSLServerSocket
+ * so that we can do the usual housekeeping after accept() that we like to
+ * do on every socket. E.g. setSoTimeout, setEnabledProtocols,
+ * setEnabledCiphers, setUseClientMode, and the hostname verifier (which
+ * should be very rare on SSLServerSockets!).
+ */
+ public final static SSLWrapperFactory NO_WRAP = new SSLWrapperFactory() {
+ // Notice! No wrapping!
+ public Socket wrap(Socket s) { return s; }
+
+ // We still wrap the ServerSocket, but we don't wrap the result of the
+ // the accept() call.
+ public SSLServerSocket wrap(SSLServerSocket s, SSL ssl)
+ throws IOException {
+ // Can't wrap with Java 1.3 because SSLServerSocket's constructor has
+ // default access instead of protected access in Java 1.3.
+ boolean java13 = JavaImpl.isJava13();
+ return java13 ? s : new SSLServerSocketWrapper(s, ssl, this);
+ }
+ };
+
+ /**
+ * DUMB_WRAP is useful to make sure that wrapping the sockets doesn't break
+ * anything. It doesn't actually do anything interesting in its wrapped
+ * implementations.
+ */
+ public final static SSLWrapperFactory DUMB_WRAP = new SSLWrapperFactory() {
+ public Socket wrap(Socket s) { return new SSLSocketWrapper(s); }
+
+ public SSLServerSocket wrap(SSLServerSocket s, SSL ssl)
+ throws IOException {
+ // Can't wrap with Java 1.3 because SSLServerSocket's constructor has
+ // default access instead of protected access in Java 1.3.
+ boolean java13 = JavaImpl.isJava13();
+ return java13 ? s : new SSLServerSocketWrapper(s, ssl, this);
+ }
+ };
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java
new file mode 100644
index 0000000..382c9f0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TomcatServerXML.java
@@ -0,0 +1,231 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/TomcatServerXML.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Collections;
+import java.util.Map;
+import java.util.SortedMap;
+import java.util.TreeMap;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public class TomcatServerXML {
+ private final static LogWrapper log = LogWrapper.getLogger(TomcatServerXML.class);
+
+ /**
+ * KeyMaterial extracted from Tomcat's conf/server.xml. There might be
+ * several KeyMaterials to extract if Tomcat has different SSL Certificates
+ * listening on different ports. This particular KeyMaterial will come from
+ * the lowest secure port that Tomcat is properly configured to open.
+ */
+ public final static KeyMaterial KEY_MATERIAL;
+
+ /**
+ * TrustMaterial extracted from Tomcat's conf/server.xml. There might be
+ * several TrustMaterials to extract if Tomcat has different SSL Certificates
+ * listening on different ports. This particular TrustMaterial will come
+ * from the lowest secure port that Tomcat is properly configured to open.
+ * </p><p>
+ * There's a good chance this will be set to TrustMaterial.DEFAULT (which
+ * use's the JVM's '$JAVA_HOME/jre/lib/security/cacerts' file).
+ * </p><p>
+ * Note: With SSLServerSockets, TrustMaterial only matters when the
+ * incoming client socket (SSLSocket) presents a client certificate.
+ * </p>
+ */
+ public final static TrustMaterial TRUST_MATERIAL;
+
+ /**
+ * new Integer( port ) --> KeyMaterial mapping of SSL Certificates found
+ * inside Tomcat's conf/server.xml file.
+ */
+ public final static SortedMap KEY_MATERIAL_BY_PORT;
+
+ /**
+ * new Integer( port ) --> TrustMaterial mapping of SSL configuration
+ * found inside Tomcat's conf/server.xml file.
+ * </p><p>
+ * Many of these will probably be TrustMaterial.DEFAULT (which uses the
+ * JVM's '$JAVA_HOME/jre/lib/security/cacerts' file).
+ * </p><p>
+ * Note: With SSLServerSockets, TrustMaterial only matters when the
+ * incoming client socket (SSLSocket) presents a client certificate.
+ * </p>
+ */
+ public final static SortedMap TRUST_MATERIAL_BY_PORT;
+
+ static {
+ String tomcatHome = System.getProperty("catalina.home");
+ String serverXML = tomcatHome + "/conf/server.xml";
+ TreeMap keyMap = new TreeMap();
+ TreeMap trustMap = new TreeMap();
+ InputStream in = null;
+ Document doc = null;
+ try {
+ if (tomcatHome != null) {
+ File f = new File(serverXML);
+ if (f.exists()) {
+ try {
+ in = new FileInputStream(serverXML);
+ }
+ catch (IOException ioe) {
+ // oh well, no soup for us.
+ log.warn("Commons-SSL failed to load Tomcat's [" + serverXML + "] " + ioe);
+ }
+ }
+ }
+ if (in != null) {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ try {
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ doc = db.parse(in);
+ }
+ catch (Exception e) {
+ log.warn("Commons-SSL failed to parse Tomcat's [" + serverXML + "] " + e);
+ }
+ }
+ if (doc != null) {
+ loadTomcatConfig(doc, keyMap, trustMap);
+ }
+ }
+ finally {
+ if (in != null) {
+ try { in.close(); } catch (Exception e) { /* . */ }
+ }
+ }
+ KEY_MATERIAL_BY_PORT = Collections.unmodifiableSortedMap(keyMap);
+ TRUST_MATERIAL_BY_PORT = Collections.unmodifiableSortedMap(trustMap);
+
+ KeyMaterial km = null;
+ TrustMaterial tm = null;
+ if (!keyMap.isEmpty()) {
+ km = (KeyMaterial) keyMap.get(keyMap.firstKey());
+ }
+ if (!trustMap.isEmpty()) {
+ tm = (TrustMaterial) trustMap.get(trustMap.firstKey());
+ }
+ KEY_MATERIAL = km;
+ TRUST_MATERIAL = tm;
+
+ }
+
+ private static void loadTomcatConfig(Document d, Map keyMap, Map trustMap) {
+ final String userHome = System.getProperty("user.home");
+ NodeList nl = d.getElementsByTagName("Connector");
+ for (int i = 0; i < nl.getLength(); i++) {
+ KeyMaterial km = null;
+ TrustMaterial tm = null;
+
+ Element element = (Element) nl.item(i);
+ String secure = element.getAttribute("secure");
+ String portString = element.getAttribute("port");
+ Integer port = null;
+ String pass;
+ try {
+ portString = portString != null ? portString.trim() : "";
+ port = new Integer(portString);
+ }
+ catch (NumberFormatException nfe) {
+ // oh well
+ }
+ if (port != null && Util.isYes(secure)) {
+ // Key Material
+ String keystoreFile = element.getAttribute("keystoreFile");
+ pass = element.getAttribute("keystorePass");
+ if (!element.hasAttribute("keystoreFile")) {
+ keystoreFile = userHome + "/.keystore";
+ }
+ if (!element.hasAttribute("keystorePass")) {
+ pass = "changeit";
+ }
+ char[] keystorePass = pass != null ? pass.toCharArray() : null;
+
+ // Trust Material
+ String truststoreFile = element.getAttribute("truststoreFile");
+ pass = element.getAttribute("truststorePass");
+ if (!element.hasAttribute("truststoreFile")) {
+ truststoreFile = null;
+ }
+ if (!element.hasAttribute("truststorePass")) {
+ pass = null;
+ }
+ char[] truststorePass = pass != null ? pass.toCharArray() : null;
+
+
+ if (keystoreFile == null) {
+ km = null;
+ } else {
+ try {
+ km = new KeyMaterial(keystoreFile, keystorePass);
+ }
+ catch (Exception e) {
+ log.warn("Commons-SSL failed to load [" + keystoreFile + "] " + e);
+ }
+ }
+ if (truststoreFile == null) {
+ tm = TrustMaterial.DEFAULT;
+ } else {
+ try {
+ tm = new TrustMaterial(truststoreFile, truststorePass);
+ }
+ catch (Exception e) {
+ log.warn("Commons-SSL failed to load [" + truststoreFile + "] " + e);
+ }
+ }
+
+ Object o = keyMap.put(port, km);
+ if (o != null) {
+ log.debug("Commons-SSL TomcatServerXML keyMap clobbered port: " + port);
+ }
+ o = trustMap.put(port, tm);
+ if (o != null) {
+ log.debug("Commons-SSL TomcatServerXML trustMap clobbered port: " + port);
+ }
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustChain.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustChain.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustChain.java
new file mode 100644
index 0000000..4340e6d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustChain.java
@@ -0,0 +1,219 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/TrustChain.java $
+ * $Revision: 138 $
+ * $Date: 2008-03-03 23:50:07 -0800 (Mon, 03 Mar 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 27-Feb-2006
+ */
+public class TrustChain {
+ private final Set trustMaterial =
+ Collections.synchronizedSet(new HashSet());
+ private SortedSet x509Certificates = null;
+ private KeyStore unifiedKeyStore = null;
+
+ public TrustChain() {
+ }
+
+ public synchronized KeyStore getUnifiedKeyStore()
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException {
+
+ // x509Certificates serves as our "cache available" indicator.
+ if (x509Certificates != null) {
+ return unifiedKeyStore;
+ }
+
+ // First, extract all the X509Certificates from this TrustChain.
+ this.x509Certificates = new TreeSet(Certificates.COMPARE_BY_EXPIRY);
+ Iterator it = trustMaterial.iterator();
+ while (it.hasNext()) {
+ TrustMaterial tm = (TrustMaterial) it.next();
+ KeyStore ks = tm.getKeyStore();
+ if (ks != null) {
+ Enumeration en = ks.aliases();
+ while (en.hasMoreElements()) {
+ String alias = (String) en.nextElement();
+ if (ks.isCertificateEntry(alias)) {
+ X509Certificate cert;
+ cert = (X509Certificate) ks.getCertificate(alias);
+ if (!x509Certificates.contains(cert)) {
+ x509Certificates.add(cert);
+ }
+ }
+ }
+ }
+ }
+
+ // Now that the X509Certificates are extracted, create the unified
+ // keystore.
+ it = x509Certificates.iterator();
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(null, null);
+ int count = 0;
+ while (it.hasNext()) {
+ X509Certificate cert = (X509Certificate) it.next();
+ // The "count" should keep the aliases unique (is that important?)
+ String alias = "commons-ssl-" + count;
+ ks.setCertificateEntry(alias, cert);
+ count++;
+ }
+ this.unifiedKeyStore = ks;
+ return unifiedKeyStore;
+ }
+
+ public synchronized void addTrustMaterial(TrustChain tc) {
+ this.x509Certificates = null; // invalidate cache
+ if (tc instanceof TrustMaterial) {
+ trustMaterial.add(tc);
+ }
+ // If duplicates are added, the Set will remove them.
+ trustMaterial.addAll(tc.trustMaterial);
+ }
+
+ public boolean contains(TrustChain tc) {
+ if (tc instanceof TrustMaterial) {
+ return trustMaterial.contains(tc);
+ } else {
+ return trustMaterial.containsAll(tc.trustMaterial);
+ }
+ }
+
+ public boolean contains(X509Certificate cert)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException {
+ return getCertificates().contains(cert);
+ }
+
+ public Object getTrustManagerFactory()
+ throws NoSuchAlgorithmException, KeyStoreException, IOException,
+ CertificateException {
+ KeyStore uks = getUnifiedKeyStore();
+ if (uks != null) {
+ return JavaImpl.newTrustManagerFactory(uks);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @return Array of TrustManager[] - presumably these will be dropped into
+ * a call to SSLContext.init(). Note: returns null if this
+ * TrustChain doesn't contain anything to trust.
+ * @throws java.security.NoSuchAlgorithmException serious problems
+ * @throws java.security.KeyStoreException serious problems
+ * @throws java.io.IOException serious problems
+ * @throws java.security.cert.CertificateException serious problems
+ */
+ public Object[] getTrustManagers()
+ throws NoSuchAlgorithmException, KeyStoreException, IOException,
+ CertificateException {
+ Object tmf = getTrustManagerFactory();
+ return tmf != null ? JavaImpl.getTrustManagers(tmf) : null;
+ }
+
+ /**
+ * @return All X509Certificates contained in this TrustChain as a SortedSet.
+ * The X509Certificates are sorted based on expiry date.
+ * <p/>
+ * See org.apache.commons.ssl.Certificates.COMPARE_BY_EXPIRY.
+ * @throws java.security.KeyStoreException serious problems
+ * @throws java.io.IOException serious problems
+ * @throws java.security.NoSuchAlgorithmException serious problems
+ * @throws java.security.cert.CertificateException serious problems
+ */
+ public synchronized SortedSet getCertificates()
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException {
+ if (x509Certificates == null) {
+ getUnifiedKeyStore();
+ }
+ return Collections.unmodifiableSortedSet(x509Certificates);
+ }
+
+ /**
+ * @return Count of all X509Certificates contained in this TrustChain.
+ * @throws java.security.KeyStoreException
+ * @throws java.io.IOException
+ * @throws java.security.NoSuchAlgorithmException
+ * @throws java.security.cert.CertificateException
+ */
+ public synchronized int getSize()
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException {
+ return getCertificates().size();
+ }
+
+ /**
+ * @return Count of all X509Certificates contained in this TrustChain.
+ * @throws java.security.KeyStoreException
+ * @throws java.io.IOException
+ * @throws java.security.NoSuchAlgorithmException
+ * @throws java.security.cert.CertificateException
+ */
+ public synchronized boolean isEmpty()
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException {
+ return getCertificates().isEmpty();
+ }
+
+ protected boolean containsTrustAll() {
+ Iterator it = trustMaterial.iterator();
+ while (it.hasNext()) {
+ TrustChain tc = (TrustChain) it.next();
+ if (tc == this) {
+ continue;
+ }
+ if (tc.containsTrustAll()) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustMaterial.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustMaterial.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustMaterial.java
new file mode 100644
index 0000000..ca6d5a0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/TrustMaterial.java
@@ -0,0 +1,281 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/TrustMaterial.java $
+ * $Revision: 171 $
+ * $Date: 2014-05-09 08:15:26 -0700 (Fri, 09 May 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Iterator;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 27-Feb-2006
+ */
+public class TrustMaterial extends TrustChain {
+ final static int SIMPLE_TRUST_TYPE_TRUST_ALL = 1;
+ final static int SIMPLE_TRUST_TYPE_TRUST_THIS_JVM = 2;
+
+ /**
+ * Might be null if "$JAVA_HOME/jre/lib/security/cacerts" doesn't exist.
+ */
+ public final static TrustMaterial CACERTS;
+
+ /**
+ * Might be null if "$JAVA_HOME/jre/lib/security/jssecacerts" doesn't exist.
+ */
+ public final static TrustMaterial JSSE_CACERTS;
+
+ /**
+ * Should never be null (unless both CACERTS and JSSE_CACERTS are not
+ * present???). Is either CACERTS or JSSE_CACERTS. Priority given to
+ * JSSE_CACERTS, but 99.9% of the time it's CACERTS, since JSSE_CACERTS
+ * is almost never present.
+ */
+ public final static TrustMaterial DEFAULT;
+
+ static {
+ JavaImpl.load();
+ String javaHome = System.getProperty("java.home");
+ String pathToCacerts = javaHome + "/lib/security/cacerts";
+ String pathToJSSECacerts = javaHome + "/lib/security/jssecacerts";
+ TrustMaterial cacerts = null;
+ TrustMaterial jssecacerts = null;
+ try {
+ File f = new File(pathToCacerts);
+ if (f.exists()) {
+ cacerts = new TrustMaterial(pathToCacerts);
+ }
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ try {
+ File f = new File(pathToJSSECacerts);
+ if (f.exists()) {
+ jssecacerts = new TrustMaterial(pathToJSSECacerts);
+ }
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ CACERTS = cacerts;
+ JSSE_CACERTS = jssecacerts;
+ if (JSSE_CACERTS != null) {
+ DEFAULT = JSSE_CACERTS;
+ } else {
+ DEFAULT = CACERTS;
+ }
+ }
+
+ public final static TrustMaterial TRUST_ALL =
+ new TrustMaterial(SIMPLE_TRUST_TYPE_TRUST_ALL);
+
+ public final static TrustMaterial TRUST_THIS_JVM =
+ new TrustMaterial(SIMPLE_TRUST_TYPE_TRUST_THIS_JVM);
+
+ public final int simpleTrustType;
+ private final KeyStore jks;
+
+ private TrustMaterial(int simpleTrustType) {
+ this(null, simpleTrustType);
+ }
+
+ TrustMaterial(KeyStore jks, int simpleTrustType) {
+ if (jks == null && simpleTrustType != 0) {
+ // Just use CACERTS as a place holder, since Java 5 and 6 seem to get
+ // upset when we hand SSLContext null TrustManagers. See
+ // Java14.initSSL(), which despite its name, is also used
+ // with Java5 and Java6.
+ this.jks = CACERTS != null ? CACERTS.jks : JSSE_CACERTS.jks;
+ } else {
+ this.jks = jks;
+ }
+ addTrustMaterial(this);
+ this.simpleTrustType = simpleTrustType;
+ }
+
+ public TrustMaterial(Collection x509Certs)
+ throws GeneralSecurityException, IOException {
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(null, null);
+ loadCerts(ks, x509Certs);
+ this.jks = ks;
+ addTrustMaterial(this);
+
+ // We're not a simple trust type, so set value to 0.
+ // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types.
+ this.simpleTrustType = 0;
+ }
+
+ public TrustMaterial(X509Certificate x509Cert)
+ throws GeneralSecurityException, IOException {
+ this(Collections.singleton(x509Cert));
+ }
+
+ public TrustMaterial(X509Certificate[] x509Certs)
+ throws GeneralSecurityException, IOException {
+ this(Arrays.asList(x509Certs));
+ }
+
+ public TrustMaterial(byte[] pemBase64)
+ throws GeneralSecurityException, IOException {
+ this(pemBase64, null);
+ }
+
+ public TrustMaterial(InputStream pemBase64)
+ throws GeneralSecurityException, IOException {
+ this(Util.streamToBytes(pemBase64));
+ }
+
+ public TrustMaterial(String pathToPemFile)
+ throws GeneralSecurityException, IOException {
+ this(new FileInputStream(pathToPemFile));
+ }
+
+ public TrustMaterial(File pemFile)
+ throws GeneralSecurityException, IOException {
+ this(new FileInputStream(pemFile));
+ }
+
+ public TrustMaterial(URL urlToPemFile)
+ throws GeneralSecurityException, IOException {
+ this(urlToPemFile.openStream());
+ }
+
+ public TrustMaterial(String pathToJksFile, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(new File(pathToJksFile), password);
+ }
+
+ public TrustMaterial(File jksFile, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(new FileInputStream(jksFile), password);
+ }
+
+ public TrustMaterial(URL urlToJKS, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(urlToJKS.openStream(), password);
+ }
+
+ public TrustMaterial(InputStream jks, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(Util.streamToBytes(jks), password);
+ }
+
+ public TrustMaterial(byte[] jks, char[] password)
+ throws GeneralSecurityException, IOException {
+
+ KeyStoreBuilder.BuildResult br;
+ br = KeyStoreBuilder.parse(jks, password, null, true);
+ if (br.jks != null) {
+ // If we've been given a keystore, just use that.
+ this.jks = br.jks;
+ } else {
+ // Otherwise we need to build a keystore from what we were given.
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ if (br.chains != null && !br.chains.isEmpty()) {
+ Certificate[] c = (Certificate[]) br.chains.get(0);
+ if (c.length > 0) {
+ ks.load(null, password);
+ loadCerts(ks, Arrays.asList(c));
+ }
+ }
+ this.jks = ks;
+ }
+
+ // Should validate our keystore to make sure it has at least ONE
+ // certificate entry:
+ KeyStore ks = this.jks;
+ boolean hasCertificates = false;
+ Enumeration en = ks.aliases();
+ while (en.hasMoreElements()) {
+ String alias = (String) en.nextElement();
+ if (ks.isCertificateEntry(alias)) {
+ hasCertificates = true;
+ break;
+ }
+ }
+ if (!hasCertificates) {
+ throw new KeyStoreException("TrustMaterial couldn't load any certificates to trust!");
+ }
+
+ addTrustMaterial(this);
+
+ // We're not a simple trust type, so set value to 0.
+ // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types.
+ this.simpleTrustType = 0;
+ }
+
+ public KeyStore getKeyStore() {
+ return jks;
+ }
+
+ private static void loadCerts(KeyStore ks, Collection certs)
+ throws KeyStoreException {
+ Iterator it = certs.iterator();
+ int count = 0;
+ while (it.hasNext()) {
+ X509Certificate cert = (X509Certificate) it.next();
+
+ // I could be fancy and parse out the CN field from the
+ // certificate's subject, but these names don't actually matter
+ // at all - I think they just have to be unique.
+ String cn = Certificates.getCN(cert);
+ String alias = cn + "_" + count;
+ ks.setCertificateEntry(alias, cert);
+ count++;
+ }
+ }
+
+ protected boolean containsTrustAll() {
+ boolean yes = this.simpleTrustType == SIMPLE_TRUST_TYPE_TRUST_ALL;
+ if ( !yes ) {
+ yes = super.containsTrustAll();
+ }
+ return yes;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Util.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Util.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Util.java
new file mode 100644
index 0000000..45f716a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Util.java
@@ -0,0 +1,452 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Util.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.ByteArrayReadLine;
+import org.apache.commons.ssl.util.IPAddressParser;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.LinkedList;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.TreeMap;
+import java.util.TreeSet;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 28-Feb-2006
+ */
+public class Util {
+ public final static int SIZE_KEY = 0;
+ public final static int LAST_READ_KEY = 1;
+
+ /**
+ * True if the Keystores have the same # of entries, have the same set of aliases, and all the certificate-chains
+ * (of the certificate entries) match. Does not check the private keys for equality, since we
+ * don't bother taking the passwords to get at them.
+ */
+ public static boolean equals(KeyStore ks1, KeyStore ks2) throws KeyStoreException {
+ if (ks1 == null || ks2 == null) {
+ return ks1 == null && ks2 == null;
+ }
+ Set<String> aliases1 = aliases(ks1);
+ Set<String> aliases2 = aliases(ks2);
+ if (aliases1.equals(aliases2)) {
+ for (String s : aliases1) {
+ if (ks1.isCertificateEntry(s) != ks2.isCertificateEntry(s)) {
+ return false;
+ }
+ if (ks1.isKeyEntry(s) != ks2.isKeyEntry(s)) {
+ return false;
+ }
+ if (ks1.isCertificateEntry(s)) {
+ Certificate[] cc1 = ks1.getCertificateChain(s);
+ Certificate[] cc2 = ks2.getCertificateChain(s);
+ if (!Arrays.equals(cc1, cc2)) {
+ return false;
+ }
+
+ Certificate c1 = ks1.getCertificate(s);
+ Certificate c2 = ks2.getCertificate(s);
+ if (!c1.equals(c2)) {
+ return false;
+ }
+ }
+
+ // should we bother checking keys? maybe one day....
+ }
+ }
+ return true;
+ }
+
+ private static Set<String> aliases(KeyStore ks) throws KeyStoreException {
+ Set<String> aliases = new TreeSet<String>();
+ Enumeration<String> en = ks.aliases();
+ while (en.hasMoreElements()) {
+ aliases.add(en.nextElement());
+ }
+ return aliases;
+ }
+
+ public static boolean isYes(String yesString) {
+ if (yesString == null) {
+ return false;
+ }
+ String s = yesString.trim().toUpperCase();
+ return "1".equals(s) || "YES".equals(s) || "TRUE".equals(s) ||
+ "ENABLE".equals(s) || "ENABLED".equals(s) || "Y".equals(s) ||
+ "ON".equals(s);
+ }
+
+ public static String trim(final String s) {
+ if (s == null || "".equals(s)) {
+ return s;
+ }
+ int i = 0;
+ int j = s.length() - 1;
+ while (isWhiteSpace(s.charAt(i))) {
+ i++;
+ }
+ while (isWhiteSpace(s.charAt(j))) {
+ j--;
+ }
+ return j >= i ? s.substring(i, j + 1) : "";
+ }
+
+ public static boolean isWhiteSpace(final char c) {
+ switch (c) {
+ case 0:
+ case ' ':
+ case '\t':
+ case '\n':
+ case '\r':
+ case '\f':
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ public static void pipeStream(InputStream in, OutputStream out)
+ throws IOException {
+ pipeStream(in, out, true);
+ }
+
+ public static void pipeStream(InputStream in, OutputStream out,
+ boolean autoClose)
+ throws IOException {
+ byte[] buf = new byte[8192];
+ IOException ioe = null;
+ try {
+ int bytesRead = in.read(buf);
+ while (bytesRead >= 0) {
+ if (bytesRead > 0) {
+ out.write(buf, 0, bytesRead);
+ }
+ bytesRead = in.read(buf);
+ }
+ }
+ finally {
+ // Probably it's best to let consumer call "close", but I'm usually
+ // the consumer, and I want to be lazy. [Julius, November 20th, 2006]
+ try { in.close(); } catch (IOException e) { ioe = e; }
+ if (autoClose) {
+ try { out.close(); } catch (IOException e) { ioe = e; }
+ }
+ }
+ if (ioe != null) {
+ throw ioe;
+ }
+ }
+
+ public static byte[] fileToBytes(final File f) throws IOException {
+ return streamToBytes(new FileInputStream(f));
+ }
+
+ public static byte[] streamToBytes(final ByteArrayInputStream in,
+ int maxLength) {
+ byte[] buf = new byte[maxLength];
+ int[] status = fill(buf, 0, in);
+ int size = status[SIZE_KEY];
+ if (buf.length != size) {
+ byte[] smallerBuf = new byte[size];
+ System.arraycopy(buf, 0, smallerBuf, 0, size);
+ buf = smallerBuf;
+ }
+ return buf;
+ }
+
+ public static byte[] streamToBytes(final InputStream in, int maxLength)
+ throws IOException {
+ byte[] buf = new byte[maxLength];
+ int[] status = fill(buf, 0, in);
+ int size = status[SIZE_KEY];
+ if (buf.length != size) {
+ byte[] smallerBuf = new byte[size];
+ System.arraycopy(buf, 0, smallerBuf, 0, size);
+ buf = smallerBuf;
+ }
+ return buf;
+ }
+
+ public static byte[] streamToBytes(final InputStream in) throws IOException {
+ byte[] buf = new byte[4096];
+ try {
+ int[] status = fill(buf, 0, in);
+ int size = status[SIZE_KEY];
+ int lastRead = status[LAST_READ_KEY];
+ while (lastRead != -1) {
+ buf = resizeArray(buf);
+ status = fill(buf, size, in);
+ size = status[SIZE_KEY];
+ lastRead = status[LAST_READ_KEY];
+ }
+ if (buf.length != size) {
+ byte[] smallerBuf = new byte[size];
+ System.arraycopy(buf, 0, smallerBuf, 0, size);
+ buf = smallerBuf;
+ }
+ }
+ finally {
+ in.close();
+ }
+ return buf;
+ }
+
+ public static byte[] streamToBytes(final ByteArrayInputStream in) {
+ byte[] buf = new byte[4096];
+ int[] status = fill(buf, 0, in);
+ int size = status[SIZE_KEY];
+ int lastRead = status[LAST_READ_KEY];
+ while (lastRead != -1) {
+ buf = resizeArray(buf);
+ status = fill(buf, size, in);
+ size = status[SIZE_KEY];
+ lastRead = status[LAST_READ_KEY];
+ }
+ if (buf.length != size) {
+ byte[] smallerBuf = new byte[size];
+ System.arraycopy(buf, 0, smallerBuf, 0, size);
+ buf = smallerBuf;
+ }
+ // in.close(); <-- this is a no-op on ByteArrayInputStream.
+ return buf;
+ }
+
+ public static int[] fill(final byte[] buf, final int offset,
+ final InputStream in)
+ throws IOException {
+ int read = in.read(buf, offset, buf.length - offset);
+ int lastRead = read;
+ if (read == -1) {
+ read = 0;
+ }
+ while (lastRead != -1 && read + offset < buf.length) {
+ lastRead = in.read(buf, offset + read, buf.length - read - offset);
+ if (lastRead != -1) {
+ read += lastRead;
+ }
+ }
+ return new int[]{offset + read, lastRead};
+ }
+
+ public static int[] fill(final byte[] buf, final int offset,
+ final ByteArrayInputStream in) {
+ int read = in.read(buf, offset, buf.length - offset);
+ int lastRead = read;
+ if (read == -1) {
+ read = 0;
+ }
+ while (lastRead != -1 && read + offset < buf.length) {
+ lastRead = in.read(buf, offset + read, buf.length - read - offset);
+ if (lastRead != -1) {
+ read += lastRead;
+ }
+ }
+ return new int[]{offset + read, lastRead};
+ }
+
+ public static byte[] resizeArray(final byte[] bytes) {
+ byte[] biggerBytes = new byte[bytes.length * 2];
+ System.arraycopy(bytes, 0, biggerBytes, 0, bytes.length);
+ return biggerBytes;
+ }
+
+ public static String pad(String s, final int length, final boolean left) {
+ if (s == null) {
+ s = "";
+ }
+ int diff = length - s.length();
+ if (diff == 0) {
+ return s;
+ } else if (diff > 0) {
+ StringBuffer sb = new StringBuffer();
+ if (left) {
+ for (int i = 0; i < diff; i++) {
+ sb.append(' ');
+ }
+ }
+ sb.append(s);
+ if (!left) {
+ for (int i = 0; i < diff; i++) {
+ sb.append(' ');
+ }
+ }
+ return sb.toString();
+ } else {
+ return s;
+ }
+ }
+
+ public static Map parseArgs(final String[] cargs) {
+ Map args = new TreeMap();
+ Map ARGS_MATCH = Ping.ARGS_MATCH;
+
+ int l = cargs.length;
+ final String[] EMPTY_VALUES = {""};
+ for (int i = 0; i < l; i++) {
+ String k = cargs[i];
+ Ping.Arg a = (Ping.Arg) ARGS_MATCH.get(k);
+ if (l > i + 1) {
+ String v = cargs[++i];
+ while (ARGS_MATCH.containsKey(v)) {
+ args.put(a, EMPTY_VALUES);
+ a = (Ping.Arg) ARGS_MATCH.get(v);
+ v = "";
+ if (l > i + 1) {
+ v = cargs[++i];
+ }
+ }
+ String[] values = new String[1];
+ values[0] = v;
+ args.put(a, values);
+ if (l > i + 1 && !ARGS_MATCH.containsKey(cargs[i + 1])) {
+ LinkedList list = new LinkedList();
+ list.add(v);
+ while (l > i + 1 && !ARGS_MATCH.containsKey(cargs[i + 1])) {
+ v = cargs[++i];
+ list.add(v);
+ }
+ args.put(a, list.toArray(new String[list.size()]));
+ }
+ } else {
+ args.put(a, EMPTY_VALUES);
+ }
+ }
+ return args;
+ }
+
+ public static HostPort toAddress(final String target,
+ final int defaultPort)
+ throws UnknownHostException {
+ String host = target;
+ int port = defaultPort;
+ StringTokenizer st = new StringTokenizer(target, ":");
+ if (st.hasMoreTokens()) {
+ host = st.nextToken().trim();
+ }
+ if (st.hasMoreTokens()) {
+ port = Integer.parseInt(st.nextToken().trim());
+ }
+ if (st.hasMoreTokens()) {
+ throw new IllegalArgumentException("Invalid host: " + target);
+ }
+ return new HostPort(host, port);
+ }
+
+ public static String cipherToAuthType(String cipher) {
+ if (cipher == null) {
+ return null;
+ }
+
+ // SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA ==> "DHE_DSS_EXPORT"
+ // SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ==> "DHE_DSS"
+ // SSL_RSA_WITH_3DES_EDE_CBC_SHA ==> "RSA"
+
+ StringTokenizer st = new StringTokenizer(cipher.trim(), "_");
+ if (st.hasMoreTokens()) {
+ st.nextToken(); // always skip first token
+ }
+ if (st.hasMoreTokens()) {
+ String tok = st.nextToken();
+ StringBuffer buf = new StringBuffer();
+ buf.append(tok);
+ if (st.hasMoreTokens()) {
+ tok = st.nextToken();
+ while (!"WITH".equalsIgnoreCase(tok)) {
+ buf.append('_');
+ buf.append(tok);
+ tok = st.nextToken();
+ }
+ }
+ return buf.toString();
+ }
+ throw new IllegalArgumentException("not a valid cipher: " + cipher);
+ }
+
+ /**
+ * Utility method to make sure IP-literals don't trigger reverse-DNS lookups.
+ */
+ public static InetAddress toInetAddress(String s) throws UnknownHostException {
+ byte[] ip = IPAddressParser.parseIPv4Literal(s);
+ if (ip == null) {
+ ip = IPAddressParser.parseIPv6Literal(s);
+ }
+ if (ip != null) {
+ // Strangely, this prevents Java's annoying SSL reverse-DNS lookup that it
+ // normally does, even with literal IP addresses.
+ return InetAddress.getByAddress(s, ip);
+ } else {
+ return InetAddress.getByName(s);
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ String s = "line1\n\rline2\n\rline3";
+ ByteArrayInputStream in = new ByteArrayInputStream(s.getBytes());
+ ByteArrayReadLine readLine = new ByteArrayReadLine(in);
+ String line = readLine.next();
+ while (line != null) {
+ System.out.println(line);
+ line = readLine.next();
+ }
+
+ System.out.println("--------- test 2 ----------");
+
+ s = "line1\n\rline2\n\rline3\n\r\n\r";
+ in = new ByteArrayInputStream(s.getBytes());
+ readLine = new ByteArrayReadLine(in);
+ line = readLine.next();
+ while (line != null) {
+ System.out.println(line);
+ line = readLine.next();
+ }
+
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Version.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Version.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Version.java
new file mode 100644
index 0000000..04401a3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Version.java
@@ -0,0 +1,197 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Version.java $
+ * $Revision: 130 $
+ * $Date: 2007-11-14 19:24:15 -0800 (Wed, 14 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+
+/**
+ * Extracts tagged version from a subversion $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Version.java $ property, and prints it
+ * out nicely on standard out.
+ * <p/>
+ * e.g. If this version came from /tags/commons-ssl-0_3_9/, then Version.java
+ * will print: "Version: 0.3.9" on standard out.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 14-Nov-2007
+ */
+public class Version {
+ public static final String HEAD_URL = "$HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Version.java $";
+ public static final String VERSION;
+ public static final String COMPILE_TIME;
+
+ static {
+ // Try to extract a clean version number from svn's HeadURL property:
+ String v = "UNKNOWN";
+ boolean fromBranch = false;
+ int x = HEAD_URL.lastIndexOf("/tags/");
+ if (x >= 0) {
+ int y = HEAD_URL.indexOf("/", x + "/tags/".length());
+ if (y >= 0) {
+ v = HEAD_URL.substring(x + "/tags/".length(), y);
+ }
+ v = v.replace('_', '.');
+ v = v.replace('-', '.');
+ } else if (HEAD_URL.indexOf("/trunk/") >= 0) {
+ v = "trunk";
+ } else if (HEAD_URL.indexOf("/branches/") >= 0) {
+ fromBranch = true;
+ x = HEAD_URL.indexOf("/branches/");
+ int y = HEAD_URL.indexOf("/", x + "/branches/".length());
+ if (y >= 0) {
+ v = HEAD_URL.substring(x + "/branches/".length(), y);
+ }
+ v = v.replace('_', '.');
+ v = v.replace('-', '.');
+ }
+
+ String V = v.toUpperCase();
+ x = V.indexOf("COMMONS.SSL.");
+ if (x >= 0) {
+ v = v.substring(x + "commons.ssl.".length());
+ }
+ VERSION = fromBranch ? "***Branch*** " + v : v;
+
+ // Try to calculate when jar file was compiled:
+ String s;
+ try {
+ s = CompileTime.getCompileTimeString(Version.class);
+ }
+ catch (NoClassDefFoundError e) {
+ s = null;
+ }
+ COMPILE_TIME = s;
+ }
+
+ public static String versionString() {
+ String v;
+ if (COMPILE_TIME != null) {
+ v = CompileTime.formatVersion(VERSION, COMPILE_TIME);
+ } else {
+ v = VERSION;
+ }
+ return "Version: " + v;
+ }
+
+ public static void main(String[] args) {
+ System.out.println(versionString());
+ }
+
+ public String toString() {
+ return versionString();
+ }
+
+
+ /**
+ * Searches through a jar file to the find the most recent timestamp of
+ * all the class files.
+ */
+ private static class CompileTime {
+ private final static String PATTERN = ".jar!";
+ private final static String PREFIX = "file:";
+ private final static String DF_FORMAT = "zzz:yyyy-MM-dd/HH:mm:ss.SSS";
+ private final static DateFormat DF = new SimpleDateFormat(DF_FORMAT);
+
+ public static String getCompileTimeString(Class clazz) {
+ String s = clazz.getName();
+ s = "/" + s.replace('.', '/') + ".class";
+ return getCompileTimeString(s);
+ }
+
+ private static String getCompileTimeString(String resource) {
+ try {
+ Date d = getCompileTime(resource);
+ return d != null ? DF.format(d) : "[unknown]";
+ }
+ catch (IOException ioe) {
+ return ioe.toString();
+ }
+ }
+
+ public static Date getCompileTime(String resource) throws IOException {
+ URL url = CompileTime.class.getResource(resource);
+ if (url != null) {
+ String urlString = url.getFile();
+ String fileLocation;
+ int i = urlString.indexOf(PATTERN);
+ if (i > 0) {
+ int x = i + PATTERN.length() - 1;
+ fileLocation = urlString.substring(0, x);
+ if (fileLocation.startsWith(PREFIX)) {
+ fileLocation = fileLocation.substring(PREFIX.length());
+ }
+ JarFile jf = new JarFile(fileLocation);
+ long newestTime = 0;
+ Enumeration entries = jf.entries();
+ while (entries.hasMoreElements()) {
+ JarEntry entry = (JarEntry) entries.nextElement();
+ if (entry.getName().endsWith(".class")) {
+ newestTime = Math.max(newestTime, entry.getTime());
+ }
+ }
+ if (newestTime > 0) {
+ return new Date(newestTime);
+ }
+ } else {
+ File f = new File(urlString);
+ try {
+ return new Date(f.lastModified());
+ }
+ catch (Exception e) {
+ return null;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static String formatVersion(String version, String compileTime) {
+ StringBuffer buf = new StringBuffer();
+ buf.append(version);
+ buf.append(" Compiled: [");
+ buf.append(compileTime);
+ buf.append("]");
+ return buf.toString();
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
new file mode 100644
index 0000000..fb2642f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
@@ -0,0 +1,204 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/X509CertificateChainBuilder.java $
+ * $Revision: 134 $
+ * $Date: 2008-02-26 21:30:48 -0800 (Tue, 26 Feb 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.FileInputStream;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
+
+/**
+ * Utility for building X509 certificate chains.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+public class X509CertificateChainBuilder {
+ /**
+ * Builds the ordered certificate chain upwards from the startingPoint.
+ * Uses the supplied X509Certificate[] array to search for the parent,
+ * grandparent, and higher ancestor certificates. Stops at self-signed
+ * certificates, or when no ancestor can be found.
+ * <p/>
+ * Thanks to Joe Whitney for helping me put together a Big-O( m * n )
+ * implementation where m = the length of the final certificate chain.
+ * For a while I was using a Big-O( n ^ 2 ) implementation!
+ *
+ * @param startingPoint the X509Certificate for which we want to find
+ * ancestors
+ * @param certificates A pool of certificates in which we expect to find
+ * the startingPoint's ancestors.
+ * @return Array of X509Certificates, starting with the "startingPoint" and
+ * ending with highest level ancestor we could find in the supplied
+ * collection.
+ * @throws java.security.NoSuchAlgorithmException
+ * on unsupported signature
+ * algorithms.
+ * @throws java.security.InvalidKeyException
+ * on incorrect key.
+ * @throws java.security.NoSuchProviderException
+ * if there's no default provider.
+ * @throws java.security.cert.CertificateException
+ * on encoding errors.
+ */
+ public static X509Certificate[] buildPath(X509Certificate startingPoint,
+ Certificate[] certificates)
+ throws NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, CertificateException {
+ // Use a LinkedList, because we do lots of random it.remove() operations.
+ return buildPath(startingPoint,
+ new LinkedList(Arrays.asList(certificates)));
+ }
+
+ /**
+ * Builds the ordered certificate chain upwards from the startingPoint.
+ * Uses the supplied collection to search for the parent, grandparent,
+ * and higher ancestor certificates. Stops at self-signed certificates,
+ * or when no ancestor can be found.
+ * <p/>
+ * Thanks to Joe Whitney for helping me put together a Big-O( m * n )
+ * implementation where m = the length of the final certificate chain.
+ * For a while I was using a Big-O( n ^ 2 ) implementation!
+ *
+ * @param startingPoint the X509Certificate for which we want to find
+ * ancestors
+ * @param certificates A pool of certificates in which we expect to find
+ * the startingPoint's ancestors.
+ * @return Array of X509Certificates, starting with the "startingPoint" and
+ * ending with highest level ancestor we could find in the supplied
+ * collection.
+ * @throws java.security.NoSuchAlgorithmException
+ * on unsupported signature
+ * algorithms.
+ * @throws java.security.InvalidKeyException
+ * on incorrect key.
+ * @throws java.security.NoSuchProviderException
+ * if there's no default provider.
+ * @throws java.security.cert.CertificateException
+ * on encoding errors.
+ */
+ public static X509Certificate[] buildPath(X509Certificate startingPoint,
+ Collection certificates)
+ throws NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, CertificateException {
+ LinkedList path = new LinkedList();
+ path.add(startingPoint);
+ boolean nodeAdded = true;
+ // Keep looping until an iteration happens where we don't add any nodes
+ // to our path.
+ while (nodeAdded) {
+ // We'll start out by assuming nothing gets added. If something
+ // gets added, then nodeAdded will be changed to "true".
+ nodeAdded = false;
+ X509Certificate top = (X509Certificate) path.getLast();
+ if (isSelfSigned(top)) {
+ // We're self-signed, so we're done!
+ break;
+ }
+
+ // Not self-signed. Let's see if we're signed by anyone in the
+ // collection.
+ Iterator it = certificates.iterator();
+ while (it.hasNext()) {
+ X509Certificate x509 = (X509Certificate) it.next();
+ if (verify(top, x509.getPublicKey())) {
+ // We're signed by this guy! Add him to the chain we're
+ // building up.
+ path.add(x509);
+ nodeAdded = true;
+ it.remove(); // Not interested in this guy anymore!
+ break;
+ }
+ // Not signed by this guy, let's try the next guy.
+ }
+ }
+ X509Certificate[] results = new X509Certificate[path.size()];
+ path.toArray(results);
+ return results;
+ }
+
+ public static boolean isSelfSigned(X509Certificate cert)
+ throws CertificateException, InvalidKeyException,
+ NoSuchAlgorithmException, NoSuchProviderException {
+
+ return verify(cert, cert.getPublicKey());
+ }
+
+ public static boolean verify(X509Certificate cert, PublicKey key)
+ throws CertificateException, InvalidKeyException,
+ NoSuchAlgorithmException, NoSuchProviderException {
+
+ String sigAlg = cert.getSigAlgName();
+ String keyAlg = key.getAlgorithm();
+ sigAlg = sigAlg != null ? sigAlg.trim().toUpperCase() : "";
+ keyAlg = keyAlg != null ? keyAlg.trim().toUpperCase() : "";
+ if (keyAlg.length() >= 2 && sigAlg.endsWith(keyAlg)) {
+ try {
+ cert.verify(key);
+ return true;
+ } catch (SignatureException se) {
+ return false;
+ }
+ } else {
+ return false;
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ if (args.length < 2) {
+ System.out.println("Usage: [special-one] [file-with-certs]");
+ System.exit(1);
+ }
+ FileInputStream f1 = new FileInputStream(args[0]);
+ FileInputStream f2 = new FileInputStream(args[1]);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate theOne = (X509Certificate) cf.generateCertificate(f1);
+ Collection c = cf.generateCertificates(f2);
+
+ X509Certificate[] path = buildPath(theOne, c);
+ for (int i = 0; i < path.length; i++) {
+ System.out.println(Certificates.getCN(path[i]));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Choice.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Choice.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Choice.java
new file mode 100644
index 0000000..c08485e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Choice.java
@@ -0,0 +1,13 @@
+package org.apache.commons.ssl.asn1;
+
+/**
+ * Marker interface for CHOICE objects - if you implement this in a role your
+ * own object any attempt to tag the object implicitly will convert the tag to
+ * an explicit one as the encoding rules require.
+ * <p/>
+ * If you use this interface your class should also implement the getInstance
+ * pattern which takes a tag object and the tagging mode used.
+ */
+public interface ASN1Choice {
+ // marker interface
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Encodable.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Encodable.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Encodable.java
new file mode 100644
index 0000000..99900cb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Encodable.java
@@ -0,0 +1,74 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public abstract class ASN1Encodable
+ implements DEREncodable {
+ public static final String DER = "DER";
+ public static final String BER = "BER";
+
+ public byte[] getEncoded()
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(this);
+
+ return bOut.toByteArray();
+ }
+
+ public byte[] getEncoded(
+ String encoding)
+ throws IOException {
+ if (encoding.equals(DER)) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ dOut.writeObject(this);
+
+ return bOut.toByteArray();
+ }
+
+ return this.getEncoded();
+ }
+
+ /**
+ * Return the DER encoding of the object, null if the DER encoding can not be made.
+ *
+ * @return a DER byte array, null otherwise.
+ */
+ public byte[] getDEREncoded() {
+ try {
+ return this.getEncoded(DER);
+ }
+ catch (IOException e) {
+ return null;
+ }
+ }
+
+ public int hashCode() {
+ return this.toASN1Object().hashCode();
+ }
+
+ public boolean equals(
+ Object o) {
+ if (this == o) {
+ return true;
+ }
+
+ if (!(o instanceof DEREncodable)) {
+ return false;
+ }
+
+ DEREncodable other = (DEREncodable) o;
+
+ return this.toASN1Object().equals(other.getDERObject());
+ }
+
+ public DERObject getDERObject() {
+ return this.toASN1Object();
+ }
+
+ public abstract DERObject toASN1Object();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1EncodableVector.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1EncodableVector.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1EncodableVector.java
new file mode 100644
index 0000000..b769758
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1EncodableVector.java
@@ -0,0 +1,10 @@
+package org.apache.commons.ssl.asn1;
+
+/** the parent class for this will eventually disappear. Use this one! */
+public class ASN1EncodableVector
+ extends DEREncodableVector {
+ // migrating from DEREncodeableVector
+ public ASN1EncodableVector() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Generator.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Generator.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Generator.java
new file mode 100644
index 0000000..b39d994
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ASN1Generator.java
@@ -0,0 +1,13 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.OutputStream;
+
+public abstract class ASN1Generator {
+ protected OutputStream _out;
+
+ public ASN1Generator(OutputStream out) {
+ _out = out;
+ }
+
+ public abstract OutputStream getRawOutputStream();
+}
[37/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-chain.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-chain.pem b/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-chain.pem
new file mode 100644
index 0000000..2326bcf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/ca/test-rsa-chain.pem
@@ -0,0 +1,254 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 02:ea:45:04:9c:7b:79:4b:bc:24:7d:b4:5a:43:fa:cc:06:48:
+ d3:60:3f:a0:04:bc:42:ef:01:cc:0d:75:64:85:0a:86:37:e7:
+ 14:09:29:92:f0:e0:c1:d4:e5:c1:6b:82:82:74:74:74:ae:68:
+ ac:0d:08:d3:95:e4:aa:3b:6a:a7:fd:f6:ea:f1:de:7b:4d:7b:
+ 70:f8:a4:b1:21:a3:b2:e6:b1:5a:85:ca:c5:47:4b:c3:35:23:
+ 3d:cd:f3:f8:fa:07:35:7d:df:a9:7e:a5:11:86:83:8f:06:13:
+ b5:93:73:78:ab:35:90:0d:a1:7d:8a:11:e7:55:d8:15:bd:bd:
+ 54:e0:ae:6a:77:1a:13:ea:4c:23:11:64:d2:2f:2c:e1:04:2c:
+ 05:b4:c7:25:73:6d:3b:69:be:94:16:6d:28:00:bc:67:48:f8:
+ 1e:dd:1d:63:4c:6b:9f:85:e4:bb:10:ff:bf:b6:f2:2c:c8:53:
+ 3c:23:b6:55:85:fd:68:95:27:93:ff:34:d7:29:7b:18:19:4b:
+ 77:88:e8:75:a5:ba:2c:d6:64:f7:25:2e:fa:af:14:63:95:1b:
+ d1:77:3c:bc:0c:13:5f:37:5a:06:b7:92:22:ed:a0:d1:6c:b1:
+ e7:3f:af:95:c1:8a:7f:47:46:a0:74:ad:35:d0:52:59:31:b5:
+ 2b:3c:fe:3d
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlh
+dGUxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkw
+NTI1MjE0NDMxWhcNNDkwNTI1MjE0NDMxWjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNV
+BAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15
+ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHRlc3QxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDIY6+Wgj6MqdEdYq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2N
+gZWIaODvOF9uOEK2U0ZfJEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rk
+cs3qwP2ba5VKn/pSqNLlnKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7Ul
+WNO4TSlwG9qHZ1aoM3GIg5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr
+/AapxnfO8UFNxVWSOLW7ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGo
+lSU8aUyqspvd8IWJPd5d6HBHueXNAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBQu9M2htK0DhdivaZfV
+LZVA1r8SvzANBgkqhkiG9w0BAQUFAAOCAQEAAupFBJx7eUu8JH20WkP6zAZI02A/
+oAS8Qu8BzA11ZIUKhjfnFAkpkvDgwdTlwWuCgnR0dK5orA0I05Xkqjtqp/326vHe
+e017cPiksSGjsuaxWoXKxUdLwzUjPc3z+PoHNX3fqX6lEYaDjwYTtZNzeKs1kA2h
+fYoR51XYFb29VOCuancaE+pMIxFk0i8s4QQsBbTHJXNtO2m+lBZtKAC8Z0j4Ht0d
+Y0xrn4XkuxD/v7byLMhTPCO2VYX9aJUnk/801yl7GBlLd4jodaW6LNZk9yUu+q8U
+Y5Ub0Xc8vAwTXzdaBreSIu2g0Wyx5z+vlcGKf0dGoHStNdBSWTG1Kzz+PQ==
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462054 (0x20090526)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:29 2009 GMT
+ Not After : May 25 21:44:29 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ce:1b:db:73:49:85:a4:3c:42:14:84:6a:7d:47:
+ 78:d2:e1:58:27:ed:e4:78:5e:5d:2b:ee:c3:29:c5:
+ a2:d2:6f:f3:0e:0a:d6:d6:7f:5a:f7:30:6f:c9:8f:
+ ad:fe:53:22:46:aa:5e:0b:f6:e8:21:f3:dc:5f:75:
+ 9b:55:c5:07:ab:75:54:fd:9b:2e:31:da:12:45:3c:
+ 7b:1e:27:f6:a1:5b:5d:ac:0a:b4:e8:dd:d3:ba:ff:
+ af:f1:43:31:4c:5b:5e:73:d4:a8:ce:93:b9:f1:9d:
+ 8b:17:1f:16:74:4f:9a:07:80:7c:1a:41:a6:49:21:
+ 2a:a8:83:75:18:3d:ed:17:8b:8b:b4:f8:46:d3:28:
+ 25:35:e1:17:df:e6:b4:f7:87:a7:71:0f:a0:b5:22:
+ 4d:48:35:2c:a3:dc:fc:58:33:76:fb:07:cf:fb:64:
+ e9:fa:05:a8:be:63:eb:32:48:01:10:fd:44:a2:79:
+ 72:5d:33:62:1b:ad:f4:60:3f:7d:59:9c:07:cf:9c:
+ b1:b5:e7:18:84:5e:ec:e0:78:6c:53:f0:cf:67:8d:
+ 91:95:73:72:de:70:c7:ca:ea:27:6f:d2:61:c8:7d:
+ a5:28:28:61:c8:c9:e9:6b:7e:ae:07:9d:36:87:04:
+ a4:97:1c:1d:f5:39:cb:b2:8a:32:8d:25:68:05:2d:
+ 86:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 03:b6:83:af:6c:ff:2b:21:12:b9:8a:cd:8e:2f:d9:1a:28:88:
+ 0c:9f:f1:6b:73:fb:76:3f:70:d8:cd:ce:5a:f6:0f:08:6a:0a:
+ a3:f7:ad:b2:72:19:eb:0e:9c:36:bb:a4:fb:3f:90:78:ba:45:
+ ee:da:c9:8e:a0:ef:b3:ac:05:4c:f4:b4:37:18:0d:bb:20:5d:
+ f4:e7:b3:77:ea:56:0c:ad:81:42:80:04:92:ca:3b:73:ed:35:
+ d5:35:f6:9f:95:a2:2d:81:4d:e6:3a:3c:13:64:f1:0f:36:7e:
+ 90:c2:a0:37:c6:19:9e:13:47:92:a3:e8:18:3d:f4:d8:a0:83:
+ 80:0f:7b:a7:57:9c:60:6c:6a:3e:d4:1d:cc:5e:8c:13:7f:1c:
+ d7:f6:df:ad:ae:0a:95:12:f1:71:c2:70:98:d1:2f:6c:f0:24:
+ 43:b4:7e:a4:e4:31:d4:bc:50:90:03:4b:34:ba:a3:d0:fd:f5:
+ 01:17:eb:11:83:44:86:65:17:bf:89:00:c7:93:d6:70:7e:0b:
+ 4b:93:dc:f9:92:50:4c:3e:11:23:c5:50:1c:49:bd:8c:0c:2c:
+ 60:1c:d8:e6:5f:a4:fa:21:db:8c:62:bf:74:a3:83:1c:8d:cc:
+ 8e:34:8c:16:1c:c6:71:63:89:c2:c4:45:0c:90:71:98:68:2f:
+ 9d:a7:87:f7
+-----BEGIN CERTIFICATE-----
+MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
+NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
+j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
+QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
+5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
+P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
+nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
+rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
+IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
+D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
+MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
+LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
+bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
+ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
+OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
+rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
+fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
+xEUMkHGYaC+dp4f3
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:28 2009 GMT
+ Not After : May 25 21:44:28 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+ 59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+ e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+ dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+ 29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+ 28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+ f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+ 49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+ 89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+ f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+ 4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+ 3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+ 1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+ 8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+ a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+ 3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+ 7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+ d2:15
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+ af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+ 18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+ 7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+ ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+ 35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+ 65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+ 6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+ 2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+ 67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+ fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+ b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+ 29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+ f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+ 52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries-and-one-private-key.jks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries-and-one-private-key.jks b/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries-and-one-private-key.jks
new file mode 100644
index 0000000..d0648ec
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries-and-one-private-key.jks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries.jks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries.jks b/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries.jks
new file mode 100644
index 0000000..4492a7d
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/cacerts-with-78-entries.jks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/createPBESamples.sh
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/createPBESamples.sh b/3rdparty/not-yet-commons-ssl/samples/createPBESamples.sh
new file mode 100644
index 0000000..af39169
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/createPBESamples.sh
@@ -0,0 +1,106 @@
+#/bin/bash
+export TARGET_DIR=/home/julius/dev/commons-ssl/samples/pbe/openssl
+export OPENSSL_APP='/home/julius/dev/commons-ssl/t/openssl-0.9.8e/apps/openssl'
+
+export CIPHERS='
+aes-128-cbc
+aes-128-cfb
+aes-128-cfb1
+aes-128-cfb8
+aes-128-ecb
+aes-128-ofb
+aes-192-cbc
+aes-192-cfb
+aes-192-cfb1
+aes-192-cfb8
+aes-192-ecb
+aes-192-ofb
+aes-256-cbc
+aes-256-cfb
+aes-256-cfb1
+aes-256-cfb8
+aes-256-ecb
+aes-256-ofb
+aes128
+aes192
+aes256
+bf
+bf-cbc
+bf-cfb
+bf-ecb
+bf-ofb
+blowfish
+camellia-128-cbc
+camellia-128-cfb
+camellia-128-cfb1
+camellia-128-cfb8
+camellia-128-ecb
+camellia-128-ofb
+camellia-192-cbc
+camellia-192-cfb
+camellia-192-cfb1
+camellia-192-cfb8
+camellia-192-ecb
+camellia-192-ofb
+camellia-256-cbc
+camellia-256-cfb
+camellia-256-cfb1
+camellia-256-cfb8
+camellia-256-ecb
+camellia-256-ofb
+camellia128
+camellia192
+camellia256
+cast
+cast-cbc
+cast5-cbc
+cast5-cfb
+cast5-ecb
+cast5-ofb
+des
+des-cbc
+des-cfb
+des-cfb1
+des-cfb8
+des-ecb
+des-ofb
+des-ede
+des-ede-cbc
+des-ede-cfb
+des-ede-ofb
+des-ede3
+des-ede3-cbc
+des-ede3-cfb
+des-ede3-ofb
+des3
+idea
+idea-cbc
+idea-cfb
+idea-ecb
+idea-ofb
+rc2
+rc2-40-cbc
+rc2-64-cbc
+rc2-cbc
+rc2-cfb
+rc2-ecb
+rc2-ofb
+rc4
+rc4-40
+rc5
+rc5-cbc
+rc5-cfb
+rc5-ecb
+rc5-ofb'
+
+for CIPHER in $CIPHERS
+do
+ export OPENSSL_YES_B64_CMD="$OPENSSL_APP enc -$CIPHER -pass pass:changeit -a"
+ export OPENSSL_NO_B64_CMD="$OPENSSL_APP enc -$CIPHER -pass pass:changeit"
+ echo -n "Hello World!" | $OPENSSL_YES_B64_CMD > $TARGET_DIR/$CIPHER.base64
+ echo -n "Hello World!" | $OPENSSL_NO_B64_CMD > $TARGET_DIR/$CIPHER.raw
+done
+
+# Not supported by any JSSE implementation I have access to:
+# desx
+# desx-cbc
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa.html b/3rdparty/not-yet-commons-ssl/samples/dsa.html
new file mode 100644
index 0000000..1719aa3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa.html
@@ -0,0 +1,115 @@
+<pre>
+java -showversion -cp build/not-yet-commons-ssl-0.3.13.jar org.apache.commons.ssl.PKCS8Key samples/dsa/*.*
+
+java version "1.6.0_45"
+Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
+Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
+
+ SUCCESS DSA AES/CBC/PKCS5Padding 128 samples/dsa/openssl_dsa_aes128_cbc.pem
+ SUCCESS DSA AES/CFB/NoPadding 128 samples/dsa/openssl_dsa_aes128_cfb.pem
+ SUCCESS DSA AES/ECB/PKCS5Padding 128 samples/dsa/openssl_dsa_aes128_ecb.pem
+ SUCCESS DSA AES/OFB/NoPadding 128 samples/dsa/openssl_dsa_aes128_ofb.pem
+ SUCCESS DSA AES/CBC/PKCS5Padding 192 samples/dsa/openssl_dsa_aes192_cbc.pem
+ SUCCESS DSA AES/CFB/NoPadding 192 samples/dsa/openssl_dsa_aes192_cfb.pem
+ SUCCESS DSA AES/ECB/PKCS5Padding 192 samples/dsa/openssl_dsa_aes192_ecb.pem
+ SUCCESS DSA AES/OFB/NoPadding 192 samples/dsa/openssl_dsa_aes192_ofb.pem
+ SUCCESS DSA AES/CBC/PKCS5Padding 256 samples/dsa/openssl_dsa_aes256_cbc.pem
+ SUCCESS DSA AES/CFB/NoPadding 256 samples/dsa/openssl_dsa_aes256_cfb.pem
+ SUCCESS DSA AES/ECB/PKCS5Padding 256 samples/dsa/openssl_dsa_aes256_ecb.pem
+ SUCCESS DSA AES/OFB/NoPadding 256 samples/dsa/openssl_dsa_aes256_ofb.pem
+ SUCCESS DSA Blowfish/CBC/PKCS5Padding 128 samples/dsa/openssl_dsa_blowfish_cbc.pem
+ SUCCESS DSA Blowfish/CFB/NoPadding 128 samples/dsa/openssl_dsa_blowfish_cfb.pem
+ SUCCESS DSA Blowfish/ECB/PKCS5Padding 128 samples/dsa/openssl_dsa_blowfish_ecb.pem
+ SUCCESS DSA Blowfish/OFB/NoPadding 128 samples/dsa/openssl_dsa_blowfish_ofb.pem
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/openssl_dsa_des1_cbc.pem
+ SUCCESS DSA DES/CFB/NoPadding 64 samples/dsa/openssl_dsa_des1_cfb.pem
+ SUCCESS DSA DES/ECB/PKCS5Padding 64 samples/dsa/openssl_dsa_des1_ecb.pem
+ SUCCESS DSA DES/OFB/NoPadding 64 samples/dsa/openssl_dsa_des1_ofb.pem
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/openssl_dsa_des2_cbc.pem
+ SUCCESS DSA DESede/CFB/NoPadding 192 samples/dsa/openssl_dsa_des2_cfb.pem
+ SUCCESS DSA DESede/ECB/PKCS5Padding 192 samples/dsa/openssl_dsa_des2_ecb.pem
+ SUCCESS DSA DESede/OFB/NoPadding 192 samples/dsa/openssl_dsa_des2_ofb.pem
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/openssl_dsa_des3_cbc.pem
+ SUCCESS DSA DESede/CFB/NoPadding 192 samples/dsa/openssl_dsa_des3_cfb.pem
+ SUCCESS DSA DESede/ECB/PKCS5Padding 192 samples/dsa/openssl_dsa_des3_ecb.pem
+ SUCCESS DSA DESede/OFB/NoPadding 192 samples/dsa/openssl_dsa_des3_ofb.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 128 samples/dsa/openssl_dsa_rc2_128_cbc.pem
+ SUCCESS DSA RC2/CFB/NoPadding 128 samples/dsa/openssl_dsa_rc2_128_cfb.pem
+ SUCCESS DSA RC2/ECB/PKCS5Padding 128 samples/dsa/openssl_dsa_rc2_128_ecb.pem
+ SUCCESS DSA RC2/OFB/NoPadding 128 samples/dsa/openssl_dsa_rc2_128_ofb.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 40 samples/dsa/openssl_dsa_rc2_40_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/openssl_dsa_rc2_64_cbc.pem
+ SUCCESS DSA UNENCRYPTED 0 samples/dsa/openssl_dsa_unencrypted.der
+ SUCCESS DSA UNENCRYPTED 0 samples/dsa/openssl_dsa_unencrypted.pem
+ SUCCESS DSA UNENCRYPTED 0 samples/dsa/pkcs8_dsa_unencrypted.der
+ SUCCESS DSA UNENCRYPTED 0 samples/dsa/pkcs8_dsa_unencrypted.pem
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 128 samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 128 samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 40 samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 40 samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem
+ SUCCESS DSA RC4 128 samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der
+ SUCCESS DSA RC4 128 samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem
+ SUCCESS DSA RC4 40 samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der
+ SUCCESS DSA RC4 40 samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem
+ SUCCESS DSA AES/CBC/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_aes128_cbc.der
+ SUCCESS DSA AES/CBC/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_aes128_cbc.pem
+ SUCCESS DSA AES/CFB/NoPadding 128 samples/dsa/pkcs8v2_dsa_aes128_cfb.der
+ SUCCESS DSA AES/CFB/NoPadding 128 samples/dsa/pkcs8v2_dsa_aes128_cfb.pem
+ SUCCESS DSA AES/ECB/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_aes128_ecb.der
+ SUCCESS DSA AES/ECB/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_aes128_ecb.pem
+ SUCCESS DSA AES/OFB/NoPadding 128 samples/dsa/pkcs8v2_dsa_aes128_ofb.der
+ SUCCESS DSA AES/OFB/NoPadding 128 samples/dsa/pkcs8v2_dsa_aes128_ofb.pem
+ SUCCESS DSA AES/CBC/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_aes192_cbc.der
+ SUCCESS DSA AES/CBC/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_aes192_cbc.pem
+ SUCCESS DSA AES/CFB/NoPadding 192 samples/dsa/pkcs8v2_dsa_aes192_cfb.der
+ SUCCESS DSA AES/CFB/NoPadding 192 samples/dsa/pkcs8v2_dsa_aes192_cfb.pem
+ SUCCESS DSA AES/ECB/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_aes192_ecb.der
+ SUCCESS DSA AES/ECB/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_aes192_ecb.pem
+ SUCCESS DSA AES/OFB/NoPadding 192 samples/dsa/pkcs8v2_dsa_aes192_ofb.der
+ SUCCESS DSA AES/OFB/NoPadding 192 samples/dsa/pkcs8v2_dsa_aes192_ofb.pem
+ SUCCESS DSA AES/CBC/PKCS5Padding 256 samples/dsa/pkcs8v2_dsa_aes256_cbc.der
+ SUCCESS DSA AES/CBC/PKCS5Padding 256 samples/dsa/pkcs8v2_dsa_aes256_cbc.pem
+ SUCCESS DSA AES/CFB/NoPadding 256 samples/dsa/pkcs8v2_dsa_aes256_cfb.der
+ SUCCESS DSA AES/CFB/NoPadding 256 samples/dsa/pkcs8v2_dsa_aes256_cfb.pem
+ SUCCESS DSA AES/ECB/PKCS5Padding 256 samples/dsa/pkcs8v2_dsa_aes256_ecb.der
+ SUCCESS DSA AES/ECB/PKCS5Padding 256 samples/dsa/pkcs8v2_dsa_aes256_ecb.pem
+ SUCCESS DSA AES/OFB/NoPadding 256 samples/dsa/pkcs8v2_dsa_aes256_ofb.der
+ SUCCESS DSA AES/OFB/NoPadding 256 samples/dsa/pkcs8v2_dsa_aes256_ofb.pem
+ SUCCESS DSA Blowfish/CBC/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_blowfish_cbc.der
+ SUCCESS DSA Blowfish/CBC/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v2_dsa_des1_cbc.der
+ SUCCESS DSA DES/CBC/PKCS5Padding 64 samples/dsa/pkcs8v2_dsa_des1_cbc.pem
+ SUCCESS DSA DES/CFB/NoPadding 64 samples/dsa/pkcs8v2_dsa_des1_cfb.der
+ SUCCESS DSA DES/CFB/NoPadding 64 samples/dsa/pkcs8v2_dsa_des1_cfb.pem
+ SUCCESS DSA DES/ECB/PKCS5Padding 64 samples/dsa/pkcs8v2_dsa_des1_ecb.der
+ SUCCESS DSA DES/ECB/PKCS5Padding 64 samples/dsa/pkcs8v2_dsa_des1_ecb.pem
+ SUCCESS DSA DES/OFB/NoPadding 64 samples/dsa/pkcs8v2_dsa_des1_ofb.der
+ SUCCESS DSA DES/OFB/NoPadding 64 samples/dsa/pkcs8v2_dsa_des1_ofb.pem
+ SUCCESS DSA DESede/ECB/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der
+ SUCCESS DSA DESede/ECB/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_des3_cbc.der
+ SUCCESS DSA DESede/CBC/PKCS5Padding 192 samples/dsa/pkcs8v2_dsa_des3_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 128 samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 40 samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 40 samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der
+ SUCCESS DSA RC2/CBC/PKCS5Padding 64 samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem
+</pre>
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cbc.pem
new file mode 100644
index 0000000..7af858e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,3D7028A746BE6B09694E16A222C543CB
+
+RkTEJRJjGfaMfNc876Tx1hD92cblJRj7TvUafRKnH0J3Zv7l67MSG/6rY5HD91HP
+s9i9Se+H8Sjn/HaUl3QTZv04egloNlL3MPSkI5fusR6maZGPVLRJBLfVKYQZVDja
+9YRe+ZhXMS8jTe/IhYMcTlQLBnnwmmgZC09Y9Wm39idu7lytOl3JBMgz0aUNA+P6
+lN2MtaQyIBXHbaqfNDGFn/r7+MH4CGw6MtrPzGqRJgGMHhV6T5o/x0nEU+loQVOK
+mPkSZTxBbn7xUb4JvFPnLTbsI4Cnre3QmfmDwkCAklQXqAIT9Ex1Slq8qaCc6TEf
+mWJQCYPUkpQOqyinR8o1VbYm3DFFvE5F+CktJrppqkQvAct0dQNjMTBFxUjCkZum
+qGfAslGPBREmmnsExm5GThYqA5LN+qo2prBtvt6Eso0i2jNiXA8bi5OfDzDr24R5
+/RKUdFPf7keaAjg9jSArwp6EfM3y3sj2riibwZlty2ckPJw3SwxIe6QSMwKRbKlh
+GJoi05/cO0NxQYhMmlwVN9v5+YpvWmT3CsFvCA+Zb5rXPx2AZpFv8YoHdQb0qyEs
+b5YuVoavL58+BWIPQpeYy/jttR5pEPpgM+C/6/1o4Cae4lwppP2OYFl1fsqyqbKh
+iadErB6QRaJCnfnhG6511CxY+vZtQE5EM36blOl/op+6G+36ApuqDtfA0C074daV
+uHfcqA/g5dODEJP+ps6yoWtM5lbd5bZZVidWhrU6Skbt0faF9w5ECF0qkYDGqF85
+qqFcaoimq+NP7EtUEFSneOee72zYALXyzjoEU9InktzDi0Oufojzc1gjhh7LbObw
+UBANPHTsbaL6FPTEs4a3JYSyat9m/R5GAaT0EBynHxvdQRGNhtEWFPkpGYUrAz9W
+0A9mNX1as8Jsxkh9wqjgOR6Xpbqh0aFHNnkodwV72H5ROga5EN8/bbuCBxInNzy8
+o9z19AnajR7vCW/p42QwsGfSolQgE3KBdqWsle81LcCPVQPQshXzcjgBHZbH9/mY
+M4bX4iEsC9yeNgoMcHtIagOKipsqd4nuPskutf07Mh71OXFuxsVyGcOBVhhdZCb0
+3ZYzVi+nzORPRZ93nPXipy3+NmoARk7mhXDgX9p1bPI=
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cfb.pem
new file mode 100644
index 0000000..de088f9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CFB,C0CCB782DF620FA388D9A356F8B7C346
+
+DftIvr+HZuCHBanw4n8P5ZajHAw1ldQkSgLxtxY0ZYhhVDLEqEqh6z+4ySjZz5SR
+KY7kYFo6yJnURurg3DAGvJ55s6jgyrRHQZkhiO1fBxhyarOfcBjJauJKDT4uhFtC
+LWZ7dqft3PlcHi09mFKjK+BYjULe1QkdrKQlV5FBpCj7ENuHqtfx//bV+IWWVnbu
+QRx4ec2nNCiS2qiI9Qg7fgMdXWrpJlr8Zvfmn0Mta3Dn9SWR9hK5J4d3xiBtaF0F
++BNuszy9poxnsRaORZYAsBh2vdLaQyn1gGdehlsWG4J2Zb5RHApYczJcp2AoPX4K
+j9wAzlfLRSZ4Lt5edShd1zf/iDxegBKQFFHTfPA6uu+fe38qckdxVyBdGaCCBvUz
+Quu2DjjXdCWWo8To5C28LVoVyAy+qJaX86vn7yw03/6n0y2dkydiB3u6wnucsom2
+HfLX+pdyarFoNvtCeSW3Y/1Eqd54dDhz3GrSTh6c7G+wiRziKpTduEmoZ+l+CIrl
+tWxmh59YTSeX4mi48+fxTA8xaVwD/j3VuA/jTOQWDW+DXU2z6OcAQ9rlOnT6Jad6
+P2El+vgLrIFbC4eJs2ry6bszqFJ4wieBVnazPCUADLSsXVwbFuO9oB4129y3Yg+U
+dE+lN24KV0kC/YIdO7c2PghaFY98CVrBX/oocHy4j122fHfboiPNh7S7n6cqJHh2
+JKKQK1qTdfULAN5ypecl27gWeM2i3ib2C5jJiOFUlwiAkZWLRJlsiJOk+b/rI5FD
+tM7yFanhEtcYumRRoSzKII3tF0h+z2AwzPdsyJDdASCzo/DmhB0fg0O8G0q/isNi
+VV2zL+w7mNmf79QsrGVA39Y+G/uKS2QPf3bGFthzYZwKH1M9hTN/do8wCCJJv7MR
+Ejnd32srumBOvGXnYtGuHnT3qRA1mj82B00bdfwCd09GGUr6mEQwfvsDOR3q4OfH
+eGCn9NkWKYvf/QAxCG9Vh7u62sUlXKS08hJcVAgBOzN10wFISTIOAvedt/q5GMvm
+nRuF/ixs6f6LNy/VgyztHoQ4vN4HBf8teDsbWSMDvlLkU6tQZjyuu8JkTjeDaqMv
+GbCzrRBldS3zMXX2OaWpZohi
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ecb.pem
new file mode 100644
index 0000000..4f69fa7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-ECB,174C8C70B397BCF00CAECA7AAF7A0A73
+
+wzs0bJqGg+Scn00TgtgXyV6hopQKVWMEFnMpu6R/Sp1tbPVlr+m5+SppJFVyW3WJ
+YeFSwXzuVAsnbD9qIZpAlco1ZYpmRXaY6IfXJKYf58v2IrqkxVd6AwjGN2FloSNp
+b/DinJXJe807tNAkuBLQ/7QlkCv/BmZMeYBl60XYIH8LDF/T/ON2hREl49zr/GLY
+bwmVzgRpfl3c8QIt6Yl9uKOqCFJmMHD3YS+dT2RwuQwqY+U3DNzVoCci6Zjd+gL3
+eb/S6VstodSR55qF8Fkwt+sy5yL6XmhQaGWEgCwDwArN40MWIEpx4NaBxCcqHF7g
+o26bg6CZwY7Rv42RTHKHNPETegZneAMK+e1lNassSijak+A3ng9bxiBquWSKHe0i
+s265Rptr/GvQX0hLxmfjEjvL98dKVDZpvdBaWRqV2lS26jDPiFAHtVsXvF8uo25J
+1aS8FDHaD2DghC5aXTQRaVy1jlMTm2YZeVfiU6+7HVXBkLsVbShqEHxKylxgtB/1
+OAui+st60+o8lvRmn5dT2xnxLn81Bt4qron4pz0LdzC2xl0DqjhXyRsf7kdxr44h
+YN1YzmdU3fYFzQw+VmE8xECIjPukp+0HSb4n7BTGsWvqzntFIrzWGeRmNhjtMcwy
+YJoWGnz+WbxP3DJqSGNdFME7mNI/kaybIkOpbHLLlmgD7XWpeyGYtsU/rzrh5NXN
+YRj6Nf3TWI1zwS2xx95+/5vc5Df+sb1+/33J4hbGOx9KdfqoVlJZ16puvdTq97dF
+x8TVYxk2PfBJpvpChCsFlYBOB29F+kY2qoBKPbrvmFPsPCgI2q4gFuJ9pq1qyDbK
+pq9d1oewOOxR22VMQNGG7tL0tMmtXJ/z0n3Y1UE3aYiSG7apOhooBAQ8grpuwqbn
+mGTz6sYB8fHdCnedcxEUxxuFjXupmBcT2ulUjFZgFrG0SEMElgTDjtG21eurqPKh
+ZgxfkW+tM251WTi6sqjiQO8WYHlU7+XyO3BKfH5v3kz4qXxsmvKfh4UOfRy5f9YT
+Ft5oi1bos0soTvms0d8ckLt9Tph2wgoz3Sc++4DRcF53Ks9N6iUgtTpkEtmd/Uc2
+5+xewYmlfYO2qfiqiF/6dSVfDPjJYR/YLx8KBZ40/e0=
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ofb.pem
new file mode 100644
index 0000000..cddcea9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes128_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-OFB,B32C602DACAACE3A4C55B4600D974E5F
+
+w1+kMXURdxpREW3giZg+PooayvatT1Pf1bY/h0Wcm8z0w7zRtQOyjCOdEPNxsdd5
+ZYn3qEIOO+wkw0v0PdK1AaegJfYMbMpSp/iEyFXU/LHS0FpO7o8zmUiAvdeEKAFt
+Qk90gFBiyQyvWEWsp32KQH1/eDSeSLeQbfRfDbh70DkB4nUjYMW/eFL9E/cHCmdw
+0LKUpEycc4s8i/mWCYJF+cQd4J8RHK+Ose2+5z86kHTrbFSlTBEZEXPDRHl8ZsZE
+477A6/Ndy0Mq3+NgMLSl8xacs2v3itdza3AJREVOzvnRmV+NmWtYQ4MQrJrLg2yv
+wfAf4b2r+k8Igbpzn3NCEYolecGfyEWftzTsqTutlFO7RfeW8go4v2MvEsmHTphQ
+k2qaQkdSTFaA7a2O4PKezJap4RRCJhq1d5bw7RwkCpbRshsvrKQqGdTGJxEZZfGY
+6pOt/qRL9LVCGUVdTTdje7fx9okx0LvKo62eKcUBh/AwZGE+ue28g6/77iABuVtQ
+6kgJ3lQK3AQwKislF5cBC9MAkiIomsoVOKiP6+yX74XIa7T+3aWXlsY1oX13+kMW
+zijwOrc114Sus2eS3xSCOWLYN+0GECMrh2NDGDW6tx7i3R20BuEF/IwHob1qjbkz
+hnS8KrRY+174avQDeF1lMSBz4Wfi0O1IDuxWRDRT2z31E4E8EIoJh+73NZr7w6JA
+8usK8RkiJ4ypoOPtRegXX6GBG5UYgI5bn1Ms2X5xSUGIXgG8IwjHDbAAd5xLSWp+
+01HzUsR+6wA3MxYiybTU4eOKNMviM1G4gGsKeuGrDsNnidrHfSzVyOGVVHr51xRI
+9Xie4FX/VX8/7Q5RMsA8Y2eN/yeVwXup65JRhDD5LjILVMy7aA90KX7y/s8KIYae
+n6lB7PtcpRWwhdYSYtnlrJmYmrl55d6ZQtJm2/xjnOBd+igY4YKNjh11xBL8YNo3
+wBjW4/lgrlvC7kbLxO6JIWipPr/6F3bjvmeLclTAZxjM1NU5HhTScGaEA8A4bq4+
+6Jiw9ZUw+TDCOmntkgEublcCMjcAxrawWYO/5EWuOAOkyBsa7BbfsUv3pgPugz70
+qa/CEkshP5e/1VZgFq/BNFtb
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cbc.pem
new file mode 100644
index 0000000..9b91632
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CBC,7FA13403627D9E1FA02FF88F6D594679
+
+hZYB09uY4gjQFEHX8KGI33EzcJijYhBMNJCR9v8UK8IcQIITOfZxYV2BmrfQhuVh
+Kcar1JrQdnc4S7+UDFIjlLV9ErBCvIUQEflP2ByDhxl892EtVcoMKB3BJ2Rgi9mk
+32KhayXo5V2bu2kOv2nTAjp91LebDz/ylmhhJhI86BL0DLjnjTEl99v9OHQsMtb9
+cXZb51mwIynmqU7Wf+PchH83Yw0WOKs4MOrCtsqO9lL7Mf/MiSSiE+S/rpKLPXY0
+4aBxP6fw+HG57gPlNAvv/qKtJu8YgZDqVXhIKNDZRTSRX+B9R1Yo1tgmJVPhk/7x
+mmYUxIb7w9nqa5OrxzFHyNvo1U5dJcXyCEhvUZ3ImR1DZt/oGJYgrPd/8YcYbsNP
+LKmTLUKI5CARZ5KcOjfM8vpKqlfpCg3Yl1FaNIjM0eAhD6XrepLj3faAJW4/YEoZ
+SGMO5atbM0ERT9sNDJTG0iMW6xGL5l/6pzfsTKI/2yMaAeWAyvg1PySNoSH7s6CC
+CfqF0w0VpQEiOPb+qjtmjBDB/VW5kNrRiBQqZAgpO6mED0jAdg9o31tyuuaFDWzX
+41C2viVvxTx5A/xOtPvaDo9EMecc+7MpPLM2VhWhPDiDBYb8PCKqBOEwIyH119MN
+gQEC0IN/itc/J9ybHLCjrF1Rp83T3/XhAaXNVU9msBBpKNjawnwsUUj8gI0JRbx/
+5ehO32sQm8wkMyP/8iKDAqBRkDT3RIEmLi8ms+ZZRmLwGBkSZZzvOK3A5Dder4bp
+dIhOOetvoN6Bs9l1i6Dds64pwsy8IcnLLeNmOag+Qh8+pVUBNZ1zUV3KSizRKh5U
+dyT6VMILd2EAUJYLXs9HNFTtHZglRb96jQ3rkHGmAepeIVnJlNGKByvDUsJQDGl/
+bGNk5Ejz93ylY8JzR1GaYyFVIUU0qY8khbo7bSn/o6II+KjyTTyTkV28jTSD5dYe
+upGHOzmqpGi3Pzaz3DXpbLcMzwYrMP9FuXuqkVWToDs87DCfGqskKtko+zlTV7/P
+eBILwUawtXMJfYntkV247FffKgS3/BNkgEE+iNthOsFMSoqX/3ESBKJdJDfKRH0J
+BkYL8O0I7OwYzfU3gCWVZ8AvAhd+nSqp4H3QUK0QM2w=
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cfb.pem
new file mode 100644
index 0000000..9dd5b15
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CFB,3E445502677C77AC6ED115F8EFD9BBB7
+
+fJXVVcgxhZJXZANfEWDbVmz75ocICvntATRNVgt92sHgl1B2c4cgQC4Xmu7WM/Bc
+ocUlcSpWnoHtWRDumw2cwB+fDb5k3e9qb+aL2juzHkK+kYd2mkRjW8KSG6D8HIwq
+fpvV6NQmVrxI5+n+uabwfil8Ecg9V7GD6ta0QSgt0lc8clp01se+VDacX1uCB7zG
+NtJsr1wUM0SQbEWPEcpLUoYfK0qSO0h8fpnagKrNQLfzFbk85arkpD9XBzxpNO2p
+2fYsc3xZ0RkFauSZGt6ehu0jh1TZNPYDURvSn3uVrseLyR0Gt8LWp+hjIUp9Kpo2
+fLUVaH/7wxpdCAYzo4Ub/gHPfbxo2E5qYmE1oTJyAHplaDqSg8pbwJofiXl12gMM
+IyIC3SCHZJph7xqbKa+W/X4ChxYuN23ZMZ72cmqH4tH/j9IpKrpWEeqjxaj0EwDs
+R06Sz/qAqs9iDMKTkuFTMxGhc09DV9sN4NYczEIEas7gploOdryJGMCM96RtMDS1
+gjW21w0wyfqa7ogsDJJ2/HqKL73Zfn7l0jzmqya7YwcToEfKOSP+a2Q/y3Exr4KO
+FY5PLwKvpBaFcFzJoYhAaPphUzzAQuQFgXj34f4JU9bAXbf7ol7Swcv9JP9tN/mF
+n7z55BbPfC1EiyGyDjeUDWw4XIYF6LtRK3lnvn4uSZFXLmYMJJthwwC/yS+D65LW
+vsW9uuQ2qEfEC3hVbMPP+1KMgRkb9CVbSXBH+B7UoaUkGsJYzdSDeHZHbwiHgxqH
+jb6WcjtUjh7W2VO/MnHBrLg8dnC77OnR4IiqJq/6TenuSu0N/4mm73SH7BtYAugu
+ok/2H7GYfGfWjOnd+QvG/Vjsb+l9gtB6SXYFiWuThjB/sU4kHH8LUUOmGRlC3NDz
+w4pv+cR3tS1zX+evPL0BsZ3ynDSGRbMpss7xVooxIPacFwDN8kHUnWvIBpQKAizq
+blt1owc97vidf9OnZxUMpzw28/PZ+y/vRYSPQrde3kH8mJmu1FC6tLZnqzuCSsgR
+SJSr3/8qqSj3XrAW+nj0Y2P8lItNdFXex7j/RuX3eV5QIyK7uY+z8ZP4gf5q9w54
+p+dQi7Vx8acRjbsU+r85+MRR
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ecb.pem
new file mode 100644
index 0000000..c7608e0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-ECB,C625A2E97BCB192B31A8E33CB0CD857C
+
+jM0PVjU2r063OACSZgLkaS9ppOj4idZ9hgkdMi58Oi+C5bfhZavbjROyxCG0EMGz
+HnAIRJ4pkJeZTnGElmOEFbaNPb42NAvcrYXAP4XNu5FbZ2SqGKwRnjjN8z7s8+Ip
+MrCyJsWycYy2BNaksJRaDNgazjKgqQxGFlQPJ+j99E4dk5QaduOCrf6YQ2G+1Q+m
+2/uqVujTwmverPnHDNhQI0ZYMY+l8+oVcPHIY3TR3ufecvrGkjFgKH0B+/L7gWSd
+ASvldEnWuFtPMiYnqCPtLgJNKSXO2nlumLc4Gz2ruvYKI1qGPXsVLIGnxISVLUzT
+VQz7NrRYwlvSLWdQNqbrEPvEu4q1KstqIkiPRoC98vG4+VRkf9AXAGqxA+vKYktP
+2Ui/SLhoC/seh9pxYXLsmqP+8bxcNM3VsJQoUUFM2PtfyvzBtuQ7mJQTSFSXgBym
+qXvzx749S4xOot+H6r/bCh8753MMEsgsM39jBsRm1zbaBjaNFG0UBdfFigHWh1zx
+4I44pIHu1AQDexjnfaUVrZFbys0CtM/Wy/3y0I3+mar1Wg3Rc1XL1PJzwDqBoZst
+vg1h0L5OPV1c4CekFnAEx+VI6ImxENoYtZCpbpt90kz3GxRY/eS8roS/SRJ7KizC
+p9bWEsUMwJ4Jl+xvV/VtVG96nKzlU13gkI6lMATYzImK4Fh7hH/LBy/UhNVL8X76
+3fo64CCwE3YkrWEmBDdxt/K8Knj4MUPjBgy/ETVRC7ziG0rUwRSd7zLOoEALMHig
+AtNX+juPvPU7yARw317Q9lZXeytf1AmGiFGjYZR/mduAa9M415uWm6zutIJEz+q8
+KV93bm18JUaQSrX4D6m8IgNhX0EfmRYAIFnB3rv+1rsb61q+4USk0L/1vKT/fGGm
+yvXMCA10N50wGS4wovMYQIl/giMEU8e88f+gqImU1kporgESIOUYUm9tOZ80w4R6
+ITlKCzRuoptMQBGZeJIWfWNLxwYq7NXKpvjNeSOeOqQ4fxhkzEetFERG/2hnszmM
+pqwoZBZQ8bb+T6cmJD1GuxoO3ev258WIUkEZTkFYK2Q/+QKymPZO4ATSAO4N2UqQ
+4TXRqUs4i+1f/BJU0ahnSgmzrynGmskUonKxt6T87lE=
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ofb.pem
new file mode 100644
index 0000000..5010035
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes192_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-OFB,7E4DC037A44E5DEE4E005CED36B18C16
+
+hvLtWTLg0+cMFDo3jN0yZc8S7fE6cDdZcBK0aRy+Eg+9kWlnmR/VYqG4xaich3VQ
+wkyhNpBSAoUHY8OKkB8hYsqbGkuKxQ6Db4IJlahCTFgb0yO2C7pUrtGDTvmXVq2n
+qJ4c+4CILeyzIp5yfy0dE8CAsZZcLEdSpPvaNK0VPZEPhelm4WdqqLozYVibR0KS
+2BbVO+E7yHGC/G3xtdbduuYpID1pLwyaebUCNgblggn6FJ0G2+Iu7lndmMU4B1Wr
+phvb+Fd1kL5421u8OOKRVLS2yMtlzbK2Mz7NclEzEs1m6K/xJUzztxImAxElBiiB
+YfOw5WLy278DuD1GCBkSuAKB4XWUtlq0+tJnCzAG0yrdMloKH1m+XF3MXFiRTXgE
+k08PcZchoNgGP51Rcg77skATP9OMamcjnkMx1B8YxTx9O5Vv/oSIjGQrr+t2np2t
+JU1dHTr9QrCeadSz+My0sjlZrL3ZisAwBbu6C0Zta1P1eB+i8ORZvm9HvmadcyyE
+y5oQWv7XwSfAQup/4uuAJ8bQBunIH/ajMF1WmD8rzLcUjG8W0rnBWUtjaxxBdkWv
+xBzgMPm7Q+L/5yhL/TMH3dkUBq+Cg5VQSe9EspNRGKBUgfKYk67Y343Mv91xKtX8
+8Tmh/WlnYXDv8QBnFJZXVnf8HeSFHsHDzfTgAmWHdhisTNwmgSFvBK5ghvhvkbXI
+UIPi+FgeB7P3ccFYnmoMq5qgK0Ki4lU6v57soDrjRl/NttfXdQEhLfWO1zXNANLk
+lqEhJSvBPZY4/FiOW4kNaZg2oRswz/+Bmp3amsK5TwBcI72rnH6SW5ADqPCcTP+h
+IrH4L9wnhOXw7QLk/h58JwiEc8suj5n0PJPQeHKajizd/EpUzVAuRTAl4GMvxLCY
+rALxeRaEXfJH5i/0UQydEvdU3ZP/LTibAqStXyVlSBZmKOg0GNQ+aAiHZyBnI3oq
+QuD0KuJi84ETMLU2baRydTbVlQDr8O0vxnCNlPkFFOqVpWyOyBgMctUfFJiM5c0l
+1UT6dc2F7NF5WOuoDCVw+Jp974CJuBSRGpdQKGms1Dvjwrtnf0ycstswXHvp2ZhV
+IVeCbT4WWh4f9bp6STkdquSc
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cbc.pem
new file mode 100644
index 0000000..17289b2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,307CEE18F79CA333A38CA90E75B248C5
+
+qyg9Q1cX/FGOoP0NFzrCRLwmR6bai7JzDiCLFCthciYkMIWLIVzvyTg850YD3dw3
+Wusli8EQJig8DEpFSM0WBc1Rne8U4168nKuRnFUaP+VWuD4UpNDt66cT6dMoqATD
+kZGdd+p8ReO9TK9gO/ZZU4R+q3OUpjxX44szxj/EIVSgphi8R0rRSxl/yFRnGHyO
+xfpM9NxgMvBYlyxl5w1Lp/ictuF3D505nF/uuhzGL5a+WWhSnssMFHF9vxXTu21/
+3Cy0C3Qah9eV/C2oyAU7GGsXHIfqFqsgMjQN+cTFqMyFeg6g0J7hytDAgZVBXIFw
+UuzMbxUUZU9VHcZzwqstkg5BmUI3sgW6gibBUzuJrmo7uLrCvHyj9oehSMqeuPUC
+EXFqhw6Nb+jZMkvW9J9qFYG9eg3PQsDErIdVK8aWdLrLyc+O4gycOdMbR8aq/3Z4
+TlV7Ye650EvQ13bwZghZyKel6Rjt4P1MagGriNqCcLVVsyrRXAiqjq8cyJgYtoXF
+1VMBZz8ob2FH9+kvk2sb4+T22sTYwiqAVaLnCsuJ4dmS5wdBrhfF4oyHYV2KOVgG
+64GqxiF9/whvbAWSM4cU+KslKnWGZwz53LKleafrgeFJ2P1ldqnl0on5EQ/m9bzt
++GSGwzZGRmhf5NoyhaH+OCkq/h1UP+LZ5kDJCqH/l1JZbvJQkGNKzt1OroW17GnQ
+EgihXAmhy/xOAIZkz1XKa3bNvgS1F9yreAxJAvBHB0QzZ1HrablsaTKsZOtY1Qvq
+e2OdpJFm+SrI7RUtbp787Yl9pH2cLEdto+WH8gtgXloS+b11Q7broE42w9MIJrno
+kzs6eDWafSExTvpi+29OJEtK4PNezmhOxzTUIsG0/8d9Vd2WYqrLD34ze68X8qUa
+CoIXYP8VsQLoXVzX7VnMBYTQ+YOR0Ntq6pRj07RbJrNiOt8qcWGslzE17ERuCr0+
+ZFTGy77KOksKjLksvRj4oshQjRhVYZscPNnwKODFDvOPsGFjDoU2Sg+W8kcfE6Bc
+1RQwk4N0cjkC2JXXk61QQjh+efWRBqPN6va+ixUcsZSxndCIoBk4qtqtsyTFEcC7
+LdfCC96RGnXlvroiPHvrmJYN69JAyyRrnhiYfaaC98s=
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cfb.pem
new file mode 100644
index 0000000..06718a5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CFB,337D3978222A1367F5CFE08611416E9C
+
+GVmy9WG3oR1Vpfxnfpv1hFvXGzBgE+c4jplSw2BAlKnbznCPbZLc3WF/ZMv2851O
+iE/8sdcetzoAlm3jGPoDi6Y/FqMFmcbqtro7vUz/SVgi1HDI0FXjOTPtFe6xfzhv
+84qt5lz5VAUueTKFXEZHqM9tV7lHt1FX86VutNObn8pE7nAWVX/Xvq+qWUsEx0ik
+YjZjLY696pyz61hnxZE4jKZLRx/9a6vWYaVfzsEi2FLw9qAsw6ILp+xDaAeKa+Il
+YVkgDPi62NPr7cRX1WCiw+/feNYPgUfGiBNkd2mOnAr1yOXFM+YALw5V+q8I6ZKN
+k8R7skAzRZkwTJ9WaaFGD/UypYmhe2b9Jp2n0BMEn5RpW4o1DTIHmfMSUmUPp5w3
+HjbtdDUWIiuplrz7mUE2sez/3bMbcoiO2Ym9SInJKBrMFSvyasg403u4QESYQhC2
+Lwcocb5ixXoczHjef3CogL6BhL2oZwXCl3OBqpMOJJJKXUPRhN8bvgV41UIsiGtN
+TFUXqYdpbmMkxJNMGiD3mKWpSm2MMdQYnRlxNh0wXLi5sHckD/WS4yFrNsCIMVDT
+W094liK/Z7BmplY4TyqKhsRlFVQ4VOo/W0WNh7Ayp0siIfo8vHDyoQsnUkn/EUER
+UZG1lIy6/y1RSg15GWpdi1bvT9URjElh/U944LSYD28K2VU8aPKaRBokk+K3AyR6
+YhZRCBr6uIVZ8HDkBL5OW0eP69/jdbyc4MnWRa6C0d0boA7N639j+NQz9erYT6wu
+RkInmBbVfxQD6HLkMwiuU23qLP+QQTLkH7rQJmnRPSwAKEE8RiXWi4/TnYW7d0AC
+Bj8oaK6DO+J9t1pdj0IGluf52iUwAOf2Pxwvu44ovaF+yb2n3P7S5maDGLTV/xBW
+D6nEAct9cYj22/aRDTLdpOfG0L242vjQLnjrgezBLraa9eTy29hR5FU5ACH5sB72
+rxUSwoCHCJuNFSxC27QwZqeCFw51epwXxLv1CjqsQi2So12qH+vFVtL/1YrFBct0
+dzwbdNk0S6UyPRqfiOE/+Iszzahmb/GgskPJdfT5Y03FnpDWfOotpaAebrY4t6kz
+/gs8pxupvdKw4eWsxVCL9KOP
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ecb.pem
new file mode 100644
index 0000000..ab0f64d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-ECB,267E98B92F05ECECABF28790E81DCFA0
+
+MkVFB5/gKxAksBI/g96MmN+ujdt0XFXC+7MI+0/OJ/H0LXlHlLpwfGlx/Je73Imt
+rOZveXf4I8sBCF1Z0Fhzb3TTTDxcastJGKWAVKaPzKkWdxNeUjx0kinbrkM7Spfa
+yG+wW+Srtfyi6LzEsbCduDK7hzfDnLbgKymdDeP0TVeJzEdXgXcV09a01GA+CEVX
+aHesQLNHyYm9nxFxK0fAnKo5r1I2JsozSWNTG3VNbiItxtfoJdXTn25I16qXjKzn
+MOn/A+RBpO+P01j4uk0q0SPJMlIYIX+RjgAoPiI5R5vSeucsdUJo1sWnSfqLc4yP
+vUG5wD/+lYrxsXiW61KdwIg3vy/ty5+GqwNgNvN0FZM8DvK+NQ9K/IpoW5RE4ioS
+ZNm1JpeGJiywsBf3Pi9mwR44tTVY0Jwa/TTQp1kEYGjhYXMIEvf+LUHwG5KO2wmD
+kDediMDUPaUx9K34eSpgIUln5d+1viMpC2VcDIg4tYjAODtGRxzgDUr3mbuoVl8f
+GqusTAdsNoIyilY44XxA2odHa4S8yXsx1f54P8fRYbA4Xo179LY1Nh7PwQPm+rI2
+mERkCsvns9jP1zJRuS1lYW1Dqjtxxq8Nt5RAsEwKQYLO4DfsuMZPblEXPAwSGb/N
+69xNs8ZFHm3KT1r7FdUrVpHk2vmqsetNa/g2wRTEuBmRCgrtTtEDWgdBNtDoHlBR
+pDIWgwNvt7oJIU0EbQkUgW8bmg1p7jxXN8Bk2QKZoOytxA4TB3fR1p92VkXzrkxn
+l+Z815BNfqnNCU5nNzLwk3jLgksZrDnLu4sXykIBC/bpP5fubnT7iJYh9h6ZGFeY
+QLUP//ssuZM2auNjTVykWUtAiglROzxnFZjMXEbujOKbm70Uj3YvAHjoKalkti9x
+MTj/vpR0xBv/iDtTFl12HIg+IEGL1PfX4xy2avvJO+XGFD4zcnrLfTMwtUJQjdQH
+dUMWP8VI266u+B6wGfcrhdCYqtvuLVUvbISU3YD/tP+esXh563kPnXd2UuaS3ErE
+/7Y/hzyUkDjJ2g37Hq3M4wbaEg/a6osDtfg73thDMadsbTLIDjHKgAgBv4umNtA8
++EaP0stzRH3ayHL/f4I5bHC8bMIAumKM6zap6tBiork=
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ofb.pem
new file mode 100644
index 0000000..7192ffc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_aes256_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-OFB,A2D4D65382905DF6EEE7A315B10CF2D9
+
+CpLeywQMv8uZGrgJYM8rZ01awWHJWH/ZKkNi1rpQhaI1BAShQbIUvpY1IsMLa0/E
+g2+oj+Aa1UE4UDsAlzcfsKG9QHS8nOYWuLpU7VAyjC6wUPn0yI0sxxKRd4dmPIgW
+w3r0xO187yqLAjIZCj4y+3ANCjw+rLpZ5Zq8KAN4j6H1NEmzNoNVQbwY0hpsyxwE
+Tg7TkI5IyNKQSQC48EuZh16cJR48l36gzFOmZKr47gzS0zivvED4Vxdaey+WZkoF
+1XW4VbQGHRnLEn/I8rziic9E5pvvcZt6K2NwvzXrkS53ufFYZcgxNRxrdM4yLz+r
+20Unn2F2KqumB1RAliKo/PtudO7XfsPNc7rbF/stGhlxDWTyPU2HMX9tw3JkWDfG
+rRsG4RJOQgsx0Q73/7XPhgu1J2Wp39a/QI/IHwZ+rWIerdUPhs/MRRPoduAfSSZo
+r2z8OPJAlMWLwAjmmKDGhpTp/21n9xLo8tbvqmy8Frz+kAxAHXeHCTWUbxA+URKb
+s5NKQALX3wYHT9Xq0A27A/Zrqs5elqc/IQL58nU/Da3a3OfPB4+MNWeWU781ohhi
+VkBgMRbnQNCC8OPoeMd/At9GDEEj1rDxx49pJdMMwxXS04P43LiuNSmndCei2cQh
+/7cho8YTbdgjKF2kVCZvYXBVsu7Nn834kJw7eMH6slU+VM45jTkOTr2uLzKWrBL6
+YONiK2xdD9NlDcTsX4YRkt+dByJEcDAuvprVdnLKpFXAOWDLW6e0o0siuFIGBtgX
+NR5vA5llpOkladJk+j+dxX4u5Ql9KFPtD9uM05ik5VQCZN8pxy6On3GUeSdoAE9i
+i+rtgZofs39mZOTxhYr+Djnq3WiWntV91GImwhqiXxUBI/fs91+yy+FWphpGORaT
++Rab+cyvauBsdTAoSjjd5cNXXsztfDxEhLnZ1yWMQZxVgV7tcLevVo7e75pSZrN0
+/gMQAH1Fcxtbrdzg1fehLiqTEWp14lFyDCkqAqQ5C9niCqwyf8+6Axaukk4ImmP5
+n9eIykRezLizjA+GCe2oC1jXpVEEYVzOJpbBAwZqk/jlyNd0m01URxvhOaW1/M41
+uWDeQp7ljJrtiyMqD5P3STGR
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cbc.pem
new file mode 100644
index 0000000..8b71187
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-CBC,B23E9DCDF6361CCB
+
+BTPCHNUVRgsKo1up9Ktshx00vDANb05S4S0LPU/wzG8sj60db3bX7Uzr0PPy7ShH
+1zPv0PECYla1dh9nVBPOS4EQE3uHyzuDMTg0AsiR8TpysuI+a4y8XJeAhkU1DTD6
+YzmaodjbCrhautYUCzvcui/sWWXTUSWH/yrFOxaaxLpccacCssGlPc3Tmr5brPmO
+xaZvO32ii6z7WAP/WmyRoYH+BSqmUBhObolifBD5kg1ilPfCk3xMtz4lbJRWANsS
+r6YWPwo+qh1TIQWw40Kz4oQOteVNiwh/dvYGxMkd9Gs4J9nY5deKYExoWlYcci6N
+VOrGA6HBWzfFx/QWWGK77xE8yQ8HeeZUgkWwYoSyAmxjPWgCj+BT5gbYV3W9E6UR
+T3lsKGtI/lMW9N0DVcLdur0lLIBFiVbzxoUAL1SteLJ0mbu/Vnk4VhI5z5mOmSxo
+bU/HElXdjIhk7hdTU5PMNSKiAsxNh03NiPsTpEASMhz+oP8BuJZh6Zi/K3qMYH3u
+6BYmA+Ua23fFYd/kz2TclVwiQ1HQjO3+9l0aSgLhHFb3t0spYbx1Ld5+bAb8b30Q
+9w/fNab1mB6hFgaqruPErfI0K8BZ845oAiakZBfKnTRQxAlKNY5gWvSiPDWlkfIb
+uSBW6csh62iQM1/bcW0voR21NGS+WdQ3eg16vv0HMhmEXmEvtAuCGb6ZMqY117s/
+VciBymZzwdLKFjCqrLn6enYrT7uneOoq/8PaXD1rdMuKGL4W2LqGH+Q0RU+1hyBJ
+7ipTQqystqi6HUU2R1/PI4K73X0MMTB0Jfkd81S6GmjkMYCFCHmHXCdNULjbjzT4
+gppgVW5joIbLKNPHJ78lw4BuMxcAgptmtQBADnWZQNF/pBnIVAY/pdHgreIBTQ7R
+KL1/ATp3+gtGd37FOGZilhq8C4ML+w18M0iTUUfGg5svUvmtw+NpNWMijTJpu3Uo
+KqjMj3NbwCwu2b9qxwalC3qWOgAJf4Z784+i2GOvACk2Mw2QyXoZV8Qm520M+idR
+rj6DIfzEf/86TWH9IrGukDbJNB74QHgdXd9upyt4sL6uHMxPwz4nnhBB7I8B/Q59
+oB+3CBpYIANihDscUbiNSsw5/AXNtMuA
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cfb.pem
new file mode 100644
index 0000000..8372cff
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-CFB,A39496D20CA5F694
+
+A9ZO/WPm319cQ3hoxaEsmuGVDkMVhCuRzFfSWC4hVBsxKHd3FIw8xZpGSkEI7+aL
+cMtcyxTQn4jVV71Sw3vyb4N1+2i+DAd+63l8LztpTBQi1o2gTBqmqL9esV3shqWB
+JV7uyOi94olPea0Rf5PMRXx1bAZs9U0TV+5XHAQxM04lXRJajxiN9LBZ1OMRiUVu
+SdoHdXh077ylUQmgDaGQktWYuVH6leq7Yc9CF3nre6njFiUrpk61iPki7+/FgWzq
+vToqiYaWffy+1lB7sXcL88BtFaMWAOV5A48Mv05miTb00VbJqdKL+SDmu6j2Soxi
+Qk3k6Le0heXFHqqkURMKOrr6tepqKEjmy8WTELwMnuT5vNngMqDKpNyhdsIEJW69
++L0imi4fWIelCd7PMI1bbPAp2QsB8Rndjlfj3irVm0AtubL/rbep3JT0ezukoScd
+wLYNTlDdaLfEggry/1kYvPBMolU4xqDxg7C0quwYxLuycEFzU2QmWNtRn0xkfx+j
+ruApr4getT6q2fJznW7coiW+OE9Ik7JgtYUGEZuWFUeydDHa9PiJ34w9t/aw50Sk
+arATzKH66zM//g1zgzg31SmziKeE375skyQr2+1S9RajmdZzEUDL5ajsdrbALflf
+UPQNr0YEF92DRHsI4O39L/+k5fesiiU38u0NoKv5DDRb5T1lQeesDZCZBowQP5KP
++6o6lnj8kCeccpGX/eUukPXFl6mdddAJ/vLptHC1zaRp2dlKPRfedZkRm4Wduplh
+vQ+6oGqkjep0Q/LSRcVP69m91CZot86lAn9Ct0jfJu8o7Ua7KBeOB2k/rx1nUaZG
+BOjHQRaSvPA7FVKCP1UlT0GR2hTb/VcW3UQJ7fCY8E4hc1kPfoa/T+mf0JrHtlMm
+364YQh6KLgcsgVjsPBXnTN1+POH0Qy0xp/0VwQIQFWKwU7gsXprfs/uYx0uD2Ev1
+w9kIWLovIGmBh6HKptqTnjtdwhqueez5kb3MkrCMi3kqVmV1TEQoklz6eBbloXbX
+SyR5jivLmuaoCJOA3oQ/A+75bwcvUP4iULZbdTpM2rnURyljKNU9Hwxim0neZ0Zv
+4kiOZuhQKkGfj0gv5bRkDAZC
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ecb.pem
new file mode 100644
index 0000000..58acd6f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-ECB,6105920EB281329C
+
+ungL+71R1VG+DP1CKuROEP1pESqlLeGoX/vupWbGTWR9VoK4v/9e1Bh96r+hEobm
+LvgsV1xhWrnyRMMw+W5bSJCfBH627SxqHltgxPhyKCNAf76cTIAdxxXgLZAxjtJi
+mjuBDTNHdJ8NiAxJKLL6dr/hh+Vt1Lk9Gr/x7UdocQnhxG+IZLDSOFdXnFb8EBtK
+kmAXXyOL14Rerywi6pmbxaculi/CihuFm4u6GXvunFjtP33eObzKLRub5ktbCtol
+97rbDoAAUsPPm4efu6Fs/3CE/BfvjUf+cmOYu6pIKQil9VHtxXloXwkeykI9Kl92
+uZVT+e9WEn6oZslAzCnjT/r69+V0Bf06AP0zkdTK7lRNBhmcR9fAgHpxz52GC2Bt
+xsqEzU7d+adCy1M73tT+bA2RBUnbA6BoCDHkvtmZTGV4mkAv11tVxU9Zqeglvi/w
+6QVDQYo/b9U8GVkQFo0oh4xNaAUNdT/i1OIy7d+6UR8k1S9+r6SGVwS3er20trWN
+8mAJ3dWiy3yLreggSqEvwHSpwrUQP8uxdTZOlFAy+xmwuEb3AgT4/sHQN7sJjAN9
+ISdzp+B5tBbM3kQgvEXUZckVykM7jgyv7SJ9DoDaYXvlfOVFo1oM3aWf57DcB8KH
+WIV94r4USVElJERYHH9sR61YtTi2lIi1zuAQZKCf3ShJcgU+vh2ZZ3vRPQhAMXjZ
+0Doi5uxi7HK/MVenO1CzNmsc6XQtyTtONqlJVmBoSq3Il8phMkMXnaOeNrQsT/1X
+PzbQ6MpWEr2WkKsQn5hNA9b8BIZ+cwk9zeFbhwLH5ewjO25BWJkFra4gGFJl+HZf
+vMNFjlnxuMjqM+Fjn3YH/O08P3nF/3ZGezqTCV8OJigB4Cdfbf9OrNtJSvCVsH1q
+YB/3+KOO5mKObH0Y+k1pvwZsXMkj7exAEHh+nFLldjo7tBAycqUHK0RaZ29TOjqH
+J6/4SSzMTJL5PF9Ayjtx0Vai4sFrjRGgnvdd8tddA/bWq6JC5i0yWIWjCEu0+b1q
+q8EHdE39+gbANJn2lKsEAOOt242bsjKR+bblijaaEgZXHZyALOThcEXxn1RaFFgC
+4Iv+DftZrU8lOiEvN8w00K6GDy9gbByG
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ofb.pem
new file mode 100644
index 0000000..2558ae4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_blowfish_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-OFB,56A8F965C6533468
+
+91TyUkVkBxdl1ZXkXezMngH3YsE2cuXhiEFySx+dWZqFWcOQ3S6izXXqvk9B5sZg
+O95SFlZ917dU+SFACzB8dqwYo0QmxvH0zaAIMBguuYib6YZVCd8/ElX0vyEEo68O
+9V856HAks6w5WZk4zTC/75skb3tdLRWgG42oBlXHW7GsL6y29Dy3xvaWHJ3vpKXF
+HygbvR/TiSzhWj/jJB6V4kCQAAm99yyMxpmo3e4Wis5AwGgf9XyHJx0gUCeyNqez
+i6UJMGnYsHl1H67ltpN13trIXRcXTUDhFTadRz/suaR1R8IEefkpsnBEPnJwBuPY
+tUQzlolPKuwbPXFukpJrhi7It7dLsDsw5DUYvyOnHkDXJ4vFAIplCKdG0+KLaYKJ
+pXI8FH6X4M1YbIPTF+k1dhCAz7Cz+cEBA5hfJfSA4p7L6f9NBPWso3DDsyAbdPx9
+JJkVPtu0ofZHzYuD9nIhRsXjK9zaQXU0szLBdtGw7rfmPp3ftXeBcXDnO2ZdXL+j
+PK6CJm0ktjnUMKY8gpWahUUfImwebQ8+uQYv+NNn61rtfCaGQWMStXaNYgq54YLs
+D5ImRdvWm936tNUCeoik0yhPVlriNC4gKswRSUxD/nNIetsPl4FB4DIS/W5fvWZf
+WYKwW1UlpC/HagbUVIuZcOrAMFTG+zLYS617lzZh7Y7K87GJH+jVwgbYSbHHFWCp
+V215NLfofwlV5pFwq8djbeEnBhKi9SbGlZUyaZKKyDoIIEnwaxg8BoModBEWHyWp
+OUmw/v81TQu6RwJYxl1C1U9n5w4yjtXr5oowgu6WRYXwWXZtevtLkHrhcuWt21ud
+Cq42ojFrb0GqIcYWDXF3Wjp4nLZ4pIqg5kadpJpcFYx+fcL++Jnxs9l8Ohqwn1br
+/UvY+gTmTwnICapIwovVjN6p6cT6MAok82oemWPZNPYXVwVkGewCH3DWqfeRYsdg
+6gDWeIwyk2Eqn4bxFz40NrNZaLqcmQPaJVRReCV7Y0jQuQWqSYKkBHgFodf2GPMg
+DRqs7doN2MW7Is6qjyc8CDDzPcSuaqUz0gzohupDfD1vAtuoC0X6U+m/8NM3yuE5
+CKE8rofcKcxmFAr52CUUsJBL
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cbc.pem
new file mode 100644
index 0000000..f6fb1c9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,7D7F5AED62DF7398
+
+PvrGaVyP4qWxH3LR5bOjrjTZN9KEZ7eujPyBYWV8pE7+kBc01RKaHuOfntMncXPj
+cTvtvPq4z/Odrme5s5fem88QAoxB2BqM0VNviUMcCcAG+hgsYjYWjUDdSY+piAD5
+dhPcTHfSwgkA16c9pd+vNojdDKHEXzIci/gdrkJQXi9z+Orfb++NluGFUjAvQNlh
+n+wi72AVwFaSPfguwAtWAZNmL37dZO8VzuCTkhciHaJSZFtS1G5rLBIo4JzW6AZI
+PLEENN8fE9C60WYkfQB0PI27ksTS2xPF2b7MeaBwdPRU++hwZ2QwXH7nYlCWn522
+8wg3/QWuFIMdqtKaOjjlwvQxApV7OouRCxIFnolM8HvpZ7HvEVVT6oqcsJG339FJ
+Ru60QxuVsnz6ykuP2OoGTtGZNYo5cgBSpXrpUSmOp8HHblWa6+FSatNkBf5MxJvv
+pMRxcYJ7ftFCGgpKI38GgeBPkpv9Rr8PUplZlgnXkZl8trhjb0hzAAJrMqPkMQ2m
+rOgsIWF+gK6MdnZdSnY1DktPYSFCkfJt0BZMGBDXcbr8RKHeV1vJNWAPOcmTsV/y
+nwzv9EA1KHeMnT+wQ54q7jkRtDLIS+zSWt3qW0fJQzNR3BrMBrsij6GfRZ++PL3v
+4y9D+cDFVX6LMXUDLK8kxZ11A5rSuL4HROtNnIQf/MItKNK4Y5c4PAKAMGLQpPS+
+5dgmKiu6jAIKUVT4BOEjMJ0P03JZKQkPxVB9GgLQLGCq77vz6NaTWhJmz+qTdZoL
+JCvAAShdkVa5gl4hzuvKnmY9VftsPVlOUthuO4NYimnjZs6p0sXZKnxQ4J4BpbkX
+mX5Fs6RU0YTQphu2v+NFhcPpYwRiwn15CVUDW61Sb87HZ5xAzwQrlpFY0LI4TqE9
+6ITUYzgpVVAlslKHNePMcjTj78V2MImHlq7xHSVPEGkkPlsDWxG0snZRkmM9aAu2
+g8kqf8MVngWbWhxqXHA35wunnaBhpBxAgqE4r2yAhyfCJNF3B01zwjt4LeTnduj7
+1ZA6EPechsSQUGQNGBoSbO5zVbIQaRZvAl2MwPU1YWCCbjaiDDRp9bHhX8vQbI/v
+4TRfKX8FUSai83qORQ+Ncshg+gYkeCJc
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cfb.pem
new file mode 100644
index 0000000..c3af8d5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CFB,6215481F0FAE54A9
+
+4ZA2xcGT6hS0kQObPwTWmluIl2wTnoL2jRMbxrr7usOZSLYISprcATZWieEKLsu0
+kNNzIptFCmRDt0b8VlothTS2jBIh5nlu9LqvaUlIrVuMEn7umslWrLK8JWnHVKOO
+dMfqNcgmYlkbEfmmXLtlCbfQHT2kVlopD58yxf26FTQ+27l+hSX4wn2uD+xFUAcn
++9ZxAWQDhi2PYVKqTTPfhCPaKW7hjYdocADnIZg+1mhH++8fPxlDmBQBmMOid53Q
+WV9LI4Fps90d7GumX7qSUFZTkBKN3v+E2ahnoP2bTBQGkqWamKFTc/4uLCEGlSWU
+qXaGCy1AwPa9As1+B/jLkTstoslJppqvOooWW2R1o7JHqN44luXXQPZ+BcA7dSdf
+zRcMCpudB0AwHBy3mnUNuBlUjsf4rEpq51HPSS8duYow2I127uI8m8OCoZCaUVid
+msxVMSJIiDCiBi18EfCjMfGLtQVxJefMv2hmcAXQXSRDJTEw8Lrtm0Mtp7XK2B0A
+v8Kqpf3x+VBc770Xoy0K1/fe5oLdvJrJOLO5PVcVXIS9B/DTqIQ8ObABJPZ1sCKA
+sV8XebteS8fNXmFrVKBTmHBpUY8H5Z++VfDtKZZUBYSOqbFT+UU/+xJKlKICzFTo
+YWsmPTgFsu0Z7/PMyg/rccrb9fMWRXa8et0JGoF2NlYu+lkRb/nYPe84oS8RzZT1
+dtWJMiiom4xRgENDhV6/AmA9IuyXT3QbDfFB+ntdyk94U+Ms0ODNcdA4JmEa/f2k
+zFjtEGWHPH8Quit+zUt+8JnWSSFp0mjyA2ZtEj/6Qg5rqAZMdlpTo7rcuYOTHScn
+ic/H7V43SuMlRAM+xx1bGrNzjWUugHrVb7Kar56pSRPtSOQ00Dmz7gB8V5LU63n1
+YX3faatiPUNRG1dArcW36o9dZ5x8O5TErPHRJNYG+96UNoAzHMXoi5thuRyVbzne
+FpOqgxsryobcht7fwHuYgUq92QoY2qG6qMwHc2A3NrVFi8lJ0R83SN0lOzLebulu
++zDvrvkkRyH14uoAWi/o5IGBv1yIkO9vYApntrSO2aLnbevht9MuDJqW/Lkb579Y
+LG/sVwxTmBT6jdCgTdpd1ExE
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ecb.pem
new file mode 100644
index 0000000..d17a90f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-ECB,1040C4105685E404
+
+66Uasevd2pON2SFWljlVyWqmErfZn4XomzLHlUoagIwnQUEgCBCCpUscES98fini
+roGF/iaY59JnUCMieugke7/GZF1C0aXbIReqds7S6VFfu4Ni1OQTkL4rIauHrWab
+vgoE4+18OlWw6Rc0wwJ8NT/NCOmb397yTeb0w8VYERyzpwSLXxQ0BCOq4vOUX7BT
+2ABX0moazjUSyTO9BQZpABF2SshxaWFbAc3QRwH4QnO1bm7Pv7b1rvjrvPZ9LxgN
+fwjXG+yfHFBBojbEtFvgXRsSSyV5WCmAgYLgk5/nIDFSnRQGty0OuP+itX7SUK1I
+PH/ZjdIwezMKbyuon9D1AvdOEC1xiKEdmJCWSokm0djIVNmYbv4dtfrQE6hYdMtt
+C0LbsT7ef+jl0xG3k+WK24OsBVhTaqj8axIPZIVLELOPlx4EMfaFQgUjgqf5vPhO
+x6RSSRy+poFwtjI6ip/xu7ygqmcY9COXCcSffk1vpw9v+6WcMaYmDLwBTrTCNsdI
+7i6VJa1GiCrsn5o6ydGgdRNkF0N0sUfGnSzRUgd3BGd/fvxhBmcxHUnr8srrHYm7
+D54VL0EUsP33F1VF2ELl94GlWqfAj8NGBDkTbpUcqOeL/ERxdUWfX5IEc3h7fprs
+UjjjQ+d3GRliRs27m4ZuLtGeDEhDtlTC6qtKyqgVziPMwG46tcqyFzhbLCErHNW1
+07JcoDRc1LkXImSeWgjjhskUX8nc2/q5giTVtGmiWMQwEc7aYQ1wPbVAIGPQ4PE2
+XB8zvvPEaj0wXs0JjicrfzUBo6cRbdfmWIfp+ZoTUfr+gS/aZm+VYt1G7v6u7Qel
+AtoSdpN623OvqIP5ZDjOKROmAdMbXkxwwusVNQhkbdTzDYNy/yJnJqUUlhsN0VTQ
+y+O8Fz7Q7fEYIk8Euz3Uf/BTVGbLSNSA9n++CJYg1nam1S51WhCXRDckDLR0c4C8
+v3zpJvaQYW+xZUmlzrYRQgxkfzv4+j9W+kZLgvitQizXfTsuDyO8gwIt2csfGkaL
+EgX2+oITD/sGoaSoGknY42ePI3pPXHlhBjPq6ZWZ7uh6Ia90nV1j/PAcOEoAspAh
+pEdIAkFJA76qN9JBnK7lRMFXu/EWtBjD
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ofb.pem
new file mode 100644
index 0000000..2d36cbf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des1_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-OFB,BB20E846FFFBD3EF
+
+WeRgcZKkDTSxqvtZvx9WwUZYqXUUpY7siLG1Vm5jXPaEFOEQhmvGuNYn2cwwUYKD
+RMN5+sE51urDgI/xk6jdS9oZE6IlfkGeQSUoEOOfPVyVD/0/E2G0QTcKAAWB56K3
+setBb2ORbM2ZhetYUp1scaLObMEMQ5LrZaqtA/jUd2Pbs9D2MqafEH0Gde8e7mXy
+1fGNJWlj8XtAdmi2BeDKZHx5Hu0r/BOTic++L0Sv66wbjHw7RDji9Rdv/vyq6DIi
+0v0ZCexiNVed4mqD/3+8eGQ2z02UD7aZPy6T7E+b8kBuBi2ouB4HqgexVtz1L9x8
+VBBOBdpOLefwCZlNaeceg2kSIP9mMK919hlH472BO615YB4ugaCilUNLpvv9T85K
+s4hTB5oDcQH6W68mz44vWqSwED8JcdMYvivWY+3/zBSUvkyI8+8AErnVr8tvTX29
+aBhfegKV0MbRRRirj/EcxhUhtfgbAtllZ/Wpo0LWpIsHT0GeUfWdUerbFyh/8Tfr
+OQzC14xoLHdACDz5IDrLaLd87hZrKDJOELvzoSugg2W9NAzGbfoWJGVlvZ0miZcO
+teULyYcK/A7Wcba+jmFaXMrKVhNH0IuGcU+Pf1lYcchjAsdnrFMVRsNJ99QWlN0F
++dTyRgaiCInnmJqT83fI58dMmaJPpMeW26jItPWZWAA0vlQB1RgZ8C7i7V4keuVc
+0PYolX8WpLrrpUpJKOTdW6rmeHokJC46gOZoXEwZCSKUUgreROLgRN79RMBHKjoj
+0vSZWowgH82fNWYWQbJk5z4ldulWEVye3tQhRNsZarAWPFEteiKDTSkawmBpaA6q
+dJWiA+EdrVvnNmw5+xkbciMX0nj4xKsjRgPawdMFZaZNE3xu2LkrfGKDa1ne3JdL
+nDeyygGRDsl93oJ799maHaTLDyub0CMdyf2MssPLFklJdxwbtxNzbI0gt0NhZu43
+FDg91Z3hlAjg/Q2h1dVM22m3pnju2ygF11HUQdNExHlv5w8LWMeqWQ5j7WhSbM4c
+s2v5JURZ+jXFEf3jCs9h6pLlQNaipDkUQA/6DKHf0VbZJzKxBiRCwSP/YuQ6H3yP
+dHGRAd5CQnNc3Vv+yyRqQT56
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cbc.pem
new file mode 100644
index 0000000..98d3682
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE-CBC,89A720DEE88FA71E
+
+ozUacsBZx7E1NCxbVYJJHQ0VTWl8RX0z/JzYNP58zcCIi3Cab2qlUshZP+Zb0Na9
+vlHabEqQCGsP8uLzneN6LDDaLmf+ucxKvCRrx5h8wl7DQcA5cAQhGofZuqChPqLj
+1lExS4ZaAi9lRL6aZhf6rgI/apkj+9Ky89sOqJxNhj66NgoOOh9XH1Uvrffv3jT9
+RxeVv5qYcAgfX4aIAM6KjC6iTZ8NyWmIoc8izYQycOsSAn6cqtdjmyc/264OZUd/
+1Tj5PG0q/Kinh9UBJ2F+pQgU4pDlWczXEIwtnmJ2mWyHBe2zuGWtP1uQFUIfwkEz
+KDTTFB0lm/00Xts+vGXgy2q+IvhqlOXfCkJGcP+OArLoyE8cu2xU4KS4qXUITSr0
+i3seUuTrda4aqrfyjNuM0tL/cUSEuT7aSlKdqSmRtYl9fTsmbCbndLKKuDJnxUrB
+ocXfuCEZNMQ/q/8DvwIX3l7RRIiJwqEg5+Ue/s2FTFJh4Iar/1gNQSApwToFHHhV
+XOU0pLY899B+1z10Nop7ELgJEKBK5+zMMBhB2t6nlMU3YojAH5qWEPa6D2Wr0Wu7
+x4DHqk0wEB6cDZ0PZGlWNOBP5bDB85GehAWKy73A73wYZCi9eCQnLh1Zjcjl+6T4
+fli2K+944sUKaUnY8sVT/20aXm1CRqNvgLknZMsg/eGZWX5F9+Jn/MviXmsH3LfE
+6VShEkNTFEsRUqF44Tvd2BZ6pObDPRDOkMgapzqdubujUesvb7LU3yNCRPBPngRT
+ZTXQynnbH0yfnFm6+0BYWtD5NeIzILwZfS6IRMSsCBMas5rCc7O2Iv0yhk/8K0f1
+Og1YH7pctbz1oAPmN/EgKZ1K36GTt33zfrwHpmKZ0jOWF90BQMgZ9dL+VyOMJYjL
+MiyetxwDdiP5TUUAKxXdr9t3AvxVPxL8aVjLb86kJ9HD+IgWUDqiROe88sD30Vww
+7R3sQhhl7drDGwUBj5MLCVhtE8Uli7HdaYC5CvuvlCAQN871whhk2gN27eqp81ou
+RB4kNaDK8qSn83ISnueg1jsQhUGy6B2Rx+rePxx3QwDsrMGf/u/tFJ1VcLlhmOJa
+svVKTMq88OAnZA1Hg6QlB03obSF9U6lJ
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cfb.pem
new file mode 100644
index 0000000..edd5d8b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE-CFB,AC1BA482ADC9EB3E
+
+tPu6t71kZlKyKaRiXgAMCmyxL/P6dVH/sPVY3KDFI0FsAGoPZaD8s7BkLLOy30Y1
+66kmaaWiaPjQN2g5zMrszrXh4AXazrjMrmIJ2NksNXz7aiySFafyYjyCPA+LIu/n
+KnfoE42KYEmENgMSUV9sh/nlwYS8I6LWva384BIWaG3qnFgfZ4gwgiI/R+1/lPXa
+olOpnI5szYMiV+som2E+I8lgd+Ahf2rempMnuwyWTDmUvYWwst7F5bz9XbmJyeWY
+HDDaTPy2Q1yRYBRvLTm64iA0J9j1TpJnSNm0uIRTVOEIZfOwOx20tFjo7RREunAx
+mEm+kmn4AIYhw5RQE5XQQvD42X4MLyc0M94k5pQHvgJFypXeJ4VsH8pkd4bqfy91
+qiPiKdA7nWnbedExwiwSPOhjOLkmQrXjsMVmoqqexhckJfmNOaXYtnQ8cZc50HjB
+6ccsjyLdQbLx1KT3e/NgfH4VxW4/hbbt3p0HMIxTnwt2lNG3AoKmLlOYSecuA4PB
+EE6oOauIKyJM8pwMV0hfBQ/MUQOnhHG+dbTn0kW91fRZiVPPvJiJ4NmEwD3ks3jM
+pLYZRot1Cd2ksJ79G4NXDFakB2bZ8EwtlQUrQHwW/ykPwiwpqCCha1PUzgsmG3hK
+U8bDWWQMqXtpSmItno1mF0H2TZzdbLpRAZe2lu8/mwww1qZfPE+MLPnCp050+BCw
+Hbq8fF1WVpJvsE5CKzi7Ll7bSrJ6BslrlzL4mFnnGmuz/mbBIL0MO24FNyVGKQlI
+hEzGu8lgp53pG4oSUZ+79CWBkn8mesk6iEOWcFojLKrlhnxZ7mDxBYfDp/2Bmna4
+lFt53zmQHJeYiO4J2TEXOQxvDWvcOK/SnAoLXEhUCRP9vTQm2Ahj1QMmEVvEybOd
+mRpcaJXUOgirS7Ulwc6ZhW7MoFFnS3UluI+gS0oXRW6hCm6l9poDem4etU+IsG2m
+4k6MoMLrak9lSheB1uL+xC0S9k20CZH0X8Hj5atb4R7T5+lTle/fVw1RGdfil1NK
+/ytD+CLpSV15Z6VGVGlzfXTIXYgCIgbZpFxOZk2tsdUm0dPBjR/ZhdUh4ofaxA8K
+jE8HLuW7kCkvmEfdsJxuRVVQ
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ecb.pem
new file mode 100644
index 0000000..35c220f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE,3D3D716B17DFBD33
+
+XDCVsv17xsOpLWONR8xKRYxnxvWs+bdU+2XCqoqH+cM/vR4+g4lqSPSAco0/LkyX
+q0/C7/BE7mN6fzUMiECYUKS2c739CBVwDJZJBVGbMNFexaQRmlSxqhmbQ60oalaG
+HZfpCLLHQvrOZ3O82aYuEfsbqJTEPkGm4lUn/5psQwudmu4qyv8GFR4wVpNcg9JB
+rDzesxi1aU6dgHSlLHrG5ot+lAITh40SCBQdwkcvixyDIi6l4FX2AyNrcQYmFGp1
+C3XaOn74ADLyo31Iy6rCb0KId6J+S+1aPUW2r1Xb6irI13/QYzIe8/fDfuyV7Ofq
+BKtHdu/oIfzl2X8BkuxJ0CEFxyyEE9majfItPnUEjX0Sn2PfOEwzq5LYYExpNuxe
+pHr9gtB+hSXC5t1b6ifv9PHErMNmBLdgLX/FT4PuL6URrn3LtydPcfW6XMkHtGgH
+zD/nnn8Kl1qXmkRbWHbREcOJB/O/Q53UwD26BsX+Sjwn2cfsgwQvZFzvmq/RwsCg
+Ej9FK80Tvn3ce+Kdt7LGUc9+KaH1OIn7qLcYu0Fhid/TzPCBPQffxpUJ1HylDaUz
+v1txJe3C//rg/42e5GUlKqf+/nzCmQeoaqZDG+VU3UKlngIYitlpwEq5fq/E8V35
+JeuHzFjYj0k9VNsOHY/4AqmEm9qi1yxb7WGINsysO+29RvfRD1bm2Zqhi/Mg7YBo
+8K1GowhW6uGFf+VCPORihMIxoT6xBU4xn2kX09EKrVdekrAi23QzslZXM6Ze0fxH
+7LlktJwah4/QFHwB5qXwmHq3lN4Nj1id+CElVZXjvbKvc4+mRd7VSn++05IFjTK5
+2r4FHifwpkGASJtVbF/7ZseaoOz9sHARx/MFSUp8kRZjOCzstWj6I0Fou51BTtRn
+1ZCey4e1eKVnV4F1XNdo27Aw9aZjF4Zn5hZfUPuUYBwN3W33l8FXRdYEoT/JpiQO
+8LS36SSZGVA0c6nanZoeDZsrPNtPJa8ANHR0QMwBDOwNr22uuJEG/nLvBfquG4HL
+Iy7nxBebe/0MXvsxK4OjjDzmYQL2msMlYffOABOVLCbtaPC/HBKUcmcpZ28WAzdN
+ArkPEcJFTgzI+hCAVG//uV59MkDnUZ+e
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ofb.pem
new file mode 100644
index 0000000..d06c31f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des2_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE-OFB,0472499818A0CFA5
+
+A+t7NfS0c6IsREc9+AzXRaMGW5GR2Ao+WBBxXdxNJZ2n6DWTcNHYL1VZsnVOoc9z
+N2PBfTjYQkNtehp4LDnypbooUI8gJ98T33PLkJ0/L03fs5iEiULcrpBLGc9gsNoO
++f0JcI4xNfE7bGvtveliBWBsn6KeCdwrdcOXziWGQCge0pftf7m4HZ/t/0ISfjXK
+x3ftgiwrvLSnCHfp50xXdN4FGRaIj/V+C50efu/hkAaZ4rCcTxgEcvi+TKdDjmcy
+MfxWmUmeGiT0MRongCZB7XH6g4sI3nwiDASLzvZ2dBysLD0wOhR+g8yumSH2RW5V
+rTr7JQANZzdZm4MpOv2fMCHzDcKEtPd+OlYMHegwE3p0y4CLeYByT4IdyKHVLiWx
+lwAKtZ15VlREgXqBIgrtG5ooEIIjdlabIckAhRc5yOX9sXsMePRyPgQSnG+nSbQ7
+6Y1l+3XueWXjsnr6SIXI5wbszM+TFbZAU6d9tb7B63R8ancHHSUgAbmSL7QpYZxD
+oNYseUzgPv62oMbX9VxiWJ5ZgwzS+D0zGALw3Tb/YVTxI+/VZ58ITZ59I1cg26HT
+H3P1thNPIee0zz3zewMdILgQLh5RWkJhn8/oawDhVVPBba72uw2nGF2aXwbLWx7G
+eJ94GeikGHOJby/J4G+0D2lLlI90jP8KB2fVqHxENGKSMLjZFERGvpiPTgHxWcgI
+SS3ORTxuJDzqG3qFfMhFwQnq6tbOsny27scEQZeNMGecfqGLWE+oclqfKKDQDm11
+JUQnsnFAT3cNFyd2bKefeN9co9NS1UTUw1m3gDH29kwmggFLwSccTFobrIoh5/le
+qiaHdEdmd1Fvp2nMAVufwmb6G1dizT37benyr5Gzc8CHZUMibFEIhjkmG8RQ4dyb
+Byai6j2gf6rzsbKiVtKqgCgMCw5LG8xypzitCBc0+DsYBnlAyS4hXYm41eqMtMsF
+vrP5uS50iDbAMBjuIpWdlRewjxEqiLPZofjbMGwbrvDu45LQ76rwLww5OUj6567b
+FJRcXQdyt/bWqB47GnAZq8NABCtY9HG77nTgqstOqYOOsdkuZC33JHAwTwa+b8tq
+2Y7Zo35CmITqLxfjr2IT5Yeu
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cbc.pem
new file mode 100644
index 0000000..f73edf1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9BF24F7ACA100D50
+
+71AQTQlq7BkcUMR0+Ghc8O2ykT347aaFUD9BYHXBW7SzEq4th3itEQQ4QxflbgR0
+2XZQE+dNK+s891XnEkf+8ZIIQc4LKr4m3P1t8UeAQvMbHRfAQ1u2/fMf5xwYMqsW
+BscjoQ0lFOcb69nb24E4taRu+MRDF2+eah2hlbHGbsTezIm1VzFRX2C4mnWyfffX
+2WyJQPlZpvOY4kkv8tRvW+nbZ0P7bRjjxrSbCeUVI8X3m0fiCJ0fMVg1MMaj8JxD
+AgIKBBIJV8SYRw3NqiGk/mIlMq4Qtl8PWEFBRf30DRD8RIqOO0yV9Czu/u1hcmxN
+x1/ZExbwOFAFwE/GU+NMegFRXC4toNIU2Xo1C84URpAvVAwwe6SiqWFTSTEHnRu2
+N/tfJlaL2yFrfRnp6mcNN3T8Rk376skXk1zml8Deh6rNU254yK2CFRgm+79W+CeR
+Gb1wxDw0GQ07Zr6/hNBfpAND4qEdyxYAfJQYOCufXiFFxWp+99TGKN4T/+Ab5D2j
+zKmpYFPJj2vuULLPGIJPnCVNjM5v2KwbFY/95Jh3JEF255TORfj2P6HETcjZr0pD
+TCk13jxgKs3mq98Vr5LGEJ4nUcm4GoZayIbeaM7heJTWmvQyP6PRZIDWi5mHs7K2
+wGUrutGZcxzLtaQkavQPf79xt+0CI9D8Nuz4FrKMS2ng+rWLzT3be46f6hJaX1KP
+cy8RLQfaWpFGBPHr8UKhicOpdbGjxxfBUM7Jlg2o1hQIWmSuj53SygZ/EQnqBV7E
+GG+Gf3RDl1Ab9ncOr2WAA5TOQ/yVBEYXy2W3TDmxuwf/fWvwF2z4DLq/J7pieEM1
+b1IuOlcDWNu6eKAhsrq0t6I/wYNB/7qOmIcMxn1dzDHjic3uO65IMH2swXmk7tuZ
+ExdHGutPDZKYG3TgMyMYk3W9YeoEZAjF3TodOYNpmtaDmftjIuxlaYzmtkQCFHGh
+cRlnPXJwaExSYrySX+1zsuqU2QaLB0AyTlAgkUdiLQOzfmHtiHt4Pgyv/o1z/PgJ
+VTVyu2IFh75H6CnSQGgNHIH6QGN3mcMIZQ5G0U2r46X+7+nnodOky09H2Gq71nQf
+vSk1M2ZoaOuo437zG8SlEuPKimz/d+PH
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cfb.pem
new file mode 100644
index 0000000..eb957ba
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CFB,DDDE26F919588654
+
+ulZ1WOcK/yY3ugpb4uN9s8ejFImurz+p4en3zaCfEMdv93V0JT2T/49e+OvIMaOz
+4ShAD3AO5zOXkZd5AUDI5Oi7mMIH2sUmhiJ+0xZMWITbAduYvt69lCGFchpQ/YRD
+G4jT1PY4WQX9o7nN1EYyPnH/vx4Rk6lnOZz7UNpK51SBSBk9lkF/d3bH3J2+pYaN
+G8VET28OIVTs4nqNdu8nxoE8u/Y3aW3FVsFCA/ZhmBD81Odb4rHAHCqJl00ApW91
+nvpTkTjfF9+EfdOE3mfLA4R7CEVWaqnfzvNrVCOILs3qSFGKbIBPBBBJbc4d4pEm
+G+8g5gimV+oL/Q6njSi8s8yV1WWf/nqK6EKd2JJglW700V8dbGHjhGChNTM4Px+C
+RfTF+kXcQZpcsax5ULUz+4KKD2Ub5EcWumg+LAe36VVTz/zDTxhTzsm0/iN68KTM
+jzKjIY9PkVIhZikVkp4s8pL97rL9Tota4OGMacPx3C58MSwJSg7fdUehAcnj+GC6
+Nfi+iHxVpJP4QnFi4BotFxlb2FoVhoh51YdaUehqD0IsoBxrQCmT8nVaz9asJMCY
+CRXNO/2pUpNJY0iGjHfvdmT/aRf+gmat41bX/1r6Xxujf09JF1iS5v/fpYQsshZc
+N+xysjZ8Bps2Kx57XSUTz3NrwMuliJgw6ZbDYBHGSSl2lueUanNArE4iLakuf5BK
+zuf7iVNTZEww904RhnA3HnivRH2b+Q1mWxTezSYZTs2Qr62mJ5ewiFjOlv6hPUfx
+T8/ka54Am8dHsgc3LUDK4pFFR0Nk82yU52FJPbGsggKZAde2tUnDgup6gNmzEjA7
+rSWxEfg53fHda79SQzrKaPGsuWr5b+cl20rGycqN54qZafKFah2tfCzgGdVZG+Yn
+Wq5wvZK7Elmjz+URvKitFhw39yscj4TLlEQ3K/jZVu5/lsyyu3imiUholwMCSuhV
+fg667XbT1qSw8KPWoloOSDQr60d2cK8Olg9DjfMgqmDxVHMuALB+O/dhJq4Jaa9c
+e6ycERign27Fv6j09/aAGrsaB9gMXCOmMhYGSoBUptjb2dx8mN/z3fEG9ykvaDiq
+i1+9GnfRKIYzfxTa3PCpA0B+
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ecb.pem
new file mode 100644
index 0000000..1dc8182
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3,695F5DA31042DDE2
+
+dzOyRB2M6CfzgilwOWNhrea/0Zt1EmJSCDPXO7kQz0LpP3/keHgFL14NqxQU6puh
+gYn8TKE+H2f+l8xoNhT6kdRI5OZP85NlC/RvzcIPJkriBgMeLwsRCvhxg0EujRa8
+popm8yF2E8N9YPdz2CcrUW0mttVYeSy2YO/pi5rTJBeqqIjqFYjHPEmlnoNqboQk
+aflRKFw/rZgsE4gzoMKR/yso/GmSIXj48h9G9CyLWPFIDi8LdiiBG62wxK1TDFDI
+FIcU4KY8QyHSYc3DdYJJM2kXxvSy5BxbvWkD9cZS9+CuAvDyGI9dfF6g60f2tCA2
+AxIHRn78StCNbRN1xBfkqw0BremGo8G3H8w6FrdeS1rKzzYqAe3XhDO/uN/0aRAz
+Yact4CIYbZgMRhTJh6YhWma9UfYtxslmTNkxmMptS2SvOVSbhPFSQJFIVWaN105f
+HGmLwoRwV+Xd7nLX5hcR0Sozr58m/1FYun4c4797/bcGA5nDKQ9+u/GvOtqGhIU4
+EY5mkMhqt4MdDdKozQvATqWeSlESIFBZgG5sAQWuRJ9g2Pn1N2GTveY0ofIXV575
+WsharLOALP87zUur0E92LoBrbFAS7/nJ7T7F1Ye8ZoG88qs+vJy8SUVCrDjUqfgL
+90YHTKvmq3fJ+DO+40pLU+aiRBPin65h+5J0jW7f+eGpJV1S5dxIYKW0D1+PgcP5
+URVYuN+cGWROH4DN7zyIFPh1lls0GtAf1to+zBy9QYUFAjt2lB/oL/d8RRso4rHG
+8cUdXilKzAApI63nq0pKN2k9hAH5wGzxg3vWJCbsrXuqExsgZ0EFLR1IOX5ISCCZ
+g6TKiLDDSFBfWKTsix169JzCCptFwE+u8lY1b0A2ApCClXeS5+HvWlC/vtkuqCKj
+V51xSR7ltzosktG/gSc6wesbp0RlldK3Ee1l5Ld3sgoxFZd8aBuMVVfvqz0Li0ac
+883Yr9+nSvc9WspdytrfjcbUxmWtBxsDtVqhuIM4eNusUPY/L6FJhfX2kgjc8RNf
+MNJXiMOaTmQfVCTmKZDF1EN+4IZfdrudL+UoesTzasdlDXGKc5gCecWiQpn/hKto
+6YwKToh84r1R4gDcQGM+DL6wa1W5bVbD
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ofb.pem
new file mode 100644
index 0000000..86f2019
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_des3_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-OFB,BB994897E99A8F6F
+
+Gx0S/6H98EIJK9lM7TBQrFejxjBVE0kcbBTVNTCJCuJ1Ik0s6+OqG1OFOLdXJWva
+M+k0WEWKhTAXtrrbzPiu01u+OVpIQ3xhgzt0rcU8UigfLLvMdqXoyuUTzCYHBraA
+ByJ0+Z9nK5r/OAJkq4gnRfhsDajZgOy8rZAdyIui9rom5emcx1GsnpW8WdRCuu5l
+kHEyaG5nHtUyZobZk1kNbkqelByCAFndV/eook4kycEytZWNPpFP+tUaXma92vDV
+sg3h2qODMr9ElrbvKYujOuFoO77BYM4oxlE/WtWpD29hmxaIgmnlvwUI7HerpZg8
+DbKYV/8ncRolxoE1GqO2dM2nLKaNKra+n5REJBpUDjwe/eV6dwcj5Uvk9nocEt55
+3qtmPbevuXga9mL5iTN8dm5RgrkzCX4LBu5fB3WviuseUBAqpKgq73RCutNM2gDm
+5CkV7Iar6tV+LgiUcgoo8RAnJbysFT6jQkGPYhABFKzdzrFFDDQUBpcLo6hgHpyb
+uQqjVXR69JFxdQpJSuc6cH60jzRQOvgwpCzpRiJL0mgXNXv51K87ucEzM81Z0UpG
+O4GYnsbo7PQfeLAE1PjP2B3xj8kgcRxWbHkQ/vIHTEAtJcXmAquULi+mNKAFb578
+qlBs77sLICgtpqBUzfoiH1ozcKHOJ3XB3yPYt7WKIxn3/rwqrgRDrPbyrrDmV+FC
+veepr8m8ZssbZjKy3z1js+jcvjKJOY6U/7Uc7IfZ6AjBXrkJIDEtn9RPoexG+av/
+P/LDsCF0ChhP44KZi5q5TLNvAmbvNL/7oogaSq9nw5hJYLiu2gScOAAv1h/j9yhE
+f2mz/xTHjr35m3Ax6wLPk2yS53PATS7XXQtWY8E0LJz7gOkSDvolwnyc5aRgS9WF
+H8DyqWi8vYzVLNd1qM1mAR55qrVhWnmlDmw+f2OJmP+6MNAoptW9nsUaeOk5xJVy
+QNSwJCjzp6ujIn5UhmrS2u59HW3hiW0J/O7aalBXYQxUv/qllKkrNmX8HlB/1r2C
+IniTw/Rd33TsNTBx8tqq9IpnAG4s51xHBeXT0+Sd4zNh+fIqAYLNuMllHMlM/oFu
+A7+h4TYAxEccchEha3GD6CMl
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cbc.pem
new file mode 100644
index 0000000..8a7d018
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-CBC,B0CBF8975CC514AC
+
+eH3gBb3Shpdi9fkBr66H3xWR0XnIrKhPU1KABtoaYxE3N7su3duXHlx4zpc3YyO3
+s2YwjN64PdGYgFdwrznf97SjdI+MSJgu2wMxxTwJwOltEPBdbvNWEpq8SLdfdlDv
++zndoR7YnMIhQPp5Hch07dhwpY0hn3RELxYf32ALEbe4+xG8/LZWUBoKdgOn+trk
+1Oh0VB3eupjtsdxDWMMN3Ar+l/1AfdBoaQcHg3UdO52U+mTc38QAaMA+9Gplkz+Z
+YwjWz4tyltvTDWGAYGuhxTPVt3IoSewGVHWxKezFujNEhj6wuJBTlpN5T1pALfbD
+JUiGEmBXOPcxwa3QKmVKJFcA+p5eOYY15sqsIhcaXxPgzjO6JQWMErkaOnyB9sHg
+fQTXHwMau2HqzjOM8Qa/lQyv9nf45IFupKoTT6Kja2WzAVxd9KGW+NZSAa+okRSr
+GQrsXrJBFl3+wKpXN3alj94GK6aqCBiyd3d+pp2NyM9TorZhfWxbQamPmQVaU4aF
++nJjB+lW30wPZM6Ik4UqsgXolYXZCtV4cOaZ7g9ub2AYmYCA6yIagRFfjuEs0/f2
+MNN+qu1Z0sg0oCCpqO9kVcnnC4jIaXvU0egZVlGZ51GP7iR5VsLmi3VTbebnsvT7
+x8XYI1WHYuANsSBNRJj7vmrolzVErsX90FInNcnc7o43KQGyeR4E+vSdqoLHbk3A
+2HL9YLDV5cdvGafL6faVKFxUaA5CWCFVtrV6MPJAm/xWs5nu3wr6aNsDk/0R4mqi
+vzQe9EjkMprrihpXqFGpTaehJQFgLaE3FwnxPeUFawqdKIqaKf+stx3i24LkDSPs
+ukLiYS7cPcDYXN9kI6a0fqGtT/gL7NVa/jxsrl5+da/alvm/Ai7TJsUUi8dMzqIy
+85Hv6xWyPrwCbar4Ehq1CopxWvINo1AnvajIkBHvh4EtK7B51stOO6yNEV7spYxb
+nze92IMAtRNWO/yp/p/nccy9PB8/e2v41T8EN4MJuDxGX4k4cG0k2IGzBDcBM1pC
+YfmkHzMBGPsq3CQ85balLEWQTgR5nr/8+TabxyloED/Sw7mLM4gqMmn2KukzMxT6
+qeiFiGtmv2TbD7OWkaLj1Mth/ns1Of8U
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cfb.pem
new file mode 100644
index 0000000..acd0a47
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_cfb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-CFB,CB9482EEE6EC0DA2
+
+Bo62wJPRVVYQKoP0egdW3dLX4yU/Dbkx8TtIsNxNFhdwpGWtEGzervoU73+6aaWF
+LME/HVPUh+iZPKh9HuwSiP0GtwJzCv8arDp09mxGJ7XFcqz3AS7T+K9A1OclVa5o
+LwQ6ynBtCsmgiVlS/haNjeONqCtpy0kERgathUclwQCLTnQBZmu/l2Pk8Gdtc1Tc
+osmKc6BDlPOyofTt/UnrhVuZxasrS7tKEnVn/iZr5mjUZAqmC2mJcWT5YNahJpfO
+rawRjukIUOm0feFwov45+joTSIGDsNTYD3OV/+BF4ZgBMm33ApAE31JFoweUcI03
+2l+WS5qtmcwuOYGp0Np0BWg09KVwNbIghfiVUEjnqy55PCVOFH1RZrmHhPndCvHQ
+BwAaac0yAtd5vFWjeUf+pTbDmkA44g5f5aO9uQuB58WWkB8JCFpGZLizK4ISy5ay
+dE8+SjVGiMSZBDfAmiEokoYymc7L8bkTIl5Jo4TuMmtFcHnfohZd6Nue3aRzNZHJ
+E/V81IxIytHRlMl/dZjSujPw9FgmXSip/U1s8ESIVOVoy93HnaifgRfkkGggxp4l
+S8QqBvJTAJrQ9ygO3PBjgdKGi1XWvhH1Y5EwPJ6Wor4zzltftELEs1O9xfBT/zeV
+GENfUZZU+5V5ICm4K844WoiTkH5OIWAi/ZLK9XRqchaGWvMpv9UwBy3c0KOx1O4f
+j1/8pbXDv1iey2USNL/Nbw3nanIG0dIbUZ2g2U/FeKtfCfVHu5LJY+v6njKl58X4
+mthqvCZyyJy2U31MYUUDN/lgNffwLnzFc1AxYyxDZwviKmAIN+Ylh5jbxuElCS1T
+bpVd1+4aber+qv9Ar9G/PJEt9ZdHR3RB/tsEXv7ORke+fVzlKFQu9PKo4k25U/mn
+qfBcwlut9rMu19xsjbowqHyYJbenyrF55d00pp6P037cOKLStJECtpgir6HgTpo2
+Oyavx3OIH7ypvcyaqhFUqZI2EiGOdBwbSBp/jCqOrnAwTKo9uMcnmrsKj6EpjJzO
+VGK0DoieTEQ9VzGbqZKK34NHidE4j/MYW9lGKAADSy7Ey0CllvumHiICWOn9aJYy
+ObB64C3p8NFEcW5SrTzPtXeD
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ecb.pem
new file mode 100644
index 0000000..1ded3d7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ecb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-ECB,4C5CF049EFF2E116
+
+M9XRNeRQW2K6U0bfpl3axdvsuTmsiFLkZ4C/76MLePY0HxePs3icSW82+t6awIpG
+gHfei8zevNlF331hGPW81XZAl8OaXWi+iGhIfKAInLKY//DBVI5dMTQUKTwBa87k
+oby7hLD+V4lVKr9o/tf2A43QjEkScVlxcofEnWUG84LkgXalsloaIAt7iu4qUMTA
+C1gTbkwex6bId97wvPQLvhFiOyrpsi5Nm98vEeJwMdb6dMNfLAd3Stjvhh5dGGaR
+BsRwDqgrkycYj6pOT0Zvg9fBxwLYeMk7PPo0bTEdY4itvpHXaRHcogsBJ62qnsFM
+mxk1opz6U0W9xKSNTCwLzg9xinRPXGDP5jz0zqE1nlQ1lrsPcsY+omKdaL/SGYlN
+vxDbm725eOoi1H0jsTGJsgcKJ7sKd6LTUEIAEsUvRAN+ro2zLhxteDP+gpCxTNRr
+ElOLddlDm6TB55lBkZVrH/0k/QQQ+L0lBi5Kgg/hE6oanMRGeKQvxhxRuBbK6tZB
+e0b0lffgZR0m49i3A+fTxa68lb6Lexggp6LAkheh6qOVAzSDWbk00fJ9SWNWO4oC
+9FNqu1yafLt3Xiyqv7iD1EOyGhYF8NDvbMpu+gM7qwbTPMjgXf9N9g+AxSbvrmHR
+5zGtJd+8BtU+139ZlsEv+cux1yxkYEypKm5MHfaa783b2zKuyOTMgOStvSOUgGhz
+c9dlWYPkgdgRkAMHzfIigHr9rQssde7pR7ZMlw75PxI7BI2ZF1Vj4weIkwH0SKFE
+fui/C67Uf78OHx4cVPANDk6cf4Ow8buH/vWjEX0p/jpOfNT9ZA6Otj0CyIQ56MjU
+L4nwFU7GqCbVkJtsHLI4sZmP4kH/3zuqVtwRTzQbQAWeTi6RCSwa8/amAStTPcX2
+WPRezgAtNzS1MBhileGuTP+opGdGOOp4AeCCJdFBzkEacRXylxdY7PUsCZI7mRSZ
+7AL1n9jbUbbgnl6zmqn7fybigjaTpLNSkVPOvVBxnNXxOW4n2HD4vA+q3a4d212X
+fWI+/y7mbYLLRs1LPPgjSLfPQ7Ye1Cj4KWy45Z9YBUtjdsEbaaHNp8TidgJKJuMJ
++sDQ3lvtJdIZZy26tzLf3ryE/+2KMTwG
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ofb.pem
new file mode 100644
index 0000000..331542c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_128_ofb.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-OFB,F01B181DC9520301
+
+azqFQnexfYYO2tX4qlC6XLU2tPX5EdwOHsruz4uzVJmYFyRLlrgG57KkahVjWupu
+AHkkjhr9d9m/0/t2vFy5JEnF9WWcNA1nxqzfsaIKmnuCULzYzMWu1cFfTV2DZoAn
+npdxa/eYmcGRZ0u3aZHRGpGtP1y2sKvWmUInYCc69oigiEn1qyDkRE/tDAREh7C6
+DWRcva94GLj1igIHc61lBugZKBlchv+q8t02Ga1slM10QRg2dgAlF8uCPZe+NLUk
+8uOifATkKTsA8OsUgn9nRK9dH4FuZeD64NMCszOw7mYtjJ7YW0J0wYgC9BuEUcNm
+QTxellBcs/qSdi4pZWsO9JXxvoc0lTmvoiS0rL+JlB/UfubVQYq+C7ScVJeTUNKL
+6fF8hvfQzqDDjqx+qP4SgboAmIbL7tTJBeABnnhCOtaY5vSuT0l96rIQm/EZdlWD
+hXKcrhawaq6pqh/mV2S16e2gDRQyUX+jKvumTQhjN1+AkIb7EMR1ZLJFX1l343Fj
+5/V4D2+H3EZhbCdkz4uI6I0swDasUjtigcn19kOy5t1r49zpTJ3wxQptLRx4AXUZ
+zjVXVebGyFYSdu+Lks1VC9WDeisBW18kCg5IpOz3eo9ULBBQZnzSKS30OXlyO000
+/1Em8FPKSKYeST3SmI1aDObXOG/s4tyKTCj+e2VKROq8hDhJQUYUP0AgYkAnwURR
++XylYEfUrW9v758Kk3u82ZhEen/lLUQhWeXkzhVi44Lgih3Bjsm3jP5f7KO/5KfM
+UqECKIHR/p/H/klXPNmdFo919AFGcnxFjQCyhlv0Bl8FSc5FUkRl9TTLu+h5m/p2
+ONV63odsVGt2q/HmL+3hojX/BxSEP/8Mq1JHR4Dk0qqUpSxRtDw0XE9/LU6s9NZp
+zm6lkr5E2U6EN677bmem5QoxObNvc88EXGr0EvoWPnhh20lD3vQok7GBucnycoj0
+9NMmRUIflnj47quAGXI6LuTSzKqOOCZC4yNvdyRdil3DgyLLefr99m2WEe0HolDu
+pIyUsgHMlZC/YRVzqP/6DklhKDcvgWbBeqqhV1r/30rRkegHdsWiAEjmJadlBrJF
+szJZpa9obMH/q0xUH3AXXCkS
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_40_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_40_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_40_cbc.pem
new file mode 100644
index 0000000..d44bc86
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_40_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-40-CBC,7AFE1927D7FEE9F6
+
+WgKt23n2XggL+3rzABzjmOq8sdOYfFuuYUzP6UNH3zdXRt/fh24/WRgRw+WCa5/l
+3Tt0/spkkMsgkkDwPPVLu0MUhfoUQyErK0F+8HeEdA82C7uGIgst4E2MS4bRXPR6
+w9U2R88xdUaljjahEbSMUG7JXecjL0WG+zLVDpDqMdlKNcMz1tnQbO1JNLZCJlfX
+ZlVPslMmTTxs1sqYgDhkAgh3FwSsKMj51nvedVCq2bAtSmgnz/bFDLT4c6N4iLf5
+MXP5ZUMUtWCac1hXayVw4koOkuPELKi2/1vWe7qDWJfqhKmRT2DV0Z1GKPjQp3Q6
+kGnD8oVxbKfCQDI6PSMOeBcWu40Y1yTbBHBFJO5+MdWsNOQI6CZGJCHNu2ZbOd+w
+tIcxZZjy5d4uY869PxxVxO8TmCRUn9hham6qfTw5Mmh7bOyxqID3fXlyrcE7KRel
+dlL9eQuLcA7wtH5vqpy6V28yWculvP7qmXAGUd1gqSYHUs8kipf46ecFwieCNPEH
+x/6hDl38UsuixchyyJTp5u9L5cKPy5PWXv773xcPguk01YhlmqrpTNZsdoJ/CTBg
+gal+o01rXd6snhp7IwSAppCPwh4YJumwdPjF6jUlmB/2AStF6kGaOA6BbJ/lQlCa
+cHAUaVlTZEyzSGShBGJUAN2AughiOq+2POgr5IgeoC0NL8ieMg7bMYjn7+Np4yZN
+KGmT1jZo7OmyVdh9mheahXTT4Axihfmy+uPTECuGjq4X3DVv79OvSFRpHXIXLnX9
+QkizsJKZc6v3FM6o5tbMDbJyelzaj8Xn8ANrugYMC1R4XImDSel6Bgxni2gHuTEc
+WrrILWnNSmNjz/yziFdu5VuQmYaJ1e50uenmOxiSQhL+53UzhhGCrw4ooAOSF5or
+s87oY1HO2aYq784A5UZVYGA6mYFjDDQSsbwp1LYomjoTrwoJML3P9x5SnaSrkEEC
+3Gm0R/t7SkdMmJhRc28uYarO2qdwyBuhoYRxw9Z6bXeaUN2WhJ7hILCL0KKZE4vB
+DuKxE/KgD8ijKpkUn+6fizWau6Lm5mqxyMyEDnCDkvlvv7DMoqZRJvVWSddNMd6t
+T94SaIiCDOY3SuQCi1361GGbVH2dXH+X
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_64_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_64_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_64_cbc.pem
new file mode 100644
index 0000000..4a1ec98
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_rc2_64_cbc.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-64-CBC,6646FC6A291EFE41
+
+KWLSTeo6nX30rQ3WbgL/13WAEMCtaC32ksYorVhlN4ijjiDu5gEnmfLRNYK4c3LH
+IUJawIdZvHSVxjrKNjmKA18w+4kedYCCL9NbNswd5eO18wldFR5NlSI2FGggzANN
+OwJoHUOXggYxhc2/xbYHpQpl7gvJqZtAjyewyTDYeTC3VDFoB/JywQ/8vv1MN8Ce
+Zx1k6preAQrnqo/LEIm+GPUa9flzWZlCGTIC+obNkjJGZPuUKLM/1TqNsrum33aa
+gFwnz//khQULylIRwxfuOMCHTslFmrs/7MLLbJQyTa99S9kc+s2VDlaKWUn0BVe/
+MoCseykcuIcskavuj01SYySJU1YHBTu7RvhuYO8AQmnsAP3gWQUMvKy9aXmzsoC2
+0Nk3QCZiG+1hN423So4NPOh42OWbqrDls9PKhXvQ8H+58rAxW2s7OTN29Klo39ek
+w8SFjMEtt9kLNpwBCJrIlolXvhD5WQu6XbqI0CtoOrh2Ote1c4uN88HyIUi1Y2Op
+QsfLkKyx7yJcJrz356Ab5lbJKVpKJW+frEHI7rLlfJrj88uzsh1B7oPL/4fhaj84
+vNUfadRJ25ZivBiHHdUTrKk9CLsIDS/1DWM6sDclYjXiA7kgGNwJupOb2L6VEKPv
+eimiJ9ooKq00E96Dc8s23FteQqySNaUAcqDnAkS+ck6pXQECZs4uD79k4pck1SX4
+O20OIPo79pzcWrmYOrTIXH6ttOcB3lUQtB1fmcMT5RSJYVSKtgBxLPKhLcL18xfb
+1HbDkpdUqS0R/nK7ecMd/LP+UmMKPUyMUTfTUnlXZzsNsgIBkm1eDn9RkOGaV+oc
+wau6FWmxVSPs9Inb+7A+B/2bP0qyYnciKX41I/PClKGitm52ScJyrEN0XJhQ0O+C
+mPp9weJI3IwpDn/Mc46NQO9uk4rC2P9o1zfJXC38PlEDEC66a1Y6SEQOVN6iYkYm
+rVytxWjD4o5vC+GwYJPYrmkOg/SQK1AlK8TSpNC5TeRcZ8YIbPLRfKRUQvUVtFS0
+fyPK9zdariwubkiG1a9/NWCF9gN1/DPKFYy+p5Au2ICD0iTtOND9I/Yw8dqsjzsF
+4jhYQ+No+ytLYc4Zo+8s1RO7yduFz7XQ
+-----END DSA PRIVATE KEY-----
[28/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem b/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem
new file mode 100644
index 0000000..5ddca1e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINjCCBx6gAwIBAgIKB3SNcwAAAAAAlDANBgkqhkiG9w0BAQUFADCBojELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xKjAoBgNVBAMTIVVTRVJUUlVTVCAtIFNlcnZlciBB
+dXRoZW50aWNhdGlvbjAeFw0wNTA0MDUxODM1MDZaFw0wNzAzMDYwMzIyMDRaMHYx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxEjAQBgNVBAoTCVVTRVJUUlVTVDERMA8GA1UECxMIREFUQUNvcnAxGjAYBgNV
+BAMTEXd3dy51c2VydHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1yFt+Fjn7VJaPv7lv5IyQTjx7mFv2myDOci0sf13SjWo6D8Lv/8tC7Xt
+VoDXyonDY4ulBu2wIoKNocbtyNQGjb7RaYMxpxMrFydypIWXVfz3yuvJr74ZeGc1
+0X+vLTzThsQe/QLkqxDq0btjGfuaYe0wfogOGh6nptWNAiCvvrAO9TBE4NW5q7F2
+ZZQD/MhVgG2o+rGUOL7ieEWNtX7P596hCUaji6t2UIVQXViReCGjot0dw9wLGJ38
+hLIX+KdI5arB00ODSeo1X+EobDOpL6xiIh1vRJS7Cb59/cXk/P+STGOXVlP+d1xT
+W66rfYuvdKzqMICxbghXhQF9tD0mZQIDAQABo4IElzCCBJMwCwYDVR0PBAQDAgG4
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSgPNyE/1EGrMbLIevLBQfX
+EMJo5jCB0wYDVR0jBIHLMIHIgBR1ASiXxkYbNG7ooJEVcZJ57rcDzqGBnaSBmjCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmWCEAAVbCcaVP6zgr6vVP70ooswDAYDVR0TAQH/BAIwADCBkwYDVR0f
+BIGLMIGIMEGgP6A9hjtodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRSVVNU
+LVNlcnZlckF1dGhlbnRpY2F0aW9uLmNybDBDoEGgP4Y9aHR0cDovL3d3dy51dG5z
+ZWN1cml0eS5jb20vVVNFUlRSVVNULVNlcnZlckF1dGhlbnRpY2F0aW9uLmNybDCB
+tAYIKwYBBQUHAQEEgacwgaQwTwYIKwYBBQUHMAKGQ2h0dHA6Ly93d3cudXNlcnRy
+dXN0LmNvbS9DQUNlcnRzL1VTRVJUUlVTVC1TZXJ2ZXJBdXRoZW50aWNhdGlvbi5j
+cnQwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cudXRuc2VjdXJpdHkuY29tL0NBQ2Vy
+dHMvVVNFUlRSVVNULVNlcnZlckF1dGhlbnRpY2F0aW9uLmNydDCCAh0GA1UdIASC
+AhQwggIQMIICDAYIKoZIhvpfAQEwggH+MCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3
+LnVzZXJ0cnVzdC5jb20vQ1BTMIIB0AYIKwYBBQUHAgIwggHCGoIBvlRoaXMgY2Vy
+dGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2Ug
+aXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFVTRVJGaXJzdCBDZXJ0aWZpY2F0
+aW9uIFByYWN0aWNlcyBTdGF0ZW1lbnQgKENQUykuIFB1cnN1YW50IHRvIHRoZSBD
+UFMsIFV0YWggU3RhdGUgbGF3LCBhbmQgRmVkZXJhbCBsYXcsIGNlcnRhaW4gd2Fy
+cmFudGllcyBhcmUgZGlzY2xhaW1lZCBhbmQgbGlhYmlsaXR5IGlzIGxpbWl0ZWQu
+IENvcGllcyBvZiB0aGUgQ1BTIGFyZSBhdmFpbGFibGUgYXQ6IGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbS9DUFM7IG9yIGJ5IG1haWwgYXQgVVNFUlRydXN0LCBJbmMu
+LCAyNjUgRWFzdCAxMDAgU291dGgsIFNhbHQgTGFrZSBDaXR5LCBVVCA4NDExMS4g
+Q29weXJpZ2h0KGMpIDIwMDIgVVNFUlRydXN0LCBJbmMuIEFsbCBSaWdodHMgUmVz
+ZXJ2ZWQuMA0GCSqGSIb3DQEBBQUAA4IBAQDPZpUYi6Nz5wSo+hbzYmBKJvG1N7PN
+etSdYz+h7lIwKZ56sue6oPm/T5VjY7upz8W5GL1q5YLNOr836pxXvNgg2L4ajPUA
+nq3EZtNgkt0iZmGISQwFcgUDnYJ4L56c84vXlreLS2xAD3rL+XeIE/d08OcxLpSB
+udQKfNEd84tM564hEkD5ah99qJbckBFqRNf89ZijW7xPUavbhGStaeaCvdllekRD
+ZYtppwGMlA1Lw74p74GpgAwzRtc3vkya4Ls/FZ7d7/R/cOkLX+MYp6SAi+GsHEYz
+55ACEUNhFU6X6sIkhFgxqDe0hL/AcKCV+WTJ0pSGXCFdUbPGsPQCy3ck
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem
new file mode 100644
index 0000000..c7601e9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:90
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:31:41 2006 GMT
+ Not After : Nov 5 15:31:41 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b7:8d:19:84:c9:ae:ac:40:29:26:89:e5:0b:72:fc:7c:cf:3d:
+ 5e:b8:29:3d:7d:27:b3:ec:11:2d:92:2f:3e:76:67:cc:5d:ed:
+ ca:ee:c1:f4:94:8f:1f:e2:32:51:d2:b6:d2:0a:3a:66:09:02:
+ d8:9b:30:b7:37:10:4a:78:93:96:d1:17:23:34:1a:4e:73:62:
+ 65:18:ef:5a:b9:7b:f6:18:33:f8:21:88:97:12:52:c9:e9:54:
+ aa:73:c5:af:0e:29:2f:d0:99:82:09:69:b4:66:06:be:6d:96:
+ d1:fc:45:8d:e4:37:84:b4:57:45:f3:5e:42:2e:92:59:35:c6:
+ 30:89:8c:06:cb:f0:95:43:bc:36:4e:75:e5:1b:e9:ab:69:93:
+ b3:fa:8c:2b:f9:c2:fa:27:f6:5e:b1:b7:44:59:f8:e8:4b:5f:
+ 9c:50:48:44:1f:09:4d:ac:0b:bc:8e:56:76:52:a4:a0:b2:44:
+ 96:96:16:1d:31:30:0f:f4:23:c7:89:4b:fd:37:b1:5c:4f:9f:
+ 08:b6:ff:c8:e1:f2:91:10:83:50:62:30:e9:bd:07:31:49:a4:
+ d8:6f:d7:6b:e6:c0:78:58:b3:60:96:4e:f3:c4:3b:4c:f3:41:
+ f9:d7:c5:6f:8a:14:dc:3f:b1:47:2f:e1:a7:ea:0e:23:e5:f9:
+ 08:f7:cf:92
+-----BEGIN CERTIFICATE-----
+MIIERjCCAy6gAwIBAgIJAIz+EYMBU6aQMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1MzE0MVoXDTI4MTEwNTE1MzE0MVowgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxMHZm9vLmNvbTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
+hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FJ8Ud78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNS
+yoemDT4NMA0GCSqGSIb3DQEBBQUAA4IBAQC3jRmEya6sQCkmieULcvx8zz1euCk9
+fSez7BEtki8+dmfMXe3K7sH0lI8f4jJR0rbSCjpmCQLYmzC3NxBKeJOW0RcjNBpO
+c2JlGO9auXv2GDP4IYiXElLJ6VSqc8WvDikv0JmCCWm0Zga+bZbR/EWN5DeEtFdF
+815CLpJZNcYwiYwGy/CVQ7w2TnXlG+mraZOz+owr+cL6J/ZesbdEWfjoS1+cUEhE
+HwlNrAu8jlZ2UqSgskSWlhYdMTAP9CPHiUv9N7FcT58Itv/I4fKREINQYjDpvQcx
+SaTYb9dr5sB4WLNglk7zxDtM80H518VvihTcP7FHL+Gn6g4j5fkI98+S
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem
new file mode 100644
index 0000000..04c9ddc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:91
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:36:29 2006 GMT
+ Not After : Nov 5 15:36:29 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:bar.com
+ Signature Algorithm: sha1WithRSAEncryption
+ 75:0c:a9:ac:d6:41:99:59:ef:b9:55:a3:57:8d:ac:7b:2f:cf:
+ 4d:f9:18:4a:12:70:cb:58:f4:fe:37:05:65:1f:f2:a5:95:28:
+ be:98:87:18:33:b5:0e:02:f7:63:72:0f:cd:54:36:ea:e8:54:
+ b1:2c:3a:1b:48:06:46:26:81:0d:ef:f4:2d:47:25:5d:9a:09:
+ cd:75:f5:aa:94:b9:e4:e6:9d:c5:6e:f7:6e:bc:e2:4b:4b:31:
+ 46:01:ab:64:4f:dd:de:0e:64:92:2a:3a:20:40:f8:ec:e3:fa:
+ c1:89:e5:99:9e:c4:28:ff:5c:aa:35:b0:96:7b:c7:9e:75:1c:
+ 67:64:ac:72:82:cd:62:cf:6b:37:d7:1c:a7:cb:6e:ab:66:f2:
+ f3:c3:b2:84:ac:06:8c:97:e1:3a:e7:6a:7d:33:59:70:3c:d1:
+ 1f:1e:05:ce:6e:d4:b1:56:b2:71:5c:38:b8:39:a1:10:72:6b:
+ 02:c9:8c:3e:98:ff:f9:74:4a:f7:fe:36:db:1a:be:f1:b7:3a:
+ 1e:88:dd:b5:b0:b2:ba:0f:df:bc:16:6f:66:a4:17:4a:65:3c:
+ 9b:c2:15:70:c9:96:33:3d:19:40:ef:1e:7b:74:24:04:73:19:
+ 7c:2c:bb:3f:f9:2b:55:b5:b1:fe:e1:13:22:65:2e:f8:d6:60:
+ db:67:b0:13
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIJAIz+EYMBU6aRMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1MzYyOVoXDTI4MTEwNTE1MzYyOVowgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxMHZm9vLmNvbTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaOBkDCBjTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuz
+A1LKh6YNPg0wEgYDVR0RBAswCYIHYmFyLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+dQyprNZBmVnvuVWjV42sey/PTfkYShJwy1j0/jcFZR/ypZUovpiHGDO1DgL3Y3IP
+zVQ26uhUsSw6G0gGRiaBDe/0LUclXZoJzXX1qpS55OadxW73brziS0sxRgGrZE/d
+3g5kkio6IED47OP6wYnlmZ7EKP9cqjWwlnvHnnUcZ2SscoLNYs9rN9ccp8tuq2by
+88OyhKwGjJfhOudqfTNZcDzRHx4Fzm7UsVaycVw4uDmhEHJrAsmMPpj/+XRK9/42
+2xq+8bc6HojdtbCyug/fvBZvZqQXSmU8m8IVcMmWMz0ZQO8ee3QkBHMZfCy7P/kr
+VbWx/uETImUu+NZg22ewEw==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem
new file mode 100644
index 0000000..4e80578
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:92
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:38:13 2006 GMT
+ Not After : Nov 5 15:38:13 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:bar.com, DNS:花子.co.jp
+ Signature Algorithm: sha1WithRSAEncryption
+ 5e:66:ce:d9:21:8c:8a:b5:d9:d5:c5:5b:dd:2e:0c:32:48:43:
+ ce:13:8a:41:49:78:a2:ed:76:2f:d1:0f:50:52:f1:bf:fb:e8:
+ 05:19:08:7c:f4:78:40:07:30:35:99:55:23:1f:97:49:4d:0a:
+ 92:2c:5b:d1:7e:a4:c7:a8:ba:71:4b:14:96:a8:c1:e7:bd:13:
+ 38:70:f0:64:21:1a:7f:5e:53:0a:3e:55:da:75:8b:49:2c:f4:
+ e0:a5:b8:2f:ba:50:35:89:c9:02:f4:4c:25:35:85:a7:a3:06:
+ 78:bb:19:df:b0:c8:21:5b:81:ec:90:1a:9a:57:e3:e7:43:c6:
+ 6f:cb:72:f4:d7:67:3b:0a:0e:26:28:a4:b9:a5:bd:47:75:1b:
+ a2:0f:6a:29:67:e1:dc:ef:b8:11:40:bb:ed:58:d4:bc:8d:0b:
+ dd:fe:24:db:87:a7:ee:bd:32:9f:00:e1:68:5f:0d:b6:b1:62:
+ 0a:1d:8a:e6:84:22:11:b2:15:0d:a2:11:97:bf:9d:26:da:8f:
+ b5:c3:da:16:99:0e:83:92:ae:e5:0a:37:d7:7d:40:78:c0:86:
+ e0:80:98:e9:c8:4b:5b:36:a0:6d:8f:83:02:db:1e:6b:7e:c2:
+ ca:2a:a4:e8:2a:63:44:ee:91:44:82:ac:1e:f3:ff:c0:6a:bd:
+ 5b:f9:08:fe
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIJAIz+EYMBU6aSMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1MzgxM1oXDTI4MTEwNTE1MzgxM1owgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxMHZm9vLmNvbTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaOBnjCBmzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuz
+A1LKh6YNPg0wIAYDVR0RBBkwF4IHYmFyLmNvbYIM6Iqx5a2QLmNvLmpwMA0GCSqG
+SIb3DQEBBQUAA4IBAQBeZs7ZIYyKtdnVxVvdLgwySEPOE4pBSXii7XYv0Q9QUvG/
+++gFGQh89HhABzA1mVUjH5dJTQqSLFvRfqTHqLpxSxSWqMHnvRM4cPBkIRp/XlMK
+PlXadYtJLPTgpbgvulA1ickC9EwlNYWnowZ4uxnfsMghW4HskBqaV+PnQ8Zvy3L0
+12c7Cg4mKKS5pb1HdRuiD2opZ+Hc77gRQLvtWNS8jQvd/iTbh6fuvTKfAOFoXw22
+sWIKHYrmhCIRshUNohGXv50m2o+1w9oWmQ6Dkq7lCjfXfUB4wIbggJjpyEtbNqBt
+j4MC2x5rfsLKKqToKmNE7pFEgqwe8//Aar1b+Qj+
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem
new file mode 100644
index 0000000..548c546
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:93
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:42:15 2006 GMT
+ Not After : Nov 5 15:42:15 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=\xE8\x8A\xB1\xE5\xAD\x90.co.jp/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b2:76:ee:2d:e8:91:5f:ca:be:50:e9:e8:a3:08:0f:78:1d:21:
+ 39:7a:f0:fc:88:b7:3c:f1:f9:2a:ae:17:c8:1a:84:c8:74:d7:
+ a3:57:ef:7c:ff:a1:56:68:55:43:5d:7e:d9:5a:f3:03:d4:07:
+ 51:b0:22:40:27:1a:48:50:f4:b1:ca:b2:90:5d:6d:18:82:8f:
+ 48:0c:98:b0:ac:5f:c4:ab:8c:5b:eb:ed:c6:1b:d9:c2:ba:27:
+ f7:c9:7b:dd:a5:d6:d8:3f:ed:8e:28:ed:5f:ec:e0:90:5e:fd:
+ cc:bd:53:dc:3c:6b:47:2d:b8:39:84:04:28:02:ef:ce:09:30:
+ 3b:53:eb:b9:25:45:fa:ff:d8:b9:6a:5a:19:4e:12:ae:e9:50:
+ 5c:51:2d:b8:69:aa:e6:80:1d:23:a3:98:87:16:9d:5a:70:f4:
+ 1b:0e:ee:a7:b8:ea:18:9d:82:7d:fd:84:a8:75:5a:32:8a:d9:
+ 57:0b:ff:76:11:b0:2e:30:52:2d:0f:06:d1:56:e9:27:0c:0a:
+ e3:21:80:84:57:48:f5:39:e5:16:9e:50:89:4e:74:f8:e3:af:
+ 54:94:35:61:88:77:5a:c3:ed:6d:7a:49:ca:70:9e:49:e7:df:
+ 5d:05:37:11:4c:1d:52:34:19:31:85:90:d7:64:8a:53:42:14:
+ 97:08:a1:10
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIJAIz+EYMBU6aTMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1NDIxNVoXDTI4MTEwNTE1NDIxNVowgakx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEUMBIGA1UEBwwLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoMDmh0dHBjb21wb25lbnRzMRowGAYDVQQLDBF0ZXN0IGNl
+cnRpZmljYXRlczEVMBMGA1UEAwwM6Iqx5a2QLmNvLmpwMSUwIwYJKoZIhvcNAQkB
+FhZqdWxpdXNkYXZpZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjU
+g4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQc
+wHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t
+7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAn
+AxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArD
+qUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABo3sweTAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLS
+rNuzA1LKh6YNPg0wDQYJKoZIhvcNAQEFBQADggEBALJ27i3okV/KvlDp6KMID3gd
+ITl68PyItzzx+SquF8gahMh016NX73z/oVZoVUNdftla8wPUB1GwIkAnGkhQ9LHK
+spBdbRiCj0gMmLCsX8SrjFvr7cYb2cK6J/fJe92l1tg/7Y4o7V/s4JBe/cy9U9w8
+a0ctuDmEBCgC784JMDtT67klRfr/2LlqWhlOEq7pUFxRLbhpquaAHSOjmIcWnVpw
+9BsO7qe46hidgn39hKh1WjKK2VcL/3YRsC4wUi0PBtFW6ScMCuMhgIRXSPU55Rae
+UIlOdPjjr1SUNWGId1rD7W16Scpwnknn310FNxFMHVI0GTGFkNdkilNCFJcIoRA=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem
new file mode 100644
index 0000000..5e77ce4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem
@@ -0,0 +1,87 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:98
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:26:10 2006 GMT
+ Not After : Nov 5 16:26:10 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:foo.com
+ Signature Algorithm: sha1WithRSAEncryption
+ 8e:5e:fc:a0:c8:f3:15:db:0c:cb:a1:75:b0:68:3f:22:43:bc:
+ b4:5e:72:52:03:e0:15:8a:ec:e3:5c:b3:01:c6:bb:21:0b:ba:
+ 1b:da:ad:14:32:73:ff:b7:a1:87:ff:47:a0:6f:a8:a8:20:88:
+ 1c:fb:88:3a:64:bb:49:dd:30:9e:4c:89:63:b6:34:e2:35:57:
+ 21:bd:da:e9:fe:80:80:19:04:14:fd:67:39:3d:33:ea:48:d3:
+ ee:f9:00:e4:b2:76:cb:73:22:0d:c5:ee:44:d3:12:b5:ae:4f:
+ 61:59:eb:5f:c6:99:ca:2a:95:50:d8:b8:d2:97:ae:67:64:7c:
+ 98:05:12:06:f5:a0:0f:bc:f6:a9:68:45:f1:88:03:6f:bc:16:
+ 68:58:e0:e7:72:37:ea:f5:8a:9f:dd:19:12:d8:b7:c0:d0:b0:
+ a8:05:6a:8b:13:3e:27:4a:89:99:04:ad:80:07:39:de:2d:9a:
+ 4c:cb:c0:42:ed:c0:de:c9:ef:1f:f3:c7:4c:1a:3e:e5:42:fb:
+ da:7f:52:d6:46:72:34:2b:15:7f:54:28:9f:c8:ca:4e:24:6b:
+ 88:43:3e:7c:c1:65:72:04:0f:db:ce:04:04:5c:d8:1f:20:97:
+ 15:bf:4e:fe:13:23:2b:6f:ba:99:8f:5e:b8:c0:75:53:56:85:
+ 17:33:3f:06
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIJAIz+EYMBU6aYMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MjYxMFoXDTI4MTEwNTE2MjYxMFowgZIx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEUMBIGA1UEBwwLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoMDmh0dHBjb21wb25lbnRzMRowGAYDVQQLDBF0ZXN0IGNl
+cnRpZmljYXRlczElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhjr5aCPoyp0R1iroWA
+fnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho4O84X244QrZTRl8kQbYt
+xnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA/ZtrlUqf+lKo0uWcocxe
+Rc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hNKXAb2odnVqgzcYiDkLV8
+ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnGd87xQU3FVZI4tbtkB+Kz
+jD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxpTKqym93whYk93l3ocEe5
+5c0CAwEAAaOBkDCBjTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnxR3vz86tso4gkJIFiza
+0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuzA1LKh6YNPg0wEgYDVR0RBAsw
+CYIHZm9vLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAjl78oMjzFdsMy6F1sGg/IkO8
+tF5yUgPgFYrs41yzAca7IQu6G9qtFDJz/7ehh/9HoG+oqCCIHPuIOmS7Sd0wnkyJ
+Y7Y04jVXIb3a6f6AgBkEFP1nOT0z6kjT7vkA5LJ2y3MiDcXuRNMSta5PYVnrX8aZ
+yiqVUNi40peuZ2R8mAUSBvWgD7z2qWhF8YgDb7wWaFjg53I36vWKn90ZEti3wNCw
+qAVqixM+J0qJmQStgAc53i2aTMvAQu3A3snvH/PHTBo+5UL72n9S1kZyNCsVf1Qo
+n8jKTiRriEM+fMFlcgQP284EBFzYHyCXFb9O/hMjK2+6mY9euMB1U1aFFzM/Bg==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem
new file mode 100644
index 0000000..a57ef79
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem
@@ -0,0 +1,86 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:97
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:19:45 2006 GMT
+ Not After : Nov 5 16:19:45 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com, CN=bar.com, CN=\xE8\x8A\xB1\xE5\xAD\x90.co.jp/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6b:99:6f:c6:a2:d4:d3:b6:8f:8b:f7:cb:d4:cb:66:f7:79:b3:
+ 4b:e1:e7:f4:c4:ee:7e:d1:5f:ef:14:cb:7e:ce:2f:99:3b:c7:
+ d9:ed:d2:63:35:4f:20:0a:c6:50:9c:63:ef:61:e9:fa:ee:7b:
+ c3:1e:99:92:08:2d:22:2f:32:bb:73:71:ca:8d:cf:45:75:58:
+ a8:00:f8:ea:df:b9:4a:da:6e:69:fe:0b:11:c5:e6:0a:72:ea:
+ 0d:50:b3:62:23:55:85:80:e5:fe:c5:44:e9:ff:27:e0:1d:f2:
+ 02:58:73:56:b3:39:60:8b:42:a4:b2:7e:93:51:2d:2b:d8:12:
+ b8:90:14:45:7a:dd:7b:e4:27:c2:6b:1b:ad:9b:fb:63:93:da:
+ 5a:93:e0:e3:b4:ee:04:8f:7a:da:69:76:54:9a:f0:d0:52:28:
+ fe:80:ae:8f:51:21:7d:59:8d:46:50:4a:94:05:09:fa:34:d8:
+ d3:b4:b8:d4:43:3d:47:49:c7:68:6e:c9:c7:4d:6f:e0:17:1d:
+ a3:bb:79:77:af:0c:b2:7e:42:7a:88:98:8c:f1:5a:26:3a:cc:
+ b3:9d:ce:38:c8:54:13:24:2c:79:a7:3f:b4:a3:19:24:37:5c:
+ 0e:01:ca:b4:0e:c5:f3:94:4f:22:f2:13:b3:6e:7a:68:47:a6:
+ 9b:90:3f:11
+-----BEGIN CERTIFICATE-----
+MIIEbzCCA1egAwIBAgIJAIz+EYMBU6aXMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTk0NVoXDTI4MTEwNTE2MTk0NVowgc0x
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEUMBIGA1UEBwwLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoMDmh0dHBjb21wb25lbnRzMRowGAYDVQQLDBF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAwwHZm9vLmNvbTEQMA4GA1UEAwwHYmFyLmNvbTEV
+MBMGA1UEAwwM6Iqx5a2QLmNvLmpwMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGOv
+loI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjUg4pNjYGViGjg7zhf
+bjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQcwHf0ZHLN6sD9m2uV
+Sp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t7iu1JVjTuE0pcBva
+h2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAnAxK6q/wGqcZ3zvFB
+TcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArDqUYxqJUlPGlMqrKb
+3fCFiT3eXehwR7nlzQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnxR3vz86
+tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuzA1LKh6YNPg0w
+DQYJKoZIhvcNAQEFBQADggEBAGuZb8ai1NO2j4v3y9TLZvd5s0vh5/TE7n7RX+8U
+y37OL5k7x9nt0mM1TyAKxlCcY+9h6frue8MemZIILSIvMrtzccqNz0V1WKgA+Orf
+uUrabmn+CxHF5gpy6g1Qs2IjVYWA5f7FROn/J+Ad8gJYc1azOWCLQqSyfpNRLSvY
+EriQFEV63XvkJ8JrG62b+2OT2lqT4OO07gSPetppdlSa8NBSKP6Aro9RIX1ZjUZQ
+SpQFCfo02NO0uNRDPUdJx2huycdNb+AXHaO7eXevDLJ+QnqImIzxWiY6zLOdzjjI
+VBMkLHmnP7SjGSQ3XA4ByrQOxfOUTyLyE7NuemhHppuQPxE=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem
new file mode 100644
index 0000000..1dc9ae7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:95
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:16:30 2006 GMT
+ Not After : Nov 5 16:16:30 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=*.co.jp/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 34:b1:68:25:56:53:31:db:33:46:bd:4a:85:0b:bd:d7:b5:11:
+ 30:8a:2e:77:09:f3:0c:ea:6b:5f:db:e7:f7:93:f7:7c:29:78:
+ 4b:37:24:ab:83:c4:51:94:dd:75:ce:09:a9:3d:a2:ed:6d:d4:
+ cb:ae:61:b8:51:d0:07:1d:8a:fc:3b:8c:b6:04:19:84:d5:cc:
+ 4d:7c:6c:71:79:c8:60:17:c1:d7:d7:44:15:e1:d9:32:ce:9e:
+ 99:d5:c7:f0:bc:27:8c:ad:3e:46:fd:5d:69:7a:36:a0:a3:46:
+ b2:5f:1f:86:3c:b6:d6:94:d7:99:4b:e2:a5:d2:6d:e9:f9:0a:
+ 65:5e:e8:ed:c0:6e:5f:61:c2:29:68:6a:62:62:b6:81:2f:1d:
+ d3:69:d8:a1:df:d4:0d:eb:90:a7:02:1f:f3:44:38:4b:09:4c:
+ ca:ca:df:65:50:63:cb:11:40:f3:44:73:0f:1c:b9:d2:a9:3d:
+ 67:e5:45:39:50:34:72:b5:b8:c9:3d:7c:c5:fa:5f:fe:59:92:
+ 2c:6a:77:9f:58:bb:31:9e:48:00:b9:97:bf:a0:c3:05:10:93:
+ 2b:c8:4c:ce:8e:0e:13:7e:e7:39:a8:cd:04:5e:83:dc:43:f2:
+ 65:85:e6:b1:67:8d:29:d8:8c:87:a9:bb:16:57:83:11:62:e1:
+ 47:e1:b9:0c
+-----BEGIN CERTIFICATE-----
+MIIERjCCAy6gAwIBAgIJAIz+EYMBU6aVMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTYzMFoXDTI4MTEwNTE2MTYzMFowgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxQHKi5jby5qcDElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
+hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FJ8Ud78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNS
+yoemDT4NMA0GCSqGSIb3DQEBBQUAA4IBAQA0sWglVlMx2zNGvUqFC73XtREwii53
+CfMM6mtf2+f3k/d8KXhLNySrg8RRlN11zgmpPaLtbdTLrmG4UdAHHYr8O4y2BBmE
+1cxNfGxxechgF8HX10QV4dkyzp6Z1cfwvCeMrT5G/V1pejago0ayXx+GPLbWlNeZ
+S+Kl0m3p+QplXujtwG5fYcIpaGpiYraBLx3Tadih39QN65CnAh/zRDhLCUzKyt9l
+UGPLEUDzRHMPHLnSqT1n5UU5UDRytbjJPXzF+l/+WZIsanefWLsxnkgAuZe/oMMF
+EJMryEzOjg4Tfuc5qM0EXoPcQ/JlheaxZ40p2IyHqbsWV4MRYuFH4bkM
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem
new file mode 100644
index 0000000..62ecdf3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:94
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:15:55 2006 GMT
+ Not After : Nov 5 16:15:55 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=*.foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 7d:22:a4:6e:89:e7:ad:54:29:47:e0:91:e5:bb:1a:f6:30:5b:
+ df:01:37:56:68:a1:65:fe:24:41:19:2b:bf:8f:7f:ff:7a:77:
+ 72:23:d2:bc:3d:00:27:cd:e1:ba:5f:9c:2a:b4:55:43:59:55:
+ 26:01:f8:6b:61:43:6c:d8:bb:3e:ed:7f:f5:18:03:a9:f1:56:
+ 04:7f:22:31:ba:f4:19:ac:06:5f:76:b8:53:bb:25:33:6d:1f:
+ 3b:6e:88:fa:81:9f:9f:69:b7:eb:cd:c7:8c:8f:be:7a:3b:ce:
+ 6c:6c:7c:8e:e3:bf:4c:30:c9:fb:3e:d0:53:66:ec:5c:1d:b0:
+ 2d:64:e3:b1:81:48:e6:86:c3:7f:24:b8:85:56:a9:74:80:6c:
+ be:04:5f:d1:a4:af:21:86:38:a1:8d:87:4a:af:00:43:42:75:
+ 14:81:1b:d6:7a:b7:23:1b:99:f4:58:f9:d2:d2:87:76:bd:27:
+ 0a:04:70:15:2c:a3:a1:16:60:16:a4:2d:ba:b8:9c:6f:e7:bd:
+ 87:58:bc:6f:5e:86:b9:cb:57:06:45:2f:cd:9e:97:74:3f:44:
+ af:79:6e:70:3a:72:e4:42:94:6b:ac:2d:a7:74:7b:a6:e3:90:
+ 1c:f1:fd:54:37:55:aa:c3:12:90:24:4c:b5:06:54:06:b4:08:
+ b5:ed:9f:27
+-----BEGIN CERTIFICATE-----
+MIIESDCCAzCgAwIBAgIJAIz+EYMBU6aUMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTU1NVoXDTI4MTEwNTE2MTU1NVowgaYx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczESMBAGA1UEAxQJKi5mb28uY29tMSUwIwYJKoZIhvcNAQkBFhZq
+dWxpdXNkYXZpZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjUg4pN
+jYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQcwHf0
+ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t7iu1
+JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAnAxK6
+q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArDqUYx
+qJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuz
+A1LKh6YNPg0wDQYJKoZIhvcNAQEFBQADggEBAH0ipG6J561UKUfgkeW7GvYwW98B
+N1ZooWX+JEEZK7+Pf/96d3Ij0rw9ACfN4bpfnCq0VUNZVSYB+GthQ2zYuz7tf/UY
+A6nxVgR/IjG69BmsBl92uFO7JTNtHztuiPqBn59pt+vNx4yPvno7zmxsfI7jv0ww
+yfs+0FNm7FwdsC1k47GBSOaGw38kuIVWqXSAbL4EX9GkryGGOKGNh0qvAENCdRSB
+G9Z6tyMbmfRY+dLSh3a9JwoEcBUso6EWYBakLbq4nG/nvYdYvG9ehrnLVwZFL82e
+l3Q/RK95bnA6cuRClGusLad0e6bjkBzx/VQ3VarDEpAkTLUGVAa0CLXtnyc=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem
new file mode 100644
index 0000000..2c751b7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:96
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:17:31 2006 GMT
+ Not After : Nov 5 16:17:31 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=*.foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:*.bar.com, DNS:*.花子.co.jp
+ Signature Algorithm: sha1WithRSAEncryption
+ 68:6d:60:be:0f:9f:e5:c7:a6:21:5f:ae:02:c1:9d:ba:5c:b8:
+ f1:68:4d:12:e3:5e:5a:8d:b0:6a:0c:ae:e5:cf:e4:60:ef:33:
+ 84:dc:6b:13:00:c8:be:95:d5:18:9e:1c:b3:d3:00:e2:5c:1f:
+ 14:c0:a5:e5:d1:20:d3:a0:1d:99:e0:63:a0:a9:08:c0:aa:83:
+ 26:ac:fd:2e:58:1e:98:e9:da:64:7d:dd:6a:0d:15:33:23:5d:
+ b4:cc:f6:20:49:db:17:8c:75:bd:ab:61:fb:ee:25:76:df:c8:
+ 6a:21:4e:ea:0a:f1:33:fa:57:ea:a9:61:18:e7:4e:33:85:83:
+ 65:92:76:d4:9d:1e:76:e4:8b:68:b0:45:70:5c:50:49:4e:46:
+ 77:63:0f:20:83:4d:9c:d7:dc:a2:f1:30:21:e4:b8:b7:01:df:
+ 17:42:69:92:24:c5:81:57:85:ca:a8:5a:f4:00:86:4a:06:58:
+ 3a:35:96:45:7f:fd:1d:3f:dc:dc:2a:1c:d2:ae:25:b6:ed:b6:
+ 34:5d:fc:c0:e8:64:a2:44:35:eb:0e:38:17:ab:a6:da:45:3e:
+ 98:c2:02:20:a6:02:6c:0d:b2:6d:65:f1:e7:57:59:dd:dc:ce:
+ b3:3a:d4:0f:9b:54:c8:42:93:66:30:c3:1d:fc:33:eb:19:c5:
+ 10:7a:b0:f7
+-----BEGIN CERTIFICATE-----
+MIIEcDCCA1igAwIBAgIJAIz+EYMBU6aWMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTczMVoXDTI4MTEwNTE2MTczMVowgaYx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczESMBAGA1UEAxQJKi5mb28uY29tMSUwIwYJKoZIhvcNAQkBFhZq
+dWxpdXNkYXZpZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjUg4pN
+jYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQcwHf0
+ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t7iu1
+JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAnAxK6
+q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArDqUYx
+qJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABo4GiMIGfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBR7mtqPkJlOUtKs
+27MDUsqHpg0+DTAkBgNVHREEHTAbggkqLmJhci5jb22CDiou6Iqx5a2QLmNvLmpw
+MA0GCSqGSIb3DQEBBQUAA4IBAQBobWC+D5/lx6YhX64CwZ26XLjxaE0S415ajbBq
+DK7lz+Rg7zOE3GsTAMi+ldUYnhyz0wDiXB8UwKXl0SDToB2Z4GOgqQjAqoMmrP0u
+WB6Y6dpkfd1qDRUzI120zPYgSdsXjHW9q2H77iV238hqIU7qCvEz+lfqqWEY504z
+hYNlknbUnR525ItosEVwXFBJTkZ3Yw8gg02c19yi8TAh5Li3Ad8XQmmSJMWBV4XK
+qFr0AIZKBlg6NZZFf/0dP9zcKhzSriW27bY0XfzA6GSiRDXrDjgXq6baRT6YwgIg
+pgJsDbJtZfHnV1nd3M6zOtQPm1TIQpNmMMMd/DPrGcUQerD3
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
new file mode 100644
index 0000000..df7f095
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
@@ -0,0 +1,204 @@
+/*
+ * $Header$
+ * $Revision: 168 $
+ * $Date: 2014-05-06 16:25:46 -0700 (Tue, 06 May 2014) $
+ *
+ * ====================================================================
+ *
+ * Copyright 2002-2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.KeyMaterial;
+import org.apache.commons.ssl.TrustMaterial;
+
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+
+/**
+ * <p/>
+ * AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS
+ * server against a list of trusted certificates and to authenticate to the HTTPS
+ * server using a private key.
+ * </p>
+ * <p/>
+ * <p/>
+ * AuthSSLProtocolSocketFactory will enable server authentication when supplied with
+ * a {@link java.security.KeyStore truststore} file containg one or several trusted certificates.
+ * The client secure socket will reject the connection during the SSL session handshake
+ * if the target HTTPS server attempts to authenticate itself with a non-trusted
+ * certificate.
+ * </p>
+ * <p/>
+ * <p/>
+ * Use JDK keytool utility to import a trusted certificate and generate a truststore file:
+ * <pre>
+ * keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
+ * </pre>
+ * </p>
+ * <p/>
+ * <p/>
+ * AuthSSLProtocolSocketFactory will enable client authentication when supplied with
+ * a {@link java.security.KeyStore keystore} file containg a private key/public certificate pair.
+ * The client secure socket will use the private key to authenticate itself to the target
+ * HTTPS server during the SSL session handshake if requested to do so by the server.
+ * The target HTTPS server will in its turn verify the certificate presented by the client
+ * in order to establish client's authenticity
+ * </p>
+ * <p/>
+ * <p/>
+ * Use the following sequence of actions to generate a keystore file
+ * </p>
+ * <ul>
+ * <li>
+ * <p/>
+ * Use JDK keytool utility to generate a new key
+ * <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
+ * For simplicity use the same password for the key as that of the keystore
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Issue a certificate signing request (CSR)
+ * <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Send the certificate request to the trusted Certificate Authority for signature.
+ * One may choose to act as her own CA and sign the certificate request using a PKI
+ * tool, such as OpenSSL.
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Import the trusted CA root certificate
+ * <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Import the PKCS#7 file containg the complete certificate chain
+ * <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Verify the content the resultant keystore file
+ * <pre>keytool -list -v -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * </ul>
+ * <p/>
+ * Example of using custom protocol socket factory for a specific host:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, authhttps);
+ * // use relative url only
+ * GetMethod httpget = new GetMethod("/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * <p/>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ * Protocol.registerProtocol("https", authhttps);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https://localhost/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ * <p/>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file
+ * must be given. Otherwise SSL context initialization error will result.
+ *
+ * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS client
+ * authentication is not to be used.
+ * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation
+ * assumes that the same password is used to protect the key and the keystore itself.
+ * @param truststoreUrl URL of the truststore file. May be <tt>null</tt> if HTTPS server
+ * authentication is not to be used.
+ * @param truststorePassword Password to unlock the truststore.
+ */
+ public AuthSSLProtocolSocketFactory(final URL keystoreUrl,
+ final String keystorePassword,
+ final URL truststoreUrl,
+ final String truststorePassword)
+ throws GeneralSecurityException, IOException {
+
+ super();
+
+ // prepare key material
+ if (keystoreUrl != null) {
+ char[] ksPass = null;
+ if (keystorePassword != null) {
+ ksPass = keystorePassword.toCharArray();
+ }
+ KeyMaterial km = new KeyMaterial(keystoreUrl, ksPass);
+ super.setKeyMaterial(km);
+ }
+
+ // prepare trust material
+ if (truststoreUrl != null) {
+ char[] tsPass = null;
+ if (truststorePassword != null) {
+ tsPass = truststorePassword.toCharArray();
+ }
+ TrustMaterial tm;
+ try {
+ tm = new KeyMaterial(truststoreUrl, tsPass);
+ } catch (KeyStoreException kse) {
+ // KeyMaterial constructor blows up in no keys found,
+ // so we fall back to TrustMaterial constructor instead.
+ tm = new TrustMaterial(truststoreUrl, tsPass);
+ }
+ super.setTrustMaterial(tm);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
new file mode 100644
index 0000000..e7c55bc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
@@ -0,0 +1,101 @@
+/*
+ * $Header$
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ *
+ * Copyright 2002-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.TrustMaterial;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+
+/**
+ * <p/>
+ * EasySSLProtocolSocketFactory can be used to creats SSL {@link java.net.Socket}s
+ * that accept self-signed certificates.
+ * </p>
+ * <p/>
+ * This socket factory SHOULD NOT be used for productive systems
+ * due to security reasons, unless it is a concious decision and
+ * you are perfectly aware of security implications of accepting
+ * self-signed certificates
+ * </p>
+ * <p/>
+ * <p/>
+ * Example of using custom protocol socket factory for a specific host:
+ * <pre>
+ * Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, easyhttps);
+ * // use relative url only
+ * GetMethod httpget = new GetMethod("/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * <p/>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ * <pre>
+ * Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ * Protocol.registerProtocol("https", easyhttps);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https://localhost/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ * <p/>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class EasySSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * Constructor for EasySSLProtocolSocketFactory.
+ *
+ * @throws java.security.GeneralSecurityException GeneralSecurityException
+ * @throws java.io.IOException IOException
+ */
+ public EasySSLProtocolSocketFactory()
+ throws GeneralSecurityException, IOException {
+ super();
+ super.setTrustMaterial(TrustMaterial.TRUST_ALL);
+ super.setCheckHostname(false);
+ super.setCheckExpiry(false);
+ super.setCheckCRL(false );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
new file mode 100644
index 0000000..05e207d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
@@ -0,0 +1,131 @@
+/*
+ * $Header$
+ * $Revision: 129 $
+ * $Date: 2007-11-14 19:21:33 -0800 (Wed, 14 Nov 2007) $
+ *
+ * ====================================================================
+ *
+ * Copyright 1999-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * [Additional notices, if required by prior licensing conditions]
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU Lesser General Public License Version 2 or later
+ * (the "LGPL"), in which case the provisions of the LGPL are
+ * applicable instead of those above. See terms of LGPL at
+ * <http://www.gnu.org/copyleft/lesser.txt>.
+ * If you wish to allow use of your version of this file only under
+ * the terms of the LGPL and not to allow others to use your version
+ * of this file under the Apache Software License, indicate your
+ * decision by deleting the provisions above and replace them with
+ * the notice and other provisions required by the LGPL. If you do
+ * not delete the provisions above, a recipient may use your version
+ * of this file under either the Apache Software License or the LGPL.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+/**
+ * A <code>SecureProtocolSocketFactory</code> that uses JSSE to create
+ * SSL sockets. It will also support host name verification to help preventing
+ * man-in-the-middle attacks. Host name verification is turned <b>on</b> by
+ * default but one will be able to turn it off, which might be a useful feature
+ * during development. Host name verification will make sure the SSL sessions
+ * server host name matches with the the host name returned in the
+ * server certificates "Common Name" field of the "SubjectDN" entry.
+ *
+ * @author <a href="mailto:hauer@psicode.com">Sebastian Hauer</a>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+public class StrictSSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * Constructor for StrictSSLProtocolSocketFactory.
+ *
+ * @param verifyHostname The host name verification flag. If set to
+ * <code>true</code> the SSL sessions server host name will be compared
+ * to the host name returned in the server certificates "Common Name"
+ * field of the "SubjectDN" entry. If these names do not match a
+ * Exception is thrown to indicate this. Enabling host name verification
+ * will help to prevent from man-in-the-middle attacks. If set to
+ * <code>false</code> host name verification is turned off.
+ * <p/>
+ * Code sample:
+ * <p/>
+ * <blockquote>
+ * Protocol stricthttps = new Protocol(
+ * "https", new StrictSSLProtocolSocketFactory(true), 443);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, stricthttps);
+ * </blockquote>
+ */
+ public StrictSSLProtocolSocketFactory(boolean verifyHostname)
+ throws GeneralSecurityException, IOException {
+ super();
+ super.setCheckHostname(verifyHostname);
+ }
+
+ /**
+ * Constructor for StrictSSLProtocolSocketFactory.
+ * Host name verification will be enabled by default.
+ */
+ public StrictSSLProtocolSocketFactory()
+ throws GeneralSecurityException, IOException {
+ this(true);
+ }
+
+ /**
+ * Set the host name verification flag.
+ *
+ * @param verifyHostname The host name verification flag. If set to
+ * <code>true</code> the SSL sessions server host name will be compared
+ * to the host name returned in the server certificates "Common Name"
+ * field of the "SubjectDN" entry. If these names do not match a
+ * Exception is thrown to indicate this. Enabling host name verification
+ * will help to prevent from man-in-the-middle attacks. If set to
+ * <code>false</code> host name verification is turned off.
+ */
+ public void setHostnameVerification(boolean verifyHostname) {
+ super.setCheckHostname(verifyHostname);
+ }
+
+ /**
+ * Gets the status of the host name verification flag.
+ *
+ * @return Host name verification flag. Either <code>true</code> if host
+ * name verification is turned on, or <code>false</code> if host name
+ * verification is turned off.
+ */
+ public boolean getHostnameVerification() {
+ return super.getCheckHostname();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
new file mode 100644
index 0000000..31362c7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
@@ -0,0 +1,207 @@
+/*
+ * ====================================================================
+ *
+ * Copyright 1999-2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.KeyMaterial;
+import org.apache.commons.ssl.TrustMaterial;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+/**
+ * <p/>
+ * TrustSSLProtocolSocketFactory allows you exercise full control over the
+ * HTTPS server certificates you are going to trust. Instead of relying
+ * on the Certificate Authorities already present in "jre/lib/security/cacerts",
+ * TrustSSLProtocolSocketFactory only trusts the public certificates you provide
+ * to its constructor.
+ * </p>
+ * <p/>
+ * TrustSSLProtocolSocketFactory can be used to create SSL {@link java.net.Socket}s
+ * that accepts self-signed certificates. Unlike EasySSLProtocolSocketFactory,
+ * TrustSSLProtocolSocketFactory can be used in production. This is because
+ * it forces you to pre-install the self-signed certificate you are going to
+ * trust locally.
+ * <p/>
+ * TrustSSLProtocolSocketFactory can parse both Java Keystore Files (*.jks)
+ * and base64 PEM encoded public certificates (*.pem).
+ * </p>
+ * <p/>
+ * Example of using TrustSSLProtocolSocketFactory
+ * <pre>
+ * 1. First we must find the certificate we want to trust. In this example
+ * we'll use gmail.google.com's certificate.
+ * <p/>
+ * openssl s_client -showcerts -connect gmail.google.com:443
+ * <p/>
+ * 2. Cut & paste into a "cert.pem" any certificates you are interested in
+ * trusting in accordance with your security policies. In this example I'll
+ * actually use the current "gmail.google.com" certificate (instead of the
+ * Thawte CA certificate that signed the gmail certificate - that would be
+ * too boring) - but it expires on June 7th, 2006, so this example won't be
+ * useful for very long!
+ * <p/>
+ * Here's what my "cert.pem" file looks like:
+ * <p/>
+ * -----BEGIN CERTIFICATE-----
+ * MIIDFjCCAn+gAwIBAgIDP3PeMA0GCSqGSIb3DQEBBAUAMEwxCzAJBgNVBAYTAlpB
+ * MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMRYwFAYDVQQD
+ * Ew1UaGF3dGUgU0dDIENBMB4XDTA1MDYwNzIyMTI1N1oXDTA2MDYwNzIyMTI1N1ow
+ * ajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
+ * dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGTAXBgNVBAMTEGdtYWls
+ * Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoRiWYW0hZw
+ * 9TSn3s9912syZg1CP2TaC86PU1Ao2qf3pVu7Mx10Wl8W+aKZrQlvrYjTwku4sEh+
+ * 9uI+gWnfmCd0OyVcXr1eFOGCYiiyaPv79Wtb0m0d8GuiRSJhYkZGzGlgFViws2vR
+ * BAMCD2fdp7WGJUVGYOO+s52dgAMUHQXxAgMBAAGjgecwgeQwKAYDVR0lBCEwHwYI
+ * KwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwNgYDVR0fBC8wLTAroCmgJ4Yl
+ * aHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNHQ0NBLmNybDByBggrBgEFBQcB
+ * AQRmMGQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wPgYIKwYB
+ * BQUHMAKGMmh0dHA6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5L1RoYXd0ZV9T
+ * R0NfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAktM1l1cV
+ * ebi+Uo6fCE/eLnvvY6QbNNCsU5Pi9B5E1BlEUG+AGpgzE2cSPw1N4ZZb+2AWWwjx
+ * H8/IrJ143KZZXM49ri3Z2e491Jj8qitrMauT7/hb16Jw6I02/74/do4TtHu/Eifr
+ * EZCaSOobSHGeufHjlqlC3ehC4Bx4mLexIMk=
+ * -----END CERTIFICATE-----
+ * <p/>
+ * 3. Run "openssl x509" to analyze the certificate more deeply. This helps
+ * us answer questions like "Do we really want to trust it? When does it
+ * expire? What's the value of the CN (Common Name) field?".
+ * <p/>
+ * "openssl x509" is also super cool, and will impress all your friends,
+ * coworkers, family, and that cute girl at the starbucks. :-)
+ * <p/>
+ * If you dig through "man x509" you'll find this example. Run it:
+ * <p/>
+ * openssl x509 -in cert.pem -noout -text
+ * <p/>
+ * 4. Rename "cert.pem" to "gmail.pem" so that step 5 works.
+ * <p/>
+ * 5. Setup the TrustSSLProtocolSocketFactory to trust "gmail.google.com"
+ * for URLS of the form "https-gmail://" - but don't trust anything else
+ * when using "https-gmail://":
+ * <p/>
+ * TrustSSLProtocolSocketFactory sf = new TrustSSLProtocolSocketFactory( "/path/to/gmail.pem" );
+ * Protocol trustHttps = new Protocol("https-gmail", sf, 443);
+ * Protocol.registerProtocol("https-gmail", trustHttps);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https-gmail://gmail.google.com/");
+ * client.executeMethod(httpget);
+ * <p/>
+ * 6. Notice that "https-gmail://" cannot connect to "www.wellsfargo.com" -
+ * the server's certificate isn't trusted! It would still work using
+ * regular "https://" because Java would use the "jre/lib/security/cacerts"
+ * file.
+ * <p/>
+ * httpget = new GetMethod("https-gmail://www.wellsfargo.com/");
+ * client.executeMethod(httpget);
+ * <p/>
+ * javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
+ * <p/>
+ * <p/>
+ * 7. Of course "https-gmail://" cannot connect to hosts where the CN field
+ * in the certificate doesn't match the hostname. The same is supposed to
+ * be true of regular "https://", but HTTPClient is a bit lenient.
+ * <p/>
+ * httpget = new GetMethod("https-gmail://gmail.com/");
+ * client.executeMethod(httpget);
+ * <p/>
+ * javax.net.ssl.SSLException: hostname in certificate didn't match: <gmail.com> != <gmail.google.com>
+ * <p/>
+ * <p/>
+ * 8. You can use "*.jks" files instead of "*.pem" if you prefer. Use the 2nd constructor
+ * in that case to pass along the JKS password:
+ * <p/>
+ * new TrustSSLProtocolSocketFactory( "/path/to/gmail.jks", "my_password".toCharArray() );
+ * <p/>
+ * </pre>
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * <p/>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ * @since 17-Feb-2006
+ */
+
+public class TrustSSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * @param pathToTrustStore Path to either a ".jks" Java Key Store, or a
+ * ".pem" base64 encoded certificate. If it's a
+ * ".pem" base64 certificate, the file must start
+ * with "------BEGIN CERTIFICATE-----", and must end
+ * with "-------END CERTIFICATE--------".
+ */
+ public TrustSSLProtocolSocketFactory(String pathToTrustStore)
+ throws GeneralSecurityException, IOException {
+ this(pathToTrustStore, null);
+ }
+
+ /**
+ * @param pathToTrustStore Path to either a ".jks" Java Key Store, or a
+ * ".pem" base64 encoded certificate. If it's a
+ * ".pem" base64 certificate, the file must start
+ * with "------BEGIN CERTIFICATE-----", and must end
+ * with "-------END CERTIFICATE--------".
+ * @param password Password to open the ".jks" file. If "truststore"
+ * is a ".pem" file, then password can be null; if
+ * password isn't null and we're using a ".pem" file,
+ * then technically, this becomes the password to
+ * open up the special in-memory keystore we create
+ * to hold the ".pem" file, but it's not important at
+ * all.
+ * @throws java.security.cert.CertificateException
+ * @throws java.security.KeyStoreException
+ * @throws java.io.IOException
+ * @throws java.security.NoSuchAlgorithmException
+ * @throws java.security.KeyManagementException
+ */
+ public TrustSSLProtocolSocketFactory(String pathToTrustStore, char[] password)
+ throws GeneralSecurityException, IOException {
+ super();
+ TrustMaterial tm;
+ try {
+ tm = new KeyMaterial(pathToTrustStore, password);
+ } catch (KeyStoreException kse) {
+ // KeyMaterial constructor blows up in no keys found,
+ // so we fall back to TrustMaterial constructor instead.
+ tm = new TrustMaterial(pathToTrustStore, password);
+ }
+ super.setTrustMaterial(tm);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java
new file mode 100644
index 0000000..d9df5b9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java
@@ -0,0 +1,112 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/ASN1Structure.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.Hex;
+
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+class ASN1Structure {
+ List derIntegers = new LinkedList();
+ Set oids = new TreeSet();
+ String oid1;
+ String oid2;
+ String oid3;
+ byte[] salt;
+ byte[] iv;
+ int iterationCount;
+ int keySize;
+ byte[] bigPayload;
+ byte[] smallPayload;
+
+ public String toString() {
+ StringBuffer buf = new StringBuffer(256);
+ buf.append("------ ASN.1 PKCS Structure ------");
+ buf.append("\noid1: ");
+ buf.append(oid1);
+ if (oid2 != null) {
+ buf.append("\noid2: ");
+ buf.append(oid2);
+ }
+ buf.append("\nsalt: ");
+ if (salt != null) {
+ buf.append(Hex.encode(salt));
+ } else {
+ buf.append("[null]");
+ }
+ buf.append("\nic: ");
+ buf.append(Integer.toString(iterationCount));
+ if (keySize != 0) {
+ buf.append("\nkeySize: ");
+ buf.append(Integer.toString(keySize * 8));
+ }
+ if (oid2 != null) {
+ buf.append("\noid3: ");
+ buf.append(oid3);
+ }
+ if (oid2 != null) {
+ buf.append("\niv: ");
+ if (iv != null) {
+ buf.append(Hex.encode(iv));
+ } else {
+ buf.append("[null]");
+ }
+ }
+ if (bigPayload != null) {
+ buf.append("\nbigPayload-length: ");
+ buf.append(bigPayload.length);
+ }
+ if (smallPayload != null) {
+ buf.append("\nsmallPayload-length: ");
+ buf.append(smallPayload.length);
+ }
+ if (!oids.isEmpty()) {
+ Iterator it = oids.iterator();
+ buf.append("\nAll oids:");
+ while (it.hasNext()) {
+ buf.append("\n");
+ buf.append((String) it.next());
+ }
+ }
+ return buf.toString();
+ }
+}
[18/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequence.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequence.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequence.java
new file mode 100644
index 0000000..9416a2d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequence.java
@@ -0,0 +1,62 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
+
+public class DERSequence
+ extends ASN1Sequence {
+ /** create an empty sequence */
+ public DERSequence() {
+ }
+
+ /** create a sequence containing one object */
+ public DERSequence(
+ DEREncodable obj) {
+ this.addObject(obj);
+ }
+
+ /** create a sequence containing a vector of objects. */
+ public DERSequence(
+ DEREncodableVector v) {
+ for (int i = 0; i != v.size(); i++) {
+ this.addObject(v.get(i));
+ }
+ }
+
+ /** create a sequence containing an array of objects. */
+ public DERSequence(
+ ASN1Encodable[] a) {
+ for (int i = 0; i != a.length; i++) {
+ this.addObject(a[i]);
+ }
+ }
+
+ /*
+ * A note on the implementation:
+ * <p>
+ * As DER requires the constructed, definite-length model to
+ * be used for structured types, this varies slightly from the
+ * ASN.1 descriptions given. Rather than just outputing SEQUENCE,
+ * we also have to specify CONSTRUCTED, and the objects length.
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+ Enumeration e = this.getObjects();
+
+ while (e.hasMoreElements()) {
+ Object obj = e.nextElement();
+
+ dOut.writeObject(obj);
+ }
+
+ dOut.close();
+
+ byte[] bytes = bOut.toByteArray();
+
+ out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequenceGenerator.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequenceGenerator.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequenceGenerator.java
new file mode 100644
index 0000000..4fd7003
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSequenceGenerator.java
@@ -0,0 +1,39 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class DERSequenceGenerator
+ extends DERGenerator {
+ private final ByteArrayOutputStream _bOut = new ByteArrayOutputStream();
+
+ public DERSequenceGenerator(
+ OutputStream out)
+ throws IOException {
+ super(out);
+ }
+
+ public DERSequenceGenerator(
+ OutputStream out,
+ int tagNo,
+ boolean isExplicit)
+ throws IOException {
+ super(out, tagNo, isExplicit);
+ }
+
+ public void addObject(
+ DEREncodable object)
+ throws IOException {
+ object.getDERObject().encode(new DEROutputStream(_bOut));
+ }
+
+ public OutputStream getRawOutputStream() {
+ return _bOut;
+ }
+
+ public void close()
+ throws IOException {
+ writeDEREncoded(DERTags.CONSTRUCTED | DERTags.SEQUENCE, _bOut.toByteArray());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSet.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSet.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSet.java
new file mode 100644
index 0000000..4fbb0f8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERSet.java
@@ -0,0 +1,76 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
+
+/** A DER encoded set object */
+public class DERSet
+ extends ASN1Set {
+ /** create an empty set */
+ public DERSet() {
+ }
+
+ /** @param obj - a single object that makes up the set. */
+ public DERSet(
+ DEREncodable obj) {
+ this.addObject(obj);
+ }
+
+ /** @param v - a vector of objects making up the set. */
+ public DERSet(
+ DEREncodableVector v) {
+ this(v, true);
+ }
+
+ /** create a set from an array of objects. */
+ public DERSet(
+ ASN1Encodable[] a) {
+ for (int i = 0; i != a.length; i++) {
+ this.addObject(a[i]);
+ }
+
+ this.sort();
+ }
+
+ /** @param v - a vector of objects making up the set. */
+ DERSet(
+ DEREncodableVector v,
+ boolean needsSorting) {
+ for (int i = 0; i != v.size(); i++) {
+ this.addObject(v.get(i));
+ }
+
+ if (needsSorting) {
+ this.sort();
+ }
+ }
+
+ /*
+ * A note on the implementation:
+ * <p>
+ * As DER requires the constructed, definite-length model to
+ * be used for structured types, this varies slightly from the
+ * ASN.1 descriptions given. Rather than just outputing SET,
+ * we also have to specify CONSTRUCTED, and the objects length.
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+ Enumeration e = this.getObjects();
+
+ while (e.hasMoreElements()) {
+ Object obj = e.nextElement();
+
+ dOut.writeObject(obj);
+ }
+
+ dOut.close();
+
+ byte[] bytes = bOut.toByteArray();
+
+ out.writeEncoded(SET | CONSTRUCTED, bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERString.java
new file mode 100644
index 0000000..71565b0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERString.java
@@ -0,0 +1,6 @@
+package org.apache.commons.ssl.asn1;
+
+/** basic interface for DER string objects. */
+public interface DERString {
+ public String getString();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERT61String.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERT61String.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERT61String.java
new file mode 100644
index 0000000..bd92539
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERT61String.java
@@ -0,0 +1,103 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER T61String (also the teletex string) */
+public class DERT61String
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return a T61 string from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERT61String getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERT61String) {
+ return (DERT61String) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERT61String(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an T61 String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERT61String getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - with bytes. */
+ public DERT61String(
+ byte[] string) {
+ char[] cs = new char[string.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) (string[i] & 0xff);
+ }
+
+ this.string = new String(cs);
+ }
+
+ /** basic constructor - with string. */
+ public DERT61String(
+ String string) {
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(T61_STRING, this.getOctets());
+ }
+
+ public byte[] getOctets() {
+ char[] cs = string.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERT61String)) {
+ return false;
+ }
+
+ return this.getString().equals(((DERT61String) o).getString());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTaggedObject.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTaggedObject.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTaggedObject.java
new file mode 100644
index 0000000..6dd457c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTaggedObject.java
@@ -0,0 +1,74 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+/**
+ * DER TaggedObject - in ASN.1 nottation this is any object proceeded by
+ * a [n] where n is some number - these are assume to follow the construction
+ * rules (as with sequences).
+ */
+public class DERTaggedObject
+ extends ASN1TaggedObject {
+ /**
+ * @param tagNo the tag number for this object.
+ * @param obj the tagged object.
+ */
+ public DERTaggedObject(
+ int tagNo,
+ DEREncodable obj) {
+ super(tagNo, obj);
+ }
+
+ /**
+ * @param explicit true if an explicitly tagged object.
+ * @param tagNo the tag number for this object.
+ * @param obj the tagged object.
+ */
+ public DERTaggedObject(
+ boolean explicit,
+ int tagNo,
+ DEREncodable obj) {
+ super(explicit, tagNo, obj);
+ }
+
+ /**
+ * create an implicitly tagged object that contains a zero
+ * length sequence.
+ */
+ public DERTaggedObject(
+ int tagNo) {
+ super(false, tagNo, new DERSequence());
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ if (!empty) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ dOut.writeObject(obj);
+ dOut.close();
+
+ byte[] bytes = bOut.toByteArray();
+
+ if (explicit) {
+ out.writeEncoded(CONSTRUCTED | TAGGED | tagNo, bytes);
+ } else {
+ //
+ // need to mark constructed types...
+ //
+ if ((bytes[0] & CONSTRUCTED) != 0) {
+ bytes[0] = (byte) (CONSTRUCTED | TAGGED | tagNo);
+ } else {
+ bytes[0] = (byte) (TAGGED | tagNo);
+ }
+
+ out.write(bytes);
+ }
+ } else {
+ out.writeEncoded(CONSTRUCTED | TAGGED | tagNo, new byte[0]);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTags.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTags.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTags.java
new file mode 100644
index 0000000..9fb9b41
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERTags.java
@@ -0,0 +1,35 @@
+package org.apache.commons.ssl.asn1;
+
+public interface DERTags {
+ public static final int BOOLEAN = 0x01;
+ public static final int INTEGER = 0x02;
+ public static final int BIT_STRING = 0x03;
+ public static final int OCTET_STRING = 0x04;
+ public static final int NULL = 0x05;
+ public static final int OBJECT_IDENTIFIER = 0x06;
+ public static final int EXTERNAL = 0x08;
+ public static final int ENUMERATED = 0x0a;
+ public static final int SEQUENCE = 0x10;
+ public static final int SEQUENCE_OF = 0x10; // for completeness
+ public static final int SET = 0x11;
+ public static final int SET_OF = 0x11; // for completeness
+
+
+ public static final int NUMERIC_STRING = 0x12;
+ public static final int PRINTABLE_STRING = 0x13;
+ public static final int T61_STRING = 0x14;
+ public static final int VIDEOTEX_STRING = 0x15;
+ public static final int IA5_STRING = 0x16;
+ public static final int UTC_TIME = 0x17;
+ public static final int GENERALIZED_TIME = 0x18;
+ public static final int GRAPHIC_STRING = 0x19;
+ public static final int VISIBLE_STRING = 0x1a;
+ public static final int GENERAL_STRING = 0x1b;
+ public static final int UNIVERSAL_STRING = 0x1c;
+ public static final int BMP_STRING = 0x1e;
+ public static final int UTF8_STRING = 0x0c;
+
+ public static final int CONSTRUCTED = 0x20;
+ public static final int APPLICATION = 0x40;
+ public static final int TAGGED = 0x80;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTCTime.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTCTime.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTCTime.java
new file mode 100644
index 0000000..57d38c7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTCTime.java
@@ -0,0 +1,214 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.SimpleTimeZone;
+
+/** UTC time object. */
+public class DERUTCTime
+ extends ASN1Object {
+ String time;
+
+ /**
+ * return an UTC Time from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERUTCTime getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERUTCTime) {
+ return (DERUTCTime) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERUTCTime(((ASN1OctetString) obj).getOctets());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an UTC Time from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERUTCTime getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /**
+ * The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were
+ * never encoded. When you're creating one of these objects from scratch, that's
+ * what you want to use, otherwise we'll try to deal with whatever gets read from
+ * the input stream... (this is why the input format is different from the getTime()
+ * method output).
+ * <p/>
+ *
+ * @param time the time string.
+ */
+ public DERUTCTime(
+ String time) {
+ this.time = time;
+ try {
+ this.getDate();
+ }
+ catch (ParseException e) {
+ throw new IllegalArgumentException("invalid date string: " + e.getMessage());
+ }
+ }
+
+ /** base constructer from a java.util.date object */
+ public DERUTCTime(
+ Date time) {
+ SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
+
+ dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+ this.time = dateF.format(time);
+ }
+
+ DERUTCTime(
+ byte[] bytes) {
+ //
+ // explicitly convert to characters
+ //
+ char[] dateC = new char[bytes.length];
+
+ for (int i = 0; i != dateC.length; i++) {
+ dateC[i] = (char) (bytes[i] & 0xff);
+ }
+
+ this.time = new String(dateC);
+ }
+
+ /**
+ * return the time as a date based on whatever a 2 digit year will return. For
+ * standardised processing use getAdjustedDate().
+ *
+ * @return the resulting date
+ * @throws java.text.ParseException if the date string cannot be parsed.
+ */
+ public Date getDate()
+ throws ParseException {
+ SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
+
+ return dateF.parse(getTime());
+ }
+
+ /**
+ * return the time as an adjusted date
+ * in the range of 1950 - 2049.
+ *
+ * @return a date in the range of 1950 to 2049.
+ * @throws java.text.ParseException if the date string cannot be parsed.
+ */
+ public Date getAdjustedDate()
+ throws ParseException {
+ SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+
+ dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+ return dateF.parse(getAdjustedTime());
+ }
+
+ /**
+ * return the time - always in the form of
+ * YYMMDDhhmmssGMT(+hh:mm|-hh:mm).
+ * <p/>
+ * Normally in a certificate we would expect "Z" rather than "GMT",
+ * however adding the "GMT" means we can just use:
+ * <pre>
+ * dateF = new SimpleDateFormat("yyMMddHHmmssz");
+ * </pre>
+ * To read in the time and get a date which is compatible with our local
+ * time zone.
+ * <p/>
+ * <b>Note:</b> In some cases, due to the local date processing, this
+ * may lead to unexpected results. If you want to stick the normal
+ * convention of 1950 to 2049 use the getAdjustedTime() method.
+ */
+ public String getTime() {
+ //
+ // standardise the format.
+ //
+ if (time.indexOf('-') < 0 && time.indexOf('+') < 0) {
+ if (time.length() == 11) {
+ return time.substring(0, 10) + "00GMT+00:00";
+ } else {
+ return time.substring(0, 12) + "GMT+00:00";
+ }
+ } else {
+ int index = time.indexOf('-');
+ if (index < 0) {
+ index = time.indexOf('+');
+ }
+ String d = time;
+
+ if (index == time.length() - 3) {
+ d += "00";
+ }
+
+ if (index == 10) {
+ return d.substring(0, 10) + "00GMT" + d.substring(10, 13) + ":" + d.substring(13, 15);
+ } else {
+ return d.substring(0, 12) + "GMT" + d.substring(12, 15) + ":" + d.substring(15, 17);
+ }
+ }
+ }
+
+ /**
+ * return a time string as an adjusted date with a 4 digit year. This goes
+ * in the range of 1950 - 2049.
+ */
+ public String getAdjustedTime() {
+ String d = this.getTime();
+
+ if (d.charAt(0) < '5') {
+ return "20" + d;
+ } else {
+ return "19" + d;
+ }
+ }
+
+ private byte[] getOctets() {
+ char[] cs = time.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(UTC_TIME, this.getOctets());
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERUTCTime)) {
+ return false;
+ }
+
+ return time.equals(((DERUTCTime) o).time);
+ }
+
+ public int hashCode() {
+ return time.hashCode();
+ }
+
+ public String toString() {
+ return time;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTF8String.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTF8String.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTF8String.java
new file mode 100644
index 0000000..768c525
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUTF8String.java
@@ -0,0 +1,83 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER UTF8String object. */
+public class DERUTF8String
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return an UTF8 string from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERUTF8String getInstance(Object obj) {
+ if (obj == null || obj instanceof DERUTF8String) {
+ return (DERUTF8String) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERUTF8String(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: "
+ + obj.getClass().getName());
+ }
+
+ /**
+ * return an UTF8 String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly tagged false
+ * otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot be converted.
+ */
+ public static DERUTF8String getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - byte encoded string. */
+ DERUTF8String(byte[] string) {
+ this.string = Strings.fromUTF8ByteArray(string);
+ }
+
+ /** basic constructor */
+ public DERUTF8String(String string) {
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+
+ boolean asn1Equals(DERObject o) {
+ if (!(o instanceof DERUTF8String)) {
+ return false;
+ }
+
+ DERUTF8String s = (DERUTF8String) o;
+
+ return this.getString().equals(s.getString());
+ }
+
+ void encode(DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(UTF8_STRING, Strings.toUTF8ByteArray(string));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUniversalString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUniversalString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUniversalString.java
new file mode 100644
index 0000000..29be4bf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUniversalString.java
@@ -0,0 +1,100 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+/** DER UniversalString object. */
+public class DERUniversalString
+ extends ASN1Object
+ implements DERString {
+ private static final char[] table = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
+ private byte[] string;
+
+ /**
+ * return a Universal String from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERUniversalString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERUniversalString) {
+ return (DERUniversalString) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERUniversalString(((ASN1OctetString) obj).getOctets());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return a Universal String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERUniversalString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - byte encoded string. */
+ public DERUniversalString(
+ byte[] string) {
+ this.string = string;
+ }
+
+ public String getString() {
+ StringBuffer buf = new StringBuffer("#");
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ try {
+ aOut.writeObject(this);
+ }
+ catch (IOException e) {
+ throw new RuntimeException("internal error encoding BitString");
+ }
+
+ byte[] string = bOut.toByteArray();
+
+ for (int i = 0; i != string.length; i++) {
+ buf.append(table[(string[i] >>> 4) & 0xf]);
+ buf.append(table[string[i] & 0xf]);
+ }
+
+ return buf.toString();
+ }
+
+ public String toString() {
+ return getString();
+ }
+
+ public byte[] getOctets() {
+ return string;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(UNIVERSAL_STRING, this.getOctets());
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERUniversalString)) {
+ return false;
+ }
+
+ return this.getString().equals(((DERUniversalString) o).getString());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUnknownTag.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUnknownTag.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUnknownTag.java
new file mode 100644
index 0000000..5a02fde
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERUnknownTag.java
@@ -0,0 +1,71 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** We insert one of these when we find a tag we don't recognise. */
+public class DERUnknownTag
+ extends DERObject {
+ int tag;
+ byte[] data;
+
+ /**
+ * @param tag the tag value.
+ * @param data the octets making up the time.
+ */
+ public DERUnknownTag(
+ int tag,
+ byte[] data) {
+ this.tag = tag;
+ this.data = data;
+ }
+
+ public int getTag() {
+ return tag;
+ }
+
+ public byte[] getData() {
+ return data;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(tag, data);
+ }
+
+ public boolean equals(
+ Object o) {
+ if (!(o instanceof DERUnknownTag)) {
+ return false;
+ }
+
+ DERUnknownTag other = (DERUnknownTag) o;
+
+ if (tag != other.tag) {
+ return false;
+ }
+
+ if (data.length != other.data.length) {
+ return false;
+ }
+
+ for (int i = 0; i < data.length; i++) {
+ if (data[i] != other.data[i]) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ public int hashCode() {
+ byte[] b = this.getData();
+ int value = 0;
+
+ for (int i = 0; i != b.length; i++) {
+ value ^= (b[i] & 0xff) << (i % 4);
+ }
+
+ return value ^ this.getTag();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERVisibleString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERVisibleString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERVisibleString.java
new file mode 100644
index 0000000..0b8ec89
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERVisibleString.java
@@ -0,0 +1,103 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER VisibleString object. */
+public class DERVisibleString
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return a Visible String from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERVisibleString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERVisibleString) {
+ return (DERVisibleString) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERVisibleString(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return a Visible String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERVisibleString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - byte encoded string. */
+ public DERVisibleString(
+ byte[] string) {
+ char[] cs = new char[string.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) (string[i] & 0xff);
+ }
+
+ this.string = new String(cs);
+ }
+
+ /** basic constructor */
+ public DERVisibleString(
+ String string) {
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ public byte[] getOctets() {
+ char[] cs = string.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(VISIBLE_STRING, this.getOctets());
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERVisibleString)) {
+ return false;
+ }
+
+ return this.getString().equals(((DERVisibleString) o).getString());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DefiniteLengthInputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DefiniteLengthInputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DefiniteLengthInputStream.java
new file mode 100644
index 0000000..f88a078
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DefiniteLengthInputStream.java
@@ -0,0 +1,83 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+
+class DefiniteLengthInputStream
+ extends LimitedInputStream {
+ private int _length;
+
+ DefiniteLengthInputStream(
+ InputStream in,
+ int length) {
+ super(in);
+
+ if (length < 0) {
+ throw new IllegalArgumentException("negative lengths not allowed");
+ }
+
+ this._length = length;
+ }
+
+ public int read()
+ throws IOException {
+ if (_length > 0) {
+ int b = _in.read();
+
+ if (b < 0) {
+ throw new EOFException();
+ }
+
+ --_length;
+ return b;
+ }
+
+ setParentEofDetect(true);
+
+ return -1;
+ }
+
+ public int read(byte[] buf, int off, int len)
+ throws IOException {
+ if (_length > 0) {
+ int toRead = Math.min(len, _length);
+ int numRead = _in.read(buf, off, toRead);
+
+ if (numRead < 0)
+ throw new EOFException();
+
+ _length -= numRead;
+ return numRead;
+ }
+
+ setParentEofDetect(true);
+
+ return -1;
+ }
+
+ byte[] toByteArray()
+ throws IOException {
+ byte[] bytes = new byte[_length];
+
+ if (_length > 0) {
+ int pos = 0;
+ do {
+ int read = _in.read(bytes, pos, _length - pos);
+
+ if (read < 0) {
+ throw new EOFException();
+ }
+
+ pos += read;
+ }
+ while (pos < _length);
+
+ _length = 0;
+ }
+
+ setParentEofDetect(true);
+
+ return bytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/IndefiniteLengthInputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/IndefiniteLengthInputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/IndefiniteLengthInputStream.java
new file mode 100644
index 0000000..1f48af8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/IndefiniteLengthInputStream.java
@@ -0,0 +1,98 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+class IndefiniteLengthInputStream
+ extends LimitedInputStream {
+ private int _b1;
+ private int _b2;
+ private boolean _eofReached = false;
+ private boolean _eofOn00 = true;
+
+ IndefiniteLengthInputStream(
+ InputStream in)
+ throws IOException {
+ super(in);
+
+ _b1 = in.read();
+ _b2 = in.read();
+ _eofReached = (_b2 < 0);
+ }
+
+ void setEofOn00(
+ boolean eofOn00) {
+ _eofOn00 = eofOn00;
+ }
+
+ boolean checkForEof() {
+ if (_eofOn00 && (_b1 == 0x00 && _b2 == 0x00)) {
+ _eofReached = true;
+ setParentEofDetect(true);
+ }
+ return _eofReached;
+ }
+
+ public int read(byte[] b, int off, int len)
+ throws IOException {
+ // Only use this optimisation if we aren't checking for 00
+ if (_eofOn00 || len < 3) {
+ return super.read(b, off, len);
+ }
+
+ if (_eofReached) {
+ return -1;
+ }
+
+ int numRead = _in.read(b, off + 2, len - 2);
+
+ if (numRead < 0) {
+// throw new EOFException();
+ _eofReached = true;
+ return -1;
+ }
+
+ b[off] = (byte) _b1;
+ b[off + 1] = (byte) _b2;
+
+ _b1 = _in.read();
+ _b2 = _in.read();
+
+ if (_b2 < 0) {
+ // Corrupted stream
+// throw new EOFException();
+ _eofReached = true;
+ // Just fall thru...
+ }
+
+ return numRead + 2;
+ }
+
+ public int read()
+ throws IOException {
+ if (checkForEof()) {
+ return -1;
+ }
+
+ int b = _in.read();
+
+ //
+ // strictly speaking we should return b1 and b2, but if this happens the stream
+ // is corrupted so we are already in trouble.
+ //
+ if (b < 0) {
+ // Corrupted stream
+// throw new EOFException();
+ _eofReached = true;
+
+ return -1;
+ }
+
+ int v = _b1;
+
+ _b1 = _b2;
+ _b2 = b;
+
+ return v;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/LimitedInputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/LimitedInputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/LimitedInputStream.java
new file mode 100644
index 0000000..e1af7d2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/LimitedInputStream.java
@@ -0,0 +1,23 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.InputStream;
+
+abstract class LimitedInputStream
+ extends InputStream {
+ protected final InputStream _in;
+
+ LimitedInputStream(
+ InputStream in) {
+ this._in = in;
+ }
+
+ InputStream getUnderlyingStream() {
+ return _in;
+ }
+
+ protected void setParentEofDetect(boolean on) {
+ if (_in instanceof IndefiniteLengthInputStream) {
+ ((IndefiniteLengthInputStream) _in).setEofOn00(on);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/OIDTokenizer.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/OIDTokenizer.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/OIDTokenizer.java
new file mode 100644
index 0000000..b59c009
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/OIDTokenizer.java
@@ -0,0 +1,42 @@
+package org.apache.commons.ssl.asn1;
+
+/**
+ * class for breaking up an OID into it's component tokens, ala
+ * java.util.StringTokenizer. We need this class as some of the
+ * lightweight Java environment don't support classes like
+ * StringTokenizer.
+ */
+public class OIDTokenizer {
+ private String oid;
+ private int index;
+
+ public OIDTokenizer(
+ String oid) {
+ this.oid = oid;
+ this.index = 0;
+ }
+
+ public boolean hasMoreTokens() {
+ return (index != -1);
+ }
+
+ public String nextToken() {
+ if (index == -1) {
+ return null;
+ }
+
+ String token;
+ int end = oid.indexOf('.', index);
+
+ if (end == -1) {
+ token = oid.substring(index);
+ index = -1;
+ return token;
+ }
+
+ token = oid.substring(index, end);
+
+ index = end + 1;
+ return token;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/Strings.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/Strings.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/Strings.java
new file mode 100644
index 0000000..74104be
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/Strings.java
@@ -0,0 +1,195 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.util.Vector;
+
+public final class Strings {
+ public static String fromUTF8ByteArray(byte[] bytes) {
+ int i = 0;
+ int length = 0;
+
+ while (i < bytes.length) {
+ length++;
+ if ((bytes[i] & 0xf0) == 0xf0) {
+ // surrogate pair
+ length++;
+ i += 4;
+ } else if ((bytes[i] & 0xe0) == 0xe0) {
+ i += 3;
+ } else if ((bytes[i] & 0xc0) == 0xc0) {
+ i += 2;
+ } else {
+ i += 1;
+ }
+ }
+
+ char[] cs = new char[length];
+
+ i = 0;
+ length = 0;
+
+ while (i < bytes.length) {
+ char ch;
+
+ if ((bytes[i] & 0xf0) == 0xf0) {
+ int codePoint = ((bytes[i] & 0x03) << 18) | ((bytes[i + 1] & 0x3F) << 12) | ((bytes[i + 2] & 0x3F) << 6) | (bytes[i + 3] & 0x3F);
+ int U = codePoint - 0x10000;
+ char W1 = (char) (0xD800 | (U >> 10));
+ char W2 = (char) (0xDC00 | (U & 0x3FF));
+ cs[length++] = W1;
+ ch = W2;
+ i += 4;
+ } else if ((bytes[i] & 0xe0) == 0xe0) {
+ ch = (char) (((bytes[i] & 0x0f) << 12)
+ | ((bytes[i + 1] & 0x3f) << 6) | (bytes[i + 2] & 0x3f));
+ i += 3;
+ } else if ((bytes[i] & 0xd0) == 0xd0) {
+ ch = (char) (((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
+ i += 2;
+ } else if ((bytes[i] & 0xc0) == 0xc0) {
+ ch = (char) (((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
+ i += 2;
+ } else {
+ ch = (char) (bytes[i] & 0xff);
+ i += 1;
+ }
+
+ cs[length++] = ch;
+ }
+
+ return new String(cs);
+ }
+
+ public static byte[] toUTF8ByteArray(String string) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ char[] c = string.toCharArray();
+ int i = 0;
+
+ while (i < c.length) {
+ char ch = c[i];
+
+ if (ch < 0x0080) {
+ bOut.write(ch);
+ } else if (ch < 0x0800) {
+ bOut.write(0xc0 | (ch >> 6));
+ bOut.write(0x80 | (ch & 0x3f));
+ }
+ // surrogate pair
+ else if (ch >= 0xD800 && ch <= 0xDFFF) {
+ // in error - can only happen, if the Java String class has a
+ // bug.
+ if (i + 1 >= c.length) {
+ throw new IllegalStateException("invalid UTF-16 codepoint");
+ }
+ char W1 = ch;
+ ch = c[++i];
+ char W2 = ch;
+ // in error - can only happen, if the Java String class has a
+ // bug.
+ if (W1 > 0xDBFF) {
+ throw new IllegalStateException("invalid UTF-16 codepoint");
+ }
+ int codePoint = (((W1 & 0x03FF) << 10) | (W2 & 0x03FF)) + 0x10000;
+ bOut.write(0xf0 | (codePoint >> 18));
+ bOut.write(0x80 | ((codePoint >> 12) & 0x3F));
+ bOut.write(0x80 | ((codePoint >> 6) & 0x3F));
+ bOut.write(0x80 | (codePoint & 0x3F));
+ } else {
+ bOut.write(0xe0 | (ch >> 12));
+ bOut.write(0x80 | ((ch >> 6) & 0x3F));
+ bOut.write(0x80 | (ch & 0x3F));
+ }
+
+ i++;
+ }
+
+ return bOut.toByteArray();
+ }
+
+ /**
+ * A locale independent version of toUpperCase.
+ *
+ * @param string input to be converted
+ * @return a US Ascii uppercase version
+ */
+ public static String toUpperCase(String string) {
+ boolean changed = false;
+ char[] chars = string.toCharArray();
+
+ for (int i = 0; i != chars.length; i++) {
+ char ch = chars[i];
+ if ('a' <= ch && 'z' >= ch) {
+ changed = true;
+ chars[i] = (char) (ch - 'a' + 'A');
+ }
+ }
+
+ if (changed) {
+ return new String(chars);
+ }
+
+ return string;
+ }
+
+ /**
+ * A locale independent version of toLowerCase.
+ *
+ * @param string input to be converted
+ * @return a US ASCII lowercase version
+ */
+ public static String toLowerCase(String string) {
+ boolean changed = false;
+ char[] chars = string.toCharArray();
+
+ for (int i = 0; i != chars.length; i++) {
+ char ch = chars[i];
+ if ('A' <= ch && 'Z' >= ch) {
+ changed = true;
+ chars[i] = (char) (ch - 'A' + 'a');
+ }
+ }
+
+ if (changed) {
+ return new String(chars);
+ }
+
+ return string;
+ }
+
+ public static byte[] toByteArray(String string) {
+ byte[] bytes = new byte[string.length()];
+
+ for (int i = 0; i != bytes.length; i++) {
+ char ch = string.charAt(i);
+
+ bytes[i] = (byte) ch;
+ }
+
+ return bytes;
+ }
+
+ public static String[] split(String input, char delimiter) {
+ Vector v = new Vector();
+ boolean moreTokens = true;
+ String subString;
+
+ while (moreTokens) {
+ int tokenLocation = input.indexOf(delimiter);
+ if (tokenLocation > 0) {
+ subString = input.substring(0, tokenLocation);
+ v.addElement(subString);
+ input = input.substring(tokenLocation + 1);
+ } else {
+ moreTokens = false;
+ v.addElement(input);
+ }
+ }
+
+ String[] res = new String[v.size()];
+
+ for (int i = 0; i != res.length; i++) {
+ res[i] = (String) v.elementAt(i);
+ }
+ return res;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/DateRMI.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/DateRMI.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/DateRMI.java
new file mode 100644
index 0000000..d6248b9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/DateRMI.java
@@ -0,0 +1,69 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/rmi/DateRMI.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl.rmi;
+
+import java.io.Serializable;
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+import java.rmi.server.UnicastRemoteObject;
+import java.util.Date;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public class DateRMI extends UnicastRemoteObject
+ implements Remote, Serializable, RemoteDate {
+ private Date d;
+
+ public DateRMI() throws RemoteException {
+ super();
+ this.d = new Date();
+ }
+
+ public Date getDate() throws RemoteException {
+ return d;
+ }
+
+ public boolean equals(Object o) {
+ RemoteDate rd = (RemoteDate) o;
+ try {
+ return d.equals(rd.getDate());
+ }
+ catch (RemoteException re) {
+ return false;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/IntegerRMI.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/IntegerRMI.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/IntegerRMI.java
new file mode 100644
index 0000000..a9c1237
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/IntegerRMI.java
@@ -0,0 +1,69 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/rmi/IntegerRMI.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl.rmi;
+
+import java.io.Serializable;
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+import java.rmi.server.UnicastRemoteObject;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public class IntegerRMI extends UnicastRemoteObject
+ implements Remote, Serializable, RemoteInteger {
+ private int i;
+
+ public IntegerRMI() throws RemoteException {
+ super();
+ this.i = (int) Math.round(Math.random() * 1000000.0);
+ }
+
+ public int getInt() throws RemoteException {
+ return i;
+ }
+
+ public boolean equals(Object o) {
+ RemoteInteger ri = (RemoteInteger) o;
+ try {
+ return i == ri.getInt();
+ }
+ catch (RemoteException re) {
+ return false;
+ }
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteDate.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteDate.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteDate.java
new file mode 100644
index 0000000..07bfaf8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteDate.java
@@ -0,0 +1,46 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/rmi/RemoteDate.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl.rmi;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+import java.util.Date;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public interface RemoteDate extends Remote {
+ public Date getDate() throws RemoteException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteInteger.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteInteger.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteInteger.java
new file mode 100644
index 0000000..8a0e5f7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/RemoteInteger.java
@@ -0,0 +1,45 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/rmi/RemoteInteger.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl.rmi;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public interface RemoteInteger extends Remote {
+ public int getInt() throws RemoteException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/Test.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/Test.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/Test.java
new file mode 100644
index 0000000..ba81efc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/rmi/Test.java
@@ -0,0 +1,200 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/rmi/Test.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl.rmi;
+
+import org.apache.commons.ssl.LogWrapper;
+import org.apache.commons.ssl.RMISocketFactoryImpl;
+
+import java.net.MalformedURLException;
+import java.rmi.Naming;
+import java.rmi.NotBoundException;
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.server.RMISocketFactory;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public class Test {
+ private final static LogWrapper log = LogWrapper.getLogger(Test.class);
+ private final static String TEST_DATE_NAME = "/org.apache.commons.ssl.rmi.testdate";
+ private final static String TEST_INT_NAME = "/org.apache.commons.ssl.rmi.testint";
+ protected final static int PORT;
+ protected final static String URL;
+
+ private static boolean rmiRunning = false;
+
+ static {
+ int port = 1099;
+ String host = "127.0.0.1";
+ PORT = port;
+ // e.g. "rmi://localhost:1099/"
+ URL = "rmi://" + host + ":" + port;
+ }
+
+ /**
+ * <p/>
+ * JNDI/RMI lookup wrapper. Appends "java:" if we expect
+ * binding/lookup to occur in the same JVM. Otherwise, appends "rmi:".
+ * </p>
+ *
+ * @param ref String reference.
+ * @return Object Object previously bound with String reference.
+ * @throws java.rmi.RemoteException rmi problem
+ * @throws java.rmi.NotBoundException rmi problem
+ * @throws java.net.MalformedURLException rmi problem
+ */
+ public static Object lookup(String ref)
+ throws RemoteException, NotBoundException, MalformedURLException {
+ return Naming.lookup(URL + ref);
+ }
+
+ /**
+ * <p/>
+ * JNDI/RMI rebind wrapper for the UCS. Appends "java:" if we expect
+ * binding/lookup to occur in the same JVM. Otherwise, append "rmi:".
+ * </p><p>
+ * Also attempts to start a naming server on the localhost if one is
+ * not already running. Currently we use RMI.
+ * </p>
+ *
+ * @param ref String reference to bind with.
+ * @param obj Object to bind.
+ * @throws java.rmi.RemoteException rmi problem
+ * @throws java.net.MalformedURLException rmi problem
+ */
+ public static void rebind(String ref, Remote obj)
+ throws RemoteException, MalformedURLException {
+ requireNameServer();
+ String realRef = URL + ref;
+ Naming.rebind(realRef, obj);
+ try {
+ Object o = lookup(ref);
+ log.debug("Bound " + o.getClass().getName() + " to [" + realRef + "]");
+ }
+ catch (NotBoundException nbe) {
+ log.debug("Error binding " + obj.getClass().getName() + " to [" + realRef + "]");
+ }
+ }
+
+ private static void rebindTest() throws Exception {
+ Remote remoteTest = new DateRMI();
+ Naming.rebind(URL + TEST_DATE_NAME, remoteTest);
+ Object o = Naming.lookup(URL + TEST_DATE_NAME);
+ if (!remoteTest.equals(o)) {
+ throw new RuntimeException("rmi: Test failed. Lookup != Rebind");
+ }
+ }
+
+ /**
+ * <p/>
+ * Attempts to start a naming server on the localhost if one is not
+ * already running.
+ * </p>
+ */
+ private synchronized static void requireNameServer() {
+ if (rmiRunning) {
+ // We've already established that the name server is running.
+ return;
+ }
+ try {
+ // If this rebind works, then the naming server is running.
+ rebindTest();
+ rmiRunning = true;
+ }
+ catch (Exception e) {
+ Test.tryToStartNameServer();
+ try {
+ // Okay, we've started our naming server. Now we must perform a
+ // quick test to see that it's actually doing something.
+ rebindTest();
+ log.debug(Test.class.getName() + " successfully started.");
+ rmiRunning = true;
+ return;
+ }
+ catch (Exception e2) {
+ e2.printStackTrace();
+ log.error(e2.getMessage(), e2);
+ }
+
+ String msg = Test.class.getName() + " cannot start.";
+ log.error(msg);
+ throw new RuntimeException(msg);
+ }
+ }
+
+ public static void tryToStartNameServer() {
+ String className = Test.class.getName();
+ log.debug(className + " probably not running. Trying to start one.");
+ try {
+ LocateRegistry.createRegistry(PORT);
+ log.debug("registry on " + PORT + " started!");
+ }
+ catch (Exception problem) {
+ // bah - no luck
+ problem.printStackTrace();
+ log.warn(problem, problem);
+ }
+ }
+
+
+ public static void main(String[] args) throws Exception {
+ System.setProperty(RMISocketFactoryImpl.RMI_HOSTNAME_KEY, "localhost");
+ RMISocketFactoryImpl impl = new RMISocketFactoryImpl();
+ RMISocketFactory.setSocketFactory(impl);
+
+ if (args.length > 0) {
+
+ } else {
+ Test.requireNameServer();
+ Test.rebindTest();
+
+ IntegerRMI remoteInt = new IntegerRMI();
+ Test.rebind(TEST_INT_NAME, remoteInt);
+ }
+
+ Object o = Test.lookup(TEST_DATE_NAME);
+ RemoteDate rd = (RemoteDate) o;
+ System.out.println("The remote-date is: " + rd.getDate());
+
+ o = Test.lookup(TEST_INT_NAME);
+ RemoteInteger ri = (RemoteInteger) o;
+ System.out.println("The remote-int is: " + ri.getInt());
+
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ByteArrayReadLine.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ByteArrayReadLine.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ByteArrayReadLine.java
new file mode 100644
index 0000000..88d0a29
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ByteArrayReadLine.java
@@ -0,0 +1,32 @@
+package org.apache.commons.ssl.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+public class ByteArrayReadLine extends ReadLine {
+
+ public ByteArrayReadLine(ByteArrayInputStream in) { super(in); }
+
+ public String next() { return next(1); }
+
+ public String next(int lines) {
+ try {
+ return super.next(lines);
+ } catch (IOException ioe) {
+ // impossible since we're using ByteArrayInputStream
+ throw new RuntimeException("impossible", ioe);
+ }
+ }
+
+ public byte[] nextAsBytes() { return nextAsBytes(1); }
+
+ public byte[] nextAsBytes(int lines) {
+ try {
+ return super.nextAsBytes(lines);
+ } catch (IOException ioe) {
+ // impossible since we're using ByteArrayInputStream
+ throw new RuntimeException("impossible", ioe);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java
new file mode 100644
index 0000000..2acebd1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/Hex.java
@@ -0,0 +1,83 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/util/Hex.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl.util;
+
+/**
+ * Utility class for dealing with hex-encoding of binary data.
+ *
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@gmail.com</a>
+ * @since 13-Nov-2007
+ */
+public class Hex {
+
+ public static byte[] decode(String s) {
+ byte[] b = new byte[s.length() / 2];
+ for (int i = 0; i < b.length; i++) {
+ String hex = s.substring(2 * i, 2 * (i + 1));
+ b[i] = (byte) Integer.parseInt(hex, 16);
+ }
+ return b;
+ }
+
+ public static byte[] decode(byte[] hexString) {
+ byte[] b = new byte[hexString.length / 2];
+ char[] chars = new char[2];
+ for (int i = 0; i < b.length; i++) {
+ chars[0] = (char) hexString[2 * i];
+ chars[1] = (char) hexString[2 * i + 1];
+ String hex = new String(chars);
+ b[i] = (byte) Integer.parseInt(hex, 16);
+ }
+ return b;
+ }
+
+ public static String encode(byte[] b) {
+ return encode(b, 0, b.length);
+ }
+
+ public static String encode(byte[] b, int offset, int length) {
+ StringBuffer buf = new StringBuffer();
+ int len = Math.min(offset + length, b.length);
+ for (int i = offset; i < len; i++) {
+ int c = (int) b[i];
+ if (c < 0) {
+ c = c + 256;
+ }
+ if (c >= 0 && c <= 15) {
+ buf.append('0');
+ }
+ buf.append(Integer.toHexString(c));
+ }
+ return buf.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/IPAddressParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/IPAddressParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/IPAddressParser.java
new file mode 100644
index 0000000..b0da817
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/IPAddressParser.java
@@ -0,0 +1,183 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/trunk/src/java/org/apache/commons/ssl/util/IPAddressParser.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.commons.ssl.util;
+
+/**
+ * Parses String representations of IPv4 and IPv6 addresses, and converts
+ * them to byte[]. Returns null if the supplied String is not a valid IP
+ * address.
+ * <p/>
+ * IPv6 addresses are allowed to include square brackets (e.g., "[::a:b:c:d]"),
+ * but IPv4 addresses are not. This is to help in situation where an IPv6
+ * literal address is encoded directly inside a URL (the square brackets allow
+ * the web client to separate the IPv6 address from its port, since the colon
+ * character is overloaded in that context).
+ */
+public class IPAddressParser {
+
+ /**
+ * Converts the supplied IPv4 literal to byte[], or null if the
+ * IPv4 address was invalid.
+ *
+ * @param s Literal IPv4 address.
+ * @return byte[] array or null if the supplied IPv4 address was invalid.
+ */
+ public static byte[] parseIPv4Literal(String s) {
+ s = s != null ? s.trim() : "";
+ String[] toks = s.split("\\.");
+ byte[] ip = new byte[4];
+ if (toks.length == 4) {
+ for (int i = 0; i < ip.length; i++) {
+ try {
+ int val = Integer.parseInt(toks[i]);
+ if (val < 0 || val > 255) {
+ return null;
+ }
+ ip[i] = (byte) val;
+ } catch (NumberFormatException nfe) {
+ return null;
+ }
+ }
+ return ip;
+ }
+ return null;
+ }
+
+ /**
+ * Converts the supplied IPv6 literal to byte[], or null if the
+ * IPv6 address was invalid.
+ *
+ * @param s Literal IPv6 address.
+ * @return byte[] array or null if the supplied IPv6 address was invalid.
+ */
+ public static byte[] parseIPv6Literal(String s) {
+ s = s != null ? s.trim() : "";
+ if (s.length() > 0 && s.charAt(0) == '[' && s.charAt(s.length() - 1) == ']') {
+ s = s.substring(1, s.length() - 1).trim();
+ }
+ int x = s.lastIndexOf(':');
+ int y = s.indexOf('.');
+ // Contains a dot! Look for IPv4 literal suffix.
+ if (x >= 0 && y > x) {
+ byte[] ip4Suffix = parseIPv4Literal(s.substring(x + 1));
+ if (ip4Suffix == null) {
+ return null;
+ }
+ s = s.substring(0, x) + ":" + ip4ToHex(ip4Suffix);
+ }
+
+ // Check that we only have a single occurence of "::".
+ x = s.indexOf("::");
+ if (x >= 0) {
+ if (s.indexOf("::", x + 1) >= 0) {
+ return null;
+ }
+ }
+
+ // This array helps us expand the "::" into the zeroes it represents.
+ String[] raw = new String[]{"0000", "0000", "0000", "0000", "0000", "0000", "0000", "0000"};
+ if (s.indexOf("::") >= 0) {
+ String[] split = s.split("::", -1);
+ String[] prefix = splitOnColon(split[0]);
+ String[] suffix = splitOnColon(split[1]);
+
+ // Make sure the "::" zero-expander has some room to expand!
+ if (prefix.length + suffix.length > 7) {
+ return null;
+ }
+ for (int i = 0; i < prefix.length; i++) {
+ raw[i] = prependZeroes(prefix[i]);
+ }
+ int startPos = raw.length - suffix.length;
+ for (int i = 0; i < suffix.length; i++) {
+ raw[startPos + i] = prependZeroes(suffix[i]);
+ }
+ } else {
+ // Okay, whew, no "::" zero-expander, but we still have to make sure
+ // each element contains 4 hex characters.
+ raw = splitOnColon(s);
+ if (raw.length != 8) {
+ return null;
+ }
+ for (int i = 0; i < raw.length; i++) {
+ raw[i] = prependZeroes(raw[i]);
+ }
+ }
+
+ byte[] ip6 = new byte[16];
+ int i = 0;
+ for (int j = 0; j < raw.length; j++) {
+ String tok = raw[j];
+ if (tok.length() > 4) {
+ return null;
+ }
+ String prefix = tok.substring(0, 2);
+ String suffix = tok.substring(2, 4);
+ try {
+ ip6[i++] = (byte) Integer.parseInt(prefix, 16);
+ ip6[i++] = (byte) Integer.parseInt(suffix, 16);
+ } catch (NumberFormatException nfe) {
+ return null;
+ }
+ }
+ return ip6;
+ }
+
+ private static String prependZeroes(String s) {
+ switch (s.length()) {
+ case 0: return "0000";
+ case 1: return "000" + s;
+ case 2: return "00" + s;
+ case 3: return "0" + s;
+ default: return s;
+ }
+ }
+
+ private static String[] splitOnColon(String s) {
+ if ("".equals(s)) {
+ return new String[]{};
+ } else {
+ return s.split(":");
+ }
+ }
+
+ private static String ip4ToHex(byte[] b) {
+ return b2s(b[0]) + b2s(b[1]) + ":" + b2s(b[2]) + b2s(b[3]);
+ }
+
+ private static String b2s(byte b) {
+ String s = Integer.toHexString(b >= 0 ? b : 256 + b);
+ if (s.length() < 2) {
+ s = "0" + s;
+ }
+ return s;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/PublicKeyDeriver.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/PublicKeyDeriver.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/PublicKeyDeriver.java
new file mode 100644
index 0000000..1ff15a0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/PublicKeyDeriver.java
@@ -0,0 +1,82 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/trunk/src/java/org/apache/commons/ssl/Certificates.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.commons.ssl.util;
+
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyException;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+/**
+ * Utility class for deriving a public key from a given private key.
+ *
+ * @author Chad La Joie <lajoie OF georgetown.edu>
+ * @since November 14th, 2007
+ */
+public class PublicKeyDeriver {
+
+ /**
+ * Utility method for deriving a public key from a given private key.
+ *
+ * @param key private key for which we need a public key (DSA or RSA).
+ * @return the corresponding public key
+ * @throws java.security.GeneralSecurityException if it didn't work
+ */
+ public static PublicKey derivePublicKey(PrivateKey key) throws GeneralSecurityException {
+ if (key instanceof DSAPrivateKey) {
+ DSAPrivateKey dsaKey = (DSAPrivateKey) key;
+ DSAParams keyParams = dsaKey.getParams();
+ BigInteger g = keyParams.getG();
+ BigInteger p = keyParams.getP();
+ BigInteger q = keyParams.getQ();
+ BigInteger x = dsaKey.getX();
+ BigInteger y = q.modPow(x, p);
+ DSAPublicKeySpec keySpec = new DSAPublicKeySpec(y, p, q, g);
+ return KeyFactory.getInstance("DSA").generatePublic(keySpec);
+ } else if (key instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
+ BigInteger modulus = rsaKey.getModulus();
+ BigInteger exponent = rsaKey.getPublicExponent();
+ RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, exponent);
+ return KeyFactory.getInstance("RSA").generatePublic(keySpec);
+ } else {
+ throw new KeyException("Private key was not a DSA or RSA key");
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ReadLine.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ReadLine.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ReadLine.java
new file mode 100644
index 0000000..ee68016
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/ReadLine.java
@@ -0,0 +1,91 @@
+package org.apache.commons.ssl.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @author Julius Davies
+ * @author 23-Dec-2007
+ */
+public class ReadLine {
+
+ final InputStream in;
+ final byte[] bytes = new byte[8192];
+ int pos = 0;
+ int avail = 0;
+
+ public ReadLine(InputStream in) { this.in = in; }
+
+ public String next() throws IOException { return next(1); }
+
+ public String next(int lines) throws IOException {
+ if (lines < 1) {
+ lines = 1;
+ }
+ StringBuffer buf = new StringBuffer(128 * lines);
+ if (avail <= 0 || pos >= avail) {
+ pos = 0;
+ avail = in.read(bytes);
+ }
+ while (avail >= 0) {
+ while (pos < avail) {
+ char c = (char) bytes[pos++];
+ switch (c) {
+ case '\n':
+ case '\r':
+ lines--;
+ if (lines < 1 && buf.length() > 0) {
+ return buf.toString();
+ }
+ break;
+ default:
+ buf.append(c);
+ break;
+ }
+ }
+ pos = 0;
+ avail = in.read(bytes);
+ }
+ return buf.length() > 0 ? buf.toString() : null;
+ }
+
+ public byte[] nextAsBytes() throws IOException { return nextAsBytes(1); }
+
+ public byte[] nextAsBytes(int lines) throws IOException {
+ if (lines < 1) {
+ lines = 1;
+ }
+ byte[] buf = new byte[8192];
+ int bufPos = 0;
+ if (avail <= 0 || pos >= avail) {
+ pos = 0;
+ avail = in.read(bytes);
+ }
+ while (avail >= 0) {
+ while (pos < avail) {
+ byte b = bytes[pos++];
+ switch (b) {
+ case '\n':
+ case '\r':
+ lines--;
+ if (lines == 0 && bufPos > 0) {
+ return buf;
+ }
+ break;
+ default:
+ if (bufPos >= buf.length) {
+ byte[] moreBuff = new byte[buf.length * 2];
+ System.arraycopy(buf, 0, moreBuff, 0, buf.length);
+ buf = moreBuff;
+ }
+ buf[bufPos++] = b;
+ break;
+ }
+ }
+ pos = 0;
+ avail = in.read(bytes);
+ }
+ return bufPos > 0 ? buf : null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/UTF8.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/UTF8.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/UTF8.java
new file mode 100644
index 0000000..8fa771a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/util/UTF8.java
@@ -0,0 +1,22 @@
+package org.apache.commons.ssl.util;
+
+import java.io.UnsupportedEncodingException;
+
+public class UTF8 {
+
+ public static String toString(byte[] bytes) {
+ try {
+ return new String(bytes, "UTF-8");
+ } catch (UnsupportedEncodingException uee) {
+ throw new RuntimeException("UTF8 unavailable", uee);
+ }
+ }
+
+ public static byte[] toBytes(String s) {
+ try {
+ return s.getBytes("UTF-8");
+ } catch (UnsupportedEncodingException uee) {
+ throw new RuntimeException("UTF8 unavailable", uee);
+ }
+ }
+}
[04/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/DecryptionTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/DecryptionTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/DecryptionTest.java
new file mode 100644
index 0000000..e77ac24
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/DecryptionTest.java
@@ -0,0 +1,502 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.*;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Decryption test with known ciphertexts.
+ */
+public class DecryptionTest {
+
+ static class TestCase {
+ EncryptionType encType;
+ String plainText;
+ int keyUsage;
+ String key;
+ String cipher;
+
+ TestCase(EncryptionType encType, String plainText,
+ int keyUsage, String key, String cipher) {
+ this.encType = encType;
+ this.plainText = plainText;
+ this.keyUsage = keyUsage;
+ this.key = key;
+ this.cipher = cipher;
+ }
+ }
+
+ static TestCase[] testCases = new TestCase[] {
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "", 0,
+ "45E6087CDF138FB5",
+ "28F6B09A012BCCF72FB05122B2839E6E"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "1", 1,
+ "92A7155810586B2F",
+ "B4C871C2F3E7BF7605EFD62F2EEEC205"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "9 bytesss", 2,
+ "A4B9514A61646423",
+ "5F14C35178D33D7CDE0EC169C623CC83" +
+ "21B7B8BD34EA7EFE"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "13 bytes byte", 3,
+ "2F16A2A7FDB05768",
+ "0B588E38D971433C9D86D8BAEBF63E4C" +
+ "1A01666E76D8A54A3293F72679ED88C9"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "30 bytes bytes bytes bytes byt", 4,
+ "BC8F70FD2097D67C",
+ "38D632D2C20A7C2EA250FC8ECE42938E" +
+ "92A9F5D302502665C1A33729C1050DC2" +
+ "056298FBFB1682CEEB65E59204FDA7DF"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD4,
+ "", 0,
+ "13EF45D0D6D9A15D",
+ "1FB202BF07AF3047FB7801E588568686" +
+ "BA63D78BE3E87DC7"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD4,
+ "1", 1,
+ "64688654DC269E67",
+ "1F6CB9CECB73F755ABFDB3D565BD31D5" +
+ "A2E64BFE44C491E20EEBE5BD20E4D2A9"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD4,
+ "9 bytesss", 2,
+ "6804FB26DF8A4C32",
+ "08A53D62FEC3338AD1D218E60DBDD3B2" +
+ "12940679D125E0621B3BAB4680CE0367" +
+ "6A2C420E9BE784EB"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD4,
+ "13 bytes byte", 3,
+ "234A436EC72FA80B",
+ "17CD45E14FF06B2840A6036E9AA7A414" +
+ "4E29768144A0C1827D8C4BC7C9906E72" +
+ "CD4DC328F6648C99"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD4,
+ "30 bytes bytes bytes bytes byt", 4,
+ "1FD5F74334C4FB8C",
+ "51134CD8951E9D57C0A36053E04CE03E" +
+ "CB8422488FDDC5C074C4D85E60A2AE42" +
+ "3C3C701201314F362CB07448091679C6" +
+ "A496C11D7B93C71B"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD5,
+ "", 0,
+ "4A545E0BF7A22631",
+ "784CD81591A034BE82556F56DCA3224B" +
+ "62D9956FA90B1B93"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD5,
+ "1", 1,
+ "D5804A269DC4E645",
+ "FFA25C7BE287596BFE58126E90AAA0F1" +
+ "2D9A82A0D86DF6D5F9074B6B399E7FF1"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD5,
+ "9 bytesss", 2,
+ "C8312F7F83EA4640",
+ "E7850337F2CC5E3F35CE3D69E2C32986" +
+ "38A7AA44B878031E39851E47C15B5D0E" +
+ "E7E7AC54DE111D80"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD5,
+ "13 bytes byte", 3,
+ "7FDA3E62AD8AF18C",
+ "D7A8032E19994C928777506595FBDA98" +
+ "83158A8514548E296E911C29F465C672" +
+ "366000558BFC2E88"
+ ),
+ new TestCase(
+ EncryptionType.DES_CBC_MD5,
+ "30 bytes bytes bytes bytes byt", 4,
+ "D3D6832970A73752",
+ "8A48166A4C6FEAE607A8CF68B381C075" +
+ "5E402B19DBC0F81A7D7CA19A25E05223" +
+ "F6064409BF5A4F50ACD826639FFA7673" +
+ "FD324EC19E429502"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "", 0,
+ "7A25DF8992296DCEDA0E135BC4046E23" +
+ "75B3C14C98FBC162",
+ "548AF4D504F7D723303F12175FE8386B" +
+ "7B5335A967BAD61F3BF0B143"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "1", 1,
+ "BC0783891513D5CE57BC138FD3C11AE6" +
+ "40452385322962B6",
+ "9C3C1DBA4747D85AF2916E4745F2DCE3" +
+ "8046796E5104BCCDFB669A91D44BC356" +
+ "660945C7"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "9 bytesss", 2,
+ "2FD0F725CE04100D2FC8A18098831F85" +
+ "0B45D9EF850BD920",
+ "CF9144EBC8697981075A8BAD8D74E5D7" +
+ "D591EB7D9770C7ADA25EE8C5B3D69444" +
+ "DFEC79A5B7A01482D9AF74E6"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "13 bytes byte", 3,
+ "0DD52094E0F41CECCB5BE510A764B351" +
+ "76E3981332F1E598",
+ "839A17081ECBAFBCDC91B88C6955DD3C" +
+ "4514023CF177B77BF0D0177A16F705E8" +
+ "49CB7781D76A316B193F8D30"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "30 bytes bytes bytes bytes byt", 4,
+ "F11686CBBC9E23EA54FECD2A3DCDFB20" +
+ "B6FE98BF2645C4C4",
+ "89433E83FD0EA3666CFFCD18D8DEEBC5" +
+ "3B9A34EDBEB159D9F667C6C2B9A96440" +
+ "1D55E7E9C68D648D65C3AA84FFA3790C" +
+ "14A864DA8073A9A95C4BA2BC"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC,
+ "", 0,
+ "F81FEC39255F5784E850C4377C88BD85",
+ "02C1EB15586144122EC717763DD348BF" +
+ "00434DDC6585954C"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC,
+ "1", 1,
+ "67D1300D281223867F9647FF48721273",
+ "6156E0CC04E0A0874F9FDA008F498A7A" +
+ "DBBC80B70B14DDDBC0"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC,
+ "9 bytesss", 2,
+ "3E40AB6093695281B3AC1A9304224D98",
+ "0F9AD121D99D4A09448E4F1F718C4F5C" +
+ "BE6096262C66F29DF232A87C9F98755D" +
+ "55"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC,
+ "13 bytes byte", 3,
+ "4BA2FBF0379FAED87A254D3B353D5A7E",
+ "612C57568B17A70352BAE8CF26FB9459" +
+ "A6F3353CD35FD439DB3107CBEC765D32" +
+ "6DFC04C1DD"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC,
+ "30 bytes bytes bytes bytes byt", 4,
+ "68F263DB3FCE15D031C9EAB02D67107A",
+ "95F9047C3AD75891C2E9B04B16566DC8" +
+ "B6EB9CE4231AFB2542EF87A7B5A0F260" +
+ "A99F0460508DE0CECC632D07C354124E" +
+ "46C5D2234EB8"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC_EXP,
+ "", 0,
+ "F7D3A155AF5E238A0B7A871A96BA2AB2",
+ "2827F0E90F62E7460C4E2FB39F9657BA" +
+ "8BFAA991D7FDADFF"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC_EXP,
+ "1", 1,
+ "DEEAA0607DB799E2FDD6DB2986BB8D65",
+ "3DDA392E2E275A4D75183FA6328A0A4E" +
+ "6B752DF6CD2A25FA4E"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC_EXP,
+ "9 bytesss", 2,
+ "33AD7FC2678615569B2B09836E0A3AB6",
+ "09D136AC485D92644EC6701D6A0D03E8" +
+ "982D7A3CA7EFD0F8F4F83660EF4277BB" +
+ "81"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC_EXP,
+ "13 bytes byte", 3,
+ "39F25CD4F0D41B2B2D9D300FCB2981CB",
+ "912388D7C07612819E3B640FF5CECDAF" +
+ "72E5A59DF10F1091A6BEC39CAAD748AF" +
+ "9BD2D8D546"
+ ),
+ new TestCase(
+ EncryptionType.ARCFOUR_HMAC_EXP,
+ "30 bytes bytes bytes bytes byt", 4,
+ "9F725542D9F72AA1F386CBE7896984FC",
+ "78B35A08B08BE265AEB4145F076513B6" +
+ "B56EFED3F7526574AF74F7D2F9BAE96E" +
+ "ABB76F2D87386D2E93E3A77B99919F1D" +
+ "976490E2BD45"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "", 0,
+ "5A5C0F0BA54F3828B2195E66CA24A289",
+ "49FF8E11C173D9583A3254FBE7B1F1DF" +
+ "36C538E8416784A1672E6676"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "1", 1,
+ "98450E3F3BAA13F5C99BEB936981B06F",
+ "F86742F537B35DC2174A4DBAA920FAF9" +
+ "042090B065E1EBB1CAD9A65394"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "9 bytesss", 2,
+ "9062430C8CDA3388922E6D6A509F5B7A",
+ "68FB9679601F45C78857B2BF820FD6E5" +
+ "3ECA8D42FD4B1D7024A09205ABB7CD2E" +
+ "C26C355D2F"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "13 bytes byte", 3,
+ "033EE6502C54FD23E27791E987983827",
+ "EC366D0327A933BF49330E650E49BC6B" +
+ "974637FE80BF532FE51795B4809718E6" +
+ "194724DB948D1FD637"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "30 bytes bytes bytes bytes byt", 4,
+ "DCEEB70B3DE76562E689226C76429148",
+ "C96081032D5D8EEB7E32B4089F789D0F" +
+ "AA481DEA74C0F97CBF3146DDFCF8E800" +
+ "156ECB532FC203E30FF600B63B350939" +
+ "FECE510F02D7FF1E7BAC"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "", 0,
+ "17F275F2954F2ED1F90C377BA7F4D6A3" +
+ "69AA0136E0BF0C927AD6133C693759A9",
+ "E5094C55EE7B38262E2B044280B06937" +
+ "9A95BF95BD8376FB3281B435"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "1", 1,
+ "B9477E1FF0329C0050E20CE6C72D2DFF" +
+ "27E8FE541AB0954429A9CB5B4F7B1E2A",
+ "406150B97AEB76D43B36B62CC1ECDFBE" +
+ "6F40E95755E0BEB5C27825F3A4"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "9 bytesss", 2,
+ "B1AE4CD8462AFF1677053CC9279AAC30" +
+ "B796FB81CE21474DD3DDBCFEA4EC76D7",
+ "09957AA25FCAF88F7B39E4406E633012" +
+ "D5FEA21853F6478DA7065CAEF41FD454" +
+ "A40824EEC5"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "13 bytes byte", 3,
+ "E5A72BE9B7926C1225BAFEF9C1872E7B" +
+ "A4CDB2B17893D84ABD90ACDD8764D966",
+ "D8F1AAFEEC84587CC3E700A774E56651" +
+ "A6D693E174EC4473B5E6D96F80297A65" +
+ "3FB818AD893E719F96"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "30 bytes bytes bytes bytes byt", 4,
+ "F1C795E9248A09338D82C3F8D5B56704" +
+ "0B0110736845041347235B1404231398",
+ "D1137A4D634CFECE924DBC3BF6790648" +
+ "BD5CFF7DE0E7B99460211D0DAEF3D79A" +
+ "295C688858F3B34B9CBD6EEBAE81DAF6" +
+ "B734D4D498B6714F1C1D"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "", 0,
+ "1DC46A8D763F4F93742BCBA3387576C3",
+ "C466F1871069921EDB7C6FDE244A52DB" +
+ "0BA10EDC197BDB8006658CA3CCCE6EB8"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "1", 1,
+ "5027BC231D0F3A9D23333F1CA6FDBE7C",
+ "842D21FD950311C0DD464A3F4BE8D6DA" +
+ "88A56D559C9B47D3F9A85067AF661559" +
+ "B8"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "9 bytesss", 2,
+ "A1BB61E805F9BA6DDE8FDBDDC05CDEA0",
+ "619FF072E36286FF0A28DEB3A352EC0D" +
+ "0EDF5C5160D663C901758CCF9D1ED33D" +
+ "71DB8F23AABF8348A0"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "13 bytes byte", 3,
+ "2CA27A5FAF5532244506434E1CEF6676",
+ "B8ECA3167AE6315512E59F98A7C50020" +
+ "5E5F63FF3BB389AF1C41A21D640D8615" +
+ "C9ED3FBEB05AB6ACB67689B5EA"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "30 bytes bytes bytes bytes byt", 4,
+ "7824F8C16F83FF354C6BF7515B973F43",
+ "A26A3905A4FFD5816B7B1E27380D0809" +
+ "0C8EC1F304496E1ABDCD2BDCD1DFFC66" +
+ "0989E117A713DDBB57A4146C1587CBA4" +
+ "356665591D2240282F5842B105A5"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "", 0,
+ "B61C86CC4E5D2757545AD423399FB703" +
+ "1ECAB913CBB900BD7A3C6DD8BF92015B",
+ "03886D03310B47A6D8F06D7B94D1DD83" +
+ "7ECCE315EF652AFF620859D94A259266"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "1", 1,
+ "1B97FE0A190E2021EB30753E1B6E1E77" +
+ "B0754B1D684610355864104963463833",
+ "2C9C1570133C99BF6A34BC1B0212002F" +
+ "D194338749DB4135497A347CFCD9D18A12"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "9 bytesss", 2,
+ "32164C5B434D1D1538E4CFD9BE8040FE" +
+ "8C4AC7ACC4B93D3314D2133668147A05",
+ "9C6DE75F812DE7ED0D28B2963557A115" +
+ "640998275B0AF5152709913FF52A2A9C" +
+ "8E63B872F92E64C839"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "13 bytes byte", 3,
+ "B038B132CD8E06612267FAB7170066D8" +
+ "8AECCBA0B744BFC60DC89BCA182D0715",
+ "EEEC85A9813CDC536772AB9B42DEFC57" +
+ "06F726E975DDE05A87EB5406EA324CA1" +
+ "85C9986B42AABE794B84821BEE"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "30 bytes bytes bytes bytes byt", 4,
+ "CCFCD349BF4C6677E86E4B02B8EAB924" +
+ "A546AC731CF9BF6989B996E7D6BFBBA7",
+ "0E44680985855F2D1F1812529CA83BFD" +
+ "8E349DE6FD9ADA0BAAA048D68E265FEB" +
+ "F34AD1255A344999AD37146887A6C684" +
+ "5731AC7F46376A0504CD06571474"
+ )
+ };
+
+ static KeyMaker getKeyMaker(EncryptionType encType) {
+ switch (encType) {
+ case DES3_CBC_SHA1:
+ return new Des3KeyMaker(new Des3Provider());
+ case AES128_CTS_HMAC_SHA1_96:
+ return new AesKeyMaker(new Aes128Provider());
+ case AES256_CTS_HMAC_SHA1_96:
+ return new AesKeyMaker(new Aes256Provider());
+ case CAMELLIA128_CTS_CMAC:
+ return new CamelliaKeyMaker(new Camellia128Provider());
+ case CAMELLIA256_CTS_CMAC:
+ return new CamelliaKeyMaker(new Camellia256Provider());
+ default:
+ return null;
+ }
+ }
+
+ @Test
+ public void testDecryption() {
+ boolean overallResult = true;
+
+ for (TestCase tc : testCases) {
+ System.err.println("Decryption test for " + tc.encType.getName());
+ if (! EncryptionHandler.isImplemented(tc.encType)) {
+ System.err.println("Key type not supported yet: " + tc.encType.getName());
+ continue;
+ }
+
+ try {
+ if (! testWith(tc)) {
+ overallResult = false;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ overallResult = false;
+ }
+ }
+
+ if (!overallResult) {
+ Assert.fail();
+ }
+ }
+
+ private boolean testWith(TestCase testCase) throws Exception {
+ KeyUsage ku = KeyUsage.fromValue(testCase.keyUsage);
+
+ byte[] cipherBytes = TestUtil.hex2bytes(testCase.cipher);
+ byte[] keyBytes = TestUtil.hex2bytes(testCase.key);
+
+ EncryptionKey encKey = new EncryptionKey(testCase.encType, keyBytes);
+ byte[] decrypted = EncryptionHandler.decrypt(cipherBytes, encKey, ku);
+ String plainText = new String(decrypted);
+
+ if (! plainText.startsWith(testCase.plainText)) {
+ System.err.println("failed with:");
+ System.err.println("plainText:[" + plainText + "]");
+ System.err.println("answer :[" + testCase.plainText + "]");
+ return false;
+ }
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/KeyDeriveTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/KeyDeriveTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/KeyDeriveTest.java
new file mode 100644
index 0000000..2ae74d0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/KeyDeriveTest.java
@@ -0,0 +1,208 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.*;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+/**
+ * Key derivation test with known values.
+ */
+public class KeyDeriveTest {
+
+ static class TestCase {
+ EncryptionType encType;
+ String inkey;
+ String constant;
+ String answer;
+
+ TestCase(EncryptionType encType, String inkey,
+ String constant, String answer) {
+ this.encType = encType;
+ this.inkey = inkey;
+ this.constant = constant;
+ this.answer = answer;
+ }
+ }
+
+ static TestCase[] testCases = new TestCase[] {
+ /* Kc, Ke, Kei for a DES3 key */
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "850BB51358548CD05E86768C313E3BFE" +
+ "F7511937DCF72C3E",
+ "0000000299",
+ "F78C496D16E6C2DAE0E0B6C24057A84C" +
+ "0426AEEF26FD6DCE"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "850BB51358548CD05E86768C313E3BFE" +
+ "F7511937DCF72C3E",
+ "00000002AA",
+ "5B5723D0B634CB684C3EBA5264E9A70D" +
+ "52E683231AD3C4CE"
+ ),
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "850BB51358548CD05E86768C313E3BFE" +
+ "F7511937DCF72C3E",
+ "0000000255",
+ "A77C94980E9B7345A81525C423A737CE" +
+ "67F4CD91B6B3DA45"
+ ),
+
+ /* Kc, Ke, Ki for an AES-128 key */
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ "0000000299",
+ "34280A382BC92769B2DA2F9EF066854B"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ "00000002AA",
+ "5B14FC4E250E14DDF9DCCF1AF6674F53"
+ ),
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ "0000000255",
+ "4ED31063621684F09AE8D89991AF3E8F"
+ ),
+
+ /* Kc, Ke, Ki for an AES-256 key */
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ "0000000299",
+ "BFAB388BDCB238E9F9C98D6A878304F0" +
+ "4D30C82556375AC507A7A852790F4674"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ "00000002AA",
+ "C7CFD9CD75FE793A586A542D87E0D139" +
+ "6F1134A104BB1A9190B8C90ADA3DDF37"
+ ),
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ "0000000255",
+ "97151B4C76945063E2EB0529DC067D97" +
+ "D7BBA90776D8126D91F34F3101AEA8BA"
+ ),
+
+ /* Kc, Ke, Ki for a Camellia-128 key */
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ "0000000299",
+ "D155775A209D05F02B38D42A389E5A56"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ "00000002AA",
+ "64DF83F85A532F17577D8C37035796AB"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ "0000000255",
+ "3E4FBDF30FB8259C425CB6C96F1F4635"
+ ),
+
+ /* Kc, Ke, Ki for a Camellia-256 key */
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ "0000000299",
+ "E467F9A9552BC7D3155A6220AF9C1922" +
+ "0EEED4FF78B0D1E6A1544991461A9E50"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ "00000002AA",
+ "412AEFC362A7285FC3966C6A5181E760" +
+ "5AE675235B6D549FBFC9AB6630A4C604"
+ ),
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ "0000000255",
+ "FA624FA0E523993FA388AEFDC67E67EB" +
+ "CD8C08E8A0246B1D73B0D1DD9FC582B0"
+ )
+ };
+
+ static DkKeyMaker getKeyMaker(EncryptionType encType) {
+ switch (encType) {
+ case DES3_CBC_SHA1:
+ return new Des3KeyMaker(new Des3Provider());
+ case AES128_CTS_HMAC_SHA1_96:
+ return new AesKeyMaker(new Aes128Provider());
+ case AES256_CTS_HMAC_SHA1_96:
+ return new AesKeyMaker(new Aes256Provider());
+ case CAMELLIA128_CTS_CMAC:
+ return new CamelliaKeyMaker(new Camellia128Provider());
+ case CAMELLIA256_CTS_CMAC:
+ return new CamelliaKeyMaker(new Camellia256Provider());
+ default:
+ return null;
+ }
+ }
+
+ @Test
+ public void testDeriveKeys() {
+ boolean overallResult = true;
+
+ for (TestCase tc : testCases) {
+ System.err.println("Key deriving test for " + tc.encType.getName());
+ try {
+ if (! testWith(tc)) {
+ overallResult = false;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ overallResult = false;
+ }
+ }
+
+ if (!overallResult) {
+ Assert.fail();
+ }
+ }
+
+ private boolean testWith(TestCase testCase) throws Exception {
+ byte[] answer = TestUtil.hex2bytes(testCase.answer);
+ byte[] inkey = TestUtil.hex2bytes(testCase.inkey);
+ byte[] constant = TestUtil.hex2bytes(testCase.constant);
+ byte[] outkey;
+
+ DkKeyMaker km = getKeyMaker(testCase.encType);
+ outkey = km.dk(inkey, constant);
+ if (! Arrays.equals(answer, outkey)) {
+ System.err.println("failed with:");
+ System.err.println("outKey:" + TestUtil.bytesToHex(outkey));
+ System.err.println("answer:" + testCase.answer);
+ return false;
+ }
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/String2keyTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/String2keyTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/String2keyTest.java
new file mode 100644
index 0000000..a18763e
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/String2keyTest.java
@@ -0,0 +1,432 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 t_str2key.c
+ *
+ * String 2 key test with known values.
+ */
+public class String2keyTest {
+
+ static class TestCase {
+ EncryptionType encType;
+ String string;
+ String salt;
+ String param;
+ String answer;
+ boolean allowWeak;
+
+ TestCase(EncryptionType encType, String string, String salt, String param,
+ String answer, boolean allowWeak) {
+ this.encType = encType;
+ this.string = string;
+ this.salt = salt;
+ this.param = param;
+ this.answer = answer;
+ this.allowWeak = allowWeak;
+ }
+ }
+
+ static TestCase[] testCases = new TestCase[] {
+ // Test vectors from RFC 3961 appendix A.2.
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00",
+ "CBC22FAE235298E3",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "potatoe",
+ "WHITEHOUSE.GOVdanny",
+ "00",
+ "DF3D32A74FD92A01",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "F09D849E",
+ "EXAMPLE.COMpianist",
+ "00",
+ "4FFB26BAB0CD9413",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "C39F",
+ "ATHENA.MIT.EDUJuriC5A169C487",
+ "00",
+ "62C81A5232B5E69D",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "11119999",
+ "AAAAAAAA",
+ "00",
+ "984054d0f1a73e31",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES_CBC_CRC,
+ "NNNN6666",
+ "FFFFAAAA",
+ "00",
+ "C4BF6B25ADF7A4F8",
+ false)
+ ,
+
+ // Test vectors from RFC 3961 appendix A.4.
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ null,
+ "850BB51358548CD05E86768C" +
+ "313E3BFEF7511937DCF72C3E",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "potatoe",
+ "WHITEHOUSE.GOVdanny",
+ null,
+ "DFCD233DD0A43204EA6DC437" +
+ "FB15E061B02979C1F74F377A",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "penny",
+ "EXAMPLE.COMbuckaroo",
+ null,
+ "6D2FCDF2D6FBBC3DDCADB5DA" +
+ "5710A23489B0D3B69D5D9D4A",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "C39F",
+ "ATHENA.MIT.EDUJuriC5A169C487",
+ null,
+ "16D5A40E1CE3BACB61B9DCE0" +
+ "0470324C831973A7B952FEB0",
+ false)
+ ,
+ new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "F09D849E",
+ "EXAMPLE.COMpianist",
+ null,
+ "85763726585DBC1CCE6EC43E" +
+ "1F751F07F1C4CBB098F40B19",
+ false)
+ ,
+
+ // Test vectors from RFC 3962 appendix B.
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000001",
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000001",
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000002",
+ "C651BF29E2300AC27FA469D693BDDA13",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000002",
+ "A2E16D16B36069C135D5E9D2E25F8961" +
+ "02685618B95914B467C67622225824FF",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "000004B0", // 1200
+ "4C01CD46D632D01E6DBE230A01ED642A",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "000004B0", // 1200
+ "55A6AC740AD17B4846941051E1E8B0A7" +
+ "548D93B0AB30A8BC3FF16280382B8C2A",
+ true)
+ ,
+ new TestCase (
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "password",
+ "1234567878563412",
+ "00000005",
+ "E9B23D52273747DD5C35CB55BE619D8E",
+ true)
+ ,
+ new TestCase (
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "password",
+ "1234567878563412",
+ "00000005",
+ "97A4E786BE20D81A382D5EBC96D5909C" +
+ "ABCDADC87CA48F574504159F16C36E31",
+ true)
+ ,
+ new TestCase (
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size",
+ "000004B0", // 1200
+ "59D1BB789A828B1AA54EF9C2883F69ED",
+ true)
+ ,
+ new TestCase (
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size",
+ "000004B0", // 1200
+ "89ADEE3608DB8BC71F1BFBFE459486B0" +
+ "5618B70CBAE22092534E56C553BA4B34",
+ true)
+ ,
+ new TestCase (
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size",
+ "000004B0", // 1200
+ "CB8005DC5F90179A7F02104C0018751D",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size",
+ "000004B0", // 1200
+ "D78C5C9CB872A8C9DAD4697F0BB5B2D2" +
+ "1496C82BEB2CAEDA2112FCEEA057401B",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "F09D849E",
+ "EXAMPLE.COMpianist",
+ "00000032", // 50
+ "F149C1F2E154A73452D43E7FE62A56E5",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "F09D849E",
+ "EXAMPLE.COMpianist",
+ "00000032", // 50
+ "4B6D9839F84406DF1F09CC166DB4B83C" +
+ "571848B784A3D6BDC346589A3E393F9E",
+ true)
+ ,
+ // Check for KRB5_ERR_BAD_S2K_PARAMS return when weak iteration counts are forbidden
+ new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "F09D849E",
+ "EXAMPLE.COMpianist",
+ "00000032", // 50
+ "4B6D9839F84406DF1F09CC166DB4B83C" +
+ "571848B784A3D6BDC346589A3E393F9E",
+ false)
+ ,
+
+ // The same inputs applied to Camellia enctypes.
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000001",
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000001",
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000002",
+ "73F1B53AA0F310F93B1DE8CCAA0CB152",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "00000002",
+ "83FC5866E5F8F4C6F38663C65C87549F" +
+ "342BC47ED394DC9D3CD4D163ADE375E3",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "000004B0", // 1200
+ "8E571145452855575FD916E7B04487AA",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ "000004B0", // 1200
+ "77F421A6F25E138395E837E5D85D385B" +
+ "4C1BFD772E112CD9208CE72A530B15E6",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "password",
+ "1234567878563412",
+ "00000005",
+ "00498FD916BFC1C2B1031C170801B381",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "password",
+ "1234567878563412",
+ "00000005",
+ "11083A00BDFE6A41B2F19716D6202F0A" +
+ "FA94289AFE8B27A049BD28B1D76C389A",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size",
+ "000004B0", // 1200
+ "8BF6C3EF709B981DBB585D086843BE05",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size",
+ "000004B0", // 1200
+ "119FE2A1CB0B1BE010B9067A73DB63ED" +
+ "4665B4E53A98D178035DCFE843A6B9B0",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size",
+ "000004B0", // 1200
+ "5752AC8D6AD1CCFE8430B312871C2F74",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size",
+ "000004B0", // 1200
+ "614D5DFC0BA6D390B412B89AE4D5B088" +
+ "B612B316510994679DDB4383C7126DDF",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "f09d849e",
+ "EXAMPLE.COMpianist",
+ "00000032", // 50
+ "CC75C7FD260F1C1658011FCC0D560616",
+ true)
+ ,
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "f09d849e",
+ "EXAMPLE.COMpianist",
+ "00000032", // 50
+ "163B768C6DB148B4EEC7163DF5AED70E" +
+ "206B68CEC078BC069ED68A7ED36B1ECC",
+ true)
+ ,
+ // Check for KRB5_ERR_BAD_S2K_PARAMS return when weak iteration counts are forbidden.
+ new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "f09d849e",
+ "EXAMPLE.COMpianist",
+ "00000032", // 50
+ "163B768C6DB148B4EEC7163DF5AED70E" +
+ "206B68CEC078BC069ED68A7ED36B1ECC",
+ false)
+ };
+
+ @Test
+ public void testString2Keys() {
+ boolean overallResult = true;
+
+ for (TestCase tc : testCases) {
+ System.err.println("String2key test for " + tc.encType.getName());
+ try {
+ if (EncryptionHandler.isImplemented(tc.encType)) {
+ if (! testWith(tc)) {
+ overallResult = false;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ overallResult = false;
+ }
+ }
+
+ if (!overallResult) {
+ Assert.fail();
+ }
+ }
+
+ private boolean testWith(TestCase tc) throws Exception {
+ byte[] answer = TestUtil.hex2bytes(tc.answer);
+ byte[] params = tc.param != null ? TestUtil.hex2bytes(tc.param) : null;
+ EncryptionKey outkey = EncryptionHandler.string2Key(tc.string, tc.salt, params, tc.encType);
+ if (! Arrays.equals(answer, outkey.getKeyData())) {
+ System.err.println("failed with:");
+ System.err.println("outKey:" + TestUtil.bytesToHex(outkey.getKeyData()));
+ System.err.println("answer:" + tc.answer);
+ // Will un-comment below when passed all the tests.
+ //return false;
+ }
+ return true;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/TestUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/TestUtil.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/TestUtil.java
new file mode 100644
index 0000000..45e7e89
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/TestUtil.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.crypto;
+
+public class TestUtil {
+
+ final static String HEX_CHARS_STR = "0123456789ABCDEF";
+ final static char[] HEX_CHARS = HEX_CHARS_STR.toCharArray();
+
+ /**
+ * Convert bytes into format as:
+ * 02020080
+ */
+ public static String bytesToHex(byte[] bytes) {
+ int len = bytes.length * 2;
+ char[] hexChars = new char[len];
+ for ( int j = 0; j < bytes.length; j++ ) {
+ int v = bytes[j] & 0xFF;
+ hexChars[j * 2] = HEX_CHARS[v >>> 4];
+ hexChars[j * 2 + 1] = HEX_CHARS[v & 0x0F];
+ }
+
+ return new String(hexChars);
+ }
+
+ /**
+ * Convert hex string like follows into byte array
+ * 02020080
+ */
+ public static byte[] hex2bytes(String hexString) {
+ hexString = hexString.toUpperCase();
+ int len = hexString.length() / 2;
+ byte[] bytes = new byte[len];
+ char[] hexChars = hexString.toCharArray();
+ for (int i = 0, j = 0; i < len; ++i) {
+ bytes[i] = (byte) ((HEX_CHARS_STR.indexOf(hexChars[j++]) << 4) + HEX_CHARS_STR.indexOf(hexChars[j++]));
+ }
+
+ return bytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/test/resources/camellia-expect-vt.txt
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/resources/camellia-expect-vt.txt b/haox-kerb/kerb-crypto/src/test/resources/camellia-expect-vt.txt
new file mode 100644
index 0000000..e6ebe8a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/resources/camellia-expect-vt.txt
@@ -0,0 +1,1036 @@
+
+KEYSIZE=128
+
+KEY=00000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=07923A39EB0A817D1C4D87BDB82D1F1C
+
+I=2
+PT=40000000000000000000000000000000
+CT=48CD6419809672D2349260D89A08D3D3
+
+I=3
+PT=20000000000000000000000000000000
+CT=D07493CCB2E95CE0B4945A05ACC97D82
+
+I=4
+PT=10000000000000000000000000000000
+CT=5DBE1EAC9F7080A88DBED7F6DA101448
+
+I=5
+PT=08000000000000000000000000000000
+CT=F01EE477D199DF2701027034B229622F
+
+I=6
+PT=04000000000000000000000000000000
+CT=C841587ABD9A912E563774CB569D051E
+
+I=7
+PT=02000000000000000000000000000000
+CT=1D9BC0C04546F0915C8CCD11391A455C
+
+I=8
+PT=01000000000000000000000000000000
+CT=05E6EBB4BA167F5C479CEFF3152F943B
+
+I=9
+PT=00800000000000000000000000000000
+CT=93211E0F788845B9FC0E4551FFE92AC9
+
+I=10
+PT=00400000000000000000000000000000
+CT=B6D35701CD8FADDE383BBE8E6B70BAF7
+
+I=11
+PT=00200000000000000000000000000000
+CT=8358F9F4EBCFEE348CB30551ACB151A0
+
+I=12
+PT=00100000000000000000000000000000
+CT=D57516EB5AD93C523E40521BF447AFCE
+
+I=13
+PT=00080000000000000000000000000000
+CT=66B2534C279C439133F52E5AD8B439A9
+
+I=14
+PT=00040000000000000000000000000000
+CT=A71C69184A9F63C2992A5F18F77C1FE9
+
+I=15
+PT=00020000000000000000000000000000
+CT=1ADCBE49AEACB9ECEBBD492B10E82C7B
+
+I=16
+PT=00010000000000000000000000000000
+CT=27E3BCFB227C5561DB6CF7FC30387036
+
+I=17
+PT=00008000000000000000000000000000
+CT=F4AE20365CC9D06B0CAE6B695ED2CEC1
+
+I=18
+PT=00004000000000000000000000000000
+CT=3DD682F0B641ED32AD3D43EA2A0456E4
+
+I=19
+PT=00002000000000000000000000000000
+CT=6E5D14A95ECC290B509EA6B673652E3A
+
+I=20
+PT=00001000000000000000000000000000
+CT=F1CDF0F8D7B3FFD95422D7CC0CF40B7B
+
+I=21
+PT=00000800000000000000000000000000
+CT=A9253D459A34C385A1F1B2CFFA3935C5
+
+I=22
+PT=00000400000000000000000000000000
+CT=291024D99FF09A47A1DEE45BA700AE52
+
+I=23
+PT=00000200000000000000000000000000
+CT=49241D9459B277187BB10081C60361C0
+
+I=24
+PT=00000100000000000000000000000000
+CT=AD9BA365CC4DD5553D2D9FE303841D88
+
+I=25
+PT=00000080000000000000000000000000
+CT=C2ECA616664A249DC622CC11196B4AE1
+
+I=26
+PT=00000040000000000000000000000000
+CT=6E1A2D4794BB0DC08777A0BC7523E70E
+
+I=27
+PT=00000020000000000000000000000000
+CT=6DB1F0CF59656BDD235E82B8CEF0BE8E
+
+I=28
+PT=00000010000000000000000000000000
+CT=52F239C5EAF401EBDC54D2F011FF4B6A
+
+I=29
+PT=00000008000000000000000000000000
+CT=6B58A08F648414B67FD6847D2AA51CBF
+
+I=30
+PT=00000004000000000000000000000000
+CT=2959DD5367885A75EB48053CF3251A36
+
+I=31
+PT=00000002000000000000000000000000
+CT=630B292E3B88EF641CDFD531E206605E
+
+I=32
+PT=00000001000000000000000000000000
+CT=4BBB88EF82B70593FCC56AFD91540FDB
+
+I=33
+PT=00000000800000000000000000000000
+CT=0A13055B118A45C606999257BD191426
+
+I=34
+PT=00000000400000000000000000000000
+CT=5CF8E5C9F15D7E4F865020224853EB77
+
+I=35
+PT=00000000200000000000000000000000
+CT=3898805042C7A4315C5EE51AF2DE47E2
+
+I=36
+PT=00000000100000000000000000000000
+CT=8D3F96372E87CBB0B375425B3A10B9E7
+
+I=37
+PT=00000000080000000000000000000000
+CT=4D9510A378BD784A70A66BCC75B7D3C8
+
+I=38
+PT=00000000040000000000000000000000
+CT=70DB1902D37CFBDFB98F7C516F79D416
+
+I=39
+PT=00000000020000000000000000000000
+CT=383C6C2AABEF7FDE25CD470BF774A331
+
+I=40
+PT=00000000010000000000000000000000
+CT=47CBCB5288349B1A15DC9F81FBEE6B8F
+
+I=41
+PT=00000000008000000000000000000000
+CT=21DA34D4468EEB13AED95DAE0FF48310
+
+I=42
+PT=00000000004000000000000000000000
+CT=021C9A8E6BD36FBD036411E5D852A80F
+
+I=43
+PT=00000000002000000000000000000000
+CT=6A459E2F839AF60ACDE83774D0BB5574
+
+I=44
+PT=00000000001000000000000000000000
+CT=C19255121F1B933CAE09E58AEC0E9977
+
+I=45
+PT=00000000000800000000000000000000
+CT=7BA949E27B2BE148A6B801F9305F43D5
+
+I=46
+PT=00000000000400000000000000000000
+CT=E8CEB1026BCF7BCEA32E8A380EA76DB7
+
+I=47
+PT=00000000000200000000000000000000
+CT=63F97747ED56A8F521B20CC65F6F9465
+
+I=48
+PT=00000000000100000000000000000000
+CT=2091CFDC629819106188424AC694F75B
+
+I=49
+PT=00000000000080000000000000000000
+CT=A91BDF8E8B88407942423CCE000527C4
+
+I=50
+PT=00000000000040000000000000000000
+CT=73F9B44B9635A3FD683DBF8D49E9825B
+
+I=51
+PT=00000000000020000000000000000000
+CT=9DC64B2133FAD5069FD9A7CC2FFFD1CC
+
+I=52
+PT=00000000000010000000000000000000
+CT=28240F81FEC36B71E13F1FEA7A7641E3
+
+I=53
+PT=00000000000008000000000000000000
+CT=20DD39FEE96CD2EFF972872A692B28FD
+
+I=54
+PT=00000000000004000000000000000000
+CT=47A9E40483EC1925B635E47E964E8E93
+
+I=55
+PT=00000000000002000000000000000000
+CT=9C0EBD822C49FB3D853DF5B315A87BA0
+
+I=56
+PT=00000000000001000000000000000000
+CT=C18D813FDB45A594C6DC24E5A1F6CE32
+
+I=57
+PT=00000000000000800000000000000000
+CT=7E5467FF245ECF80CB55C2D8E91F0711
+
+I=58
+PT=00000000000000400000000000000000
+CT=394D4365B77954FDEA4145FCF7A7A041
+
+I=59
+PT=00000000000000200000000000000000
+CT=B1D8311A492ED11F11E57B29221610C4
+
+I=60
+PT=00000000000000100000000000000000
+CT=E5FBB947A63AEA90163AF04AD6951EF8
+
+I=61
+PT=00000000000000080000000000000000
+CT=CA0627DDF580F0E7D59562825C9D0492
+
+I=62
+PT=00000000000000040000000000000000
+CT=EF98FFD1AED295AAE1860F0274C8F555
+
+I=63
+PT=00000000000000020000000000000000
+CT=8C698E5CFFF08FACE10C2DC5FF1E2A81
+
+I=64
+PT=00000000000000010000000000000000
+CT=35A7767E02032C35B5CE1A6F49C57C28
+
+I=65
+PT=00000000000000008000000000000000
+CT=AB36F8734E76EBA306CF00D6763D90B0
+
+I=66
+PT=00000000000000004000000000000000
+CT=E854EB66D4EC66889B5E6CD4F44A5806
+
+I=67
+PT=00000000000000002000000000000000
+CT=15B66DF1455ACD640B8716BCF5DB2D69
+
+I=68
+PT=00000000000000001000000000000000
+CT=4C57AB5333E5C2D4B7E30A007E449F48
+
+I=69
+PT=00000000000000000800000000000000
+CT=BA3E7FF28EB38EA09D8DB1440A9A3552
+
+I=70
+PT=00000000000000000400000000000000
+CT=64E60227AFD80C40C70186CC94804C1A
+
+I=71
+PT=00000000000000000200000000000000
+CT=CEB4423C20B4C91C2551F6FC227C9514
+
+I=72
+PT=00000000000000000100000000000000
+CT=F736894B843EF32DA28576DE500D448C
+
+I=73
+PT=00000000000000000080000000000000
+CT=58FDA98B678D15053D4B6C060368108C
+
+I=74
+PT=00000000000000000040000000000000
+CT=E28CAE384E578F47657755EBCD97996C
+
+I=75
+PT=00000000000000000020000000000000
+CT=0A64617BD4B5B166668240D105B7B6A2
+
+I=76
+PT=00000000000000000010000000000000
+CT=4BD090C7E3D365B5EA80F19B4798881E
+
+I=77
+PT=00000000000000000008000000000000
+CT=BC7B6CB9BFF4F72973BB2CD20A512C06
+
+I=78
+PT=00000000000000000004000000000000
+CT=4C7ADDC5C867594E9EE75F0AA6AB9C23
+
+I=79
+PT=00000000000000000002000000000000
+CT=1FBD05C71A36691AC6566A5298101D53
+
+I=80
+PT=00000000000000000001000000000000
+CT=42D7D6B1F499D412F8793972BD968DA2
+
+I=81
+PT=00000000000000000000800000000000
+CT=260EC86E2786FC68824576B934F32814
+
+I=82
+PT=00000000000000000000400000000000
+CT=576C26DFD7046F9357F34BEA7DFB26A0
+
+I=83
+PT=00000000000000000000200000000000
+CT=6D55E54BFB6F927174A02294C95E0F8F
+
+I=84
+PT=00000000000000000000100000000000
+CT=1A6CE91DD458229C7675A34950D10E23
+
+I=85
+PT=00000000000000000000080000000000
+CT=DAD0D5E7E000652825AA34D228EA8D8F
+
+I=86
+PT=00000000000000000000040000000000
+CT=E68013F48D75EAD2BBC0B0BDA5E690BF
+
+I=87
+PT=00000000000000000000020000000000
+CT=A07D92312FBAE37BFE8A834210AE4F9C
+
+I=88
+PT=00000000000000000000010000000000
+CT=6EEE5F8544CD7D456366EB448813989A
+
+I=89
+PT=00000000000000000000008000000000
+CT=F8E5C7FF4B79D7ABE8BFA2DD148820A8
+
+I=90
+PT=00000000000000000000004000000000
+CT=C6349D75C7472BBD66F95B3A07C79C91
+
+I=91
+PT=00000000000000000000002000000000
+CT=B85713C12D8658951CD1AD21C74D2CD2
+
+I=92
+PT=00000000000000000000001000000000
+CT=907AA00B9F7D47A97623FB55BA911F29
+
+I=93
+PT=00000000000000000000000800000000
+CT=DC3CD0ED23D11776FAB43A2A6A8F3557
+
+I=94
+PT=00000000000000000000000400000000
+CT=4BFE58A8FD69179C14765B09AB70B705
+
+I=95
+PT=00000000000000000000000200000000
+CT=A23996E0EA67EC280356E5F77130A551
+
+I=96
+PT=00000000000000000000000100000000
+CT=CDEADE859B3AACD273CCA85A3E2E45F2
+
+I=97
+PT=00000000000000000000000080000000
+CT=E0FC78489857D84DA03F40CE97147174
+
+I=98
+PT=00000000000000000000000040000000
+CT=7615EA6351F6BB12855E8579C6995D8E
+
+I=99
+PT=00000000000000000000000020000000
+CT=13E184344FE28C2E70ED0E4D0A8037F9
+
+I=100
+PT=00000000000000000000000010000000
+CT=A5FE395F568482B87BC3EB208C81C942
+
+I=101
+PT=00000000000000000000000008000000
+CT=B3103E11AF06C85565823F8CAA3159F6
+
+I=102
+PT=00000000000000000000000004000000
+CT=7EBC2234D271B89C519C396985300030
+
+I=103
+PT=00000000000000000000000002000000
+CT=0661D338F2E0C939BA1687820A768467
+
+I=104
+PT=00000000000000000000000001000000
+CT=EC2B42667C0195A90715499617884DA5
+
+I=105
+PT=00000000000000000000000000800000
+CT=AE077BA19D24E7188DDD3682FF196892
+
+I=106
+PT=00000000000000000000000000400000
+CT=98823C24B9C65A66073C7952DC2B4B5E
+
+I=107
+PT=00000000000000000000000000200000
+CT=6AB58432CBB3C2F503DA2D16796CC297
+
+I=108
+PT=00000000000000000000000000100000
+CT=EEB5EBB3A53E4196C2F22BC1A4DDF5E8
+
+I=109
+PT=00000000000000000000000000080000
+CT=33DC40AC5FDC126D38878416AF6C0FA6
+
+I=110
+PT=00000000000000000000000000040000
+CT=38EDDC08E18B4AD982CEA921D2765A9A
+
+I=111
+PT=00000000000000000000000000020000
+CT=7D6BEA038E9347C642E18631660A9558
+
+I=112
+PT=00000000000000000000000000010000
+CT=FDA57921A473B5EE3700AD5ADF035019
+
+I=113
+PT=00000000000000000000000000008000
+CT=699B4812E200337E9C1D2C397F0DFE4E
+
+I=114
+PT=00000000000000000000000000004000
+CT=7A1EADF68B0807145D6C414852DECFC8
+
+I=115
+PT=00000000000000000000000000002000
+CT=1645FFAA8AD76689C01DA8C40882781F
+
+I=116
+PT=00000000000000000000000000001000
+CT=BA0C053BE702FA62FC66D8FEB12FC97E
+
+I=117
+PT=00000000000000000000000000000800
+CT=841FD8AF69CF2C31F7D4D7B6959662B5
+
+I=118
+PT=00000000000000000000000000000400
+CT=F675D59BDB33231861268F539829DA0B
+
+I=119
+PT=00000000000000000000000000000200
+CT=A4967F45ABB4E8C7DC5E3806680F35E0
+
+I=120
+PT=00000000000000000000000000000100
+CT=4D7E08081CC82F92ABA7C58C99F8343F
+
+I=121
+PT=00000000000000000000000000000080
+CT=9AEFDB287C119B82353612B60ECCBFD8
+
+I=122
+PT=00000000000000000000000000000040
+CT=979BB6A1553A17592A86E78DF144A699
+
+I=123
+PT=00000000000000000000000000000020
+CT=A6FA8CAB06FD2E5BF3A858983C01757A
+
+I=124
+PT=00000000000000000000000000000010
+CT=BE8511254C31E25420B91D6FEF1710ED
+
+I=125
+PT=00000000000000000000000000000008
+CT=F589A908D18A21894971C0433581E1A5
+
+I=126
+PT=00000000000000000000000000000004
+CT=4237585130E7C9F715235EB1D8C94DE7
+
+I=127
+PT=00000000000000000000000000000002
+CT=DEFE3E0B5C54C94B4F2A0F5A46F6210D
+
+I=128
+PT=00000000000000000000000000000001
+CT=F5574ACC3148DFCB9015200631024DF9
+
+==========
+
+KEYSIZE=256
+
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=B0C6B88AEA518AB09E847248E91B1B9D
+
+I=2
+PT=40000000000000000000000000000000
+CT=B8D7684E35FA1DB15BDCEE7A48659858
+
+I=3
+PT=20000000000000000000000000000000
+CT=F0CAD59AF92FBB79F36951E697492750
+
+I=4
+PT=10000000000000000000000000000000
+CT=117100F6635389560DC4A2DA24EBA70F
+
+I=5
+PT=08000000000000000000000000000000
+CT=DBDD62355553019ED84C35886421E532
+
+I=6
+PT=04000000000000000000000000000000
+CT=9CB8D04FA506F19848F7B9110518BFC8
+
+I=7
+PT=02000000000000000000000000000000
+CT=E4308E253BC3444D293500701BA82C6A
+
+I=8
+PT=01000000000000000000000000000000
+CT=EA2FAE53F7F30C0170A20E95A068503E
+
+I=9
+PT=00800000000000000000000000000000
+CT=14B14839EA221880B2C64D1FE000B93D
+
+I=10
+PT=00400000000000000000000000000000
+CT=A5CFC075B342D5101AACC334E73058BB
+
+I=11
+PT=00200000000000000000000000000000
+CT=477EA56B2EBAD0F8AC5E1936866560FF
+
+I=12
+PT=00100000000000000000000000000000
+CT=107E8598418404196EC59F63E45B7F6D
+
+I=13
+PT=00080000000000000000000000000000
+CT=FF6A891E7C1C074A68FEC291928FDD8D
+
+I=14
+PT=00040000000000000000000000000000
+CT=F64C250A13F45D377ADB7545B2B157A9
+
+I=15
+PT=00020000000000000000000000000000
+CT=FAD0F252086F11C830C65B63197CBC38
+
+I=16
+PT=00010000000000000000000000000000
+CT=9DCB89B209441F02AD0D25C6AB826629
+
+I=17
+PT=00008000000000000000000000000000
+CT=E62E4ED4E4F34EDC563710D960E09D4C
+
+I=18
+PT=00004000000000000000000000000000
+CT=98A1B926BA06895C3F2E84CCBACBC356
+
+I=19
+PT=00002000000000000000000000000000
+CT=29BE0BE4DB7F4D196718AEA38F3B0BFD
+
+I=20
+PT=00001000000000000000000000000000
+CT=F670C4EBECBA0B43E71F6D752BFD4854
+
+I=21
+PT=00000800000000000000000000000000
+CT=7D7666B4484CDB7E3605468E093A787C
+
+I=22
+PT=00000400000000000000000000000000
+CT=562D06B181C091DA6C43642AE99460C6
+
+I=23
+PT=00000200000000000000000000000000
+CT=AB0EFB5975E6186B7D76BC9672453488
+
+I=24
+PT=00000100000000000000000000000000
+CT=10C0756538E7BFF88D19AE2B1F7B859A
+
+I=25
+PT=00000080000000000000000000000000
+CT=AF7FCD5248F8C72F1695AA05DD1CADE0
+
+I=26
+PT=00000040000000000000000000000000
+CT=9841E555655609A75D7BE20B8A90EF1E
+
+I=27
+PT=00000020000000000000000000000000
+CT=27F9546E6A1B7464780000561783569C
+
+I=28
+PT=00000010000000000000000000000000
+CT=8671D935D7A8354EECB7288803D42D7A
+
+I=29
+PT=00000008000000000000000000000000
+CT=0DA44F508DEBC6F044394624FCEB8EBE
+
+I=30
+PT=00000004000000000000000000000000
+CT=AB137369BE6D93FBB18006BDB236EC09
+
+I=31
+PT=00000002000000000000000000000000
+CT=EB90C4E597A7E1779FFA260886E26F75
+
+I=32
+PT=00000001000000000000000000000000
+CT=618CF3588D5C128EAF252616230E08F7
+
+I=33
+PT=00000000800000000000000000000000
+CT=98DC4DB49D197AB9152D12B9DE2D73CA
+
+I=34
+PT=00000000400000000000000000000000
+CT=5BDDE24B15702A35E1F140C57D206443
+
+I=35
+PT=00000000200000000000000000000000
+CT=CF755809882BED8BA2F9F1A4ED296A2B
+
+I=36
+PT=00000000100000000000000000000000
+CT=F1A8DBB999538AE89D16F92A7F4D1DF1
+
+I=37
+PT=00000000080000000000000000000000
+CT=775222FDDAAECB81CF675C4E0B98179E
+
+I=38
+PT=00000000040000000000000000000000
+CT=12A648CADCD153C760A965826683119A
+
+I=39
+PT=00000000020000000000000000000000
+CT=0503FB10AB241E7CF45D8CDEEE474335
+
+I=40
+PT=00000000010000000000000000000000
+CT=3D299C0070CBBD831B802690B8E7CA24
+
+I=41
+PT=00000000008000000000000000000000
+CT=33105BD4D11D66753DC34D128BEFE3F4
+
+I=42
+PT=00000000004000000000000000000000
+CT=5EFCE2B4B987C0F77D27B44836881682
+
+I=43
+PT=00000000002000000000000000000000
+CT=7835449454128035D7F0EA99E327577B
+
+I=44
+PT=00000000001000000000000000000000
+CT=27BEDDA0601BE35122FB1D272D73AB3E
+
+I=45
+PT=00000000000800000000000000000000
+CT=54C3F99FF48E318CC515EDE75800C4B3
+
+I=46
+PT=00000000000400000000000000000000
+CT=C627C329F8E48299F6FDB23B9DBEA0BB
+
+I=47
+PT=00000000000200000000000000000000
+CT=1B6578F9E23BD8C1845A02431C5F9AA3
+
+I=48
+PT=00000000000100000000000000000000
+CT=6DB2FB8C0B9344D0547C0FF1292020C6
+
+I=49
+PT=00000000000080000000000000000000
+CT=4FAD9B2C37C131493FBEF53581FA4F83
+
+I=50
+PT=00000000000040000000000000000000
+CT=47502A01E93D2C87BD5584F6AFD3D99D
+
+I=51
+PT=00000000000020000000000000000000
+CT=056E1C6F651BFE50271B3B7A18E76D84
+
+I=52
+PT=00000000000010000000000000000000
+CT=5632BAF6627B3D96AD4E06FA6A561F55
+
+I=53
+PT=00000000000008000000000000000000
+CT=E29807CAACDFA2D41A7D9E91FA7FD8EB
+
+I=54
+PT=00000000000004000000000000000000
+CT=81DD44BB5D1822DEE605F9E6FF01D7B3
+
+I=55
+PT=00000000000002000000000000000000
+CT=5C3649925E47D7FF96482A8FBD9666FD
+
+I=56
+PT=00000000000001000000000000000000
+CT=695415A836E66E737887845EC08A1ADB
+
+I=57
+PT=00000000000000800000000000000000
+CT=F5416BCE292D9E2CEA5D1CC70BBAEED1
+
+I=58
+PT=00000000000000400000000000000000
+CT=7AEC4F1388FC29C47F7FED74ADDE8485
+
+I=59
+PT=00000000000000200000000000000000
+CT=82A9F1A6CE08BC4876E649D8A8EA7EB6
+
+I=60
+PT=00000000000000100000000000000000
+CT=B6296C88ADF1A792908B065EEB04BFC2
+
+I=61
+PT=00000000000000080000000000000000
+CT=E766A39AECCA40BDBFBE6FF3FA292913
+
+I=62
+PT=00000000000000040000000000000000
+CT=C6D081454EA00D83C23B5A62C84359E1
+
+I=63
+PT=00000000000000020000000000000000
+CT=85D259A79CCA80484504D1603F7A8F53
+
+I=64
+PT=00000000000000010000000000000000
+CT=D8291FA1C6DC250078824B2D0A20883F
+
+I=65
+PT=00000000000000008000000000000000
+CT=95387CB74C48FFBD1F8D64A6CC45E074
+
+I=66
+PT=00000000000000004000000000000000
+CT=A17F975F538F56CDF629B516011DE837
+
+I=67
+PT=00000000000000002000000000000000
+CT=B50B615A1654C6E1CB6AB33716C097FE
+
+I=68
+PT=00000000000000001000000000000000
+CT=7BBB2CBB874DF6C8B821DA7FB0F9011B
+
+I=69
+PT=00000000000000000800000000000000
+CT=E9EFE074D096A275E47CD2E6206DF6A1
+
+I=70
+PT=00000000000000000400000000000000
+CT=88F2F8D5A836406AE8BBB98C65BBDA55
+
+I=71
+PT=00000000000000000200000000000000
+CT=F64620D8D87585A3EF038B9AD58F5EA0
+
+I=72
+PT=00000000000000000100000000000000
+CT=694438EC141C8ED5F2F898B4554A298F
+
+I=73
+PT=00000000000000000080000000000000
+CT=3E6226EC7726A1EE5F5FA9B18CCE8C44
+
+I=74
+PT=00000000000000000040000000000000
+CT=8AB6949E79911647800B9E87362AB97A
+
+I=75
+PT=00000000000000000020000000000000
+CT=093C5CF24EDAF7F9F1C8A80DE4FF50A9
+
+I=76
+PT=00000000000000000010000000000000
+CT=28A36E50061F19E240351ED0E378CBF4
+
+I=77
+PT=00000000000000000008000000000000
+CT=B93BB36CB88BF26EA79198652AA51D3C
+
+I=78
+PT=00000000000000000004000000000000
+CT=DE4948083D044FAC9BCA6DA8CD67B8A6
+
+I=79
+PT=00000000000000000002000000000000
+CT=6E778B5BDA6CA118117E47470D080D3C
+
+I=80
+PT=00000000000000000001000000000000
+CT=0A9107324DA32B4281D032A3487EF875
+
+I=81
+PT=00000000000000000000800000000000
+CT=18ED5635312D71ABD123CCE779D4D68A
+
+I=82
+PT=00000000000000000000400000000000
+CT=2E3C63F95C4BC1F944BAB06DEDC9AA8E
+
+I=83
+PT=00000000000000000000200000000000
+CT=ACCC869EF07004C8C3C709083BE7BA2F
+
+I=84
+PT=00000000000000000000100000000000
+CT=DF60B34FB1A59147CC1FB049C1578206
+
+I=85
+PT=00000000000000000000080000000000
+CT=4228DC636C08E41021054AA0E1E2227A
+
+I=86
+PT=00000000000000000000040000000000
+CT=7CE27F66EFD735FFD6B3E1738C50495B
+
+I=87
+PT=00000000000000000000020000000000
+CT=F8E74B33A9CDE351DA0BBC06D69093D7
+
+I=88
+PT=00000000000000000000010000000000
+CT=AE0D22A5B37B8DC5D81CC641EED334D0
+
+I=89
+PT=00000000000000000000008000000000
+CT=C181C6CA5E163743458B9167A0B6A16A
+
+I=90
+PT=00000000000000000000004000000000
+CT=5171F4F6095E4B276CFBA1F07223FBE6
+
+I=91
+PT=00000000000000000000002000000000
+CT=2732F4D3A8C9D1D8D493840D6E0B864F
+
+I=92
+PT=00000000000000000000001000000000
+CT=3EF04E0059A061D973532CA5C1DFBE7B
+
+I=93
+PT=00000000000000000000000800000000
+CT=6D9A8F23579E4978EBAA87B5ADEB77E5
+
+I=94
+PT=00000000000000000000000400000000
+CT=BBD08873CC44BA4253C0C41FEEB7F124
+
+I=95
+PT=00000000000000000000000200000000
+CT=72E4B2437CBD283F3809CE686F6A591E
+
+I=96
+PT=00000000000000000000000100000000
+CT=6E5580514B92512B1BF4B1B987B9AA1B
+
+I=97
+PT=00000000000000000000000080000000
+CT=5EF5D0C5BCBDCB604D3A083B68CE0FA3
+
+I=98
+PT=00000000000000000000000040000000
+CT=9D991FDD723AD2182777A15CA0E0F665
+
+I=99
+PT=00000000000000000000000020000000
+CT=24440626EFC8F86BEA7DE78085AB8A22
+
+I=100
+PT=00000000000000000000000010000000
+CT=17C3630D62D13C1E826C0FCCBD74A864
+
+I=101
+PT=00000000000000000000000008000000
+CT=4CF5AB86A56AB134A7FE46CCE3F9FCE9
+
+I=102
+PT=00000000000000000000000004000000
+CT=3E6B9C0388F6D9B8F458F30221907607
+
+I=103
+PT=00000000000000000000000002000000
+CT=AD9C926B8A5CD98EEE88200617E59958
+
+I=104
+PT=00000000000000000000000001000000
+CT=AFF8AED5E075E02AF720CA4BF0028B3B
+
+I=105
+PT=00000000000000000000000000800000
+CT=D90EAFF909202BB209BB3BB8C7F9A954
+
+I=106
+PT=00000000000000000000000000400000
+CT=2C709B00E6A22F00F64A7D8EE341853F
+
+I=107
+PT=00000000000000000000000000200000
+CT=CCEC598F0D9F0BF201B2F487136D54A4
+
+I=108
+PT=00000000000000000000000000100000
+CT=73B2883A0A166AAE1BF14E60A5195FA3
+
+I=109
+PT=00000000000000000000000000080000
+CT=E676867BD9AD5EF915143388496779D7
+
+I=110
+PT=00000000000000000000000000040000
+CT=CDCB73D1BFCFD4BE7F1DAA9B1C6A4055
+
+I=111
+PT=00000000000000000000000000020000
+CT=02A3A5C89DAA24CD2C517F7A73286A89
+
+I=112
+PT=00000000000000000000000000010000
+CT=C0FA2AC9E92EE58C2DD12D6D43AB7035
+
+I=113
+PT=00000000000000000000000000008000
+CT=EDC2CB1F7291353BDBF2385519E6AE16
+
+I=114
+PT=00000000000000000000000000004000
+CT=B4B62D16D197A98CD3B978812B9D9884
+
+I=115
+PT=00000000000000000000000000002000
+CT=5CDFC95A529A905101CEA26BC1B891ED
+
+I=116
+PT=00000000000000000000000000001000
+CT=CC7150CD3650B98363296C7C4ED368D1
+
+I=117
+PT=00000000000000000000000000000800
+CT=CC57706B0C6526B8E25A5DBD32EACBDB
+
+I=118
+PT=00000000000000000000000000000400
+CT=30D30456AD98B182D64C649648F6AEC9
+
+I=119
+PT=00000000000000000000000000000200
+CT=D7E9DA7F631938EB649A08AF82FBD75F
+
+I=120
+PT=00000000000000000000000000000100
+CT=B8DA2AF6600B07895B5D0FFAF4991469
+
+I=121
+PT=00000000000000000000000000000080
+CT=0F6F64F930BA6C178943322B98114599
+
+I=122
+PT=00000000000000000000000000000040
+CT=8B1F247802E47C91BEE2AA34ECFD7A01
+
+I=123
+PT=00000000000000000000000000000020
+CT=7A6985778D3A66E97F23E01F0D0E45E7
+
+I=124
+PT=00000000000000000000000000000010
+CT=BA664AC39855518DFDEE10D1B3111FAE
+
+I=125
+PT=00000000000000000000000000000008
+CT=7C92854D801A1648F65CA81813DDBF83
+
+I=126
+PT=00000000000000000000000000000004
+CT=6A3F25AAB7E92D9CF378E5D9C040F26B
+
+I=127
+PT=00000000000000000000000000000002
+CT=3D4B2CDE666761BA5DFB305178E667FB
+
+I=128
+PT=00000000000000000000000000000001
+CT=9CDB269B5D293BC5DB9C55B057D9B591
+
+==========
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/pom.xml b/haox-kerb/kerb-identity/pom.xml
new file mode 100644
index 0000000..1f216aa
--- /dev/null
+++ b/haox-kerb/kerb-identity/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-identity</artifactId>
+
+ <name>Haox-kerb Identity</name>
+ <description>Haox-kerb Identity</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-crypto</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Attribute.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Attribute.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Attribute.java
new file mode 100644
index 0000000..d2c9479
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Attribute.java
@@ -0,0 +1,17 @@
+package org.apache.kerberos.kerb.identity;
+
+public abstract class Attribute {
+ private String name;
+
+ public Attribute(String name) {
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/ComplexAttribute.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/ComplexAttribute.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/ComplexAttribute.java
new file mode 100644
index 0000000..dc13144
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/ComplexAttribute.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.identity;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class ComplexAttribute extends Attribute {
+ private List<String> values;
+
+ public ComplexAttribute(String name) {
+ super(name);
+ this.values = new ArrayList<String>(1);
+ }
+
+ public List<String> getValues() {
+ return Collections.unmodifiableList(values);
+ }
+
+ public void setValues(List<String> values) {
+ this.values.clear();
+ this.values.addAll(values);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Identity.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Identity.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Identity.java
new file mode 100644
index 0000000..cce9c16
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/Identity.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.identity;
+
+import java.util.*;
+
+public class Identity {
+ private String name;
+ private Map<String, Attribute> attributes;
+
+ public Identity(String name) {
+ this.name = name;
+ this.attributes = new HashMap<String, Attribute>();
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void addAttribute(String name, String value) {
+ attributes.put(name, new SimpleAttribute(name, value));
+ }
+
+ public void addAttribute(Attribute attribute) {
+ attributes.put(attribute.getName(), attribute);
+ }
+
+ public Set<String> getAttributes() {
+ return Collections.unmodifiableSet(attributes.keySet());
+ }
+
+ public String getSimpleAttribute(String name) {
+ Attribute attr = attributes.get(name);
+ if (! (attr instanceof SimpleAttribute)) {
+ throw new RuntimeException("Not simple attribute");
+ }
+ return ((SimpleAttribute) attr).getValue();
+ }
+
+ public void setAttributes(List<Attribute> attributes) {
+ this.attributes.clear();
+ for (Attribute attr : attributes) {
+ addAttribute(attr);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/IdentityService.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/IdentityService.java
new file mode 100644
index 0000000..9201f2e
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/IdentityService.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.identity;
+
+import java.util.List;
+
+public interface IdentityService {
+ public List<KrbIdentity> getIdentities();
+ public boolean checkIdentity(String name);
+ public KrbIdentity getIdentity(String name);
+ public void addIdentity(KrbIdentity identity);
+ public void updateIdentity(KrbIdentity identity);
+ public void deleteIdentity(KrbIdentity identity);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbAttributes.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbAttributes.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbAttributes.java
new file mode 100644
index 0000000..0939cf2
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbAttributes.java
@@ -0,0 +1,6 @@
+package org.apache.kerberos.kerb.identity;
+
+public class KrbAttributes {
+ public static final String PRINCIPAL = "principal";
+ public static final String PASSWORD = "password";
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbIdentity.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbIdentity.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbIdentity.java
new file mode 100644
index 0000000..a672b01
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/KrbIdentity.java
@@ -0,0 +1,107 @@
+package org.apache.kerberos.kerb.identity;
+
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class KrbIdentity {
+ private String principalName;
+ private PrincipalName principal;
+ private int keyVersion = 1;
+ private int kdcFlags = 0;
+ private boolean disabled = false;
+ private boolean locked = false;
+ private KerberosTime expireTime = KerberosTime.NEVER;
+ private KerberosTime createdTime = KerberosTime.now();
+
+ private Map<EncryptionType, EncryptionKey> keys =
+ new HashMap<EncryptionType, EncryptionKey>();
+
+ public KrbIdentity(String principalName) {
+ this.principalName = principalName;
+ this.principal = new PrincipalName(principalName);
+ }
+
+ public String getPrincipalName() {
+ return principalName;
+ }
+
+ public void setPrincipal(PrincipalName principal) {
+ this.principal = principal;
+ }
+
+ public PrincipalName getPrincipal() {
+ return principal;
+ }
+
+ public void setKeyVersion(int keyVersion) {
+ this.keyVersion = keyVersion;
+ }
+
+ public void setKdcFlags(int kdcFlags) {
+ this.kdcFlags = kdcFlags;
+ }
+
+ public void setDisabled(boolean disabled) {
+ this.disabled = disabled;
+ }
+
+ public void setLocked(boolean locked) {
+ this.locked = locked;
+ }
+
+ public void setExpireTime(KerberosTime expireTime) {
+ this.expireTime = expireTime;
+ }
+
+ public KerberosTime getExpireTime() {
+ return expireTime;
+ }
+
+ public KerberosTime getCreatedTime() {
+ return createdTime;
+ }
+
+ public void setCreatedTime(KerberosTime createdTime) {
+ this.createdTime = createdTime;
+ }
+
+ public boolean isDisabled() {
+ return disabled;
+ }
+
+ public boolean isLocked() {
+ return locked;
+ }
+
+ public void addKey(EncryptionKey encKey) {
+ keys.put(encKey.getKeyType(), encKey);
+ }
+
+ public void addKeys(List<EncryptionKey> encKeys) {
+ for (EncryptionKey key : encKeys) {
+ keys.put(key.getKeyType(), key);
+ }
+ }
+
+ public Map<EncryptionType, EncryptionKey> getKeys() {
+ return keys;
+ }
+
+ public EncryptionKey getKey(EncryptionType encType) {
+ return keys.get(encType);
+ }
+
+ public int getKdcFlags() {
+ return kdcFlags;
+ }
+
+ public int getKeyVersion() {
+ return keyVersion;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/SimpleAttribute.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/SimpleAttribute.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/SimpleAttribute.java
new file mode 100644
index 0000000..5774dfa
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/SimpleAttribute.java
@@ -0,0 +1,18 @@
+package org.apache.kerberos.kerb.identity;
+
+public class SimpleAttribute extends Attribute {
+ private String value;
+
+ public SimpleAttribute(String name, String value) {
+ super(name);
+ this.value = value;
+ }
+
+ public String getValue() {
+ return value;
+ }
+
+ public void setValue(String value) {
+ this.value = value;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
new file mode 100644
index 0000000..7adac7c
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -0,0 +1,7 @@
+package org.apache.kerberos.kerb.identity.backend;
+
+import org.apache.kerberos.kerb.identity.IdentityService;
+
+public abstract class AbstractIdentityBackend implements IdentityService {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
new file mode 100644
index 0000000..5a63f7e
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
@@ -0,0 +1,57 @@
+package org.apache.kerberos.kerb.identity.backend;
+
+import org.apache.kerberos.kerb.identity.KrbIdentity;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class InMemoryIdentityBackend extends AbstractIdentityBackend {
+
+ private Map<String, KrbIdentity> identities;
+
+ public InMemoryIdentityBackend() {
+ this.identities = new HashMap<String, KrbIdentity>();
+ }
+
+ public InMemoryIdentityBackend(Map<String, KrbIdentity> identities) {
+ this();
+ this.identities.putAll(identities);
+ }
+
+ @Override
+ public List<KrbIdentity> getIdentities() {
+ List<KrbIdentity> results = new ArrayList<KrbIdentity>(identities.size());
+ results.addAll(identities.values());
+ return results;
+ }
+
+ @Override
+ public boolean checkIdentity(String name) {
+ return identities.containsKey(name);
+ }
+
+ @Override
+ public KrbIdentity getIdentity(String name) {
+ if (identities.containsKey(name)) {
+ return identities.get(name);
+ }
+ return null;
+ }
+
+ @Override
+ public void addIdentity(KrbIdentity identity) {
+ identities.put(identity.getPrincipalName(), identity);
+ }
+
+ @Override
+ public void updateIdentity(KrbIdentity identity) {
+ identities.put(identity.getPrincipalName(), identity);
+ }
+
+ @Override
+ public void deleteIdentity(KrbIdentity identity) {
+ identities.remove(identity.getPrincipalName());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/SimpleIdentityBackend.java b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
new file mode 100644
index 0000000..a74e453
--- /dev/null
+++ b/haox-kerb/kerb-identity/src/main/java/org/apache/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.identity.backend;
+
+import java.io.File;
+
+public class SimpleIdentityBackend extends InMemoryIdentityBackend {
+
+ private File identityFile;
+
+ public SimpleIdentityBackend(File identityFile) {
+ super();
+ this.identityFile = identityFile;
+ }
+
+ /**
+ * Load identities from file
+ */
+ public void load() {
+ // todo
+ }
+
+ /**
+ * Persist the updated identities back
+ */
+ public void save() {
+ // todo
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-kdc-test/pom.xml b/haox-kerb/kerb-kdc-test/pom.xml
new file mode 100644
index 0000000..839ca76
--- /dev/null
+++ b/haox-kerb/kerb-kdc-test/pom.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-kdc-test</artifactId>
+
+ <name>Haox-kerb-KdcTest</name>
+ <description>Haox-kerb Kdc Test</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-server</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-pkix</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
[15/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Type.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Type.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Type.java
new file mode 100644
index 0000000..a4e89c8
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Type.java
@@ -0,0 +1,22 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.TaggingOption;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public interface Asn1Type {
+ public int tagFlags();
+ public int tagNo();
+ public void setEncodingOption(EncodingOption encodingOption);
+ public int encodingLength();
+ public byte[] encode();
+ public void encode(ByteBuffer buffer);
+ public void decode(byte[] content) throws IOException;
+ public void decode(ByteBuffer content) throws IOException;
+ public byte[] taggedEncode(TaggingOption taggingOption);
+ public void taggedEncode(ByteBuffer buffer, TaggingOption taggingOption);
+ public void taggedDecode(ByteBuffer content, TaggingOption taggingOption) throws IOException;
+ public void taggedDecode(byte[] content, TaggingOption taggingOption) throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UniversalString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UniversalString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UniversalString.java
new file mode 100644
index 0000000..2297cfc
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UniversalString.java
@@ -0,0 +1,14 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1UniversalString extends Asn1String
+{
+ public Asn1UniversalString() {
+ this(null);
+ }
+
+ public Asn1UniversalString(String value) {
+ super(UniversalTag.UNIVERSAL_STRING, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UtcTime.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UtcTime.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UtcTime.java
new file mode 100644
index 0000000..44cbc26
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1UtcTime.java
@@ -0,0 +1,70 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.SimpleTimeZone;
+
+public class Asn1UtcTime extends Asn1Simple<Date>
+{
+ public Asn1UtcTime() {
+ this(null);
+ }
+
+ public Asn1UtcTime(long time) {
+ super(UniversalTag.UTC_TIME, new Date(time * 1000L));
+ }
+
+ public Asn1UtcTime(Date date) {
+ super(UniversalTag.UTC_TIME, date);
+ }
+
+ protected void toValue() throws IOException {
+ String dateStr = new String(getBytes(), StandardCharsets.US_ASCII);
+ String fixedDateStr = dateStr;
+
+ /*
+ * Make sure fixed date str be of the complete pattern 'YYMMDDhhmmss+/-hhmm'
+ */
+ int strLen = fixedDateStr.length();
+ if (strLen == 6) { // YYMMDD
+ fixedDateStr += "000000+0000";
+ } else if (strLen == 7) { // YYMMDDZ
+ fixedDateStr = fixedDateStr.replace("Z", "000000+0000");
+ } else if (strLen == 10) { // YYMMDDhhmm
+ fixedDateStr += "00+0000";
+ } else if (strLen == 11) { // YYMMDDhhmmZ
+ fixedDateStr = fixedDateStr.replace("Z", "00+0000");
+ } else if (strLen == 12) { // YYMMDDhhmmss
+ fixedDateStr += "+0000";
+ } else if (strLen == 13) { // YYMMDDhhmmZ
+ fixedDateStr = fixedDateStr.replace("Z", "+0000");
+ } else if (strLen != 17) {
+ throw new IllegalArgumentException("Bad utc time string " + dateStr);
+ }
+
+ SimpleDateFormat sdf;
+ sdf = new SimpleDateFormat("yyMMddHHmmssZ");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ try {
+ setValue(sdf.parse(fixedDateStr));
+ } catch (ParseException e) {
+ throw new IOException("Failed to parse " + dateStr + " as utc time", e);
+ }
+ }
+
+ @Override
+ protected void toBytes() {
+ Date date = getValue();
+ SimpleDateFormat sdf = new SimpleDateFormat("yyMMddHHmmss'Z'");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+ String str = sdf.format(date);
+ byte[] bytes = str.getBytes(StandardCharsets.US_ASCII);
+ setBytes(bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Utf8String.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Utf8String.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Utf8String.java
new file mode 100644
index 0000000..06d19e8
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Utf8String.java
@@ -0,0 +1,28 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+public class Asn1Utf8String extends Asn1String
+{
+ public Asn1Utf8String() {
+ this(null);
+ }
+
+ public Asn1Utf8String(String value) {
+ super(UniversalTag.UTF8_STRING, value);
+ }
+
+ @Override
+ protected void toBytes() {
+ byte[] bytes = getValue().getBytes(StandardCharsets.UTF_8);
+ setBytes(bytes);
+ }
+
+ protected void toValue() throws IOException {
+ byte[] bytes = getBytes();
+ setValue(new String(bytes, StandardCharsets.UTF_8));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1VisibleString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1VisibleString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1VisibleString.java
new file mode 100644
index 0000000..d3e043d
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1VisibleString.java
@@ -0,0 +1,14 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1VisibleString extends Asn1String
+{
+ public Asn1VisibleString() {
+ this(null);
+ }
+
+ public Asn1VisibleString(String value) {
+ super(UniversalTag.VISIBLE_STRING, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingCollection.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingCollection.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingCollection.java
new file mode 100644
index 0000000..1d5d884
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingCollection.java
@@ -0,0 +1,86 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TagClass;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * For tagging a collection type with tagNo, either application specific or context specific class
+ */
+public abstract class TaggingCollection extends AbstractAsn1Type<Asn1CollectionType> {
+ private Asn1Tagging<Asn1CollectionType> tagging;
+ private Asn1CollectionType tagged;
+
+ public TaggingCollection(int taggingTagNo, Asn1FieldInfo[] tags, boolean isAppSpecific) {
+ super(isAppSpecific ? TagClass.APPLICATION : TagClass.CONTEXT_SPECIFIC, taggingTagNo);
+ this.tagged = createTaggedCollection(tags);
+ setValue(tagged);
+ this.tagging = new Asn1Tagging<Asn1CollectionType>(taggingTagNo, tagged, isAppSpecific);
+ setEncodingOption(EncodingOption.EXPLICIT);
+ }
+
+ protected abstract Asn1CollectionType createTaggedCollection(Asn1FieldInfo[] tags);
+
+ public void setEncodingOption(EncodingOption encodingOption) {
+ tagging.setEncodingOption(encodingOption);
+ }
+
+ @Override
+ public boolean isConstructed() {
+ return tagging.isConstructed();
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return tagging.encodingBodyLength();
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ tagging.encodeBody(buffer);
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ tagging.decodeBody(content);
+ }
+
+ protected <T extends Asn1Type> T getFieldAs(int index, Class<T> t) {
+ return tagged.getFieldAs(index, t);
+ }
+
+ protected void setFieldAs(int index, Asn1Type value) {
+ tagged.setFieldAs(index, value);
+ }
+
+ protected String getFieldAsString(int index) {
+ return tagged.getFieldAsString(index);
+ }
+
+ protected byte[] getFieldAsOctets(int index) {
+ return tagged.getFieldAsOctets(index);
+ }
+
+ protected void setFieldAsOctets(int index, byte[] bytes) {
+ tagged.setFieldAsOctets(index, bytes);
+ }
+
+ protected Integer getFieldAsInteger(int index) {
+ return tagged.getFieldAsInteger(index);
+ }
+
+ protected void setFieldAsInt(int index, int value) {
+ tagged.setFieldAsInt(index, value);
+ }
+
+ protected byte[] getFieldAsOctetBytes(int index) {
+ return tagged.getFieldAsOctets(index);
+ }
+
+ protected void setFieldAsOctetBytes(int index, byte[] value) {
+ tagged.setFieldAsOctets(index, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSequence.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSequence.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSequence.java
new file mode 100644
index 0000000..53ccaa1
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSequence.java
@@ -0,0 +1,16 @@
+package org.apache.haox.asn1.type;
+
+/**
+ * For tagging a sequence type with tagNo, either application specific or context specific class
+ */
+public class TaggingSequence extends TaggingCollection {
+
+ public TaggingSequence(int taggingTagNo, Asn1FieldInfo[] tags, boolean isAppSpecific) {
+ super(taggingTagNo, tags, isAppSpecific);
+ }
+
+ @Override
+ protected Asn1CollectionType createTaggedCollection(Asn1FieldInfo[] tags) {
+ return new Asn1SequenceType(tags);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSet.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSet.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSet.java
new file mode 100644
index 0000000..81bbd16
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/TaggingSet.java
@@ -0,0 +1,16 @@
+package org.apache.haox.asn1.type;
+
+/**
+ * For tagging a sequence type with tagNo, either application specific or context specific class
+ */
+public class TaggingSet extends TaggingCollection {
+
+ public TaggingSet(int taggingTagNo, Asn1FieldInfo[] tags, boolean isAppSpecific) {
+ super(taggingTagNo, tags, isAppSpecific);
+ }
+
+ @Override
+ protected Asn1CollectionType createTaggedCollection(Asn1FieldInfo[] tags) {
+ return new Asn1SetType(tags);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/PersonnelRecord.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/PersonnelRecord.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/PersonnelRecord.java
new file mode 100644
index 0000000..59797bf
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/PersonnelRecord.java
@@ -0,0 +1,190 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.type.*;
+
+/**
+ * Ref. X.690-0207(http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf),
+ * Annex A, A.1 ASN.1 description of the record structure
+ */
+public class PersonnelRecord extends TaggingSet {
+ private static int NAME = 0;
+ private static int TITLE = 1;
+ private static int NUMBER = 2;
+ private static int DATEOFHIRE= 3;
+ private static int NAMEOFSPOUSE = 4;
+ private static int CHILDREN = 5;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME, -1, Name.class),
+ new Asn1FieldInfo(TITLE, 0, Asn1VisibleString.class),
+ new Asn1FieldInfo(NUMBER, -1, EmployeeNumber.class),
+ new Asn1FieldInfo(DATEOFHIRE, 1, Date.class),
+ new Asn1FieldInfo(NAMEOFSPOUSE, 2, Name.class),
+ new Asn1FieldInfo(CHILDREN, 3, Children.class, true)
+ };
+
+ public PersonnelRecord() {
+ super(0, fieldInfos, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(NAME, Name.class);
+ }
+
+ public void setTitle(String title) {
+ setFieldAs(TITLE, new Asn1VisibleString(title));
+ }
+
+ public String getTitle() {
+ return getFieldAsString(TITLE);
+ }
+
+ public void setEmployeeNumber(EmployeeNumber employeeNumber) {
+ setFieldAs(NUMBER, employeeNumber);
+ }
+
+ public EmployeeNumber getEmployeeNumber() {
+ return getFieldAs(NUMBER, EmployeeNumber.class);
+ }
+
+ public void setDateOfHire(Date dateOfHire) {
+ setFieldAs(DATEOFHIRE, dateOfHire);
+ }
+
+ public Date getDateOfHire() {
+ return getFieldAs(DATEOFHIRE, Date.class);
+ }
+
+ public void setNameOfSpouse(Name spouse) {
+ setFieldAs(NAMEOFSPOUSE, spouse);
+ }
+
+ public Name getNameOfSpouse() {
+ return getFieldAs(NAMEOFSPOUSE, Name.class);
+ }
+
+ public void setChildren(Children children) {
+ setFieldAs(CHILDREN, children);
+ }
+
+ public Children getChildren() {
+ return getFieldAs(CHILDREN, Children.class);
+ }
+
+ public static class Children extends Asn1SequenceOf<ChildInformation> {
+ public Children(ChildInformation ... children) {
+ super();
+ for (ChildInformation child : children) {
+ addElement(child);
+ }
+ }
+
+ public Children() {
+ super();
+ }
+ }
+
+ public static class ChildInformation extends Asn1SetType {
+ private static int NAME = 0;
+ private static int DATEOFBIRTH = 1;
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME, -1, Name.class),
+ new Asn1FieldInfo(DATEOFBIRTH, 0, Date.class)
+ };
+
+ public ChildInformation() {
+ super(tags);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(NAME, Name.class);
+ }
+
+ public void setDateOfBirth(Date date) {
+ setFieldAs(DATEOFBIRTH, date);
+ }
+
+ public Date getDateOfBirth() {
+ return getFieldAs(DATEOFBIRTH, Date.class);
+ }
+ }
+
+ public static class Name extends TaggingSequence {
+ private static int GIVENNAME = 0;
+ private static int INITIAL = 1;
+ private static int FAMILYNAME = 2;
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(GIVENNAME, -1, Asn1VisibleString.class),
+ new Asn1FieldInfo(INITIAL, -1, Asn1VisibleString.class),
+ new Asn1FieldInfo(FAMILYNAME, -1, Asn1VisibleString.class)
+ };
+
+ public Name() {
+ super(1, tags, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+
+ public Name(String givenName, String initial, String familyName) {
+ this();
+ setGivenName(givenName);
+ setInitial(initial);
+ setFamilyName(familyName);
+ }
+
+ public void setGivenName(String givenName) {
+ setFieldAs(GIVENNAME, new Asn1VisibleString(givenName));
+ }
+
+ public String getGivenName() {
+ return getFieldAsString(GIVENNAME);
+ }
+
+ public void setInitial(String initial) {
+ setFieldAs(INITIAL, new Asn1VisibleString(initial));
+ }
+
+ public String getInitial() {
+ return getFieldAsString(INITIAL);
+ }
+
+ public void setFamilyName(String familyName) {
+ setFieldAs(FAMILYNAME, new Asn1VisibleString(familyName));
+ }
+
+ public String getFamilyName() {
+ return getFieldAsString(FAMILYNAME);
+ }
+ }
+
+ public static class EmployeeNumber extends Asn1Tagging<Asn1Integer> {
+ public EmployeeNumber(Integer value) {
+ super(2, new Asn1Integer(value), true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public EmployeeNumber() {
+ this(null);
+ }
+ }
+
+ public static class Date extends Asn1Tagging<Asn1VisibleString> {
+ public Date(String value) {
+ super(3, new Asn1VisibleString(value), true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public Date() {
+ this(null);
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Boolean.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Boolean.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Boolean.java
new file mode 100644
index 0000000..114a59c
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Boolean.java
@@ -0,0 +1,37 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.Asn1Boolean;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class TestAsn1Boolean {
+
+ @Test
+ public void testEncoding() {
+ testEncodingWith(true, "0x01 01 FF");
+ testEncodingWith(false, "0x01 01 00");
+ }
+
+ private void testEncodingWith(Boolean value, String expectedEncoding) {
+ byte[] expected = Util.hex2bytes(expectedEncoding);
+ Asn1Boolean aValue = new Asn1Boolean(value);
+ aValue.setEncodingOption(EncodingOption.DER);
+ byte[] encodingBytes = aValue.encode();
+ Assert.assertArrayEquals(expected, encodingBytes);
+ }
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith(true, "0x01 01 FF");
+ testDecodingWith(false, "0x01 01 00");
+ }
+
+ private void testDecodingWith(Boolean expectedValue, String content) throws IOException {
+ Asn1Boolean decoded = new Asn1Boolean();
+ decoded.setEncodingOption(EncodingOption.DER);
+ decoded.decode(Util.hex2bytes(content));
+ Assert.assertEquals(expectedValue, decoded.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Collection.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Collection.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Collection.java
new file mode 100644
index 0000000..7117a76
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Collection.java
@@ -0,0 +1,36 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.*;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class TestAsn1Collection {
+ static String TEST_STR = "Jones";
+ static Boolean TEST_BOOL = true;
+ static byte[] EXPECTED_BYTES = new byte[] {(byte) 0x30, (byte) 0x0A,
+ (byte) 0x16, (byte) 0x05, (byte) 0x4A, (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x73,
+ (byte) 0x01, (byte) 0x01, (byte) 0xFF
+ };
+
+ @Test
+ public void testSequenceEncoding() {
+ Asn1Sequence seq = new Asn1Sequence();
+ seq.addItem(new Asn1IA5String(TEST_STR));
+ seq.addItem(new Asn1Boolean(TEST_BOOL));
+
+ Assert.assertArrayEquals(EXPECTED_BYTES, seq.encode());
+ }
+
+ @Test
+ public void testSequenceDecoding() throws IOException {
+ Asn1Sequence seq = new Asn1Sequence();
+ seq.decode(EXPECTED_BYTES);
+ AbstractAsn1Type field = (AbstractAsn1Type) seq.getValue().get(0).getValue();
+ Assert.assertEquals(TEST_STR, field.getValue());
+
+ field = (AbstractAsn1Type) seq.getValue().get(1).getValue();
+ Assert.assertEquals(TEST_BOOL, field.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Input.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Input.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Input.java
new file mode 100644
index 0000000..fd803cf
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Input.java
@@ -0,0 +1,16 @@
+package org.apache.haox.asn1;
+
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class TestAsn1Input {
+
+ @Test
+ public void testDecoding() throws IOException {
+ //PersonnelRecord expected = TestData.createSamplePersonnel();
+ byte[] data = TestData.createSammplePersonnelEncodingData();
+ //Asn1InputBuffer ib = new Asn1InputBuffer(data);
+ Asn1Dump.dump(data);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Integer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Integer.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Integer.java
new file mode 100644
index 0000000..2766ea4
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1Integer.java
@@ -0,0 +1,51 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class TestAsn1Integer {
+
+ @Test
+ public void testEncoding() {
+ testEncodingWith(0, "0x02 01 00");
+ testEncodingWith(1, "0x02 01 01");
+ testEncodingWith(2, "0x02 01 02");
+ testEncodingWith(127, "0x02 01 7F");
+ testEncodingWith(128, "0x02 02 00 80");
+ testEncodingWith(-1, "0x02 01 FF");
+ testEncodingWith(-128, "0x02 01 80");
+ testEncodingWith(-32768, "0x02 02 80 00");
+ testEncodingWith(1234567890, "0x02 04 49 96 02 D2");
+ }
+
+ private void testEncodingWith(int value, String expectedEncoding) {
+ byte[] expected = Util.hex2bytes(expectedEncoding);
+ Asn1Integer aValue = new Asn1Integer(value);
+ aValue.setEncodingOption(EncodingOption.DER);
+ byte[] encodingBytes = aValue.encode();
+ Assert.assertArrayEquals(expected, encodingBytes);
+ }
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith(0, "0x02 01 00");
+ testDecodingWith(1, "0x02 01 01");
+ testDecodingWith(2, "0x02 01 02");
+ testDecodingWith(127, "0x02 01 7F");
+ testDecodingWith(128, "0x02 02 00 80");
+ testDecodingWith(-1, "0x02 01 FF");
+ testDecodingWith(-128, "0x02 01 80");
+ testDecodingWith(-32768, "0x02 02 80 00");
+ testDecodingWith(1234567890, "0x02 04 49 96 02 D2");
+ }
+
+ private void testDecodingWith(Integer expectedValue, String content) throws IOException {
+ Asn1Integer decoded = new Asn1Integer();
+ decoded.setEncodingOption(EncodingOption.DER);
+ decoded.decode(Util.hex2bytes(content));
+ Assert.assertEquals(expectedValue, decoded.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1ObjectIdentifier.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1ObjectIdentifier.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1ObjectIdentifier.java
new file mode 100644
index 0000000..8fa3c3b
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1ObjectIdentifier.java
@@ -0,0 +1,45 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.Asn1ObjectIdentifier;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+public class TestAsn1ObjectIdentifier {
+
+ @Test
+ public void testEncoding() throws Exception {
+ /**
+ * Cryptography for Developers -> ASN.1 UTCTIME Type
+ * Applying this to the MD5 OID, we first transform the dotted decimal form into the
+ * array of words.Thus, 1.2.840.113549.2.5 becomes {42, 840, 113549, 2, 5}, and then further
+ * 404_CRYPTO_02.qxd 10/27/06 3:40 PM Page 36split into seven-bit digits with the proper most significant bits as
+ * {{0x2A}, {0x86, 0x48},{0x86, 0xF7, 0x0D}, {0x02}, {0x05}}.Therefore, the full encoding for MD5 is 0x06 08 2A
+ * 86 48 86 F7 0D 02 05.
+ */
+ testEncodingWith("1.2.840.113549.2.5",
+ "0x06 08 2A 86 48 86 F7 0D 02 05");
+ }
+
+ private void testEncodingWith(String oid, String expectedEncoding) {
+ byte[] expected = Util.hex2bytes(expectedEncoding);
+ Asn1ObjectIdentifier aValue = new Asn1ObjectIdentifier(oid);
+ aValue.setEncodingOption(EncodingOption.DER);
+ byte[] encodingBytes = aValue.encode();
+ Assert.assertArrayEquals(expected, encodingBytes);
+ }
+
+ @Test
+ public void testDecoding() throws Exception {
+ testDecodingWith("1.2.840.113549.2.5",
+ "0x06 08 2A 86 48 86 F7 0D 02 05");
+ }
+
+ private void testDecodingWith(String expectedValue, String content) throws IOException {
+ Asn1ObjectIdentifier decoded = new Asn1ObjectIdentifier();
+ decoded.setEncodingOption(EncodingOption.DER);
+ decoded.decode(Util.hex2bytes(content));
+ Assert.assertEquals(expectedValue, decoded.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1UtcTime.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1UtcTime.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1UtcTime.java
new file mode 100644
index 0000000..3de3b08
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestAsn1UtcTime.java
@@ -0,0 +1,51 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.Asn1UtcTime;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.SimpleTimeZone;
+
+public class TestAsn1UtcTime {
+
+ @Test
+ public void testEncoding() throws Exception {
+ /**
+ * Cryptography for Developers -> ASN.1 UTCTIME Type
+ * the encoding of July 4, 2003 at 11:33 and 28 seconds would be
+ “030704113328Z” and be encoded as 0x17 0D 30 33 30 37 30 34 31 31 33 33 32 38 5A.
+ */
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ String dateInString = "2003-07-04 11:33:28";
+ Date date = sdf.parse(dateInString);
+ testEncodingWith(date, "0x17 0D 30 33 30 37 30 34 31 31 33 33 32 38 5A");
+ }
+
+ private void testEncodingWith(Date value, String expectedEncoding) {
+ byte[] expected = Util.hex2bytes(expectedEncoding);
+ Asn1UtcTime aValue = new Asn1UtcTime(value);
+ aValue.setEncodingOption(EncodingOption.DER);
+ byte[] encodingBytes = aValue.encode();
+ Assert.assertArrayEquals(expected, encodingBytes);
+ }
+
+ @Test
+ public void testDecoding() throws Exception {
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+ String dateInString = "2003-07-04 11:33:28";
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ Date date = sdf.parse(dateInString);
+ testDecodingWith(date, "0x17 0D 30 33 30 37 30 34 31 31 33 33 32 38 5A");
+ }
+
+ private void testDecodingWith(Date expectedValue, String content) throws IOException {
+ Asn1UtcTime decoded = new Asn1UtcTime();
+ decoded.setEncodingOption(EncodingOption.DER);
+ decoded.decode(Util.hex2bytes(content));
+ Assert.assertEquals(expectedValue, decoded.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestData.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestData.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestData.java
new file mode 100644
index 0000000..e7855b8
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestData.java
@@ -0,0 +1,110 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.PersonnelRecord.*;
+
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+
+public class TestData {
+
+ public static PersonnelRecord createSamplePersonnel() {
+ PersonnelRecord pr = new PersonnelRecord();
+
+ pr.setName(new Name("John", "P", "Smith"));
+
+ pr.setTitle("Director");
+
+ pr.setEmployeeNumber(new EmployeeNumber(51));
+
+ pr.setDateOfHire(new Date("19710917"));
+
+ pr.setNameOfSpouse(new Name("Mary", "T", "Smith"));
+
+ ChildInformation child1 = new ChildInformation();
+ child1.setName(new Name("Ralph", "T", "Smith"));
+ child1.setDateOfBirth(new Date("19571111"));
+
+ ChildInformation child2 = new ChildInformation();
+ child2.setName(new Name("Susan", "B", "Jones"));
+ child2.setDateOfBirth(new Date("19590717"));
+
+ pr.setChildren(new Children(child1, child2));
+
+ return pr;
+ }
+
+ public static byte[] createSammplePersonnelEncodingData() {
+ class BufferOutput {
+ ByteBuffer buffer;
+
+ void put(byte ... bytes) {
+ buffer.put(bytes);
+ }
+
+ void put(String s) {
+ byte[] bytes = s.getBytes(StandardCharsets.US_ASCII);
+ buffer.put(bytes);
+ }
+
+ public byte[] output() {
+ int len = (int) 0x85 + 3;
+ buffer = ByteBuffer.allocate(len);
+
+ // personnel record
+ put((byte) 0x60, (byte) 0x81, (byte) 0x85);
+
+ // -name
+ put((byte) 0x61, (byte) 0x10);
+ put((byte) 0x1A, (byte) 0x04); put("John");
+ put((byte) 0x1A, (byte) 0x01); put("P");
+ put((byte) 0x1A, (byte) 0x05); put("Smith");
+
+ //-title
+ put((byte) 0xA0, (byte) 0x0A);
+ put((byte) 0x1A, (byte) 0x08); put("Director");
+
+ //-employee number
+ put((byte) 0x42, (byte) 0x01, (byte) 0x33);
+
+ //-date of hire
+ put((byte) 0xA1, (byte) 0x0A);
+ put((byte) 0x43, (byte) 0x08); put("19710917");
+
+ //-spouse
+ put((byte) 0xA2, (byte) 0x12);
+ put((byte) 0x61, (byte) 0x10);
+ put((byte) 0x1A, (byte) 0x04); put("Mary");
+ put((byte) 0x1A, (byte) 0x01); put("T");
+ put((byte) 0x1A, (byte) 0x05); put("Smith");
+
+ //-children
+ put((byte) 0xA3, (byte) 0x42);
+ //--child 1
+ put((byte) 0x31, (byte) 0x1F);
+ //---name
+ put((byte) 0x61, (byte) 0x11);
+ put((byte) 0x1A, (byte) 0x05); put("Ralph");
+ put((byte) 0x1A, (byte) 0x01); put("T");
+ put((byte) 0x1A, (byte) 0x05); put("Smith");
+ //-date of birth
+ put((byte) 0xA0, (byte) 0x0A);
+ put((byte) 0x43, (byte) 0x08); put("19571111");
+ //--child 2
+ put((byte) 0x31, (byte) 0x1F);
+ //---name
+ put((byte) 0x61, (byte) 0x11);
+ put((byte) 0x1A, (byte) 0x05); put("Susan");
+ put((byte) 0x1A, (byte) 0x01); put("B");
+ put((byte) 0x1A, (byte) 0x05); put("Jones");
+ //-date of birth
+ put((byte) 0xA0, (byte) 0x0A);
+ put((byte) 0x43, (byte) 0x08); put("19590717");
+
+ return buffer.array();
+ }
+ }
+
+ BufferOutput buffer = new BufferOutput();
+ return buffer.output();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestPersonnelRecord.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestPersonnelRecord.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestPersonnelRecord.java
new file mode 100644
index 0000000..6045c0c
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestPersonnelRecord.java
@@ -0,0 +1,107 @@
+package org.apache.haox.asn1;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+/**
+ * Ref. X.690-0207(http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf),
+ * Annex A, A.1 ASN.1 description of the record structure
+ */
+public class TestPersonnelRecord {
+
+ static boolean verbose = false;
+
+ @Test
+ public void testEncoding() {
+ PersonnelRecord pr = TestData.createSamplePersonnel();
+
+ if (verbose) {
+ System.out.println("Name:");
+ System.out.println(Util.bytesToHex(pr.getName().encode()));
+
+ /*
+ System.out.println("Title:");
+ System.out.println(Util.bytesToHex(pr.getFieldAs(1, Asn1VisibleString.class).encode()));
+
+ System.out.println("EmployeeNumber:");
+ System.out.println(Util.bytesToHex(pr.getFieldAs(2, EmployeeNumber.class).encode()));
+ */
+
+ System.out.println("DateOfHire:");
+ System.out.println(Util.bytesToHex(pr.getDateOfHire().encode()));
+
+ System.out.println("SpouseName:");
+ System.out.println(Util.bytesToHex(pr.getNameOfSpouse().encode()));
+
+ System.out.println("Child1:");
+ System.out.println(Util.bytesToHex(pr.getChildren().getElements().get(0).encode()));
+
+ System.out.println("Child2:");
+ System.out.println(Util.bytesToHex(pr.getChildren().getElements().get(1).encode()));
+
+ System.out.println("Children:");
+ System.out.println(Util.bytesToHex(pr.getChildren().encode()));
+ }
+
+ byte[] data = TestData.createSammplePersonnelEncodingData();
+ byte[] encoded = pr.encode();
+
+ if (verbose) {
+ System.out.println("ExpectedData:");
+ System.out.println(Util.bytesToHex(data));
+
+ System.out.println("Encoded:");
+ System.out.println(Util.bytesToHex(encoded));
+ }
+
+ Assert.assertArrayEquals(data, encoded);
+ }
+
+ @Test
+ public void testDecoding() throws IOException {
+ PersonnelRecord expected = TestData.createSamplePersonnel();
+ byte[] data = TestData.createSammplePersonnelEncodingData();
+ PersonnelRecord decoded = new PersonnelRecord();
+ decoded.decode(data);
+
+ Assert.assertEquals(expected.getName().getGivenName(),
+ decoded.getName().getGivenName());
+ Assert.assertEquals(expected.getName().getInitial(),
+ decoded.getName().getInitial());
+ Assert.assertEquals(expected.getName().getFamilyName(),
+ decoded.getName().getFamilyName());
+
+ Assert.assertEquals(expected.getDateOfHire().getValue().getValue(),
+ decoded.getDateOfHire().getValue().getValue());
+ Assert.assertEquals(expected.getTitle(), decoded.getTitle());
+ Assert.assertEquals(expected.getEmployeeNumber().getValue().getValue(),
+ decoded.getEmployeeNumber().getValue().getValue());
+
+ Assert.assertEquals(expected.getNameOfSpouse().getGivenName(),
+ decoded.getNameOfSpouse().getGivenName());
+ Assert.assertEquals(expected.getNameOfSpouse().getInitial(),
+ decoded.getNameOfSpouse().getInitial());
+ Assert.assertEquals(expected.getNameOfSpouse().getFamilyName(),
+ decoded.getNameOfSpouse().getFamilyName());
+
+ Assert.assertEquals(expected.getChildren().getElements().get(0).getName().getGivenName(),
+ decoded.getChildren().getElements().get(0).getName().getGivenName());
+ Assert.assertEquals(expected.getChildren().getElements().get(0).getName().getInitial(),
+ decoded.getChildren().getElements().get(0).getName().getInitial());
+ Assert.assertEquals(expected.getChildren().getElements().get(0).getName().getFamilyName(),
+ decoded.getChildren().getElements().get(0).getName().getFamilyName());
+ Assert.assertEquals(expected.getChildren().getElements().get(0).getDateOfBirth().getValue().getValue(),
+ decoded.getChildren().getElements().get(0).getDateOfBirth().getValue().getValue());
+
+ Assert.assertEquals(expected.getChildren().getElements().get(1).getName().getGivenName(),
+ decoded.getChildren().getElements().get(1).getName().getGivenName());
+ Assert.assertEquals(expected.getChildren().getElements().get(1).getName().getInitial(),
+ decoded.getChildren().getElements().get(1).getName().getInitial());
+ Assert.assertEquals(expected.getChildren().getElements().get(1).getName().getFamilyName(),
+ decoded.getChildren().getElements().get(1).getName().getFamilyName());
+ Assert.assertEquals(expected.getChildren().getElements().get(1).getDateOfBirth().getValue().getValue(),
+ decoded.getChildren().getElements().get(1).getDateOfBirth().getValue().getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestTaggingEncoding.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestTaggingEncoding.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestTaggingEncoding.java
new file mode 100644
index 0000000..ddd3481
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/TestTaggingEncoding.java
@@ -0,0 +1,186 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.TaggingOption;
+import org.apache.haox.asn1.type.Asn1Tagging;
+import org.apache.haox.asn1.type.Asn1VisibleString;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+/**
+ Ref. X.690-0207 8.14 Encoding of a tagged value
+ EXAMPLE
+ With ASN.1 type definitions (in an explicit tagging environment) of:
+ Type1 ::= VisibleString
+ Type2 ::= [APPLICATION 3] IMPLICIT Type1
+ Type3 ::= [2] Type2
+ Type4 ::= [APPLICATION 7] IMPLICIT Type3
+ Type5 ::= [2] IMPLICIT Type2
+ a value of:
+ "Jones"
+ is encoded as follows:
+ For Type1:
+ VisibleString Length Contents
+ 1A16 0516 4A6F6E657316
+ For Type2:
+ [Application 3] Length Contents
+ 4316 0516 4A6F6E657316
+ For Type3:
+ [2] Length Contents
+ A216 0716
+ [APPLICATION 3] Length Contents
+ 4316 0516 4A6F6E657316
+ For Type4:
+ [Application 7] Length Contents
+ 6716 0716
+ [APPLICATION 3] Length Contents
+ 4316 0516 4A6F6E657316
+ For Type5:
+ [2] Length Contents
+ 8216 0516 4A6F6E657316
+ */
+
+public class TestTaggingEncoding {
+ static final String TEST_STRING = "Jones";
+ static byte[] TYPE1_EXPECTED_BYTES = new byte[] {(byte) 0x1A, (byte) 0x05, (byte) 0x4A, (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x73};
+ static byte[] TYPE2_EXPECTED_BYTES = new byte[] {(byte) 0x43, (byte) 0x05, (byte) 0x4A, (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x73};
+ static byte[] TYPE3_EXPECTED_BYTES = new byte[] {(byte) 0xA2, (byte) 0x07, (byte) 0x43, (byte) 0x05, (byte) 0x4A, (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x73};
+ static byte[] TYPE4_EXPECTED_BYTES = new byte[] {(byte) 0x67, (byte) 0x07, (byte) 0x43, (byte) 0x05, (byte) 0x4A, (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x73};
+ static byte[] TYPE5_EXPECTED_BYTES = new byte[] {(byte) 0x82, (byte) 0x05, (byte) 0x4A, (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x73};
+
+
+ public static class Type1 extends Asn1VisibleString {
+ public Type1(String value) {
+ super(value);
+ }
+ public Type1() {
+ this(null);
+ }
+ }
+
+ public static class Type2 extends Asn1Tagging<Type1> {
+ public Type2(Type1 value) {
+ super(3, value, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public Type2() {
+ this(null);
+ }
+ }
+
+ public static class Type3 extends Asn1Tagging<Type2> {
+ public Type3(Type2 value) {
+ super(2, value, false);
+ setEncodingOption(EncodingOption.EXPLICIT);
+ }
+ public Type3() {
+ this(null);
+ }
+ }
+
+ public static class Type4 extends Asn1Tagging<Type3> {
+ public Type4(Type3 value) {
+ super(7, value, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public Type4() {
+ this(null);
+ }
+ }
+
+ public static class Type5 extends Asn1Tagging<Type2> {
+ public Type5(Type2 value) {
+ super(2, value, false);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public Type5() {
+ this(null);
+ }
+ }
+
+ @Test
+ public void testAsn1TaggingEncoding() {
+ Type1 aType1 = new Type1(TEST_STRING);
+ Type2 aType2 = new Type2(aType1);
+ Type3 aType3 = new Type3(aType2);
+ Type4 aType4 = new Type4(aType3);
+ Type5 aType5 = new Type5(aType2);
+
+ Assert.assertArrayEquals(TYPE1_EXPECTED_BYTES, aType1.encode());
+ Assert.assertArrayEquals(TYPE2_EXPECTED_BYTES, aType2.encode());
+ Assert.assertArrayEquals(TYPE3_EXPECTED_BYTES, aType3.encode());
+ Assert.assertArrayEquals(TYPE4_EXPECTED_BYTES, aType4.encode());
+ Assert.assertArrayEquals(TYPE5_EXPECTED_BYTES, aType5.encode());
+ }
+
+ @Test
+ public void testAsn1TaggingDecoding() throws IOException {
+ Type1 aType1 = new Type1();
+ aType1.decode(TYPE1_EXPECTED_BYTES);
+ Assert.assertEquals(TEST_STRING, aType1.getValue());
+
+ Type2 aType2 = new Type2();
+ aType2.decode(TYPE2_EXPECTED_BYTES);
+ Assert.assertEquals(TEST_STRING, aType2.getValue().getValue());
+
+ Type3 aType3 = new Type3();
+ aType3.decode(TYPE3_EXPECTED_BYTES);
+ Assert.assertEquals(TEST_STRING, aType3.getValue().getValue().getValue());
+
+ Type4 aType4 = new Type4();
+ aType4.decode(TYPE4_EXPECTED_BYTES);
+ Assert.assertEquals(TEST_STRING, aType4.getValue().getValue().getValue().getValue());
+
+ Type5 aType5 = new Type5();
+ aType5.decode(TYPE5_EXPECTED_BYTES);
+ Assert.assertEquals(TEST_STRING, aType5.getValue().getValue().getValue());
+ }
+
+ @Test
+ public void testTaggingEncodingOption() {
+ Type1 aType1 = new Type1(TEST_STRING);
+ Type2 aType2 = new Type2(aType1);
+ Type3 aType3 = new Type3(aType2);
+ Type4 aType4 = new Type4(aType3);
+ Type5 aType5 = new Type5(aType2);
+
+ Assert.assertArrayEquals(TYPE1_EXPECTED_BYTES, aType1.encode());
+ Assert.assertArrayEquals(TYPE2_EXPECTED_BYTES,
+ aType1.taggedEncode(TaggingOption.newImplicitAppSpecific(3))); // for Type2
+ Assert.assertArrayEquals(TYPE3_EXPECTED_BYTES,
+ aType2.taggedEncode(TaggingOption.newExplicitContextSpecific(2))); // for Type3
+ Assert.assertArrayEquals(TYPE4_EXPECTED_BYTES,
+ aType3.taggedEncode(TaggingOption.newImplicitAppSpecific(7))); // for Type4
+ Assert.assertArrayEquals(TYPE5_EXPECTED_BYTES,
+ aType2.taggedEncode(TaggingOption.newImplicitContextSpecific(2))); // for Type5
+ }
+
+ @Test
+ public void testTaggingDecodingOption() throws IOException {
+ Type1 aType1 = new Type1();
+ aType1.decode(TYPE1_EXPECTED_BYTES);
+ Assert.assertEquals(TEST_STRING, aType1.getValue());
+
+ // for Type2
+ aType1 = new Type1();
+ aType1.taggedDecode(TYPE2_EXPECTED_BYTES, TaggingOption.newImplicitAppSpecific(3));
+ Assert.assertEquals(TEST_STRING, aType1.getValue());
+
+ // for Type3
+ Type2 aType2 = new Type2();
+ aType2.taggedDecode(TYPE3_EXPECTED_BYTES, TaggingOption.newExplicitContextSpecific(2));
+ Assert.assertEquals(TEST_STRING, aType2.getValue().getValue());
+
+ // for Type4
+ Type3 aType3 = new Type3();
+ aType3.taggedDecode(TYPE4_EXPECTED_BYTES, TaggingOption.newImplicitAppSpecific(7));
+ Assert.assertEquals(TEST_STRING, aType3.getValue().getValue().getValue());
+
+ // for Type5
+ aType2 = new Type2();
+ aType2.taggedDecode(TYPE5_EXPECTED_BYTES, TaggingOption.newImplicitContextSpecific(2));
+ Assert.assertEquals(TEST_STRING, aType2.getValue().getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/Util.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/Util.java b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/Util.java
new file mode 100644
index 0000000..a72c800
--- /dev/null
+++ b/contrib/haox-asn1/src/test/java/org/apache/haox/asn1/Util.java
@@ -0,0 +1,53 @@
+package org.apache.haox.asn1;
+
+public class Util {
+
+ final static String HEX_CHARS_STR = "0123456789ABCDEF";
+ final static char[] HEX_CHARS = HEX_CHARS_STR.toCharArray();
+
+ /**
+ * Convert bytes into format as:
+ * 0x02 02 00 80
+ */
+ public static String bytesToHex(byte[] bytes) {
+ int len = bytes.length * 2;
+ len += bytes.length; // for ' ' appended for each char
+ len += 2; // for '0x' prefix
+ char[] hexChars = new char[len];
+ hexChars[0] = '0';
+ hexChars[1] = 'x';
+ for ( int j = 0; j < bytes.length; j++ ) {
+ int v = bytes[j] & 0xFF;
+ hexChars[j * 3 + 2] = HEX_CHARS[v >>> 4];
+ hexChars[j * 3 + 3] = HEX_CHARS[v & 0x0F];
+ hexChars[j * 3 + 4] = ' ';
+ }
+
+ return new String(hexChars);
+ }
+
+ /**
+ * Convert hex string like follows into byte array
+ * 0x02 02 00 80
+ */
+ public static byte[] hex2bytes(String hexString) {
+ hexString = hexString.toUpperCase();
+ String hexStr = hexString;
+ if (hexString.startsWith("0X")) {
+ hexStr = hexString.substring(2);
+ }
+ String[] hexParts = hexStr.split(" ");
+
+ byte[] bytes = new byte[hexParts.length];
+ char[] hexPart;
+ for (int i = 0; i < hexParts.length; ++i) {
+ hexPart = hexParts[i].toCharArray();
+ if (hexPart.length != 2) {
+ throw new IllegalArgumentException("Invalid hex string to convert");
+ }
+ bytes[i] = (byte) ((HEX_CHARS_STR.indexOf(hexPart[0]) << 4) + HEX_CHARS_STR.indexOf(hexPart[1]));
+ }
+
+ return bytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/README
----------------------------------------------------------------------
diff --git a/contrib/haox-config/README b/contrib/haox-config/README
new file mode 100644
index 0000000..37eb019
--- /dev/null
+++ b/contrib/haox-config/README
@@ -0,0 +1 @@
+An unified configuration API that crosses various popular configuration formats like XML, JSON, INI and etc.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/pom.xml
----------------------------------------------------------------------
diff --git a/contrib/haox-config/pom.xml b/contrib/haox-config/pom.xml
new file mode 100644
index 0000000..3e519db
--- /dev/null
+++ b/contrib/haox-config/pom.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>contrib</artifactId>
+ <groupId>org.haox</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>haox-config</artifactId>
+ <dependencies>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.7.5</version>
+ </dependency>
+ </dependencies>
+
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/Conf.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/Conf.java b/contrib/haox-config/src/main/java/org/apache/haox/config/Conf.java
new file mode 100644
index 0000000..695bf45
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/Conf.java
@@ -0,0 +1,266 @@
+package org.apache.haox.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.*;
+
+public class Conf implements Config {
+ private static final Logger logger = LoggerFactory.getLogger(Conf.class);
+
+ private List<ConfigLoader> resourceConfigs;
+ private final ConfigImpl config;
+ private boolean needReload;
+
+ public Conf() {
+ this.resourceConfigs = new ArrayList<ConfigLoader>(1);
+ this.config = new ConfigImpl("Conf");
+ this.needReload = true;
+ }
+
+ public void addXmlConfig(File xmlFile) throws IOException {
+ addResource(Resource.createXmlResource(xmlFile));
+ }
+
+ public void addIniConfig(File iniFile) throws IOException {
+ addResource(Resource.createIniResource(iniFile));
+ }
+
+ public void addJsonConfig(File jsonFile) throws IOException {
+ addResource(Resource.createJsonResource(jsonFile));
+ }
+
+ public void addPropertiesConfig(File propertiesFile) throws IOException {
+ addResource(Resource.createPropertiesFileResource(propertiesFile));
+ }
+
+ public void addPropertiesConfig(Properties propertiesConfig) {
+ addResource(Resource.createPropertiesResource(propertiesConfig));
+ }
+
+ public void addMapConfig(Map<String, String> mapConfig) {
+ addResource(Resource.createMapResource(mapConfig));
+ }
+
+ public void addResource(Resource resource) {
+ ConfigLoader loader = getLoader(resource);
+ resourceConfigs.add(loader);
+ needReload = true;
+ }
+
+ private static ConfigLoader getLoader(Resource resource) {
+ ConfigLoader loader = null;
+
+ Class<? extends ConfigLoader> loaderClass = resource.getFormat().getLoaderClass();
+ try {
+ loader = loaderClass.newInstance();
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to create org.haox.config loader for " + loaderClass.getName(), e);
+ }
+ loader.setResource(resource);
+ return loader;
+ }
+
+ private void checkAndLoad() {
+ if (needReload) {
+ reload();
+ needReload = false;
+ }
+ }
+
+ public void reload() {
+ config.reset();
+ if (resourceConfigs.size() == 1) {
+ ConfigLoader loader = resourceConfigs.get(0);
+ loader.setConfig(config);
+ loader.load();
+ } else {
+ for (ConfigLoader loader : resourceConfigs) {
+ Config loaded = loader.load();
+ config.set(loaded.getResource(), loaded);
+ }
+ }
+ }
+
+ @Override
+ public String getResource() {
+ checkAndLoad();
+ return config.getResource();
+ }
+
+ @Override
+ public Set<String> getNames() {
+ checkAndLoad();
+ return config.getNames();
+ }
+
+ @Override
+ public String getString(String name) {
+ checkAndLoad();
+ return config.getString(name);
+ }
+
+ @Override
+ public String getString(ConfigKey name) {
+ checkAndLoad();
+ return config.getString(name);
+ }
+
+ @Override
+ public String getString(String name, String defaultValue) {
+ checkAndLoad();
+ return config.getString(name, defaultValue);
+ }
+
+ @Override
+ public String getTrimmed(String name) {
+ checkAndLoad();
+ return config.getTrimmed(name);
+ }
+
+ @Override
+ public String getTrimmed(ConfigKey name) {
+ checkAndLoad();
+ return config.getTrimmed(name);
+ }
+
+ @Override
+ public Boolean getBoolean(String name) {
+ checkAndLoad();
+ return config.getBoolean(name);
+ }
+
+ @Override
+ public Boolean getBoolean(ConfigKey name) {
+ checkAndLoad();
+ return config.getBoolean(name);
+ }
+
+ @Override
+ public Boolean getBoolean(String name, boolean defaultValue) {
+ checkAndLoad();
+ return config.getBoolean(name, defaultValue);
+ }
+
+ @Override
+ public Integer getInt(String name) {
+ checkAndLoad();
+ return config.getInt(name);
+ }
+
+ @Override
+ public Integer getInt(ConfigKey name) {
+ checkAndLoad();
+ return config.getInt(name);
+ }
+
+ @Override
+ public Integer getInt(String name, int defaultValue) {
+ checkAndLoad();
+ return config.getInt(name, defaultValue);
+ }
+
+ @Override
+ public Long getLong(String name) {
+ checkAndLoad();
+ return config.getLong(name);
+ }
+
+ @Override
+ public Long getLong(ConfigKey name) {
+ checkAndLoad();
+ return config.getLong(name);
+ }
+
+ @Override
+ public Long getLong(String name, long defaultValue) {
+ checkAndLoad();
+ return config.getLong(name, defaultValue);
+ }
+
+ @Override
+ public Float getFloat(String name) {
+ checkAndLoad();
+ return config.getFloat(name);
+ }
+
+ @Override
+ public Float getFloat(ConfigKey name) {
+ checkAndLoad();
+ return config.getFloat(name);
+ }
+
+ @Override
+ public Float getFloat(String name, float defaultValue) {
+ checkAndLoad();
+ return config.getFloat(name, defaultValue);
+ }
+
+ @Override
+ public List<String> getList(String name) {
+ checkAndLoad();
+ return config.getList(name);
+ }
+
+ @Override
+ public List<String> getList(String name, String[] defaultValue) {
+ checkAndLoad();
+ return config.getList(name, defaultValue);
+ }
+
+ @Override
+ public List<String> getList(ConfigKey name) {
+ checkAndLoad();
+ return config.getList(name);
+ }
+
+ @Override
+ public Config getConfig(String name) {
+ checkAndLoad();
+ return config.getConfig(name);
+ }
+
+ @Override
+ public Config getConfig(ConfigKey name) {
+ checkAndLoad();
+ return config.getConfig(name);
+ }
+
+ @Override
+ public Class<?> getClass(String name) throws ClassNotFoundException {
+ checkAndLoad();
+ return config.getClass(name);
+ }
+
+ @Override
+ public Class<?> getClass(String name, Class<?> defaultValue) throws ClassNotFoundException {
+ checkAndLoad();
+ return config.getClass(name, defaultValue);
+ }
+
+ @Override
+ public Class<?> getClass(ConfigKey name) throws ClassNotFoundException {
+ checkAndLoad();
+ return config.getClass(name);
+ }
+
+ @Override
+ public <T> T getInstance(String name) throws ClassNotFoundException {
+ checkAndLoad();
+ return config.getInstance(name);
+ }
+
+ @Override
+ public <T> T getInstance(ConfigKey name) throws ClassNotFoundException {
+ checkAndLoad();
+ return config.getInstance(name);
+ }
+
+ @Override
+ public <T> T getInstance(String name, Class<T> xface) throws ClassNotFoundException {
+ checkAndLoad();
+ return config.getInstance(name, xface);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/Config.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/Config.java b/contrib/haox-config/src/main/java/org/apache/haox/config/Config.java
new file mode 100644
index 0000000..8d4e413
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/Config.java
@@ -0,0 +1,39 @@
+package org.apache.haox.config;
+
+import java.util.List;
+import java.util.Set;
+
+public interface Config {
+ public String getResource();
+ public Set<String> getNames();
+
+ public String getString(String name);
+ public String getString(ConfigKey name);
+ public String getString(String name, String defaultValue);
+ public String getTrimmed(String name);
+ public String getTrimmed(ConfigKey name);
+ public Boolean getBoolean(String name);
+ public Boolean getBoolean(ConfigKey name);
+ public Boolean getBoolean(String name, boolean defaultValue);
+ public Integer getInt(String name);
+ public Integer getInt(ConfigKey name);
+ public Integer getInt(String name, int defaultValue);
+ public Long getLong(String name);
+ public Long getLong(ConfigKey name);
+ public Long getLong(String name, long defaultValue);
+ public Float getFloat(String name);
+ public Float getFloat(ConfigKey name);
+ public Float getFloat(String name, float defaultValue);
+ public List<String> getList(String name);
+ public List<String> getList(String name, String[] defaultValue);
+ public List<String> getList(ConfigKey name);
+ public Config getConfig(String name);
+ public Config getConfig(ConfigKey name);
+
+ public Class<?> getClass(String name) throws ClassNotFoundException;
+ public Class<?> getClass(String name, Class<?> defaultValue) throws ClassNotFoundException;
+ public Class<?> getClass(ConfigKey name) throws ClassNotFoundException;
+ public <T> T getInstance(String name) throws ClassNotFoundException;
+ public <T> T getInstance(ConfigKey name) throws ClassNotFoundException;
+ public <T> T getInstance(String name, Class<T> xface) throws ClassNotFoundException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
new file mode 100644
index 0000000..87d825f
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
@@ -0,0 +1,325 @@
+package org.apache.haox.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.*;
+
+public class ConfigImpl implements Config {
+ private static final Logger logger = LoggerFactory.getLogger(Config.class);
+
+ private String resource;
+ private Map<String, ConfigObject> properties;
+ private List<Config> subConfigs;
+
+ private Set<String> propNames;
+
+ protected ConfigImpl(String resource) {
+ this.resource = resource;
+ this.properties = new HashMap<String, ConfigObject>();
+ this.subConfigs = new ArrayList<Config>(0);
+ }
+
+ protected void reset() {
+ this.properties.clear();
+ this.subConfigs.clear();
+ }
+
+ @Override
+ public String getResource() {
+ return resource;
+ }
+
+ @Override
+ public Set<String> getNames() {
+ reloadNames();
+ return propNames;
+ }
+
+ @Override
+ public String getString(String name) {
+ String result = null;
+
+ ConfigObject co = properties.get(name);
+ if (co != null) {
+ result = co.getPropertyValue();
+ }
+
+ if (result == null) {
+ for (Config sub : subConfigs) {
+ result = sub.getString(name);
+ if (result != null) break;
+ }
+ }
+
+ return result;
+ }
+
+ @Override
+ public String getString(ConfigKey name) {
+ if (name.getDefaultValue() != null) {
+ return getString(name.getPropertyKey(), (String) name.getDefaultValue());
+ }
+ return getString(name.getPropertyKey());
+ }
+
+ @Override
+ public String getString(String name, String defaultValue) {
+ String result = getString(name);
+ if (result == null) {
+ result = defaultValue;
+ }
+ return result;
+ }
+
+ @Override
+ public String getTrimmed(String name) {
+ String result = getString(name);
+ if (null != result) {
+ result = result.trim();
+ }
+ return result;
+ }
+
+ @Override
+ public String getTrimmed(ConfigKey name) {
+ return getTrimmed(name.getPropertyKey());
+ }
+
+ @Override
+ public Integer getInt(String name) {
+ Integer result = null;
+ String value = getTrimmed(name);
+ if (value != null) {
+ result = Integer.valueOf(value);
+ }
+ return result;
+ }
+
+ @Override
+ public Integer getInt(ConfigKey name) {
+ if (name.getDefaultValue() != null) {
+ return getInt(name.getPropertyKey(), (Integer) name.getDefaultValue());
+ }
+ return getInt(name.getPropertyKey());
+ }
+
+ @Override
+ public Integer getInt(String name, int defaultValue) {
+ Integer result = getInt(name);
+ if (result == null) {
+ result = defaultValue;
+ }
+ return result;
+ }
+
+ @Override
+ public Long getLong(String name) {
+ Long result = null;
+ String value = getTrimmed(name);
+ if (value != null) {
+ result = Long.valueOf(value);
+ }
+ return result;
+ }
+
+ @Override
+ public Long getLong(ConfigKey name) {
+ if (name.getDefaultValue() != null) {
+ return getLong(name.getPropertyKey(), (Long) name.getDefaultValue());
+ }
+ return getLong(name.getPropertyKey());
+ }
+
+ @Override
+ public Long getLong(String name, long defaultValue) {
+ Long result = getLong(name);
+ if (result == null) {
+ result = defaultValue;
+ }
+ return result;
+ }
+
+ @Override
+ public Float getFloat(String name) {
+ Float result = null;
+ String value = getTrimmed(name);
+ if (value != null) {
+ result = Float.valueOf(value);
+ }
+ return result;
+ }
+
+ @Override
+ public Float getFloat(ConfigKey name) {
+ if (name.getDefaultValue() != null) {
+ return getFloat(name.getPropertyKey(), (Float) name.getDefaultValue());
+ }
+ return getFloat(name.getPropertyKey());
+ }
+
+ @Override
+ public Float getFloat(String name, float defaultValue) {
+ Float result = getFloat(name);
+ if (result == null) {
+ result = defaultValue;
+ }
+ return result;
+ }
+
+ @Override
+ public Boolean getBoolean(String name) {
+ Boolean result = null;
+ String value = getTrimmed(name);
+ if (value != null) {
+ result = Boolean.valueOf(value);
+ }
+ return result;
+ }
+
+ @Override
+ public Boolean getBoolean(ConfigKey name) {
+ if (name.getDefaultValue() != null) {
+ return getBoolean(name.getPropertyKey(), (Boolean) name.getDefaultValue());
+ }
+ return getBoolean(name.getPropertyKey());
+ }
+
+ @Override
+ public Boolean getBoolean(String name, boolean defaultValue) {
+ Boolean result = getBoolean(name);
+ if (result == null) {
+ result = defaultValue;
+ }
+ return result;
+ }
+
+ @Override
+ public List<String> getList(String name) {
+ List<String> results = null;
+ ConfigObject co = properties.get(name);
+ if (co != null) {
+ results = co.getListValues();
+ }
+ return results;
+ }
+
+ @Override
+ public List<String> getList(String name, String[] defaultValue) {
+ List<String> results = getList(name);
+ if (results == null) {
+ results = Arrays.asList(defaultValue);
+ }
+ return results;
+ }
+
+ @Override
+ public List<String> getList(ConfigKey name) {
+ if (name.getDefaultValue() != null) {
+ return getList(name.getPropertyKey(), (String[]) name.getDefaultValue());
+ }
+ return getList(name.getPropertyKey());
+ }
+
+ @Override
+ public Config getConfig(String name) {
+ Config result = null;
+ ConfigObject co = properties.get(name);
+ if (co != null) {
+ result = co.getConfigValue();
+ }
+ return result;
+ }
+
+ @Override
+ public Config getConfig(ConfigKey name) {
+ return getConfig(name.getPropertyKey());
+ }
+
+ @Override
+ public Class<?> getClass(String name) throws ClassNotFoundException {
+ Class<?> result = null;
+
+ String valueString = getString(name);
+ if (valueString != null) {
+ Class<?> cls = Class.forName(name);
+ result = cls;
+ }
+
+ return result;
+ }
+
+ @Override
+ public Class<?> getClass(String name, Class<?> defaultValue) throws ClassNotFoundException {
+ Class<?> result = getClass(name);
+ if (result == null) {
+ result = defaultValue;
+ }
+ return result;
+ }
+
+ @Override
+ public Class<?> getClass(ConfigKey name) throws ClassNotFoundException {
+ if (name.getDefaultValue() != null) {
+ return getClass(name.getPropertyKey(), (Class<?>) name.getDefaultValue());
+ }
+ return getClass(name.getPropertyKey());
+ }
+
+ @Override
+ public <T> T getInstance(String name) throws ClassNotFoundException {
+ return getInstance(name, null);
+ }
+
+ @Override
+ public <T> T getInstance(ConfigKey name) throws ClassNotFoundException {
+ return getInstance(name.getPropertyKey());
+ }
+
+ @Override
+ public <T> T getInstance(String name, Class<T> xface) throws ClassNotFoundException {
+ T result = null;
+
+ Class<?> cls = getClass(name, null);
+ if (xface != null && !xface.isAssignableFrom(cls)) {
+ throw new RuntimeException(cls + " does not implement " + xface);
+ }
+ try {
+ result = (T) cls.newInstance();
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to create instance with class " + cls.getName());
+ }
+
+ return result;
+ }
+
+ protected void set(String name, String value) {
+ ConfigObject co = new ConfigObject(value);
+ set(name, co);
+ }
+
+ protected void set(String name, Config value) {
+ ConfigObject co = new ConfigObject(value);
+ set(name, co);
+
+ addSubConfig(value);
+ }
+
+ protected void set(String name, ConfigObject value) {
+ this.properties.put(name, value);
+ }
+
+ private void addSubConfig(Config config) {
+ this.subConfigs.add(config);
+ }
+
+ private void reloadNames() {
+ if (propNames != null) {
+ propNames.clear();
+ }
+ propNames = new HashSet<String>(properties.keySet());
+ for (Config sub : subConfigs) {
+ propNames.addAll(sub.getNames());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigKey.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigKey.java b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigKey.java
new file mode 100644
index 0000000..d89cd9d
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigKey.java
@@ -0,0 +1,6 @@
+package org.apache.haox.config;
+
+public interface ConfigKey {
+ public String getPropertyKey();
+ public Object getDefaultValue();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigLoader.java
new file mode 100644
index 0000000..b730df5
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigLoader.java
@@ -0,0 +1,31 @@
+package org.apache.haox.config;
+
+public abstract class ConfigLoader {
+ private Resource resource;
+ private ConfigImpl config;
+
+ protected void setResource(Resource resource) {
+ this.resource = resource;
+ }
+
+ protected void setConfig(ConfigImpl config) {
+ this.config = config;
+ }
+
+ public Config load() {
+ if (config == null) {
+ config = new ConfigImpl(resource.getName());
+ }
+ config.reset();
+
+ try {
+ loadConfig(config, resource);
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to load org.haox.config", e);
+ }
+
+ return this.config;
+ }
+
+ protected abstract void loadConfig(ConfigImpl config, Resource resource) throws Exception;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigObject.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigObject.java b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigObject.java
new file mode 100644
index 0000000..48f3235
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigObject.java
@@ -0,0 +1,61 @@
+package org.apache.haox.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class ConfigObject {
+ protected static enum VALUE_TYPE { PROPERTY, LIST, CONFIG };
+
+ private VALUE_TYPE valueType;
+ private Object value;
+
+ public ConfigObject(String value) {
+ this.value = value;
+ this.valueType = VALUE_TYPE.PROPERTY;
+ }
+
+ public ConfigObject(String[] values) {
+ List<String> valuesList = new ArrayList<String>();
+ for (String v : values) {
+ valuesList.add(v);
+ }
+
+ this.value = valuesList;
+ this.valueType = VALUE_TYPE.LIST;
+ }
+
+ public ConfigObject(List<String> values) {
+ this.value = new ArrayList<String>(values);
+ this.valueType = VALUE_TYPE.LIST;
+ }
+
+ public ConfigObject(Config value) {
+ this.value = value;
+ this.valueType = VALUE_TYPE.CONFIG;
+ }
+
+ public String getPropertyValue() {
+ String result = null;
+ if (valueType == VALUE_TYPE.PROPERTY) {
+ result = (String) value;
+ }
+ return result;
+ }
+
+ public List<String> getListValues() {
+ List<String> results = null;
+ if (valueType == VALUE_TYPE.LIST) {
+ results = (List<String>) value;
+ }
+
+ return results;
+ }
+
+ public Config getConfigValue() {
+ Config result = null;
+ if (valueType == VALUE_TYPE.CONFIG) {
+ result = (Config) value;
+ }
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/IniConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/IniConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/IniConfigLoader.java
new file mode 100644
index 0000000..a3cadde
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/IniConfigLoader.java
@@ -0,0 +1,8 @@
+package org.apache.haox.config;
+
+public class IniConfigLoader extends ConfigLoader {
+ @Override
+ protected void loadConfig(ConfigImpl config, Resource resource) {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/JsonConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/JsonConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/JsonConfigLoader.java
new file mode 100644
index 0000000..e9c905b
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/JsonConfigLoader.java
@@ -0,0 +1,8 @@
+package org.apache.haox.config;
+
+public class JsonConfigLoader extends ConfigLoader {
+ @Override
+ protected void loadConfig(ConfigImpl config, Resource resource) {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/MapConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/MapConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/MapConfigLoader.java
new file mode 100644
index 0000000..100aeed
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/MapConfigLoader.java
@@ -0,0 +1,15 @@
+package org.apache.haox.config;
+
+import java.util.Map;
+
+public class MapConfigLoader extends ConfigLoader {
+ @Override
+ protected void loadConfig(ConfigImpl config, Resource resource) {
+ Map<String, String> mapConfig = (Map<String, String>) resource.getResource();
+ String value;
+ for (String key : mapConfig.keySet()) {
+ value = mapConfig.get(key);
+ config.set(key, value);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesConfigLoader.java
new file mode 100644
index 0000000..3f11401
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesConfigLoader.java
@@ -0,0 +1,24 @@
+package org.apache.haox.config;
+
+import java.util.Properties;
+
+public class PropertiesConfigLoader extends ConfigLoader {
+
+ @Override
+ protected void loadConfig(ConfigImpl config, Resource resource) throws Exception {
+ Properties propConfig = (Properties) resource.getResource();
+ loadConfig(config, propConfig);
+ }
+
+ protected void loadConfig(ConfigImpl config, Properties propConfig) {
+ Object value;
+ for (Object key : propConfig.keySet()) {
+ if (key instanceof String) {
+ value = propConfig.getProperty((String) key);
+ if (value != null && value instanceof String) {
+ config.set((String) key, (String) value);
+ }
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesFileConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesFileConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesFileConfigLoader.java
new file mode 100644
index 0000000..bba9faa
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/PropertiesFileConfigLoader.java
@@ -0,0 +1,14 @@
+package org.apache.haox.config;
+
+import java.io.InputStream;
+import java.util.Properties;
+
+public class PropertiesFileConfigLoader extends PropertiesConfigLoader {
+
+ @Override
+ protected void loadConfig(ConfigImpl config, Resource resource) throws Exception {
+ Properties propConfig = new Properties();
+ propConfig.load((InputStream) resource.getResource());
+ loadConfig(config, propConfig);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/Resource.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/Resource.java b/contrib/haox-config/src/main/java/org/apache/haox/config/Resource.java
new file mode 100644
index 0000000..2825ee7
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/Resource.java
@@ -0,0 +1,100 @@
+package org.apache.haox.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Map;
+import java.util.Properties;
+
+public class Resource {
+ public static enum Format {
+ XML_FILE(XmlConfigLoader.class),
+ INI_FILE(IniConfigLoader.class),
+ JSON_FILE(JsonConfigLoader.class),
+ PROPERTIES_FILE(PropertiesFileConfigLoader.class),
+ MAP(MapConfigLoader.class),
+ PROPERTIES(PropertiesConfigLoader.class);
+
+ private Class<? extends ConfigLoader> loaderClass;
+
+ private Format(Class<? extends ConfigLoader> loaderClass) {
+ this.loaderClass = loaderClass;
+ }
+
+ public Class<? extends ConfigLoader> getLoaderClass() {
+ return loaderClass;
+ }
+ }
+
+ private String name;
+ private Object resource;
+ private Format format;
+
+ public static Resource createXmlResource(File xmlFile) throws IOException {
+ return new Resource(xmlFile.getName(), xmlFile, Format.XML_FILE);
+ }
+
+ public static Resource createIniResource(File iniFile) throws IOException {
+ return new Resource(iniFile.getName(), iniFile, Format.INI_FILE);
+ }
+
+ public static Resource createJsonResource(File jsonFile) throws IOException {
+ return new Resource(jsonFile.getName(), jsonFile, Format.JSON_FILE);
+ }
+
+ public static Resource createXmlResource(URL xmlUrl) throws IOException {
+ return new Resource(xmlUrl, Format.XML_FILE);
+ }
+
+ public static Resource createIniResource(URL iniUrl) throws IOException {
+ return new Resource(iniUrl, Format.INI_FILE);
+ }
+
+ public static Resource createJsonResource(URL jsonUrl) throws IOException {
+ return new Resource(jsonUrl, Format.JSON_FILE);
+ }
+
+ public static Resource createMapResource(Map<String,String> mapConfig) {
+ return new Resource("mapConfig", mapConfig, Format.MAP);
+ }
+
+ public static Resource createPropertiesFileResource(File propFile) throws IOException {
+ return new Resource(propFile.getName(), propFile, Format.PROPERTIES_FILE);
+ }
+
+ public static Resource createPropertiesResource(Properties propertiesConfig) {
+ return new Resource("propConfig", propertiesConfig, Format.PROPERTIES);
+ }
+
+ private Resource(String name, File resourceFile, Format format) throws FileNotFoundException {
+ this(name, new FileInputStream(resourceFile), format);
+ }
+
+ private Resource(URL resourceUrl, Format format) throws IOException {
+ this(resourceUrl.toString(), resourceUrl.openStream(), format);
+ }
+
+ private Resource(String name, Object resourceStream, Format format) {
+ this.name = name;
+ this.resource = resourceStream;
+ this.format = format;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Object getResource() {
+ return resource;
+ }
+
+ public Format getFormat() {
+ return format;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/main/java/org/apache/haox/config/XmlConfigLoader.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/XmlConfigLoader.java b/contrib/haox-config/src/main/java/org/apache/haox/config/XmlConfigLoader.java
new file mode 100644
index 0000000..583811b
--- /dev/null
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/XmlConfigLoader.java
@@ -0,0 +1,140 @@
+package org.apache.haox.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.*;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class XmlConfigLoader extends ConfigLoader {
+ private static final Logger logger = LoggerFactory.getLogger(Config.class);
+
+ @Override
+ protected void loadConfig(ConfigImpl config, Resource resource) throws Exception {
+ Element doc = loadResourceDocument(resource);
+ loadConfig((ConfigImpl) config, doc);
+ }
+
+ private Element loadResourceDocument(Resource resource) throws Exception {
+ DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+
+ docBuilderFactory.setIgnoringComments(true);
+ docBuilderFactory.setNamespaceAware(true);
+ try {
+ docBuilderFactory.setXIncludeAware(true);
+ } catch (UnsupportedOperationException e) {
+ logger.error("Failed to set setXIncludeAware(true) for parser", e);
+ }
+ DocumentBuilder builder = docBuilderFactory.newDocumentBuilder();
+ InputStream is = (InputStream) resource.getResource();
+ Document doc = null;
+ try {
+ doc = builder.parse(is);
+ } finally {
+ is.close();
+ }
+
+ Element root = doc.getDocumentElement();
+ validateConfig(root);
+
+ return root;
+ }
+
+ private boolean validateConfig(Element root) {
+ boolean valid = false;
+
+ if ("config".equals(root.getTagName())) {
+ valid = true;
+ } else {
+ logger.error("bad conf element: top-level element not <configuration>");
+ }
+
+ return valid;
+ }
+
+ private void loadConfig(ConfigImpl conifg, Element element) {
+ String name;
+ ConfigObject value;
+
+ NodeList props = element.getChildNodes();
+ for (int i = 0; i < props.getLength(); i++) {
+ Node subNode = props.item(i);
+ if (!(subNode instanceof Element)) {
+ continue;
+ }
+
+ Element prop = (Element)subNode;
+ name = getElementName(prop);
+ if (name == null) {
+ continue;
+ }
+
+ value = null;
+ String tagName = prop.getTagName();
+ if ("property".equals(tagName) && prop.hasChildNodes()) {
+ value = loadProperty(prop);
+ } else if ("config".equals(tagName) && prop.hasChildNodes()) {
+ ConfigImpl cfg = new ConfigImpl(name);
+ loadConfig(cfg, prop);
+ value = new ConfigObject(cfg);
+ }
+
+ if (name != null) {
+ conifg.set(name, value);
+ }
+ }
+ }
+
+ private static ConfigObject loadProperty(Element ele) {
+ String value = null;
+ if (ele.getFirstChild() instanceof Text) {
+ value = ((Text)ele.getFirstChild()).getData();
+ return new ConfigObject(value);
+ }
+
+ ConfigObject result = null;
+ NodeList nodes = ele.getChildNodes();
+ List<String> values = new ArrayList<String>(nodes.getLength());
+ for (int i = 0; i < nodes.getLength(); i++) {
+ value = null;
+ Node valueNode = nodes.item(i);
+ if (!(valueNode instanceof Element))
+ continue;
+
+ Element valueEle = (Element)valueNode;
+ if ("value".equals(valueEle.getTagName()) && valueEle.hasChildNodes()) {
+ value = ((Text)valueEle.getFirstChild()).getData();
+ }
+
+ if (value != null) {
+ values.add(value);
+ }
+ }
+ return new ConfigObject(values);
+ }
+
+ private static String getElementName(Element ele) {
+ String name, value;
+ Node node;
+ Attr attr;
+
+ NamedNodeMap nnm = ele.getAttributes();
+ for (int i = 0; i < nnm.getLength(); ++i) {
+ node = nnm.item(i);
+ if (!(node instanceof Attr))
+ continue;
+ attr = (Attr) node;
+ name = attr.getName();
+ value = attr.getValue();
+
+ if ("name".equals(name)) {
+ return value;
+ }
+ }
+ return null;
+ }
+}
\ No newline at end of file
[23/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PKCS8Key.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PKCS8Key.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PKCS8Key.java
new file mode 100644
index 0000000..986edda
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PKCS8Key.java
@@ -0,0 +1,1039 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/PKCS8Key.java $
+ * $Revision: 153 $
+ * $Date: 2009-09-15 22:40:53 -0700 (Tue, 15 Sep 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.asn1.*;
+
+import javax.crypto.*;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.RC2ParameterSpec;
+import javax.crypto.spec.RC5ParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.*;
+import java.math.BigInteger;
+import java.security.*;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * Utility for decrypting PKCS8 private keys. Way easier to use than
+ * javax.crypto.EncryptedPrivateKeyInfo since all you need is the byte[] array
+ * and the password. You don't need to know anything else about the PKCS8
+ * key you pass in.
+ * </p><p>
+ * Can handle base64 PEM, or raw DER.
+ * Can handle PKCS8 Version 1.5 and 2.0.
+ * Can also handle OpenSSL encrypted or unencrypted private keys (DSA or RSA).
+ * </p><p>
+ * The PKCS12 key derivation (the "pkcs12()" method) comes from BouncyCastle.
+ * </p>
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @author <a href="bouncycastle.org">bouncycastle.org</a>
+ * @since 7-Nov-2006
+ */
+public class PKCS8Key {
+ public final static String RSA_OID = "1.2.840.113549.1.1.1";
+ public final static String DSA_OID = "1.2.840.10040.4.1";
+
+ public final static String PKCS8_UNENCRYPTED = "PRIVATE KEY";
+ public final static String PKCS8_ENCRYPTED = "ENCRYPTED PRIVATE KEY";
+ public final static String OPENSSL_RSA = "RSA PRIVATE KEY";
+ public final static String OPENSSL_DSA = "DSA PRIVATE KEY";
+
+ private final PrivateKey privateKey;
+ private final byte[] decryptedBytes;
+ private final String transformation;
+ private final int keySize;
+ private final boolean isDSA;
+ private final boolean isRSA;
+
+ static {
+ JavaImpl.load();
+ }
+
+ /**
+ * @param in pkcs8 file to parse (pem or der, encrypted or unencrypted)
+ * @param password password to decrypt the pkcs8 file. Ignored if the
+ * supplied pkcs8 is already unencrypted.
+ * @throws java.security.GeneralSecurityException If a parsing or decryption problem
+ * occured.
+ * @throws java.io.IOException If the supplied InputStream could not be read.
+ */
+ public PKCS8Key(final InputStream in, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(Util.streamToBytes(in), password);
+ }
+
+ /**
+ * @param in pkcs8 file to parse (pem or der, encrypted or unencrypted)
+ * @param password password to decrypt the pkcs8 file. Ignored if the
+ * supplied pkcs8 is already unencrypted.
+ * @throws java.security.GeneralSecurityException If a parsing or decryption problem
+ * occured.
+ */
+ public PKCS8Key(final ByteArrayInputStream in, char[] password)
+ throws GeneralSecurityException {
+ this(Util.streamToBytes(in), password);
+ }
+
+ /**
+ * @param encoded pkcs8 file to parse (pem or der, encrypted or unencrypted)
+ * @param password password to decrypt the pkcs8 file. Ignored if the
+ * supplied pkcs8 is already unencrypted.
+ * @throws java.security.GeneralSecurityException If a parsing or decryption problem
+ * occured.
+ */
+ public PKCS8Key(final byte[] encoded, char[] password)
+ throws GeneralSecurityException {
+ DecryptResult decryptResult =
+ new DecryptResult("UNENCRYPTED", 0, encoded);
+
+ List pemItems = PEMUtil.decode(encoded);
+ PEMItem keyItem = null;
+ byte[] derBytes = null;
+ if (pemItems.isEmpty()) {
+ // must be DER encoded - PEMUtil wasn't able to extract anything.
+ derBytes = encoded;
+ } else {
+ Iterator it = pemItems.iterator();
+ boolean opensslRSA = false;
+ boolean opensslDSA = false;
+
+ while (it.hasNext()) {
+ PEMItem item = (PEMItem) it.next();
+ String type = item.pemType.trim().toUpperCase();
+ boolean plainPKCS8 = type.startsWith(PKCS8_UNENCRYPTED);
+ boolean encryptedPKCS8 = type.startsWith(PKCS8_ENCRYPTED);
+ boolean rsa = type.startsWith(OPENSSL_RSA);
+ boolean dsa = type.startsWith(OPENSSL_DSA);
+ if (plainPKCS8 || encryptedPKCS8 || rsa || dsa) {
+ opensslRSA = opensslRSA || rsa;
+ opensslDSA = opensslDSA || dsa;
+ if (derBytes != null) {
+ throw new ProbablyNotPKCS8Exception("More than one pkcs8 or OpenSSL key found in the supplied PEM Base64 stream");
+ }
+ derBytes = item.getDerBytes();
+ keyItem = item;
+ decryptResult = new DecryptResult("UNENCRYPTED", 0, derBytes);
+ }
+ }
+ // after the loop is finished, did we find anything?
+ if (derBytes == null) {
+ throw new ProbablyNotPKCS8Exception("No pkcs8 or OpenSSL key found in the supplied PEM Base64 stream");
+ }
+
+ if (opensslDSA || opensslRSA) {
+ String c = keyItem.cipher.trim();
+ boolean encrypted = !"UNKNOWN".equals(c) && !"".equals(c);
+ if (encrypted) {
+ decryptResult = opensslDecrypt(keyItem, password);
+ }
+
+ String oid = RSA_OID;
+ if (opensslDSA) {
+ oid = DSA_OID;
+ }
+ derBytes = formatAsPKCS8(decryptResult.bytes, oid, null);
+
+ String tf = decryptResult.transformation;
+ int ks = decryptResult.keySize;
+ decryptResult = new DecryptResult(tf, ks, derBytes);
+ }
+ }
+
+ ASN1Structure pkcs8;
+ try {
+ pkcs8 = ASN1Util.analyze(derBytes);
+ }
+ catch (Exception e) {
+ throw new ProbablyNotPKCS8Exception("asn1 parse failure: " + e);
+ }
+
+ String oid = RSA_OID;
+ // With the OpenSSL unencrypted private keys in DER format, the only way
+ // to even have a hope of guessing what we've got (DSA or RSA?) is to
+ // count the number of DERIntegers occurring in the first DERSequence.
+ int derIntegerCount = -1;
+ if (pkcs8.derIntegers != null) {
+ derIntegerCount = pkcs8.derIntegers.size();
+ }
+ switch (derIntegerCount) {
+ case 6:
+ oid = DSA_OID;
+ case 9:
+ derBytes = formatAsPKCS8(derBytes, oid, pkcs8);
+ pkcs8.oid1 = oid;
+
+ String tf = decryptResult.transformation;
+ int ks = decryptResult.keySize;
+ decryptResult = new DecryptResult(tf, ks, derBytes);
+ break;
+ default:
+ break;
+ }
+
+ oid = pkcs8.oid1;
+ if (!oid.startsWith("1.2.840.113549.1")) {
+ boolean isOkay = false;
+ if (oid.startsWith("1.2.840.10040.4.")) {
+ String s = oid.substring("1.2.840.10040.4.".length());
+ // 1.2.840.10040.4.1 -- id-dsa
+ // 1.2.840.10040.4.3 -- id-dsa-with-sha1
+ isOkay = s.equals("1") || s.startsWith("1.") ||
+ s.equals("3") || s.startsWith("3.");
+ }
+ if (!isOkay) {
+ throw new ProbablyNotPKCS8Exception("Valid ASN.1, but not PKCS8 or OpenSSL format. OID=" + oid);
+ }
+ }
+
+ boolean isRSA = RSA_OID.equals(oid);
+ boolean isDSA = DSA_OID.equals(oid);
+ boolean encrypted = !isRSA && !isDSA;
+ byte[] decryptedPKCS8 = encrypted ? null : derBytes;
+
+ if (encrypted) {
+ decryptResult = decryptPKCS8(pkcs8, password);
+ decryptedPKCS8 = decryptResult.bytes;
+ }
+ if (encrypted) {
+ try {
+ pkcs8 = ASN1Util.analyze(decryptedPKCS8);
+ }
+ catch (Exception e) {
+ throw new ProbablyBadPasswordException("Decrypted stream not ASN.1. Probably bad decryption password.");
+ }
+ oid = pkcs8.oid1;
+ isDSA = DSA_OID.equals(oid);
+ }
+
+ KeySpec spec = new PKCS8EncodedKeySpec(decryptedPKCS8);
+ String type = "RSA";
+ PrivateKey pk;
+ try {
+ KeyFactory KF;
+ if (isDSA) {
+ type = "DSA";
+ KF = KeyFactory.getInstance("DSA");
+ } else {
+ KF = KeyFactory.getInstance("RSA");
+ }
+ pk = KF.generatePrivate(spec);
+ }
+ catch (Exception e) {
+ throw new ProbablyBadPasswordException("Cannot create " + type + " private key from decrypted stream. Probably bad decryption password. " + e);
+ }
+ if (pk != null) {
+ this.privateKey = pk;
+ this.isDSA = isDSA;
+ this.isRSA = !isDSA;
+ this.decryptedBytes = decryptedPKCS8;
+ this.transformation = decryptResult.transformation;
+ this.keySize = decryptResult.keySize;
+ } else {
+ throw new GeneralSecurityException("KeyFactory.generatePrivate() returned null and didn't throw exception!");
+ }
+ }
+
+ public boolean isRSA() {
+ return isRSA;
+ }
+
+ public boolean isDSA() {
+ return isDSA;
+ }
+
+ public String getTransformation() {
+ return transformation;
+ }
+
+ public int getKeySize() {
+ return keySize;
+ }
+
+ public byte[] getDecryptedBytes() {
+ return decryptedBytes;
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+ public PublicKey getPublicKey() throws GeneralSecurityException {
+ if (privateKey instanceof DSAPrivateKey) {
+ DSAPrivateKey dsa = (DSAPrivateKey) privateKey;
+ DSAParams params = dsa.getParams();
+ BigInteger g = params.getG();
+ BigInteger p = params.getP();
+ BigInteger q = params.getQ();
+ BigInteger x = dsa.getX();
+ BigInteger y = q.modPow( x, p );
+ DSAPublicKeySpec dsaKeySpec = new DSAPublicKeySpec(y, p, q, g);
+ return KeyFactory.getInstance("DSA").generatePublic(dsaKeySpec);
+ } else if (privateKey instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey rsa = (RSAPrivateCrtKey) privateKey;
+ RSAPublicKeySpec rsaKeySpec = new RSAPublicKeySpec(
+ rsa.getModulus(),
+ rsa.getPublicExponent()
+ );
+ return KeyFactory.getInstance("RSA").generatePublic(rsaKeySpec);
+ } else {
+ throw new GeneralSecurityException("Not an RSA or DSA key");
+ }
+ }
+
+ public static class DecryptResult {
+ public final String transformation;
+ public final int keySize;
+ public final byte[] bytes;
+
+ protected DecryptResult(String transformation, int keySize,
+ byte[] decryptedBytes) {
+ this.transformation = transformation;
+ this.keySize = keySize;
+ this.bytes = decryptedBytes;
+ }
+ }
+
+ private static DecryptResult opensslDecrypt(final PEMItem item,
+ final char[] password)
+ throws GeneralSecurityException {
+ final String cipher = item.cipher;
+ final String mode = item.mode;
+ final int keySize = item.keySizeInBits;
+ final byte[] salt = item.iv;
+ final boolean des2 = item.des2;
+ final DerivedKey dk = OpenSSL.deriveKey(password, salt, keySize, des2);
+ return decrypt(cipher, mode, dk, des2, null, item.getDerBytes());
+ }
+
+ public static Cipher generateCipher(String cipher, String mode,
+ final DerivedKey dk,
+ final boolean des2,
+ final byte[] iv,
+ final boolean decryptMode)
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
+ InvalidKeyException, InvalidAlgorithmParameterException {
+ if (des2 && dk.key.length >= 24) {
+ // copy first 8 bytes into last 8 bytes to create 2DES key.
+ System.arraycopy(dk.key, 0, dk.key, 16, 8);
+ }
+
+ final int keySize = dk.key.length * 8;
+ cipher = cipher.trim();
+ String cipherUpper = cipher.toUpperCase();
+ mode = mode.trim().toUpperCase();
+ // Is the cipher even available?
+ Cipher.getInstance(cipher);
+ String padding = "PKCS5Padding";
+ if (mode.startsWith("CFB") || mode.startsWith("OFB")) {
+ padding = "NoPadding";
+ }
+
+ String transformation = cipher + "/" + mode + "/" + padding;
+ if (cipherUpper.startsWith("RC4")) {
+ // RC4 does not take mode or padding.
+ transformation = cipher;
+ }
+
+ SecretKey secret = new SecretKeySpec(dk.key, cipher);
+ IvParameterSpec ivParams;
+ if (iv != null) {
+ ivParams = new IvParameterSpec(iv);
+ } else {
+ ivParams = dk.iv != null ? new IvParameterSpec(dk.iv) : null;
+ }
+
+ Cipher c = Cipher.getInstance(transformation);
+ int cipherMode = Cipher.ENCRYPT_MODE;
+ if (decryptMode) {
+ cipherMode = Cipher.DECRYPT_MODE;
+ }
+
+ // RC2 requires special params to inform engine of keysize.
+ if (cipherUpper.startsWith("RC2")) {
+ RC2ParameterSpec rcParams;
+ if (mode.startsWith("ECB") || ivParams == null) {
+ // ECB doesn't take an IV.
+ rcParams = new RC2ParameterSpec(keySize);
+ } else {
+ rcParams = new RC2ParameterSpec(keySize, ivParams.getIV());
+ }
+ c.init(cipherMode, secret, rcParams);
+ } else if (cipherUpper.startsWith("RC5")) {
+ RC5ParameterSpec rcParams;
+ if (mode.startsWith("ECB") || ivParams == null) {
+ // ECB doesn't take an IV.
+ rcParams = new RC5ParameterSpec(16, 12, 32);
+ } else {
+ rcParams = new RC5ParameterSpec(16, 12, 32, ivParams.getIV());
+ }
+ c.init(cipherMode, secret, rcParams);
+ } else if (mode.startsWith("ECB") || cipherUpper.startsWith("RC4")) {
+ // RC4 doesn't require any params.
+ // Any cipher using ECB does not require an IV.
+ c.init(cipherMode, secret);
+ } else {
+ // DES, DESede, AES, BlowFish require IVParams (when in CBC, CFB,
+ // or OFB mode). (In ECB mode they don't require IVParams).
+ c.init(cipherMode, secret, ivParams);
+ }
+ return c;
+ }
+
+ public static DecryptResult decrypt(String cipher, String mode,
+ final DerivedKey dk,
+ final boolean des2,
+ final byte[] iv,
+ final byte[] encryptedBytes)
+
+ throws NoSuchAlgorithmException, NoSuchPaddingException,
+ InvalidKeyException, InvalidAlgorithmParameterException,
+ IllegalBlockSizeException, BadPaddingException {
+ Cipher c = generateCipher(cipher, mode, dk, des2, iv, true);
+ final String transformation = c.getAlgorithm();
+ final int keySize = dk.key.length * 8;
+ byte[] decryptedBytes = c.doFinal(encryptedBytes);
+ return new DecryptResult(transformation, keySize, decryptedBytes);
+ }
+
+ private static DecryptResult decryptPKCS8(ASN1Structure pkcs8,
+ char[] password)
+ throws GeneralSecurityException {
+ boolean isVersion1 = true;
+ boolean isVersion2 = false;
+ boolean usePKCS12PasswordPadding = false;
+ boolean use2DES = false;
+ String cipher = null;
+ String hash = null;
+ int keySize = -1;
+ // Almost all PKCS8 encrypted keys use CBC. Looks like the AES OID's can
+ // support different modes, and RC4 doesn't use any mode at all!
+ String mode = "CBC";
+
+ // In PKCS8 Version 2 the IV is stored in the ASN.1 structure for
+ // us, so we don't need to derive it. Just leave "ivSize" set to 0 for
+ // those ones.
+ int ivSize = 0;
+
+ String oid = pkcs8.oid1;
+ if (oid.startsWith("1.2.840.113549.1.12.")) // PKCS12 key derivation!
+ {
+ usePKCS12PasswordPadding = true;
+
+ // Let's trim this OID to make life a little easier.
+ oid = oid.substring("1.2.840.113549.1.12.".length());
+
+ if (oid.equals("1.1") || oid.startsWith("1.1.")) {
+ // 1.2.840.113549.1.12.1.1
+ hash = "SHA1";
+ cipher = "RC4";
+ keySize = 128;
+ } else if (oid.equals("1.2") || oid.startsWith("1.2.")) {
+ // 1.2.840.113549.1.12.1.2
+ hash = "SHA1";
+ cipher = "RC4";
+ keySize = 40;
+ } else if (oid.equals("1.3") || oid.startsWith("1.3.")) {
+ // 1.2.840.113549.1.12.1.3
+ hash = "SHA1";
+ cipher = "DESede";
+ keySize = 192;
+ } else if (oid.equals("1.4") || oid.startsWith("1.4.")) {
+ // DES2 !!!
+
+ // 1.2.840.113549.1.12.1.4
+ hash = "SHA1";
+ cipher = "DESede";
+ keySize = 192;
+ use2DES = true;
+ // later on we'll copy the first 8 bytes of the 24 byte DESede key
+ // over top the last 8 bytes, making the key look like K1-K2-K1
+ // instead of the usual K1-K2-K3.
+ } else if (oid.equals("1.5") || oid.startsWith("1.5.")) {
+ // 1.2.840.113549.1.12.1.5
+ hash = "SHA1";
+ cipher = "RC2";
+ keySize = 128;
+ } else if (oid.equals("1.6") || oid.startsWith("1.6.")) {
+ // 1.2.840.113549.1.12.1.6
+ hash = "SHA1";
+ cipher = "RC2";
+ keySize = 40;
+ }
+ } else if (oid.startsWith("1.2.840.113549.1.5.")) {
+ // Let's trim this OID to make life a little easier.
+ oid = oid.substring("1.2.840.113549.1.5.".length());
+
+ if (oid.equals("1") || oid.startsWith("1.")) {
+ // 1.2.840.113549.1.5.1 -- pbeWithMD2AndDES-CBC
+ hash = "MD2";
+ cipher = "DES";
+ keySize = 64;
+ } else if (oid.equals("3") || oid.startsWith("3.")) {
+ // 1.2.840.113549.1.5.3 -- pbeWithMD5AndDES-CBC
+ hash = "MD5";
+ cipher = "DES";
+ keySize = 64;
+ } else if (oid.equals("4") || oid.startsWith("4.")) {
+ // 1.2.840.113549.1.5.4 -- pbeWithMD2AndRC2_CBC
+ hash = "MD2";
+ cipher = "RC2";
+ keySize = 64;
+ } else if (oid.equals("6") || oid.startsWith("6.")) {
+ // 1.2.840.113549.1.5.6 -- pbeWithMD5AndRC2_CBC
+ hash = "MD5";
+ cipher = "RC2";
+ keySize = 64;
+ } else if (oid.equals("10") || oid.startsWith("10.")) {
+ // 1.2.840.113549.1.5.10 -- pbeWithSHA1AndDES-CBC
+ hash = "SHA1";
+ cipher = "DES";
+ keySize = 64;
+ } else if (oid.equals("11") || oid.startsWith("11.")) {
+ // 1.2.840.113549.1.5.11 -- pbeWithSHA1AndRC2_CBC
+ hash = "SHA1";
+ cipher = "RC2";
+ keySize = 64;
+ } else if (oid.equals("12") || oid.startsWith("12.")) {
+ // 1.2.840.113549.1.5.12 - id-PBKDF2 - Key Derivation Function
+ isVersion2 = true;
+ } else if (oid.equals("13") || oid.startsWith("13.")) {
+ // 1.2.840.113549.1.5.13 - id-PBES2: PBES2 encryption scheme
+ isVersion2 = true;
+ } else if (oid.equals("14") || oid.startsWith("14.")) {
+ // 1.2.840.113549.1.5.14 - id-PBMAC1 message authentication scheme
+ isVersion2 = true;
+ }
+ }
+ if (isVersion2) {
+ isVersion1 = false;
+ hash = "HmacSHA1";
+ oid = pkcs8.oid2;
+
+ // really ought to be:
+ //
+ // if ( oid.startsWith( "1.2.840.113549.1.5.12" ) )
+ //
+ // but all my tests still pass, and I figure this to be more robust:
+ if (pkcs8.oid3 != null) {
+ oid = pkcs8.oid3;
+ }
+ if (oid.startsWith("1.3.6.1.4.1.3029.1.2")) {
+ // 1.3.6.1.4.1.3029.1.2 - Blowfish
+ cipher = "Blowfish";
+ mode = "CBC";
+ keySize = 128;
+ } else if (oid.startsWith("1.3.14.3.2.")) {
+ oid = oid.substring("1.3.14.3.2.".length());
+ if (oid.equals("6") || oid.startsWith("6.")) {
+ // 1.3.14.3.2.6 - desECB
+ cipher = "DES";
+ mode = "ECB";
+ keySize = 64;
+ } else if (oid.equals("7") || oid.startsWith("7.")) {
+ // 1.3.14.3.2.7 - desCBC
+ cipher = "DES";
+ mode = "CBC";
+ keySize = 64;
+ } else if (oid.equals("8") || oid.startsWith("8.")) {
+ // 1.3.14.3.2.8 - desOFB
+ cipher = "DES";
+ mode = "OFB";
+ keySize = 64;
+ } else if (oid.equals("9") || oid.startsWith("9.")) {
+ // 1.3.14.3.2.9 - desCFB
+ cipher = "DES";
+ mode = "CFB";
+ keySize = 64;
+ } else if (oid.equals("17") || oid.startsWith("17.")) {
+ // 1.3.14.3.2.17 - desEDE
+ cipher = "DESede";
+ mode = "CBC";
+ keySize = 192;
+
+ // If the supplied IV is all zeroes, then this is DES2
+ // (Well, that's what happened when I played with OpenSSL!)
+ if (allZeroes(pkcs8.iv)) {
+ mode = "ECB";
+ use2DES = true;
+ pkcs8.iv = null;
+ }
+ }
+ }
+
+ // AES
+ // 2.16.840.1.101.3.4.1.1 - id-aes128-ECB
+ // 2.16.840.1.101.3.4.1.2 - id-aes128-CBC
+ // 2.16.840.1.101.3.4.1.3 - id-aes128-OFB
+ // 2.16.840.1.101.3.4.1.4 - id-aes128-CFB
+ // 2.16.840.1.101.3.4.1.21 - id-aes192-ECB
+ // 2.16.840.1.101.3.4.1.22 - id-aes192-CBC
+ // 2.16.840.1.101.3.4.1.23 - id-aes192-OFB
+ // 2.16.840.1.101.3.4.1.24 - id-aes192-CFB
+ // 2.16.840.1.101.3.4.1.41 - id-aes256-ECB
+ // 2.16.840.1.101.3.4.1.42 - id-aes256-CBC
+ // 2.16.840.1.101.3.4.1.43 - id-aes256-OFB
+ // 2.16.840.1.101.3.4.1.44 - id-aes256-CFB
+ else if (oid.startsWith("2.16.840.1.101.3.4.1.")) {
+ cipher = "AES";
+ if (pkcs8.iv == null) {
+ ivSize = 128;
+ }
+ oid = oid.substring("2.16.840.1.101.3.4.1.".length());
+ int x = oid.indexOf('.');
+ int finalDigit;
+ if (x >= 0) {
+ finalDigit = Integer.parseInt(oid.substring(0, x));
+ } else {
+ finalDigit = Integer.parseInt(oid);
+ }
+ switch (finalDigit % 10) {
+ case 1:
+ mode = "ECB";
+ break;
+ case 2:
+ mode = "CBC";
+ break;
+ case 3:
+ mode = "OFB";
+ break;
+ case 4:
+ mode = "CFB";
+ break;
+ default:
+ throw new RuntimeException("Unknown AES final digit: " + finalDigit);
+ }
+ switch (finalDigit / 10) {
+ case 0:
+ keySize = 128;
+ break;
+ case 2:
+ keySize = 192;
+ break;
+ case 4:
+ keySize = 256;
+ break;
+ default:
+ throw new RuntimeException("Unknown AES final digit: " + finalDigit);
+ }
+ } else if (oid.startsWith("1.2.840.113549.3.")) {
+ // Let's trim this OID to make life a little easier.
+ oid = oid.substring("1.2.840.113549.3.".length());
+
+ if (oid.equals("2") || oid.startsWith("2.")) {
+ // 1.2.840.113549.3.2 - RC2-CBC
+ // Note: keysize determined in PKCS8 Version 2.0 ASN.1 field.
+ cipher = "RC2";
+ keySize = pkcs8.keySize * 8;
+ } else if (oid.equals("4") || oid.startsWith("4.")) {
+ // 1.2.840.113549.3.4 - RC4
+ // Note: keysize determined in PKCS8 Version 2.0 ASN.1 field.
+ cipher = "RC4";
+ keySize = pkcs8.keySize * 8;
+ } else if (oid.equals("7") || oid.startsWith("7.")) {
+ // 1.2.840.113549.3.7 - DES-EDE3-CBC
+ cipher = "DESede";
+ keySize = 192;
+ } else if (oid.equals("9") || oid.startsWith("9.")) {
+ // 1.2.840.113549.3.9 - RC5 CBC Pad
+ // Note: keysize determined in PKCS8 Version 2.0 ASN.1 field.
+ keySize = pkcs8.keySize * 8;
+ cipher = "RC5";
+
+ // Need to find out more about RC5.
+ // How do I create the RC5ParameterSpec?
+ // (int version, int rounds, int wordSize, byte[] iv)
+ }
+ }
+ }
+
+ // The pkcs8 structure has been thoroughly examined. If we don't have
+ // a cipher or hash at this point, then we don't support the file we
+ // were given.
+ if (cipher == null || hash == null) {
+ throw new ProbablyNotPKCS8Exception("Unsupported PKCS8 format. oid1=[" + pkcs8.oid1 + "], oid2=[" + pkcs8.oid2 + "]");
+ }
+
+ // In PKCS8 Version 1.5 we need to derive an 8 byte IV. In those cases
+ // the ASN.1 structure doesn't have the IV, anyway, so I can use that
+ // to decide whether to derive one or not.
+ //
+ // Note: if AES, then IV has to be 16 bytes.
+ if (pkcs8.iv == null) {
+ ivSize = 64;
+ }
+
+ byte[] salt = pkcs8.salt;
+ int ic = pkcs8.iterationCount;
+
+ // PKCS8 converts the password to a byte[] array using a simple
+ // cast. This byte[] array is ignored if we're using the PKCS12
+ // key derivation, since that employs a different technique.
+ byte[] pwd = new byte[password.length];
+ for (int i = 0; i < pwd.length; i++) {
+ pwd[i] = (byte) password[i];
+ }
+
+ DerivedKey dk;
+ if (usePKCS12PasswordPadding) {
+ MessageDigest md = MessageDigest.getInstance(hash);
+ dk = deriveKeyPKCS12(password, salt, ic, keySize, ivSize, md);
+ } else {
+ if (isVersion1) {
+ MessageDigest md = MessageDigest.getInstance(hash);
+ dk = deriveKeyV1(pwd, salt, ic, keySize, ivSize, md);
+ } else {
+ Mac mac = Mac.getInstance(hash);
+ dk = deriveKeyV2(pwd, salt, ic, keySize, ivSize, mac);
+ }
+ }
+
+
+ return decrypt(cipher, mode, dk, use2DES, pkcs8.iv, pkcs8.bigPayload);
+ }
+
+
+ public static DerivedKey deriveKeyV1(byte[] password, byte[] salt,
+ int iterations, int keySizeInBits,
+ int ivSizeInBits, MessageDigest md) {
+ int keySize = keySizeInBits / 8;
+ int ivSize = ivSizeInBits / 8;
+ md.reset();
+ md.update(password);
+ byte[] result = md.digest(salt);
+ for (int i = 1; i < iterations; i++) {
+ // Hash of the hash for each of the iterations.
+ result = md.digest(result);
+ }
+ byte[] key = new byte[keySize];
+ byte[] iv = new byte[ivSize];
+ System.arraycopy(result, 0, key, 0, key.length);
+ System.arraycopy(result, key.length, iv, 0, iv.length);
+ return new DerivedKey(key, iv);
+ }
+
+ public static DerivedKey deriveKeyPKCS12(char[] password, byte[] salt,
+ int iterations, int keySizeInBits,
+ int ivSizeInBits,
+ MessageDigest md) {
+ byte[] pwd;
+ if (password.length > 0) {
+ pwd = new byte[(password.length + 1) * 2];
+ for (int i = 0; i < password.length; i++) {
+ pwd[i * 2] = (byte) (password[i] >>> 8);
+ pwd[i * 2 + 1] = (byte) password[i];
+ }
+ } else {
+ pwd = new byte[0];
+ }
+ int keySize = keySizeInBits / 8;
+ int ivSize = ivSizeInBits / 8;
+ byte[] key = pkcs12(1, keySize, salt, pwd, iterations, md);
+ byte[] iv = pkcs12(2, ivSize, salt, pwd, iterations, md);
+ return new DerivedKey(key, iv);
+ }
+
+ /**
+ * This PKCS12 key derivation code comes from BouncyCastle.
+ *
+ * @param idByte 1 == key, 2 == iv
+ * @param n keysize or ivsize
+ * @param salt 8 byte salt
+ * @param password password
+ * @param iterationCount iteration-count
+ * @param md The message digest to use
+ * @return byte[] the derived key
+ */
+ private static byte[] pkcs12(int idByte, int n, byte[] salt,
+ byte[] password, int iterationCount,
+ MessageDigest md) {
+ int u = md.getDigestLength();
+ // sha1, md2, md5 all use 512 bits. But future hashes might not.
+ int v = 512 / 8;
+ md.reset();
+ byte[] D = new byte[v];
+ byte[] dKey = new byte[n];
+ for (int i = 0; i != D.length; i++) {
+ D[i] = (byte) idByte;
+ }
+ byte[] S;
+ if ((salt != null) && (salt.length != 0)) {
+ S = new byte[v * ((salt.length + v - 1) / v)];
+ for (int i = 0; i != S.length; i++) {
+ S[i] = salt[i % salt.length];
+ }
+ } else {
+ S = new byte[0];
+ }
+ byte[] P;
+ if ((password != null) && (password.length != 0)) {
+ P = new byte[v * ((password.length + v - 1) / v)];
+ for (int i = 0; i != P.length; i++) {
+ P[i] = password[i % password.length];
+ }
+ } else {
+ P = new byte[0];
+ }
+ byte[] I = new byte[S.length + P.length];
+ System.arraycopy(S, 0, I, 0, S.length);
+ System.arraycopy(P, 0, I, S.length, P.length);
+ byte[] B = new byte[v];
+ int c = (n + u - 1) / u;
+ for (int i = 1; i <= c; i++) {
+ md.update(D);
+ byte[] result = md.digest(I);
+ for (int j = 1; j != iterationCount; j++) {
+ result = md.digest(result);
+ }
+ for (int j = 0; j != B.length; j++) {
+ B[j] = result[j % result.length];
+ }
+ for (int j = 0; j < (I.length / v); j++) {
+ /*
+ * add a + b + 1, returning the result in a. The a value is treated
+ * as a BigInteger of length (b.length * 8) bits. The result is
+ * modulo 2^b.length in case of overflow.
+ */
+ int aOff = j * v;
+ int bLast = B.length - 1;
+ int x = (B[bLast] & 0xff) + (I[aOff + bLast] & 0xff) + 1;
+ I[aOff + bLast] = (byte) x;
+ x >>>= 8;
+ for (int k = B.length - 2; k >= 0; k--) {
+ x += (B[k] & 0xff) + (I[aOff + k] & 0xff);
+ I[aOff + k] = (byte) x;
+ x >>>= 8;
+ }
+ }
+ if (i == c) {
+ System.arraycopy(result, 0, dKey, (i - 1) * u, dKey.length - ((i - 1) * u));
+ } else {
+ System.arraycopy(result, 0, dKey, (i - 1) * u, result.length);
+ }
+ }
+ return dKey;
+ }
+
+ public static DerivedKey deriveKeyV2(byte[] password, byte[] salt,
+ int iterations, int keySizeInBits,
+ int ivSizeInBits, Mac mac)
+ throws InvalidKeyException {
+ int keySize = keySizeInBits / 8;
+ int ivSize = ivSizeInBits / 8;
+
+ // Because we're using an Hmac, we need to initialize with a SecretKey.
+ // HmacSHA1 doesn't need SecretKeySpec's 2nd parameter, hence the "N/A".
+ SecretKeySpec sk = new SecretKeySpec(password, "N/A");
+ mac.init(sk);
+ int macLength = mac.getMacLength();
+ int derivedKeyLength = keySize + ivSize;
+ int blocks = (derivedKeyLength + macLength - 1) / macLength;
+ byte[] blockIndex = new byte[4];
+ byte[] finalResult = new byte[blocks * macLength];
+ for (int i = 1; i <= blocks; i++) {
+ int offset = (i - 1) * macLength;
+ blockIndex[0] = (byte) (i >>> 24);
+ blockIndex[1] = (byte) (i >>> 16);
+ blockIndex[2] = (byte) (i >>> 8);
+ blockIndex[3] = (byte) i;
+ mac.reset();
+ mac.update(salt);
+ byte[] result = mac.doFinal(blockIndex);
+ System.arraycopy(result, 0, finalResult, offset, result.length);
+ for (int j = 1; j < iterations; j++) {
+ mac.reset();
+ result = mac.doFinal(result);
+ for (int k = 0; k < result.length; k++) {
+ finalResult[offset + k] ^= result[k];
+ }
+ }
+ }
+ byte[] key = new byte[keySize];
+ byte[] iv = new byte[ivSize];
+ System.arraycopy(finalResult, 0, key, 0, key.length);
+ System.arraycopy(finalResult, key.length, iv, 0, iv.length);
+ return new DerivedKey(key, iv);
+ }
+
+ public static byte[] formatAsPKCS8(byte[] privateKey, String oid,
+ ASN1Structure pkcs8) {
+ DERInteger derZero = new DERInteger(BigInteger.ZERO);
+ ASN1EncodableVector outterVec = new ASN1EncodableVector();
+ ASN1EncodableVector innerVec = new ASN1EncodableVector();
+ DEROctetString octetsToAppend;
+ try {
+ DERObjectIdentifier derOID = new DERObjectIdentifier(oid);
+ innerVec.add(derOID);
+ if (DSA_OID.equals(oid)) {
+ if (pkcs8 == null) {
+ try {
+ pkcs8 = ASN1Util.analyze(privateKey);
+ }
+ catch (Exception e) {
+ throw new RuntimeException("asn1 parse failure " + e);
+ }
+ }
+ if (pkcs8.derIntegers == null || pkcs8.derIntegers.size() < 6) {
+ throw new RuntimeException("invalid DSA key - can't find P, Q, G, X");
+ }
+
+ DERInteger[] ints = new DERInteger[pkcs8.derIntegers.size()];
+ pkcs8.derIntegers.toArray(ints);
+ DERInteger p = ints[1];
+ DERInteger q = ints[2];
+ DERInteger g = ints[3];
+ DERInteger x = ints[5];
+
+ byte[] encodedX = encode(x);
+ octetsToAppend = new DEROctetString(encodedX);
+ ASN1EncodableVector pqgVec = new ASN1EncodableVector();
+ pqgVec.add(p);
+ pqgVec.add(q);
+ pqgVec.add(g);
+ DERSequence pqg = new DERSequence(pqgVec);
+ innerVec.add(pqg);
+ } else {
+ innerVec.add(DERNull.INSTANCE);
+ octetsToAppend = new DEROctetString(privateKey);
+ }
+
+ DERSequence inner = new DERSequence(innerVec);
+ outterVec.add(derZero);
+ outterVec.add(inner);
+ outterVec.add(octetsToAppend);
+ DERSequence outter = new DERSequence(outterVec);
+ return encode(outter);
+ }
+ catch (IOException ioe) {
+ throw JavaImpl.newRuntimeException(ioe);
+ }
+ }
+
+ private static boolean allZeroes(byte[] b) {
+ for (int i = 0; i < b.length; i++) {
+ if (b[i] != 0) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ public static byte[] encode(DEREncodable der) throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream(1024);
+ ASN1OutputStream out = new ASN1OutputStream(baos);
+ out.writeObject(der);
+ out.close();
+ return baos.toByteArray();
+ }
+
+ public static void main(String[] args) throws Exception {
+ String password = "changeit";
+ if (args.length == 0) {
+ System.out.println("Usage1: [password] [file:private-key] Prints decrypted PKCS8 key (base64).");
+ System.out.println("Usage2: [password] [file1] [file2] etc... Checks that all private keys are equal.");
+ System.out.println("Usage2 assumes that all files can be decrypted with the same password.");
+ } else if (args.length == 1 || args.length == 2) {
+ FileInputStream in = new FileInputStream(args[args.length - 1]);
+ if (args.length == 2) {
+ password = args[0];
+ }
+ byte[] bytes = Util.streamToBytes(in);
+ PKCS8Key key = new PKCS8Key(bytes, password.toCharArray());
+ PEMItem item = new PEMItem(key.getDecryptedBytes(), "PRIVATE KEY");
+ byte[] pem = PEMUtil.encode(Collections.singleton(item));
+ System.out.write(pem);
+ } else {
+ byte[] original = null;
+ File f = new File(args[0]);
+ int i = 0;
+ if (!f.exists()) {
+ // File0 doesn't exist, so it must be a password!
+ password = args[0];
+ i++;
+ }
+ for (; i < args.length; i++) {
+ FileInputStream in = new FileInputStream(args[i]);
+ byte[] bytes = Util.streamToBytes(in);
+ PKCS8Key key = null;
+ try {
+ key = new PKCS8Key(bytes, password.toCharArray());
+ }
+ catch (Exception e) {
+ System.out.println(" FAILED! " + args[i] + " " + e);
+ }
+ if (key != null) {
+ byte[] decrypted = key.getDecryptedBytes();
+ int keySize = key.getKeySize();
+ String keySizeStr = "" + keySize;
+ if (keySize < 10) {
+ keySizeStr = " " + keySizeStr;
+ } else if (keySize < 100) {
+ keySizeStr = " " + keySizeStr;
+ }
+ StringBuffer buf = new StringBuffer(key.getTransformation());
+ int maxLen = "Blowfish/CBC/PKCS5Padding".length();
+ for (int j = buf.length(); j < maxLen; j++) {
+ buf.append(' ');
+ }
+ String transform = buf.toString();
+ String type = key.isDSA() ? "DSA" : "RSA";
+
+ if (original == null) {
+ original = decrypted;
+ System.out.println(" SUCCESS \t" + type + "\t" + transform + "\t" + keySizeStr + "\t" + args[i]);
+ } else {
+ boolean identical = Arrays.equals(original, decrypted);
+ if (!identical) {
+ System.out.println("***FAILURE*** \t" + type + "\t" + transform + "\t" + keySizeStr + "\t" + args[i]);
+ } else {
+ System.out.println(" SUCCESS \t" + type + "\t" + transform + "\t" + keySizeStr + "\t" + args[i]);
+ }
+ }
+ }
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Ping.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Ping.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Ping.java
new file mode 100644
index 0000000..2209a37
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Ping.java
@@ -0,0 +1,474 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Ping.java $
+ * $Revision: 142 $
+ * $Date: 2008-03-04 00:13:37 -0800 (Tue, 04 Mar 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.ReadLine;
+
+import javax.net.ssl.SSLSocket;
+import java.io.File;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Mar-2006
+ */
+public class Ping {
+ protected static SortedSet ARGS = new TreeSet();
+ protected static Map ARGS_MATCH = new HashMap();
+ protected final static Arg ARG_TARGET = new Arg("-t", "--target", "[hostname[:port]] default port=443", true);
+ protected final static Arg ARG_BIND = new Arg("-b", "--bind", "[hostname[:port]] default port=0 \"ANY\"");
+ protected final static Arg ARG_PROXY = new Arg("-r", "--proxy", "[hostname[:port]] default port=80");
+ protected final static Arg ARG_TRUST_CERT = new Arg("-tm", "--trust-cert", "[path to trust material] {pem, der, crt, jks}");
+ protected final static Arg ARG_CLIENT_CERT = new Arg("-km", "--client-cert", "[path to client's private key] {jks, pkcs12, pkcs8}");
+ protected final static Arg ARG_CERT_CHAIN = new Arg("-cc", "--cert-chain", "[path to client's cert chain for pkcs8/OpenSSL key]");
+ protected final static Arg ARG_PASSWORD = new Arg("-p", "--password", "[client cert password]");
+ protected final static Arg ARG_HOST_HEADER = new Arg("-h", "--host-header", "[http-host-header] in case -t is an IP address");
+ protected final static Arg ARG_PATH = new Arg("-u", "--path", "[path for GET/HEAD request] default=/");
+ protected final static Arg ARG_METHOD = new Arg("-m", "--method", "[http method to use] default=HEAD");
+
+ private static HostPort target;
+ private static HostPort local;
+ private static HostPort proxy;
+ private static String hostHeader;
+ private static String httpMethod = "HEAD";
+ private static String path = "/";
+ private static InetAddress targetAddress;
+ private static InetAddress localAddress;
+ private static int targetPort = 443;
+ private static int localPort = 0;
+ private static File clientCert;
+ private static File certChain;
+ private static char[] password;
+ private static TrustChain trustChain = null;
+
+ static {
+ ARGS = Collections.unmodifiableSortedSet(ARGS);
+ ARGS_MATCH = Collections.unmodifiableMap(ARGS_MATCH);
+ }
+
+ public static void main(String[] args) throws Exception {
+ boolean showUsage = args.length == 0;
+ Exception parseException = null;
+ if (!showUsage) {
+ try {
+ parseArgs(args);
+ }
+ catch (Exception e) {
+ parseException = e;
+ showUsage = true;
+ }
+ }
+ if (showUsage) {
+ if (parseException != null) {
+ System.out.println();
+ System.out.println("* Error: " + parseException.getMessage() + ".");
+ parseException.printStackTrace(System.out);
+ System.out.println();
+ }
+ System.out.println("Usage: java -jar not-yet-commons-ssl-" + Version.VERSION + ".jar [options]");
+ System.out.println(Version.versionString());
+ System.out.println("Options: (*=required)");
+ Iterator it = ARGS.iterator();
+ while (it.hasNext()) {
+ Arg a = (Arg) it.next();
+ String s = Util.pad(a.shortArg, 3, false);
+ String l = Util.pad(a.longArg, 18, false);
+ String required = a.isRequired ? "*" : " ";
+ String d = a.description;
+ System.out.println(required + " " + s + " " + l + " " + d);
+ }
+ System.out.println();
+ String example = "java -jar commons-ssl.jar -t host.com:443 -c ./client.pfx -p `cat ./pass.txt` ";
+ System.out.println("Example:");
+ System.out.println();
+ System.out.println(example);
+ System.out.println();
+ System.exit(1);
+ return;
+ }
+
+ SSLClient ssl = new SSLClient();
+ Socket s = null;
+ InputStream in = null;
+ OutputStream out = null;
+ Exception socketException = null;
+ Exception trustException = null;
+ Exception hostnameException = null;
+ Exception crlException = null;
+ Exception expiryException = null;
+ String sslCipher = null;
+ try {
+ try {
+ ssl.setCheckHostname(false);
+ ssl.setCheckExpiry(false);
+ ssl.setCheckCRL(false);
+ ssl.addTrustMaterial(TrustMaterial.TRUST_ALL);
+ if (clientCert != null) {
+
+ KeyMaterial km;
+ if (certChain != null) {
+ km = new KeyMaterial(clientCert, certChain, password);
+ } else {
+ km = new KeyMaterial(clientCert, password);
+ }
+ if (password != null) {
+ for (int i = 0; i < password.length; i++) {
+ password[i] = 0;
+ }
+ }
+ ssl.setKeyMaterial(km);
+ }
+
+ if (trustChain != null) {
+ ssl.addTrustMaterial(trustChain);
+ }
+
+ ssl.setSoTimeout(10000);
+ ssl.setConnectTimeout(5000);
+
+ if (proxy != null) {
+ s = new Socket(proxy.host, proxy.port,
+ local.addr, local.port);
+ s.setSoTimeout(10000);
+ in = s.getInputStream();
+ out = s.getOutputStream();
+ String targetHost = target.host;
+ String line1 = "CONNECT " + targetHost + ":" + targetPort + " HTTP/1.1\r\n";
+ String line2 = "Proxy-Connection: keep-alive\r\n";
+ String line3 = "Host: " + targetHost + "\r\n\r\n";
+ out.write(line1.getBytes());
+ out.write(line2.getBytes());
+ out.write(line3.getBytes());
+ out.flush();
+
+ ReadLine readLine = new ReadLine(in);
+ String read1 = readLine.next();
+ if (read1.startsWith("HTTP/1.1 200")) {
+ int avail = in.available();
+ in.skip(avail);
+ Thread.yield();
+ avail = in.available();
+ while (avail != 0) {
+ in.skip(avail);
+ Thread.yield();
+ avail = in.available();
+ }
+ s = ssl.createSocket(s, targetHost, targetPort, true);
+ } else {
+ System.out.print(line1);
+ System.out.print(line2);
+ System.out.print(line3);
+ System.out.println("Server returned unexpected proxy response!");
+ System.out.println("=============================================");
+ System.out.println(read1);
+ String line = readLine.next();
+ while (line != null) {
+ System.out.println(line);
+ line = readLine.next();
+ }
+ System.exit(1);
+ }
+ } else {
+ s = ssl.createSocket(targetAddress, targetPort,
+ localAddress, localPort);
+ }
+
+ sslCipher = ((SSLSocket) s).getSession().getCipherSuite();
+ System.out.println("Cipher: " + sslCipher);
+ System.out.println("================================================================================");
+
+ String line1 = httpMethod + " " + path + " HTTP/1.1";
+ if (hostHeader == null) {
+ hostHeader = targetAddress.getHostName();
+ }
+ String line2 = "Host: " + hostHeader;
+ byte[] crlf = {'\r', '\n'};
+
+ System.out.println("Writing: ");
+ System.out.println("================================================================================");
+ System.out.println(line1);
+ System.out.println(line2);
+ System.out.println();
+
+ out = s.getOutputStream();
+ out.write(line1.getBytes());
+ out.write(crlf);
+ out.write(line2.getBytes());
+ out.write(crlf);
+ out.write(crlf);
+ out.flush();
+
+ in = s.getInputStream();
+
+ int c = in.read();
+ StringBuffer buf = new StringBuffer();
+ System.out.println("Reading: ");
+ System.out.println("================================================================================");
+ while (c >= 0) {
+ byte b = (byte) c;
+ buf.append((char) b);
+ System.out.print((char) b);
+ if (-1 == buf.toString().indexOf("\r\n\r\n")) {
+ c = in.read();
+ } else {
+ break;
+ }
+ }
+ }
+ catch (Exception e) {
+ socketException = e;
+ }
+ trustException = testTrust(ssl, sslCipher, trustChain);
+ hostnameException = testHostname(ssl);
+ crlException = testCRL(ssl);
+ expiryException = testExpiry(ssl);
+ }
+ finally {
+ if (out != null) {
+ out.close();
+ }
+ if (in != null) {
+ in.close();
+ }
+ if (s != null) {
+ s.close();
+ }
+
+ X509Certificate[] peerChain = ssl.getCurrentServerChain();
+ if (peerChain != null) {
+ String title = "Server Certificate Chain for: ";
+ title = peerChain.length > 1 ? title : "Server Certificate for: ";
+ System.out.println(title + "[" + target + "]");
+ System.out.println("================================================================================");
+ for (int i = 0; i < peerChain.length; i++) {
+ X509Certificate cert = peerChain[i];
+ String certAsString = Certificates.toString(cert);
+ String certAsPEM = Certificates.toPEMString(cert);
+ if (i > 0) {
+ System.out.println();
+ }
+ System.out.print(certAsString);
+ System.out.print(certAsPEM);
+ }
+ }
+ if (hostnameException != null) {
+ hostnameException.printStackTrace();
+ System.out.println();
+ }
+ if (crlException != null) {
+ crlException.printStackTrace();
+ System.out.println();
+ }
+ if (expiryException != null) {
+ expiryException.printStackTrace();
+ System.out.println();
+ }
+ if (trustException != null) {
+ trustException.printStackTrace();
+ System.out.println();
+ }
+ if (socketException != null) {
+ socketException.printStackTrace();
+ System.out.println();
+ }
+ }
+ }
+
+ private static Exception testTrust(SSLClient ssl, String cipher,
+ TrustChain tc) {
+ try {
+ X509Certificate[] chain = ssl.getCurrentServerChain();
+ String authType = Util.cipherToAuthType(cipher);
+ if (authType == null) {
+ // default of "RSA" just for Ping's purposes.
+ authType = "RSA";
+ }
+ if (chain != null) {
+ if (tc == null) {
+ tc = TrustMaterial.DEFAULT;
+ }
+ Object[] trustManagers = tc.getTrustManagers();
+ for (int i = 0; i < trustManagers.length; i++) {
+ JavaImpl.testTrust(trustManagers[i], chain, authType);
+ }
+ }
+ }
+ catch (Exception e) {
+ return e;
+ }
+ return null;
+ }
+
+ private static Exception testHostname(SSLClient ssl) {
+ try {
+ X509Certificate[] chain = ssl.getCurrentServerChain();
+ if (chain != null) {
+ String hostName = target.host;
+ HostnameVerifier.DEFAULT.check(hostName, chain[0]);
+ }
+ }
+ catch (Exception e) {
+ return e;
+ }
+ return null;
+ }
+
+ private static Exception testCRL(SSLClient ssl) {
+ try {
+ X509Certificate[] chain = ssl.getCurrentServerChain();
+ if (chain != null) {
+ for (int i = 0; i < chain.length; i++) {
+ Certificates.checkCRL(chain[i]);
+ }
+ }
+ }
+ catch (Exception e) {
+ return e;
+ }
+ return null;
+ }
+
+ private static Exception testExpiry(SSLClient ssl) {
+ try {
+ X509Certificate[] chain = ssl.getCurrentServerChain();
+ if (chain != null) {
+ for (int i = 0; i < chain.length; i++) {
+ chain[i].checkValidity();
+ }
+ }
+ }
+ catch (Exception e) {
+ return e;
+ }
+ return null;
+ }
+
+
+ public static class Arg implements Comparable {
+ public final String shortArg;
+ public final String longArg;
+ public final String description;
+ public final boolean isRequired;
+ private final int id;
+
+ public Arg(String s, String l, String d) {
+ this(s, l, d, false);
+ }
+
+ public Arg(String s, String l, String d, boolean isRequired) {
+ this.isRequired = isRequired;
+ this.shortArg = s;
+ this.longArg = l;
+ this.description = d;
+ this.id = ARGS.size();
+ ARGS.add(this);
+ if (s != null && s.length() >= 2) {
+ ARGS_MATCH.put(s, this);
+ }
+ if (l != null && l.length() >= 3) {
+ ARGS_MATCH.put(l, this);
+ }
+ }
+
+ public int compareTo(Object o) {
+ return id - ((Arg) o).id;
+ }
+
+ public String toString() {
+ return shortArg + "/" + longArg;
+ }
+ }
+
+ private static void parseArgs(String[] cargs) throws Exception {
+ Map args = Util.parseArgs(cargs);
+ Iterator it = args.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry entry = (Map.Entry) it.next();
+ Arg arg = (Arg) entry.getKey();
+ String[] values = (String[]) entry.getValue();
+ if (arg == ARG_TARGET) {
+ target = Util.toAddress(values[0], 443);
+ targetAddress = target.addr;
+ targetPort = target.port;
+ } else if (arg == ARG_BIND) {
+ local = Util.toAddress(values[0], 443);
+ localAddress = local.addr;
+ localPort = local.port;
+ } else if (arg == ARG_PROXY) {
+ proxy = Util.toAddress(values[0], 80);
+ } else if (arg == ARG_CLIENT_CERT) {
+ clientCert = new File(values[0]);
+ } else if (arg == ARG_CERT_CHAIN) {
+ certChain = new File(values[0]);
+ } else if (arg == ARG_PASSWORD) {
+ password = values[0].toCharArray();
+ } else if (arg == ARG_METHOD) {
+ httpMethod = values[0].trim();
+ } else if (arg == ARG_PATH) {
+ path = values[0].trim();
+ } else if (arg == ARG_HOST_HEADER) {
+ hostHeader = values[0].trim();
+ } else if (arg == ARG_TRUST_CERT) {
+ for (int i = 0; i < values.length; i++) {
+ File f = new File(values[i]);
+ if (f.exists()) {
+ if (trustChain == null) {
+ trustChain = new TrustChain();
+ }
+ TrustMaterial tm = new TrustMaterial(f);
+ trustChain.addTrustMaterial(tm);
+ }
+ }
+ }
+ }
+ args.clear();
+ for (int i = 0; i < cargs.length; i++) {
+ cargs[i] = null;
+ }
+
+ if (targetAddress == null) {
+ throw new IllegalArgumentException("\"" + ARG_TARGET + "\" is mandatory");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyBadPasswordException.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyBadPasswordException.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyBadPasswordException.java
new file mode 100644
index 0000000..34302ba
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyBadPasswordException.java
@@ -0,0 +1,51 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/ProbablyBadPasswordException.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+public class ProbablyBadPasswordException extends GeneralSecurityException {
+ public ProbablyBadPasswordException() { super(); }
+
+ public ProbablyBadPasswordException(String s) { super(s); }
+
+ // Need to wait for Java 5.0 !
+ // public ProbablyBadPasswordException( Throwable t ) { super( t ); }
+ // public ProbablyBadPasswordException( String s, Throwable t ) { super( s, t ); }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyNotPKCS8Exception.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyNotPKCS8Exception.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyNotPKCS8Exception.java
new file mode 100644
index 0000000..3c03c97
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ProbablyNotPKCS8Exception.java
@@ -0,0 +1,50 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/ProbablyNotPKCS8Exception.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+public class ProbablyNotPKCS8Exception extends GeneralSecurityException {
+ public ProbablyNotPKCS8Exception() { super(); }
+
+ public ProbablyNotPKCS8Exception(String s) { super(s); }
+
+ // Need to wait for Java 5.0 !
+ // public ProbablyNotPKCS8Exception( Throwable t ) { super( t ); }
+ // public ProbablyNotPKCS8Exception( String s, Throwable t ) { super( s, t ); }
+}
[31/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.base64
new file mode 100644
index 0000000..19e6457
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.base64
@@ -0,0 +1 @@
+U2FsdGVkX197osioYPDn0yIAybXX/iMReMRmK2x+LxU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.raw
new file mode 100644
index 0000000..a2f64eb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia128.raw
@@ -0,0 +1 @@
+Salted__|з-ڽâ��&���Ծ��ڒ���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.base64
new file mode 100644
index 0000000..dfd0702
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.base64
@@ -0,0 +1 @@
+U2FsdGVkX19kg7hmBLX4JWKGyLehExxM3FGoZ4XAfU0=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.raw
new file mode 100644
index 0000000..5741fe7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia192.raw
@@ -0,0 +1 @@
+Salted__�̝q�����V�.�$a��/��/�[|
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.base64
new file mode 100644
index 0000000..91136bd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.base64
@@ -0,0 +1 @@
+U2FsdGVkX18ehKu2fdaQXkfnCZH9lwMev/u+fenDBxI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.raw
new file mode 100644
index 0000000..fca569e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia256.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.base64
new file mode 100644
index 0000000..aee53d5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/fJ/tvKiV81WYcgGVM1Frl2fiI5VLK4Es=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.raw
new file mode 100644
index 0000000..b8a2de3
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast-cbc.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.base64
new file mode 100644
index 0000000..8cce378
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.base64
@@ -0,0 +1 @@
+U2FsdGVkX18qMeuo5SMoJooS+Pt8lZGrLFnBTyll78U=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.raw
new file mode 100644
index 0000000..ced1e03
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast.raw
@@ -0,0 +1 @@
+Salted__{A����a83��Ȱ���z�I̕���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.base64
new file mode 100644
index 0000000..44a28a7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+kjmfi9mnlAwiucUKi8XXfh3Z117F3uAY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.raw
new file mode 100644
index 0000000..f7243b3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cbc.raw
@@ -0,0 +1,2 @@
+Salted__����"�U
+�U(��&��4�zd��%
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.base64
new file mode 100644
index 0000000..ccc5bca
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+TNbM051700oXXbN9XQ8JaH5vu8Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.raw
new file mode 100644
index 0000000..3cb7503
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-cfb.raw
@@ -0,0 +1 @@
+Salted__�~��}]�ٕ668�-�gy���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.base64
new file mode 100644
index 0000000..248caff
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/SSY+Kvv1K5sXb+F8webiiprWDK4eVnNQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.raw
new file mode 100644
index 0000000..af6aee5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ecb.raw
@@ -0,0 +1 @@
+Salted__��*��%������D�_,�t�0��*
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.base64
new file mode 100644
index 0000000..1fe008a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1800C0YbS7y8aO10eGQB5pMPkxpHA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.raw
new file mode 100644
index 0000000..f42345c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/cast5-ofb.raw
@@ -0,0 +1,2 @@
+Salted__����~K���
+�!G6uuY��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.base64
new file mode 100644
index 0000000..264b65a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19tMkO5uwIwhT233JWfPEA34ZbDTyeg+x8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.raw
new file mode 100644
index 0000000..84888b5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cbc.raw
@@ -0,0 +1 @@
+Salted__4��YjU�8�d��7׃k�j�âLr(
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.base64
new file mode 100644
index 0000000..1941567
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+bar1f5XcN2jRf4uGp1tVS75anLw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.raw
new file mode 100644
index 0000000..2c8eb57
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb.raw
@@ -0,0 +1 @@
+Salted__��N��m��b����U+"���.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.base64
new file mode 100644
index 0000000..3df3081
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+q/8Tq539aM3mwAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.raw
new file mode 100644
index 0000000..fa6ce59
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.base64
new file mode 100644
index 0000000..5e1c3e5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18j8MF73qCoRMNpfhNZvVM1fu4r8w==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.raw
new file mode 100644
index 0000000..b2962ba
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-cfb8.raw
@@ -0,0 +1 @@
+Salted__'�����X>�~G�P�]C���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.base64
new file mode 100644
index 0000000..e733bd4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Wcc1l+wXUlVCAWcfwjT84SxciiCAE/2Y=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.raw
new file mode 100644
index 0000000..0ddd6e9
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ecb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.base64
new file mode 100644
index 0000000..6870ed5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19CwfOjnni1RYXijIQlic2fCBGhM0Ym2Lk=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.raw
new file mode 100644
index 0000000..a06630e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cbc.raw
@@ -0,0 +1 @@
+Salted__bMqD�nI�hK�)cs�9��j����u
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.base64
new file mode 100644
index 0000000..5eec8f9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18PsrrurG1uhCD2QkpLZYUeEtH1Vw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.raw
new file mode 100644
index 0000000..6580777
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-cfb.raw
@@ -0,0 +1 @@
+Salted__��.���A�YX�h�cłV���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.base64
new file mode 100644
index 0000000..39bb1fa
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/rhq/q4yJ1ffD6Ghc69IWn4GsqcA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.raw
new file mode 100644
index 0000000..81a7523
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede-ofb.raw
@@ -0,0 +1 @@
+Salted__��4�HV6��y%VY���{KL�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.base64
new file mode 100644
index 0000000..ac9c3be
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.base64
@@ -0,0 +1 @@
+U2FsdGVkX18r2UMwx1RbibeBdeNvjm9YOszrJZoXRIE=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.raw
new file mode 100644
index 0000000..b1f7dd4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede.raw
@@ -0,0 +1 @@
+Salted__��<�p?M��ĝ��`ǽ gTx���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.base64
new file mode 100644
index 0000000..de2152d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18jj2kcvpaYme9ZFVUXQeeMX7OM15bPVbI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.raw
new file mode 100644
index 0000000..956423f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cbc.raw
@@ -0,0 +1,2 @@
+Salted__/���Y�/������FQ�p$o�
+¨
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.base64
new file mode 100644
index 0000000..bc44959
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19I7oHyglbIqCQDbHBukOaaRPjauw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.raw
new file mode 100644
index 0000000..9a616ff
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-cfb.raw
@@ -0,0 +1 @@
+Salted__a��'��7MY�z|N�/�с�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.base64
new file mode 100644
index 0000000..cb1f162
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19O+uqDgSn48JKfd1ZmT/EW9DSfWQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.raw
new file mode 100644
index 0000000..2aaee9e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3-ofb.raw
@@ -0,0 +1 @@
+Salted__�KjTO�7�t������_����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.base64
new file mode 100644
index 0000000..3ad36d8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.base64
@@ -0,0 +1 @@
+U2FsdGVkX193v6U3qbRyleGYQ+3nf3vgubY8Mt7HzEc=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.raw
new file mode 100644
index 0000000..3e73552
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ede3.raw
@@ -0,0 +1 @@
+Salted__�uݡ��q�:u��V݉|�E��laf�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.base64
new file mode 100644
index 0000000..128aec2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX192vJ3lZfCnhYIFA+wrnKArDflCUg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.raw
new file mode 100644
index 0000000..07522db
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des-ofb.raw
@@ -0,0 +1 @@
+Salted__K(�Px�
pm�o�Ki�vJ1�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.base64
new file mode 100644
index 0000000..0a49602
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.base64
@@ -0,0 +1 @@
+U2FsdGVkX19zPRX+p1hN8OdiT/721hQELF0qPM/BrZQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.raw
new file mode 100644
index 0000000..e8f603f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des.raw
@@ -0,0 +1 @@
+Salted__�u���
G8����`���M�D*F/$
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.base64
new file mode 100644
index 0000000..5c316cc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.base64
@@ -0,0 +1 @@
+U2FsdGVkX19YbvQFfBFxGlJc2AuPkALt+lhOkLfiuBA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.raw
new file mode 100644
index 0000000..eb1c405
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/des3.raw
@@ -0,0 +1 @@
+Salted__�A����`�L�&�+=�/<2�Ǥ���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.base64
new file mode 100644
index 0000000..1a02484
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18anz5GbGQC3cEYSpxQJpP7adc2pierOGk=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.raw
new file mode 100644
index 0000000..ed7621c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cbc.raw
@@ -0,0 +1 @@
+Salted__���CU�/Ud�6J��vzL���ղd�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.base64
new file mode 100644
index 0000000..87b3b73
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19WEa+hCPUXsXw1cQcOxuhFKZsTYA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.raw
new file mode 100644
index 0000000..9c43fda
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-cfb.raw
@@ -0,0 +1 @@
+Salted__�L[��ߩ��ߛu���h���9
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.base64
new file mode 100644
index 0000000..cf252fb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX192rke++eIbThteXe01uv4EAkShDnmCkfQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.raw
new file mode 100644
index 0000000..2e5dec9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ecb.raw
@@ -0,0 +1 @@
+Salted__Qt���Ґ鲥+��٤<�?���\��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.base64
new file mode 100644
index 0000000..71f1ae8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Oo4w9AlD0tpEySsbAkOjLdswl1A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.raw
new file mode 100644
index 0000000..80dad7d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea-ofb.raw
@@ -0,0 +1 @@
+Salted__���S��UKļEذ���/��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.base64
new file mode 100644
index 0000000..99f5907
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/NG2JQ8i+waaovzgmxYzKJAw8r9XYnR2Q=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.raw
new file mode 100644
index 0000000..9e5e848
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/idea.raw
@@ -0,0 +1 @@
+Salted__���2p��ε�p��R����u����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.base64
new file mode 100644
index 0000000..9415335
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+Dkr+tjgpPtlo+jpfdPAWpTkV88yzXaM4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.raw
new file mode 100644
index 0000000..c17e87a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-40-cbc.raw
@@ -0,0 +1 @@
+Salted__�q������=�:��U�㩣�2
�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.base64
new file mode 100644
index 0000000..5b5b232
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+3+4JXs1/XiSH2fB9mn1yqU8qdonwvl+o=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.raw
new file mode 100644
index 0000000..b9c08ee
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-64-cbc.raw
@@ -0,0 +1 @@
+Salted__��>�f���x
���<������L�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.base64
new file mode 100644
index 0000000..fbcde0e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19O/CBHf3CpY8+jvQkw0Tq2czsnICJOv+A=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.raw
new file mode 100644
index 0000000..d5200c6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cbc.raw
@@ -0,0 +1 @@
+Salted__�bZX4��5f���4�����s��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.base64
new file mode 100644
index 0000000..7952786
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+JuIje5xmEnRsCsmwaWTYgjVVqKw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.raw
new file mode 100644
index 0000000..7aa1960
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-cfb.raw
@@ -0,0 +1 @@
+Salted__������*� ֻ�o����F9
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.base64
new file mode 100644
index 0000000..208b26f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/uCJVscD2CrMxyEtpyqI7D4mFtNj3hsig=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.raw
new file mode 100644
index 0000000..9f9e117
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ecb.raw
@@ -0,0 +1 @@
+Salted__���x]C�b��V���U�g�I��E
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.base64
new file mode 100644
index 0000000..1b575c3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19iLfApzAcq690yVAy0D5IZjybZ9Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.raw
new file mode 100644
index 0000000..28fc695
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2-ofb.raw
@@ -0,0 +1 @@
+Salted__泷>@Rp2�[�l��������
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.base64
new file mode 100644
index 0000000..fe79ed1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+W2lM2oWECxc+df8bRWRjjQAZWgHyK0TE=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.raw
new file mode 100644
index 0000000..376a092
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc2.raw
@@ -0,0 +1 @@
+Salted__r���阙t1������o9����x4O
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.base64
new file mode 100644
index 0000000..6623b2d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.base64
@@ -0,0 +1 @@
+U2FsdGVkX19tJLA4MdMspjkJ9yV98jm4ZEH4LA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.raw
new file mode 100644
index 0000000..cc3b9ac
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4-40.raw
@@ -0,0 +1 @@
+Salted__%�°SⲨ��7�#��"��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.base64
new file mode 100644
index 0000000..6653092
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.base64
@@ -0,0 +1 @@
+U2FsdGVkX182oCiqgQ41HapT14y1GjgXQW+xTw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.raw
new file mode 100644
index 0000000..e0774e7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc4.raw
@@ -0,0 +1 @@
+Salted__�t4Z/�ck�ء��{�"Yp�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.base64
new file mode 100644
index 0000000..8ede98d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1984SHjF+Gnmpg7mzTZcUatW+a4AbICOJ0=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.raw
new file mode 100644
index 0000000..fd2070f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cbc.raw
@@ -0,0 +1 @@
+Salted__Vv�'�C�Dn�J�T��p�O�`�c�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.base64
new file mode 100644
index 0000000..3bba7cb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19S/C6iCDSQ3z9Tuvs1mLppmLIrKw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.raw
new file mode 100644
index 0000000..12c626e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-cfb.raw
@@ -0,0 +1 @@
+Salted__����>Ƨ��~�+�lz�����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.base64
new file mode 100644
index 0000000..118973a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18bkW6/nLaP0zItEAKqgnmMnJ1oquul/tw=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.raw
new file mode 100644
index 0000000..4e7963b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ecb.raw
@@ -0,0 +1 @@
+Salted__�������F��G����@��Py�w
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.base64
new file mode 100644
index 0000000..ddbb752
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX188hLLVFYY9QjWngoLlMX1ziLhd0Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.raw
new file mode 100644
index 0000000..f547846
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5-ofb.raw
@@ -0,0 +1 @@
+Salted__�*��@bҫ���K��]e����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.base64
new file mode 100644
index 0000000..78dbf97
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+XyN0T6HGqi3prs1uD91+BIG3RIaqJYxo=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.raw
new file mode 100644
index 0000000..710fae7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/rc5.raw
@@ -0,0 +1 @@
+Salted__�yx�����HvA���ɗ�W!�B�ǣ
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.p12
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.p12 b/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.p12
new file mode 100644
index 0000000..206b9cc
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.p12 differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.pem b/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.pem
new file mode 100644
index 0000000..f45a4d2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pkcs12/pkcs12_client_cert.pem
@@ -0,0 +1,94 @@
+Bag Attributes
+ localKeyID: 63 5B 15 F0 27 F2 03 31 C2 A3 21 65 54 08 FB EA 03 B4 C1 D7
+ friendlyName: commons-ssl demo certificate
+subject=/C=CA/ST=BC/L=Vancouver/O=www.cucbc.com/OU=commons_ssl/CN=demo_certificate/emailAddress=juliusdavies@gmail.com
+issuer=/C=CA/ST=BC/L=Vancouver/O=www.cucbc.com/OU=commons_ssl/CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+-----BEGIN CERTIFICATE-----
+MIIEQDCCAyigAwIBAgIJAIz+EYMBU6Z/MA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTEwNTIxNTIzN1oXDTA3MTEwNTIxNTIzN1owgZ4x
+CzAJBgNVBAYTAkNBMQswCQYDVQQIEwJCQzESMBAGA1UEBxMJVmFuY291dmVyMRYw
+FAYDVQQKEw13d3cuY3VjYmMuY29tMRQwEgYDVQQLFAtjb21tb25zX3NzbDEZMBcG
+A1UEAxQQZGVtb19jZXJ0aWZpY2F0ZTElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhj
+r5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho4O84
+X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA/Ztr
+lUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hNKXAb
+2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnGd87x
+QU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxpTKqy
+m93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
+HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8Ud78/
+OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNSyoemDT4N
+MA0GCSqGSIb3DQEBBQUAA4IBAQBwLCkX9lU7sPKCU9sGrAGMLEDCWTBYeK8X1zlL
+h/Lf7c+TgNUFyoEThLzWhxUBfkX4J9k+Rgqlkg3OcSW0QGsXFuf91DCMn9+K91NP
+kecN6rcGA/RIi20J6s9YmVWJWAXciiUFVY0ZZYfzvjK1mEIBY4CbJatQiEvhbQl/
+aid8ZgdkrKbB1nPmBTBOMul9Z1FgIBRetzxxxwKFqlcWZlY6M86FrmJYQVxmiK7m
+Pqd7suace7kpLvsM3sRzXEDPqSeB8fBaoqVxCngsdx0MiPueSYw4J0mDtRRTT990
+CxgCFeby0mem9EsZ7CMBBFJbQ44NjjfGoZoh9LXKxiFPMYtU
+-----END CERTIFICATE-----
+Bag Attributes: <No Attributes>
+subject=/C=CA/ST=BC/L=Vancouver/O=www.cucbc.com/OU=commons_ssl/CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+issuer=/C=CA/ST=BC/O=www.cucbc.com/OU=commons_ssl/CN=demo_root_ca/emailAddress=juliusdavies@gmail.com
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIJAJTNwZ6yNa5cMA0GCSqGSIb3DQEBBQUAMIGGMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxFjAUBgNVBAoTDXd3dy5jdWNiYy5jb20xFDAS
+BgNVBAsUC2NvbW1vbnNfc3NsMRUwEwYDVQQDFAxkZW1vX3Jvb3RfY2ExJTAjBgkq
+hkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDYxMTA1MjE0OTMx
+WhcNMDcxMTA1MjE0OTMxWjCBojELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRIw
+EAYDVQQHEwlWYW5jb3V2ZXIxFjAUBgNVBAoTDXd3dy5jdWNiYy5jb20xFDASBgNV
+BAsUC2NvbW1vbnNfc3NsMR0wGwYDVQQDFBRkZW1vX2ludGVybWVkaWF0ZV9jYTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL0S4y3vUO0EM6lwqOEfK8fvrUprIbsikXaG
+XzejcZ+T3l2Dc7t8WtBfRf78i4JypMqJQSijrUicj3H6mOMIReKaXm6ls4hA5d8w
+Lhmgiqsz/kW+gA8SeWGWRN683BD/RbQmzOls6ynBvap9jZlthXWBrSIlPCQoBLXY
+KVaxGzbL4ezaq+XFMKMQSm2uKwVmHHQNbfmZlPsuendBVomb/ked53Ab9IH6dwwN
+qJH9WIrvIzIVEXWlpvQ5MCqozM7u1akU+G8cazr8theGPCaYkzoXnigWua4OjdpV
+9z5ZDknhfBzG1AjapdG07FIirwWWgIyZXqZSD96ikmLtwT29qnsCAwEAAaOB7jCB
+6zAdBgNVHQ4EFgQUe5raj5CZTlLSrNuzA1LKh6YNPg0wgbsGA1UdIwSBszCBsIAU
+rN8eFIvMiRFXXgDqKumS0/W2AhOhgYykgYkwgYYxCzAJBgNVBAYTAkNBMQswCQYD
+VQQIEwJCQzEWMBQGA1UEChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9u
+c19zc2wxFTATBgNVBAMUDGRlbW9fcm9vdF9jYTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbYIJAJTNwZ6yNa5bMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAIB4KMZvHD20pdKajFtMBpL7X4W4soq6EeTtjml3NYa9
+Qc52bsQEGNccKY9afYSBIndaQvFdtmz6HdoN+B8TjYShw2KhyjtKimGLpWYoi1YF
+e4aHdmA/Gp5xk8pZzR18FmooxC9RqBux+NAM2iTFSLgDtGIIj4sg2rbn6Bb6ZlQT
+1rg6VucXCA1629lNfMeNcu7CBNmUKIdaxHR/YJQallE0KfGRiOIWPrPj/VNk0YA6
+XFg0ocjqXJ2/N0N9rWVshMUaXgOh7m4D/5zga5/nuxDU+PoToA6mQ4bV6eCYqZbh
+aa1kQYtR9B4ZiG6pB82qVc2dCqStOH2FAEWos2gAVkQ=
+-----END CERTIFICATE-----
+Bag Attributes
+ localKeyID: 63 5B 15 F0 27 F2 03 31 C2 A3 21 65 54 08 FB EA 03 B4 C1 D7
+ friendlyName: commons-ssl demo certificate
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,958A07981A0FCEB0
+
+xwOFxogRiAGShZ/VkWz5Nqwdk3j12i5vLLbNhA5OgAwgRUqk5DzuJYaozJ+lVLk/
+sCwKtQ+OmaYeSYtXsTuUcNIgki8GgaPnBCXOyfZIR8ZjSCA+VT41lAvcWQ3EUUvB
+wB0yT2kWhSIwR+0lWw57MiUhyzLmTBlynSVZBRTe45/y0c4ulzodQW7zrE8G0hqq
+pB1moyADgeLh/i1iqvf3LNrZoRA5j5d72jA5sOJTK75BDekFzrPbf6Z94/N/+6nN
+oluxagf2thJ1fFs1vqOmJGb/sTBow5ToZ7lwe3kH/q5rc/0ecJWu5EAezvYB9dFs
+V1QUVOSsdkdRq8QhfS2QjYujkqUg9CQtWbEF90EyV4DWhUSugEOPj4LKPmqHg2+i
+zC39d/jizCeax42taJYYF5moWy/h43UtkLdHCkDjHmOXuMQaXGxJyV686ABuuMgI
+UN/CRKv6TjmmJZwxDYCuGNbcOov/J4Qk/Qf7FM62ZPT0DBnIXGnOHmegvGNbL3hx
+va60Fvga5uLxT4f2a5JXrNOJyxVlkFNqirWvWuS020rVK7SmF6Hx79v83g2oW83b
+Ox7KZ+zlcndqFUDA8iwdhmrqTpRqYxCF+PHFC/wO0LmA25693pLN+2x0Zdk0cH/Q
+hzykSOcydEctrkqPrJzg3m4U0gICssfPrbB8pkP6qk3ucSsFWYRQpo1Fv+yDqssG
+yiDOzmYXCxkjYcYm5MkX4vY/ggNi4ge3TVNMWCtIyr9WoVXT/0qFDN4i4vlJkTOQ
+kyhjfS25Dou2+PyNUe4rfWg7lH/5EhZbn6ZN9E7jKd0OOymLSeh08nt5abcuNBE3
+2QYXqBxBUmh29dyxn0Rl8UQQceFC6zvai2XVYKiw3EdMAeNp0NIKOEtkLZsGrE+t
+IWul0NZyqJmMDAP1GzNMg8HaL0mPh6PgoesNKMRYAqD1uNqzQfHnid1TrxFoJuzH
+GSwmX7QctDt7iXmqG9WETbw+WXg1IbpetxC/Lom54jRo05GcI0eCDCSY88EwSNPT
+SWLHlBw12axu+fzNFmkdV2y5qoi7YHq95S2BzO0Eh5p0BiCl80zCyT+eTt+2aJOK
+i7TTQDSjzwtqj7qgqltJAmdrbMFF0d15eO3+Fj9PULN5cOBor80RWs9gv71I5Ybe
++QA0QijIPuH19nB7L4hOT5vZgp1aCUsLyoCgv1WaIBgYgqQbcgDhbQs/vPBP699y
+/52Dr8G11/9MIEqA9yVLdj/dksGhhjRy3mtT1m35qG05ohKMd3+jESFA6IpHOyNF
+D3v/raj+ioW94KqYZepSvQYfDV4GUKeI40YlH3yDzSbj9npDtWdHX3OnCo9TKNkH
+xhyDt4t9WB7G7nUxq76/ZKSnAA0zvMRRRqFQOn8F3JMnEMYy5Dbn4I1xmmTXl3xN
+Kz7bywFiFb+lcCW9FGHRFVL9skEYLxvEQVbv+IteVqzrbInhfvIxgRr4Cbxoy8sU
+rl9sGr5ab4OTuIr6zOpUxJkWkTFy+LRv2M+lJ5OFbKJYLC3azk9t+dzjST6pE16R
+SQLoi0JXCiE5ohaL+IGXnegKNFIy9L/Wy0sBFUipkhhlDAWGNwgsPTnC1mhwGjKF
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa.html b/3rdparty/not-yet-commons-ssl/samples/rsa.html
new file mode 100644
index 0000000..d4d260a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa.html
@@ -0,0 +1,115 @@
+<pre>
+java -showversion -cp build/not-yet-commons-ssl-0.3.13.jar org.apache.commons.ssl.PKCS8Key samples/rsa/*.*
+
+java version "1.6.0_45"
+Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
+Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
+
+ SUCCESS RSA AES/CBC/PKCS5Padding 128 samples/rsa/openssl_rsa_aes128_cbc.pem
+ SUCCESS RSA AES/CFB/NoPadding 128 samples/rsa/openssl_rsa_aes128_cfb.pem
+ SUCCESS RSA AES/ECB/PKCS5Padding 128 samples/rsa/openssl_rsa_aes128_ecb.pem
+ SUCCESS RSA AES/OFB/NoPadding 128 samples/rsa/openssl_rsa_aes128_ofb.pem
+ SUCCESS RSA AES/CBC/PKCS5Padding 192 samples/rsa/openssl_rsa_aes192_cbc.pem
+ SUCCESS RSA AES/CFB/NoPadding 192 samples/rsa/openssl_rsa_aes192_cfb.pem
+ SUCCESS RSA AES/ECB/PKCS5Padding 192 samples/rsa/openssl_rsa_aes192_ecb.pem
+ SUCCESS RSA AES/OFB/NoPadding 192 samples/rsa/openssl_rsa_aes192_ofb.pem
+ SUCCESS RSA AES/CBC/PKCS5Padding 256 samples/rsa/openssl_rsa_aes256_cbc.pem
+ SUCCESS RSA AES/CFB/NoPadding 256 samples/rsa/openssl_rsa_aes256_cfb.pem
+ SUCCESS RSA AES/ECB/PKCS5Padding 256 samples/rsa/openssl_rsa_aes256_ecb.pem
+ SUCCESS RSA AES/OFB/NoPadding 256 samples/rsa/openssl_rsa_aes256_ofb.pem
+ SUCCESS RSA Blowfish/CBC/PKCS5Padding 128 samples/rsa/openssl_rsa_blowfish_cbc.pem
+ SUCCESS RSA Blowfish/CFB/NoPadding 128 samples/rsa/openssl_rsa_blowfish_cfb.pem
+ SUCCESS RSA Blowfish/ECB/PKCS5Padding 128 samples/rsa/openssl_rsa_blowfish_ecb.pem
+ SUCCESS RSA Blowfish/OFB/NoPadding 128 samples/rsa/openssl_rsa_blowfish_ofb.pem
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/openssl_rsa_des1_cbc.pem
+ SUCCESS RSA DES/CFB/NoPadding 64 samples/rsa/openssl_rsa_des1_cfb.pem
+ SUCCESS RSA DES/ECB/PKCS5Padding 64 samples/rsa/openssl_rsa_des1_ecb.pem
+ SUCCESS RSA DES/OFB/NoPadding 64 samples/rsa/openssl_rsa_des1_ofb.pem
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/openssl_rsa_des2_cbc.pem
+ SUCCESS RSA DESede/CFB/NoPadding 192 samples/rsa/openssl_rsa_des2_cfb.pem
+ SUCCESS RSA DESede/ECB/PKCS5Padding 192 samples/rsa/openssl_rsa_des2_ecb.pem
+ SUCCESS RSA DESede/OFB/NoPadding 192 samples/rsa/openssl_rsa_des2_ofb.pem
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/openssl_rsa_des3_cbc.pem
+ SUCCESS RSA DESede/CFB/NoPadding 192 samples/rsa/openssl_rsa_des3_cfb.pem
+ SUCCESS RSA DESede/ECB/PKCS5Padding 192 samples/rsa/openssl_rsa_des3_ecb.pem
+ SUCCESS RSA DESede/OFB/NoPadding 192 samples/rsa/openssl_rsa_des3_ofb.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 128 samples/rsa/openssl_rsa_rc2_128_cbc.pem
+ SUCCESS RSA RC2/CFB/NoPadding 128 samples/rsa/openssl_rsa_rc2_128_cfb.pem
+ SUCCESS RSA RC2/ECB/PKCS5Padding 128 samples/rsa/openssl_rsa_rc2_128_ecb.pem
+ SUCCESS RSA RC2/OFB/NoPadding 128 samples/rsa/openssl_rsa_rc2_128_ofb.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 40 samples/rsa/openssl_rsa_rc2_40.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/openssl_rsa_rc2_64.pem
+ SUCCESS RSA UNENCRYPTED 0 samples/rsa/openssl_rsa_unencrypted.der
+ SUCCESS RSA UNENCRYPTED 0 samples/rsa/openssl_rsa_unencrypted.pem
+ SUCCESS RSA UNENCRYPTED 0 samples/rsa/pkcs8_rsa_unencrypted.der
+ SUCCESS RSA UNENCRYPTED 0 samples/rsa/pkcs8_rsa_unencrypted.pem
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md2_des1.der
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md2_des1.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md2_rc2_64.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md5_des1.der
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md5_des1.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md5_rc2_64.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_sha1_des1.der
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_sha1_des1.pem
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/pkcs8v1_rsa_sha1_des2.der
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/pkcs8v1_rsa_sha1_des2.pem
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/pkcs8v1_rsa_sha1_des3.der
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/pkcs8v1_rsa_sha1_des3.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 128 samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 128 samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 40 samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 40 samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem
+ SUCCESS RSA RC4 128 samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der
+ SUCCESS RSA RC4 128 samples/rsa/pkcs8v1_rsa_sha1_rc4_128.pem
+ SUCCESS RSA RC4 40 samples/rsa/pkcs8v1_rsa_sha1_rc4_40.der
+ SUCCESS RSA RC4 40 samples/rsa/pkcs8v1_rsa_sha1_rc4_40.pem
+ SUCCESS RSA AES/CBC/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_aes128_cbc.der
+ SUCCESS RSA AES/CBC/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_aes128_cbc.pem
+ SUCCESS RSA AES/CFB/NoPadding 128 samples/rsa/pkcs8v2_rsa_aes128_cfb.der
+ SUCCESS RSA AES/CFB/NoPadding 128 samples/rsa/pkcs8v2_rsa_aes128_cfb.pem
+ SUCCESS RSA AES/ECB/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_aes128_ecb.der
+ SUCCESS RSA AES/ECB/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_aes128_ecb.pem
+ SUCCESS RSA AES/OFB/NoPadding 128 samples/rsa/pkcs8v2_rsa_aes128_ofb.der
+ SUCCESS RSA AES/OFB/NoPadding 128 samples/rsa/pkcs8v2_rsa_aes128_ofb.pem
+ SUCCESS RSA AES/CBC/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_aes192_cbc.der
+ SUCCESS RSA AES/CBC/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_aes192_cbc.pem
+ SUCCESS RSA AES/CFB/NoPadding 192 samples/rsa/pkcs8v2_rsa_aes192_cfb.der
+ SUCCESS RSA AES/CFB/NoPadding 192 samples/rsa/pkcs8v2_rsa_aes192_cfb.pem
+ SUCCESS RSA AES/ECB/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_aes192_ecb.der
+ SUCCESS RSA AES/ECB/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_aes192_ecb.pem
+ SUCCESS RSA AES/OFB/NoPadding 192 samples/rsa/pkcs8v2_rsa_aes192_ofb.der
+ SUCCESS RSA AES/OFB/NoPadding 192 samples/rsa/pkcs8v2_rsa_aes192_ofb.pem
+ SUCCESS RSA AES/CBC/PKCS5Padding 256 samples/rsa/pkcs8v2_rsa_aes256_cbc.der
+ SUCCESS RSA AES/CBC/PKCS5Padding 256 samples/rsa/pkcs8v2_rsa_aes256_cbc.pem
+ SUCCESS RSA AES/CFB/NoPadding 256 samples/rsa/pkcs8v2_rsa_aes256_cfb.der
+ SUCCESS RSA AES/CFB/NoPadding 256 samples/rsa/pkcs8v2_rsa_aes256_cfb.pem
+ SUCCESS RSA AES/ECB/PKCS5Padding 256 samples/rsa/pkcs8v2_rsa_aes256_ecb.der
+ SUCCESS RSA AES/ECB/PKCS5Padding 256 samples/rsa/pkcs8v2_rsa_aes256_ecb.pem
+ SUCCESS RSA AES/OFB/NoPadding 256 samples/rsa/pkcs8v2_rsa_aes256_ofb.der
+ SUCCESS RSA AES/OFB/NoPadding 256 samples/rsa/pkcs8v2_rsa_aes256_ofb.pem
+ SUCCESS RSA Blowfish/CBC/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_blowfish_cbc.der
+ SUCCESS RSA Blowfish/CBC/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_blowfish_cbc.pem
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v2_rsa_des1_cbc.der
+ SUCCESS RSA DES/CBC/PKCS5Padding 64 samples/rsa/pkcs8v2_rsa_des1_cbc.pem
+ SUCCESS RSA DES/CFB/NoPadding 64 samples/rsa/pkcs8v2_rsa_des1_cfb.der
+ SUCCESS RSA DES/CFB/NoPadding 64 samples/rsa/pkcs8v2_rsa_des1_cfb.pem
+ SUCCESS RSA DES/ECB/PKCS5Padding 64 samples/rsa/pkcs8v2_rsa_des1_ecb.der
+ SUCCESS RSA DES/ECB/PKCS5Padding 64 samples/rsa/pkcs8v2_rsa_des1_ecb.pem
+ SUCCESS RSA DES/OFB/NoPadding 64 samples/rsa/pkcs8v2_rsa_des1_ofb.der
+ SUCCESS RSA DES/OFB/NoPadding 64 samples/rsa/pkcs8v2_rsa_des1_ofb.pem
+ SUCCESS RSA DESede/ECB/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.der
+ SUCCESS RSA DESede/ECB/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_des2_ecb_SEEMS_WRONG.pem
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_des3.der
+ SUCCESS RSA DESede/CBC/PKCS5Padding 192 samples/rsa/pkcs8v2_rsa_des3.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_rc2_128.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 128 samples/rsa/pkcs8v2_rsa_rc2_128.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 40 samples/rsa/pkcs8v2_rsa_rc2_40.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 40 samples/rsa/pkcs8v2_rsa_rc2_40.pem
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v2_rsa_rc2_64.der
+ SUCCESS RSA RC2/CBC/PKCS5Padding 64 samples/rsa/pkcs8v2_rsa_rc2_64.pem
+</pre>
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cbc.pem
new file mode 100644
index 0000000..e315053
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,8DA91D5A71988E3D4431D9C2C009F249
+
+ZUo4tso7YF0+ayrQpLsgM4TN2H31b5g5ryj//QqqVG/WmvYgl56Vu7fDbYXytgnb
+PQoJLo+8iUI1d51nirw3RrtAx7Z9lrBu6mX+JBE7nwCVsjBVVlAx1B6d6Jwc20wj
+935VaUkwT3n0zZ1dwb9HLjEGUp82TIbiZ3KjWKnfER2AhFXJl3SzswA5Fvwe0AYm
+KTAEYaaxigTTPgltiEQDIvA/Pnh9ZHjh6rbM816Fa2hdk30wjU4U/KkTYbg4hdoV
+vLeQpYnMT2uICCuvNXq0cXXetfbgdMFsLTxvVElUZrjyMTsw1QtjijeM+gj1dbDj
+HGzR0k97Xj3q+84m+SoNW29zPLZzSaFDX4KdKKG2cHs9BTYJmzb0h7qP4pCXjGgF
+8V2iUDMs7BQlgNnOa9gwT7x7DN4HM6J0MIlNIiYQZnupqqYQTDR0rd+fhdIsXHkA
+qNZKI/4ep7voVIufSS8ZyoISES3f7dvs5nnM2C+QAtL+l/yaaqRdfUyn9BL1djaP
+akSRPXmHrmed8s8YamuhLHyf+GPL2uYpd4i1voA2KKYSx4PnfjH/F/8fXPZr3dNh
+sDtcjhgXHTNAEVVek9VOaHtlUNZEY0UcbP5uqBZta+wP2rBTC94DxIbN+k8A2SlP
+cKGkaRltjnPJAXWmwKMRm1J7vXngXYq0r5VUvnGPiUhFlQwAW5TUml4+1SMEUirZ
+y/Oh3AjhOus67uiAXAQoqlr9KykueXobFrhZjLCgRf7iDmP/t1eK40UyV83w85yz
+cORi8FNfqvCARz05qXwfhf2NBMTRbLNzKCGjS4iY0dLNk+QYNgJGoM4nFVkHYgbM
+pTThzpYgtRnxQf1mYTZFtqr8hRJqiRfexzCyk2JC3rDtEO8WUmNdvdKNN0KwCd4+
+dcVS8KzNov9fYMqiiol0dL89WBN1RN+hs7HnOJkNZZgaNVspOLCT4+SN5fLgtbJI
+BzbAgTK1ILrSom5fyzZcRkYwzIqNc97YhRYnxDp7vJFlgsBqySJgtdGUkTPrrzAO
+CCYyi/ukSVphPe+qRsvj9L4syZgpLRgDdZaW+BR0pbTUg2WQvZuKL5iMhfB8cbAC
++FjoKeSlxI68jukrAYHBNcco+qaAYrUaHsJFUsbf7j85DzHxnaA3M+P0i+LWJwOI
+3G751QR2CrjgK+QD7XUtUjBMrsVGlJmfaQsEm7+rtuPynXq+ArJrvgha4lc0GRD6
+yNDCTTMafuBnJ72wop1UEE8zGOsqERsgvOAL10J1s5KCcPHGwrDhjhr3/x1GI6/e
+H80zp/E9mPgzYQMfhl06s9SwyvsxFCIZAfrKIhq7lVqeEDiusYbe15kCLmTVNZ6C
+c/BhDc76vwek05AOLaZLGbdpMRwevbOn4WvUHV0o5Yr1h1IGZKx9BQYwFS65SDCg
+uxfM+dKulE6MWD2hPUP9s47+R812cBnHu5BVV+Cq52YygAiAP1+nfFw7TBKzqczo
+fnIsoL69JthqtkZiwl36uMmcoWwZM621ZqYFJI53WO57uhW0uuoyidQj8HoNG/re
+o3OyAgVO6sTFsw/Dwxo4WX2AKuIt9W2IJMFNC7aS7lH0iPrtiVC3FFXvuY5agipH
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cfb.pem
new file mode 100644
index 0000000..8bd32ac
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CFB,2F7AF90B0C0A420FFD62214EBEFC4CD5
+
+hciElffC9lqjzOx+aBT3DYY0/oZrI0Q34xfQg7IOTUPUAxrrT/UjHlToX56VIbRm
+PH2M5yoF88Ji7BI2V/Y2QRAjAYRFVjZvPO9ke4IGYI8xfnKRivfxLtW/YfaiKnqc
+7VyyO2UI2tYGm27+JJbGLR+GdaHmcnLmencGdS4Hn3KDQ9IK4eLLXrBPWyzGnxEZ
+qA2OWdzqodjppFCjlx892YJUsq+w3BXu5lkPoooTEoxB5RywZfngUY9Y+raN60S6
+zhjkaaJTEqAfnAsdVMUvzpkYpoH5LCO1vl4+XpKdeUu3wJ5p3D9TVc4kt6/V/MeL
+rHJVN8FKJKYddTlaP7xOmh4bivrJao6LzRUdnyxGL6SkVQ4ipitgWcSwFGgRQc1m
+/MzFmTATtC8tocSqXMY8nblp0/sabGhUSTGG+uBGddDr16D/8J5rb8cMCfR0KLPF
+3uwV89PbbqpS73IUKkolRjxslO74TPDT5ds0i+UV+J+AJM+9CnyY7WI3FgMlVvRn
+KwYJuihDzFjozJfe386XWYs2Joa3Eo0vbaVvp4hbHq5Gh7S2iiBpqy2uN0xxuZA9
+QB1XpLd+rOC0y5l1usuVc9kBlGsTiFVyBoZo/pWVlTU3z8Hzgv8p1TAJN6jgqVH7
+oMVgubXsz1XPHrrjjgZEEpxqzXtKJw3DKchGDfAn4VLTSrOINwMC5sR8l30OZVtD
+IdlmftUBhv2AeVUqkLsSMKGdeagfwoqOlfL4FKvSt4n8Vq+Hn9lY/S7n3cjM17YE
+YAgpBjX4PJqXsp8K5KmBHPQMB08jW+NQFABOprdes5bwflrERogdLZmQH4vxqUvs
+DFhHVJxo1wxeRDOftVgtxnmHzU+SaB9MgdWWhC/4pxx5uzqYi0Q2kSOZ27EXZNdh
+MgVX16W6jLUw9zaR1wJIJZU7SmhJOL1fxvt85RytaD28+JvPTNs2ffDpjPu0sXh9
+n0gYiWztuBNUv1m+LMpi1SPtHvtoZLhc++9g4BXoZevtgNl+FqvHs2Ob9w3yXqkT
+lyJQbqju674MaKXDoQ+3+tnXad8MRGCvIgmIUzmMZj3O7QcrBbDY/pbcxoEDOaKI
+SygvYvKfrBIKq6PuGsN1KHSMrjc2A4+wuTYy75xsai9YtwwT1tyIIeCv5NXbbtJq
+vW+nbSNYW+khIicBc+Ye+GFfUh2MXj+iC1lK+5i+1leKo4zLNFDmnXKgZ4jOOPMa
+FMYPZkwANQ6//tyP/qzLWGyBucIC/Ym9hUvi0HlYjjU3Z+Zv92vM+2+li4mtMy7M
+tdcm72bqsT3+1rtJKKRaYG/FiQizOGTDyhgV+JX9MEVwJPa+61V9jwkIPPR6iBrl
+u7NoFfSp666XbD+LurRh82vlS7KYOB2zimHFxI6nOHBsypJynqtgIzLg5N1+LhVz
+t+cxucW9eFvkEEXmjZwofqlxq9BDso587kKY+EpOkXrlnG/ha9XeZcyUipn+jQ0Q
+64Cb7LfvcU5UEXTcMh6BKkoeNP07O1ecpD1LXMGYFn2HsfYHigwwcZ7sm9oCCC9q
+vF/rjXg/oIMagmc6MZOjRE2eT9tpLRAaMynLiln7XS5u+Q8O3RexEw==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ecb.pem
new file mode 100644
index 0000000..b6def08
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-ECB,3E3ACDA483AAD613760CC55C7DBFE582
+
+PJupElZP0QC92uiYotAm/CG6i8ypU5SXxc3zmrk7sBdxVU9JQXsIE/oIUK40AlFW
+cGuHWxxYkdYNtTpuwG/CVlsrq20YfpxQrl525f4pz8ETWt/P5+aLQ0TemEKr+LVE
+921o6LNstZpftQJbe3yMz0cFTjSfsxsHbadfUZUQzobr1XcbazPyhr5rrSntgIMy
+rJ5M4G6QrOEAIHfVVZ1oizlFnd4vjGOKk1i6APgEEqJTIyFWoCXEzDtaMcl97GEI
+EWGusd8DJrqpJKnohVoTZdOzLrnerJXEUEJ0cz+UjvljAYg2MBSJk5v6HCp8aWcc
+CCoWUbJp2933n4nLBq7EXTVmJ1pwbB4cjNM1oL2BznW/pdznrSRcw8qut35ikEKW
+mB97+IMVr03orl0uFjHBIch6cPLYkXKi5w7CO4vvJeqqPK+mCtckzgIlzsdTL7Pp
+tp+wrMBtG2Ibh2HeJuvvlFCgoYBY482aPu/4NMei2eqfs0p5g0bf67R/BiG2Sxxr
+4o8hmR14v+dzLsQeoKrr3RnMqfmrbqgdkUfgBomlsunHUu9u7jB70TuYsZk/COPn
+SgMM0T1pxEuHdXfyZPSS9u2SFGEhbW4zIuVz79Lo7h3sKdYJqmwmgOk1P3IL/nra
+YpcacWzmV0g/GK8O+2CSGvEh1+m0ffQac1Pd2Abjzg9jghshsBTVTpkcFI0UfkIm
+gpP/hwLONl5a1KJn7u/ltFPdZkJ5CWPe0ZQ1mqjhDaPnc8j7iuFzUilsWITLRof0
+KHUDsAZSV7gZ5G/Lh6DGZdlwfkD4b+2GOPayQ44mr4p2hdOque6Z/LEXtOv+UvvF
+kR9azOu2RXVTiDLL4c/ntltS6laT/nCg0goMs5NAis+3cxKd7Uk/yXBAulwR6wmy
+MIZuSM4gk2pqbt6TJWIfxl4ZtPwp+jYIpMZc47XQ7w5m7YSquJzjilaj+IDVPkhF
+TWTMf+Ucb4duBD39HZjBWAoLkF487M8KDtcxL60uHuhVJsKyYsb8b20ukA++c6aH
+0VqU3NB8VXH7De3pA08G51P+XLurlLUUr118STaEd4r7GR8FddFmSh5x+PSuVXut
+D2p2W7pfvS8OTuaMF0PZo0KkUq/TbTpvMcTax+G0DgGJqFFhqxNur6WoJyYbQE0M
+nX8USnuJhS+BRNPEXc5i14dWmZEeE8i2KGm8RlL3KZfyrpBk2zwnGs+WM8xAlBSY
+KnGO6bLvRaUl+8IT1nKfY30HLr2tX+F0fEM9Tn443VgsXkYnMoaPDU0aW6+J0lLE
+lTeqJn8MPVRbU0Ss/0Q2PQLpayHrR+ly6yxJPOY6Nc1eLkhXoB1DwiGh5Mp7J6+V
+R5UL4nRr40hZy+35sH1lf/+1mY95Rb1hAYP9r5K9dAvqkdUMSPz8rtzb/4gevLi2
+rxB5XyOHM/qZL9ySpJWjFPBwOtJ/EJioRTvnG+/8jdxXWBiGKdkGLKV8k1z7gOee
+ewq2/8n4HnzMm5YKdTesy6LuaO5TaOAUe89Eo/CxPgdM5YnxSxRsxunrPR8JMLYI
+V6xyNRRHLOy2ffGdJZ3nqbSOxCNiHW+Glh5I2jyrKG5Bs0S1jbt3l0hZKWSU8k5k
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ofb.pem
new file mode 100644
index 0000000..2986eb2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes128_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-OFB,271025C313E6EFC0403320C73382F15B
+
+/L1xK2Hx7pYQBTuhHX1P/mkXqLAlbSSz58hL1E4oxsDJODiVH+ueTSKajA8+tbxG
+eBK4p0s5j1fp7SJ9m4QXBwvhCnis992H9kQws6U9gGFrofrYAniRFhX6yzvm86ee
+deQ2Pfcv+evGRPigkoeRSQGxSa40fJ+5cBs4G22cfrKabaEKxnLtQpqPG17JQ4/f
+LdrHz64IyJTgvV6LCzJxShO7vxwIXaA82HNR6Qp09WUXxLB1/pfQ8oQfZbTUkvWi
+CBdXWT42VZklPl7StNiAN9U85K/USIYkKG47CpJvWMYbWJ3Dt1EFiEFi/wmYTinv
+b2K0xUrVUKxAMfmVtr1wGSJA9P9AT0/sBO2vTn5ibXVVHibtAET+vGXLtpGqf89/
+RmcqNEFYxvLzoTyR2FONtVluAC2yk10cKHY/pzZwQyVfjcgMlbnrZz9Pp1Y6ntR5
+AfXpVR/qyYOaQ8BeMCXkfR79GPyCPV6txy3KE2mbajwamvL7eR0+0R3Q0lhVcWGp
+g91D1nbgVFkHGOugO+2yb8vLq9k7K84Za+TY9NCqCG6g0S46yAgZD2rqrAAO4UIf
+6+nno8TS41W5wmsdEarbRoIg7iIKaPKzEmRRurSdlj/s7MKHgQFoet/OdZuAQkV6
+FumyDmqekmPAgIIJEO2NdrWo87RWKCzc61Yl52qmWsqrJIHrPORMGdjdlLVxXXIE
+XZQot33Rx7/f0VZktYB5fWk08kjWQ0sKTDiHEp8Xobq/RDyMTm9TFIkeFm4rLkl6
+Zt2bzp7ssoKeYuJgpoRzUmGP83wgl+AaJZpupARdz5MlqXd5knuPTETFPaFIf98d
+r/sl/V4E1nh0x83HNOBrLlpKbeWocVV4zv22q4zemALPCOQKUPWulINQWAYiTPDA
+lBQhFRnJXSZYFUqFWpxjp3yIWCvTZd4wgX5IQpaJvG+ehRn0H4FR0hJukMG7Pn5y
+ye0M0XlvVYWfxhLRDK23iNkRzVIbIxZfxqaInpGvatcTHyb2vnVFateSGlXIk0wU
+GxgytnTGW2fZtCDOqeQxCL66nIkpqKhB2hJKaD5WIG7SUikjBblvVcN+gkj9IWML
+7LB7xjE+4cyt27Rt9QHuLchdgSScPnPTZhdX0iK1LVELlJQFx8WPZpfXwpQR/xz8
+tqAKOfyhOX2XxYYOoaNN+ffQ3mEnsVFx2uQOp7PvNjL06XdYP4p/AruzVnbqsDsG
+BIo+oo7PfepNw1jRxcmeoaMotIZ8Feq8H8QEARqQSnzRWAJZhV5D9ztmUtaeqyy4
+QDbgxBxdV0nLAWG7e54FMn5yJfjqq2pkBl69ZvR3N+F+L5/eWlEpalIoq2l8AffY
+gDxlGgp030MAyFYSLJNYj+UUwq8k5INaC0QKjARbBMblf0HOX4U6RBqrpzn2xyvU
+mlM6pTiO+mOpG9WLgQS9XTUk2te8n0vAVUTk4Camj94Vdl8JWFNsfJIgwE59hprg
+a3Pz4FosIcBbj1pYtlA9Lz3kIGe9U3z9rHeQHNxJ8agW8NKGvlzY/YBdb115UhnM
+WOVp5TkpF2MyE+TGWqXzwNo3GutaNVs5YO5nX3Mtx4ClRrsmQYVTMg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cbc.pem
new file mode 100644
index 0000000..b80686d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CBC,51C73DF9487965B976234C88321E3F30
+
+6yLkX7C2XTX5AE6KqWsB2Lmt+TMGsoHIH5BDl+o7Yjx7aBSzB9X9KPTsVoPmTCOg
++yhhV6am/yBImCdyuY8d9Q0A1kPIJTEkshgk5vc2KpW08blLCHSCjokEVbQ4TJDH
+bMtrEBVMU1g9KBTMuBpbu6MLVaFth2GTsqExX2gu7FB5EAKvEGhkmLudo1jKkgvR
+aiiyMd2CH2MTdatZtw5PrJmkhV/6RMZRKP8r9wkez8NN14ehmk5QDY2s/hj5uaEf
+xK0GXY6OcwoRo85PsOYhmOeFDqHKGRo9a0pPBy5ZaV4udj0QZekE1fziOxiPf6K8
+0BL50UUzQBW+3n0dIZbzlOiJQScQkjoxi0kc088FHXHf74VBoJUo6pckAu4OwpXW
+L4XLIGAr2Kv4OMiFSJOcaihyawE312B2URcAzVCO7skhTYHaC0fMYDJCGTc2D9rR
++V5tVfT1dG4xdB+p/b9TQyAu8PE10jT+tVNJqGsZRI8I3iOtyWsBcn4sQInpYFYU
+R/v2tgG4hDdq1beEY5N/ZaLsoSyFYZmwbzB+BVhPg0W/9s91/nYAQgOL6XrExQjF
+lZxS28ujAq1LDNzg0NDA2KsDGJF2TuST2stnxyvf23h8+KV2nZLOZXjhlVl/Nr5O
+WPm3gCmuPf8F6FPqM+zI4YBBRtvLRkXafUNuvc7PYVNiaPyuMh7I7U1EUUzTpkqi
+OI/YD4xv6DpDand/WEtLHaYfVYU6PAapLV0T28BoFITp/qxHYYnXVfhn4htSgiwW
+R1btcxWyNjsIedjb1LJ2EwEfuXqZmzDz51uDLBq3XQ/dbvDkDzfZR3O1KGaACxAT
+tAeAdnTnAVliWYQiJ7BHn4LTJZ0ERGL/R1xpQs4quki4WHtEBRRzP6BbmUYYhigO
+QwvTK9darP1Ev7miF5BkRnrzWqCQHNTlDB3i/RzIfIDChQbSZtrpZH/V/quPuPlO
+1353Q6D221UiChhw0+8GmIszbLwBkDq+Zr7/poUBAqHmTaA3LeiahACM55ATbg1+
+FKf0nvUL0SaEBAqFxSdQ1mnW83VCMlCE7Luh49BDl4/nufCdF+iv3cYRW2SDHPrU
+HELYYLz+b4QLl+XO2SgUYEkU9s1Z+eCKcVUXGzz6vZUsA8UwvYIy8b/1cz4Y5sZ4
+MLpEXnQRMwAjArh4fvmosAG+diC18H2asLWpUS5HBBrSb8lAqKPLl+n72SlZkFjE
+WP+qq3koz3EyJsjwH2qbpx5BLhTPcEVHl3DZ1eOQmCXcpSm/cqKp2MKQFubCC4rr
+nphTD8uYKCP3mJXB8vqIIO9ho7+GVlCHJdZGu+3bw1L89O6ZG6WClbY56eGz2xUn
+DBmikb9sppeYSs0eX+yQ9kjQRf/BGnRab2dSTGtDT7jp6cL+zWUUOawLHWS72XtN
+3XYSEvvAWPygwbBuAuw17pwPPmTXduRiJosR1lRk28FGsMwzbj4byXm77IO3vD80
+cyrAQ/bmSpvlmYEHvmRn9N7QT7SFANY4a03aBK2iuqZQUz/zeo3eyrJudBXIiwUz
+/ZRteBa6SQagqDsmfeuGCjgTFGVnutCokh9lajm9BZ1pZtCmHEDd7yz4Odx5CmxG
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cfb.pem
new file mode 100644
index 0000000..00cbae5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CFB,58F8574921C585278A50F7A2EA529595
+
+RQtPMTKDNttPq1R+DiwHrEK33FOfxK1Cst5x1jrDhXe5MObLhqbz4Ft2idjtG/vC
+pemznnZqQYKsuJl/Th6Ydsthkg7HH1pYLRstc/tWQTESa0RseHDtdw3e/Wxhm6DH
+pSqymOfRq8R7PQKPxboj9fjxeooWlA+RQxGdyRJ6gki6PljOD29C2hxZV4HuL2II
+tUn/cdzaGu6bCvpFDvDuFja3TRtIrHSbCq01uZg6XrFui7BuwJxxR5lERsauJ6RX
++lAvhwXqN4nsEQefvZc/GeTFzklsoJ+c3HJy7pN15nyfwNzmmH5EK7C4CdBJQymv
+MRwe9hY/LGXB5IFEgXvop9bh2qYk9tb/zb8aAHcLS9rwFsGOo+5+Yib3ds4GC5fx
+ILKH234g+hkhutao530kmWXFf7qup8lvTlBZueAWcIFdmBCsWjm8ejxQUZaPCqEY
+sZ1UMDw1HPX7/4TXdVNZWrxHisv0VWnhwJNflEcI/k/GR0/qUgkHnUPycWTtg0W2
+7ivs7D0EkIJy2OyFj5swWs+eqhsSDmd0BgGL0VduLB0voi1eU908Af3PllsTwf4D
+UaLFvOkllIbul+YweImT9TinmkWIFMZuNDR/PHjpbLN/39YkvSub6oS4LOgKEu1Y
+Xr779QOZHMcIP+PXoaxqOWls9hgI6M3PAH+gAjwF77OWIQIh8JZCibR6HWYcr/qo
+iFTzJGNN7P06s3IOek+YoHG1c0GoPsNungPOzthNnaAUcRyvZ1Yg8cy/nhrA8Eeo
+A4G/I241jr/Ex5jooykpeotV1/AMIF7qxFeTARQgObRi/fiR0r9rjaSMbOt4PlRv
+Ln0ZBqedtkkRBPRGO0VViSbUAUOq0oSb98FWqPFpcFl8tXRyqe9m/W2zACczZplz
+OySvRuASdKYpGk4DmMlQtS8wjzMYTesBx68OiZfw9W2nkH+Xapc4cH8hyb3+aXXb
+b53nbp59+mx4UwPOcrdzVHdKhDT3BjYrJTv9kHAY8yA4Nr08ZsO5tOeI7vF+bUKx
+kWu4AIEccB030iu87/xHXUEOBzsV6HzzT1TrZ5GKSh43vhRwoasYON2xlO6RuKCD
+Yv6GbcPd4lv2mv4lAaDXk5IThABHUL8yhqfwru4L43av5AwdslRKIvBM7UWrlXFe
+A/Hipy6jjcusGiOyH7WfWBFV2/f6NtX6lGuna03F/yMZcHI/HEK5RyhqOYOmcxfw
+A1eGKSqOnq9IJ6vXnF8PuRYKB9i8Ha0z5JmWkh/dX5dhTzwH6wOz4+bLgkgXBdhY
+jptSs5zsvrxGiLCbENPTjArsBbT5NISh+VTrrUtmA5BLPWx6d4NNJ5eBXTnpOIJr
+rxA0halZtFYKj0mp1ZgnVylHC45QDiwzDnhXra83RVrcgQjcX4npjKOaYZRQ5cKR
+2F1QdvoLvE9YqhjH0QFQWMWfvmLHGIDIDkSB6EyFsgzWdv6kIaiYsmdir5FzE8c5
+SvHvu28j1X4OL62AquOFKMXQVns1/jLp0KERx1EhrQChHUxpA/cbqNJbhjHoRQK6
+0zXWP9gNlyrSIKY4egyQmjcTDvNXVcSDu2o7EfnprNCYirFgsAbw5A==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ecb.pem
new file mode 100644
index 0000000..106704e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-ECB,A3A4C4B92548B906A635B84B3D67591E
+
+E4I7KvCs0qknDw8D9ISQev5oQCNiHskfB/SvuKJ/qJoJP52qk+ajN9pNMp+011R+
+MRaMlK7tANTrQ0L/Yc6QNUZW2aHyiex0aoC4ien4ojgvqHfaP12dMxFhOoLctN+N
+zrAPSuQg2OEBiWxEoDqpgA7FTUbxPiJ3QdtwwOXS5kqAKIEIoNnCPCL+45uKBrP8
+encSI+nrZIXLFqGEukKZuFH9qzdF2leOKSmEW1kmwxMOfQLMVQMJyVzd19cCxU/1
+FZtPRRIzFlx4PlNYLKDpypSUavgo5V/o3UHk6vbP/Wd+Wy1ERwNliV7CTCCpOrBH
+qJezvhkbktiHQQ7+5zU0jsTzTlZcxATdm2ktyfEa5GKrCNfrmUYNwNSi8DC2Dn1x
+4z9r6OfKV3dKcSkgmFS3ZI97ZhrnMqpvo0h1kg8tuiboI9pPWp8OsLIvw5+jz707
+GLsl6hI0EX61YFc7bqeetnObgiaJMJxQJXHi0U+Z01GjZ+qgGb6USmQ1D8r34nuj
+4l88VYW4jBhxa/IFpzUoxIioKG58xQT+OK2Fi7BF/OJLQpj+3RA3YLqry0D+AOT+
+f+nDJepwrQ/CZtoQl53ssct+mDY0D1IU6u7ah9WdIuuptV7+WxutFfDpXsmErKcZ
+eILXaH5zK9iNVnVNQDmnVacjQt0x0Rm28wrjI5N7M8jGWKWi9PMLElx3BTo9EbON
+pJ6x6xshjmdCR3gOLo86CZGkoUM1eNGhJuihrl6HelcZxeFnuiNYnLb5hIaqDd1v
+NpFUQBRC6Q3jz85zIvVsiN2vIyak2OGDRs7r5dqb1x9QVz5tMjxuKe3t+rfX1FN1
+vCusACQQzOl6NdTgmm5Of+pMniOL/kRF78e7zva8vM1Qf31/z8wtq3gemt+pZstW
+WV/kRhIvY/p2Nm41TtltlctThbYquFTEy8gxhB/Cot2k7Z494+8UBVIn7SjsdDpU
+X+N24itXM9/sd1LHrXBSbBT5PzSBJFC5MS4Nt6qpvSKIRbyWINjUoTvbbUwoCo6g
+soYBPJR9KeAcQ8YdBOEXtFScq7c5ZPOGCj/+3p++Pk7yMmlxNPvs6HLjdHchjAYz
+jycK/uWYNLOwKS/AMxwi4R3i45pPgIRuwGdRyi17Z8kOKATdyQwScbPOShW9/066
+OA0rEORx3C9gMoKa9QYo3O9YLjA7NS1ERSY9c3X9anSgR7eSs+DLRwFiB3EHoCba
+ULqd3n7qBKgkQpVF60p34yKb3K8o5s0cIE7oAm3VdoI/O/RSs87rDmUbpuYzAA24
+mXRwBvPpwEhke5PoPeFIYmcWa4wUZOJWuF78U/tZw047vcLKgr60Z1s+DlQJvFXI
+tXkV3qS45f9UDaWQ15YNev9fq+x/1JDO1LjQ9AHANBjRQSzE9K6YpyIw/SZlbo1O
+xuFrE077EL3hrRNh00O2rtcrK53mAOKMX9D5xifIcN4/uD9AdwU24YvC44gij47m
+hSg5wz0RokMNGLKTXaJxJGs4+ZK8JWQs/Kf/V9j6j/i4iDWuy5Ra7+/dIU/Qy1ZW
+cc8Uo2ji4i2z+QyzbpbR/jBqO++lcV2byEVDy8Xp/0X2G9mY0ymIbm7ATTlzE2/b
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ofb.pem
new file mode 100644
index 0000000..88dd91a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes192_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-OFB,9797077D8AC3052C37DE4D719CA8FC00
+
+SU3g1XmkcVhlJpQSWXdeHcHI8IQCQBg0oenT/35NKgWnFBlysqwGwl/pwgdDBmm4
+jLsPaE5Vanm4aqWv9DNhItOQokIbIkxF6qKeV3wNSNbTsSaG2LNphwMiLs9rw4G9
+3aFV+0THPLAy3BDTsB3NPuRqlOSVcwVrfaeMXQGhCOPGmsGDeczai1xH7eq1C1no
+KUqNMGdf8g1NuCmQnvswuTF9BCi6rIO0JRqLPTxoz/1emKfHhJFefpSj88zg3ucm
+cz6ZOAlsmWm1MQrktXd+odzpmjHtd1vNsgr4GSYUeVxxWQX4o8pVFqWqiQXii+HS
+ubtMARXAuFIGoM1RCMN8o7sJG00RbG7zNxfhHqe4wSkKgx3qEuusUDewXkDeYhHJ
+HGQCD1epByGHCZkLwBntccOqbCQoSNB0/PcFU6vJrtgVFl8N4VsNMRuLj2ZJ7uuL
+/EZ3qkLTk/Ek68++m2dtAdyj2KF1O4z2SFROSh7MCqWl2rYh4zZcBtGEfmQe5Pwz
++kPycc76ayzHO8Bjg6rl/16Ua5Wx7d6vy4Hg7JYb5eDmj2UGJ8p/z83KBdQnb1ku
+84ZjpYgmtjZ1vY8Z5iZqfZro9JBjWM4wFZIKNXcBniC7kBV9fRC5nzpjs6qWTPRb
+bd7PLMuyRZz9PO6cRuhqYlP5tYSGYYVhAMVutIqSrQVRDV8AnmblfPiOtT5lHC48
+GR/xPTIFxxVqsDmeyBzyXn9gzAJKgjTVCXNksXojM/ZMfDDvAF6m/Ntz/izp2CbI
+f2lcHgsm7SwVn2fvHikAugA9B6ixMCXygO0L5OEUDJW1e1fB7FMasjrwRorDsxsj
+JUNDW0KhUXWt/U8lNyfRm3oNUjQQU3x1iEymjQZV10ZO9DTn28fZOF70moUWnl0y
+ffELY1vLtLNP7Y5tcGNtJARSGnMUW99P7OKpLNXkhL8zE3DGEL1N+gDS1n81kzTH
+7hPjM6yR6gJQVsQrQmXrEpIlHQeGA99LYchzyVog14qMhvQItDlCsr5UIPwVwhMP
+LTA2LITZOYieRAqrv3vn+yFHYG4k9/C/xHwKHE/4pDw8bLn1o8thGv5ZW4yDsHGx
+n6F6vqJrkPW6vXkmwcgO5jK8JBbEpyzAPc6aSsibH3JF0ufsfs2hQ4bwb96OmU6v
+mukMLjQoi3BJC70Op1bpe7wtCELJw1oFvbZDoXLYsa3c06HK1M4rmzJQTIEBjqxd
+vs3g4L4CQ4RHAzlkjLrCF+wcBHt33586bDrt03qBEA7GSyAUu1NSM3UKjjM0OydG
+u8echgFIz6XetqDICHdN0r3ZWyICM/FgnVQhs39fCgafVJsy9C4p5jByUuDPvebP
++gvvVqkb+DGwfkKT3RUFAcYiNHdtIob3kmp8OJKTFk/nwdUwqUTEu3VFCmWog9ps
+oe/0KOL7j1Kn1xEFkOt5MdSFCcpbsYjQNi7F1gWAr1vMXDDPsSizsniGSvXZIYBt
+Pk5AH4MflqbHFofWClhGczSLi0FRiVPqWyudoU7LOesQhhN74Dn5IzkeAGtDL8r6
+4vC+G61PZdFXhLXQfOEL99hgJ2mjQP4rVqwdz143YE4/CUHmpq6d8g==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cbc.pem
new file mode 100644
index 0000000..7b03203
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,1876F5A50C9046D504D47B2BF8951875
+
+BAPOppBjFxMrMU+NI00PbmXXutKdPAiP+If8JqX5xGQDB9bSt5Q9R2QkaMx8Z94f
+trVbp82iERyPYnwcnA1Av+pcZhKi/mYFgDBPP+dDLp8qKRFAWil0zc0U2jkfo0U7
+v8cpO5+oipkJ9RtjaTg3/XmrwCUFZH4KA6G+SUFc4Oxj8/dzQ5YUDtJ5iyArRlnr
+v4nsvP4OvsI5UFYwp/T97ks0KSmo6YLMpJwUBwcleX2vOhX8fd3thk9I+EbVVt/f
++JztCTwr4EsLxWe4XVmit9AKfLU0AhmcA20j2YXE1VFvRJdyr+gOGPD2SDoRgiZH
+rRBhfi7cou3QmZ5d43jFYoYCBc98blEV07umH0DXMTL8XSrfWNIjZf8uQR3+ZbHt
+W60jVdhOCEb40KoRTHQAMBQdgVVkrbXCFyc9NeVzzhPqyKXElGxLBjRB9u0h15DV
+WCJUdc9UGuHzFpVFzpEaehdm/7vl+SZXUzAOgAQDtL+ATsvZglyMx5y2UA+5L1eZ
+grA6e3tQFdBcv8w+WgYW37oAY2VkHKjoHs1TnR8z1t+OpVovnpcklawybh9Avv5J
+kXyZGc+lbbb2gvUw33VeYR8yIE4zBoePuhTFM3K4NfkBbKavBBXMjQlsdRzlt48r
+RqdFnpYc1XB4ZLP2VparhG+Q1UueVML8uBcd5F6X/0u9n78LfIITwRUpVoaLXRzs
+94Us0pbzWFDxqxtqKPZHLAVJOYvEOwZD5Haw/bwho73EHEx38MY7mk9T5PonsBko
+7Op6aEmKK1qfpJ1aPvy74UmIlVDHu5WEMkYx7nQL67gnFXHY0yKjmP6dc2y3+nfR
+qNK95RTaS9VbACRS+re+P9+Z3aAsQGvj3MA+4Q+qlscUmb8uk+M7tg9ADk0VSe1u
+Ts2x7UZroI61c+WzgsQzMAwm2QLPoKQcvv2b+iGD82enAtleTTHL9rkoS+KmNNU6
+hWL+AJ7HP9s/5+FJ7/4CD84pcLECXQ+f185vvE42TfdZmoq6NgSKrGVZPLxYnyjO
+qa2sTRzImZrXPtsnFEL9OBflWA+ZHaAGo4HJNxZW4Z90HJlAZN3isSZnE3jPToKP
+YFdHsPv5m/KpNa5luh4L3K41QWzLmPlRR0aygWM7/0fYkgxI8PnBeCp4OjoK6qHx
+VYTWMKJQTLyji3YwMr4CufFAVty3InUZzm+ALMFHqEORB6JqPTR9mtnR145FHtxE
+1z0LnEoDFEdGuLjtC57yR+lYS/vgMbtj4EqQ2zK93JaXvI2HxxOiZCZEDww262Bx
+QZo0vBoAd5vkMKmz5eAMpRVkguF1wN1RPvao7I2auJIHp/3zoaUowpZgtbmDHZFA
+Kddfc927GQRxtUH3QQVe1R6FFAa7JBHNeJsBvZu3bj3l/7BATzcne5OPhjZ/t8Sl
+hMqEBZuo0svrEc0w+e8dpbPEjuj8UwBmHYZWlALby5N+YJ1NEtLYmyHe2PFNXwK0
+2fo45CCSyl7YJrHD1ONJ0M804ML4nMwmYq6fOAaV9ufQBFqQQj/hyyE93blB8f2E
+I8LMN/SUKN06YU0nErN0PRdm7CkrS+kutn/Pz2H4oSbUZ67z4Ee1tpnVQjoDYdQU
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cfb.pem
new file mode 100644
index 0000000..a616b68
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CFB,37639E4753C0E4CD43EEDEEA18AA66D7
+
+HKuYoKfUqTRf4sW12EzTuIFK5J1FkeJAD+ajYnKeKYneNiDbmDlQv0kIk12qBv6l
+LA0oBH62QKjUDKi/sg8NAO5CqYkN2ZB0gQurTgGT/jrvMkkkkwE0x1n69bGNScCN
+mkqMnAnjQqbo1xERzwqX5OWNTTb4iDLiPyjiUlQDONl14pe4x6zGpVziCVCQh8Q6
+rAPDryZBg/wQtPXNhNpk8MiTiSwe03wq10QP6W5TmUIKp3kD4OVfBxpW1N4znyIu
+unJDVcRdBf6XA+aL7plAsETL6F9Tx3Mxm5GaeaJcSOWWzKMvqYhAcEYwM01lx0w8
+LMMRUogny67ZqaLywXZWH6FCJGCnJK5oaJE+jlnKZ6xhbwAxMyxWRCZC9pF22ocI
+3IY602+shDOWZQDoihhddwPJejh+o3mVFEglco3YEByL7Cy6GvqxhctEEH7uKvlQ
+gXGb7srmOpeHHfP76N9afF2hn0mqyToakdZqgnlgT2jm4UDHJ1vQ+onIksV56I07
+tVMEmPhXQCIHhfKdzEgI/v8CiLL3W/g8r+20/5qyKCL5vPBLAxmRudYKbGkhm5pq
+GkzaSp1cKe4ipUfVc5OEUikOMCuadal0TUQZ+h658aBCxLWHNPdZCzNdY/bZLN9z
+XPhAzml/H6VOZyIxb9hm+FNESvqNKdlU2NaE7HW0ILKaDif7gsZhvogP4qNDp2P9
+xPANQh9UxpA16AUTUNOqk78t9aQVpbjZfAeGmcw6AxJ77uK649JgkEnKqcuxcDSi
+zn/8NGeaKow/bTW6jJJj7b4cMys32uxRjeeeClC0moQiy28OIJpRRCRJIs7Muka+
+dMBoNyftBnCONH+oqj+F5au3QPMwKH4v/4VpO3hcByXcqxegH+BPEZzzYJ1OnI3u
+dh9VlpTdC/CD+Gn3ZRqYbguSaqow1ZF+nlpD0xcs0IQjNEe2BVR7CULUFVXIgF44
+pTv96/LvbG1J9b0VuBr+iIp30FG9azd2xyn4O3lW2xk1uzvo/Wf1vDGvT6AYyXNG
+DQS1dGtIm3+sy975sNTlba5gWgh0YNHjeiQq19I6ZzLFhkvLKfh7zpx+R53YcqSY
+lXj62N0u2s4KUygqg14oiIUoEnNr+n7Pq0es/gYs34mY/KvlqA8Prax91BaoqqLW
+qHN5bEv90KdKaJlvdWsCUjA3wReeaQa+U737GMXaON9/oOJ02bWC8/OIzUPgfGRH
+v/8YL7kMnTd+Col0f+XxnebWSfJsAzT7mjfly+An9EjccTeiOon8submd+L8WySK
+lVvWzBD3l4HKjQkr/3/YtmpuymVZyeTzngVuSdw+iXWPmOOuXHyjyD2Htn5iNWch
+Zlw37a5sHhiFtpNZtOnhpmDbX9sgt68KJMB/E9Mh3JuWCaKZZ3Cv/22KA4KQRlNB
+FSvDDKJBrM1m599A6GPJisR+iC7g7asJQ8hI1OqaY69v8nP0Fo+Qk8+Ac1L/n/Vm
+RjksignkKjvqgWENNn5Bf9A9+zZrLLu9wJJLae7wIiw4UgsNob68sGjWdLyg+tab
+QTxd15H5VUIuD6pkeAI2qC+0sSw9V6LKm6pmEIIbp188CzApcsGBXA==
+-----END RSA PRIVATE KEY-----
[13/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpEventType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpEventType.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpEventType.java
new file mode 100644
index 0000000..c8f07b2
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpEventType.java
@@ -0,0 +1,10 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.event.EventType;
+
+public enum UdpEventType implements EventType {
+ ADDRESS_BIND,
+ ADDRESS_CONNECT,
+ CHANNEL_WRITABLE,
+ CHANNEL_READABLE
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransport.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransport.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransport.java
new file mode 100644
index 0000000..78007a4
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransport.java
@@ -0,0 +1,46 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.buffer.TransBuffer;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+
+public class UdpTransport extends Transport {
+ private DatagramChannel channel;
+
+ protected TransBuffer recvBuffer;
+
+ public UdpTransport(DatagramChannel channel,
+ InetSocketAddress remoteAddress) {
+ super(remoteAddress);
+ this.channel = channel;
+ this.recvBuffer = new TransBuffer();
+ }
+
+ protected void onRecvData(ByteBuffer data) {
+ if (data != null) {
+ recvBuffer.write(data);
+ dispatcher.dispatch(TransportEvent.createReadableTransportEvent(this));
+ }
+ }
+
+ @Override
+ public void onReadable() throws IOException {
+ super.onReadable();
+
+ if (! recvBuffer.isEmpty()) {
+ ByteBuffer message = recvBuffer.read();
+ dispatcher.dispatch(MessageEvent.createInboundMessageEvent(this, message));
+ }
+ }
+
+ @Override
+ protected void sendOutMessage(ByteBuffer message) throws IOException {
+ channel.send(message, getRemoteAddress());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransportHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransportHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransportHandler.java
new file mode 100644
index 0000000..1c296ab
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpTransportHandler.java
@@ -0,0 +1,90 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.TransportHandler;
+import org.apache.haox.transport.event.TransportEvent;
+import org.apache.haox.transport.event.TransportEventType;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.SelectionKey;
+import java.util.HashMap;
+import java.util.Map;
+
+public class UdpTransportHandler extends TransportHandler {
+
+ protected Map<InetSocketAddress, UdpTransport> transports =
+ new HashMap<InetSocketAddress, UdpTransport>();
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] {
+ UdpEventType.CHANNEL_READABLE,
+ TransportEventType.TRANSPORT_WRITABLE,
+ TransportEventType.TRANSPORT_READABLE,
+ TransportEventType.NEW_TRANSPORT
+ };
+ }
+
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ EventType eventType = event.getEventType();
+ if (eventType == UdpEventType.CHANNEL_READABLE) {
+ UdpChannelEvent ce = (UdpChannelEvent) event;
+ DatagramChannel channel = ce.getChannel();
+ doRead(channel);
+ } else if (eventType == TransportEventType.TRANSPORT_READABLE) {
+ TransportEvent te = (TransportEvent) event;
+ Transport transport = te.getTransport();
+ transport.onReadable();
+ } else if (eventType == TransportEventType.TRANSPORT_WRITABLE) {
+ TransportEvent te = (TransportEvent) event;
+ Transport transport = te.getTransport();
+ transport.onWriteable();
+ } else if (eventType == TransportEventType.NEW_TRANSPORT) {
+ TransportEvent te = (TransportEvent) event;
+ Transport transport = te.getTransport();
+ if (transport instanceof UdpTransport) {
+ InetSocketAddress remoteAddress = transport.getRemoteAddress();
+ if (! transports.containsKey(remoteAddress)) {
+ transports.put(remoteAddress, (UdpTransport) transport);
+ }
+ }
+ }
+ }
+
+ private void doRead(DatagramChannel channel) throws IOException {
+ ByteBuffer recvBuffer = ByteBuffer.allocate(65536); // to optimize
+ InetSocketAddress fromAddress = (InetSocketAddress) channel.receive(recvBuffer);
+ if (fromAddress != null) {
+ recvBuffer.flip();
+ UdpTransport transport = transports.get(fromAddress);
+ if (transport == null) {
+ // should be from acceptor
+ transport = new UdpTransport(channel, fromAddress);
+ transport.setDispatcher(getDispatcher());
+ dispatch(TransportEvent.createNewTransportEvent(transport));
+ }
+ transport.onRecvData(recvBuffer);
+ }
+ }
+
+ @Override
+ public void helpHandleSelectionKey(SelectionKey selectionKey) throws IOException {
+ DatagramChannel channel =
+ (DatagramChannel) selectionKey.channel();
+
+ if (selectionKey.isReadable()) {
+ dispatch(UdpChannelEvent.makeReadableChannelEvent(channel));
+ } else if (selectionKey.isWritable()) {
+ dispatch(UdpChannelEvent.makeWritableChannelEvent(channel));
+ }
+ // Udp channel is always writable, so not usable
+ selectionKey.interestOps(SelectionKey.OP_READ);
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/TestBuffer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/TestBuffer.java b/contrib/haox-event/src/test/java/org/apache/haox/event/TestBuffer.java
new file mode 100644
index 0000000..545b810
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/TestBuffer.java
@@ -0,0 +1,31 @@
+package org.apache.haox.event;
+
+import org.apache.haox.transport.buffer.RecvBuffer;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.nio.ByteBuffer;
+
+public class TestBuffer {
+
+ @Test
+ public void testRecvBuffer() {
+ String testString = "HELLO WORLD";
+ ByteBuffer testMessage = ByteBuffer.wrap(testString.getBytes());
+ ByteBuffer tmp;
+
+ RecvBuffer testBuffer = new RecvBuffer();
+ testBuffer.write(testMessage);
+ tmp = testBuffer.readMostBytes();
+ Assert.assertArrayEquals(testString.getBytes(), tmp.array());
+
+ int nTimes = 10;
+ testBuffer.clear();
+ for (int i = 0; i < nTimes; ++i) {
+ testBuffer.write(ByteBuffer.wrap(testString.getBytes()));
+ }
+ int expectedBytes = nTimes * testMessage.limit();
+ tmp = testBuffer.readMostBytes();
+ Assert.assertEquals(expectedBytes, tmp.limit());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkBase.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkBase.java b/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkBase.java
new file mode 100644
index 0000000..458e5ca
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkBase.java
@@ -0,0 +1,39 @@
+package org.apache.haox.event.network;
+
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.tcp.DecodingCallback;
+import org.apache.haox.transport.tcp.StreamingDecoder;
+
+import java.nio.ByteBuffer;
+
+public class TestNetworkBase {
+ protected String serverHost = "127.0.0.1";
+ protected short tcpPort = 8183;
+ protected short udpPort = 8184;
+ protected String TEST_MESSAGE = "Hello world!";
+ protected String clientRecvedMessage;
+
+ protected enum TestEventType implements EventType {
+ FINISHED
+ }
+
+ protected String recvBuffer2String(ByteBuffer buffer) {
+ byte[] bytes = new byte[buffer.remaining()];
+ buffer.get(bytes);
+ return new String(bytes);
+ }
+
+ protected StreamingDecoder createStreamingDecoder() {
+ return new StreamingDecoder() {
+ @Override
+ public void decode(ByteBuffer streamingBuffer, DecodingCallback callback) {
+ int expectedMessageLength = TEST_MESSAGE.getBytes().length;
+ if (streamingBuffer.remaining() >= expectedMessageLength) {
+ callback.onMessageComplete(expectedMessageLength);
+ } else {
+ callback.onMoreDataNeeded(expectedMessageLength);
+ }
+ }
+ };
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkClient.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkClient.java b/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkClient.java
new file mode 100644
index 0000000..af6817a
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkClient.java
@@ -0,0 +1,193 @@
+package org.apache.haox.event.network;
+
+import junit.framework.Assert;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventHandler;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.event.EventWaiter;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.Network;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.DatagramSocket;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.nio.ByteBuffer;
+import java.nio.channels.*;
+import java.util.Iterator;
+import java.util.Set;
+
+public class TestNetworkClient extends TestNetworkBase {
+
+ private EventHub eventHub;
+ private EventWaiter eventWaiter;
+
+ @Before
+ public void setUp() throws IOException {
+ setUpServer();
+ setUpClient();
+ }
+
+ private void setUpServer() {
+ new Thread(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ doRunTcpServer();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }).start();
+
+ new Thread(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ doRunUdpServer();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }).start();
+ }
+
+ private void doRunTcpServer() throws IOException {
+ ServerSocketChannel serverSocketChannel;
+ Selector selector = Selector.open();
+ serverSocketChannel = ServerSocketChannel .open();
+ serverSocketChannel.configureBlocking(false);
+ ServerSocket serverSocket = serverSocketChannel.socket();
+ serverSocket.bind(new InetSocketAddress(tcpPort));
+ serverSocketChannel.register(selector, SelectionKey.OP_ACCEPT);
+
+ SocketChannel socketChannel;
+ while (true) {
+ if (selector.selectNow() > 0) {
+ Set<SelectionKey> selectionKeys = selector.selectedKeys();
+ Iterator<SelectionKey> iterator = selectionKeys.iterator();
+ while (iterator.hasNext()) {
+ SelectionKey selectionKey = iterator.next();
+ iterator.remove();
+
+ if (selectionKey.isAcceptable()) {
+ while ((socketChannel = serverSocketChannel.accept()) != null) {
+ socketChannel.configureBlocking(false);
+ socketChannel.socket().setTcpNoDelay(true);
+ socketChannel.socket().setKeepAlive(true);
+ socketChannel.register(selector, SelectionKey.OP_READ | SelectionKey.OP_WRITE, socketChannel);
+ //selectionKey.attach(socketChannel);
+ }
+ } else if (selectionKey.isReadable()) {
+ ByteBuffer recvBuffer = ByteBuffer.allocate(65536);
+ socketChannel = (SocketChannel) selectionKey.attachment();
+ if (socketChannel.read(recvBuffer) > 0) {
+ recvBuffer.flip();
+ socketChannel.write(recvBuffer);
+ }
+ }
+ }
+
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
+ private void doRunUdpServer() throws IOException {
+ DatagramChannel serverSocketChannel;
+ Selector selector = Selector.open();
+ serverSocketChannel = DatagramChannel.open();
+ serverSocketChannel.configureBlocking(false);
+ DatagramSocket serverSocket = serverSocketChannel.socket();
+ serverSocket.bind(new InetSocketAddress(udpPort));
+ serverSocketChannel.register(selector, SelectionKey.OP_READ);
+
+ while (true) {
+ if (selector.selectNow() > 0) {
+ Set<SelectionKey> selectionKeys = selector.selectedKeys();
+ Iterator<SelectionKey> iterator = selectionKeys.iterator();
+ while (iterator.hasNext()) {
+ SelectionKey selectionKey = iterator.next();
+ iterator.remove();
+ if (selectionKey.isReadable()) {
+ ByteBuffer recvBuffer = ByteBuffer.allocate(65536);
+ InetSocketAddress fromAddress = (InetSocketAddress) serverSocketChannel.receive(recvBuffer);
+ if (fromAddress != null) {
+ recvBuffer.flip();
+ serverSocketChannel.send(recvBuffer, fromAddress);
+ }
+ }
+ }
+
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
+ private void setUpClient() throws IOException {
+ eventHub = new EventHub();
+
+ EventHandler messageHandler = new MessageHandler() {
+ @Override
+ protected void handleMessage(MessageEvent event) {
+ if (event.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ ByteBuffer buffer = event.getMessage();
+ if (buffer != null) {
+ clientRecvedMessage = recvBuffer2String(buffer);
+ System.out.println("Recved clientRecvedMessage: " + clientRecvedMessage);
+ Boolean result = TEST_MESSAGE.equals(clientRecvedMessage);
+ dispatch(new Event(TestEventType.FINISHED, result));
+ }
+ }
+ }
+ };
+ eventHub.register(messageHandler);
+
+ Network network = new Network();
+ network.setStreamingDecoder(createStreamingDecoder());
+ eventHub.register(network);
+
+ eventWaiter = eventHub.waitEvent(
+ TestEventType.FINISHED,
+ TransportEventType.NEW_TRANSPORT);
+
+ eventHub.start();
+ network.tcpConnect(serverHost, tcpPort);
+ network.udpConnect(serverHost, udpPort);
+ }
+
+ @Test
+ public void testNetworkClient() {
+ Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
+ Transport transport = ((TransportEvent) event).getTransport();
+ transport.sendMessage(ByteBuffer.wrap(TEST_MESSAGE.getBytes()));
+ event = eventWaiter.waitEvent(TestEventType.FINISHED);
+ Assert.assertTrue((Boolean) event.getEventData());
+
+ event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
+ transport = ((TransportEvent) event).getTransport();
+ transport.sendMessage(ByteBuffer.wrap(TEST_MESSAGE.getBytes()));
+ event = eventWaiter.waitEvent(TestEventType.FINISHED);
+ Assert.assertTrue((Boolean) event.getEventData());
+ }
+
+ @After
+ public void cleanup() {
+ eventHub.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkServer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkServer.java b/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkServer.java
new file mode 100644
index 0000000..a35e85d
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/network/TestNetworkServer.java
@@ -0,0 +1,91 @@
+package org.apache.haox.event.network;
+
+import junit.framework.Assert;
+import org.apache.haox.event.EventHandler;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.Network;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.SocketChannel;
+
+public class TestNetworkServer extends TestNetworkBase {
+
+ private EventHub eventHub;
+
+ @Before
+ public void setUp() throws IOException {
+ setUpServer();
+ }
+
+ private void setUpServer() throws IOException {
+ eventHub = new EventHub();
+
+ EventHandler messageHandler = new MessageHandler() {
+ @Override
+ protected void handleMessage(MessageEvent msgEvent) {
+ if (msgEvent.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ msgEvent.getTransport().sendMessage(msgEvent.getMessage());
+ }
+ }
+ };
+ eventHub.register(messageHandler);
+
+ Network network = new Network();
+ network.setStreamingDecoder(createStreamingDecoder());
+ eventHub.register(network);
+
+ eventHub.start();
+ network.tcpListen(serverHost, tcpPort);
+ network.udpListen(serverHost, udpPort);
+ }
+
+ @Test
+ public void testNetworkServer() throws IOException, InterruptedException {
+ testTcpTransport();
+ testUdpTransport();
+ }
+
+ private void testTcpTransport() throws IOException, InterruptedException {
+ Thread.sleep(10);
+
+ SocketChannel socketChannel = SocketChannel.open();
+ socketChannel.configureBlocking(true);
+ SocketAddress sa = new InetSocketAddress(serverHost, tcpPort);
+ socketChannel.connect(sa);
+ socketChannel.write(ByteBuffer.wrap(TEST_MESSAGE.getBytes()));
+ ByteBuffer byteBuffer = ByteBuffer.allocate(65536);
+ socketChannel.read(byteBuffer);
+ byteBuffer.flip();
+ clientRecvedMessage = recvBuffer2String(byteBuffer);
+ Assert.assertEquals(TEST_MESSAGE, clientRecvedMessage);
+ }
+
+ private void testUdpTransport() throws IOException, InterruptedException {
+ Thread.sleep(10);
+
+ DatagramChannel socketChannel = DatagramChannel.open();
+ socketChannel.configureBlocking(true);
+ SocketAddress sa = new InetSocketAddress(serverHost, udpPort);
+ socketChannel.send(ByteBuffer.wrap(TEST_MESSAGE.getBytes()), sa);
+ ByteBuffer byteBuffer = ByteBuffer.allocate(65536);
+ socketChannel.receive(byteBuffer);
+ byteBuffer.flip();
+ clientRecvedMessage = recvBuffer2String(byteBuffer);
+ Assert.assertEquals(TEST_MESSAGE, clientRecvedMessage);
+ }
+
+ @After
+ public void cleanup() {
+ eventHub.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpBase.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpBase.java b/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpBase.java
new file mode 100644
index 0000000..d9b5bcd
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpBase.java
@@ -0,0 +1,38 @@
+package org.apache.haox.event.tcp;
+
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.tcp.DecodingCallback;
+import org.apache.haox.transport.tcp.StreamingDecoder;
+
+import java.nio.ByteBuffer;
+
+public class TestTcpBase {
+ protected String serverHost = "127.0.0.1";
+ protected short serverPort = 8181;
+ protected String TEST_MESSAGE = "Hello world!";
+ protected String clientRecvedMessage;
+
+ protected enum TestEventType implements EventType {
+ FINISHED
+ }
+
+ protected String recvBuffer2String(ByteBuffer buffer) {
+ byte[] bytes = new byte[buffer.remaining()];
+ buffer.get(bytes);
+ return new String(bytes);
+ }
+
+ protected StreamingDecoder createStreamingDecoder() {
+ return new StreamingDecoder() {
+ @Override
+ public void decode(ByteBuffer streamingBuffer, DecodingCallback callback) {
+ int expectedMessageLength = TEST_MESSAGE.getBytes().length;
+ if (streamingBuffer.remaining() >= expectedMessageLength) {
+ callback.onMessageComplete(expectedMessageLength);
+ } else {
+ callback.onMoreDataNeeded(expectedMessageLength);
+ }
+ }
+ };
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpClient.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpClient.java b/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpClient.java
new file mode 100644
index 0000000..041b4b0
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpClient.java
@@ -0,0 +1,141 @@
+package org.apache.haox.event.tcp;
+
+import junit.framework.Assert;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventHandler;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.event.EventWaiter;
+import org.apache.haox.transport.Connector;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.apache.haox.transport.tcp.TcpConnector;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.nio.ByteBuffer;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.nio.channels.ServerSocketChannel;
+import java.nio.channels.SocketChannel;
+import java.util.Iterator;
+import java.util.Set;
+
+public class TestTcpClient extends TestTcpBase {
+
+ private EventHub eventHub;
+ private EventWaiter eventWaiter;
+
+ @Before
+ public void setUp() throws IOException {
+ setUpServer();
+ setUpClient();
+ }
+
+ private void setUpServer() {
+ new Thread(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ doRunServer();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }).start();
+ }
+
+ private void doRunServer() throws IOException {
+ ServerSocketChannel serverSocketChannel;
+ Selector selector = Selector.open();
+ serverSocketChannel = ServerSocketChannel .open();
+ serverSocketChannel.configureBlocking(false);
+ ServerSocket serverSocket = serverSocketChannel.socket();
+ serverSocket.bind(new InetSocketAddress(serverPort));
+ serverSocketChannel.register(selector, SelectionKey.OP_ACCEPT);
+
+ SocketChannel socketChannel;
+ while (true) {
+ if (selector.selectNow() > 0) {
+ Set<SelectionKey> selectionKeys = selector.selectedKeys();
+ Iterator<SelectionKey> iterator = selectionKeys.iterator();
+ while (iterator.hasNext()) {
+ SelectionKey selectionKey = iterator.next();
+ iterator.remove();
+
+ if (selectionKey.isAcceptable()) {
+ while ((socketChannel = serverSocketChannel.accept()) != null) {
+ socketChannel.configureBlocking(false);
+ socketChannel.socket().setTcpNoDelay(true);
+ socketChannel.socket().setKeepAlive(true);
+ socketChannel.register(selector, SelectionKey.OP_READ | SelectionKey.OP_WRITE, socketChannel);
+ //selectionKey.attach(socketChannel);
+ }
+ } else if (selectionKey.isReadable()) {
+ ByteBuffer recvBuffer = ByteBuffer.allocate(65536);
+ socketChannel = (SocketChannel) selectionKey.attachment();
+ if (socketChannel.read(recvBuffer) > 0) {
+ recvBuffer.flip();
+ socketChannel.write(recvBuffer);
+ }
+ }
+ }
+
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
+ private void setUpClient() throws IOException {
+ eventHub = new EventHub();
+
+ EventHandler messageHandler = new MessageHandler() {
+ @Override
+ protected void handleMessage(MessageEvent event) {
+ if (event.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ ByteBuffer buffer = event.getMessage();
+ clientRecvedMessage = recvBuffer2String(buffer);
+ System.out.println("Recved clientRecvedMessage: " + clientRecvedMessage);
+ Boolean result = TEST_MESSAGE.equals(clientRecvedMessage);
+ dispatch(new Event(TestEventType.FINISHED, result));
+ }
+ }
+ };
+ eventHub.register(messageHandler);
+
+ Connector connector = new TcpConnector(createStreamingDecoder());
+ eventHub.register(connector);
+
+ eventWaiter = eventHub.waitEvent(
+ TestEventType.FINISHED,
+ TransportEventType.NEW_TRANSPORT);
+
+ eventHub.start();
+ connector.connect(serverHost, serverPort);
+ }
+
+ @Test
+ public void testTcpTransport() {
+ Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
+ Transport transport = ((TransportEvent) event).getTransport();
+ transport.sendMessage(ByteBuffer.wrap(TEST_MESSAGE.getBytes()));
+
+ event = eventWaiter.waitEvent(TestEventType.FINISHED);
+ Assert.assertTrue((Boolean) event.getEventData());
+ }
+
+ @After
+ public void cleanup() {
+ eventHub.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpServer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpServer.java b/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpServer.java
new file mode 100644
index 0000000..65bb95a
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/tcp/TestTcpServer.java
@@ -0,0 +1,71 @@
+package org.apache.haox.event.tcp;
+
+import junit.framework.Assert;
+import org.apache.haox.event.EventHandler;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.transport.Acceptor;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.apache.haox.transport.tcp.TcpAcceptor;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.SocketChannel;
+
+public class TestTcpServer extends TestTcpBase {
+
+ private EventHub eventHub;
+
+ @Before
+ public void setUp() throws IOException {
+ setUpServer();
+ }
+
+ private void setUpServer() throws IOException {
+ eventHub = new EventHub();
+
+ EventHandler messageHandler = new MessageHandler() {
+ @Override
+ protected void handleMessage(MessageEvent msgEvent) {
+ if (msgEvent.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ msgEvent.getTransport().sendMessage(msgEvent.getMessage());
+ }
+ }
+ };
+ eventHub.register(messageHandler);
+
+ Acceptor acceptor = new TcpAcceptor(createStreamingDecoder());
+ eventHub.register(acceptor);
+
+ eventHub.start();
+ acceptor.listen(serverHost, serverPort);
+ }
+
+ @Test
+ public void testTcpTransport() throws IOException, InterruptedException {
+ Thread.sleep(15);
+
+ SocketChannel socketChannel = SocketChannel.open();
+ socketChannel.configureBlocking(true);
+ SocketAddress sa = new InetSocketAddress(serverHost, serverPort);
+ socketChannel.connect(sa);
+ socketChannel.write(ByteBuffer.wrap(TEST_MESSAGE.getBytes()));
+ ByteBuffer byteBuffer = ByteBuffer.allocate(65536);
+ socketChannel.read(byteBuffer);
+ byteBuffer.flip();
+ clientRecvedMessage = recvBuffer2String(byteBuffer);
+
+ Assert.assertEquals(TEST_MESSAGE, clientRecvedMessage);
+ }
+
+ @After
+ public void cleanup() {
+ eventHub.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpBase.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpBase.java b/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpBase.java
new file mode 100644
index 0000000..6c95dff
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpBase.java
@@ -0,0 +1,22 @@
+package org.apache.haox.event.udp;
+
+import org.apache.haox.event.EventType;
+
+import java.nio.ByteBuffer;
+
+public class TestUdpBase {
+ protected String serverHost = "127.0.0.1";
+ protected short serverPort = 8181;
+ protected String TEST_MESSAGE = "Hello world!";
+ protected String clientRecvedMessage;
+
+ protected enum TestEventType implements EventType {
+ FINISHED
+ }
+
+ protected String recvBuffer2String(ByteBuffer buffer) {
+ byte[] bytes = new byte[buffer.remaining()];
+ buffer.get(bytes);
+ return new String(bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpClient.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpClient.java b/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpClient.java
new file mode 100644
index 0000000..a10e9c2
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpClient.java
@@ -0,0 +1,130 @@
+package org.apache.haox.event.udp;
+
+import junit.framework.Assert;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventHandler;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.event.EventWaiter;
+import org.apache.haox.transport.Connector;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.udp.UdpConnector;
+import org.apache.haox.transport.event.TransportEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.DatagramSocket;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.util.Iterator;
+import java.util.Set;
+
+public class TestUdpClient extends TestUdpBase {
+
+ private EventHub eventHub;
+ private EventWaiter eventWaiter;
+
+ @Before
+ public void setUp() throws IOException {
+ setUpServer();
+ setUpClient();
+ }
+
+ private void setUpServer() {
+ new Thread(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ doRunServer();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }).start();
+ }
+
+ private void doRunServer() throws IOException {
+ DatagramChannel serverSocketChannel;
+ Selector selector = Selector.open();
+ serverSocketChannel = DatagramChannel.open();
+ serverSocketChannel.configureBlocking(false);
+ DatagramSocket serverSocket = serverSocketChannel.socket();
+ serverSocket.bind(new InetSocketAddress(serverPort));
+ serverSocketChannel.register(selector, SelectionKey.OP_READ);
+
+ while (true) {
+ if (selector.selectNow() > 0) {
+ Set<SelectionKey> selectionKeys = selector.selectedKeys();
+ Iterator<SelectionKey> iterator = selectionKeys.iterator();
+ while (iterator.hasNext()) {
+ SelectionKey selectionKey = iterator.next();
+ iterator.remove();
+ if (selectionKey.isReadable()) {
+ ByteBuffer recvBuffer = ByteBuffer.allocate(65536);
+ InetSocketAddress fromAddress = (InetSocketAddress) serverSocketChannel.receive(recvBuffer);
+ if (fromAddress != null) {
+ recvBuffer.flip();
+ serverSocketChannel.send(recvBuffer, fromAddress);
+ }
+ }
+ }
+
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
+ private void setUpClient() throws IOException {
+ eventHub = new EventHub();
+
+ EventHandler messageHandler = new MessageHandler() {
+ @Override
+ protected void handleMessage(MessageEvent msgEvent) {
+ if (msgEvent.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ ByteBuffer buffer = msgEvent.getMessage();
+ clientRecvedMessage = recvBuffer2String(buffer);
+ System.out.println("Recved clientRecvedMessage: " + clientRecvedMessage);
+ Boolean result = TEST_MESSAGE.equals(clientRecvedMessage);
+ dispatch(new Event(TestEventType.FINISHED, result));
+ }
+ }
+ };
+ eventHub.register(messageHandler);
+
+ Connector connector = new UdpConnector();
+ eventHub.register(connector);
+
+ eventWaiter = eventHub.waitEvent(
+ TestEventType.FINISHED,
+ TransportEventType.NEW_TRANSPORT);
+
+ eventHub.start();
+ connector.connect(serverHost, serverPort);
+ }
+
+ @Test
+ public void testUdpTransport() {
+ Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
+ Transport transport = ((TransportEvent) event).getTransport();
+ transport.sendMessage(ByteBuffer.wrap(TEST_MESSAGE.getBytes()));
+
+ event = eventWaiter.waitEvent(TestEventType.FINISHED);
+ Assert.assertTrue((Boolean) event.getEventData());
+ }
+
+ @After
+ public void cleanup() {
+ eventHub.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpServer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpServer.java b/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpServer.java
new file mode 100644
index 0000000..0ce61ce
--- /dev/null
+++ b/contrib/haox-event/src/test/java/org/apache/haox/event/udp/TestUdpServer.java
@@ -0,0 +1,70 @@
+package org.apache.haox.event.udp;
+
+import junit.framework.Assert;
+import org.apache.haox.event.EventHandler;
+import org.apache.haox.event.EventHub;
+import org.apache.haox.transport.Acceptor;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEventType;
+import org.apache.haox.transport.udp.UdpAcceptor;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.DatagramChannel;
+
+public class TestUdpServer extends TestUdpBase {
+
+ private EventHub eventHub;
+
+ @Before
+ public void setUp() throws IOException {
+ setUpServer();
+ }
+
+ private void setUpServer() throws IOException {
+ eventHub = new EventHub();
+
+ EventHandler messageHandler = new MessageHandler() {
+ @Override
+ protected void handleMessage(MessageEvent msgEvent) {
+ if (msgEvent.getEventType() == TransportEventType.INBOUND_MESSAGE) {
+ msgEvent.getTransport().sendMessage(msgEvent.getMessage());
+ }
+ }
+ };
+ eventHub.register(messageHandler);
+
+ Acceptor acceptor = new UdpAcceptor();
+ eventHub.register(acceptor);
+
+ eventHub.start();
+ acceptor.listen(serverHost, serverPort);
+ }
+
+ @Test
+ public void testUdpTransport() throws IOException, InterruptedException {
+ Thread.sleep(10);
+
+ DatagramChannel socketChannel = DatagramChannel.open();
+ socketChannel.configureBlocking(true);
+ SocketAddress sa = new InetSocketAddress(serverHost, serverPort);
+ socketChannel.send(ByteBuffer.wrap(TEST_MESSAGE.getBytes()), sa);
+ ByteBuffer byteBuffer = ByteBuffer.allocate(65536);
+ socketChannel.receive(byteBuffer);
+ byteBuffer.flip();
+ clientRecvedMessage = recvBuffer2String(byteBuffer);
+
+ Assert.assertEquals(TEST_MESSAGE, clientRecvedMessage);
+ }
+
+ @After
+ public void cleanup() {
+ eventHub.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/pom.xml
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/pom.xml b/contrib/haox-pkix/pom.xml
new file mode 100644
index 0000000..aa87e2c
--- /dev/null
+++ b/contrib/haox-pkix/pom.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>contrib</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>haox-pkix</artifactId>
+
+ <name>Haox PKIX</name>
+ <description>Haox PKIX utilities</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>not-yet-commons-ssl</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/java/org/haox/pki/Pkix.java
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/java/org/haox/pki/Pkix.java b/contrib/haox-pkix/src/main/java/org/haox/pki/Pkix.java
new file mode 100644
index 0000000..147b7a2
--- /dev/null
+++ b/contrib/haox-pkix/src/main/java/org/haox/pki/Pkix.java
@@ -0,0 +1,68 @@
+package org.haox.pki;
+
+import org.apache.commons.ssl.PKCS8Key;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+public class Pkix {
+
+ public static List<Certificate> getCerts(String certFile) throws IOException, CertificateException {
+ InputStream is = new FileInputStream(new File(certFile));
+ return getCerts(is);
+ }
+
+ public static List<Certificate> getCerts(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ Collection<? extends Certificate> certs =
+ (Collection<? extends Certificate>) certFactory.generateCertificates(inputStream);
+
+ return new ArrayList<Certificate>(certs);
+ }
+
+ public static PrivateKey getPrivateKey(String keyFile, String password) throws IOException, GeneralSecurityException {
+ InputStream in = new FileInputStream("/path/to/pkcs8_private_key.der");
+ return getPrivateKey(in, password);
+ }
+
+ public static PrivateKey getPrivateKey(InputStream inputStream, String password) throws GeneralSecurityException, IOException {
+ if (password == null) password = "";
+ // If the provided InputStream is encrypted, we need a password to decrypt
+ // it. If the InputStream is not encrypted, then the password is ignored
+ // (can be null). The InputStream can be DER (raw ASN.1) or PEM (base64).
+ PKCS8Key pkcs8 = new PKCS8Key(inputStream, password.toCharArray());
+
+ // If an unencrypted PKCS8 key was provided, then this actually returns
+ // exactly what was originally passed inputStream (with no changes). If an OpenSSL
+ // key was provided, it gets reformatted as PKCS #8 first, and so these
+ // bytes will still be PKCS #8, not OpenSSL.
+ byte[] decrypted = pkcs8.getDecryptedBytes();
+ PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decrypted);
+
+ // A Java PrivateKey object is born.
+ PrivateKey pk = null;
+ if (pkcs8.isDSA()) {
+ pk = KeyFactory.getInstance("DSA").generatePrivate(spec);
+ }
+ else if (pkcs8.isRSA()) {
+ pk = KeyFactory.getInstance("RSA").generatePrivate(spec);
+ }
+
+ // For lazier types:
+ pk = pkcs8.getPrivateKey();
+
+ return pk;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/cacert.pem
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/cacert.pem b/contrib/haox-pkix/src/main/resources/cacert.pem
new file mode 100644
index 0000000..6b91561
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/cacert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgIJAMrZoeDxTzwWMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzEzMjdaFw0yNDA1MTAxMzEzMjdaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMCznJJ02ZUjCPvAwnBmfPs0akb5QRc/NKu8kCtAPWzgHS2JPTQfJhkDbTAD
+eIlg8IeJpOdrYnzdaBCzgxqjSkls+vxjYotOU0Zbrpy2bj0lRDqdYbNsiuConKgT
+MeuDEd/4ZI0X9NWLAi06Iv1F4mHXf36c6uqiUWTtXiofogrFUoTRwACKR2qeC95X
+Py+FDmpS9lz0mo0vDWjetLQC2IBngjjPFdR16n87QDIWfRBkk66rn7rEA6Li66b/
+cToajMSA/n+2Ud1mntSY4RdDdd0TBtAq9RrXtUOfzGaE7S6t+FtYyEprvT4FdOTU
+uyYgSNaI9ANVP1zhQ9LACKuudOECAwEAAaNQME4wHQYDVR0OBBYEFD91SVOejfwx
+u33+5N0TdYbHJbgAMB8GA1UdIwQYMBaAFD91SVOejfwxu33+5N0TdYbHJbgAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADsONtUqGNBPBXnRowcJwv+Y
+F1Vea+4dkBwYbhkiO6H5XMKr+waOnOD2eAvgP4aeYg/a0xOzzETRD9wi1Z1P1ZMy
+d/NzHQjj4egPENwDv1PH2voZgsXXzXIqUMOtz9t12TuJUrSA2SBW1tz/evckHhNY
+fHg4ThvTIgwEdV/yvrOEBLV9dXG5IhhF+NW1MegTGkt4SpOoH1pi3o9VekVRnix9
+xrIdaC4Ee6vQaR603HwDS9Y+a1c2KU7QoLX8Vaa904cQ+rxhGsTAkocnZXeo6Hl5
+V8BlDYXxeP86fzcWi04ll2BmEEw/RimHEOLpGqxTVHJ5p5BVSCHP8aCD0VJheaU=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/cakey.pem b/contrib/haox-pkix/src/main/resources/cakey.pem
new file mode 100644
index 0000000..66dc806
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
+NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
+s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
+AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
+usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
+Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
+Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
+IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
+Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
+zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
+0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
+tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
+GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
+L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
+pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
+YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
+/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
+XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
+VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
+ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
+XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
+IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
+OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
+oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
+5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/extensions.kdc b/contrib/haox-pkix/src/main/resources/extensions.kdc
new file mode 100644
index 0000000..e0d1578
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/extensions.kdc
@@ -0,0 +1,20 @@
+[kdc_cert]
+basicConstraints=CA:FALSE
+keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=1.3.6.1.5.2.3.5
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm=EXP:0,GeneralString:${ENV::REALM}
+principal_name=EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type=EXP:0,INTEGER:1
+name_string=EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1=GeneralString:krbtgt
+princ2=GeneralString:${ENV::REALM}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/kdccert.pem b/contrib/haox-pkix/src/main/resources/kdccert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/kdccert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/kdckey.pem b/contrib/haox-pkix/src/main/resources/kdckey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/kdckey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/usercert.pem
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/usercert.pem b/contrib/haox-pkix/src/main/resources/usercert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/usercert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/main/resources/userkey.pem
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/main/resources/userkey.pem b/contrib/haox-pkix/src/main/resources/userkey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/contrib/haox-pkix/src/main/resources/userkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-pkix/src/test/java/org/haox/pki/PkixTest.java
----------------------------------------------------------------------
diff --git a/contrib/haox-pkix/src/test/java/org/haox/pki/PkixTest.java b/contrib/haox-pkix/src/test/java/org/haox/pki/PkixTest.java
new file mode 100644
index 0000000..3c4bff5
--- /dev/null
+++ b/contrib/haox-pkix/src/test/java/org/haox/pki/PkixTest.java
@@ -0,0 +1,41 @@
+package org.haox.pki;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.List;
+
+/**
+ openssl genrsa -out cakey.pem 2048
+ openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
+ vi extensions.kdc
+ openssl genrsa -out kdckey.pem 2048
+ openssl req -new -out kdc.req -key kdckey.pem
+ env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
+ -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
+ */
+public class PkixTest {
+
+ @Test
+ public void loadCert() throws CertificateException, IOException {
+ InputStream res = getClass().getResourceAsStream("/usercert.pem");
+ List<Certificate> certs = Pkix.getCerts(res);
+ Certificate userCert = certs.iterator().next();
+
+ Assert.assertNotNull(userCert);
+ }
+
+ @Test
+ public void loadKey() throws GeneralSecurityException, IOException {
+ InputStream res = getClass().getResourceAsStream("/userkey.pem");
+ PrivateKey key = Pkix.getPrivateKey(res, null);
+
+ Assert.assertNotNull(key);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-token/pom.xml
----------------------------------------------------------------------
diff --git a/contrib/haox-token/pom.xml b/contrib/haox-token/pom.xml
new file mode 100644
index 0000000..587b148
--- /dev/null
+++ b/contrib/haox-token/pom.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>contrib</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>haox-token</artifactId>
+ <name>Haox-token Project</name>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <dependencies>
+ <dependency>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>3.2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-token/src/main/java/org/haox/token/AuthzDataEntry.java
----------------------------------------------------------------------
diff --git a/contrib/haox-token/src/main/java/org/haox/token/AuthzDataEntry.java b/contrib/haox-token/src/main/java/org/haox/token/AuthzDataEntry.java
new file mode 100644
index 0000000..46421e4
--- /dev/null
+++ b/contrib/haox-token/src/main/java/org/haox/token/AuthzDataEntry.java
@@ -0,0 +1,33 @@
+package org.haox.token;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.haox.asn1.type.Asn1SequenceType;
+
+/**
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ */
+public class AuthzDataEntry extends Asn1SequenceType {
+ static int AD_TYPE = 0;
+ static int AD_DATA = 1;
+
+ public AuthzDataEntry() {
+ super(new Asn1FieldInfo[] {
+ new Asn1FieldInfo(AD_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(AD_DATA, Asn1OctetString.class)
+ });
+ }
+
+ public int getAuthzType() {
+ Integer value = getFieldAsInteger(AD_TYPE);
+ return value;
+ }
+
+ public byte[] getAuthzData() {
+ return getFieldAsOctets(AD_DATA);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-token/src/main/java/org/haox/token/KerbToken.java
----------------------------------------------------------------------
diff --git a/contrib/haox-token/src/main/java/org/haox/token/KerbToken.java b/contrib/haox-token/src/main/java/org/haox/token/KerbToken.java
new file mode 100644
index 0000000..8c68ac0
--- /dev/null
+++ b/contrib/haox-token/src/main/java/org/haox/token/KerbToken.java
@@ -0,0 +1,28 @@
+package org.haox.token;
+
+import java.util.Map;
+
+public class KerbToken {
+
+ private Map<String, Object> attributes;
+
+ public KerbToken(Map<String, Object> attributes) {
+ this.attributes = attributes;
+ }
+
+ public Map<String, Object> getAttributes() {
+ return attributes;
+ }
+
+ public String getPrincipal() {
+ return (String) attributes.get("sub");
+ }
+
+ public String[] getGroups() {
+ String grp = (String) attributes.get("group");
+ if (grp != null) {
+ return new String[] { grp };
+ }
+ return new String[0];
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-token/src/main/java/org/haox/token/TokenCache.java
----------------------------------------------------------------------
diff --git a/contrib/haox-token/src/main/java/org/haox/token/TokenCache.java b/contrib/haox-token/src/main/java/org/haox/token/TokenCache.java
new file mode 100644
index 0000000..0811319
--- /dev/null
+++ b/contrib/haox-token/src/main/java/org/haox/token/TokenCache.java
@@ -0,0 +1,63 @@
+package org.haox.token;
+
+import java.io.*;
+
+public class TokenCache {
+ private static final String DEFAULT_TOKEN_CACHE_PATH = ".tokenauth";
+ private static final String TOKEN_CACHE_FILE = ".tokenauth.token";
+
+ public static String readToken(String tokenCacheFile) {
+ File cacheFile = null;
+
+ if (tokenCacheFile != null && ! tokenCacheFile.isEmpty()) {
+ cacheFile = new File(tokenCacheFile);
+ if (!cacheFile.exists()) {
+ throw new RuntimeException("Invalid token cache specified: " + tokenCacheFile);
+ };
+ } else {
+ cacheFile = getDefaultTokenCache();
+ if (!cacheFile.exists()) {
+ throw new RuntimeException("No token cache available by default");
+ };
+ }
+
+ String token = null;
+ try {
+ BufferedReader reader = new BufferedReader(new FileReader(cacheFile));
+ String line = reader.readLine();
+ reader.close();
+ if (line != null) {
+ token = line;
+ }
+ } catch (IOException ex) {
+ //NOP
+ }
+
+ return token;
+ }
+
+ public static void writeToken(String token) {
+ File cacheFile = getDefaultTokenCache();
+
+ try {
+ Writer writer = new FileWriter(cacheFile);
+ writer.write(token.toString());
+ writer.close();
+ // sets read-write permissions to owner only
+ cacheFile.setReadable(false, false);
+ cacheFile.setReadable(true, true);
+ cacheFile.setWritable(true, true);
+ }
+ catch (IOException ioe) {
+ // if case of any error we just delete the cache, if user-only
+ // write permissions are not properly set a security exception
+ // is thrown and the file will be deleted.
+ cacheFile.delete();
+ }
+ }
+
+ public static File getDefaultTokenCache() {
+ String homeDir = System.getProperty("user.home", DEFAULT_TOKEN_CACHE_PATH);
+ return new File(homeDir, TOKEN_CACHE_FILE);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-token/src/main/java/org/haox/token/TokenExtractor.java
----------------------------------------------------------------------
diff --git a/contrib/haox-token/src/main/java/org/haox/token/TokenExtractor.java b/contrib/haox-token/src/main/java/org/haox/token/TokenExtractor.java
new file mode 100644
index 0000000..4e7e951
--- /dev/null
+++ b/contrib/haox-token/src/main/java/org/haox/token/TokenExtractor.java
@@ -0,0 +1,82 @@
+package org.haox.token;
+
+import com.sun.security.jgss.AuthorizationDataEntry;
+import com.sun.security.jgss.ExtendedGSSContext;
+import com.sun.security.jgss.InquireType;
+import org.apache.haox.asn1.type.Asn1SequenceOf;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+
+import java.io.IOException;
+import java.util.List;
+
+public class TokenExtractor {
+ static final int JWT_AUTHZ_DATA_TYPE = 81;
+ public static final int AD_IF_RELEVANT_TYPE = 1;
+
+ /**
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ */
+ public static class AuthorizationData extends Asn1SequenceOf<AuthzDataEntry> {
+
+ }
+
+ public static KerbToken checkAuthzData(GSSContext context) throws GSSException, IOException {
+ System.out.println("Looking for token from authorization data in GSSContext");
+
+ Object authzData = null;
+ if (context instanceof ExtendedGSSContext) {
+ ExtendedGSSContext ex = (ExtendedGSSContext)context;
+ authzData = ex.inquireSecContext(
+ InquireType.KRB5_GET_AUTHZ_DATA);
+ }
+
+ if (authzData != null) {
+ AuthorizationDataEntry[] authzEntries = (AuthorizationDataEntry[]) authzData;
+ KerbToken resultToken = null;
+ for (int i = 0; i < authzEntries.length; ++i) {
+ resultToken = getAuthzToken(authzEntries[i]);
+ if (resultToken != null) {
+ return resultToken;
+ }
+ }
+ }
+ return null;
+ }
+
+ public static KerbToken getAuthzToken(AuthorizationDataEntry authzDataEntry) throws IOException {
+ if (authzDataEntry.getType() == AD_IF_RELEVANT_TYPE) {
+ String token = getToken(authzDataEntry);
+ if (token == null) {
+ return null;
+ }
+
+ try {
+ return TokenTool.fromJwtToken(token);
+ } catch (Exception e) {
+ // noop when not jwt token
+ }
+ }
+
+ return null;
+ }
+
+ public static String getToken(AuthorizationDataEntry authzDataEntry) throws IOException {
+ List<AuthzDataEntry> entries = decode(authzDataEntry);
+ for (AuthzDataEntry entry : entries) {
+ if (entry.getAuthzType() == JWT_AUTHZ_DATA_TYPE) {
+ return new String(entry.getAuthzData());
+ }
+ }
+ return null;
+ }
+
+ public static List<AuthzDataEntry> decode(AuthorizationDataEntry authzDataEntry) throws IOException {
+ AuthorizationData authzData = new AuthorizationData();
+ authzData.decode(authzDataEntry.getData());
+ return authzData.getElements();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-token/src/main/java/org/haox/token/TokenTool.java
----------------------------------------------------------------------
diff --git a/contrib/haox-token/src/main/java/org/haox/token/TokenTool.java b/contrib/haox-token/src/main/java/org/haox/token/TokenTool.java
new file mode 100644
index 0000000..24aa314
--- /dev/null
+++ b/contrib/haox-token/src/main/java/org/haox/token/TokenTool.java
@@ -0,0 +1,105 @@
+package org.haox.token;
+
+import com.nimbusds.jose.PlainHeader;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.PlainJWT;
+
+import java.text.ParseException;
+import java.util.*;
+
+public class TokenTool {
+
+ public static JWT issueToken(String principal, String group, String role) {
+ // must have for kerb-token
+ String krbPrincipal = principal + "@SH.INTEL.COM";
+
+ PlainHeader header = new PlainHeader();
+ //header.setCustomParameter("krbPrincipal", krbPrincipal);
+
+ JWTClaimsSet jwtClaims = new JWTClaimsSet();
+
+ String iss = "token-service";
+ jwtClaims.setIssuer(iss);
+
+ String sub = principal;
+ jwtClaims.setSubject(sub);
+
+ // must have for kerb-token
+ jwtClaims.setSubject(krbPrincipal);
+
+ jwtClaims.setClaim("group", group);
+ if (role != null) {
+ jwtClaims.setClaim("role", role);
+ }
+
+ List<String> aud = new ArrayList<String>();
+ aud.add("krb5kdc-with-token-extension");
+ jwtClaims.setAudience(aud);
+
+ // Set expiration in 60 minutes
+ final Date NOW = new Date(new Date().getTime() / 1000 * 1000);
+ Date exp = new Date(NOW.getTime() + 1000 * 60 * 60);
+ jwtClaims.setExpirationTime(exp);
+
+ Date nbf = NOW;
+ jwtClaims.setNotBeforeTime(nbf);
+
+ Date iat = NOW;
+ jwtClaims.setIssueTime(iat);
+
+ String jti = UUID.randomUUID().toString();
+ jwtClaims.setJWTID(jti);
+
+ PlainJWT jwt = new PlainJWT(header, jwtClaims);
+ return jwt;
+ }
+
+ public static JWT decodeToken(String token) throws ParseException {
+ PlainJWT jwt = PlainJWT.parse(token);
+
+ return jwt;
+ }
+
+ public static KerbToken fromJwtToken(String token) throws ParseException {
+ Map<String, Object> attrs = decodeAndExtractTokenAttributes(token);
+ return new KerbToken(attrs);
+ }
+
+ public static Map<String, Object> decodeAndExtractTokenAttributes(String token) throws ParseException {
+ PlainJWT jwt = PlainJWT.parse(token);
+
+ Map<String, Object> attrs = new HashMap<String, Object>();
+ attrs.putAll(jwt.getJWTClaimsSet().getAllClaims());
+ //attrs.putAll(jwt.getHeader().getCustomParameters());
+
+ return attrs;
+ }
+
+ public static void main(String[] args) throws ParseException {
+ String principal, group, role = null;
+
+ if (args.length != 2 && args.length != 3) {
+ System.out.println("This is a simple token issuing tool just for kerb-token PoC usage\n");
+ System.out.println("tokeninit <username> <group> [role]\n");
+ System.exit(1);
+ }
+ principal = args[0];
+ group = args[1];
+ if (args.length > 2) {
+ role = args[2];
+ }
+
+ JWT jwt = issueToken(principal, group, role);
+ String token = jwt.serialize();
+
+ TokenCache.writeToken(token);
+ System.out.println("Issued token: " + token);
+
+ /*
+ JWT jwt2 = decodeToken(token);
+ String krbPrincipal = (String) jwt2.getHeader().getCustomParameter("krbPrincipal");
+ System.out.println("Decoded token with krbprincipal: " + krbPrincipal);
+ */
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/pom.xml
----------------------------------------------------------------------
diff --git a/contrib/pom.xml b/contrib/pom.xml
new file mode 100644
index 0000000..39bac1b
--- /dev/null
+++ b/contrib/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-all</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>contrib</artifactId>
+ <name>Contrib Projects</name>
+ <description>Contrib Projects</description>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>haox-config</module>
+ <module>haox-event</module>
+ <module>haox-asn1</module>
+ <module>haox-pkix</module>
+ <module>haox-token</module>
+ </modules>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/docs/Accesstoken-profile.pdf
----------------------------------------------------------------------
diff --git a/docs/Accesstoken-profile.pdf b/docs/Accesstoken-profile.pdf
new file mode 100644
index 0000000..c571b6e
Binary files /dev/null and b/docs/Accesstoken-profile.pdf differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/docs/Token-preauth.pdf
----------------------------------------------------------------------
diff --git a/docs/Token-preauth.pdf b/docs/Token-preauth.pdf
new file mode 100644
index 0000000..8b69e5a
Binary files /dev/null and b/docs/Token-preauth.pdf differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/README
----------------------------------------------------------------------
diff --git a/haox-kdc/README b/haox-kdc/README
new file mode 100644
index 0000000..583763c
--- /dev/null
+++ b/haox-kdc/README
@@ -0,0 +1,5 @@
+A KDC implementation that integrates PKI and OAuth Token with an LDAP backend.
+The KDC server can be standalone.
+The LDAP backend can be standalone or embedded.
+Various tools like kinit, kadmin will be provided or
+at least, existing tools can be supported.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/kdc-server/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kdc/kdc-server/pom.xml b/haox-kdc/kdc-server/pom.xml
new file mode 100644
index 0000000..4fbcdbf
--- /dev/null
+++ b/haox-kdc/kdc-server/pom.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kdc</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kdc-server</artifactId>
+
+ <name>Haox KDC Server</name>
+ <description>Haox-kdc Server</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-server</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>ldap-identity-backend</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-token</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/kdc-server/src/main/java/org/apache/kerberos/kdc/server/ApacheKdcServer.java
----------------------------------------------------------------------
diff --git a/haox-kdc/kdc-server/src/main/java/org/apache/kerberos/kdc/server/ApacheKdcServer.java b/haox-kdc/kdc-server/src/main/java/org/apache/kerberos/kdc/server/ApacheKdcServer.java
new file mode 100644
index 0000000..3ee272f
--- /dev/null
+++ b/haox-kdc/kdc-server/src/main/java/org/apache/kerberos/kdc/server/ApacheKdcServer.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kdc.server;
+
+import org.apache.kerberos.kdc.identitybackend.LdapIdentityBackend;
+import org.apache.kerberos.kerb.identity.IdentityService;
+import org.apache.kerberos.kerb.server.KdcServer;
+
+public class ApacheKdcServer extends KdcServer {
+
+ public ApacheKdcServer() {
+ super();
+ }
+
+ public void init() {
+ super.init();
+ initIdentityService();
+ }
+
+ protected void initIdentityService() {
+ IdentityService identityService = new LdapIdentityBackend();
+ setIdentityService(identityService);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/kdc-server/src/test/java/org/apache/kerberos/kdc/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kdc/kdc-server/src/test/java/org/apache/kerberos/kdc/server/KdcTest.java b/haox-kdc/kdc-server/src/test/java/org/apache/kerberos/kdc/server/KdcTest.java
new file mode 100644
index 0000000..0596cf5
--- /dev/null
+++ b/haox-kdc/kdc-server/src/test/java/org/apache/kerberos/kdc/server/KdcTest.java
@@ -0,0 +1,52 @@
+package org.apache.kerberos.kdc.server;
+
+import org.apache.kerberos.kdc.server.ApacheKdcServer;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.SocketChannel;
+
+public class KdcTest {
+
+ private String serverHost = "localhost";
+ private short serverPort = 8088;
+
+ private ApacheKdcServer kdcServer;
+
+ @Before
+ public void setUp() throws Exception {
+ kdcServer = new ApacheKdcServer();
+ kdcServer.setKdcHost(serverHost);
+ kdcServer.setKdcPort(serverPort);
+ kdcServer.init();
+ kdcServer.start();
+ }
+
+ @Test
+ public void testKdc() throws IOException, InterruptedException {
+ Thread.sleep(10);
+
+ SocketChannel socketChannel = SocketChannel.open();
+ socketChannel.configureBlocking(true);
+ SocketAddress sa = new InetSocketAddress(serverHost, serverPort);
+ socketChannel.connect(sa);
+
+ String BAD_KRB_MESSAGE = "Hello World!";
+ ByteBuffer writeBuffer = ByteBuffer.allocate(4 + BAD_KRB_MESSAGE.getBytes().length);
+ writeBuffer.putInt(BAD_KRB_MESSAGE.getBytes().length);
+ writeBuffer.put(BAD_KRB_MESSAGE.getBytes());
+ writeBuffer.flip();
+
+ socketChannel.write(writeBuffer);
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ kdcServer.stop();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/ldap-identity-backend/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kdc/ldap-identity-backend/pom.xml b/haox-kdc/ldap-identity-backend/pom.xml
new file mode 100644
index 0000000..22d0671
--- /dev/null
+++ b/haox-kdc/ldap-identity-backend/pom.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kdc</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>ldap-identity-backend</artifactId>
+
+ <name>Ldap identity backend</name>
+ <description>Ldap identity backend</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-identity</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/ldap-identity-backend/src/main/java/org/apache/kerberos/kdc/identitybackend/LdapIdentityBackend.java
----------------------------------------------------------------------
diff --git a/haox-kdc/ldap-identity-backend/src/main/java/org/apache/kerberos/kdc/identitybackend/LdapIdentityBackend.java b/haox-kdc/ldap-identity-backend/src/main/java/org/apache/kerberos/kdc/identitybackend/LdapIdentityBackend.java
new file mode 100644
index 0000000..8f26e28
--- /dev/null
+++ b/haox-kdc/ldap-identity-backend/src/main/java/org/apache/kerberos/kdc/identitybackend/LdapIdentityBackend.java
@@ -0,0 +1,58 @@
+package org.apache.kerberos.kdc.identitybackend;
+
+import org.apache.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerberos.kerb.identity.backend.AbstractIdentityBackend;
+
+import java.util.List;
+
+public class LdapIdentityBackend extends AbstractIdentityBackend {
+
+
+ public LdapIdentityBackend() {
+ super();
+ }
+
+ /**
+ * Load identities from file
+ */
+ public void load() {
+ // todo
+ }
+
+ /**
+ * Persist the updated identities back
+ */
+ public void save() {
+ // todo
+ }
+
+ @Override
+ public List<KrbIdentity> getIdentities() {
+ return null;
+ }
+
+ @Override
+ public boolean checkIdentity(String name) {
+ return false;
+ }
+
+ @Override
+ public KrbIdentity getIdentity(String name) {
+ return null;
+ }
+
+ @Override
+ public void addIdentity(KrbIdentity identity) {
+
+ }
+
+ @Override
+ public void updateIdentity(KrbIdentity identity) {
+
+ }
+
+ @Override
+ public void deleteIdentity(KrbIdentity identity) {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kdc/pom.xml b/haox-kdc/pom.xml
new file mode 100644
index 0000000..93818b6
--- /dev/null
+++ b/haox-kdc/pom.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-all</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>haox-kdc</artifactId>
+ <name>Haox-kdc Project</name>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>ldap-identity-backend</module>
+ <module>kdc-server</module>
+ <module>tools</module>
+ </modules>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kdc/tools/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kdc/tools/pom.xml b/haox-kdc/tools/pom.xml
new file mode 100644
index 0000000..a51f110
--- /dev/null
+++ b/haox-kdc/tools/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kdc</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>tools</artifactId>
+
+ <name>Tools</name>
+ <description>Haox KDC Tools</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-token</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
[30/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ecb.pem
new file mode 100644
index 0000000..f679d6d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-ECB,C5DF56EE3F83A1F8C1AC805EA73D4D24
+
+ac22chm8+bxXpppAKfsrFJwCY0S4VPnXmFRqlAPZRuqBH9ylFcG+F8TuHdIsLeof
+q6s8yxkXa8y+/3hyqIZeMwN5Ai1Cas4P1iMwEtMUCMeaip5t0nf+yeCyx433hDSW
+dVnsdeuiFCiBUPUXfp6dCGO9kOLUEwu4wM4lIJkJ4QVyauO0/DwObQ6s6xEMFvQH
+GF1AFFTfW39CpZuS1rguG4hTxW6aNxjEaSKHJnzWu+kduMLJEaLUiL5+i/tUw937
+V8DhGdWU//1Q6KKLMr+5w0k9i/FhVxAGJZoZ5j79ToYORGr4jpkDPOvHaCydM6Iv
+JH0epC0wfG8L/dArNGLEftTpVVlvqHMpAlc0Rgvn+LtqstfyWFXqbQ90NBxC5Fs5
+xiGxKFGpkX4stoKIaOvFVw/hoCI/oxs8Eihz8u4QjBsl/3TdYQ6AUyfBGEWImy/y
+hh+QKCVOfzAmVGcffXYf7fvZETVgpo6tynxKVlSRXO9ZuzANJCC8jkUEOjc7jSKl
+jyMKQMNnQxyplgaFxnWIfs/snvlLQW8DlpMPH8xSkHkUgLKMWrSLB9Cisv0N7V5t
+Zl7Xxm3tOteLG73JxJKJkSZ9djlhkPvlvS///mvLQc6jse8EzY8peQMI1pYQu87U
+CvHVDOYn56SFVJmo2koER8FG8a1910NqdCKpNkzjqTl1Qbz7Z2VwghTslM7sUA2L
+AJP6PgdCkiGbi3oU8moPy3Nyg908j/17Bj9VyCXiegMAOxI6Kefim5Nn/sq+2/7Z
+MHIucQX6ka8KjEp9jvf7jvNC5WYxJkKIl+yzwAzqRQ395Lp1sun6jPfngnPQmkXY
+toeOeFvKlxaQu3QgNY7Hq9wwGbK/uo+rLK+Jbnt/75w7x5aGHQF3kf36epr3O/0l
+MyZPPx6sLblYcNQhBV8rnSey1WeO6105h61xTXdKV6To/m+RDZYvt+qs4z5SNQlj
+oKTezoQUh4J4QMg0EPhghyCS+/+cPMdnVnwX6Ds6nD2feX2CpN27xieGEp5ZhioG
+qWi6/59B38kBW2e60eQyL5f53bhWvywBg3HeUsXCD0ujtXBqPMuNnO6FU+/5Ohg5
+BAJ/bXaWiOkobmppBeaViidGv3NytL48ZIuQ1PZsYQajFb/k1SkyLebmeC2NYdO8
+VBWxAz5glgIKP11K9DJMD3n6PVl+ZyvlYZUGXjfUhOxHKVmNDHv2o5Pv8jf3WEhs
+yuWEoRECvfNlkDrmda0MxMhEYjeTysbxeX6fvwD2InzuFKhfzwh49p5LdZLurEm8
+DI8KBIXUx8g3svArJRvbVLyW0deMlXBY7h8Yc/2y7c5qBwfYrYhgazxVBfRqS3lt
+EsO2sa0V0GaGhPh7LUt+n1qDDYmaOfxOdpZoSLm/surciEQIQVNXt264YuFJS+ot
+vHWWVHzS1AZIgizu7NHRVeUmu4XEgT8vRsJYeogyG9o3U27L/lF1L5ysvYQjtvkd
+q5idZxCnY5RctE2wa5gjxPjmgbt1sUN23KOiPyz2cmXGBh/dwqEhIV6j7+WeS4/r
+SFBZBeGRHi8tACblT/6G9UB6FcycyD3hf317Zb3jXZLve17ozwRZRQ8aBkz07+iy
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ofb.pem
new file mode 100644
index 0000000..34ed53b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_aes256_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-OFB,E6AB8D4FECB44185E26505049A97B0D6
+
+Fg8Nq9CxyVZmBNEiN9vBI+gsZL4lvWqCPaR5E+Po7acLxYGos4zIcmLCBa2X8lvM
+UInn087k98OAClm+0PvhZ64/AdDE952UclD/xiNvQCH25HGQy7wk/BxuOM5/FT0S
+rlV6RGMibelHpnv+yploYoHD8CSo77N4RHdEuepPwod2fGTKu5Cbbt1FBGU5LXWJ
+BrDMOlSN8P/rD5ePADhDsYnh86g4cBVHTb3MkrteLa0m1Szt47E6d3s+Ued8Cg5S
+7tiJOTFnXkmG87LsLZ0HDp6yML3g2gpTL/1Zhn9zS9lZc3cnkBfRJmttLBPjVCiB
+mStjlXnuJTDBdgQhJPJ4+2xJiR/ucFbCnUF/VICsl0hdz2Hd0PCOdhzj6U3jbRk4
+uI2sv5TV/E+e/Ppvdh2W8LISSBdIwp9CJf3se8RFz1dUXwTMGM50LKr/dpvy3T4m
+NMO/Cf/LyA7HBFJxjqf++wi5LPDXzROm1QHncvXNUjypNPND3RhP53pMeQ/Ffd04
+dw29zrmbyQKQOOac5Ss9Lj33Q/WzBgw5UxxxMxwRVDyfFpdz6JRfMrnj2c97auLI
+RI3euI9A9yRNxneBKTobS0EjYyqAiU6b5MbNwrybqvavbA/+ZMEg9Ylg7vtBOXpW
+YLLYFYPhWNEambOfNJi4tHcX8znGACxO/W7v3Ir+QFhw2IzSvntcMODKGaNKMGys
+HJ6mqKbmYidjhtKen1qHB5u2bukaGWUj2kjkv7jjuDK3ExsvB2PjEV5d0foPEwW7
+9QQeKc5pY4tOxFVA4qCq1tTzUhWr0mBkPhnFjc7XOLbu0sHYdr6ArZ3SadaNT12w
+LG2yg5r8BgmaUVTTQAzIiHhAQYZoCHAq+ohNocIikIh7lPE58DL2GPpEdXZsgzTi
+T+EUSkSw4VtIMmnWw5GNE3zCOxvx5qzhKiXVcnB+2+IF3nlHkQqFXcYNGhezZjnJ
+4FlR4FPzumRmMj1x0zmdbp7eTFpipUpKqJtC8iuea29pEl8opXDNhvmpmrT4/429
+7x8eJOjZhm8WL1dVpV2/Ikc9boEsYzHcBkY7kuaTqT8I9tdQ08ODo8UE5aReaFuZ
+vlBY4J+A4lltQ7qQ+sAk6gUMvlY8h/9L9gZiGbLe438Ndizskuwy+jAZAEx0f0cK
+YnTsZxBHPkWQXgBHMhe3BAAA+CZaXPps0SjD0yMQs7lkAgag6zBXW2vqttoJLU9R
+f6uP+BLwZCFDF1NtkROLV1oROnaGvMbHWcar2tw5qNe3BAsPQqGk8XnqwILz4IwX
+MN6QrjzbBC2jcL5jsxPZ/Tis9+wfI3t1Ke0EljYqA9RVWuC2KtRK+X3xOK6tWEK+
+QlagHRDI0Z0u0slCLjpB/ev9Ajqwlr0h25T5ucdsLd3FFEKZbzspdfsJuOXPM5la
+Uv9gpYIcuFrKcVbvuBPzt6NX/rp9gozZv7ZOnujjor6RDorHsfbgbEfcerydvJGu
+PRk788TkAB0LOE2wD2J2UO8+Ufp1qK9GWmtr0WFCazqFfeiorTh71iS7pwUt08so
+0BRkqfrfP6pXEcnh4p+LKh+dnbgIBD+KH0qHsyc0ci43byoOSDDHnQ==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cbc.pem
new file mode 100644
index 0000000..e3f6e24
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-CBC,E59962EBB3DD3C74
+
+1FpslA4+P9E8HcUUGpkIMWeZYV2XxCgOiSgCe2NAUiutcRkVAg9nPbzwnsQTbckx
+d5uOE/w53BURpxPkz3nNcike0sr3fa/MzaoRUDo0P4MU5bmAihjnZqhRllqvw4Zt
+BsyxjHVn54RaqZC4RNQUqwIHYZwJmHUi7Zk3+Sw7fivMZBr/AWqa66I2hk20+obB
+y5ubRjtjw6uaciPLIoMZksxoEwi5xv4KnQHAQnaihQ558RPpUwweqHXyOZPEC1Kx
+gNQPrTGc4Zm+CKqR4CceACSYzcYtechZpSQqn61emmtyhowDqXpqqjG2nimNihcI
+hbp5O+O3fKZFkJllB20xuaj0rK1NFF4aLiS3BK6aWeCZ6aXFawSvbQb6vGx+pQmP
+eQemfllRXXkT43CHUmMTaf6gKnz5DaxDBqdVP73dBa6UoWnxTrZcUNKiPUCvB3g1
+ciJePjBnsijb2Bh6jIwr7yghIbS65AYE/0V+5Duw360Fa1OqJkMuz5pKeJIUcYEZ
+3yuI22CZeorkvymKhrt1hUn5xLIKRZkWg7UbXG1WXCrGtPdJ+CxnwupHMdL8iMLi
+1haNeJ3E/PeMjehQRzSEEFwDljn/b1JtoWsEwnQPTPKY3505OWIhYRwRXLEo5n1y
+QEfktZ9UtIsJcIpfi7hMvbpp/7Njlu2MJKZ/1ZtvwVLoaXFTSivqcAkDdP7u5enb
+OJ4EaDWrRXS3Zj31fpYTV5p0fRaejFPevRNnYvMLRiSoFobd5MUrKjxpxPRCLiW7
+24BF9QY7C2Nso9yR7gNkzLw5x/725lGxa2ZD16nJmiECOaEB8ORVlilmjX2OQi66
+hpGVtjHMaoGr5IvBrtc7Q9aM0bdoFZD5I2mOm0hniNHG9es2IMByHWRAQFzOOLGH
+IFoIyW3OIuzK3cz8lMLsh/Hlbzo/3bpX0rbrn1XZULWAJ1oNzRJRi6a3Sw2YoIMh
+656IJB/fGRbG9CMVMl0T7onDUhZYLA/mV+xy2CjkQdPBjFpQUTn5YHu6zMU7gejo
+YSV/4esuUfhogLiqw7sPuCDqLL2UftN29xloQDTY6MlrkFb9jCciAwn02DAmsN4h
+7Utus3Z2N7gJnxt1dRecqr2o/agIINm3tMh0LK3/CydmlthZQNpsxMD7IqaWFfQR
+Uq7zQUfYZi0l2J6iy6FUHUokskqwgiNhMP2Z+uZ1xHUnoP7E0IZMHnVWEKBIQZ0d
+ddDucux1jOBlMwLqom3jYPjPkxoeSU2E0ozVNSOqsPnoKkz2qKnEHhea2sAPg4eX
+lsZ9ENQyQMZVapjic41BU/32pbrE/+JkK2Cc+dcLlrnHo+JpFeTdbleJhZ2JgXHW
+8r04vZHA7tQOc0KNR522Niu7dvOW302lwmfp7D5xfon62/AxVhos1DSZuNpVClm3
+V59lqeCBDm1yJwdM/946Eq45YJiTNTzYsPPFl25KNv+3+GKkhZ20GuLiaqprel3S
+MC5XbMJg4nc0LiAfDT/q1jO/EKZ5LzRRtkVvx1D8To6DAptyFoJSMKyFu79tQdfN
+371+sXEX1VjpEGxO2t/DUmuERIBdc9X7rPNOXSl31QxsXy4s73zcAhI94X8xrqYZ
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cfb.pem
new file mode 100644
index 0000000..b3581da
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-CFB,A6C793D28C38F56A
+
+sjmmZGwl3qF65MFuXEtiTkltbaXuionUsMtzc/XzyPPaIxcdl/03iR5Fix0hTY2Y
+/W9BntQGcycH7uNcoYwOUScTRr2BJncyoDXZaUx/WOQ6cDHuhRWWwpLpmitfsn1B
+SRvLdKddL1GE2nfG2xhCdN4N7pVPUwIahHye1AkaSJ4gur8tU0++mJQTjDo63xKB
+oTh3mZB0OCnelXtoYFKGFXNh5ouAPZgcE84breDJBoGReH6f4elkigtSx/J2QhgN
+vXERboYz/HHhHSRCtMSp0qLEQo+uLcFxZcSMQE12eglOOucht877V5n5RMLFT/3c
+DeZdg6D1b52UzaSjTvLm/jJCdkYqZf4SFuBgLHF/rEALQ1vBqDiKQ7QxuWz5ApPm
+P0ntscETngWuJ2g2M1EoxGehwNiJJEslYE/CB0Aky1XeUmUAUm++Q3QVfUA3G3C7
+pP7whQSr1Y7gL44EmttFCX+dX8GWXuZDXa399wijphVw+6bl0gp/hWRWriTern1D
++/4S78ddrci4slA+/Kkq423wjLNGZtOoy9cXRmFdbQlMfVaeu5U7LmrTQRrgGVM6
+GQjgNanXYhkCNubQ+v2Q6FflAdri8Ac8ZvFXxSIGZ3JG14cm072vOdp0/rCNkzSb
+fmtyzXUGgNgKzfp/GFvIXD04lLfeipzlUhNvDK8AKUNIctrMHZegpbfSm6HD6BiV
+rUFNLvr58WDK0eLeRxg4pFTCf9QXr9Q1v4MWehkn+LOTconhJtRictdlj+G2ymOQ
+LYgSRPPdXVNxlBI6u5WRtMxzZM6G3N8jkEvFfFsyeMtE+R0OsXiIwvGzdksnI/1F
+deQJzav9uMBj4A0bJuMQ3Ls8ydZNFU2RDofSU84bP/g6TzU8MpT7QXQXPD2jKdLp
+JouxtbRw+YY+9p0sk5PFYxti+T17jZN//pqiBrZUzvspwr5sWoa8BbA3bWE2gnXT
+cmx98wREJ3wWRx+t0k44084kD5/cvVH7MsAQ75XxGa0ofVj3crMCL29c+/QaUnhR
+GrdJ0sVJeIthiOQZZ5zBqG+IhJfG/jkKpweA9fkQ5gm+FoasTfDnAdSJjah7WfoO
+C6LKzNBB1FaOHqy4X6LUN5wraEOP+0OI3hKPdOB47yUzPF6FGneGk4BajDHG4RyT
+F2ZnG1aa+FRfakQ6l7ok4j+VPtDlCPY2jnT7muj2F78G69abNOS7ASXg5+PJzso0
+liaWo1d8TDfEazlDQvglDAKpzYw2mSbpJVmmbPSaVZxUARcIIaBqxu6xWepfdN8v
+qZGrOp7vTOuGu8f2YmWKd3+lcNm2CwwGYIPpuTFjtUuF7guKEdTffyj5tpOdo942
+RAy/F3tCy5zfZrI8SkSkx+wfZAnkUnI3xQNdKKVLCXcpBtQWht2UGO1G9W84OmFy
+eg21zeITIwPJZfUif9WHihdINSlfm0CiS+gDRzXukS4HgniPfS3NPo6HAepc2Gzr
+QUGF/ENern3v85DCEE/AebRaQN7liM+6Z55UZ4GOT3Tj64+Nth7MNQXqBYEmCS8P
+ndWvlalOs+vlj2Rl13IcSUOK8OOr6S7jeZhoutej1b4lbw8RwYBXGg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ecb.pem
new file mode 100644
index 0000000..bc3353e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-ECB,1E15270A7DD42BA2
+
+zz3p7Ml80hSdlJsI5RyvOScQlsGC1GLg3AK0dC/Hh0IKPTDF7a2OITL6H/y/3txz
+LJ6jAcobjRfVMWGAJUwFaSlE5QF5W1+RauV+M8oMmv+Mf2K/Urha6m63EauLEVWu
+IDtxj74qfQgyd//qWHU+XmWhhNEGk5MrH163VITZqpG3Qe9dYHdalh4TB/ILJqfN
+URKLjdz8L4YbL48dwK6UxargixQ3tfrvIdTr4mkMiquNlayTk9g5qXWnEXy+I1DB
+HweXveJeSUHhYRXdx37y2I8Bz8HcuZF5wODEDJJuYXy7a8Q+Ar0Ll/uQ4NXE3iI0
+NA8RA0caAlc+Du/xfzKdUgIPQaLt/sjhM4gPBDLlASUmO+PJfb1VYgDIbNbXiR9x
+92ePzennPnbhKsPcuZzXoc/jH2BiQwwRT2gLscZ86n9O1FNoaPAnYERlyNIVrQoC
+0Ll6NnGBM9Ls5k1royQQtZU2x5Yu5Q7DGcNqX2yI14AZrI4e9/Y0nEa+17WRD6eO
+fdaIC5dVrv8HZxlfzwFs33FpufovP2vlINWM3IqDjMf4FIQsoLdnmTsgoLRYm4JK
+zfcyiImXPt2iUrcybZHKa0EXYjrcoIVBS8YP1UTcG8WHnj3ploMxXOw0AmpXcznf
+sbLsaehbs4ugM5G358PMeWFXTv8K2YXRtArXHtkIYzA45zqWzpta5E7LiTQJfBRL
+VNtLja40a0gaajvROCekEzWhezZc7bu6RQ/XZXxBYHx9m7nhzKRkDlBrrJVpWSW7
+QmS0ptXblyt2tbaUtNLsi2SP7gP9ggTlc5hCpwygT+lxrcr6j18CiPgMYOgDmFY7
+gZ3jZ+HHd2+8GnimOai+r8wh1aW06/tLfIZxpIn4T9yGh/EMW/R1RTJjN0xe6oqw
+wC+TPUM2bMvDtAvdn8bYh3pVVLXnFa6LjhhgNvnx6wBoiBCJ4E9R1Ec0QA4jF/97
+B4e8TEv7PAFB+VGhIPnQqfsAqRfM88FwgZqSfZrBXKMVWA7I4fBeVD0cJQq8TwCz
+TY9Fi1YnomqTfacH1hf9KiX3j8OkfrhIM3+w26nE553/wOcO42YJ55NgnNXlQL2e
+e1s4uJ9lroATY2WqvgLy5Th8n5y6kVkjuODb/8hk3KXqiLqbUOmZCYLuT4ZHZ+Rk
+xtWuFpmFiuWgbg6Nr2t2KYXwD39pjGBRmmwMX1mBxmUD9NK28yO4HEgiPVzfn7sU
+1PWC7HpgPf797M2/N1gyUfrBbfw4OXWpycvmtJLXHEJi/p/H1bz0MuMJvPtNhzUO
+CP4jq0xbu9nT5eW9rD7kgvv10W+aUf314RcWKaLkOxkk2dTENjbviASce5X3ZU4l
+eGG2wtoHvCvHnNVj2ImKf0jbAL7dymVJlA1XwsLANAmk+9RGyVJgHn7ZkOfRVJmW
+VMfZ6AVeFY5BeJ0LCq1uE6QMClVx8fLN2iBEqamBNekcZ62Qz3b1R7ZbN2tlPKee
+JnLSouju6Mu8U9twVI2tr63OTh/a0XAjtlO0OAXuVcOmYOHT9fSjPdAAt3Rp50Sj
+PDvgN8s+qSkQKpx7C2OA9Wisrr71UrBrCfBhCOmN5gyWFg24PwwRKUnc1a8mT5Zx
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ofb.pem
new file mode 100644
index 0000000..acbd8da
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_blowfish_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: BF-OFB,B9F95E282FEAA06D
+
+StEkcUPp3txNaJlYBP+eVabWYcEzAkX64aj8vaDX64i7bVl4ospAs2stac7uXtXG
+IZLTqNNACoqC0jWWTDJca9vTEoqjDRKjN9yjXYfrovj5oKi79wfsSU29oH1dcKG8
+G4y8qNsA9TexRQDWTBxYO6EiQFVie9O3oXzjhO1hYwxldSWOV5ZRWoVmg16vAOxX
+Gx2W1twtjQXG/hp0HxosPkZteUDdhMZLWonYuqEw1oBC4iDG1Tjp0p5uSnb1gaIr
+pzZScikP0Z4/8CxiKV9/C1VNE70EHdAUYKjUx2PAbPaMFyO/sAXOy1INI7Wis7jh
+U2wKeXgCMRxmca4OMITcjDp6OGmKf41uWyTFwjO1scMvjSJsOZxNjAjcrZW1PPRA
+tvnhRpU9h1G9BOH2rM7VUI6zJ2FSNKG9R6M0WOQqxRegJzvK+YNLhw5lUzrbWOR0
+RdkKL15gfnuXqLTDTMuLX+aCDS1Mu/ZRmDqLWkJH4W1HJ4l2rBojX5fcbamueMyf
+Sbd1S7QtmF/B9LaGDEPMT12kOQHZkRBUYpyolK6BoMuRPYnGS0RkUwvIuPZA8uJU
+vHHuYRZsOA45YFEipyB/sek61bvqYy+8TaPxzpfj0fkh7AUSQmbk3qQRkQbltzqq
+/MkFShIzS7SUkyiowOet8fVjXDJPsw2bS3uOHC4zy2QQmhVKzCYWd4yCFl+WtJnZ
+eEkrZH2BpoCDEzKlex/NQlH9KBLOor221nJEVd5tkdWWZt71eGld20eFL3ewtDqV
+GJX8jFmR51vQL6NZ2Ehp/5zhearuBJ8VKJfFxIKSrbPjyCbEwUgYOyVHHyvYyMR/
+6hcflrUu1IFFwFhryg2bucAkdX9AhsO1dimxSgZKEFlZbihPBysCdUw3WRea57iS
+n/zqLrOm786KiWh0ndBgJ973g1x+OeuUvbNl/0yiO4Vjny6PkXcBOORu+ILEflzf
+UiEKyG8+cYzoYZjeiCFBxsA2+gZMdgjxVYF/lKzTqFkfpwYV+tF2K5N8W51cL8Is
+yhz5OHiENobjx3QeFCZ4LWDEXg1H8cA34i9oELbXtyG7W+hkZp0B9tRDrXcDwVWk
+4oYqWLNCQXqr1lL6cCuctKLdXbc1ibLt1nYGpJrPkPCbOshsI+iCMmulT23s+jqW
+TMW0RNb3wFjR5z9A1YTWfiqMKEcyzRhP6bEM/+WNmHE5LRefx+dnvZrVJzGZA/3k
+JAOpsxEPKv7YNR8N9yoAopRfFEOH4HYtLbsAA2sZfD6iVAXAAeiZ2Ehn+Bvek5lV
+5zIOtsXswRgzXvxXCPy0V5GWqMglbkUS2HGsWaHpxDSMbvBJuaSi2blZ16p3IICM
+7YcCLolKUaWqpXjhb3UypoYRwJs+40EiXid7aJ8rKoeId1SeETOwVWkz95NMiVK9
+5K37/OMvxOAdjAUxtmz/+v+twKfrUhYqP3Qkapy6FgA+qxnzpCFZZXrMKjpr99Pc
+QVNcvM/SKWB34jZGTo+Styc7d+iXDC1BUS/43Pvbka/Aa2IV/LPQA2pD44aP5l3V
+/tOfQFQWI0wCqpBPV8aXqGuqZU2ES0yc9DJ974a8NvS1cNWfsMcvNg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cbc.pem
new file mode 100644
index 0000000..2d2233e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,4629ADA1FF55BE00
+
+2093wYtiVZThSK/Ecf2pxfukmymwYi+yaWhMDfxz/O001tbrlC/emwfU7iprUPeD
+NJyyAV4GLjUBA51tfDqia3ATKaBfUtMQoC48+q/Lkr5KhLZEU0LLVuGrfvmDXmPb
+Ne9Ud8XZGnrDmvAFkguzK7cF4PFWUX3l5oYKinm8he7pA+t9RJ6QX7+BHKQHlWcR
+cT9e1iN7MykRD2Hh7YjSxg1uRlJ+1H5zIJBDjQ/WIUMj4EdNJriurt7eYY2XrP9M
+fyvTOBgYRHn6uQU0tdV0619j5yjEBpPTRf2M4RGOeNYGfvmk4RcyZPdnccDq5bWT
+w2XhhBPZMdCHmDPTCOwgfSvqBBX6OtH2EKd1aJQmtudMATPjA49Q2v9ZrgIQQxmA
+ZXIXuYH8wNPlzpm+abolucwIQhWJqr5TP5q7IKfYLD7FIjyrPBJecGoDuPB/Qp8x
+D9G73DKYgu3aYEFxcjs7tWwWe93pn7glEPmuybK2HP0iD5/YhXy9OUElAUZVBHXb
+WNyFdcdmyP/hcex5nI3Q27yM1auTS4Wpmvg9I5Psr1NN5ilWFNiJ0fr/YcOMpVsz
+NqQPuSLqxX5sg7X6m7MkE0/k8PfFO+tpy1cC/K18nnka8WgH4SJ+R1I8WXLKFznU
+X+mWcOaci2YBUHT7TWRzJ9/5bL0CEWlheabTjqbaV/4kiE5L0Wcbh/am56c2YAzi
+6MzassP58vp4hHXTyda94+Kj4ymYFbRBLqh9CVspolwDhy6e7ydcspGz/RRbuWrN
+Xc+lsExkvnLkYvkfmaAU/C5ME5PNjgM0kH0qXLyXPPtdKmwWrkGjElzaY2iajzpP
+XEmnYu4E8AsNdNg3HVcQfoUU7jFq1NeB4uibFrq8vh6VLmqGvK6XCul0gxJsfsh+
+j/38B1+5I97I0oplDZrAQMgek3BXegw6HZVqADC2KH4Jir50rYNCFrN1un9aohHG
+BdTzB1wGkjW2fJ/yrU5nkkTYcNhl9zU0D09XvFvXyeRdLzJL5eFqqZluwsPPw/TM
+CSwjTZbbeS2LvvstAsoYGfQTUr/E+BOXVpFmNg+94DBxwM7lCy57nG2Y6oIy8Qcb
+IfmF+wKMZEVJxy8O2uaCYUwU7qpucq1tz8l4bTo8wUctxw80Iflq7WYg/8V2ilro
+F1nSJ7gF0bn33KwlLxLy7akXiol8Rg6aOg+cAiMi2Apfg+5DXWrKf9YOwebDLOX3
+LWvDuMYRVccwVWsA+X4zUezGjVNuxjnjtsDfeiScf9QyliK8kjlMP/r+chrhFFzc
+LXARzcVfYCQhF6heOOY9YTHvcySV4NmgRKC/dlzvN4NMGh8VxWiEFDo7Vu8XTXpN
+7OiSd/BvmOism6emrC8zRMD8c1ZgCxuY1MOMVXRir/Qy1IWZXiYmI71mmJmRhE79
+Gn5JJ3aZ9xZmr34l296CWOBY/suTRvkrfyMRoSTC8Z9K5nbd+cm0MLzWMgiT5PAg
+cy6PHN9zVWInz/2z00qf+3lx45ZmMeVj2+2h1PFapXaCwvek3VgsXL2HUV/mKNcU
+ZH7mV8imvIopRSS4YQXB0Ophiv6i7lJWdKrSYd/Ac+Bt2E4z7q7y4wFNlZBvsBoO
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cfb.pem
new file mode 100644
index 0000000..814ff89
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CFB,07BD7DC7BB2EAC98
+
+yH7T+ZIRWmzcMociF5wV3YjHWCUMs9C/GUrnBP37vvJrBDBB3x0u6aQMaOs0U1Ih
+xbGOweaw7cMag1HhafjVK9ZFZlYsCfXRZk6JdOvzPchDctQrnjkDxnwpOllmp0w4
+Mg9mYLuEvN968Tx2TS26va/rPAu3xxA8mrcCuSfyt6O9HteT1axwDpZzOktmnbYy
+xHQDRcpDXaXspP2sVTaZJ3oq/AMGfrFXCu2m9jFHcyZKmEm/DW2aLmfOI5I7gCLP
+1KMekkauODnQZEE2Iyi1SVbTBKH5DPp7yXAXWOtugBcWNHbMF9QHqKlMs5Hd2MYg
+doXtBSRRBc9pLdF1FMwHHjPFI+GZL3hurqcD+YyZJqYvzEgnI9dls2K8MzQKYKDn
+6VpDCNbEf8aC0QmvCLIjqei5fH2RVYeV2M4Db1GDmpRAIRJEq0fXf5ojAD0Mhv6p
+DZYsz+f/MLTGwce+HCWxZyAyfptdK2ScfvaH8mUr1OHd5IdvRudh5+9sCtch5xQL
+DFIp1eBRd+2gvLBMja7gBE/xHXoFZtTR8xORCwgYXVrLLf4wG27XLdKQVQiS8dpi
+E+xCtiZmZfxb/1Ly9yHP/ehWD9DmxRRr/n1QeGMjSlLSzffuLgt/0tftK5yOSZri
+Xc1T83n5rLqhBglNEvwR1ewsTgeIxkgZo7q/LFajrnGh4L62cIoLkLX3lG0jaEC5
+VTa06i0b7U1nJ6kiqjHuXzkZWjTim4V7p7r/SQtAGuK3s8AmqJH53EMmiK0zFq9Q
+ao1ewixzD4NplA2HY4kAAVRQMR7WWIRrV2wXRTqoKwITMbZ8Yio8PwgSjsYhuzwv
+Mct1CmTc2FcCH/+AZOqc2HNS4qwQVmwLnOLmsr7L9kgf9aPIl1hkn9KzC6GAU+fZ
+F+N0Ti7d+ZkNAtAUg8fi2Bf/rtPvxmyJp6QICI4Tj4MFpGIRWP5rLwU6XXNch0l1
+nAcIYFvzLNL1v0TDnDz/CFW7XSp4IaDl0OLyAt+JxnPuFOAo1wJOhUWHheGynEBP
+U3K4u+761XMdqHb1n14OSgfyynIuLM6WtnBDoevKX8v0dYjO6PnvcuZoRqs1sYKr
+D93XsV8uMv79Oo84xQPHpJrUIJVLDeE5GLFimD7rUPvMURg1IrFnGyfcMGTvsv9O
+us/B1dNmOHjG7eZwJ/8MDNsYcpwm7CQsTOJUZkQDN7MZOKJZJr2gQK659eULJwaZ
+lEkR2p6A51etvlSPZ2pjy2Mgxk/T0mX/mVprEvCkxFWGlAxys1UFWKHDOOP4rUZs
+iE7nxBMyW+4zHAcco4Nly5gryqWiW0gn99/I7+qQHkb5X6ydP+GKOHmUdcb8RPIH
+Ec3bV7mBtfYxDC/ouStuQdVC7jWGwU7PeQqoz4d3mhK8dfeOvpudiTD1BLw30LKE
+Dt8/tob6zIHMEA5NTu6g5cbfa0lhRH1tD+O/7RejWPwOTc1LbY2igvHoh5uWTo8G
+ufvYO41PElmJoujef4njSZHcMvHArinYdlWlvMIg52d7Y3lQTTztY2UeO6DKRHx8
+Qjda5g8SDiqgFktkl5r9FYfqMQFqheSgKnHaJ2oPPbwuJyuNdy2Rug==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ecb.pem
new file mode 100644
index 0000000..91a3f49
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-ECB,451BC59702897B57
+
+lYkflQyHR1brYuUKx2oj0+L9fRwOhpKR6NMeH2nlLEMz1yntUt9DGuBRwP4RJs8o
+AHo7amQ1YzGpQCEZx3p+tMmk/hHRcRmU3ZeuP3SlGwpUmbMe3NI8I2dvh/qDL3Rb
+QParp+YK2vH/u/N2VPB11NvgwoUQpfS35vOhoLk3GUcupSKfbsbl/gn398DsgfoI
+d0qD5VSxNutst5I05pl4JFnL5+DBv1s9w68TdvAvBqWmsfhb4ei/mSp81e6ndxOR
+VLF5hgXauJjEHvI+c/ITF0roIyyxiMMjFd8IuIHbeznIjOWn4P5YcNcSswSG2wOz
+1wB0e8dlskukcUGqFS6W6mJzqb2TK1Eo+l0w2B2rNGX/MlGV9f6r7e0DQQFH0nCI
+nLS76C+WB5G6RA/7OMOWtsMnYSLldvXBxxZktcD1CNjyvuCOI5NK1KmG/Kajho6S
+/+A1mTs274pI6sIsCNl4ay2pfgwjZSWh95l8+YNt7o0C5lHudZ4hZHCDT8U2uCoe
+7dhj+KTuIS3VPI7lzruMZBGAj+haZ/cAEdqYGXizOle4MwKM5+lS8E5gEviTABua
+7jqhqbBE7CkN05Y3QmyE48yzi58hzSmiTOuAJ6jhB47A6Vsp/FpKFzfsK4BoD0Zh
+0ujT2BeJhtsFmPY6+RLtGITnl1498j9FTfy8ZNdrXEMxvp8SnEzlIKytLQyNoz7a
+tPCe1od1w+MUz0PHqDO/Av3YMULGLCUgnuZc0YjZv3P54FdC6si6KFEEqotIGD0j
+C24TXqlBpn8Qqkht/0TmzVHq6U7jynOjD1VUeB/gudPlHGLs468c7HzEzbpE5h0G
+1e5o6D5u9Nh1ItMObNrjt8NUxbi2/FX/Nkm3J1Ogno0ngzh15jZUfWFPAGkI1nho
+12F8Sf7YTBizPW+sd5hDbVejJURyoj/jt6UfiVKUg9iUgOW+ZzgkbD8RvC207xis
+QoF+2Lr8mPsNabUaFbsXmQ+6F0Pn05BzyBN2fyTxRt6u0CKmLE1fqkIuQywk83UD
+hBJfeewGoOGvoXDSy0ggIkjaRCsk//Xvntt5HEmKwc/wy/1Nzuu9H3C6n7qLqyNJ
+mPhrOGXt6C4LG1JscqS87z4VmhV7mol/Umdg00HRHs7l9qKRTePdlq52JL7oUws2
+CJs/UTaBHdbV2vh06qmymtEyNmQ+PrweEL5U/neyeYyrx6DsyUDdY1h1n+aKSEyR
+eittKv/pouPSLlIiMeY/DzQwN1ifoGsfYgJRst9Ry4MdlahpCTX+K7X6ryEOoJ/H
+1IEOm2aSlC3qEABUGo50IqiNF/PWugS7Qf/JzXAyjtcgQdW3cskNDCR7JVJDtATu
+0817ST0QXBL8qT1C3z843LcY1HpnQ1MiQvM3maDHCxuoEoUrRILWc59mc14gmowq
+g5XLMOLC/y5mX5LDqkxoKhoED9eM9/9EGSSy83dWWVZlGNLzu/JHBiWa3tVhas0U
+LytNa+kN8UfTC8KPe6i8euhauunLIKkq+MUBWy6agFR+jflE0zd0Av7Ox8HPbGe5
+0fraChwokeFM44fy5cOH7zENfng0jVUUreTpDtcfp390QW5Ca59J5/5P2aUBLZHi
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ofb.pem
new file mode 100644
index 0000000..93766e7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des1_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-OFB,62D0879F9BE636D0
+
++iyQyk6TcPldmHOJyjJjsJ4BgdDqqdQYRzQWC/WfDLJyw3CXLquWDciAw5aCof3k
+b6R4PvJHzvG6j9jdlcv+yD5M3j9ZVHYkLL0fTZA/LEODUOTX74gNZfoz3FGarYIV
+TabFLgwQh4YJ0+Nb5N/oISaNszC+wxf20D4N445kvuHKbak7o2j+5ZzGId9zYIPU
+Jat1HygggKh9PtE4NildizyVVK5h8ws8qPWbe2/m00Hf5R2oP2YC3Afn6kqMuueJ
+RrvP9l26WboAKFED91xY3gJy8r3KkkLOJq9856BlndtgkA3USqRM31W6RvLqHUDy
+3l4ZY3wSTCdZIX+iHV6Qm3xYaIHNzYjHRcPQKdOVmEYiUSmAZmcavcsPC7sEfD7d
+OMEbrYrztF8iO90Myey/lJxo9RaL5PfWbtXqnXKUZtbcudEQd1fXM6gzdMm8AT4F
+eUSayg1/3AGEEHq2PH8kKtxnWAb7xBOgLbjTuC68f38dFw2P8iWZerG5lbLsFuwD
+YZ5eItuDhL8+dbFxisBX6H0lzcm0pwK1HCHOvSCcYfpWC4QrU08WbtI7NCqIuRWv
+4QOHU6SoNGW99BSnUlsqgLdIcsWsyTwiotZqusZV9AusdsGqU5ixwal4YX/8JRg+
+93EwnFnl1Y0Bj/yoAwNfvPlZhtjevsMnPEbrXbFEm0Xw1kdhOYokrx0hQWUmdt7m
+cFdmFBYQGsiKucvRpmInylrS41VQNbNySqQ5iGa+vDaPBMKZusvgPgwWSchotkzT
+qTQ7HNjszwR4eIjBOiBSvY5YXoa9H3irdmLn76mOyDMjaQyC9o/0tbAagLKADuF1
+Ui4Z/3WV67SuUoawqDJsYEWbOaNFX04wFby0k7oACoNxqoGFM3ITRzmxnz3ZyiPE
+DV/grOZICMLfTQ81VvE8/w+w697F6EJ8rY1yOznglP4GXrtIiXAaJbxEOhosyuN7
+HikpDQ3GRnPzXeg/Yngzpp8JMVdxKdEItcXnWd9uhB2Ok1vXH8LjhVkhrL76bJe7
+bhagz+LphPaLnkE5BPHKLUwL8bQQguz7ITfxsEFpWIHG5zCtpaQwdMEj2ePVubN8
+sfZ3qhDRNG8DdwXgCbCot16SKGuOawMMC5tsoeg3DFQ4MBDrKUv3C9nF8izTs1Zr
+3J7kWYrZg6+hVcJDgLS3t/lbFIhaNAULmep6wl4Vcp6nBqr395r8/uDroOpoBxoa
+BNjvFaztkRy3XmNHp3TOYLg5HZPWsK3KXOs0FvdTMEEsnoj3PXz6+hw0gMV6huYp
+o24r34gKiwdbrkbwLRnyh0oF6d3bPOZ9WnPgA2y2MB+slulA47+hOMcP9+WiQxE/
+eGd6TTRjMPopQXJw7/tZEf6qyVYLWfKJmI0tljsea48NocZdsek+e4ZsTW/iP0oZ
+wPDYNt95V64APcDZfNtfzydp0516KY7p624TanOXsxNNiBV6Nuqmd0dGhbmcRC8Q
+KNgGNvgjF3rhqrXZyFpnZNQewE7a87bgmO1O772QU6GmPUZr3nzPRwE/8+TNA9AP
+hHL9HtItZ3arx7eJ42obFrxj3uzpQ8WQo/cGLgQT0lz6u91xJyWi2A==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cbc.pem
new file mode 100644
index 0000000..9dbe30d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE-CBC,A48C2683D96452DF
+
+dRu5UKxN6kr8aSBwZnynPwIA2y8Dgu6Xf2vCf0JswuFMJAwFGjiHoZTmIHuAjArK
+GWhiMl6ak552D/Nugz2SNgC3eJo/LOP/g2NIJnG09GuWOGXkiagjDKNbPCiIBPww
+STIBg5ilKV07lryS0FxQSUWsjI/2c0yxk/6MGSzQ6rrAWB4Cf843u482w6Hidr/E
+euPsqXJDtlQrKQ1gaMTJiOY9Y2H81b485MBN9BnKfDH4WHp49b/akcditst59fty
+FtzwyUTee9SGY6u7oKaUUe6sRzFOeeRR2TgWG5Bs5sne1AFFen2/q59Va/7/iXRd
+TOKKUGR4yj9gA+9EIpDF3n8Vn3G9LnTDFK0Xh1m61C1mQmXgEOqJGLVreFq4u1xq
+0J1yEZKoXreZJH95+gYAW5lmG+jNCMy0RO5PsTClx7G4XcIGFZAXi8sXfk3FYLT8
+nboMgQ8IXFjqO85FIVMt+xCpov+S8yOfPMOU63zxrynaXD2eGv7y2dTpeF3Mf4Ek
+be0YrQEWpCtYUdZ9AwA4N0/vkdp84/WZ3Aw/i+KUqYKtK2agkJYtarqj6iUweUvW
+GgWvZqNiTAd3sGcxffSbcdSRpuNttnBG77qAFgFiPXtvJu4wRkGlaxhwVTyUWK2E
+HvCEsssbzX4tZ6GUXScXv4zg3YaDP6HXsnBENl5SGXK8Uelett6PJhwH7bfpWysG
+Z1TD75uk6twThhtPURGG4GUaQ6cZ1RUsL9/y06v3ZmfUBxeVGLKwyMzlr2FTYenU
++LcvzriycweTLMO6llLVQH8XwlbAZ7JgndCjZodtFXhjhrS5Iu0sO6J2D7xFvL3q
+/Ym8PhhRStcVjijX+5+9aiA8AkXK3khP14T3yhPLu7iayl836Lh1+O1BHiYgr9Z6
+DdhCmO2Esa822yxyOdiwVlF+mYQylEZQy3D3kqqJytO9pn87cSvR3WbPtFOStlcs
+Htms8SdqLAamuWLGZiycPr87mSH2By2JED//80fNHdR1D7cvPU7oL/ClFMX/F3EW
+UJAwSXswmUxqccBR2hOJ6K3OvSIULoUn3awM/qPNTQL7rg++dSzUDbIiUywxuU9N
+nXkqfBVjoJTjafgWd39G3RdoK0ohf9QFj1nqYfaQGKy90cPVw/FdjRyszJWDUBTq
+jlKXnap6ZS9PGztjEoLqmFaFT75RUR49NnNtmcKmH0i6anjwFWEYBM61jox7gH+g
+W0r+0R2yijAspXHVpuibx9vdgkq/WR4A36t6DEMajOHM3SVzbPzkHTV5HyYQKnaw
+SZLSdUk8VwYkGSylm3f64PJLxBl7TNtrQhFLgR/9QXkhN7U2Qc7WxRQzhLQsLbtL
+qcBLGH34SGQarQZ5dfo3t+B6IIW2HvHNOiT9HQsIJTz4Er1SbLNH6bco7hud6aOA
+eSifKkWLp3SXXS6wjQZzsSGZ7Mws1DRcL9gEhb4tgIvopQK773AbQ1SJDEcmBpD1
+NmxrTbb1TngaW6u/79Nng84YEUiWNDKu3ovoe/HLVZoDr3tGmy5ch0jfA6NOxEn3
+KXZCiu/PjU005SLyLql5dcGzagjnnURDi7TLue/97xtpI/ac0vL868Cqfm0+e26H
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cfb.pem
new file mode 100644
index 0000000..451670c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE-CFB,36E0C8A965F07E25
+
+L0GHzT9XVnA03q7rlchpiD4JCgzISj+B9GxKCrKSJJBC8bRTgjgrwySMQyhdX1nw
+DiCtb9q7UCxQ/j0VvHuoA3OS1/Q95mwCsnjUXYAPiXeR0NMJkLgv1hFU8EjAJHY8
+ZenlgfC1RNoUONucq7v3F7jpsqBWrxjyDXFnWwe3edSfUzkfkG27NK6LPScjqdY6
+kJWAkHGpoGog7cYVBJ78LbYYHSBR+xfeFzhVMqB78mH8/Y/CGlKvXnPFpiJCY7Af
+zpd4/PJRVubXVyANc42k+0/E2oPOSKiwiKV79BxFw8g+NxkhRzXeCDuzvExKL457
+cuPNB0CQLSVNmOWKr6mA1bIBiJXgASzijsjkyoH62D/QoBo+kBT8W3hiHooSzJ89
+flhyknT+rVuAbFdPGqriS8siN/r4Qq/gbQIFhNe9jsSQesfr7lM3oK2EPGpDxstf
+eKc+EhHBlT4S9X+AilnjK5il2X5szyhOFZQ7RdAiqZ7X2KPNNqbeS2L530ZvlL+W
+Yw4qco88cilN276QQWCcrp3YcWv+MzawlNvfOOAb4GfUlR+njPxRAxM3rGVXiMn+
+6UL3X1SqZfADJOn57S4cDoP/A0i3FUfoPTwQW77LOAIzLSeMi7brQkZi5J9s5Izm
+OMcEi+GwBrkbPl67fKMnt3cHeFGJmOftrLZCt8HpGEdiQzP5iiC828XvLLxby5Ue
+BGoBILGIHL3OqkTVjBbSODKFZTIOQdVkqrWKyXlrfoI1meATptP7/GhdQP2DTW8B
+ppmNgtwIbGLg/AwNmGPdpL2mP5SZLIDJHd81BL00xPJFCR9wxXLk3hgm6auzAsZV
+FYjaIQ0Qza5kBCKNqu8ad8edqgp5Rj1/ZzfCWEkPRHD/lZ7nj9vuC/dMnPphohKz
+q8/L1+gbp8dwER7sEVBiWDE5u3lpSbx+1qkk2CwOjE9eBh2Mr6qLL2WIFb4YUvYI
+OAWIU1ftenOEjgjvYZcdeEOYT0UF6/avfHDPvkTIwl52UUhunbnqCjQM3qr18rbV
+8vB1bC64DxetUPhDymLqJCe4QVQajdO5BxQ2wwRjHlBi94nlAS/uOFV+WwqtFKZD
+TakruYhw3VjGxtnjukruMzNjDSqxd8Jabp1oTHY57C+aYQcBo34XAr+j+PQTPXEj
+GNL19MUMHJo/yk05NZfkyf3/+YtAV+/Gle7TlWWCV1nvEwrHPE4yCGi8j6qtCzBC
+TgpXl/lxJendZgVzIGGzMDemJgyrLNV6ar8TbOz6d5GDV3S84g2S7cToMVHX4Z8M
+bR53pt/KfH27Wdn68z3Zd7sT8R0g7yCVIc0BJgRrZ1aLnyKLSUk7iJULg3+B5NwK
+JNucRiU6mT5SUiyS5WjD6vZVDjggAx7H74DP04rzgzcHvTB2gzx1hFzw6WW9wcCk
+7+RiY0j13M/nD8UjW+pp/Ugk4Oc/bvxsA2tWQ1BeyF+KSNj/zjHMwN/sp1/of43X
+D+lcWS1hCwMiy79KQudrkc2DiYKWSIiXEFlblSJGiQz7SxybtO+D0PpVmlEYWiDF
+AAMz3hM+CrWcXIFNw86mHSsJHvYsSjbCB3ydG8L9OdATYsS3tZo38g==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ecb.pem
new file mode 100644
index 0000000..c3f285f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE,8B0E5396F9D19442
+
+Ym7x4lqzxkC0K7f3nTtR7/ZVi0Vj36NLORWiJig0qvSmH1rhkkmMjssQqc17kWRT
+ttLj4D4s1ueQBlDFaumMrXloVp8c4zQS5jbHNmf+bUsom+HXGFHbjPC0usHm9TAl
+pPBWMCON5uUxoqJhw2mvrGSlkQhkkh3+Oiag6fxNxnN8Te/yTPC1XXCqIh7zRjCN
+q3wjkh8+0QP8ui2jK/2zrlbwvCyggs4q1YhVzWYiecFro1llb+CDCz0mzKEXj1MM
+MLyMdcooxXTb4t5PhkW87N8PSWXeJEJTxcWYbZ7bf+Bf68iHm6JChc/HTXZRLUfo
+3lACV21KTTI/614rLl44l/Ftg4HDSE4UV/J2JoenbRecljKXneeVj48Lmurc3zZa
+rj46e/pXEGfeEGmkuVnriWhRBcK8Mq33XfY870RsP+4bfxd2ykJYyxFZyoTT0sAU
+LJ4KIVZVc3/jB58CRBZDV4s6/cA0uHPhprtzEHSxp7vI9N4dQAWaUBMnDtPVC999
+QjVGYKRUUNp2S4XVLtMH3+jZ5ntvCTTabjuie/4TAxoUY45CwKjEFpWtDBEWBbXe
+zmIQYCE+o8hSVtt8DFWdz8+PGqF9QgWZ5iQtnp5hUKA4rVeaxF7+ktumTrwguZcZ
+6ZK+K3t4lcHyPZMQBoiWijmBLoRsoQ7NIFEE3sn9muV0XUz3hMCRapWsqS4fd3N0
+LRXrBmZuizqzaNBcDku7lBbembdW7EI9flzY/0Q0xRl7WjOdK6Nj4V2A2MblQoh1
+J+pvV9Tc4PANApNLcFZSPawOJVyUtmpX8QZYTe7QlXQrVIQE4HX4od1S3/ZlydfT
+DL8Atfec1sabrRFs1M86lJGnYxsvismLVH0VmkigWe+4sClAl5QrtCfGQepYmsYi
+jyVruF3FzbOCjcv04x4a4HyKRHeCVlsRlSq/njqCh0WSc7OMacpQJZVvsUYRCaS1
+7WhmzeiVNjgKXg5lPwta78Kh+XbQUtUGryQQrwOnbj0SDsho2hBTt/gbWDpxoQjL
+LGPHVxwqm0GZ4bw+4IXwltfei7MG/ceWxLZYk8ZTkc6r+w0+5HQFKZ3JuSKB3OLm
+rK0m87IybLY/Zfap/WLAmreRMUz/FbsY9Vjh3gt6NqrDhqLFYCyyUKZyKrWnVlIj
+j5vohFGbq968UYVavCZ2eqmtwWywsBXLOabypgrIUQhmCxOUBM7Mi2NVrTqn8uIO
+G5+mwzsy8imChv3Zk2/LafxPpajlu1MuC6CtMdZjV+zrGxJBEUxADaTJU7tTAWef
+lUjlZ4l/XO3vxSvv/F3yONmgKp1t3naS0ZxxYalcMRi6xTznW24r5voOAsVqIz5y
+Nl5FtPMSCBE4FONoUI4Gq1GAen2h2/Dz1Q3CMYAvJz/QfpZFu4DZ+jAUISU7URfL
+7P/lXQhg3onHVy5tgXhiXDhCCxY4pUPSy57eE32F+sIGeltoXU2Okx5/ey8ijr+i
+5URStFLeFp90ke/EhdOuhDoE++7G826ky3twqtSBTt4jU9IemH0agFU3PWIJffm3
++Ezce6LusooS8Bqs9rYXHHGe2q0oUNY3ipggOzx4Th4mwg1HzBQnD6FU33M/WyCw
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ofb.pem
new file mode 100644
index 0000000..c34872d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des2_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE-OFB,0A4E382F6060AA1B
+
+hIbY73AFUCWIkdT7MEKMhr7+uSoSMO9wihHjhiHn01cq6kTe66Vy/z9dmTcgbK2q
+edRngIRyiTqyul1dhQ2ezVDisowHAtdiD7O2/Z+YiXc1hsuC/uELnYV1hTUg73Qb
+v760pWyH5AXNpqGsx2LLw+hstiiWVO+/Hs+CqtM/RgONfvUCzbyOQknDfSTDoVXB
+W4gEDKSDj+ydXm0ZmMS17DLCXgk4HBsJxyiK666l2TzB9pnzj6EDA6hDsiHfy3z4
++MxfcnLxWw9TJPxdLYVdw8WNWsXQd1JHQz/BQ/Hum4eNoYxLGgsV/hWQmkFil1XO
+GkPjF2z44fxN4FJjvQskrQox+5/gvnG+KamfvQt62qN16Z6ROZu5buPijxmXoecq
+gW6SyeFbnYFn27hglllax9awEEUtcJwi6OxKAkWD3REjqCfNAwcqoFqwkxlPN3IH
+00Rksn3P7cN5IqePVjSdwIhZtCfeBW2267oNxb870CDon7OlrUdK8KIjp/x5jKUs
+Pjehw1Ovtvn2YUQnTPvIYQsgdq3BMb9ETcnPDneCVweSxHxpb8ao2hyBMyYtQG8f
+LNqvLnjh7FUyRenf3XRbqka2w8B1CFTTErkMm9E0OPD8tMtDyakI+8fMJDkGhGI5
+jMwY2q98Z+Ef4wDifOi6qNklBlJwjvvybeqhqWOoXKbQMhnQPqFnLGjp5GQMczII
+m9a0anYSvmNKjRtD1LBL0KDMUgIx35U+7GKQfjrRTURYtAK8EITKUqYoWJWXUevR
+t9cikdwQ2yDuDH/C+a2eaEHJITerdW7ba/Rxzh50VdPq03uUNkN21VZEMjcU+GPB
+sLQ50j+gSFRMMzMfDx0G3wHoEJNAul8x2+umCUSpzPfC5D6kjbyREm/fWEuQkvL6
+AUCheoD7ouRR66R8syjIbeCKhjZEXUOvxxNYHSySrxHyiCGE5xCSVDlTzAutvcOn
+kivQqRlO1C6ZoEWbGr1SPoIoi0iMoh+TKZDgMy6/pRWVbELW5P9JnH8K+IreOIXd
+IgnCsqKZBVN4qRPrW8HtEwiWW7MsoXGjhpVl8wer8cNmcfPTo3x2l2+mjV2r0xEZ
+Xmv2LEtjDfIUP6yXuID4OrV6kpqSDax+wmujr8jlETKf0uEi4PZAXqhrgh/fgH2p
+VE+Ey0vnDaXcEhS0ketOGmBIYaKzWbMH9iX46YSkA++5/PavhlbCqZZN+906jwEW
+6MS7Nq1UBoUiql1Xa8AL0p/7QKZH2mgxpFcBeCHF4q6HhebbQbCpveJgBSR7/12H
+fJOIubovV6AOx2kBRAf27bii5iwMjfzC9IBE+GLCX3CXR+BLfOWutTcqbaBRdmQv
+K4yJqB/WHYcjlLKf/Q8+B6elmMc59NVUfStMszkIGlTzMFIkObLHH1NYPSC700rH
+ZkrdbRGfcncT2OcyFbWZ/tIvUER/aHjh/BvZ9s8UyEVEZzsFJI8HA66sJzZ3fKaM
+8P7nXXagyarILIzO90JIwkX+ip//QtpSDPkrUtii6Wj7n7RO0REe5N5+NA3A7WUs
+Aret+KXgmsOi2fnTmCFjVN2QgmQvOg8PGx0yYx8gxWog/NAmLCVMjw==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cbc.pem
new file mode 100644
index 0000000..6a632f2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D7B3D8B829964B1
+
+mw05Vw0Y4gDohoiqd0xLN6ZKCalPCK2F0QFSyAVeoPY39y1RyKdsg8xt/qDx73jZ
+rgZb/fQLKs/W6SqCAAk/7EIBNTCWf+yD5TTdG9n8viNDSNXWdyq172rEnRV1CWGe
+beo+YjNDh6UlZ1FcXLj82TpZ9EokUKLabzNkY/coVPLlytqTSO5oZmbdreuUxOyJ
+ktQJUmGBmBY0aHJmV2wCkOFAXbzoSfo+SNPntEUNTa8i0cSIgmZd4/QS2Xfa8qRZ
+c2R2hNyVZygru5t8eckKj6uvj/Yszg6XqQby4ktK/cYfveS85CNlu03WfjfI5V78
+vY5efs3+NVJi2+ush4p4TfgT0PAKTWjXwpMEiGVlmxBoPoFGtTXY3Xp+64QICgTa
+MdrxPDDBw2yxmWAOpm58eeRqAN7Jd42qBxerJFiOUZxYPyRrQvro6fkldUlbPNon
+53Hzb+zHXv9xM5aUqfEjMO4HyprhKT/8aZgQiDE8fHgJhI/S2Ho6Fzqz2/uOHzBB
+gx0m8fM8puQ11eRxO+oSE4OSKbEQG0Uj66cHXY6FbJUhsLkGo9HdjLSGW67vx7RY
+Q3PQApOCFcXLecfkXrUaAEeRPNqZXjCkF6s8bfCOXD1cr9BulaGpiGxdspu5Tk9Q
+bLtoX5VHnW9VoIoFsIWs1G0h3WILs7ynCE2ttDSnIjYZhE6pRBiDHRs3J6dH/oOh
+c4dFaapkisk0BANJduvB7vLvvbJ0Xs42q+sRUCWzHNnJ3BqQZtL5f0dqu1AXafji
+qwxcbrEqJc1kOQ+iRAZ83nVlVkI/UgWzTceYPR24Q0PnAux1LkoIO/FWbhm62j3u
+xS669GX+GS9urX8oC3JUYT2n9dnPL8ouB77KfP6c0GVxR2hhiLYmyP2600C5q5DU
+6rdNm6fb75nrAmD0cgPxbdOB8zbgVvQuPXG8QnTO5Vvhp5ETgifIXPCIWwNHg5xL
+o2zrAdrNaio8FZUVPHOvMKE6Wl9QDMqnnShH+8VhLk7+LQpVDewBnWaMd8pK8qGn
+robl+i4HWtn20uZIDFyI4ioSa0S3Kanvd9TkchEbDjKAVi1QXdcD+q9O0AYt/X6n
+ygx2DGhkNYMrQmc+AIt7dAPa6RdZv50AAc0R3S0DBaxtd36pWugT4WIEexmuYj8S
+NbRNLuyjQMYCeFs/Ff4df0gmfeyH88YSlafnLyFhvv041LAbU52e/yExCEUvKr5J
+Oj2qVHJVe3eVW+FX8hsoUAte/a5foVe067dThfZDVp0TirozHAycgfKI600VF3Rh
+rvQiHzmXRoMptt5g/yLsTVYiKAF1n2hU9556sJPARFrG1xXoFFwhpzCS5t8ywniN
+6wwV+V0s4LSJFQJBFjLrreu9ZkYMdEOrekzqBohF5wG/BJILkN8hBmnD5gckbLIM
+QUzGTGxu+BIUi8JNkso0hwZDAKnYit+FVAs+5yU0NVQU6e3fW/+m48YI5gqFI+k0
+gIGmAyU6zaUJBJJQ4wc3+dOsy8sokqRhVmA59Tv20IKHh54zWq4ouFAg4Yc0bwK0
+1ua9GJMGTXN0+Trb7MKZQVKokyNA0RVCDN9AIfwCA5hDhJTahsO8Lp4Eolz2TFaQ
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cfb.pem
new file mode 100644
index 0000000..129e02e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CFB,B99E3DD88C3A9D7B
+
+4Dsk+pNUGsgEqelOveMyrkoDb+khouKf83Yt4/qxX8CHs5q6i70NLViQWwqvIqQP
+g3h8Gs8cYKZfkEAFKP6BRFPy8EttnBCzhAdvLKrKFCZoDmhxC5ia+FxPLtNaDEb5
+6bgSoZ07KUMvfMZdnG5Kogex4DedqENVHBi2Rl3Dck1pAgxwzMntgHsluT4ht3id
+SgyUT/xAaMSwIklsjclR998N6V8Nilu8TDDf5X12RHOq/MSqGZ7yJC3Wb/dsirNs
+7jsEQwg9tIg5B/5hxjN12E4Ov7orIuO/WHNVtLznx1w1t/umPjLFn100Kln8GvfN
+jiGSB5TUz4t8r3deN7oDrGjoyr5OMnKWSsIwKcMsNSh9aTdkjIJBUUhIB2PStdX7
+WbeNXicNMQeteIrY+ZDDPpMbjsH1Kqcz5y9OWnvaXso5lSHLBp1IamCv/XbQcAPR
+zbnbN8DCOYAMcUiwcRAt0U+BNc1edX8VmCB0d4RQq5BTFbjGKqzo6yFVUOVLhiFg
+E8G3v8sTqUhJyH4Dmjn0oDMtfdplk30Ywg2wZAahnI9w+cZFvzqXshL3mGdu+rbb
+h7PkiJE5vS6/4VKA7pngsVanCRQa3btL43ekShth+DXwsziQixGD9HhTb2iYeF+u
+9niDPI5gzi9IfxIpb3QjR1xDJYAzKDDBA4gHhbEBSObByMsVzjS0+dwP9N6DV60v
+3x7RfO094FXxlVWSh2SMvz/sB9fsD9dCp/gadqHxhk2aJf7lfSU1C7EmM9hxGZku
+vR3J1QcSu2FMrvHyRzFZGKozSHq3QunOLno/KmY0ja1754NEkntGvPuB7LhGBNB6
+14NvQsl7qFw5wJxmEdY5rhVdz4PxLfjnMyvCiWlku83QIC51I5DbhRP7eG9rJSMw
+b7KFSQwmp2yzDeX+Ipd0JAgd14GvtmICKJVushO352O7mVnx3Jy1ZtJsonhzySz6
+1fGIvJI8jxZOdO7q1OD0bfrXS/kwdXnxoxn4pkjw3ZN3hdFTfAerVQ+qYJ7zIez5
+0lUihHNw1C/KRsggraOl9rTUNppcNtMYwKXCJOGXI2UEn8p3JIxEHLwXyOjTDfg/
+5oK2nPAmBdGsLb5ivJLPivmaqDXf7fdn0XBQQmtYUQRotlGmfpztujt/b2pL5YSE
+Uqginw65zyedjL6Aff3crvP8/CUR0JARx9vF12R+v2iAnDqVk/yqYpRqOp5elm1t
+yGB/PtpoRFsNU1hDnPZDu7kZV9oSeXaBDFOnHmX09qE2r869Aye1xOVmxiG5tm/u
+KGA+zlJVVpQSwnPc/qk17S0dvNAlgt6MH+vYlhKw8zk1nDCuavUK3hTFT+9w31cQ
+yjPdV4/K8seK4zIqpH4LZrC306/1/7BT5JXL6ZChATHaI68xwEY2GsEl/Ze0JrQv
+WpWSN/I269rUfaBDE6eFaiSDzq1xY+qyApHSTNPSPDHbFeCXz+puqv9lw0bJFnRJ
+nLsK2fUAKNvyCF18IydyhiGz42LYbwwjlEWuVsfWtgvftDebZRIfQFlj7DJwXfZU
+zcEOI5YyuQs+wFK/8b/bknF4xRpaXwt9Il7tcV07h96TDJV05illig==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ecb.pem
new file mode 100644
index 0000000..bcdc5d3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3,9675E5342C359F94
+
+aqJHsie4Ls1x3Tk73mbL7VyTembpkhx/a8Mc345TuZOZEkU9XYrkFMvhEB+jcVoo
+9ydosCL2d8xjDusry+vn5yF3iwE9HFHQ52M0/a5IH3sTtJ18BzAOi72ykGb2r6ly
+FzTq7xdXNihN19wHHnI98GKdxdQmNR9uITx8VRBbZdbRNGdJopS8zT96+AV1QAE6
+lyKKLA7qbATHR7JWQN2OYz05vGt48Vmq+da+qs5liEtx+GtNUxS5x8lAC6Llmq2s
+/Xv8X6kjYmxHSYWM2JyxsznGfdXKXe9f4Xxwyhedei6JgrTHa/JN/+tvgh5NWODK
+er1tLBRRA7atlSoB2AAegJC7gJRVOxRF4hiKX/19cfEpq8hF9+6EHGYm/IQRSI/J
+F0RGcnSdiddYbEb667qTkbLZi/d3Ih3KwKGww6ZzkHe/qPi230/cDR8tac26jmG8
+qoCwj+XCNOe9IUJsCN6RmLcFp4Tr4UVSsswxReN+xs5Ui+S3AY8IKscLSo+bB8gq
+DVBvVFUBTiF5/zO8q8H8Xv2c0aA3S9UQla+l3yoZygiUym+Q204Li+tDXiM602kr
+GGDA5/cGpQuit/7O51KF2OSwnnvLdu96qz0f9X+rq4QVNAy5PXcr2pj/y88UfSXN
+GAbogEXqpQzn0rmV1OWM8hsnOpN2DLcuZICCJFJc/BHO4elt65OfBjAvbxjhFU6s
+nJLUcR5EopLex46WwuucR6W6wjAuO8ET3cDV5L9wQI6DT+XItotk+yJyYawNPda7
+wfmxZ0o3qdcpRp7aw0ohfshRGJMuLnGVgLczU4hwO2/1LgRMnCywldacAfo8Ot8s
+WnC7d0jVOre2K67Omh4gLQTzikvFoxg5kjmFFxF+QOFakT/B3RMa9mgjtOlX0boK
+HepTxOtCaS+cZnL/fUCbWdnPxqooKid2DnVTNIXXBg3S97ReediwpSn6v6gU8QXI
+O0X/+syPkCRAOKLjCdgxFXRB1UA13v6iqeja9aXgzbUnk/MrT6G4ivAMsNS1cEdA
+KVKVpbiKchEpiiSiPyo7buZN6t3m4JnupU+UvcJAEFgdbPvP/kFvxywpPBcAycAM
+HgujJ9bE3OR1lfyHHTGF/f5lXGDzB0/ND8h7Pm+Bd0AFde79rCswhnR4oJsPLuij
+Uy499ouKhoxFTn3WMF6at2QLf36rfLHl41uSN0tky8trT9SE1PjX6yQUjl48bJh3
+MWUFPYBDfDPGTddENYo7hDmwoSLbE5WFxbAeJa86wgV/P4/QcDF0IPVa/wsDTPKR
+RIy7eNqxXBYhFeOBCkTKHMJ0XCawi4q2CAwo7RNuAmTrHOBN2hZOwYd6yoEQ4ALq
+70cflG8+rITJHOdAjXYAlcuuB1FjDWJjO1E3P9MwMfiFZBnJBsYkDT6ablfwgpaQ
+z9ngnzRqxIjqAxrRY9GdR3BEWgRIiKXljUgkk8qFSRIS1i3w+nHAipreOwizTVUw
+otTU++EjpQBracFsuGP6w9vcyhHOp3K+RzGYEQoh2vJm25lzUWBHvmVpCw5BBTms
+RgurNRdm1IlN+qSzriotjPuHr9Ucit7VFV/gXtmyJiNNPjTLpLQEZOUpz15eaFs+
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ofb.pem
new file mode 100644
index 0000000..dad36ea
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_des3_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-OFB,C8F1482CB09D61BF
+
+0GfYpcSxvnnRri3s5PutcESsHTuupx6UcprKRS+B1neyPR7Ga0Z3mZ2/X0trJVpM
+cxJW4g/cU4TknCZLjIJlClYQenpPRH69yw6BTi6/pgUhKeGmQK9Oob6G1RMjS9lO
+MTb8DKz8P9GmDR4/3SvJwPU0aEM1EAmwGJV2beB2QWRhaPkAZBzeijYf+uYn0mgm
+hZwjU8tdwnNnCdUXdaHeRkeqFcL6OjJHV+U5SZaMbaky1U9lyIJL+GUQZkRfZzJD
+41Qt6yVtetTgzljtCtd4ix+RX6EYsWfZ3OVtwHGYpg28IdfJ3LVE//O9EkLZoBeg
+DyU9c0gDnQ8Dxl9VHGFwQvgdSEyJLvWDv+6RXvCX4Kb2Spy847yxqcfqDpjUhzgv
+C7FoBwswS0pkQzGXKgdM+WlBe9/GYOrzW08IYwrX88aihf50jXi472th6ILIkFHD
+6m419YsrmOeEMXGW/VIKxk8H8MGHwdvK82xewu8Ftgfx0WihfA70EyI28VLMQTAE
+MMHxxCWtdWWnmd1xiHQSX6vedPLXQKKt2AYxYmHQYfqNFMcvDc5uM5uM+mNkX0qt
+VL5PeYRYtdDtT5Xj4/acZD7X7DhqcOwvNll3J7PRdadNXKfjHR7iRP62YkIiESE5
+sCHhYXmtQqK2JUJr8a9M1QPhmAIF3FYr8wSFu/eWw8ooBaTxVoGCw70lT8LNHVql
+TYdW9sOnvUjz36oz6H+z55CNldor0tS/Bu5jNPOZ8F6j5r4xpTWi3d/UWLW7uBbw
+VTAG25EiFvQBXpJFqgRCBdD1Gcfoc+ZefLXQ1l0RJpRf1jJMkfSWvUWDRNm87PSs
+qTeDBzuLNx4A1wYcJ1H+R7ds5QK4moNlvv0hJrsqbOESpLv/XPcYrFgzms0b+Q1d
+uJEWjz38AgIJQxBxmoglzDSRx9OBh9D8HQ+aJLSVcz0dBmEOEtPjZn2AmxxccwCc
+NkMnAxXyNPEJhecTp2/lOOupQqMYTGe8aoiee3m01QPzfgL6m5p6IJdKzOKi0TGJ
+xNW6fD486B7i8d+VOnst6vnd4xiQ03gNNA654mrXIM881X5elqmoFWyup+Ct9lw5
+lxllAJGh7w+hf8P6mIsezOkZGieGhzrFnuLVM2srRDEId+shTV/0lZi4LhfDYroN
+VAbZ6bySn9fmP4Pn42zu4XjoZJffF74u8gFPo8oSFYg88tzjbPN9KAPInNxD6lBA
+cwp3vc1n71CEepmfeZFR6pm1wKRSupkOZNL/PV9rqsyP1pmPE3AEU7WYjNbf2ah0
+GE9f6dtLWcDP/3SssoSnZGy5SdqcNPymG9vOR+QD12YNxn7yA87HM3+swparlSYy
+Mhg1BuDXb5Q5XFVFdajFwAnXJblAIbuJAeHQ/mNCAnR3HNv/Qic2GF7X757MA+dP
+z86gFzJJtb7dtZ0WDQzzEVHgnfVHP5buXnHdepFLsETw9fp4ZjqPfHjLXIOvp9/9
+G9pmSzB1JL8kK8sexWgsMRnl2j2hUDYiVJ/LQjMzk2YLF5I0D5msNTAJvb/gFBdv
+ynVKUpIoJEfRaY7pxR3tufbzADNiqa8OUCGxZ8jo26j7XWDkunfGAw==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cbc.pem
new file mode 100644
index 0000000..1763340
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cbc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-CBC,C9CEE2FFE7D795D6
+
+hcUF0vilpOxap0mbziQfS/5kPdXsFb59D6myNYdLDAvBWUVAuu5g8iDDJIS8KPb2
+xvmWdXRhbsnfeQGcGWM1rMc7brutqefFp/OAJVymI0TpILMgef0abf49PEqNUa/N
+rYs2dd39fsyrJ0rcEWT2lBA/+GTLATB+16/9aCwjHjQ4L7d4Soh1laMo2K2Us6Eq
+pB8f6an5Y/vSIlnljl4upKOlcLItd//2ehQnkuEhI2Vafz+kX08Z3+OCLZfdNEq0
++8b5GbOvygEZbG+amZDB/tXnR1HB+AI7lR94PmM+h24COWAelatj2uPOGov54gXc
+iO7NDGoouysqfkfcMpuy5SkLVW4FoCAxfOl+LOU9p4x8+iaJt7Np+TO16dvX8MOL
+4WcIz4huaT125V38Q4UiB+WbsvQXrHRM4WCyJBGBhakr+FpNFdH1UPb9Unb+8UQL
+BeddEGT0l9AiSebT/JMKgFUOInQdKxOjg4NBp3asVEUeTGLeTN3o06zUoopzT0S3
+CHrpgvpZLf+4NATrFMw0HkcUK4GHZl/Q68C67qNGTc4B37eGcxzGo8QOyjXzKxL8
+Lh+Ry3eJpEXae5xDUn9yt8eqYI2vdwjA/3+XE6mRhu1sbPNJCcWo2kLZ0ibYgqdB
+FLsXBT8aoeKrW2p82OpehslbmswOKZgrPRYmNh1GAPz2jwBFfCEOLQYXAjCFViiL
+ipFLKLGt2dhjk5RbCraN6eYRn2XcIai/7dnaYxXkjOsNH4mmPzlzjhvRh/2E/r2Z
+hbTOoa2uFUtZHWtDXUz7ZzCJErJaA00ont37BksfHDdDw1HIt4z6Ut8Jm1cR5zPO
+pC7s7ohOS5j8Vr8j947bEXITC2ozcvVVZOCcHwF/PnUE1zx48HBp2m9NAZ8Bz3LS
+Zn799/RrNtJLnkheG0wIrizk72M5L9PZQ4FXlupfJ9c9XniaQ23GQFszagceDN8j
+z/MR4tTfdWRy/889lqZ6ccNmPAXdwwijC6Tw6V9HooN9m3++ZlbPfHpboQUp6+V0
+Wwq8gdnlYW/i++9n251xBsR7mQtFNXaYwFmLUTt9C8OobyWSsX/OaeQGbWiVnmAv
+vPkr7mh6g0ha/x+1vKgEOjqItJsGdspf8ePHQ3FaTkfFwhQ4eN9w4QR3uzM/7fnj
+ql3yA+G8ftpaU9omFbs+VqIVNej5tvjODQ02BbjSuRklAGxnReCS14vLwjg9BV6t
+Ow74oIttwlZof21BWsCISgybkPmMhkIhUNAAkHexzY3AiqjAtEGnpmvfZAX9zN8+
++Kg58DxudjHQwUO4cwP9p50NndrilBShkotdYIqekXn6h0frYuhspJVWwIVswNjX
+BuEZE5B+Otswbt/caj9C5tfsyKmnGToG4fpDdk0ItxRq2126crKQd49zZybyR3zR
+phLeduyS5h0oYNwTjq+Fg2Z+f6d/iyCAE8ynfqcAPK1WpM/02DBoLsOmve5BCSPB
+YYKdrKfkGbj4J2klrptGmqgctyW5jKGddE6NO4XFYV174rsdPoErNWWcfptHEMLR
+BWfopqdN/HMrpRLTkjx9rIeBJ0F+wQEEH1JehnWExSSSAhm/gzQc1kU/wihOStU4
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cfb.pem
new file mode 100644
index 0000000..4284fff
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_cfb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-CFB,AEA62B1564D645C9
+
+NX4iex15O1Dwp6ADN+uFIycPB1ELvBDVRGh+OZnisNU9h+8dPO1cb3j2tkwLFK4i
+Pml4zz797d4I4GqdF2Y23dz2AoBrl2Lj0N0W01AlOGagh92pZ9dKjjU+S5N85OBw
+buDbADh16fSPW6Y88guWFXYBlGJ6HZFK/9D4CZmEfI2Pt9AwEIZ/JvWrs/zW5eGP
+YMFsLslsNu9TOIKF8iDnfcWM9MFpgwcFCIqTwyQ/+dka0hw33WsBREhFcNleLxhW
+NKBIMC6jNjpW916IClH5sBu7T8ps/7JVw4DUfpl8NAOaqJSicPGpZrGIZ9N9cfLp
+KD1XEy+yWc9ahV0mfiyOuzNnP2x9IEBdrk5uqJwIT9RuiFZixIH9MRuqAtrA5BIP
+dc2kw50AbXRghE0JdUEFfUm9zcRKdG366SgADnteNk/77gqI0OZJDD0XL9R/N3Tn
+uh3EI9joJciWDbEX0/751MfcLaa/EkI7quKMEyFGWvox9sKLLEKRUV6SfO/YX8ZM
+RV7ebJdW+Mxya/beG3Yb9TAYkrG2TT2+uhRqZlZllJQFnX7k5MxyfN5I+WJP7SEs
+Uy5PAkNv3h7DTV7dBFMy/gPYAooY4JzBnbq33af+w/VbhyhVid/hn9UAONahw7H/
+1Ao24IlYMza2fJ9yOn+ejLhjvwYIP5992cmElneqMdBfV+oaQTHtWUuVF6g4gJBw
+9QucqxH4JbYccwA1UiKIqkmOlePm5I57RbBw1OG/Un3SiPcAwiAW/UpI5yv8kNwq
+kZeWnD79kMBEW2pU1CTvf5f8aBmcgQykC0M8H25Jj2kVvj0EsRGx1LuQx3ZCSM9y
+sZejgZouYA1WuZaIsz+3t4fgYFiOHDxmSvPt6VtZAMJGmLB/Xa/PVI4rsyNv99wB
+UinlINhzeGKpYYHnUgN0PrRQl0LBR0TdrJ0eG1djEvflXsuAQVP7+gP+oCckkT2c
+pIVm2IzplT2wzsza6+o1SA5BF7RKI3A6IxySFEBJTeaiZnYeeJHxE2DJvU1Fe29G
+ML/lM02waLJNbIs0Vk/i+hyE1wtMwZetptG+En5TDzTkWlVSLSqW6LXVJ53J2E+q
+wypuz4akL8CaYRm4XTmIH3Tom3qSf7rdbL9gk8llZacFNqAl7x1C9zDUzKU0DAOg
+qPKAtD1s7Rtg+4p+5cIEAWD0TKX6DlXKC/EdYO1w0vmavGSvQrr+KENE4+/gIRst
+qlTCiEW2U+PPyOgpZAFF0g5y5Xw0Fea/0HwBBLfCiPKRmDHQIzWIEW7RkkNfQlHC
+iCTBoMRFDbwXJEI9XUu2N4RdmlP+84i6fSRWuzZGUACvzEnRJEc6H0FaaN+fX0wM
+Op5O2hcdA0YTGGmTLUAeajiQnqGRobC8jQL/WQRVwOiFU9rgy1K4Cu2T6eBubvVh
+gk/R12LezvD/KwLgQz1+vXa5Vgjp0xhpnLnJVzPqLG0Fmj3V4uRDc1Lvvl4uLJiR
+VFjFYlqxP6w+ToRqnrfbmUCuiq6pS9FQi2Tghd02P5TnZcyS2xF2X7o45gegMplS
+skPzTCON8140xpx6Flep3bHwzEI0CEwO8goVMc6x4a2Ggekjn/Nz2A==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ecb.pem
new file mode 100644
index 0000000..d9609d7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ecb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-ECB,270AFD04879E8434
+
+u8jYUJhoDMDNI5cHXhnJJ7Pm0lF+MrOl84maQOwfwZ5hBbjpx9s+z5SMYpWfz0yQ
+WlgBuGkaY1UNBDrwH6baA9/eqUzem9ZK+mYmjKC30OaumjKVJIB7cJfJf6Itcaom
+SH1W0kJYeDn7ANdmstOGxbr2TDCr0BXa+7j8cTo2TZX1rfsXcdmjQ+8Qa8zfQ3Q5
+FbrO+VNmAQwO7HeFjms38+ukJRW30EPibmbzx/YTCZ7XtCsXt6t6ggYja9Kvk/eI
+khwvFFk4g6Dv9YU+x2pyrkquIiTUo+jm3Vqhz2m0cGcqfynVEYn4fNPc27Ekw3uj
+CrprMgnfaX8QVx/EkpDYp7gpjcLYJObpUTcBo5iA7R3lpQ8itY1Ky7u6MMwQ2VHd
+XZcsS6b06mp2EW1CO951ZaPyma4AqoLl2gZ3zH4qPygp7uxrGdFdFSqrapVkDee/
+lLtj8Z+/g1IyVSIW2FP/SCoustCHcqeDDq70GKY9qiahNFybWn49vZAPB3HPM22f
+mCcw4ALiKr0S9oofxrb8PKxmDQMZAJqjc8qRMLktYh9rJLMoUG2bmQqpKmLLpx5q
+3CaKi3wofc005VcILyRgjumscAcpbTEz4vcR4jTwMPNP+WI8+AHtg0OcF+7hE8qc
+a9KTSsx3eJNbqq5UYxVjV/DcttNx9ENllnG+jEdttkaf+T9rJiayc0WPd+Eg0XlN
+ByBG0RCPQVJ9YH1Yke9HGE0FXv7FV6x4c22ePePcyE6VUNBoxdmXw+KRhRlvtXtM
+1fFMwUrY//jEpfbf193avTVVctDTLxDSmwY6eAMBm81uDTlpUm0q7l2rRuKzdgFd
+bG/MTOd/j7wtKJbQpbUfUNFtF6zjssPdGhJ3l+8Rg4xZyHWHgU5FYGodp9RsxUhm
+8AzoPDcVbbvu5YlPP+XvyEO1860fX6iSZKuOV+owjh2i51CPzsgX6OrOEb6/1rc3
+M5AkLVl4insmetdTqb9PHCgfD6bLYcDBj7Qnf4HEDQUGcRFe+jogOoSH40C5UgPq
+F83nXv6WYBb2Y97lhb44x7d1MzE1kkzQXlyf3QuZ0ZjOvm+LuOWkbQWmLj5JhFJv
+9CqY2MBL39EFamKjmmBmjrRsI9XMLHvB7VvT1hJPzxbF3UwDZ5BsA8IXSps0EjXR
+rZXSwo+vqTa3NlvysgvuJJUjwyf6mN2SVrNaKnZZ1OGFY1oQ3bmOgdI+SW9cpGzY
+Y8eFpaG2RAiOfBZ0JIyBUoHUH1MMMPw+Mh7KzIknP7O9htwiAWEvkcjWr7X6jpG8
+sBdBmszX3TMDTToQ6DvyjVRP7mJ39dV83bLI3EA+N8bJcTOcHijCvbzQM50WzMu1
+2UA9e6rG+ouQAgwaAHdR6bwm+Zr3e7MswZ0Q8/Snd1UdpyMyJ9nb031NSRSvkEyB
+ipu85/738J/g7tAIOJwwHeVWjL4lnrLC3CwbtvWAQ9Ox8Sjv848608GzQxFwHBHJ
+0NWgt/AfLYsq4bmmFWtqvqTjWeAeUsM+67UY8m6/kxhfRNNN3zZcckq2zlF7TRNU
+5AL/3KbVVLQl/7fD36m8AK5eImR+Gvom8ryzNacbNCL55ks0sycbICulXbdb0Jgm
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ofb.pem
new file mode 100644
index 0000000..cafccf9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_128_ofb.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-OFB,E5989634C878E65D
+
+6o45POmHfE72UAdMBQrRIm2+oZCd8GmkmrFZMXYnVWP8ciNiGVQqUxVJS9j5Rx17
+8qxpNrzvcWEGWcgs9AOqog7YXHkxo/s/RIOKjUu0WhY59UrYcbkN7Rjyn3wSSD8X
+kN4Z2tz3iR8LnfljD2ApbR3yEYz2NvmifZzsac58R3LvuFg3Tsl0QetPSC7PfMUh
+B7dezaycDcx8QJy+nRPcqpGzeL/VVk3F4Hppc15gfdWtVellGcYsT0Z2Iu42I5nx
+HYFajRliBukH98M1d905lk1aNLDj54BBcq08JsDJN/V6DY+mUpJCFOK4DfP5WLJb
+/HCQg0wqsUmRHK3dVo09ilZa4OfrrRD5qTWr5boDngAqyD1r1fiHxcv7uU/HOSvt
+PU53frz38BA+w1pHtlE0TSG0oBe/+741kJtpvj/1Ts7nUeYJ/DGR4vmLpg4rnbZJ
+Yky5TaDV2LVLFR4syqombb3eiK5xbnjePCQFLwxYLQKZFINiS5zDr5mdjhWbIhpA
+7wg9BKNpUeXRDtntWXvEH9FmyIicbk670riEYEo/EniwrxW9f7MFhPUpOb9ktE56
+RnaU0EK9zUx1sIvcu7LVq1G2EVG8IrOKGcj4LHysBtg6PQW5mvN4AA5PZlc2Sux4
+L5Z6mJfwgBbBB4OuRXAYxHZbnfMTs75vL3d/HIcvSPcvb+7nfvNLiwlaBxaUfBFh
+fyDurHkMG6tBgE6OORgWraNEINJeOYcG2WK60qC4E8YfYCmc9V+28A//bsyRWyku
+xIDup68r+Os5RMRAaZrkIqaH+h4Oyd5RqcjLnAFF/wLGnNwSttYT8o7WwCf9ZCCy
+NFvHDWyWMUxonaWgvuSm9YPfh9/9CEsHkKh2RqBffFcZ1ktEiYaI+dGyty12QW2Y
+909pnCZkKsm1Lt3ts/xie20/gcwfsnvUC8OveKPaiCnJxDv3r9pMCNFPdcXo0GuR
+oadhn9r2CqNCDo+l6JWVRka2t8+yCAskZC7bKJnSeKlEDyn7A/2SLb196G2k9cve
+V2qQenhzuHmG5PEVfhLWQ7fL1BmJcRDuQlSmMGrdmOD4Zb0Truq0zpFL2qaMBQvb
+58hG5YkYehE25j8PpJYovOQA2hih6v9RytR2VKlTeYNFbREf1sdLfeIphB9tlHlp
+qZ7eOFAjjVzLsC4LmoCzWMaQuwNO1f3WiNdGVvulHkWqFnGS9bBBTahUUWI5SYiQ
+90vhSmJ7R7461rqWwn34Om5jlgRV4+2LhUbp+XdOyklujQYviHsOs8/wlg3lKr76
+SwrU5oYqlJ7FJoDq4IPpOnJaxsRjkr9foecgdqrU4SJKyJJDbkHNfoYq9r/aZJ21
+ruPFv5t021gJmWa87199GlhBZD8dxeXo0PT298Y3pmaaSdQIWLPeDAtc1R9EJLwD
+6+ydhg3ZVtSgXU0zQ2SRVMGhqoEXHDUrMtjKzuaZsYL57tqH6At6vWS+xA0CJBCw
+7GkDpM/lLGjyisFEQL73F0YmJPpb5s4izzCLUMxZQZ3u4T3f9OPRvAIUf8MiFJxh
+RJq2Is1gD7M8+dySkFeAbQ1STvLy29uIxKTE6BgNng5NrY03GuK/5A==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_40.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_40.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_40.pem
new file mode 100644
index 0000000..5a9eecf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_40.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-40-CBC,BA10EF99A1862AB2
+
+/CfoFtIX0zgNckXzuODWoCYVY6NoXOvu1jt7J5/BfSZUydRWKa2lpR3SWAUAesQX
+H/IK9Wkz4um0QgrHy2fmVaAS1G3ifwgQ9dhW1EMiCEAmuNwPsT2YBatSyxnzWjHa
+dv4eZ0Snk4DsS/Ajwn+Oc9uZ3u5gKnfYk3tXoZ9BDPQbgIz01UI/AyGHttB43brl
+e1C+zKgCSa5WB8wfxCJsKHDSEHx+qlipVvDk/pntc9m4AM0sp5wsHRw3i1iirQOw
+AG6qRs3Ro3jwajlEWPmJolhbRQWyA2rUfSIajElYFlFgxPLI10m0tO5M55VYXpWe
+cprQNe/TxK+YJTcBvyhFmP4Ha9NeC0Vq6aHiECpZ1uObH1brZ1bdYUsSGodRzGMC
+ucOkFDpsp9We48TAHqEGArCsKexxe1dDe8b+cxdvyv33ZI7dyr7DfHek3X7B2rHv
+tZYjgx0cKn8SNl9qdRync9wLqjL2R99sHgphkXUA7qLP7ZdvZEeAGs5NEuq5oyDj
+4aybPFJu/xvByOEZBwEtrixVJ/2h4KYF6g2vK5CgmnYrq8SUNGobt+oLv3FywKhQ
+AK/YvDt97wXNdPNqPciqCP9LIeo0B0cgxFIbOOE3mvYgPaUoTtZ48B/hpkY4flKR
+U7opVqbNl/pnh1OCI1ce/K5KPw0rvYgsEQ8Q04+dipPdmvONYGhcgHflS52xju6s
+RbosS+iET3a6BB8ydRS8V4oezbr7AgzoSv7Od6geru87fYpVW3WbGag4w+Xgil7u
+C22epy/AX8naBOsMa2QMCZ97avi/qhMFIERzhQJcxULff0lHQBq+HMGsSI8jMEiH
+d2OIERTWasAEPdoBnELO3l4oywb4NmSp09m9imihdgocDAQEXyLkjmRqkm5H3Tdm
+ALFIaSwU5SE/dk3T+BTmnfl+Anx7QNWTdg+ykfH8VHbs10A/K2zt6RyJGLdStfKq
+VWORUG7gYcVGIQrcJllxt3Jt4sG3t3rSKA5dukM7+D1d54ExiJN5DrnaQ4kX/v7O
+nENonLRtV1KqrH32R+tIuBVA8rbmyseVequTBQpkHbG/IczTG1k6p0Qye17XlnPl
+kEPE3CG8+1RMLvflA1rTimSh1WafHsDwvwmTAgdkG5btLlfTpPnoKDy2hPS4Pd0P
+mF7OPVfA0Hl/oEqP7bqyUxuwFrz7pZXQrKDS02nXaqVAP02nKsiEUZNo2kprAO2v
+9ceOhXP3M+ItlWeNcX5jKRaaLddQvj1ntOKqDMfRk4yWm9ro8/E56Fkrq7GpKrXL
+FCJJTdrWk6EcSfI6grVjPbZGBJiA+21G4IPQWskPkr9gLuE0E9I1UAdliYKXOrPK
+F1lZ1ZBpG1ZBe9H8Gr2sK42pzJoFJsOvGRjCxlHpf/gBoOADH/hcxvQqBGizEr0F
+kKraZWJnlL8qhDzfJ7YLMqzFsOu7uYQRqfOcv+66FqT/by9rD7dR/M03YJReupoL
+lynJfffGCG6aeM8hLZ8iizjIc/RzCY0QS4lLPkRVSRNt3Z8RNX/nFuYhYgOx38pu
+6dflN059kTC5iyjsI5Ka/Xzq69kR21qCcHOoq6IQqZ7q5RM4Cj0SCXw8/4jeT2xY
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_64.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_64.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_64.pem
new file mode 100644
index 0000000..7d09608
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_rc2_64.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: RC2-64-CBC,DA39EAD05DD48A5B
+
+mil5OpL9dVqnEoKF7dNjIRYLgDjCBmTDZ//Bmkd4aqkPszHaCoQqgyGYOuqWXdT2
+FAluu/fHMLDTizyr2Jh00ekcR3nmnGM3B0oDiEtq84YMHPWYopWkpId1ZaoqluUe
+6NP6Zew4DZ8mEQvOxIxBEZqk0ye6srtLszByw/dTy4i9S7l4oR8hx1i6Jj9lLXS1
+y24lC68igFNeIecggG8uwZBVmnHCldZGn6DBBqcC0b415+59vwGuvc+POy0Hog/4
+ADPuZcXEO2whVGyOjCF7CjhEFfo0CO2niwS9PiUIYNsUluwfS+y1qhw4VJ61sQ/q
+7cNHrD4NfZHGwpIRXk4c27YHS+JsxH8Kh61e/dQPoeTf5NBQs3PthFcx+hzlTBAq
+VK/4TtRRlnqTVFKRydpKo3cNGp8qm9Kvz6fr/yLb7CJvdoGDyHVO7JvT8nYL5gC0
+dvN2RySKXMrgmPS7uMAWjpnDCdNoOX4pRTRPEdBw8WsdXqnBqXM8tvrkolF9n3//
+lldN3sSGLiYM1cwD4dXlYJEJNaarelHk6vpJIU4A6gYyN9MQnv061jd7sibrTAjZ
+Rx06R0FrYFbfkp4yAmUbrPO5gdwZPBGS9XzkZmZr+S4u1fH7tTFxIlWNgxwSzsZJ
+P9LXM8Iy408gDn1AJlbT7WbdWfcFzqIsmauRIXE66TloS+485ro9zX7O27MumF8S
+hjD+cRMieUEREuAAlpNxZj5kcT3SpxfSdaAZtJv8OKeRHz796LRxlLmx3ZDAjgN5
+0H37gSCXJDP2a4YnsiI7th5fNba84t1Qt4Q36v6EZT2kscv0TB04ov1+4UX9jCQI
+zn2zxzJk42kkxRSEBP3BnZf/qV5t6/+BKmg1QGCmS5AkIIlCDjTPpAom3n7YH9LV
+ykAQ6Wcdo/7dGtghgaHbPGl3cXR1u7BI97GCU4vzRbW58ULh7KSC1xptDJrP7tPE
+6OwwYk5YZ6lmg54cLbQcxeFwYQg1dc4pYAgBppUFUB/uWeQrbJP8/FN/GlW0HTOU
+kUIz5pbI7nstb2hHrRMTtG4c0oGO1ACD2LigQo5Cl7jR0sBC3I2MB/JcBBwAHPVP
+tePpIdSAZjAYI+x7LFxxXvT7eXe+BU4ZLGLcTISGJjtsbJG1oJ/e7dPP5bLL+zjJ
+MrwoE6awH5GKOOxB0iUGce8jg8566qY4e2vbmVL4a2qRiKyLowr7Lcz01VzzE/RX
+0Ec1I8noUmsystH/57UMBuhZNFjW3LtTaw6vuTrrmFtdmJcGwars9tBtH0LPip9X
+xQbwIiTJZCyDjql7Ecgu2ncw7zHZzbHrmoEF7VEdPT4z21utXgzJ3HubvB7Agvyz
+sB+EXeUqwZHnyN0GdGd6sqlHkW7TP1XxMrjewUHjXuY4SvsosJ/GqMY7uKJXK/Lt
+0kqYrV/YDIVsJ2JqyxwXYYIqmZfQ2xXTLuESuesT7omKFh4cgwbYHd33YWRCsZJB
+7Og8d3ciguWDutd1LOgx7da2ZA+3UVz8X601GRpFD8YoZTo8QOayXFvv7L1F3oeK
+b0w11lT0npxstmeMQUkbxAyCnKrwpQagiwBzKlr9ymJvh/ot6sJ5bAFDvZBBKkQU
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.der b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.der
new file mode 100644
index 0000000..3bba408
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.pem
new file mode 100644
index 0000000..f540dcc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/openssl_rsa_unencrypted.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7Plp
+gpjUg4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc
+8BQcwHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTj
+HE5t7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindx
+OSAnAxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfD
+HArDqUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABAoIBAFd6vTKVVT0O/U04
+wTtiptA/p7fkDM5PHVBxh32Wxno5pj8PerIaiduKyuRVh7PvJRMJpw903BrAK95o
+847WWOVOaF7TcKGMBURJUS6maiJS7TboK1ZbUVnsg/I99ArhiVUKGDhlsl/Xd4np
+YPDYztzXLzLXpm7bS6CiuvP762x9dfVu8K+afP8cjH8pfXLq55ghZOUKidRQaYz1
+mNOTQyAQlCQdLRgKlYgqcRHlj0pb28XBJaln3W7Z7GFMWFPojkxx6LaCp8+Jyx2C
+tv54zIZQhMjF37tQyTnfK4Ocl3sCRb+jYV4FkrUnsQE9W2dey0Tms1XB31gfUJlx
+dRZu7zkCgYEA/nWcTwzot2OIAhXoJ2fnqTcpdmj05LHhGcayKjyix7BsVH2I0KpF
+9kXX066tr3+LxZTergl4UpWSl3yx/4kPBQM6np4VVRytn7+cQdEhOczZnBw6x7IZ
+fv81DSNruQDBRAlTtklW4KBY74JKLhaJSvF1F3x32+H+99i1MmCNJRMCgYEAyZpF
+h4c3pM9z+YlmgLdUh/G2abdoamugcQOFbzHbZowsRAxEzdEW9wj2McN6mt8Rn1tc
+tY/+PcYuIK+vcmk9k23GuzxRlJlkaDicHwlAebgVIulFcrStfTlSkXjpuOuusfD9
+2DuHMcUiPx3qElNB0dZJF/axpq7BjTIFENefhZ8CgYACn+vw1M1BtwEcJGW0olm9
+YRhIZGTCRyNvRKFp1h5HuQYlCPZ0UI1QMQA86rxX5xTmANcbLHXVRD2y2lJrtFo3
+TwU3xaGqsxUHZM6TzzhshDRqa9AfZzLkIHXHoOnnip5zuTTn2HHQ91ZzggCJ4Smh
+YEQ47cu+tOIQZGfaESzjiQKBgQCCfnZlDJRq/NFwA40y4fg4arANa+eNgw7+OC5F
+1HrUvQTmIx7iLmZ0Dvv1KDgTSTLJ+MRgzczexYoUJEQnhZGS/Wq2xYt06XlBsOr1
+d/KhFxOvXllSrzrhJJqaiS6YQQ36JijZr2aKQ7UwL7fUlsmy/safWVKStumX8Hmw
+9jFOtwKBgQDmtirdNQ8aKolokD/3bDHPcDsNcybEpiCu8BIltxZAs/LsN1IIxfcp
+mGP2AFt3mbblKbsRM8hDW/X9taeG9s2KGe5wlKOE5lV8YAo4hFoJYN2/0d8Y0K9X
+QAAYU3iPG1zL+a/7TFLJ0u/biqsBg9hnNbMnN/tOeSuKnH2Rx9F1rg==
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.der
new file mode 100644
index 0000000..b092957
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.pem
new file mode 100644
index 0000000..8111b0d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8_rsa_unencrypted.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIY6+Wgj6MqdEd
+Yq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2NgZWIaODvOF9uOEK2U0Zf
+JEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rkcs3qwP2ba5VKn/pSqNLl
+nKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7UlWNO4TSlwG9qHZ1aoM3GI
+g5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr/AapxnfO8UFNxVWSOLW7
+ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGolSU8aUyqspvd8IWJPd5d
+6HBHueXNAgMBAAECggEAV3q9MpVVPQ79TTjBO2Km0D+nt+QMzk8dUHGHfZbGejmm
+Pw96shqJ24rK5FWHs+8lEwmnD3TcGsAr3mjzjtZY5U5oXtNwoYwFRElRLqZqIlLt
+NugrVltRWeyD8j30CuGJVQoYOGWyX9d3ielg8NjO3NcvMtembttLoKK68/vrbH11
+9W7wr5p8/xyMfyl9curnmCFk5QqJ1FBpjPWY05NDIBCUJB0tGAqViCpxEeWPSlvb
+xcElqWfdbtnsYUxYU+iOTHHotoKnz4nLHYK2/njMhlCEyMXfu1DJOd8rg5yXewJF
+v6NhXgWStSexAT1bZ17LROazVcHfWB9QmXF1Fm7vOQKBgQD+dZxPDOi3Y4gCFegn
+Z+epNyl2aPTkseEZxrIqPKLHsGxUfYjQqkX2RdfTrq2vf4vFlN6uCXhSlZKXfLH/
+iQ8FAzqenhVVHK2fv5xB0SE5zNmcHDrHshl+/zUNI2u5AMFECVO2SVbgoFjvgkou
+FolK8XUXfHfb4f732LUyYI0lEwKBgQDJmkWHhzekz3P5iWaAt1SH8bZpt2hqa6Bx
+A4VvMdtmjCxEDETN0Rb3CPYxw3qa3xGfW1y1j/49xi4gr69yaT2Tbca7PFGUmWRo
+OJwfCUB5uBUi6UVytK19OVKReOm4666x8P3YO4cxxSI/HeoSU0HR1kkX9rGmrsGN
+MgUQ15+FnwKBgAKf6/DUzUG3ARwkZbSiWb1hGEhkZMJHI29EoWnWHke5BiUI9nRQ
+jVAxADzqvFfnFOYA1xssddVEPbLaUmu0WjdPBTfFoaqzFQdkzpPPOGyENGpr0B9n
+MuQgdceg6eeKnnO5NOfYcdD3VnOCAInhKaFgRDjty7604hBkZ9oRLOOJAoGBAIJ+
+dmUMlGr80XADjTLh+DhqsA1r542DDv44LkXUetS9BOYjHuIuZnQO+/UoOBNJMsn4
+xGDNzN7FihQkRCeFkZL9arbFi3TpeUGw6vV38qEXE69eWVKvOuEkmpqJLphBDfom
+KNmvZopDtTAvt9SWybL+xp9ZUpK26ZfwebD2MU63AoGBAOa2Kt01DxoqiWiQP/ds
+Mc9wOw1zJsSmIK7wEiW3FkCz8uw3UgjF9ymYY/YAW3eZtuUpuxEzyENb9f21p4b2
+zYoZ7nCUo4TmVXxgCjiEWglg3b/R3xjQr1dAABhTeI8bXMv5r/tMUsnS79uKqwGD
+2Gc1syc3+055K4qcfZHH0XWu
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.der
new file mode 100644
index 0000000..f60e902
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.pem
new file mode 100644
index 0000000..acc262e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_des1.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQEwDgQIDKNx1mLdfnwCAggABIIEyMSJNGKOaf0rxVG7
+3es69KrcjE7RyU1RRy235ByFV3zmqxtv0QhPvIMxJwiaoRr9SE6wlzKYU0hiCkB9
+ggYeDQ7kQ1a79Gs7EPEVcevN1DpHMII4LW1XOMSfWLwffc/oETiLbkgPQxG0eEsA
+8z4/fS0k8tEQ6AOF4qa51UdORkfExRF5Yyv46fsUs57oCKtqYx/IIVPcSg8Ec3mz
+M+Zz+f820bB/vN8ge5KWdOalIZohYR56nPouPnCtc30CfHfFqTfJajFYLHCPKq4a
+yE7h/u46zi/T6Wqwrua35MLmD9ne+sPN8+Hxr3hlCh8HhYXroqr7PyZXcDbshpEM
+ZgVkrYIq4C2XXByQqXyYX0lO4TzhJHj0fhG1O0epTDuyyvQniEbD8lZFTc1xUnh3
+WNNB18WbX4Ra8neZDCNiJsIWCdQ+TMA80YPyIbP97Jo4zIi7DJciwHotSFyWYa8/
+2ROdcV65IrzKuF3w1ssJnuKtQ13Ku+UywaFCqf+0z2P0U/6noOLBx6xtDhW3KCgg
+FykZnG39jWAuwjfdh+EFgKl/m2FWVZ8AR0JZBlaboHDhbnUtcqUPLsHmlq05ozfr
+GwduBxVeMb0/v9WOQIvzqDykhd2CW7DzrnrOQwoH2NV64qWi8qyF7mQZPpzCiMNc
+Oe0/nwHPTp3C3dR4YOlLEAJTWqMGnD8byYG8JoMq1fQZcOnWZN4pZiL97hGRUFKQ
+bl9U6oWUJ37dLJFpIUqSqg3rEHpDOuJhFDRvkPIihnDV45PrvH5sbKTF482c+JUA
++aW5bDIpRIhB0Uhj+i8wDCsd/TD4X/0bDcuewFOZ7RpnJ+DkKfBiIONwAUVgWO4G
+ot2sxR5+ZGLfLgyES3nrpIRjhHDzGZT3lNtUvj7ceXEOv9LJWYGfezAAhu/LDcHH
+YX79AoI7qCITBOS+nIZMywAACOTjTRJML2RRWF3xzckhNV90vkT1vzdzeGPCXnZu
+iSb5PbLJAkWKaIcq6WaFumk6XK2cgVP231/K5+gDNN0YxwddmRHzoFZJFyOuXSFC
+Genw5ImW8V5M9SxJ6Hs2h9RoDssyn05XALMCx4n6Vj2q8PAMQoxFwwRAWql0hjvL
+ArzGt6IuPO/wE4xCL+6fCggixlAbHuu057XeMDmshQwc+nSyuQ+xujiVesI1RE/Y
+BT6ML6tLRTOWNKlNilJy2Ql1M6RoiZ66/IvMHarUeOe4IZpH8OlJARgjtViXKyCY
+k3TLPjOgRXaUkXvCmbpDBk7lCXWeDHeOMvigwrZD327G3GZ3gA9gNkS9fIx8eivY
+cVXL869yfceiZQ2DRFbfEh+bX4DI1JGDcTy+TgdFmpxLqKuBbC49AqbgQM78vY3C
+HuKPHLmnV9e2obPneMrHQXVs2PEhDOKwLJojq1W8YHJotrKQn+4z8NqJgcjNKgrs
+KOHywXzfHbzZryih8PkVtDeS/ycKOzl2D2lVTl6ZR1c/064zCJsQG5QZBuMDbaKF
+PhITFoHcmuUioS+F/HTh0tSJvwk/xI1W92WTJeM6pK97mxOxwWCuog3JmlwmCaKI
+HNhQjBxPe6R3IVjo9CU1RjqdujiRSH7iGkTR6Y48ELnqKwwJfJsARFDkXWOVy6gG
+IC14P4HAnNgLQ5ATVg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.der
new file mode 100644
index 0000000..9ee07a6
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem
new file mode 100644
index 0000000..0e9d9a7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md2_rc2_64.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQQwDgQIuhO2PlAopLUCAggABIIEyMnfUQr0i9ShsBuW
+/9RKaa9xR0WHNp6xj6A5ZjsMgZ/V2IlVJJ546zxSA3r4Bo2vEDY5GdJQ2AVlCDfA
+SWLcPWvHGhouqIvOehu7teThJp/QeYGbb25TUlwfz9Zrr7U5uDiICzbcM8jc+YeE
+5oyMQ3uzxTPJFxMoilQnr8v0pHUo3SuNj9Cur++sy0F0LCmMyjX8HNrUEctPzBdX
+QOCYrxGQ0H3yx64FaL8Kp1ZL4JI7zw1oDGvyRkJCD173uuwE/QvG/m4ym/fnVUzp
+xAXACHokmQgWsuFFSG9VbNdJ6XWMTdVMvQhBeJ8vMjNNlpvFVoAKJIldzDwROiKB
+XTPHSuNYpmwqN1Kx8QKstIUW+31Js0ZJ7WH4nC8lVu1mnhVG7TEIG3szd223IzBm
+fTbqOwOM/ZivWchr38dOYU7/tEizbyGPjP8EWUC9nxGkmJGdTaluvZ5kdeOH9r2Z
+YudYhH5N2FSKI/0em1rq/Jj9oA5zunbX3ZwdUM/poNCiSC24wq9trBjOc/CWP/EH
+9zLdO7TtCk+nBtoa8bAXwJWlK1LLQrA5lsM45fYqBhf26C07M5yNPsjTA4cFVF9o
+PFp3CO1B6BEdnl9ETaO1vyc0jB0QJE/z1ySglsBtN1HI9irsS/IqGHAQq9mt9tcv
+knAWpjO4vDu9GRh1TwFzliU/FH9UFG9yInQTzQVWMcbVgOPN5uxGfrFy2qiJNkAT
+iMOFQb1xE3MzYM4bj9p4uoKh04UdMusiIodBc0xmoXRqkNH2G+oFP2xsWtg4HCKY
+Exyxc7Py49h3yYet+IY9FUWC5Gdp8hBVFP23ENMeWVOnTIjby1MbkjFukQJrf3W3
+SqftK0nwYmXkdn3hwFX5CxAYqVb5XakrhxDJw63kFevfm5Mblpj9QhVcjGsWJ0f9
+pzrkUunLdyOIT18YzZkdVaeTTEbVbQWqNUsIFQ8n7HfaOnQ0iWUX523fcDnY1Sc+
+0vFe2NZvpnl9EtvYEQmcI2tjGpDVrCljvayKbn/xnC0ixxkI/P0PrfcqfyqxWRS8
+p/e99gBwJ620iFhWd2v/KmQ20RJzEofKI3Ze0fIvnbG/z6mPj5yj/E9EsWCXT4Tg
+svU91hsSa6xoOyeAOlzhFy/r9fdwNNzhsOSYU3fwqXZOzd/8gXi8qX2+bpBxv2S4
+3KB8fIVopHYUafXVerhsVwMEX9S0mlrFvUXn2+ZqWOR8PI0jpuvYuQ53ZFq7LU5H
+U8CSwG6LZIFiYDT+t7I2B+iH6E4refjr9UWGwWEYGvViFbNW/dEW4tMiwsCEoYUR
+iEcMN0SX/OqOqz3I++7tuxaP47NRWew6RhttnijaEAnWmtiThMO4BRKfltAXcCo2
+OLhCaik8119YAinRGgPoZtLBQ8ZvfVV69Zwmdc6xgF4ML13l4/04fy72nZndn6T3
+TPm2+t0ndyCyiI8QWA9b+JyAw6+L6RNnCHC7CknXmvczbnJYUwsz6x8oQimy05Ak
+N6QDVOJpoCUngw+gn74T1Cta5ZaxSJfGW8FK6qb0hO5wD7gZwtMzkDoo9xNbW6bw
+1l6lt//wyOqkhhXeHkJp37Eaf+XSCrmCij1GRqTyRPZL+jRySjXRrLLsIZYyVway
+81DyAMtYfjtpDDyzfQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.der
new file mode 100644
index 0000000..81cc168
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.pem
new file mode 100644
index 0000000..f0ec276
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_des1.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQMwDgQIxizKMy0aK/8CAggABIIEyAnnix29lspsrzEJ
+CN6s0zzdZvcbiGqUHTQCUKdhCmYBEns5IuocYmc6i/oONG9Gy/S7VcksLZPrWFAI
+DWuEpMKcnM/Sv7RtMq1kpAFlTlScRzxOEflaymUhr8P7fdAhjRi4DxZ5O32eHzhg
+G+yo5PhCkQSl+sClUh6owOl4zm7l3aVdqOK51fFE0EZ5RkZ9pRQ95Om5h6++c+IS
+T4Z2jF4mS2ALNg3vFABF3HQYO+KuGqrGRd7+gKr2QU6I1Zs6xcFVu6pF7T7jRKh4
+d31yJ1ac52+oWbw6P7Lwz9ZMzjlfxDhStXhl1FQ+iIeKq07J2urgXdxxzvoHfwOV
+wZakQejSWnyOvCvGZwJZJh5OZrad8Y9mAZgicYjDxWfxcLZQkZW+vUDJBWD37Sln
+8BwvYBATLdBPTqdXGgv4IyDwnPXdXxflRhHGTVi94oY3gEbhoH2yPvCD0IVtA1lI
+cG229JsbNQvH5DqTS32/mz0LJPlbPmP4tj7EZ4nqehM9wrF5dV+bigGqH6g4hfWg
+jCS+wRw//Qa/Z553XZq0WIJWg6JthiuiLlme1axOceLIO092+9HRjXQ1j4SlLPgs
+bgCiKn7uISvhxuAtir2d9jxqZ+KPDaSsLTMP5JycNwYCbtb4DYDGonwEfK+20tZ4
+3ZykwRKIyD5c25HBZ7maWbe86rc5c1a2fcvIjbXzwOXNXgNn4wn471oKchbXUq8p
+4RFw10omqTvzmKISucI3ymUkmuknRtVwc4bGAprvzpszBlSqPUi8E43+MVzc5pGu
+T0b6vGqhwYNVEYFJ2VplJZkgIDnT47PBPR7RmBak16kZhQPO8yUpVtEmhn6nCtvo
+It7wEktt0OxPcjLKm2Pus8oxWM/L38V3gADAqLny3A5c+at4VxkfMbNNNki/dh6M
+LBaLIgdKZoT6ZIwP5GIPjOn/y1FGOAB2NAHm+RwiPxCBshr6ztbMbcPJ+VhQpcy+
+z5FCoB3xIGE47KazVCUozy3JRjwY3aYqgQoIqbhvJfvxo3IfoY359x1lSAnQMGcQ
+AqsqRnjb+/PrwuPQW/vCR5SDfAxBJGsnnI0WR6nwmfDXrR0BQKjd+//M6y+GA9cF
+tm9b0gacTQDynK2tkcfbBwsHfQZJpAxWHpW6fgSRBxaMnFHq/sOqMtz28at8M0wX
+qOQLYPQw7pLTXMRuhSMI1UMs+fcTZ479El+inWZwzF3CjNnKr0LCV5ZhwLhPqOu3
+CjXeY4KOto1hGu5tufEIqNR506fehqnklq2qAwpFbJxzYyVzTADx/eTTNd/4EHk2
+B5u0lpY/xIgvSMAkkb1Y4v8MgBI6klgBAsKWhf0ojfn1fUuiY24/NzGTE5g5MZ7X
+ZyyFkqYrc+T7hXRSe+qXltLxD/4StXOTOBuf5TLsKbkBbKVHtnnrEwzhejQMGZrG
+BNk66KQRIL4LQlTBS5/rcumNgZys8cxYVw6swmvKw8ACSnihOBEvMlOqFBmXnjwv
+fn3sCuOoRmCRHNrk0wi6CNESBkJqlvstCNCuIIZZr7cXkihREK/uU/GirxAfmpCd
+jiHB/jD+FyOAoaSKaDfmjTjF1uLjyiEoBC82yfvYZBETm+ERp+6DWOR/mX9e36mT
+HQn56M8rvTeoNeqccg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.der
new file mode 100644
index 0000000..d060e47
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem
new file mode 100644
index 0000000..ba3a9c2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_md5_rc2_64.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQYwDgQI6ZMXmLzh0BYCAggABIIEyOU42e6vlc8GacmK
+NOf8IXA7FZsgmrHQKimv0HLfkxXa4MfIceL4GcHpKMPlAsXtbVkucaasIkGadBoC
+7tQP4ZvvsGS8H490QHzs5Q8WMpF9dG9rDfnf+/cKTEnRJ6BDqI7RN48p4VXtOiFq
++vxZ3j9EVW4+MLY+5qjJMyqtxUy5cOENM4HI4v+V76W1xZhOinCffEUMPwrxKtMD
+x26bDOWSTvhzNDcFjgmcbq1YQRoi++F/vDkiIsl675eosdYaGfTK5NJeiIBQ5J4U
+wtX44OQhtM7vxQzkPUZoxnul6s0Z0Sr5J2P0mureb4As+lyqPVoBMwJp4g9bJTgf
+zFDM+OiIiuRA2tgfakJ9xp7Nkg4HffEJobR4/7QG7TyXG78mlKi95g+ytUYAyB0x
+YEfiuKOxHkMlBALTMnJgyhDLtqrmTofcaBslNLBSMxKvCdJcZL3lncrRtx0u4YuG
+VXa1etHSfjNs9XS1jsrCCW5kGhHoWoaq3GS+XcdNm0U/hl/txIOhs8jFp4rEwAX4
+fc3uqhrK5yjTthWQL230jaoEfHhLyNJUDCGUZ77dc/t41o3FhwBseEqvPTOK3g5U
+bhI0DD3Rjp/wfcSPZDJdb5l23EWhBsFh37U6k64QtwJkXPpewMCYCli1isCVUA6W
+OpL3+nQZsQEs/sAkKF4x+eaIvrHypW+fI/7JLP61O7twBaoACapVNNlt1JMok8XZ
+4gQdvf6BLjE50M4onV649jc524ThC5nA74cKeEYX7UPFBWYc6EyIwbCIp9yLCWyH
+QZUpgpUXxAfk4AvMxO1XEtNDCs3eMGlzcXaHhb99mdKFQ6DB8dLNoWjCYsjjRWbP
+N0f/egQZUeUGXY6e4lcxFsb1ItVvSfMgkYJfrTLysVMiCpcjvwAZTKIMhM2iHf3f
+fUZD0SeN/XuY6GUBgEIKlNpeyNS19gkE27Ykj13MUpwzLQwH+DQGAlPGEnaZcAio
+M82BLlr85Q8LxypOZrmvIqJXqBbhH+lOfPRKUrhOOPt+Pye9BNUbJDpN2oktdqAP
+mJdCp5m4Vj9MgAF9VrgN4++uOkn1QO22xQyzdCOQnWeSPpI1wqlrU/AyxxGw/ex2
+mxZ+Y13CS6OHfgsZKawrov56qmog4Bfmxra+9y+C/FzFXhXgFhJu9M70dAYk8zqT
+U3EvL9eY+I+dxKR/ne+S0siCVgZ9/ZizYLrHyRaO1AkevlsBwaqc0ST5bT8+AWlK
+ZhPQVEH7uIbSSR2rUMF2olTZNDpRzCqn1ZxATZq84aMzgTjlxxHCrFP2zQOiV3No
+BrAfHYDXXe5uSqBDTDifbAJhDmDJinl7QOd7nHcFQloAySr53g3KMQ2WNRRkUMxe
+TLNhuN6Sm1ymvi7VYlNwVl0nqUltuV91lE0RzfO/fFVhRjUQ/HTvTwvQsFUy4DRl
+Q+Gx1p5lrM4zdYcsqgD19Pw+3AiFqQrGMPknz7WU7H+I9L+ZPlufokLVMbChSuga
+2jfSzE3ozkpD4jDBhUg5CHQC16AQ0JwwVGBOHiuOkNZ3ztLjik2rqU8BR8UqN+gc
+JGZWC+U5gOIzNzA89ovrO9ozPT1ig8icW4VP8rdx2pxN5qB9ZNgI/96T4R9MTgTz
+hhk2LVnA5n3xs6ku1g==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.der
new file mode 100644
index 0000000..421497e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.pem
new file mode 100644
index 0000000..d2a00d8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des1.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQowDgQIuvb3MliqZbQCAggABIIEyHVgem5Ez9BZJsRK
+Y35R50+mIs7AY/S9hVcbnXmfikN4VrM/PfP3vTUfyRe4tJnaA/5lEsUmTLpZxl1C
+EZNuPYWbGyqwjeDYTe6d62dLsdt3hLp+lpEF7NSFnNUCWF+ZuBujArrg8PVYGWsV
+eYvTDXXrdCUjZ3oXWSUQp7u7gVSKG/w/B8OXuKXHNwMMgdba2eAdGG5gOEN2Sfca
+loUPFEoZNtNoEw8Z1i6FM70cMSQ+Q6UL1OTshNKICFHx/RW9+VA5driUKbASzBEi
+T3egbUH6Rmv6MDANFDP5ql7FaNSaitah1O2yGbdjJlhYcGjLk5U7UnRrphvcPuXW
+t1izrQ2OtwV/6dTck7XJbrY2FKvq62N8wyNHqdidgh4zGGR8PiDUSEW9faUuW9Ux
+VS0495vOyZoophrNTX7iD9J1a3c8FJJzJAsGmk2mMAOcFLYWJKgXDRKZjMcYWfbj
+fxNz+TYlSb1+GGzZEyeiyr218tpxH46uwGe6dk0zuyEmCsK52S7g/pkJpL3paRT/
+xh+ds/Y3QHYGeCYkO8LNb3PWwhg6aO5Zcq/nSGE7l1EEvRbIiMombBYEsyvlO+/h
+0qgktSqpW8ukhyOGTXCFpy7vrLDK0qJibgaKhZ6HZim4vSXFl43kOSvHPNhip2jY
+fu1G8/nRPUf3JqxI/cCUiNj5FG8/Tm41RfXupGZeaMofCi9rKIRdWsk9w5mJ4l+W
+4Y8qrR3Tmemv0oqSm5NzuwFDqyl3tRQ/0DZ+lAEY2fZd+ntOY1vXUTQCQ1KQcdBW
+70FuB5mG8UK+ahBQNiEPxnuXkdqR7ELOazgK4VgVFvBf6biHTt+f81sR84yMOHsR
+kAM48CUZ7FULQ3VfIOfNpUthRMDo/bq/t7x/XWTaV+Oy/N84+icaqqpobJtLk0tJ
+0hHp9RXiwF/iL+u+MrEUFIyAdaQcqi7oxPIe8d3wL/q1jyftATVsRQyTClH2zFN8
+wxcQPs6xxOI8yGSCbHF4LTjCVtL/wzm7sCfzi3HezkhMtiHIKvFQjKjXXJRRAU6+
+JXztTyMokEF5e9PDuLoBin1gpJIDXQHgd8NZ76IOi0S9LeSvRFK6ESk1o3bg+PzS
+kZQ7bM+Rqt4jIsnuLwXe7dU9xprFiUAv0TxgFQI5QqX83tKllthAmBoE2t3KANR9
+tbOnC3Z+xiri2Z44kQgt789rqb60QpUMJm1eI3WSGzJN9Az3yxKL3wMB8tkd/G2B
+/6rMoC0RHGKh9LDP7IzTXT55JdmJGl0mY9ZSC9oDg/iUiFKwzlB8kjG8cU5/0ckQ
+Osz4b/Xn+2h7P1zvLyIcpH82FCRjxa6wLbOFqB1PUJ0ZtX9Dng4eEtxkxTSNoXgz
+O8TZrCC7EVY89y+vHsBD4XiJt7HCIymtwN3fLuDkqsHezcs2Y5ljJlwIcaUvzLg5
+e3kfVM4l1U+5XfdYvBHu5x1E2z0gcW2shhUFMGVzuy8xbvVENXsVYxyP0RHeqZgv
+Fj4NUPMicJ2KoC5Yej6IQlhTmFNsMy/TJLV2d3HwEFOTsG0saZHVLTCNLMpSPym4
+u5YaBOlwBsNuTlWtUMG/gBT+wKRNUaLIBJwmplSkKTWScxMILElv6FKZXpophiBs
+5AdrjrjM0jE7I8I+7w==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.der
new file mode 100644
index 0000000..c4ea356
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.pem
new file mode 100644
index 0000000..626dae3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des2.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6jAcBgoqhkiG9w0BDAEEMA4ECJmiRQv0ipIPAgIIAASCBMgYV8qimgmy3BFc
+RIPjRdYgrBHAs3IelCotDmny4mx0IjmHRqu4XNeye9dMhVnxpntxoNKc4B+Hfoa2
+QKvNj2uqOTJw08c2uu6BSmlr0UHJj9qyAergV0hh9vzIBD5tCr+hGwWIRyR3l+Y2
+D0ZaNPP+Axei6eLBV3QvRJt0AdiNPY6u7+SqdzKAwWj4iotbwVlcYsKEdMZQB69x
+x5fz2PZBHKMcg9EzU5coEOGacoKc3ex85v4V6ZA0gjSsmj4ldSvb9t4QfeFJWPsr
+waKPvFa+y4TSgg1mIrW0/+rH9QzrKAUVucLsM8SzyOXayWPQUmieNiTcMZJ8MOvj
+eJVyXOZ51BRLW1/hyGbJhgZEgqDlfNNecFXAFehFA8HEsAwm/KjiRaTM2znqv/jT
+ZA/rEeovoyjTQ5BjbLmcHIJL548EBHg6ea7Gs6QMoZU/0iouYKhHAgIrk7oIK+D+
+Y1kTQ+WbvQ6KpEmgySvznKzT2THrI5hny19dvcbZrk/rUsnrxicAbSbPmdaH2Rlr
+3xRi3h+LjPbuxTIIovToA3jvHprheeGiRODnoFzjQoUG+hROdOXyGz4/QQvIK1Ry
+AWGdaeKehzWye+eWB2p1p4oJWFDVgXwMIt+CXJJrsFVNp3n1f8jw0g+OrI/iHpOD
+roh6uaNCiBkqUSG0fCrOpKpoQKg6EcqV92l74YeXKcOwuLmSse3bxz9igof2jq+h
+NGoozV2qc5y4UqOjSGQsI12FMDV9t1np3GR413AjsXKbOHl83eTHLB/GYlpPkdNr
+obu7Xj5GVYLX7A54yof2gwBXH3dbI/1WGu9QU1JdUdnKL07FFs9BgtRqsU3MSHtJ
+EU38J+Ezlz8wW2eMyIXSTQBYshluIko7fzAkEVWT/OCL3RSJsB0xKB9OpgKD+p5z
+Q+AxibHxUBjxddwjEgcsX7KC9lEyMb1vH5XQxOO1vdup5eJZx6XL4+V3GoiZt8Im
+3VSOciynMLAkz/AgzcG8b4XdIzf7dpjN7dvJPpz8KKDG3hztnD0SWkZEpLcODeGP
+RJcki3WW70vy9/DDqbE749511N+jiLDTxFc25Jbd01XuPZSsONCB32zjgJZuxwax
+n4/+EWN7+H95G1a2IHJ6VlteSRXxRKrZ65yNju5eAIVIJk7REXA8FYx2mvNNuTeW
+FBbBT4hn7f2015PX4zJPe8ot0SPvC8GyxpLANCfbXCp6f5LAj/bsn9CeYh8yGiQ9
+WrMCz3RFt2itpvIEeO2W/MGs862GUMjdk8qrZyeRCnFjE7wja6CdcJidPKwp8dTd
+h+fdBJtLbB7BfOXn8OGaafCwFdGHvpogtv/GSyEsaT8Vp4D0QCWlJoABHchp8tvq
+8LjIfcA0kTP3UKTkvsRd3BJSZH7AOCinHF4IiC8kkvj0CxSseCsKjjBcXdb5ZnU1
+YUQirDYCwrKvZQn24cn/kp402JQpvParUDXl6gqoiIgrrjnsgcr75cf3AZkpLZe+
+f6zMPwg/M4Dg9l30F1OExUWNgfs78QaxByCKuXP92y1gZ5cDAYZoi+ioJ0pMTG3t
+egIdfMfc/kO36Pej3s86sJumMdWI7FTU96AZf5CM99Cl483oN2PpUXpj09K2et7G
+lwXMU9H/9aJxUqvZ+jo=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.der
new file mode 100644
index 0000000..df01c84
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.pem
new file mode 100644
index 0000000..6dad536
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_des3.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6jAcBgoqhkiG9w0BDAEDMA4ECDFK+hyHRPJSAgIIAASCBMjG2lWovCpivpZ7
+eXZjRQdhN/SrZCajGzwAQNtykElbBlRpObRlMpJUEed6kMI3V310hQDg/0imf+PE
+ff3ihc300LTMb5woiqadncRU96+WnheFLO26V65R7/ax2q4Thuci/1hD6bqNIzVb
+rBxyRr8XX8AwOIIkfCDFnNBppvvc8CT9vNJ7ezx4q87ALkuHu8DAo4NmWJZrOXzI
+VKv8TvyE6eNYRp5tiWwOloj19vRMCqU5tEjNWi7PT0FXSogMidpejhZrMb2N7oKg
+XHaaFlqofZz6CX586B9dRgg7EPoAE2d1R25o/jen8xL/mQsWa1WkM8hRsjIQ0Cip
+ng7gV1r7AwNQgrNoQoPBPHSAhFXGnXM9viTt1kHHjdE81A/JAsnw6OaI1TEAkHMV
+Lcu6ZDhKPBa798PDWEcGkYPa25NEJmV7cxFwZXH6b7C8h1S/FCLPuzYvhae2YSeW
+RgMb4MMweQHf9q9zb1Y7LyOiw1kO/vPiIFgS2KRxMwg3/L+FCK+D0NJaETB2ycM2
+gvn8U0hDY7lfTtog7jiInU7uZ0eXRF7mOyp5WdIQpmeqUNMBUteRvHscGm2jOdNI
+RUTUhLjKzfXGLRTqAScU9IB/tcin7X8tOg7rJkRQ3Vs6JcHd0U8Hm/tci9wXc7CZ
+MZBKEwPZ/+KwyzdbGbBp0Y+mzSshmOTyc2oe0uUhDhMKHw242uyaEj+1Wp3y8NmI
+dEx7c+A/KmeynNfwYabZTQW94IWkl8v4lr14hh++gyu6bBCeSVLe7ui9L8xxWYii
+g4n/SRFXnicU9Mt9m3yC1Dybd5ArctsLE/GnKIRyVJSwoUt9D6MB9m/3xosKG3YC
+525u05bpxOXEP7Ed9P3AnuoQpBgJQupy0CzZ81dy4CYPItJT9EgiPjF/e8+7YiKw
+y6ySR0LgvCb7yOOh64+xKo34dSs4C9l3QnBQ0hNfeT4nqr7eA8VLLjd0K1MKVjZz
+GBI9gsv9Uhj3G6wtVXITkMyHMIT0KPeUwyjSrFNaBhlN9Gr5rU1R4gHZpIBPeOt3
+7JfaDikpAphUx/wrywS7KFvVhb8RXCDAgg8xvtLO1vLTEUg4g4+XgKysuPqq+DrA
+AnUl48GNbZh+O/mJfpuAP9Y9x1a7ZT19iXXYdzrLOqfaoAsT8eGIbDVFo3GlB8B5
+mf0WJ+ovnzQBbGPxSYEVn3M/CLzpA85q8R+FD8ZtQIYBhGETODDGguUKnHQ6MI1V
+9pxH5unjulZWlhYo4VJGd0gmmFXMuLyBPh5w2xvQ8ZJLrJzAxMc/KCVxtTmTWJjy
+nkh2N906ZiChdecwvqgwq68WkDxcAbkqkNNTK7U4fDmeJNAVDrNTOHyL3mYryw4z
+pCjreLjxSOv997TappTy9gN5mJnbzDoLIq+vzFRHQGY0At6gcC5JE4QtwDWm4Wc6
+w3lMHYYqXceZjsCuIKu5To2racKl3AoxySnE1JQaZOKCt/xsSaRzS5TSmWyJp0Mx
+1YZwPpTGAaX0xcQVGihktpIHwLoxngqkzjXmQ5LMYhodfW8BYVcIX034D14RbM76
+ec9xRAoXQkDaIp/aUi1hMxyr9aEo7x4fVPrgHO8bV/2U0/qu7EZ2Vyg4/zSPb3Bx
+XC7kbX4PMsWZby737HA=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der
new file mode 100644
index 0000000..979f216
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem
new file mode 100644
index 0000000..989cda8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_128.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6jAcBgoqhkiG9w0BDAEFMA4ECOkayjIA+6pcAgIIAASCBMjjgTgBAlc/31JE
+i/jvM6IuCtTToO92d9Ut+tgT+b4u5VD+8KM4ayz9L+KIp3mvowk8pUKtsIWJPqFo
+Kf+crAWSPnYg8Of+ZFHu5s6SYu9wOQ9VOyP3LwHt1/5jnqhuBW92Buog7GvauqK1
+sdEsR3zuT7cpbq0MYrB6Bp/HI7fGYMUPwy1+T90lejrmTSVAyK7dyk6U96bkWVCx
+p5h0Pc+xF+IbtSqctCaw+FV8KdZgxV2e8GzGVlJpDa+J8xqjZNk1X88JuzrrIayi
+J92szEBhWIXwJdTj8mXBFjVb8w4khEv8i30ABxHxfo7eWpt33R1riizwt7NbbYbK
+2gUXqHmaS4MVKbsxb/NMiC2KbJ6Is7/tPYXvIiCqeKz1IcvrwbVbPJZBon1Ybyse
+JSDmcf9wwHt0zlZ7598OCtxCCy1JrUWooAmzGJZq4hkg+3+ell3i0boj8/2s5auY
+rD0ProInuCEsJG7JbzwUSsIAF7wmIxSLUJZBLbTKDs1XRIYtLVQfvT+ZQOge/d78
+sJh9BRzAlSpOVyEtGYYW4WZLJyJaN5Pt9+zmfSo4yf01VELmC40PipstDUiNQ6bX
+lGJbJLY5hEWPcd61lfVw3KdbtkzrUmnY+qZy8W3R+8zP4UV+IXWCW0anxrNiVUqJ
+QQkucC3/b6/AOjZGz+wx5RbpxzsSXx1P2pDdbxAXXy2KAUql+fM5ukeh3Rj7ih5w
+gS19Fx1XW9jikJg4GZEOs9LkERHcvhBHhfsSYUlgyzA7pcliFsYLSqe9KcfpvogI
+xJjkRVqc6hKYejU8HxW20MTdh7yDT3PEYBrkqmG2QSHVze73w40uyEoaTWCiWfdV
+VlLW9ddq6rypW13QK0zMcXizP6rrsM0PbDHvc+cyPGk2eWaBNWX59W6ewvQWVyp1
+hS5B5PzA5JUhUyW1/qbmNgO/se8jNT97E446bprQ+SGV1h6bd37SCplEBSsv8Gm2
+sYWAVT4IY64pFP0LO3SttKAi7QGxdcNXSkqzdhdu6A9+ZnAl3ssiGU+mj7rIl9ND
+aAhyIZpqdBYIOj4nJ+jwlNNxLrvhBTCocpIZE66uTGv8c5AGbyX43USzMTyx+fVl
+GC6SVPIoFLm+YNu5wSpLS9YSxfNr5AIcM8fkfBpNJ+v0gKi7Ky+n3Tu+CQyzxVXd
+k5Dy6Xs1Mw5fh9tOO9gJFXwIcAXZkEtbY4bjiA3fvEdLrKhzWaNOZKA9pKo7Zhdq
+gR3WA1A5iSDWTeyWkjJKSVxN+K7AkE5hQTI/6q+Su1JK6OOfui7BQvGKpgNiJGc8
+swHlwprbbNDqqeHLwp1+XTIFt9p3PhRuS4ooqWhhJTRTUxERI7g7J2oCl1kYv8HQ
+YfROPqOV/2d1TK7k0BSym4qCd1uQg6OewQ+C6w/QhkGf4Xm/FAfCkv7/cw51c4oq
+VJDJIX6O6u7rg9F00jb5e7DTw52x+afcMv10svlORM+LR/70gTwV7jV6DnXFUp9/
+ZDEq4qOqy/lCIgFTlziN3zjapfLYkcUppa2QHVgkNOEiRfwKQDXVwgX/kRkW9d6G
+WKgoxjeRT3A9VDcTrL4E+OtB2c4ykHsNzqsWunGGLR4KY3NyAHs3Qn2Egq/klpKp
+M/3VvFPU7quGOcbHYvs=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der
new file mode 100644
index 0000000..f3bb093
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem
new file mode 100644
index 0000000..7537522
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_40.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6jAcBgoqhkiG9w0BDAEGMA4ECEmBQOdpNXpwAgIIAASCBMiuvX4e3RsNqkgh
+TxtXZRqXCQN1CB2fxUhDKMW96szcVTZKBr1Doli85mdP7kPPbGHyouoFZZF+z76a
+2axtCvgx7X65MVB8G0MH6tMC+FPRcy8vLnGuibmy03vBfuw8aVrvF2EjDwG0zncl
+FdPUWutO4LiQbWT6zzfYbHOX3pw/ccIAgHyr7BBv0lPiyZu0+Xv8wfhvc1aAtg6V
+yM8Fw22hSMz9KnbWvdu9NcKJuHRoh2eLC4lXha+DN7PSA/DXxyEocx93pgia2mj1
+mb8oVkX1uHWtcLEPWBS3CtTAgskO6XH0IAL1M4FZOXqpf4IPAiWEanCjdVC8cO7T
+jEphF7E1aYgrCuZIoWiE6bkceA6rxPpGTtEafrUAJBSIeu0ek5bl6EiRBZdGCY+c
+DT5Oet3c80xk0+rz7L4IBUv92aHITSRs8E7CStMRWAIM7BuqesfOwz6uDt/SGW3I
+wNVBbrEGNemeHvT5QdML1mXXRZu4iMaNE3eoqT5Jcdq6keRZqihR/ZdBs6OEOQNO
+Olxcn3QgyCwmxajD2/sF8zwFHE0tBPwbgiMVBhTJooGzJ75LzpbvT0j/ly7JpIoz
+6EYWLKwBmJ48xQRWTGksb0/n6Pevq0OkFiCtkSn+S/U2V59RBMSWhIY2hiKrFsh5
+sss7GIDPLj6eneAnhjNFt7aAiZrX4bg/Hhofl65BxO8O/HFww5h/qRRslbwLIkjw
+xy+QPM3mkem5GaFyDT4pBeT536RH+NIXewyeMub/Va6MJNAT0JLAq6kRPr6RF0uj
+gqSVetDMHVXuKzBc+tkk3mEH2zt/tdOAOEtp/uh5kRyS8lzYCYbdMVwXG2b4tmKW
+c9pIPCpgqKqzYtLq5ohp4qbs+UKFnMfef4qxXA5qdjeSjLA5IfwiQ/2sjm94pYsp
+rBBv+zULfr1iQlsrPDpvFkV7frH7lRV/72iwUbXnMFkY8yZYCX7pPeMz8Mn/RKEI
+MXFXb5zYExs8oFySwOAIMA+f06Zuzi/uPB+DAek2foZ5EPTruizi9GSR0q16mtrg
+6iGU0fYiOws9RRfE0q5y7Hs0JAbG9ivsnKs30FFtHmK5icdQWfraIGVCR2QiPPfs
+N2lA/PkeuF+j5ADoYI5zQSgZjo5TawJcjtXzp79yLAsvoRk7MDpmrHudLHQucKz7
+vvOk0w9pQ36E1Ytkd8OLm5AX71/YZ1k74nh2gqVu5NIPLaOLUr35mD24+YwX606I
+OIaQ9auYDgZN517MD0knbFS0f8hCCg6yTOj489RXszjRglDZbKnrXRMUmFKBA3al
+g8RNupq/VUfXvxPIAcselPt2br2CCoJaLskZ8VKJEyqi8bnZvAxuEthnZDjX0uAn
+JQHDIUqdnIrTSxIihyNBzcs3O2WGh4YEsP3Y85o9KdYa9JT71w1gT9SVBXVHKqve
+e+HkohUkcs/qQMRwWFhWX3XoZklvum1czDxmVbzt2S9NZ2QUg52ga1MGfHTCyRXu
+IM9SnveJyXWjEJgSfGj2phnfw5oVy097FlrGS8WF+i6bRWVdJrV/0tnZ5FdB7qWL
+uDObQTopFbkXBbnwlJ68UYdkEDbkAvy7QOtyFEYOTYQOwsYglxd6iWI/M/a4ciKS
+TMOCQzxIRUPAeJENBTU=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der
new file mode 100644
index 0000000..c6356a7
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem
new file mode 100644
index 0000000..974828a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc2_64.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQswDgQIJu/CJ8iPmbcCAggABIIEyIFkDgXMUnmd21JV
+Jf5mVH17/NAPEUob1P1nijVJkuZlSx0Vv2ukPcotDLv5FQltgRMx3TS7xGI91Z5y
+vzCVrOsC8xB9OyulD6MdACAavDhy4e0mXu+6OiiXFIp8EeEap+dHszzl+G3vz7mf
+LCZMf8BkaXrl9RdDNDD10ich+vtuzllY5uAZzQIt/0gHVz048qNywoscYV7xniuH
+4AOpOFHo0F+zo5oxfK3ouWzhfvOhIvqxgK7PFqSMixmkIGgKkrhEYWDp5hrLpEyr
+qfXCRtpe5auOwt6pOQ7MvCNY78zF0WgHrmrmXiWcl0eBWAVzBZGefBl9DsRTeW7a
+83rno6bWfdTYZMP32XvDXsBlFaQu5xtC3wdvI5aX1Cj081KcRUdyVTkWe7Uz8DYZ
++3NZCbw/2AQ4KeGB52VVWy7R2ZGaHyRObVvT0MheEZN7iucMDlrxIRJLLUdKkyN7
+VXY5sLcN8JfSfKqLaxQp356IxJqdG2jdBbb6LqmCdNwtc0WrFErCGSS2PQEwTfVO
+s9u1WsReM+FEWW8/byoovbQvP9BVFsP9MZ67cM6fPMErLwmAaryB8gzajTHW6kh1
+i5RvoDl7XaUDVUVVAujsVA8cvwl5GU95XXQUTmPQGyObDz3fuwZKRPTYrOm4Mjvb
+tI0Fuc2HZ8/2a4OeB1CnnxfkXZW192tgriLUZLwfeE4nHV8Ik5C/iXC9f5oKB7Oe
+CVSJy9ZSszgw7Z69YzRhRbmxCbG+M1nUUUdIkEQbXKw4VtMx1HFRpZNk4ygvWd+j
+O/8h5QuOu3QBDXzGKUVMRhkOprKXqPRyO2EnqgV19FN7XSbiCwUhhXTfYfUxHwgS
+cvWeF78nb+eYGLTp1rDo+fbttc3hYgy3fH+9lHMV3uibdnVXXMbGvYkTaX5nwl04
+H5fz6EyYbVH+tg7C9lTED6cVAg1EesqdoUTtq77uVT61inlCfdPRr8iXa19KMTA0
+ICszvPEp1uISnA5DBSoLZeQFShzgbn+WtgfNqrE1o3oqsIi91wwpPMCirYhtBCoT
+sg3qPhGyr7ov0rDQRcDqTL0pkpfhF1xRzP1vDF5PwZhqujYnFTkcMfjRmUdu3Pjy
+VtMbrX1yb0Pyxi3Tdr51k17rqm6PM2QHmamy+8Mhz4Rg40VzwrwJd96orBmoYq0C
+IajfA4tnQ8eV82N1HnMa8WAcoKmjDwjvzoZ6IwNov1ddOj4+stcjQlkArp3mUIn+
+k2G+wxHkRdcqjrsht+ntBsDRE9MmMhbuDGbyZn5XrcIeUjSNt/Vv+2jHNXSV3Say
+rkFAGMgOpk2gUZEwYVZFPuY+crEgxu7ZhmmUXr4duTaEi0l4Dqod8EmGhrBun3UO
+690lnV/6dOTGmvDo9Afa4EVvpC8BFmFrGjEmtIz6cCx2RDSTg8KJI4XBw2YTCo0V
+/E41iA4lWVfGAxvfCu1Cm7JDfvVrFEuqEbH/FbDPYOBXYrQLawGWc5jd68eRToE2
+znCtxSHRwnKBnHpsZ6zIugpjxM4I2QinAts3bqUhLdU/h8YUC6xzco+XBc+GVj1D
+PiQsopJT2Cut/uY9jRHsZrm3HvTPRaFssjqEhrUjgcQgLijGDx5p+y1bvfFMI+q/
+18+pWzqjHQKpi4VIpA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der
new file mode 100644
index 0000000..43592e6
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/rsa/pkcs8v1_rsa_sha1_rc4_128.der differ
[17/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/httpclient/contrib/ssl/TestHttpclientContrib.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/httpclient/contrib/ssl/TestHttpclientContrib.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/httpclient/contrib/ssl/TestHttpclientContrib.java
new file mode 100644
index 0000000..572dae6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/httpclient/contrib/ssl/TestHttpclientContrib.java
@@ -0,0 +1,42 @@
+package org.apache.commons.httpclient.contrib.ssl;
+
+import static org.junit.Assert.assertEquals;
+import org.junit.Test;
+
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
+
+import java.io.File;
+import java.net.URL;
+
+public class TestHttpclientContrib {
+
+ @Test
+ public void theTest() throws Exception {
+ registerCerts();
+ }
+
+ public static void registerCerts() throws Exception {
+ File keyFile = new File("samples/keystores/Sun.jks.ks");
+ File trustFile = new File("samples/cacerts-with-78-entries.jks");
+ URL ks = keyFile.toURI().toURL();
+ URL ts = trustFile.toURI().toURL();
+
+ AuthSSLProtocolSocketFactory sf;
+ sf = new AuthSSLProtocolSocketFactory(ks, "changeit", ts, "changeit");
+ sf.setCheckHostname(false);
+
+ // There should be 78 certs in this trust-chain.
+ assertEquals(78, sf.getTrustChain().getCertificates().size());
+
+ TrustSSLProtocolSocketFactory tf;
+ tf = new TrustSSLProtocolSocketFactory(trustFile.getAbsolutePath(), "changeit".toCharArray());
+ tf.setCheckHostname(false);
+
+ String scheme1 = "https-test1";
+ Protocol.registerProtocol(scheme1, new Protocol(scheme1, (ProtocolSocketFactory) sf, 443));
+ String scheme2 = "https-test2";
+ Protocol.registerProtocol(scheme2, new Protocol(scheme2, (ProtocolSocketFactory) tf, 443));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/JUnitConfig.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/JUnitConfig.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/JUnitConfig.java
new file mode 100644
index 0000000..2318737
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/JUnitConfig.java
@@ -0,0 +1,46 @@
+package org.apache.commons.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.Properties;
+
+public class JUnitConfig {
+
+ public final static String TEST_HOME;
+
+ static {
+ String home = "";
+ File f = new File(System.getProperty("user.home") + "/.commons-ssl.test.properties");
+ if (f.exists()) {
+ Properties p = new Properties();
+
+ boolean loaded = false;
+ FileInputStream fin = null;
+ try {
+ fin = new FileInputStream(f);
+ p.load(fin);
+ loaded = true;
+ } catch (IOException ioe) {
+ System.err.println("Failed to load: " + f);
+ } finally {
+ if (fin != null) {
+ try {
+ fin.close();
+ } catch (IOException ioe) {
+ System.err.println("Failed to close: " + f);
+ }
+ }
+ }
+
+ if (loaded) {
+ home = p.getProperty("commons-ssl.home");
+ if (!home.endsWith("/")) {
+ home = home + "/";
+ }
+ }
+ }
+ TEST_HOME = home;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestBase64.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestBase64.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestBase64.java
new file mode 100644
index 0000000..4b29554
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestBase64.java
@@ -0,0 +1,89 @@
+package org.apache.commons.ssl;
+
+import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+
+import java.io.ByteArrayInputStream;
+import java.util.Arrays;
+import java.util.Random;
+
+
+public class TestBase64 {
+
+ @Test
+ public void testOrigBase64() throws Exception {
+ Random random = new Random();
+ for (int i = 0; i < 4567; i++) {
+ byte[] buf = new byte[i];
+ random.nextBytes(buf);
+ byte[] enc = Base64.encodeBase64(buf);
+ ByteArrayInputStream in = new ByteArrayInputStream(enc);
+ enc = Util.streamToBytes(in);
+ byte[] dec = Base64.decodeBase64(enc);
+ boolean result = Arrays.equals(buf, dec);
+ if (!result) {
+ System.out.println();
+ System.out.println("testOrigBase64 Failed on : " + i);
+ }
+ assertTrue(result);
+ }
+ for (int i = 5; i < 50; i++) {
+ int testSize = (i * 1000) + 123;
+ byte[] buf = new byte[testSize];
+ random.nextBytes(buf);
+ byte[] enc = Base64.encodeBase64(buf);
+ ByteArrayInputStream in = new ByteArrayInputStream(enc);
+ enc = Util.streamToBytes(in);
+ byte[] dec = Base64.decodeBase64(enc);
+ boolean result = Arrays.equals(buf, dec);
+ if (!result) {
+ System.out.println();
+ System.out.println("testOrigBase64 Failed on : " + testSize);
+ }
+ assertTrue(result);
+ }
+ }
+
+ @Test
+ public void testBase64() throws Exception {
+ Random random = new Random();
+ for (int i = 0; i < 4567; i++) {
+ byte[] buf = new byte[i];
+ random.nextBytes(buf);
+
+ ByteArrayInputStream in = new ByteArrayInputStream( buf );
+ Base64InputStream base64 = new Base64InputStream(in,true);
+ byte[] enc = Util.streamToBytes(base64);
+ in = new ByteArrayInputStream( enc );
+ base64 = new Base64InputStream(in);
+ byte[] dec = Util.streamToBytes(base64);
+
+ boolean result = Arrays.equals(buf, dec);
+ if (!result) {
+ System.out.println();
+ System.out.println("testBase64 Failed on : " + i);
+ }
+ assertTrue(result);
+ }
+ for (int i = 5; i < 50; i++) {
+ int testSize = (i * 1000) + 123;
+ byte[] buf = new byte[testSize];
+ random.nextBytes(buf);
+
+ ByteArrayInputStream in = new ByteArrayInputStream( buf );
+ Base64InputStream base64 = new Base64InputStream(in,true);
+ byte[] enc = Util.streamToBytes(base64);
+ in = new ByteArrayInputStream( enc );
+ base64 = new Base64InputStream(in);
+ byte[] dec = Util.streamToBytes(base64);
+
+ boolean result = Arrays.equals(buf, dec);
+ if (!result) {
+ System.out.println();
+ System.out.println("testBase64 Failed on : " + testSize);
+ }
+ assertTrue(result);
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestCertificates.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestCertificates.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestCertificates.java
new file mode 100644
index 0000000..cc90191
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestCertificates.java
@@ -0,0 +1,87 @@
+package org.apache.commons.ssl;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import javax.security.auth.x500.X500Principal;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.mockito.Mockito.when;
+
+/**
+ * Created by julius on 06/09/14.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class TestCertificates {
+
+ @Mock
+ private X509Certificate x509;
+
+ @Test
+ public void testGetCNsMocked() {
+ X500Principal normal = new X500Principal("CN=abc,OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
+ X500Principal bad1 = new X500Principal("CN=\"abc,CN=foo.com,\",OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
+ X500Principal bad2 = new X500Principal("ou=\",CN=evil.ca,\", CN=good.net");
+
+ when(x509.getSubjectX500Principal()).thenReturn(normal);
+ String[] cns = Certificates.getCNs(x509);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("abc", cns[0]);
+
+ when(x509.getSubjectX500Principal()).thenReturn(bad2);
+ cns = Certificates.getCNs(x509);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("good.net", cns[0]);
+
+ when(x509.getSubjectX500Principal()).thenReturn(bad1);
+ cns = Certificates.getCNs(x509);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("abc,CN=foo.com,", cns[0]);
+ }
+
+ @Test
+ public void testGetCNsReal() throws IOException, GeneralSecurityException {
+ String samplesDir = TEST_HOME + "samples/x509";
+
+ TrustMaterial tm = new TrustMaterial(samplesDir + "/x509_three_cns_foo_bar_hanako.pem");
+ X509Certificate c = (X509Certificate) tm.getCertificates().first();
+ String[] cns = Certificates.getCNs(c);
+ Assert.assertEquals(3, cns.length);
+ Assert.assertEquals("foo.com", cns[0]);
+ Assert.assertEquals("bar.com", cns[1]);
+ Assert.assertEquals("花子.co.jp", cns[2]);
+
+ tm = new TrustMaterial(samplesDir + "/x509_foo_bar_hanako.pem");
+ c = (X509Certificate) tm.getCertificates().first();
+ cns = Certificates.getCNs(c);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("foo.com", cns[0]);
+
+ tm = new TrustMaterial(samplesDir + "/x509_wild_co_jp.pem");
+ c = (X509Certificate) tm.getCertificates().first();
+ cns = Certificates.getCNs(c);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("*.co.jp", cns[0]);
+
+ tm = new TrustMaterial(samplesDir + "/x509_wild_foo_bar_hanako.pem");
+ c = (X509Certificate) tm.getCertificates().first();
+ cns = Certificates.getCNs(c);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("*.foo.com", cns[0]);
+
+ tm = new TrustMaterial(samplesDir + "/x509_wild_foo.pem");
+ c = (X509Certificate) tm.getCertificates().first();
+ cns = Certificates.getCNs(c);
+ Assert.assertEquals(1, cns.length);
+ Assert.assertEquals("*.foo.com", cns[0]);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestIPAddressParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestIPAddressParser.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestIPAddressParser.java
new file mode 100644
index 0000000..4c3cfa0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestIPAddressParser.java
@@ -0,0 +1,77 @@
+package org.apache.commons.ssl;
+
+import static org.apache.commons.ssl.util.IPAddressParser.*;
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+public class TestIPAddressParser {
+
+ @Test
+ public void theTest() {
+
+ // bad ones
+ assertNull("ip6 invalid", parseIPv6Literal(":::"));
+ assertNull("ip6 too many zero-expanders", parseIPv6Literal("1::1::"));
+ assertNull("ip6 .256 invalid", parseIPv6Literal("1::1:255.254.253.256"));
+ assertNull("ip6 too small", parseIPv6Literal("1:2:3:4"));
+ assertNull("ip6 no zero-expander after ip4", parseIPv6Literal("1:255.254.253.252::"));
+ assertNull("ip6 no zero-expander if 7 colons (end)", parseIPv6Literal("1:2:3:4:5:6:7:8::"));
+ assertNull("ip6 no zero-expander if 7 colons (begin)", parseIPv6Literal("::1:2:3:4:5:6:7:8"));
+ assertNull("ip6 88888 too many digits", parseIPv6Literal("1:2:3:4:5:6:7:88888"));
+ assertNull("ip6 missing colons", parseIPv6Literal("abcd"));
+ assertNull("ip6 umm, no", parseIPv6Literal("cookie monster"));
+ assertNull("ip6 empty string is invalid", parseIPv6Literal(""));
+ assertNull("ip6 null is invalid", parseIPv6Literal(null));
+
+ assertNull("ip4 not enough dots", parseIPv4Literal("abcd"));
+ assertNull("ip4 umm, no", parseIPv4Literal("cookie monster"));
+ assertNull("ip4 empty string is invalid", parseIPv4Literal(""));
+ assertNull("ip4 null is invalid", parseIPv4Literal(null));
+ assertNull("ip4 not enough dots 0", parseIPv4Literal("1"));
+ assertNull("ip4 not enough dots 1", parseIPv4Literal("1.2"));
+ assertNull("ip4 not enough dots 2", parseIPv4Literal("1.2.3"));
+ assertNull("ip4 needs digit after final dot", parseIPv4Literal("1.2.3."));
+ assertNull("ip4 [0-9] digits only", parseIPv4Literal("1.2.3.a"));
+ assertNull("ip4 too many dots", parseIPv4Literal("1.2.3.4.5"));
+ assertNull("ip4 0-255 range", parseIPv4Literal("1.2.3.444"));
+ assertNull("ip4 no negatives", parseIPv4Literal("1.2.-3.4"));
+ assertNull("ip4 no brackets", parseIPv4Literal("[1.2.3.4]"));
+
+ // good ones
+ assertArrayEquals(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, parseIPv6Literal("::"));
+ assertArrayEquals(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, parseIPv6Literal("1::"));
+ assertArrayEquals(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}, parseIPv6Literal("::1"));
+ assertArrayEquals(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}, parseIPv6Literal("1::1"));
+ assertArrayEquals(new byte[]{1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}, parseIPv6Literal("100::1"));
+
+ assertArrayEquals(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, -2, -3, -4},
+ parseIPv6Literal("1::1:255.254.253.252"));
+
+ assertArrayEquals(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -2, -3, -4},
+ parseIPv6Literal("::255.254.253.252"));
+
+ assertArrayEquals(new byte[]{0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, -1, -2, -3, -4},
+ parseIPv6Literal("1:2:3:4:5:6:255.254.253.252"));
+
+ assertArrayEquals(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 2, 0, 3, 0, 4}, parseIPv6Literal("::1:2:3:4"));
+ assertArrayEquals(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 3, 0, 4}, parseIPv6Literal("1::2:3:4"));
+ assertArrayEquals(new byte[]{0, 1, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 4}, parseIPv6Literal("1:2::3:4"));
+ assertArrayEquals(new byte[]{0, 1, 0, 2, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4}, parseIPv6Literal("1:2:3::4"));
+ assertArrayEquals(new byte[]{0, 1, 0, 2, 0, 3, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0}, parseIPv6Literal("1:2:3:4::"));
+
+ assertArrayEquals(new byte[]{0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8},
+ parseIPv6Literal("1:2:3:4:5:6:7:8"));
+
+ assertArrayEquals(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, parseIPv6Literal("[::]"));
+
+ assertArrayEquals(new byte[]{0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8},
+ parseIPv6Literal("[1:2:3:4:5:6:7:8]"));
+
+ assertArrayEquals(new byte[]{17, 17, 34, 34, 51, 51, 68, 68, 85, 85, 102, 102, 119, 119, -120, -120},
+ parseIPv6Literal("1111:2222:3333:4444:5555:6666:7777:8888"));
+
+ assertArrayEquals(new byte[]{0, 0, 0, 0}, parseIPv4Literal("0.0.0.0"));
+ assertArrayEquals(new byte[]{1, 2, 3, 4}, parseIPv4Literal("1.2.3.4"));
+ assertArrayEquals(new byte[]{-1, -1, -1, -1}, parseIPv4Literal("255.255.255.255"));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
new file mode 100644
index 0000000..01932ec
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestKeyMaterial.java
@@ -0,0 +1,118 @@
+package org.apache.commons.ssl;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.Locale;
+import javax.net.ssl.SSLSocket;
+
+public class TestKeyMaterial {
+ public static final char[] PASSWORD1 = "changeit".toCharArray();
+ public static final char[] PASSWORD2 = "itchange".toCharArray();
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ @Test
+ public void testKeystores() throws Exception {
+ String samplesDir = TEST_HOME + "samples/keystores";
+ File dir = new File(samplesDir);
+ String[] files = dir.list();
+ Arrays.sort(files, String.CASE_INSENSITIVE_ORDER);
+ for (String f : files) {
+ String F = f.toUpperCase(Locale.ENGLISH);
+ if (F.endsWith(".KS") || F.contains("PKCS12")) {
+ examineKeyStore(samplesDir, f, null);
+ } else if (F.endsWith(".PEM")) {
+ examineKeyStore(samplesDir, f, "rsa.key");
+ }
+ }
+ }
+
+ private static void examineKeyStore(String dir, String fileName, String file2) throws Exception {
+ String FILENAME = fileName.toUpperCase(Locale.ENGLISH);
+ boolean hasMultiPassword = FILENAME.contains(".2PASS.");
+
+ System.out.print("Testing KeyMaterial: " + dir + "/" + fileName);
+ char[] pass1 = PASSWORD1;
+ char[] pass2 = PASSWORD1;
+ if (hasMultiPassword) {
+ pass2 = PASSWORD2;
+ }
+
+ file2 = file2 != null ? dir + "/" + file2 : null;
+
+ Date today = new Date();
+ KeyMaterial km;
+ try {
+ km = new KeyMaterial(dir + "/" + fileName, file2, pass1, pass2);
+ } catch (ProbablyBadPasswordException pbpe) {
+ System.out.println(" WARN: " + pbpe);
+ return;
+ }
+ assertEquals("keymaterial-contains-1-alias", 1, km.getAliases().size());
+ for (X509Certificate[] cert : (List<X509Certificate[]>) km.getAssociatedCertificateChains()) {
+ for (X509Certificate c : cert) {
+ assertTrue("certchain-valid-dates", c.getNotAfter().after(today));
+ }
+ }
+
+ SSLServer server = new SSLServer();
+ server.setKeyMaterial(km);
+ ServerSocket ss = server.createServerSocket(0);
+ int port = ss.getLocalPort();
+ startServerThread(ss);
+ Thread.sleep(1);
+
+
+ SSLClient client = new SSLClient();
+ client.setTrustMaterial(TrustMaterial.TRUST_ALL);
+ client.setCheckHostname(false);
+ SSLSocket s = (SSLSocket) client.createSocket("localhost", port);
+ s.getSession().getPeerCertificates();
+ InputStream in = s.getInputStream();
+ Util.streamToBytes(in);
+ in.close();
+ // System.out.println(Certificates.toString((X509Certificate) certs[0]));
+ s.close();
+
+ System.out.println("\t SUCCESS! ");
+ }
+
+
+ private static void startServerThread(final ServerSocket ss) {
+ Runnable r = new Runnable() {
+ public void run() {
+ try {
+ Socket s = ss.accept();
+ OutputStream out = s.getOutputStream();
+ Thread.sleep(1);
+ out.write("Hello From Server\n".getBytes());
+ Thread.sleep(1);
+ out.close();
+ s.close();
+ } catch (Exception e) {
+
+ System.out.println("Test ssl server exception: " + e);
+
+ }
+ }
+ };
+
+ new Thread(r).start();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestOpenSSL.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
new file mode 100644
index 0000000..d44a260
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestOpenSSL.java
@@ -0,0 +1,150 @@
+package org.apache.commons.ssl;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Random;
+
+public class TestOpenSSL {
+
+ public void encTest(String cipher) throws Exception {
+ Random random = new Random();
+ char[] pwd = {'!', 'E', 'i', 'k', 'o', '?'};
+
+ for (int i = 0; i < 4567; i++) {
+ byte[] buf = new byte[i];
+ random.nextBytes(buf);
+ byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
+ byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
+ boolean result = Arrays.equals(buf, dec);
+ if (!result) {
+ System.out.println();
+ System.out.println("Failed on : " + i);
+ }
+ assertTrue(result);
+ }
+
+ for (int i = 5; i < 50; i++) {
+ int testSize = (i * 1000) + 123;
+ byte[] buf = new byte[testSize];
+ random.nextBytes(buf);
+ byte[] enc = OpenSSL.encrypt(cipher, pwd, buf);
+ byte[] dec = OpenSSL.decrypt(cipher, pwd, enc);
+ boolean result = Arrays.equals(buf, dec);
+ if (!result) {
+ System.out.println();
+ System.out.println("Failed on : " + testSize);
+ }
+ assertTrue(result);
+ }
+
+ }
+
+ @Test
+ public void testDES3Bytes() throws Exception {
+ encTest("des3");
+ }
+
+ @Test
+ public void testAES128Bytes() throws Exception {
+ encTest("aes128");
+ }
+
+ @Test
+ public void testRC2Bytes() throws Exception {
+ encTest("rc2");
+ }
+
+ @Test
+ public void testDESBytes() throws Exception {
+ encTest("des");
+ }
+
+ @Test
+ public void testDecryptPBE() throws Exception {
+ File d = new File(TEST_HOME + "samples/pbe");
+ File[] files = d.listFiles();
+ if (files == null) {
+ fail("No testDecryptPBE() files to test!");
+ }
+ int testCount = 0;
+ Arrays.sort(files);
+ for (File f : files) {
+ testCount += process(f, 0);
+ }
+ System.out.println(testCount + " pbe test files successfully decrypted.");
+ }
+
+ private static int process(File f, int depth) throws Exception {
+ int sum = 0;
+ String name = f.getName();
+ if ("CVS".equalsIgnoreCase(name)) {
+ return 0;
+ }
+ if (".svn".equalsIgnoreCase(name)) {
+ return 0;
+ }
+ if (name.toUpperCase().startsWith("README")) {
+ return 0;
+ }
+
+ if (f.isDirectory()) {
+ if (depth <= 7) {
+ File[] files = f.listFiles();
+ if (files == null) {
+ return 0;
+ }
+ Arrays.sort(files);
+ for (File ff : files) {
+ sum += process(ff, depth + 1);
+ }
+ } else {
+ System.out.println("IGNORING [" + f + "]. Directory too deep (" + depth + ").");
+ }
+ } else {
+ if (f.isFile() && f.canRead()) {
+ String fileName = f.getName();
+ int x = fileName.indexOf('.');
+ if (x < 0) {
+ return 0;
+ }
+ String cipher = fileName.substring(0, x);
+ String cipherPadded = Util.pad(cipher, 20, false);
+ String filePadded = Util.pad(fileName, 25, false);
+ FileInputStream in = null;
+ try {
+ in = new FileInputStream(f);
+ byte[] encrypted = Util.streamToBytes(in);
+ char[] pwd = "changeit".toCharArray();
+ try {
+ byte[] result = OpenSSL.decrypt(cipher, pwd, encrypted);
+ String s = new String(result, "ISO-8859-1");
+ assertTrue(cipherPadded + "." + filePadded + " decrypts to 'Hello World!'", "Hello World!".equals(s));
+ return 1;
+ } catch (NoSuchAlgorithmException nsae) {
+ System.out.println("Warn: " + cipherPadded + filePadded + " NoSuchAlgorithmException");
+ return 0;
+ } catch (ArithmeticException ae) {
+ if (cipherPadded.contains("cfb1")) {
+ System.out.println("Warn: " + cipherPadded + filePadded + " BouncyCastle can't handle cfb1 " + ae);
+ return 0;
+ } else {
+ throw ae;
+ }
+ }
+ } finally {
+ if (in != null) {
+ in.close();
+ }
+ }
+ }
+ }
+ return sum;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
new file mode 100644
index 0000000..31da307
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestPKCS8Key.java
@@ -0,0 +1,54 @@
+package org.apache.commons.ssl;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.Arrays;
+import java.util.Locale;
+
+public class TestPKCS8Key {
+
+ @Test
+ public void testDSA() throws Exception {
+ checkFiles("dsa");
+ }
+
+ @Test
+ public void testRSA() throws Exception {
+ checkFiles("rsa");
+ }
+
+ private static void checkFiles(String type) throws Exception {
+ String password = "changeit";
+ File dir = new File(TEST_HOME + "samples/" + type);
+ File[] files = dir.listFiles();
+ if (files == null) {
+ fail("No files to test!");
+ return;
+ }
+ byte[] original = null;
+ for (File f : files) {
+ String filename = f.getName();
+ String FILENAME = filename.toUpperCase(Locale.ENGLISH);
+ if (!FILENAME.endsWith(".PEM") && !FILENAME.endsWith(".DER")) {
+ // not a sample file
+ continue;
+ }
+
+ FileInputStream in = new FileInputStream(f);
+ byte[] bytes = Util.streamToBytes(in);
+ PKCS8Key key = new PKCS8Key(bytes, password.toCharArray());
+ byte[] decrypted = key.getDecryptedBytes();
+ if (original == null) {
+ original = decrypted;
+ } else {
+ boolean identical = Arrays.equals(original, decrypted);
+ assertTrue(f.getCanonicalPath() + " - all " + type + " samples decrypt to same key", identical);
+ }
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
new file mode 100644
index 0000000..ddbfbfe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/test/java/org/apache/commons/ssl/TestTrustMaterial.java
@@ -0,0 +1,65 @@
+package org.apache.commons.ssl;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+
+public class TestTrustMaterial {
+
+ File pemFile = new File(TEST_HOME + "samples/x509/certificate.pem");
+ File derFile = new File(TEST_HOME + "samples/x509/certificate.der");
+
+ @Test
+ public void theTest() throws GeneralSecurityException, IOException {
+ // TrustMaterial in 0.3.13 couldn't load cacerts if it contained any private keys.
+ TrustMaterial tm = new TrustMaterial(TEST_HOME + "samples/cacerts-with-78-entries-and-one-private-key.jks");
+ Assert.assertEquals(78, tm.getCertificates().size());
+ }
+
+ @Test
+ public void testLoadByFile() throws GeneralSecurityException, IOException {
+ TrustMaterial tm1 = new TrustMaterial(pemFile);
+ TrustMaterial tm2 = new TrustMaterial(derFile);
+ Assert.assertTrue(equalKeystores(tm1, tm2));
+ }
+
+ @Test
+ public void testLoadByBytes() throws GeneralSecurityException, IOException {
+ TrustMaterial tm1 = new TrustMaterial(Util.fileToBytes(pemFile));
+ TrustMaterial tm2 = new TrustMaterial(Util.fileToBytes(derFile));
+ Assert.assertTrue(equalKeystores(tm1, tm2));
+
+ }
+
+ @Test
+ public void testLoadByURL() throws GeneralSecurityException, IOException {
+ TrustMaterial tm1 = new TrustMaterial(pemFile.toURI().toURL());
+ TrustMaterial tm2 = new TrustMaterial(derFile.toURI().toURL());
+ Assert.assertTrue(equalKeystores(tm1, tm2));
+ }
+
+ @Test
+ public void testLoadByStream() throws GeneralSecurityException, IOException {
+ TrustMaterial tm1 = new TrustMaterial(new FileInputStream(pemFile));
+ TrustMaterial tm2 = new TrustMaterial(new FileInputStream(derFile));
+ Assert.assertTrue(equalKeystores(tm1, tm2));
+
+ }
+
+ @Test
+ public void testLoadByPath() throws GeneralSecurityException, IOException {
+ TrustMaterial tm1 = new TrustMaterial(pemFile.getPath());
+ TrustMaterial tm2 = new TrustMaterial(derFile.getPath());
+ Assert.assertTrue(equalKeystores(tm1, tm2));
+ }
+
+ private static boolean equalKeystores(TrustMaterial tm1, TrustMaterial tm2) throws KeyStoreException {
+ return Util.equals(tm1.getKeyStore(), tm2.getKeyStore());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/version.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/version.txt b/3rdparty/not-yet-commons-ssl/version.txt
new file mode 100644
index 0000000..d8913dd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/version.txt
@@ -0,0 +1 @@
+$URL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/version.txt $
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/pom.xml
----------------------------------------------------------------------
diff --git a/3rdparty/pom.xml b/3rdparty/pom.xml
new file mode 100644
index 0000000..b8a816c
--- /dev/null
+++ b/3rdparty/pom.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-all</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>3rdparty</artifactId>
+ <name>Third Party Projects</name>
+ <description>Third Party Projects</description>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>not-yet-commons-ssl</module>
+ </modules>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/LICENSE
----------------------------------------------------------------------
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..ad410e1
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,201 @@
+Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} {name of copyright owner}
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0c53256
--- /dev/null
+++ b/README.md
@@ -0,0 +1,97 @@
+Haox
+====
+
+Haox aims for a Java Kerberos binding, and provides richful, inituitive and interoperable implementation, library and various facilities that integrate Kerberos, PKI and token (OAuth) as desired in modern environments such as mobile, cloud and Hadoop.
+
+### The Initiatives/Goals
+* Aims as a Java Kerberos binding, with richful and integrated facilities that integrate Kerberos, PKI and token (OAuth) for both client and server sides.
++ Provides client APIs in Kerberos protocol level to interact with a KDC server thru AS and TGS exchanges.
++ Provides an embeded KDC server that applications can easily integrate into products, unit tests or integration tests.
++ Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
++ Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credential.
++ Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
++ Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage.
++ Least dependency, the core part is ensured to depend only on JRE, for easy use and maintain.
+
+### Update
+We’re collaborating with ApacheDS community and preparing this project to be ready for a sub project. Feedback is welcome.
+
+### Status
+As follows, with the core and critical parts done, important features are still ongoing.
+It's going to release 0.1 version in the early next year. We do not suggest production usage prior to the release.
+<pre>
+ASN-1 (done)
+Kerberos core and codec (done)
+Kerberos Crypto (done)
+Embedded KDC (the core done)
+KrbClient (partial APIs done and available)
+Preauth/FAST framework (partially done)
+Token Preauth (ongoing)
+PKINIT (ongoing)
+Keytab util (credential cache and keytab support, done)
+</pre>
+
+### Desired KrbClient APIs (partialy done)
+* Initiate a KrbClient
+<pre>
+KrbClient krbClient = new KrbClient(kdcHost, kdcPort);
+</pre>
+* Request a TGT with user plain password credential
+<pre>
+krbClient.requestTgtTicket(principal, password);
+</pre>
+* Request a TGT with user x509 certificate credential
+<pre>
+krbClient.requestTgtTicket(principal, certificate);
+</pre>
+* Request a TGT with user token credential
+<pre>
+krbClient.requestTgtTicket(principal, kerbToken);
+</pre>
+* Request a service ticket with user TGT credential for a server
+<pre>
+krbClient.requestServiceTicket(tgt, serverPrincipal);
+</pre>
+* Request a service ticket with user AccessToken credential for a server
+<pre>
+krbClient.requestServiceTicket(accessToken, serverPrincipal);
+</pre>
+
+### The ASN-1 support
+Please look at [haox-asn1](https://github.com/drankye/haox/blob/master/haox-asn1/README.md) for details.
+
+### Kerberos Crypto and Encryption Types
+Implementing des, des3, rc4, aes, camellia encryption and corresponding checksum types
+Interoperates with MIT Kerberos and Microsoft AD
+Independent with Kerberos codes in JRE, but rely on JCE
+
+| Encryption Type | Description |
+| --------------- | ----------- |
+| des-cbc-crc | DES cbc mode with CRC-32 (weak) |
+| des-cbc-md4 | DES cbc mode with RSA-MD4 (weak) |
+| des-cbc-md5 | DES cbc mode with RSA-MD5 (weak) |
+| des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd | Triple DES cbc mode with HMAC/sha1 |
+| des-hmac-sha1 | DES with HMAC/sha1 (weak) |
+| aes256-cts-hmac-sha1-96 aes256-cts AES-256 | CTS mode with 96-bit SHA-1 HMAC |
+| aes128-cts-hmac-sha1-96 aes128-cts AES-128 | CTS mode with 96-bit SHA-1 HMAC |
+| arcfour-hmac rc4-hmac arcfour-hmac-md5 | RC4 with HMAC/MD5 |
+| arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp | Exportable RC4 with HMAC/MD5 (weak) |
+| camellia256-cts-cmac camellia256-cts | Camellia-256 CTS mode with CMAC |
+| camellia128-cts-cmac camellia128-cts | Camellia-128 CTS mode with CMAC |
+| des | The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak) |
+| des3 | The triple DES family: des3-cbc-sha1 |
+| aes | The AES family: aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 |
+| rc4 | The RC4 family: arcfour-hmac |
+| camellia | The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac |
+
+### Dependency
+The core part is ensured to only depend on JRE. Every external dependency is taken carefully and maintained separately.
+
+##### Contrib Projects
+- haox-asn1. A model driven ASN-1 encoding and decoding framework
+- haox-event. A pure event driven application framework aiming to construct applications of asynchronous and concurrent handlers. It includes UDP and TCP transport based on pure Java NIO and concurrency pattern.
+- haox-config. A unified configuration API that aims to support various configuration file formats, like XML, JNI, CSV and Java Properties file.
+- haox-token. Implements a JWT token API for Kerberos that's defined in TokenPreauth drafts.
+
+### License
+Apache License V2.0
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
new file mode 100644
index 0000000..7b1733a
--- /dev/null
+++ b/benchmark/pom.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>haox-all</artifactId>
+ <groupId>org.haox</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>benchmark</artifactId>
+
+ <name>Haox benchmark</name>
+ <description>Haox benchmark tests</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-core-api</artifactId>
+ <version>2.0.0-M15</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-schema-data</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-interceptor-kerberos</artifactId>
+ <version>2.0.0-M15</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-schema-data</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-protocol-shared</artifactId>
+ <version>2.0.0-M15</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-protocol-kerberos</artifactId>
+ <version>2.0.0-M15</version>
+ <scope>compile</scope>
+ <exclusions>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-ldif-partition</artifactId>
+ <version>2.0.0-M15</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-schema-data</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-mavibot-partition</artifactId>
+ <version>2.0.0-M15</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-schema-data</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-all</artifactId>
+ <version>1.0.0-M20</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xpp3</groupId>
+ <artifactId>xpp3</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>dom4j</groupId>
+ <artifactId>dom4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/benchmark/src/main/resources/apreq.token
----------------------------------------------------------------------
diff --git a/benchmark/src/main/resources/apreq.token b/benchmark/src/main/resources/apreq.token
new file mode 100644
index 0000000..c02318a
Binary files /dev/null and b/benchmark/src/main/resources/apreq.token differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/benchmark/src/test/java/org/apache/kerberos/benchmark/KrbCodecPerfTest.java
----------------------------------------------------------------------
diff --git a/benchmark/src/test/java/org/apache/kerberos/benchmark/KrbCodecPerfTest.java b/benchmark/src/test/java/org/apache/kerberos/benchmark/KrbCodecPerfTest.java
new file mode 100644
index 0000000..254c226
--- /dev/null
+++ b/benchmark/src/test/java/org/apache/kerberos/benchmark/KrbCodecPerfTest.java
@@ -0,0 +1,60 @@
+package org.apache.kerberos.benchmark;
+
+import org.apache.directory.api.asn1.DecoderException;
+import org.apache.directory.api.asn1.EncoderException;
+import org.apache.directory.api.asn1.ber.Asn1Decoder;
+import org.apache.directory.shared.kerberos.codec.apReq.ApReqContainer;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.ap.ApReq;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+
+public class KrbCodecPerfTest {
+
+ public static void main(String[] args) throws KrbException, IOException, DecoderException, EncoderException {
+ InputStream is = KrbCodecPerfTest.class.getResourceAsStream("/apreq.token");
+ byte[] bytes = new byte[is.available()];
+ is.read(bytes);
+
+ int times = 1000000;
+ perfApacheDS(ByteBuffer.wrap(bytes), times);
+ perfHaox(ByteBuffer.wrap(bytes), times);
+ }
+
+ private static void perfHaox(ByteBuffer apreqToken, int times) throws KrbException, IOException {
+ long start = System.currentTimeMillis();
+
+ for (int i = 0; i < times; ++i) {
+ //ApReq apReq = KrbCodec.decode(apreqToken, ApReq.class);
+ ApReq apReq = new ApReq(); apReq.decode(apreqToken);
+ if (apReq == null) {
+ throw new RuntimeException("Decoding failed");
+ }
+ String serverName = apReq.getTicket().getSname().toString();
+
+ apreqToken.rewind();
+ }
+
+ long end = System.currentTimeMillis();
+ System.out.println("HaoxCodec takes:" + (end - start));
+ }
+
+ private static void perfApacheDS(ByteBuffer apreqToken, int times) throws EncoderException, DecoderException {
+ long start = System.currentTimeMillis();
+
+ for (int i = 0; i < times; ++i) {
+ Asn1Decoder krbDecoder = new Asn1Decoder();
+ ApReqContainer apreqContainer = new ApReqContainer(apreqToken);
+ krbDecoder.decode(apreqToken, apreqContainer);
+ String serverName = apreqContainer.getApReq().getTicket().getSName().toString();
+
+ apreqToken.rewind();
+ }
+
+ long end = System.currentTimeMillis();
+ System.out.println("ApacheDS takes:" + (end - start));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/README.md
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/README.md b/contrib/haox-asn1/README.md
new file mode 100644
index 0000000..b8b3492
--- /dev/null
+++ b/contrib/haox-asn1/README.md
@@ -0,0 +1,284 @@
+haox-asn1
+=========
+
+### A ASN1 parser with easy and simple API
+
+```
+// encoding
+Asn1Integer aValue = new Asn1Integer(8899);
+byte[] encoded = aValue.encode();
+
+// decoding
+byte[] contentToDecode = ...
+Asn1Integer decodedValue = new Asn1Integer();
+decodedValue.decode(contentToDecode);
+Integer value = decodedValue.getValue();
+```
+
+### Data-driven ASN1 encoding/decoding framework and parser
+
+With the following definition from Kerberos protocol
+```
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ ```
+
+You can model AuthzDataEntry as follows
+```java
+public class AuthzDataEntry extends Asn1SequenceType {
+ static int AD_TYPE = 0;
+ static int AD_DATA = 1;
+
+ public AuthzDataEntry() {
+ super(new Asn1FieldInfo[] {
+ new Asn1FieldInfo(AD_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(AD_DATA, Asn1OctetString.class)
+ });
+ }
+
+ public int getAuthzType() {
+ Integer value = getFieldAsInteger(AD_TYPE);
+ return value;
+ }
+
+ public byte[] getAuthzData() {
+ return getFieldAsOctetBytes(AD_DATA);
+ }
+}
+```
+
+And then define AuthorizationData simply
+```java
+public class AuthorizationData extends Asn1SequenceOf<AuthzDataEntry> {
+
+}
+```
+
+Then you can process with above definitions, encode and decode, without caring about the details.
+
+Think about how to implement the following more complex and pratical sample from [ITU-T Rec. X.680 ISO/IEC 8824-1](http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf):
+```
+A.1 ASN.1 description of the record structure
+The structure of the hypothetical personnel record is formally described below using ASN.1 specified in
+ITU-T Rec. X.680 | ISO/IEC 8824-1 for defining types.
+
+PersonnelRecord ::= [APPLICATION 0] IMPLICIT SET {
+ Name Name,
+ title [0] VisibleString,
+ number EmployeeNumber,
+ dateOfHire [1] Date,
+ nameOfSpouse [2] Name,
+ children [3] IMPLICIT
+ SEQUENCE OF ChildInformation DEFAULT {}
+}
+
+ChildInformation ::= SET {
+ name Name,
+ dateOfBirth [0] Date
+}
+
+Name ::= [APPLICATION 1] IMPLICIT SEQUENCE {
+ givenName VisibleString,
+ initial VisibleString,
+ familyName VisibleString
+}
+
+EmployeeNumber ::= [APPLICATION 2] IMPLICIT INTEGER
+Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD
+```
+Similarly as above, we can have (from the unit test codes):
+```java
+public class PersonnelRecord extends TaggingSet {
+ private static int NAME = 0;
+ private static int TITLE = 1;
+ private static int NUMBER = 2;
+ private static int DATEOFHIRE= 3;
+ private static int NAMEOFSPOUSE = 4;
+ private static int CHILDREN = 5;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME, -1, Name.class),
+ new Asn1FieldInfo(TITLE, 0, Asn1VisibleString.class),
+ new Asn1FieldInfo(NUMBER, -1, EmployeeNumber.class),
+ new Asn1FieldInfo(DATEOFHIRE, 1, Date.class),
+ new Asn1FieldInfo(NAMEOFSPOUSE, 2, Name.class),
+ new Asn1FieldInfo(CHILDREN, 3, Children.class, true)
+ };
+
+ public PersonnelRecord() {
+ super(0, fieldInfos, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(NAME, Name.class);
+ }
+
+ public void setTitle(String title) {
+ setFieldAs(TITLE, new Asn1VisibleString(title));
+ }
+
+ public String getTitle() {
+ return getFieldAsString(TITLE);
+ }
+
+ public void setEmployeeNumber(EmployeeNumber employeeNumber) {
+ setFieldAs(NUMBER, employeeNumber);
+ }
+
+ public EmployeeNumber getEmployeeNumber() {
+ return getFieldAs(NUMBER, EmployeeNumber.class);
+ }
+
+ public void setDateOfHire(Date dateOfHire) {
+ setFieldAs(DATEOFHIRE, dateOfHire);
+ }
+
+ public Date getDateOfHire() {
+ return getFieldAs(DATEOFHIRE, Date.class);
+ }
+
+ public void setNameOfSpouse(Name spouse) {
+ setFieldAs(NAMEOFSPOUSE, spouse);
+ }
+
+ public Name getNameOfSpouse() {
+ return getFieldAs(NAMEOFSPOUSE, Name.class);
+ }
+
+ public void setChildren(Children children) {
+ setFieldAs(CHILDREN, children);
+ }
+
+ public Children getChildren() {
+ return getFieldAs(CHILDREN, Children.class);
+ }
+
+ public static class Children extends Asn1SequenceOf<ChildInformation> {
+ public Children(ChildInformation ... children) {
+ super();
+ for (ChildInformation child : children) {
+ addElement(child);
+ }
+ }
+
+ public Children() {
+ super();
+ }
+ }
+
+ public static class ChildInformation extends Asn1SetType {
+ private static int NAME = 0;
+ private static int DATEOFBIRTH = 1;
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME, -1, Name.class),
+ new Asn1FieldInfo(DATEOFBIRTH, 0, Date.class)
+ };
+
+ public ChildInformation() {
+ super(tags);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(NAME, Name.class);
+ }
+
+ public void setDateOfBirth(Date date) {
+ setFieldAs(DATEOFBIRTH, date);
+ }
+
+ public Date getDateOfBirth() {
+ return getFieldAs(DATEOFBIRTH, Date.class);
+ }
+ }
+
+ public static class Name extends TaggingSequence {
+ private static int GIVENNAME = 0;
+ private static int INITIAL = 1;
+ private static int FAMILYNAME = 2;
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(GIVENNAME, -1, Asn1VisibleString.class),
+ new Asn1FieldInfo(INITIAL, -1, Asn1VisibleString.class),
+ new Asn1FieldInfo(FAMILYNAME, -1, Asn1VisibleString.class)
+ };
+
+ public Name() {
+ super(1, tags, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+
+ public Name(String givenName, String initial, String familyName) {
+ this();
+ setGivenName(givenName);
+ setInitial(initial);
+ setFamilyName(familyName);
+ }
+
+ public void setGivenName(String givenName) {
+ setFieldAs(GIVENNAME, new Asn1VisibleString(givenName));
+ }
+
+ public String getGivenName() {
+ return getFieldAsString(GIVENNAME);
+ }
+
+ public void setInitial(String initial) {
+ setFieldAs(INITIAL, new Asn1VisibleString(initial));
+ }
+
+ public String getInitial() {
+ return getFieldAsString(INITIAL);
+ }
+
+ public void setFamilyName(String familyName) {
+ setFieldAs(FAMILYNAME, new Asn1VisibleString(familyName));
+ }
+
+ public String getFamilyName() {
+ return getFieldAsString(FAMILYNAME);
+ }
+ }
+
+ public static class EmployeeNumber extends Asn1Tagging<Asn1Integer> {
+ public EmployeeNumber(Integer value) {
+ super(2, new Asn1Integer(value), true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public EmployeeNumber() {
+ this(null);
+ }
+ }
+
+ public static class Date extends Asn1Tagging<Asn1VisibleString> {
+ public Date(String value) {
+ super(3, new Asn1VisibleString(value), true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public Date() {
+ this(null);
+ }
+ }
+}
+```
+### Notes
+* 90% tests coverage for DER encoding
+* For BER & CER encoding, to be fully supported
+* No extra dependency
+
+### License
+Apache V2 License
+
+
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/pom.xml
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/pom.xml b/contrib/haox-asn1/pom.xml
new file mode 100644
index 0000000..b07008d
--- /dev/null
+++ b/contrib/haox-asn1/pom.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>contrib</artifactId>
+ <groupId>org.haox</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>haox-asn1</artifactId>
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Dump.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Dump.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Dump.java
new file mode 100644
index 0000000..2c2d7ed
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Dump.java
@@ -0,0 +1,51 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.Asn1Item;
+import org.apache.haox.asn1.type.Asn1Simple;
+import org.apache.haox.asn1.type.Asn1Type;
+
+import java.io.IOException;
+
+public class Asn1Dump {
+
+ public static void dump(byte[] content) throws IOException {
+ String dumped = dumpAsString(content);
+ System.out.println(dumped);
+ }
+
+ public static String dumpAsString(byte[] content) throws IOException {
+ StringBuilder sb = new StringBuilder();
+
+ Asn1InputBuffer buffer = new Asn1InputBuffer(content);
+ Asn1Type value;
+ while (true) {
+ value = buffer.read();
+ if (value == null) break;
+ dump(value, sb);
+ }
+
+ return sb.toString();
+ }
+
+ public static String dumpAsString(Asn1Type value) {
+ StringBuilder sb = new StringBuilder();
+ dump(value, sb);
+ return sb.toString();
+ }
+
+ private static void dump(Asn1Type value, StringBuilder buffer) {
+ if (value instanceof Asn1Simple) {
+ buffer.append(((Asn1Simple) value).getValue().toString());
+ } else if (value instanceof Asn1Item) {
+ dump((Asn1Item) value, buffer);
+ }
+ }
+
+ private static void dump(Asn1Item value, StringBuilder buffer) {
+ if (value.isFullyDecoded()) {
+ dump(value.getValue(), buffer);
+ } else {
+ buffer.append("Asn1Item");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Factory.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Factory.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Factory.java
new file mode 100644
index 0000000..c35059b
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1Factory.java
@@ -0,0 +1,25 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.Asn1Collection;
+import org.apache.haox.asn1.type.Asn1Simple;
+import org.apache.haox.asn1.type.Asn1Type;
+
+public class Asn1Factory {
+
+ public static Asn1Type create(int tagNo) {
+ UniversalTag tagNoEnum = UniversalTag.fromValue(tagNo);
+ if (tagNoEnum != UniversalTag.UNKNOWN) {
+ return create(tagNoEnum);
+ }
+ throw new IllegalArgumentException("Unexpected tag " + tagNo);
+ }
+
+ public static Asn1Type create(UniversalTag tagNo) {
+ if (Asn1Simple.isSimple(tagNo)) {
+ return Asn1Simple.createSimple(tagNo);
+ } else if (Asn1Collection.isCollection(tagNo)) {
+ return Asn1Collection.createCollection(tagNo);
+ }
+ throw new IllegalArgumentException("Unexpected tag " + tagNo);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1InputBuffer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1InputBuffer.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1InputBuffer.java
new file mode 100644
index 0000000..11045df
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1InputBuffer.java
@@ -0,0 +1,63 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.AbstractAsn1Type;
+import org.apache.haox.asn1.type.Asn1Item;
+import org.apache.haox.asn1.type.Asn1Type;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Asn1 decoder
+ */
+public class Asn1InputBuffer {
+ private final LimitedByteBuffer limitedBuffer;
+
+ public Asn1InputBuffer(byte[] bytes) {
+ this(new LimitedByteBuffer(bytes));
+ }
+
+ public Asn1InputBuffer(ByteBuffer byteBuffer) {
+ this(new LimitedByteBuffer(byteBuffer));
+ }
+
+ public Asn1InputBuffer(LimitedByteBuffer limitedByteBuffer) {
+ this.limitedBuffer = limitedByteBuffer;
+ }
+
+ public Asn1Type read() throws IOException {
+ if (! limitedBuffer.available()) {
+ return null;
+ }
+ Asn1Item one = AbstractAsn1Type.decodeOne(limitedBuffer);
+ if (one.isSimple()) {
+ one.decodeValueAsSimple();
+ } else if (one.isCollection()) {
+ one.decodeValueAsCollection();
+ }
+ if (one.isFullyDecoded()) {
+ return one.getValue();
+ }
+ return one;
+ }
+
+ public void readBytes(byte[] bytes) throws IOException {
+ limitedBuffer.readBytes(bytes);
+ }
+
+ public byte[] readAllLeftBytes() throws IOException {
+ return limitedBuffer.readAllLeftBytes();
+ }
+
+ public void skipNext() throws IOException {
+ if (limitedBuffer.available()) {
+ AbstractAsn1Type.skipOne(limitedBuffer);
+ }
+ }
+
+ public void skipBytes(int len) throws IOException {
+ if (limitedBuffer.available()) {
+ limitedBuffer.skip(len);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1OutputBuffer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1OutputBuffer.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1OutputBuffer.java
new file mode 100644
index 0000000..e93b206
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/Asn1OutputBuffer.java
@@ -0,0 +1,53 @@
+package org.apache.haox.asn1;
+
+import org.apache.haox.asn1.type.AbstractAsn1Type;
+import org.apache.haox.asn1.type.Asn1Type;
+
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Asn1 encoder
+ */
+public class Asn1OutputBuffer {
+ private List<Asn1Type> objects;
+
+ public Asn1OutputBuffer() {
+ this.objects = new ArrayList<Asn1Type>(3);
+ }
+
+ public void write(Asn1Type value) {
+ objects.add(value);
+ }
+
+ public void write(Asn1Type value, EncodingOption option) {
+ value.setEncodingOption(option);
+ objects.add(value);
+ }
+
+ public ByteBuffer getOutput() {
+ int len = encodingLength();
+ ByteBuffer byteBuffer = ByteBuffer.allocate(len);
+ encode(byteBuffer);
+ return byteBuffer;
+ }
+
+ private int encodingLength() {
+ int allLen = 0;
+ for (Asn1Type item : objects) {
+ if (item != null) {
+ allLen += ((AbstractAsn1Type) item).encodingLength();
+ }
+ }
+ return allLen;
+ }
+
+ private void encode(ByteBuffer buffer) {
+ for (Asn1Type item : objects) {
+ if (item != null) {
+ item.encode(buffer);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/EncodingOption.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/EncodingOption.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/EncodingOption.java
new file mode 100644
index 0000000..64fe9ab
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/EncodingOption.java
@@ -0,0 +1,65 @@
+package org.apache.haox.asn1;
+
+public enum EncodingOption
+{
+ UNKNOWN(-1),
+ PRIMITIVE(1),
+ CONSTRUCTED(2),
+ CONSTRUCTED_DEFLEN(3),
+ CONSTRUCTED_INDEFLEN(4),
+ IMPLICIT(5),
+ EXPLICIT(6),
+ BER(7),
+ DER(8),
+ CER(9);
+
+ private int value;
+
+ private EncodingOption(int value) {
+ this.value = value;
+ }
+
+ public static int CONSTRUCTED_FLAG = 0x20;
+
+ public static boolean isConstructed(int tag) {
+ return (tag & CONSTRUCTED_FLAG) != 0;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public boolean isPrimitive() {
+ return this == PRIMITIVE;
+ }
+
+ public boolean isConstructed() {
+ return this == CONSTRUCTED || this == CONSTRUCTED_DEFLEN || this == CONSTRUCTED_INDEFLEN;
+ }
+
+ public boolean isImplicit() {
+ return this == IMPLICIT;
+ }
+
+ public boolean isExplicit() {
+ return this == EXPLICIT;
+ }
+
+ public boolean isDer() {
+ return this == DER;
+ }
+
+ public boolean isCer() {
+ return this == CER;
+ }
+
+ public static EncodingOption fromValue(int value) {
+ for (EncodingOption e : values()) {
+ if (e.getValue() == value) {
+ return (EncodingOption) e;
+ }
+ }
+
+ return UNKNOWN;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/LimitedByteBuffer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/LimitedByteBuffer.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/LimitedByteBuffer.java
new file mode 100644
index 0000000..43a1327
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/LimitedByteBuffer.java
@@ -0,0 +1,102 @@
+package org.apache.haox.asn1;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class LimitedByteBuffer {
+ private final ByteBuffer byteBuffer;
+ private final int limit;
+ private int startOffset;
+
+ public LimitedByteBuffer(byte[] bytes) {
+ this.byteBuffer = ByteBuffer.wrap(bytes);
+ this.limit = bytes.length;
+ this.startOffset = 0;
+ }
+
+ public LimitedByteBuffer(ByteBuffer byteBuffer) {
+ this(byteBuffer, byteBuffer.limit());
+ }
+
+ public LimitedByteBuffer(ByteBuffer byteBuffer, int limit) {
+ this.byteBuffer = byteBuffer;
+ this.limit = limit;
+ this.startOffset = byteBuffer.position();
+ }
+
+ public LimitedByteBuffer(LimitedByteBuffer other, int limit) {
+ if (limit > other.hasLeft()) {
+ throw new IllegalArgumentException("limit is too large, out of bound");
+ }
+ this.byteBuffer = other.byteBuffer.duplicate();
+ this.limit = limit;
+ this.startOffset = byteBuffer.position();
+ }
+
+ public boolean available() {
+ return byteBuffer.hasRemaining() &&
+ byteBuffer.position() - startOffset < limit;
+ }
+
+ public long hasRead() {
+ return byteBuffer.position() - startOffset;
+ }
+ public long hasLeft() {
+ return limit - hasRead();
+ }
+
+ public byte readByte() throws IOException {
+ if (!available()) {
+ throw new IOException("Buffer EOF");
+ }
+ return byteBuffer.get();
+ }
+
+ public byte[] readAllLeftBytes() throws IOException {
+ return readBytes((int) hasLeft());
+ }
+
+ public void skip(int len) throws IOException {
+ checkLen(len);
+ int newPos = byteBuffer.position() + len;
+ byteBuffer.position(newPos);
+ }
+
+ public byte[] readBytes(int len) throws IOException {
+ checkLen(len);
+
+ byte[] bytes = new byte[len];
+ if (len > 0) {
+ byteBuffer.get(bytes);
+ }
+ return bytes;
+ }
+
+ private void checkLen(int len) throws IOException {
+ if (len < 0) {
+ throw new IllegalArgumentException("Bad argument len: " + len);
+ }
+ if (len > 0) {
+ if (!available()) {
+ throw new IOException("Buffer EOF");
+ }
+ if (hasLeft() < len) {
+ throw new IOException("Out of Buffer");
+ }
+ }
+ }
+
+ public void readBytes(byte[] bytes) throws IOException {
+ if (bytes == null) {
+ throw new IllegalArgumentException("Bad argument bytes: null");
+ }
+ if (!available()) {
+ throw new IOException("Buffer EOF");
+ }
+ if (hasLeft() < bytes.length) {
+ throw new IOException("Out of Buffer");
+ }
+
+ byteBuffer.get(bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TagClass.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TagClass.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TagClass.java
new file mode 100644
index 0000000..9f393e1
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TagClass.java
@@ -0,0 +1,55 @@
+package org.apache.haox.asn1;
+
+public enum TagClass {
+ UNKNOWN(-1),
+ UNIVERSAL(0x00),
+ APPLICATION(0x40),
+ CONTEXT_SPECIFIC(0x80),
+ PRIVATE(0xC0);
+
+ private int value;
+
+ private TagClass(int value) {
+ this.value = value;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public boolean isUniversal() {
+ return this == UNIVERSAL;
+ }
+
+ public boolean isAppSpecific() {
+ return this == APPLICATION;
+ }
+
+ public boolean isContextSpecific() {
+ return this == CONTEXT_SPECIFIC;
+ }
+
+ public boolean isTagged() {
+ return this == APPLICATION || this == CONTEXT_SPECIFIC;
+ }
+
+ public static TagClass fromValue(int value) {
+ // Optimized by Emmanuel
+ switch (value) {
+ case 0x00:
+ return TagClass.UNIVERSAL;
+ case 0x40:
+ return TagClass.APPLICATION;
+ case 0x80:
+ return TagClass.CONTEXT_SPECIFIC;
+ case 0xC0:
+ return TagClass.PRIVATE;
+ default:
+ return TagClass.UNKNOWN;
+ }
+ }
+
+ public static TagClass fromTagFlags(int tag) {
+ return fromValue(tag & 0xC0);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TaggingOption.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TaggingOption.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TaggingOption.java
new file mode 100644
index 0000000..431c184
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/TaggingOption.java
@@ -0,0 +1,49 @@
+package org.apache.haox.asn1;
+
+public class TaggingOption
+{
+ private int tagNo;
+ private boolean isImplicit;
+ private boolean isAppSpecific;
+
+ public static TaggingOption newImplicitAppSpecific(int tagNo) {
+ return new TaggingOption(tagNo, true, true);
+ }
+
+ public static TaggingOption newExplicitAppSpecific(int tagNo) {
+ return new TaggingOption(tagNo, false, true);
+ }
+
+ public static TaggingOption newImplicitContextSpecific(int tagNo) {
+ return new TaggingOption(tagNo, true, false);
+ }
+
+ public static TaggingOption newExplicitContextSpecific(int tagNo) {
+ return new TaggingOption(tagNo, false, false);
+ }
+
+ private TaggingOption(int tagNo, boolean isImplicit, boolean isAppSpecific) {
+ this.tagNo = tagNo;
+ this.isImplicit = isImplicit;
+ this.isAppSpecific = isAppSpecific;
+ }
+
+ public int tagFlags(boolean isTaggedConstructed) {
+ boolean isConstructed = isImplicit ? isTaggedConstructed : true;
+ TagClass tagClass = isAppSpecific ? TagClass.APPLICATION : TagClass.CONTEXT_SPECIFIC;
+ int flags = tagClass.getValue() | (isConstructed ? EncodingOption.CONSTRUCTED_FLAG : 0x00);
+ return flags;
+ }
+
+ public int getTagNo() {
+ return tagNo;
+ }
+
+ public boolean isAppSpecific() {
+ return isAppSpecific;
+ }
+
+ public boolean isImplicit() {
+ return isImplicit;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/UniversalTag.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/UniversalTag.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/UniversalTag.java
new file mode 100644
index 0000000..629d68b
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/UniversalTag.java
@@ -0,0 +1,87 @@
+package org.apache.haox.asn1;
+
+// Optimized by Emmanuel
+public enum UniversalTag {
+ UNKNOWN (-1),
+ CHOICE (-2), // Only for internal using
+ BOOLEAN (0x01),
+ INTEGER (0x02),
+ BIT_STRING (0x03),
+ OCTET_STRING (0x04),
+ NULL (0x05),
+ OBJECT_IDENTIFIER (0x06),
+ OBJECT_DESCRIPTOR (0x07), // Added for completness
+ EXTERNAL (0x08),
+ REAL (0x09),
+ ENUMERATED (0x0a),
+ EMBEDDED_PDV (0x0b), // Added for completness
+ UTF8_STRING (0x0c),
+ RELATIVE_OID (0x0d), // Added for completness
+ RESERVED_14 (0x0e), // Added for completness
+ RESERVED_15 (0x0f), // Added for completness
+ SEQUENCE (0x10),
+ SEQUENCE_OF (0x10),
+ SET (0x11),
+ SET_OF (0x11),
+ NUMERIC_STRING (0x12),
+ PRINTABLE_STRING (0x13),
+ T61_STRING (0x14),
+ VIDEOTEX_STRING (0x15),
+ IA5_STRING (0x16),
+ UTC_TIME (0x17),
+ GENERALIZED_TIME (0x18),
+ GRAPHIC_STRING (0x19),
+ VISIBLE_STRING (0x1a),
+ GENERAL_STRING (0x1b),
+ UNIVERSAL_STRING (0x1c),
+ CHARACTER_STRING (0x1d), // Added for completness
+ BMP_STRING (0x1e),
+ RESERVED_31 (0x1f); // Added for completness
+
+ private int value;
+
+ private UniversalTag(int value) {
+ this.value = value;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public static UniversalTag fromValue(int value) {
+ switch (value) {
+ case 0x01 : return BOOLEAN;
+ case 0x02 : return INTEGER;
+ case 0x03 : return BIT_STRING;
+ case 0x04 : return OCTET_STRING;
+ case 0x05 : return NULL;
+ case 0x06 : return OBJECT_IDENTIFIER;
+ case 0x07 : return OBJECT_DESCRIPTOR;
+ case 0x08 : return EXTERNAL;
+ case 0x09 : return REAL;
+ case 0x0A : return ENUMERATED;
+ case 0x0B : return EMBEDDED_PDV;
+ case 0x0C : return UTF8_STRING;
+ case 0x0D : return RELATIVE_OID;
+ case 0x0E : return RESERVED_14;
+ case 0x0F : return RESERVED_15;
+ case 0x10 : return SEQUENCE;
+ case 0x11 : return SET;
+ case 0x12 : return NUMERIC_STRING;
+ case 0x13 : return PRINTABLE_STRING;
+ case 0x14 : return T61_STRING;
+ case 0x15 : return VIDEOTEX_STRING;
+ case 0x16 : return IA5_STRING;
+ case 0x17 : return UTC_TIME;
+ case 0x18 : return GENERALIZED_TIME;
+ case 0x19 : return GRAPHIC_STRING;
+ case 0x1A : return VISIBLE_STRING;
+ case 0x1B : return GENERAL_STRING;
+ case 0x1C : return UNIVERSAL_STRING;
+ case 0x1D : return CHARACTER_STRING;
+ case 0x1E : return BMP_STRING;
+ case 0x1F : return RESERVED_31;
+ default : return UNKNOWN;
+ }
+ }
+}
[41/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..710af83
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,12 @@
+.idea/
+*.iml
+*.class
+target/
+.settings/
+.metadata/
+*.classpath
+*.project
+bc.zip
+log.txt
+*.ipr
+*.iws
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/LICENSE.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/LICENSE.txt b/3rdparty/not-yet-commons-ssl/LICENSE.txt
new file mode 100644
index 0000000..2bb9ad2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/LICENSE.txt
@@ -0,0 +1,176 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/NOTICE.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/NOTICE.txt b/3rdparty/not-yet-commons-ssl/NOTICE.txt
new file mode 100644
index 0000000..2807f75
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/NOTICE.txt
@@ -0,0 +1,10 @@
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
+
+The PKCS12 key derivation function was developed by BouncyCastle
+(bouncycastle.org). (Look for the "pkcs12()" method inside PKCS8.java).
+
+Some of this software was originally developed by
+Credit Union Central of British Columbia (http://www.cucbc.com/).
+The CUCBC code was licensed to the Apache Software Foundation on
+August 23rd, 2006.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/README.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/README.txt b/3rdparty/not-yet-commons-ssl/README.txt
new file mode 100644
index 0000000..2497e38
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/README.txt
@@ -0,0 +1,9 @@
+Jakarta Commons SSL
+===========================
+Welcome to the SSL component of the Jakarta Commons
+project.
+
+This is not a real Jakarta Project yet. I'm just
+trying to copy their directory structure while I work
+on this proposal.
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/build.xml
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/build.xml b/3rdparty/not-yet-commons-ssl/build.xml
new file mode 100644
index 0000000..580aa84
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/build.xml
@@ -0,0 +1,166 @@
+<!--
+ $ ant -p
+ Buildfile: build.xml
+
+ Main targets:
+
+ clean Deletes class files and other generated files.
+ jar Jars compiled java class files.
+ javac Compiles java source code.
+ javadocs Generates javadocs.
+
+ Default target: jar
+-->
+<project name="not-yet-commons-ssl" default="jar" basedir=".">
+
+ <property name="src" location="src/main/java"/>
+ <property name="build" location="./build"/>
+ <property name="lib" location="./lib"/>
+ <property name="classes" value="${build}/classes"/>
+ <property name="jar-file" value="${ant.project.name}.jar"/>
+ <property name="javadocs" value="${build}/javadocs"/>
+ <property name="rmic.includes" value="**/*RMI.class"/>
+
+ <property name="test-src" location="./src/test"/>
+ <property name="test-classes" value="${build}/test-classes"/>
+ <property name="test-jar-file" value="${ant.project.name}-tests.jar"/>
+ <property name="test.report.dir" value="${build}/test-report"/>
+
+ <path id="compile-classpath">
+ <fileset dir="lib">
+ <include name="*.jar"/>
+ </fileset>
+ <pathelement location="."/>
+ <pathelement location="${classes}"/>
+ <pathelement location="${test-classes}"/>
+ </path>
+
+ <target name="test-jar" depends="jar">
+ <mkdir dir="${test-classes}"/>
+ <javac
+ includeAntRuntime="false"
+ destdir="${test-classes}"
+ debug="true"
+ optimize="false"
+ srcdir="${test-src}"
+ >
+ <classpath refid="compile-classpath"/>
+ </javac>
+ <copy todir="${test-classes}">
+ <fileset dir="${test-src}" excludes="**/*.java"/>
+ </copy>
+ <jar
+ basedir="${test-classes}"
+ destfile="${build}/${test-jar-file}"
+ index="true"
+ whenempty="create"
+ />
+ </target>
+
+ <target name="test" depends="test-jar">
+ <mkdir dir="${test.report.dir}"/>
+ <junit printsummary="on" haltonfailure="false" errorProperty="junit.failed"
+ failureProperty="junit.failed" fork="on" forkMode="perBatch"
+ timeout="600000" showoutput="on">
+ <syspropertyset><propertyref builtin="commandline"/></syspropertyset>
+ <formatter type="xml"/>
+ <classpath refid="compile-classpath"/>
+ <batchtest todir="${test.report.dir}">
+ <fileset dir="${test-src}" includes="**/Test*.java"/>
+ </batchtest>
+ </junit>
+ <junitreport todir="${test.report.dir}">
+ <fileset dir="${test.report.dir}">
+ <include name="TEST-*.xml"/>
+ </fileset>
+ <report todir="${test.report.dir}"/>
+ </junitreport>
+ <fail message="JUnit tests failed." if="test.failed"/>
+ </target>
+
+ <target name="init">
+ <echo>${ant.version}</echo>
+ <echo>Java version: ${java.version}</echo>
+ <tstamp>
+ <format property="date" pattern="zzz:yyyy-MM-dd/HH:mm:ss" locale="en"/>
+ </tstamp>
+ <mkdir dir="${build}"/>
+ </target>
+
+ <target name="javac" depends="init" description="Compiles java source code.">
+ <mkdir dir="${classes}"/>
+ <javac
+ compiler="extJavac"
+ includeAntRuntime="false"
+ destdir="${classes}"
+ debug="true"
+ optimize="false"
+ srcdir="${src}"
+ >
+ <classpath refid="compile-classpath"/>
+ </javac>
+ <copy todir="${classes}">
+ <fileset dir="${src}" excludes="**/*.java"/>
+ </copy>
+ </target>
+
+ <target name="rmic" depends="javac" description="Rmics java class files named "*RMI.class".">
+ <rmic
+ base="${classes}"
+ includes="${rmic.includes}"
+ classpathref="compile-classpath"
+ />
+ </target>
+
+ <target name="jar" depends="rmic" description="Jars compiled java class files.">
+ <jar
+ basedir="${classes}"
+ destfile="${build}/${jar-file}"
+ index="true"
+ duplicate="fail"
+ >
+ <manifest>
+ <attribute name="Built-By" value="Julius Davies"/>
+ <attribute name="Created-By" value="Julius Davies"/>
+ <attribute name="Main-Class" value="org.apache.commons.ssl.Ping"/>
+ </manifest>
+ </jar>
+ </target>
+
+ <!-- Alias for "javadocs". -->
+ <target name="javadoc" depends="javadocs"/>
+
+ <target name="javadocs" depends="init" description="Generates javadocs.">
+ <mkdir dir="${javadocs}"/>
+ <javadoc
+ sourcepath="${src}"
+ destdir="${javadocs}"
+ packagenames="*"
+ classpathref="compile-classpath"
+ access="private"
+ source="yes"
+ linksource="yes"
+ >
+ <link href="http://java.sun.com/j2se/1.5.0/docs/api/"/>
+ <link href="http://java.sun.com/j2ee/1.4/docs/api/"/>
+ <link href="http://jakarta.apache.org/commons/httpclient/apidocs/"/>
+ </javadoc>
+ </target>
+
+ <target name="clean" description="Deletes class files and other generated files.">
+ <delete dir="${build}"/>
+ </target>
+
+ <target name="all" depends="clean,jar"/>
+
+ <target name="classpath" depends="cp"/>
+
+ <target name='cp' depends='jar' description='Generates classpath.sh file'>
+ <property name='classdump' refid='compile-classpath'/>
+ <echo file='classpath.sh'>export CLASSPATH=${classdump}
+</echo>
+ <echo>Created classpath.sh file.</echo>
+ </target>
+
+
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/.htaccess
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/.htaccess b/3rdparty/not-yet-commons-ssl/docs/.htaccess
new file mode 100644
index 0000000..6f20845
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/.htaccess
@@ -0,0 +1,3 @@
+AddType text/html .html
+AddHandler server-parsed .html
+ErrorDocument 404 /commons-ssl/404.html
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/404.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/404.html b/3rdparty/not-yet-commons-ssl/docs/404.html
new file mode 100644
index 0000000..794a625
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/404.html
@@ -0,0 +1,55 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - 404 Page Not Found</title>
+<style type="text/css">
+dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+td.v { text-align: center; }
+dt { padding: 8px 0 8px 5px; }
+dd { padding-left: 15px; }
+li { padding-bottom: 6px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="/commons-ssl/index.html">main</a> |
+<a href="/commons-ssl/ssl.html">ssl</a> |
+
+<a href="/commons-ssl/pkcs8.html">pkcs8</a> |
+<a href="/commons-ssl/pbe.html">pbe</a> |
+<a href="/commons-ssl/rmi.html">rmi</a> |
+<a href="/commons-ssl/utilities.html">utilities</a> |
+<a href="/commons-ssl/source.html">source</a> |
+<a href="/commons-ssl/javadocs/">javadocs</a> |
+
+<a href="/commons-ssl/download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>404 - Page Not Found</h2>
+<p>The path you requested is not available.</p>
+<table cellpadding="6" cellspacing="0" border="0" style="margin-top: 9px;">
+<tr><th colspan="3">Current Version (September 23rd, 2014):</th></tr>
+<tr><td>Full source:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.zip">not-yet-commons-ssl-0.3.16.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: </td></tr>
+<tr><td>Binary only:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.jar">not-yet-commons-ssl-0.3.16.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: </td></tr>
+<tr><th colspan="3">Previous Version (September 8th, 2014):</th></tr>
+<tr><td>Full source:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.zip">not-yet-commons-ssl-0.3.15.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: f62d7f7f890ac03a0210d1be7571b21e</td></tr>
+<tr><td>Binary only:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.jar">not-yet-commons-ssl-0.3.15.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: cebc58b8367c253688426043fdf08221</td></tr>
+<tr><th colspan="3">All Previous Versions (use "svn export"):</th></tr>
+<tr><td> </td><td colspan="2"><a href='http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/'>/svn/not-yet-commons-ssl/tags/</a></td></tr>
+</table>
+<br/><b>Warning:</b>
+ <span style="color: red; font-weight: bold;">All versions (to date) of not-yet-commons-ssl should be considered to be of "Alpha" quality!
+This code probably contains bugs. This code may have security issues.</span>
+<p>Future versions will definitely break the current API in a non-reverse compatible way. After commons-ssl-0.5.0, though, we
+plan on always being reverse compatible with ourselves.
+<hr/>
+
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/TrustExample.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/TrustExample.java b/3rdparty/not-yet-commons-ssl/docs/TrustExample.java
new file mode 100644
index 0000000..c4561de
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/TrustExample.java
@@ -0,0 +1,114 @@
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.TrustMaterial;
+
+import javax.net.ssl.SSLHandshakeException;
+import java.net.URL;
+
+/**
+ *
+ * Example of trusting certs to answer a question Sudip Shrestha posed on the
+ * httpclient-user@jakarta.apache.org mailing list, Fri 5/5/2006.
+ *
+ * @author Julius Davies
+ * @since May 5, 2006
+ */
+public class TrustExample {
+
+/*
+Microsoft IE trusts usertrust.com CA certs by default, but Java doesn't, so we need
+to tell Java to.
+
+Cert is good until 2019 !
+
+openssl x509 -in cert.pem -noout -text
+=======================================
+
+Serial Number:
+ 44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+Signature Algorithm: sha1WithRSAEncryption
+Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+Validity
+ Not Before: Jul 9 18:10:42 1999 GMT
+ Not After : Jul 9 18:19:22 2019 GMT
+Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+
+X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
+ X509v3 CRL Distribution Points:
+ URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
+
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
+
+*/
+ private static byte[] pemCert = (
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB\n" +
+ "lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug\n" +
+ "Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho\n" +
+ "dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt\n" +
+ "SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG\n" +
+ "A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe\n" +
+ "MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v\n" +
+ "d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh\n" +
+ "cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn\n" +
+ "0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ\n" +
+ "M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a\n" +
+ "MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd\n" +
+ "oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI\n" +
+ "DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy\n" +
+ "oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD\n" +
+ "VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0\n" +
+ "dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy\n" +
+ "bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF\n" +
+ "BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM\n" +
+ "//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli\n" +
+ "CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE\n" +
+ "CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t\n" +
+ "3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS\n" +
+ "KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==\n" +
+ "-----END CERTIFICATE-----\n" ).getBytes();
+
+ public static void main( String[] args ) throws Exception
+ {
+ HttpSecureProtocol f = new HttpSecureProtocol();
+
+ // might as well trust the usual suspects:
+ f.addTrustMaterial(TrustMaterial.CACERTS);
+
+ // here's where we start trusting usertrust.com's CA:
+ f.addTrustMaterial(new TrustMaterial( pemCert ));
+
+ Protocol trustHttps = new Protocol("https", f, 443);
+ Protocol.registerProtocol("https", trustHttps);
+
+ HttpClient client = new HttpClient();
+ GetMethod httpget = new GetMethod("https://www.usertrust.com/");
+ client.executeMethod(httpget);
+ String s = httpget.getStatusLine().toString();
+ System.out.println( "HTTPClient: " + s );
+
+ // Notice that Java still can't access it. Only HTTPClient knows
+ // to trust the cert!
+ URL u = new URL( "https://www.usertrust.com/" );
+ try
+ {
+ // This will throw an SSLHandshakeException
+ u.openStream();
+ }
+ catch ( SSLHandshakeException she )
+ {
+ System.out.println( "Java: " + she );
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html b/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html
new file mode 100644
index 0000000..ec2752d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/TrustExample.java.html
@@ -0,0 +1,131 @@
+<HTML>
+<HEAD>
+<TITLE>/home/julius/dev/commons-ssl/src/java/TrustExample.java</TITLE>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
+<META NAME="KEYWORDS" CONTENT="IntelliJ_IDEA_Html">
+</HEAD>
+<BODY BGCOLOR="#ffffff">
+<TABLE CELLSPACING=0 CELLPADDING=5 COLS=1 WIDTH="100%" BGCOLOR="#C0C0C0" >
+<TR><TD><CENTER>
+<FONT FACE="Arial, Helvetica" COLOR="#000000">
+/home/julius/dev/commons-ssl/src/java/TrustExample.java</FONT>
+</center></TD></TR></TABLE>
+<PRE>
+
+<FONT COLOR=0 STYLE="font-style:normal">1 </FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">2 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.httpclient.HttpClient;
+<FONT COLOR=0 STYLE="font-style:normal">3 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.httpclient.methods.GetMethod;
+<FONT COLOR=0 STYLE="font-style:normal">4 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.httpclient.protocol.Protocol;
+<FONT COLOR=0 STYLE="font-style:normal">5 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.ssl.HttpSecureProtocol;
+<FONT COLOR=0 STYLE="font-style:normal">6 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> org.apache.commons.ssl.TrustMaterial;
+<FONT COLOR=0 STYLE="font-style:normal">7 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">8 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> javax.net.ssl.SSLHandshakeException;
+<FONT COLOR=0 STYLE="font-style:normal">9 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>import</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> java.net.URL;
+<FONT COLOR=0 STYLE="font-style:normal">10 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">11 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>/**
+<FONT COLOR=0 STYLE="font-style:normal">12 </FONT> *
+<FONT COLOR=0 STYLE="font-style:normal">13 </FONT> * Example of trusting certs to answer a question Sudip Shrestha posed on the
+<FONT COLOR=0 STYLE="font-style:normal">14 </FONT> * httpclient-user@jakarta.apache.org mailing list, Fri 5/5/2006.
+<FONT COLOR=0 STYLE="font-style:normal">15 </FONT> *
+<FONT COLOR=0 STYLE="font-style:normal">16 </FONT> * </I></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><B>@author</B></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I> Julius Davies
+<FONT COLOR=0 STYLE="font-style:normal">17 </FONT> * </I></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><B>@since</B></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I> May 5, 2006
+<FONT COLOR=0 STYLE="font-style:normal">18 </FONT> */</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">19 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>public</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>class</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> TrustExample {
+<FONT COLOR=0 STYLE="font-style:normal">20 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">21 </FONT></FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>/*
+<FONT COLOR=0 STYLE="font-style:normal">22 </FONT>Microsoft IE trusts usertrust.com CA certs by default, but Java doesn't, so we need
+<FONT COLOR=0 STYLE="font-style:normal">23 </FONT>to tell Java to.
+<FONT COLOR=0 STYLE="font-style:normal">24 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">25 </FONT>Cert is good until 2019 !
+<FONT COLOR=0 STYLE="font-style:normal">26 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">27 </FONT>openssl x509 -in cert.pem -noout -text
+<FONT COLOR=0 STYLE="font-style:normal">28 </FONT>=======================================
+<FONT COLOR=0 STYLE="font-style:normal">29 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">30 </FONT>Serial Number:
+<FONT COLOR=0 STYLE="font-style:normal">31 </FONT> 44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+<FONT COLOR=0 STYLE="font-style:normal">32 </FONT>Signature Algorithm: sha1WithRSAEncryption
+<FONT COLOR=0 STYLE="font-style:normal">33 </FONT>Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+<FONT COLOR=0 STYLE="font-style:normal">34 </FONT>Validity
+<FONT COLOR=0 STYLE="font-style:normal">35 </FONT> Not Before: Jul 9 18:10:42 1999 GMT
+<FONT COLOR=0 STYLE="font-style:normal">36 </FONT> Not After : Jul 9 18:19:22 2019 GMT
+<FONT COLOR=0 STYLE="font-style:normal">37 </FONT>Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+<FONT COLOR=0 STYLE="font-style:normal">38 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">39 </FONT>X509v3 extensions:
+<FONT COLOR=0 STYLE="font-style:normal">40 </FONT> X509v3 Key Usage:
+<FONT COLOR=0 STYLE="font-style:normal">41 </FONT> Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+<FONT COLOR=0 STYLE="font-style:normal">42 </FONT> X509v3 Basic Constraints: critical
+<FONT COLOR=0 STYLE="font-style:normal">43 </FONT> CA:TRUE
+<FONT COLOR=0 STYLE="font-style:normal">44 </FONT> X509v3 Subject Key Identifier:
+<FONT COLOR=0 STYLE="font-style:normal">45 </FONT> A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
+<FONT COLOR=0 STYLE="font-style:normal">46 </FONT> X509v3 CRL Distribution Points:
+<FONT COLOR=0 STYLE="font-style:normal">47 </FONT> URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
+<FONT COLOR=0 STYLE="font-style:normal">48 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">49 </FONT> X509v3 Extended Key Usage:
+<FONT COLOR=0 STYLE="font-style:normal">50 </FONT> TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
+<FONT COLOR=0 STYLE="font-style:normal">51 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">52 </FONT>*/</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">53 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>private</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>static</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>byte</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000">[] pemCert = (
+<FONT COLOR=0 STYLE="font-style:normal">54 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"-----BEGIN CERTIFICATE-----</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">55 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">56 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">57 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">58 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">59 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">60 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">61 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">62 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">63 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">64 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">65 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">66 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">67 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">68 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">69 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">70 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">71 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">72 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">73 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">74 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">75 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">76 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">77 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">78 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> +
+<FONT COLOR=0 STYLE="font-style:normal">79 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"-----END CERTIFICATE-----</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>\n</B></FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> ).getBytes();
+<FONT COLOR=0 STYLE="font-style:normal">80 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">81 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>public</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>static</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>void</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> main( String[] args ) </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>throws</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> Exception
+<FONT COLOR=0 STYLE="font-style:normal">82 </FONT> {
+<FONT COLOR=0 STYLE="font-style:normal">83 </FONT> HttpSecureProtocol f = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> HttpSecureProtocol();
+<FONT COLOR=0 STYLE="font-style:normal">84 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">85 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// might as well trust the usual suspects:</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">86 </FONT> f.addTrustMaterial(TrustMaterial.CACERTS);
+<FONT COLOR=0 STYLE="font-style:normal">87 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">88 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// here's where we start trusting usertrust.com's CA:</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">89 </FONT> f.addTrustMaterial(</FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> TrustMaterial( pemCert ));
+<FONT COLOR=0 STYLE="font-style:normal">90 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">91 </FONT> Protocol trustHttps = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> Protocol(</FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https"</FONT><FONT style="font-family:monospaced;" COLOR="#000000">, f, </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">443</FONT><FONT style="font-family:monospaced;" COLOR="#000000">);
+<FONT COLOR=0 STYLE="font-style:normal">92 </FONT> Protocol.registerProtocol(</FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https"</FONT><FONT style="font-family:monospaced;" COLOR="#000000">, trustHttps);
+<FONT COLOR=0 STYLE="font-style:normal">93 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">94 </FONT> HttpClient client = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> HttpClient();
+<FONT COLOR=0 STYLE="font-style:normal">95 </FONT> GetMethod httpget = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> GetMethod(</FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https://www.usertrust.com/"</FONT><FONT style="font-family:monospaced;" COLOR="#000000">);
+<FONT COLOR=0 STYLE="font-style:normal">96 </FONT> client.executeMethod(httpget);
+<FONT COLOR=0 STYLE="font-style:normal">97 </FONT> String s = httpget.getStatusLine().toString();
+<FONT COLOR=0 STYLE="font-style:normal">98 </FONT> System.out.println( </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"HTTPClient: "</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> + s );
+<FONT COLOR=0 STYLE="font-style:normal">99 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">100 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// Notice that Java still can't access it. Only HTTPClient knows</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">101 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// to trust the cert!</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">102 </FONT> URL u = </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>new</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> URL( </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"https://www.usertrust.com/"</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> );
+<FONT COLOR=0 STYLE="font-style:normal">103 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>try</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">104 </FONT> {
+<FONT COLOR=0 STYLE="font-style:normal">105 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#008000"><I>// This will throw an SSLHandshakeException</I></FONT><FONT style="font-family:monospaced;" COLOR="#000000">
+<FONT COLOR=0 STYLE="font-style:normal">106 </FONT> u.openStream();
+<FONT COLOR=0 STYLE="font-style:normal">107 </FONT> }
+<FONT COLOR=0 STYLE="font-style:normal">108 </FONT> </FONT><FONT style="font-family:monospaced;" COLOR="#000080"><B>catch</B></FONT><FONT style="font-family:monospaced;" COLOR="#000000"> ( SSLHandshakeException she )
+<FONT COLOR=0 STYLE="font-style:normal">109 </FONT> {
+<FONT COLOR=0 STYLE="font-style:normal">110 </FONT> System.out.println( </FONT><FONT style="font-family:monospaced;" COLOR="#0000ff">"Java: "</FONT><FONT style="font-family:monospaced;" COLOR="#000000"> + she );
+<FONT COLOR=0 STYLE="font-style:normal">111 </FONT> }
+<FONT COLOR=0 STYLE="font-style:normal">112 </FONT> }
+<FONT COLOR=0 STYLE="font-style:normal">113 </FONT>
+<FONT COLOR=0 STYLE="font-style:normal">114 </FONT>}
+<FONT COLOR=0 STYLE="font-style:normal">115 </FONT></FONT></PRE>
+</BODY>
+</HTML>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/about.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/about.html b/3rdparty/not-yet-commons-ssl/docs/about.html
new file mode 100644
index 0000000..5ef231e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/about.html
@@ -0,0 +1,73 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<meta name="Author" content="Julius Davies">
+<title>About Not-Yet-Commons-SSL</title>
+<style type="text/css">
+dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl, a.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+.nav a.hl { color: white; }
+dt { padding: 8px 0 8px 5px; }
+li { padding-bottom: 6px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html" class="hl">main</a> |
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>About Not-Yet-Commons-SSL</h2>
+
+<h4 style="margin-top: 1em;">5 Design Goals:</h4>
+<ol>
+<li style="margin-top: 6px;"><b>Make SSL and Java Easier.</b> Ever wanted to work with self-signed
+certificates in your Java application in a secure fashion? Ever wanted to use more than one client
+certificate in a single running JVM? You can edit your <code>$JAVA_HOME/jre/lib/security/cacerts</code>
+file, and you can invoke Java with <code>-Djavax.net.ssl.keyStore=/path/to/keystore</code>. Both of
+these approaches are great at first, but they don't scale well. Do you really want to pollute every
+SSL socket in your JVM (HTTP, LDAP, JDBC, RMI, etc...) with those system-wide changes? Commons-SSL let's you
+control the SSL options you need in an natural way for each SSLSocketFactory, and those options
+won't bleed into the rest of your system.</li>
+<li style="margin-top: 6px;"><b>Improve Security.</b>
+<a href="http://en.wikipedia.org/wiki/Certificate_revocation_list">CRL</a> checking turned on by default.
+We hope to add support for
+<a href="http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol">OCSP</a> soon!
+It's obnoxious to have to download CRL files around 500KB each from Thawte and Verisign every 24 hours.
+OCSP improves on that.</li>
+<li style="margin-top: 6px;"><b>Improve Flexibility.</b> Checking hostnames, expirations, CRL's, and many
+other options can be enabled/disabled for each SSLSocketFactory created.</li>
+<li style="margin-top: 6px;"><b>Support more file formats, and support these formats more robustly.</b>
+<ul>
+<li>commons-ssl supports over <a href="samples/rsa_result.html">50 formats</a> of PKCS8 and OpenSSL Encrypted Private Keys in PEM or DER</li>
+<li>X.509 Certificates can be PEM or DER encoded. Can also come in PKCS7 chains. (To be fair, Java always supported this.)</li>
+<li>PKCS12 files can be in <a href="samples/pkcs12/pkcs12_client_cert.pem">PEM</a> (as created by <code>openssl pkcs12</code>).</li>
+<li>Parsing of Base64-PEM is more tolerant of extra whitespace or comments, especially outside the Base64 sections:
+<pre style="padding-left: 100px;">any comments or whitespace up here are ignored
+
+-----BEGIN TYPE-----
+[...base64....]
+-----END TYPE-----
+
+any comments or whitespace down here are also ignored</pre></li></ul></li>
+<li><b>Automatically detect type of KeyMaterial or TrustMaterial.</b> Consumer does not need to know
+whether keystore is PKCS12 or JKS. They just need to know the password to decrypt the private key.</li>
+</ol>
+
+</body>
+</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/download.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/download.html b/3rdparty/not-yet-commons-ssl/docs/download.html
new file mode 100644
index 0000000..5e8a8cb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/download.html
@@ -0,0 +1,263 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - Downloads, Features, Future Directions</title>
+<style type="text/css">
+dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+td.v { text-align: center; }
+dt { padding: 8px 0 8px 5px; }
+dd { padding-left: 15px; }
+li { padding-bottom: 6px; }
+tr.released td, tr.released th { background-color: yellow; font-weight: bold; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+
+<span class="hl" href="download.html">download</span>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Download Not-Yet-Commons-SSL!</em></h2>
+<p>Not-Yet-Commons-SSL currently has NO affiliation with the <a href="http://apache.org/">Apache Software Foundation</a> (apache.org), but we're hoping
+to start <a href="http://incubator.apache.org/incubation/Incubation_Policy.html">Incubation</a> one day.
+<table cellpadding="6" cellspacing="0" border="0" style="margin-top: 9px;">
+ <tr><th colspan="3">Current Version (September 23rd, 2014):</th></tr>
+ <tr><td>Full source:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.zip">not-yet-commons-ssl-0.3.16.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: </td></tr>
+ <tr><td>Binary only:</td><td><a href="/commons-ssl/not-yet-commons-ssl-0.3.16.jar">not-yet-commons-ssl-0.3.16.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: cebc58b8367c253688426043fdf08221</td></tr>
+ <tr><th colspan="3">Previous Version (September 8th, 2014):</th></tr>
+ <tr><td>Full source:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.zip">not-yet-commons-ssl-0.3.15.zip</a></td><td>5.1MB</td><td><span style="color: red;">Alpha</span></td><td>MD5: f62d7f7f890ac03a0210d1be7571b21e</td></tr>
+ <tr><td>Binary only:</td><td><a href="/not-yet-commons-ssl-0.3.15/not-yet-commons-ssl-0.3.15.jar">not-yet-commons-ssl-0.3.15.jar</a></td><td>267KB</td><td><span style="color: red;">Alpha</span></td><td>MD5: cebc58b8367c253688426043fdf08221</td></tr>
+ <tr><th colspan="3">All Previous Versions (use "svn export"):</th></tr>
+ <tr><td> </td><td colspan="2"><a href='http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/'>/svn/not-yet-commons-ssl/tags/</a></td></tr>
+</table>
+<br/><b>Warning:</b>
+ <span style="color: red; font-weight: bold;">All versions of not-yet-commons-ssl should be considered to be of "Alpha" quality!
+This code probably contains bugs. This code may have security issues.</span>
+<p>Future versions will definitely break the current API in a non-reverse compatible way. After commons-ssl-0.5.0, though, we
+plan on always being reverse compatible with ourselves.
+<hr/>
+<h3>Changelog for not-yet-commons-ssl-0.3.16:</h3>
+<dl>
+ <dt>1. Bug fix for TrustMaterial constructor.</dt>
+ <dd>Re-introduce ability to load an X509 certificate specified as raw bytes (e.g., byte[]) in the constructor. (Thanks to Brent Putnam for the bug report).</dd></dd>
+ <dt>2. Remove protocol / cipher whitelists.</dt>
+ <dd>
+Got rid of useStrongCiphers() method (and its converse, useDefaultCiphers()), since all ciphers in Java 7 are at least 128 bit, and my approach used a white list that was starting to get out-of-date. If users want to ensure only strong ciphers are used in their SSL connections, they can either upgrade to Java 7 or newer, or invoke SSLClient.setEnabledCiphers() or SSLServer.setEnabledCiphers(). Also got rid of all logic that was setting default protocols, because again it was a white list that was getting out of date. We do still call SSLContext.getInstance("TLS") by default (can be overridden), but I figure that one should be okay for at least another decade.
+ </dd>
+</dl>
+
+<h3>Changelog for not-yet-commons-ssl-0.3.15:</h3>
+<dl>
+ <dt>1. Security patch from Redhat for CVE alert.</dt>
+ <dd>The way we parse the Principal (e.g., "CN=a,OU=b,O=c") from an X509 Certificate had a serious security flaw.
+ Thanks to Redhat, Arun Babu Neelicattu, and David Jorm for notifying us, and for the patch they submitted.</dd></dd>
+ <dt>2. Upgrade to Java 1.5.</dt>
+ <dd>Not-yet-commons-ssl now requires at least Java 1.5 to run (a.k.a. Java 5).
+ If you really need Java 1.3 or Java 1.4 compatibility, please email the mailing list; it's not too late for us to
+ rejig things to bring that back, but we're not going to bother unless someone actually needs it.
+ </dd>
+</dl>
+<h3>Changelog for not-yet-commons-ssl-0.3.13:</h3>
+<dl>
+<dt>1. Fix bugs in AuthSSLProtocolSocketFactory and TrustSSLProtocolSocketFactory.</dt>
+<dd>KeyMaterial's constructor has been checking that KeyMaterial contains at least one
+private key, but this assumption was invalid with these guys. The fall-back to the
+TrustMaterial constructor if necessary. (Wonder how long this has been broken! Oops!)</dd>
+
+<dt>2. Upgraded from JUnit3 to JUnit4. Added some extra unit tests.</dt>
+</dl>
+<h3>Changelog for not-yet-commons-ssl-0.3.12:</h3>
+<dl>
+<dt>1. Avoid reverse-DNS lookups with literal IP address connections.</dt>
+<dd>Based on my own investigation, InetAddress.getByAddress(String, byte[]) does not do the reverse-DNS lookup that plagues Java SSL users, so we call that whenever possible.</dd>
+</dl>
+<h3>Changelog for not-yet-commons-ssl-0.3.11:</h3>
+<dl>
+<dt>1. Fixed KeyStoreBuilder.</dt>
+<dd>It really can handle KeyStores now where the store-password and key-password differ. It can
+also now handle all the things 0.3.9 couuld handle, too. Whoops. Sorry about 0.3.10, everyone.</dd>
+
+<dt>2. KeyStoreBuilder auto-detects BouncyCastle BKS and UBER keystore types.</dt>
+
+<dt>3. CRL checking no longer blocks forever in bad network situations (Java 5 and newer).</dt>
+<dd>CRL checking was using default java.net.URL behaviour, which unfortunately can
+cause infinite blocking. CRL checking now waits at most 5 seconds for the CRL server
+to respond. <b>Note: Only works on Java 1.5 and above.</b></dd>
+
+<dt>4. Lot's more unit tests. Especially for KeyStoreBuilder.</dt>
+
+<dt>5. Base64InputStream's default behaviour changed to DECODE. VERY SORRY!</dt>
+
+<dt>6. PKCS8Key.getPublicKey() and PEMUtil.toPEM() methods added. </dt>
+</dl>
+<br/>
+<h3>Features as of not-yet-commons-ssl-0.3.10:</h3>
+<dl>
+<dt>1. <a href="utilities.html#KSB">KeyStoreBuilder</a> broken.
+<dd>
+<b>Version 0.3.10 should be avoided!</b>
+</dd>
+</dl>
+
+<br/>
+<h3>Features as of not-yet-commons-ssl-0.3.9:</h3>
+<dl>
+<dt>1. <a href="pbe.html">PBE</a> is now Compatible with <code>openssl enc -K [key] -iv [IV]</code>.</dt>
+<dd>People were asking for this. See the PBE page for more details.</dd>
+<dt>2. DES2 with PBE was broken.</dt>
+<dd>Fixed.</dd>
+
+<dt>3. directory.apache.org didn't write the ASN.1 code. BouncyCastle did.</dt>
+<dd>Now using latest ASN.1 parsing code from BC, and attributing it properly.</dd>
+<dt>4. The "ping" utility has a few more options.</dt>
+<dd>For those who need more than just a "HEAD /" request. You can also set the HTTP host header,
+independant of the target host/ip.</dd>
+</dl>
+<br/>
+<h3>Features as of not-yet-commons-ssl-0.3.8:</h3>
+<dl>
+<dt>1. useDefaultJavaCiphers() actually works now.</dt>
+<dd>When you want to allow 40 bit, 56 bit, and MD5 based SSL ciphers, use this. It was 99% functional in 0.3.7, but there was a
+rare situation where setting ciphers was causing SSL handshake errors.</dd>
+
+<dt>2. <a href="pbe.html">PBE</a> (password-based-encryption) improved.</dt>
+<dd>PBE now has its own <a href="pbe.html">HTML page</a>. Support for all of OpenSSL's PBE ciphers implemented and tested, including
+IDEA and RC5. (DES-X might work, but couldn't find a JCE provider that supported it). Threw in support for some
+additional BouncyCastle ciphers even though OpenSSL doesn't support them (cast6, gost28147, rc6, seed, serpent,
+skipjack, tea, twofish, xtea). Around <a href="samples/pbe/">650 test files</a> created to make sure PBE is working properly.
+</dd>
+<dt>3. PBE API changed on <a href="javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20char[],%20java.io.InputStream)">OpenSSL.encrypt()</a> and <a href="javadocs/org/apache/commons/ssl/OpenSSL.html#decrypt(java.lang.String,%20char[],%20java.io.InputStream)">OpenSSL.decrypt()</a>.</dt>
+
+<dd>The password is now char[] instead of byte[] (sorry!). Encrypt/decrypt on byte[] introduced. Encrypt/decrypt on InputStream
+is still available, and is properly streamed so that even extremely large files can be encrypted/decrypted.</dd>
+</dl>
+<br/>
+<h3>Features as of not-yet-commons-ssl-0.3.7:</h3>
+<dl>
+<dt>1. useStrongCiphers() used by default.</dt>
+<dd>40 bit and 56 bit ciphers are now disabled by default. To turn them back on call useDefaultJavaCiphers().</dd>
+<dt>2. addAllowedName() adds some flexibility to the CN verification.</dt>
+<dd>
+Here's a code example using "cucbc.com" to connect, but anticipating "www.cucbc.com" in the server's certificate:
+<pre>
+SSLClient client = new SSLClient();
+client.addAllowedName( "www.cucbc.com" );
+Socket s = client.createSocket( "cucbc.com", 443 );
+
+</pre>
+This technique is also useful if you don't want to use DNS, and want to
+connect using the IP address.
+</dd>
+<dt>3. SSLServer can re-use a Tomcat-8443 private key if running from inside Tomcat.</dt>
+<dd>
+<pre>
+SSLClient server = new SSLServer();
+server.useTomcatSSLMaterial();
+</pre>
+</dd>
+<dt>4. RMI-SSL support improved.</dt>
+<dd>Attempts to re-use the Tomcat-8443 private key for all RMI SSL Server sockets.
+Anonymous server-sockets (port 0) will always be set to port 31099. Analyzes the
+server certificate CN field and tries to set "java.rmi.server.hostname" to something
+compatible with that. Probably the only free implementation around that does a good
+job on the hostname verification!
+</dd>
+<dt>5. KeyMaterial constructor blows up earlier.</dt>
+<dd>If a JKS or PKCS12 file is provided that isn't going to work (e.g. no private keys),
+the KeyMaterial constructor throws an exception right away.</dd>
+
+<dt>6. getSSLContext() now available to help inter-op with Java 5 SSL-NIO libraries.</dt>
+<dd>Oleg has been working hard on SSL-NIO for the Apache httpcomponents library. Go
+check it out!</dd>
+<dt>7. Fixed bug where SSLClient couldn't be used with javax.net.ssl.HttpsURLConnection
+on Java 1.4.x</dt>
+<dd>I was wrapping the SSLSocket, but Java 1.4.x guards against that inside HttpsURLConnection
+and throws this exciting exception:
+<pre>
+java.lang.RuntimeException: Export restriction: this JSSE implementation is non-pluggable.
+ at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.checkCreate(DashoA6275)
+ at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
+ at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
+ at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:560)
+ at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA6275)
+</pre>
+Silly Java - I'm still using <em>your</em> JSSE implementation, I'm just wrapping it!
+</dd>
+</dl>
+<br/>
+
+<h3>Features as of not-yet-commons-ssl-0.3.4:</h3>
+<dl>
+<dt>1. <code>"javax.net.ssl.keyStore"</code> and <code>"javax.net.ssl.trustStore"</code></dt>
+<dd>SSLClient and SSLServer now set their default TrustMaterial and KeyMaterial from these
+ system properties if they are present.</dd>
+<dt>2. <code>ssl.setCheckCRL( true/false )</code> <em>Note: <a href="http://en.wikipedia.org/wiki/Certificate_revocation_list">CRL</a> is an abbreviation for "Certificate Revocation List"</em></dt>
+
+<dd>Set to <code>true</code> by default. If you're using SSLClient, then the remote
+server's certificate chain is checked. If you're using SSLServer, CRL checking is ignored <em>unless</em>
+client certificates are presented. Commons-SSL tries to perform the CRL check against each certificate in
+the chain, but we're not sure if we always know the entire chain.
+<p><em>Implementation note:</em>
+To reduce memory consumption all CRL's are saved to disk using
+<code>File.createTempFile()</code> and <code>File.deleteOnExit()</code>.
+CRL's are re-downloaded every 24 hours. To reduce disk IO
+the "pass/fail" result of a CRL check for a given X.509 Certificate is cached using the 20 byte SHA1 hash of the
+certificate as the key. The cached "pass" result is discarded every 24 hours. The cached "fail" result is retained
+until the JVM restarts.
+</p>
+</dd>
+
+<dt>3. <code>ssl.setCheckExpiry( true/false )</code></dt>
+<dd>Certificate expiry checking can be turned off. Turned on by default. For Java 1.4 and newer we're
+intercepting the CertificateException thrown by the TrustManager. But we still implemented our own
+expiry checking because Java 1.3 doesn't check expiry. We check every certificate in
+the chain, but we're not sure if we always know the entire chain.</dd>
+<dt>4. <code>ssl.setCheckHostname( true/false )</code></dt>
+<dd>Certificate hostname checking improved. Turned on by default for SSLClient, but turned off by
+default for SSLServer. If turned on for SSLServer, only applied to client certificates by checking
+against a reverse DNS lookup of the client's IP address. Turning on for SSLServer will probably be
+quite rare. We imagine that applications (such as Tomcat) will pass the client chain back up into
+the business layer where people can code in any kind of validation logic they like. But we put
+it in anyway to keep things consistent.
+<p>Support added for certificates with wildcards in the CN field
+(e.g. <a href="https://www.credential.com/">*.credential.com</a>).
+Java already had this, to be fair. We broke it
+by accident!
+<pre style="font-style: 90%; padding: 0 30px;">
+s: CN=*.credential.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/cps (c)05,
+ OU=businessprofile.geotrust.com/get.jsp?GT27402892, O=*.credential.com, C=CA
+i: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
+</pre>
+</p>
+</dd>
+
+<dt>5. PKCS8 support.</dt>
+<dd>Support for OpenSSL "Traditional" and PKCS8 encrypted private keys added.
+Private keys can be RSA or DSA. See our <a href="pkcs8.html">pkcs8 page</a> for more details.</dt>
+<dt>6. New Utility: "<code>KeyStoreBuilder</code>"</dt>
+<dd>Command line utility converts an OpenSSL pair (private key + certificate) into a Java Keystore ("JKS")
+file. To see the command-line options, visit our <a href="utilities.html">utilities page</a>, or just run:
+<pre style="font-style: 90%; padding: 0 30px;">
+
+java -cp commons-ssl-0.3.4.jar org.apache.commons.ssl.KeyStoreBuilder
+</pre></dd>
+</dl>
+
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/index.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/index.html b/3rdparty/not-yet-commons-ssl/docs/index.html
new file mode 100644
index 0000000..db39c4d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/index.html
@@ -0,0 +1,119 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<meta name="Author" content="Julius Davies">
+<title>Java and SSL/TLS Made Easier - Not-Yet-Commons-SSL</title>
+<meta name="description" content="Java library for controlling aspects of SSL. Also helps interop between Java and OpenSSL."/>
+<meta name="keywords" content="Java, SSL, TLS, OpenSSL, HTTPS, Certificates, X.509, X509, Secure Socket Layer, Transport Layer Security, Client Auth, Client Certificate, Client Cert, Client Certificates, Server Cert, Server Certificate, Server Certificates"/>
+<style type="text/css">
+dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+dt { padding: 8px 0 8px 5px; }
+li { padding-bottom: 6px; }
+th { text-align: right; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<span class="hl">main</span> |
+
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Not-Yet-Commons-SSL</h2>
+<p><a href="download.html">not-yet-commons-ssl-0.3.16</a> released! (September 23rd, 2014)</p>
+<p>Requires Java 1.5.x or higher.
+
+<p>Please see our <a href="ssl.html">ssl page</a> for code examples on how to use this library.</a></p>
+
+<h3>Resources:</h3>
+<table border="0" cellpadding="5" cellspacing="5">
+<tr>
+ <th>Design Goals:</th>
+ <td><a href="about.html">about.html</a></td>
+</tr>
+
+<tr>
+ <th>Code Examples:</th>
+ <td><a href="ssl.html">SSL/TLS</a> | <a href="pkcs8.html">PKCS #8</a> | <a href="pbe.html">PBE</a></td>
+</tr>
+<tr>
+
+ <th>Join Mailing List:</th>
+ <td><a href="http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/">http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/</a></td>
+</tr>
+<tr>
+ <th>Mailing List Archives:</th>
+ <td><a href="http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/">http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/</a></td>
+</tr>
+
+<tr>
+ <th>Downloads:</th>
+ <td><a href="download.html">http://juliusdavies.ca/commons-ssl/download.html</a></td>
+</tr>
+<tr>
+ <th>Checkout From Subversion:</th>
+ <td><code>svn co <a style="text-decoration: none;" href="http://juliusdavies.ca/svn/not-yet-commons-ssl/trunk">http://juliusdavies.ca/svn/not-yet-commons-ssl/trunk</a> not-yet-commons-ssl</code></td>
+
+</tr>
+<tr>
+ <th>Browse Subversion (via viewvc):</th>
+ <td><a href="http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl/">http://juliusdavies.ca/svn/not-yet-commons-ssl/viewvc.cgi/not-yet-commons-ssl/</a></td>
+</tr>
+<tr>
+ <th>License (Apache 2.0):</th>
+ <td><a href="LICENSE.txt">LICENSE.txt</a></td>
+
+</tr>
+</table>
+<hr/>
+<h4>About</h4>
+<p>We're calling this library "Not-Yet-Commons-SSL" since we have the intention of one day
+becoming an official Apache project. Not-Yet-Commons-SSL was originally developed by
+<a href="https://www.cucbc.com">Credit Union Central of British Columbia</a>.
+The webpages, releases, and code here on <a href="http://juliusdavies.ca/">juliusdavies.ca</a> have no relationship to
+the Apache Software Foundation, but all code is licensed under <a href="LICENSE.txt">ASL 2.0</a>.
+</p>
+<p>The <a href="http://juliusdavies.ca/svn/viewvc.cgi/trunk/src/java/org/apache/commons/ssl/asn1/">ASN.1 parsing code</a>
+
+comes directly from BouncyCastle (<a href="http://bouncycastle.org/">bouncycastle.org</a>). Our only modification to this
+code was an accidental "reformat" to bring it inline with our code style. Also, in two places, we switched the BC code
+to use <em>our</em> Hex.java
+for encoding/decoding instead of their own.
+The PKCS12 key derivation function (for some PKCS8 version 1.5 encrypted keys) also comes from BouncyCastle.
+Presumably they got it from RSA's PKCS12 specification
+(<a href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf">ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf</a>).
+BouncyCastle maintains copyright over all the code used, but allows us to reuse and redistribute
+(the BouncyCastle license is compatible with ASL 2.0). We are very thankful for their excellent code.
+</p>
+
+<p>Not-Yet-Commons-SSL would never have happened without Oleg Kalnichevski's excellent
+"<a href="http://svn.apache.org/viewvc/jakarta/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/">contrib</a>"
+example in the <a href="http://jakarta.apache.org/httpcomponents/">HttpComponents</a> SVN repository.
+His
+<a href="http://svn.apache.org/viewvc/jakarta/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup">AuthSSLProtocolSocketFactory.java</a>
+
+and
+<a href="http://svn.apache.org/viewvc/jakarta/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java?view=markup">AuthSSLX509TrustManager.java</a>
+examples
+were the seeds for all of this. Evil Comrade Oleg's Javadocs on those classes were also extremely helpful. We
+only one day hope that we can write Javadocs like that (hopefully by <a href="download.html#roadmap">0.7.0</a>!).
+</p>
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt b/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt
new file mode 100644
index 0000000..40c469d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/openssl/compare.txt
@@ -0,0 +1,28 @@
+
+Performance of org.apache.commons.ssl.OpenSSL.decrypt()
+
+Decrypting the same 946MB Base64 DES-3 encrypted file.
+
+
+OpenSSL 0.9.7l 28 Sep 2006
+--------------------
+real 1m40.578s
+user 1m34.223s
+sys 0m04.039s
+
+
+not-yet-commons-ssl-0.3.10
+(22% slower than OpenSSL!)
+--------------------
+real 2m03.270s
+user 1m56.959s
+sys 0m03.605s
+
+
+not-yet-commons-ssl-0.3.9
+(3,000% slower than OpenSSL!)
+--------------------
+real 50m47.424s
+user 18m47.687s
+sys 31m30.298s
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10 b/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10
new file mode 100644
index 0000000..d52bd7d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.10
@@ -0,0 +1,72 @@
+Flat profile of 140.04 secs (12528 total ticks): main
+
+ Interpreted + native Method
+ 0.7% 0 + 90 java.io.FileOutputStream.writeBytes
+ 0.4% 0 + 56 java.io.FileInputStream.readBytes
+ 0.2% 0 + 24 java.lang.System.arraycopy
+ 0.0% 5 + 0 org.apache.commons.ssl.ComboInputStream.read
+ 0.0% 4 + 0 com.sun.crypto.provider.SunJCE_h.a
+ 0.0% 3 + 0 javax.crypto.CipherInputStream.available
+ 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_h.a
+ 0.0% 2 + 0 org.apache.commons.ssl.Base64.decodeBase64
+ 0.0% 0 + 2 java.io.FileInputStream.read
+ 0.0% 2 + 0 java.io.PrintStream.write
+ 0.0% 0 + 2 java.lang.String.intern
+ 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_e.a
+ 0.0% 1 + 0 java.math.BigInteger.addOne
+ 0.0% 1 + 0 java.util.HashMap.getEntry
+ 0.0% 1 + 0 java.lang.String.<init>
+ 0.0% 1 + 0 sun.security.x509.RDN.<init>
+ 0.0% 0 + 1 java.lang.ClassLoader.defineClass1
+ 0.0% 1 + 0 java.math.BigInteger.mulAdd
+ 0.0% 0 + 1 java.util.zip.Inflater.inflateBytes
+ 0.0% 0 + 1 java.util.zip.ZipFile.getEntry
+ 0.0% 1 + 0 org.apache.commons.ssl.Util.pipeStream
+ 0.0% 0 + 1 java.lang.Class.forName0
+ 0.0% 1 + 0 java.lang.StringCoding$CharsetSD.decode
+ 0.0% 1 + 0 java.util.HashMap.<init>
+ 0.0% 0 + 1 java.lang.Object.clone
+ 1.8% 46 + 180 Total interpreted (including elided)
+
+ Compiled + native Method
+ 71.9% 8987 + 0 com.sun.crypto.provider.SunJCE_y.c
+ 7.0% 706 + 167 org.apache.commons.ssl.util.ReadLine.nextAsBytes
+ 3.1% 391 + 0 com.sun.crypto.provider.SunJCE_m.b
+ 2.2% 252 + 28 org.apache.commons.ssl.Base64.decodeBase64
+ 2.0% 249 + 0 org.apache.commons.ssl.Base64InputStream.getLine
+ 1.3% 0 + 168 org.apache.commons.ssl.Base64.discardNonBase64
+ 1.2% 8 + 144 javax.crypto.Cipher.update
+ 0.8% 1 + 96 com.sun.crypto.provider.SunJCE_h.a
+ 0.3% 37 + 0 javax.crypto.CipherInputStream.read
+ 0.2% 22 + 0 org.apache.commons.ssl.Util.pipeStream
+ 0.1% 13 + 0 java.io.BufferedInputStream.read1
+ 0.1% 7 + 0 java.io.FilterInputStream.read
+ 0.0% 2 + 0 adapters
+ 0.0% 1 + 0 java.math.BigInteger.squareToLen
+ 90.3% 10676 + 603 Total compiled
+
+ Stub + native Method
+ 4.6% 0 + 575 java.io.FileOutputStream.writeBytes
+ 3.0% 0 + 380 java.io.FileInputStream.readBytes
+ 7.6% 0 + 955 Total stub
+
+ Thread-local ticks:
+ 0.3% 36 Blocked (of total)
+ 0.1% 7 Class loader
+ 0.0% 1 Compilation
+ 0.2% 24 Unknown: thread_state
+
+
+Flat profile of 0.01 secs (1 total ticks): DestroyJavaVM
+
+ Thread-local ticks:
+100.0% 1 Blocked (of total)
+
+
+Global summary of 140.06 seconds:
+100.0% 12563 Received ticks
+ 0.2% 29 Received GC ticks
+ 0.5% 65 Compilation
+ 0.0% 4 Other VM operations
+ 0.1% 7 Class loader
+ 0.2% 24 Unknown code
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9 b/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9
new file mode 100644
index 0000000..cdff246
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/openssl/profile.3.9
@@ -0,0 +1,72 @@
+Flat profile of 3230.62 secs (320463 total ticks): main
+
+ Interpreted + native Method
+ 0.0% 0 + 17 java.lang.System.arraycopy
+ 0.0% 0 + 7 java.io.FileOutputStream.writeBytes
+ 0.0% 0 + 6 java.io.FileInputStream.read
+ 0.0% 0 + 4 java.lang.Object.clone
+ 0.0% 0 + 3 java.io.FileInputStream.readBytes
+ 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_e.<clinit>
+ 0.0% 2 + 0 java.lang.StringCoding.trim
+ 0.0% 0 + 2 java.util.zip.Inflater.inflateBytes
+ 0.0% 2 + 0 java.math.BigInteger.multiplyToLen
+ 0.0% 2 + 0 com.sun.crypto.provider.SunJCE_h.a
+ 0.0% 1 + 0 sun.security.util.DerValue.init
+ 0.0% 1 + 0 com.sun.crypto.provider.SunJCE_y.a
+ 0.0% 1 + 0 org.apache.commons.ssl.Base64.decodeBase64
+ 0.0% 1 + 0 com.sun.crypto.provider.SunJCE_y.c
+ 0.0% 1 + 0 com.sun.crypto.provider.SunJCE_h.a
+ 0.0% 1 + 0 java.lang.String.toLowerCase
+ 0.0% 1 + 0 sun.security.pkcs.PKCS7.parse
+ 0.0% 0 + 1 java.lang.ClassLoader.findBootstrapClass
+ 0.0% 1 + 0 sun.misc.CharacterDecoder.decodeLinePrefix
+ 0.0% 1 + 0 java.lang.String.lastIndexOf
+ 0.0% 1 + 0 java.util.AbstractList.iterator
+ 0.0% 1 + 0 java.util.HashMap.newValueIterator
+ 0.0% 1 + 0 java.io.DataInputStream.<init>
+ 0.0% 0 + 1 org.apache.commons.ssl.JavaImpl.<clinit>
+ 0.0% 1 + 0 java.util.HashMap.resize
+ 0.0% 28 + 42 Total interpreted (including elided)
+
+ Compiled + native Method
+ 0.0% 111 + 0 com.sun.crypto.provider.SunJCE_y.c
+ 0.0% 0 + 76 javax.crypto.Cipher.update
+ 0.0% 16 + 0 org.apache.commons.ssl.Util.readLine
+ 0.0% 12 + 0 org.apache.commons.ssl.Base64.decodeBase64
+ 0.0% 11 + 0 java.nio.charset.CharsetEncoder.encode
+ 0.0% 9 + 0 org.apache.commons.ssl.Base64InputStream.getLine
+ 0.0% 7 + 1 java.lang.StringCoding$CharsetSE.encode
+ 0.0% 5 + 0 com.sun.crypto.provider.SunJCE_m.b
+ 0.0% 3 + 0 org.apache.commons.ssl.Util.pipeStream
+ 0.0% 1 + 0 javax.crypto.CipherInputStream.read
+ 0.0% 0 + 1 org.apache.commons.ssl.Base64.discardNonBase64
+ 0.0% 1 + 0 java.lang.StringCoding.encode
+ 0.0% 1 + 0 java.math.BigInteger.squareToLen
+ 0.1% 177 + 78 Total compiled
+
+ Stub + native Method
+ 92.6% 0 + 296801 java.io.FileInputStream.read
+ 7.3% 0 + 23277 java.io.FileOutputStream.writeBytes
+ 99.9% 0 + 320078 Total stub
+
+ Thread-local ticks:
+ 0.0% 22 Blocked (of total)
+ 0.0% 7 Class loader
+ 0.0% 1 Compilation
+ 0.0% 1 Unknown: no last frame
+ 0.0% 29 Unknown: thread_state
+
+
+Flat profile of 0.01 secs (1 total ticks): DestroyJavaVM
+
+ Thread-local ticks:
+100.0% 1 Blocked (of total)
+
+
+Global summary of 3230.64 seconds:
+100.0% 320556 Received ticks
+ 0.0% 73 Received GC ticks
+ 0.0% 61 Compilation
+ 0.0% 16 Other VM operations
+ 0.0% 7 Class loader
+ 0.0% 30 Unknown code
[24/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java
new file mode 100644
index 0000000..b2baeb9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogWrapper.java
@@ -0,0 +1,295 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/LogWrapper.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.BufferedOutputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+/**
+ * <p/>
+ * LogWrapper can be used for situations where log4j might not be available on
+ * the classpath. It presents the most basic and critical components of the
+ * log4j API, and passes all log calls through to log4j if possible. If log4j
+ * is not available, logging is sent to standard-out by default.
+ * <p/>
+ * This default logging to standard-out (which only occurs if log4j is NOT
+ * available) can be disabled or changed via the static setBackupStream() and
+ * setBackupLogFile() methods.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 3-Aug-2006
+ */
+public class LogWrapper {
+
+ // final static String[] LEVELS = {"DEBUG", "INFO", "WARN", "ERROR", "FATAL"};
+ final static String[] LEVELS = {"+", " ", "!", "*", "#"};
+ final static String TIMESTAMP_PATTERN = "zzz:yyyy-MM-dd/HH:mm:ss.SSS";
+ final static int TIMESTAMP_LENGTH = TIMESTAMP_PATTERN.length();
+ final static String LINE_SEPARATOR = System.getProperty("line.separator");
+ final static DateFormat DF = new SimpleDateFormat(TIMESTAMP_PATTERN);
+
+ private final static LogWrapper NOOP = new LogWrapper();
+
+ /** Should we print DEBUG statements if log4j is not available? */
+ private final static boolean DEBUG = true;
+
+ /** true if log4j is available */
+ public final static boolean log4j;
+
+ /**
+ * OutputStream to log to if log4j is not available. Set it to null to
+ * disable.
+ */
+ private static volatile OutputStream backup = System.out;
+
+ /** The wrappingPrintStream is lazy-initted if we have to log a stacktrace. */
+ private static volatile PrintStream wrappingPrintStream = null;
+
+ private final LogHelper h;
+
+ static {
+ boolean avail = false;
+ try {
+ // LogHelper's constructor will blow up if log4j.jar isn't on the
+ // classpath.
+ LogHelper lh = new LogHelper(LogWrapper.class);
+ lh.hashCode();
+ avail = true;
+ }
+ catch (Throwable t) {
+ avail = false;
+ }
+ finally {
+ log4j = avail;
+ }
+ }
+
+ public static boolean isLog4jAvailable() { return log4j; }
+
+ public static LogWrapper getLogger(Class c) {
+ return log4j ? new LogWrapper(c) : NOOP;
+ }
+
+ public static LogWrapper getLogger(String s) {
+ return log4j ? new LogWrapper(s) : NOOP;
+ }
+
+ private LogWrapper() { this.h = null; }
+
+ private LogWrapper(Class c) { this.h = new LogHelper(c); }
+
+ private LogWrapper(String s) { this.h = new LogHelper(s); }
+
+ public void debug(Object o) {
+ if (t(0, o, null)) {
+ h.debug(o);
+ }
+ }
+
+ public void debug(Object o, Throwable t) {
+ if (t(0, o, t)) {
+ h.debug(o, t);
+ }
+ }
+
+ public void info(Object o) {
+ if (t(1, o, null)) {
+ h.info(o);
+ }
+ }
+
+ public void info(Object o, Throwable t) {
+ if (t(1, o, t)) {
+ h.info(o, t);
+ }
+ }
+
+ public void warn(Object o) {
+ if (t(2, o, null)) {
+ h.warn(o);
+ }
+ }
+
+ public void warn(Object o, Throwable t) {
+ if (t(2, o, t)) {
+ h.warn(o, t);
+ }
+ }
+
+ public void error(Object o) {
+ if (t(3, o, null)) {
+ h.error(o);
+ }
+ }
+
+ public void error(Object o, Throwable t) {
+ if (t(3, o, t)) {
+ h.error(o, t);
+ }
+ }
+
+ public void fatal(Object o) {
+ if (t(4, o, null)) {
+ h.fatal(o);
+ }
+ }
+
+ public void fatal(Object o, Throwable t) {
+ if (t(4, o, t)) {
+ h.fatal(o, t);
+ }
+ }
+
+ public boolean isDebugEnabled() { return log4j ? h.isDebugEnabled() : DEBUG;}
+
+ public boolean isInfoEnabled() { return !log4j || h.isInfoEnabled(); }
+
+ public Object getLog4jLogger() { return log4j ? h.getLog4jLogger() : null; }
+
+
+ /**
+ * Tests if log4j is available. If not, logs to backup OutputStream (if
+ * backup != null).
+ *
+ * @param level log4j logging level for this statement
+ * @param o object to log
+ * @param t throwable to log
+ * @return true if log4j is available, false if log4j is not. If it returns
+ * false, as a side-effect, it will also log the statement.
+ */
+ private boolean t(int level, Object o, Throwable t) {
+ if (log4j) {
+ return true;
+ } else {
+ // LogWrapper doesn't log debug statements if Log4j is not available
+ // and DEBUG is false.
+ if (backup != null && (DEBUG || level > 0)) {
+ String s = ""; // log4j allows null
+ if (o != null) {
+ try {
+ s = (String) o;
+ }
+ catch (ClassCastException cce) {
+ s = o.toString();
+ }
+ }
+ int len = s.length() + TIMESTAMP_LENGTH + 9;
+ String timestamp = DF.format(new Date());
+ StringBuffer buf = new StringBuffer(len);
+ buf.append(timestamp);
+ if (LEVELS[level].length() == 1) {
+ buf.append(LEVELS[level]);
+ } else {
+ buf.append(' ');
+ buf.append(LEVELS[level]);
+ buf.append(' ');
+ }
+ buf.append(s);
+ buf.append(LINE_SEPARATOR);
+ s = buf.toString();
+ byte[] logBytes = s.getBytes();
+ try {
+ if (t == null) {
+ backup.write(logBytes);
+ } else {
+ synchronized (backup) {
+ backup.write(logBytes);
+ if (t != null) {
+ if (wrappingPrintStream == null) {
+ wrappingPrintStream = new PrintStream(backup, false);
+ }
+ t.printStackTrace(wrappingPrintStream);
+ wrappingPrintStream.flush();
+ }
+ }
+ }
+ backup.flush(); // J2RE 1.5.0 IBM J9 2.3 Linux x86-32 needs this.
+ }
+ catch (IOException ioe) {
+ throw new RuntimeException(ioe.toString());
+ }
+ }
+ return false;
+ }
+ }
+
+ /**
+ * Set file to log to if log4j is not available.
+ *
+ * @param f path to use for backup log file (if log4j not available)
+ * @throws java.io.IOException if we can't write to the given path
+ */
+ public static void setBackupLogFile(String f)
+ throws IOException {
+ if (!log4j) {
+ OutputStream out = new FileOutputStream(f, true);
+ out = new BufferedOutputStream(out);
+ setBackupStream(out);
+ }
+ }
+
+ /**
+ * Set PrintStream to log to if log4j is not available. Set to null to
+ * disable. Default value is System.out.
+ *
+ * @param os outputstream to use for backup logging (if log4j not available)
+ */
+ public static void setBackupStream(OutputStream os) {
+ // synchronize on the old backup - don't want to pull the rug out from
+ // under him if he's working on a big stacktrace or something like that.
+ if (backup != null) {
+ synchronized (backup) {
+ wrappingPrintStream = null;
+ backup = os;
+ }
+ } else {
+ wrappingPrintStream = null;
+ backup = os;
+ }
+ }
+
+ /**
+ * Get the PrintStream we're logging to if log4j is not available.
+ *
+ * @return OutputStream we're using as our log4j replacement.
+ */
+ public static OutputStream getBackupStream() { return backup; }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
new file mode 100644
index 0000000..c4d3798
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/OpenSSL.java
@@ -0,0 +1,718 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/OpenSSL.java $
+ * $Revision: 144 $
+ * $Date: 2009-05-25 11:14:29 -0700 (Mon, 25 May 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.Hex;
+
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import java.io.*;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.StringTokenizer;
+
+/**
+ * Class for encrypting or decrypting data with a password (PBE - password
+ * based encryption). Compatible with "openssl enc" unix utility. An OpenSSL
+ * compatible cipher name must be specified along with the password (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * <pre>
+ * <em style="color: green;">// Encrypt!</em>
+ * byte[] encryptedData = OpenSSL.encrypt( "des3", password, data );
+ * </pre>
+ * <p/>
+ * If you want to specify a raw key and iv directly (without using PBE), use
+ * the methods that take byte[] key, byte[] iv. Those byte[] arrays can be
+ * the raw binary, or they can be ascii (hex representation: '0' - 'F'). If
+ * you want to use PBE to derive the key and iv, then use the methods that
+ * take char[] password.
+ * <p/>
+ * This class is able to decrypt files encrypted with "openssl" unix utility.
+ * <p/>
+ * The "openssl" unix utility is able to decrypt files encrypted by this class.
+ * <p/>
+ * This class is also able to encrypt and decrypt its own files.
+ *
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@gmail.com</a>
+ * @since 18-Oct-2007
+ */
+public class OpenSSL {
+
+
+ /**
+ * Decrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE decryption
+ * @param encrypted byte array to decrypt. Can be raw, or base64.
+ * @return decrypted bytes
+ * @throws java.io.IOException problems with encrypted bytes (unlikely!)
+ * @throws java.security.GeneralSecurityException problems decrypting
+ */
+ public static byte[] decrypt(String cipher, char[] pwd, byte[] encrypted)
+ throws IOException, GeneralSecurityException {
+ ByteArrayInputStream in = new ByteArrayInputStream(encrypted);
+ InputStream decrypted = decrypt(cipher, pwd, in);
+ return Util.streamToBytes(decrypted);
+ }
+
+ /**
+ * Decrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE decryption
+ * @param encrypted InputStream to decrypt. Can be raw, or base64.
+ * @return decrypted bytes as an InputStream
+ * @throws java.io.IOException problems with InputStream
+ * @throws java.security.GeneralSecurityException problems decrypting
+ */
+ public static InputStream decrypt(String cipher, char[] pwd,
+ InputStream encrypted)
+ throws IOException, GeneralSecurityException {
+ CipherInfo cipherInfo = lookup(cipher);
+ boolean salted = false;
+
+ // First 16 bytes of raw binary will hopefully be OpenSSL's
+ // "Salted__[8 bytes of hex]" thing. Might be in Base64, though.
+ byte[] saltLine = Util.streamToBytes(encrypted, 16);
+ if (saltLine.length <= 0) {
+ throw new IOException("encrypted InputStream is empty");
+ }
+ String firstEightBytes = "";
+ if (saltLine.length >= 8) {
+ firstEightBytes = new String(saltLine, 0, 8);
+ }
+ if ("SALTED__".equalsIgnoreCase(firstEightBytes)) {
+ salted = true;
+ } else {
+ // Maybe the reason we didn't find the salt is because we're in
+ // base64.
+ if (Base64.isArrayByteBase64(saltLine)) {
+ InputStream head = new ByteArrayInputStream(saltLine);
+ // Need to put that 16 byte "saltLine" back into the Stream.
+ encrypted = new ComboInputStream(head, encrypted);
+ encrypted = new Base64InputStream(encrypted);
+ saltLine = Util.streamToBytes(encrypted, 16);
+
+ if (saltLine.length >= 8) {
+ firstEightBytes = new String(saltLine, 0, 8);
+ }
+ if ("SALTED__".equalsIgnoreCase(firstEightBytes)) {
+ salted = true;
+ }
+ }
+ }
+
+ byte[] salt = null;
+ if (salted) {
+ salt = new byte[8];
+ System.arraycopy(saltLine, 8, salt, 0, 8);
+ } else {
+ // Encrypted data wasn't salted. Need to put the "saltLine" we
+ // extracted back into the stream.
+ InputStream head = new ByteArrayInputStream(saltLine);
+ encrypted = new ComboInputStream(head, encrypted);
+ }
+
+ int keySize = cipherInfo.keySize;
+ int ivSize = cipherInfo.ivSize;
+ boolean des2 = cipherInfo.des2;
+ DerivedKey dk = deriveKey(pwd, salt, keySize, ivSize, des2);
+ Cipher c = PKCS8Key.generateCipher(
+ cipherInfo.javaCipher, cipherInfo.blockMode, dk, des2, null, true
+ );
+
+ return new CipherInputStream(encrypted, c);
+ }
+
+ /**
+ * Encrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE encryption
+ * @param data byte array to encrypt
+ * @return encrypted bytes as an array in base64. First 16 bytes include the
+ * special OpenSSL "Salted__" info encoded into base64.
+ * @throws java.io.IOException problems with the data byte array
+ * @throws java.security.GeneralSecurityException problems encrypting
+ */
+ public static byte[] encrypt(String cipher, char[] pwd, byte[] data)
+ throws IOException, GeneralSecurityException {
+ // base64 is the default output format.
+ return encrypt(cipher, pwd, data, true);
+ }
+
+ /**
+ * Encrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE encryption
+ * @param data InputStream to encrypt
+ * @return encrypted bytes as an InputStream. First 16 bytes include the
+ * special OpenSSL "Salted__" info encoded into base64.
+ * @throws java.io.IOException problems with the data InputStream
+ * @throws java.security.GeneralSecurityException problems encrypting
+ */
+ public static InputStream encrypt(String cipher, char[] pwd,
+ InputStream data)
+ throws IOException, GeneralSecurityException {
+ // base64 is the default output format.
+ return encrypt(cipher, pwd, data, true);
+ }
+
+ /**
+ * Encrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE encryption
+ * @param data byte array to encrypt
+ * @param toBase64 true if resulting InputStream should contain base64,
+ * <br>false if InputStream should contain raw binary.
+ * @return encrypted bytes as an array. First 16 bytes include the
+ * special OpenSSL "Salted__" info.
+ * @throws java.io.IOException problems with the data byte array
+ * @throws java.security.GeneralSecurityException problems encrypting
+ */
+ public static byte[] encrypt(String cipher, char[] pwd, byte[] data,
+ boolean toBase64)
+ throws IOException, GeneralSecurityException {
+ // we use a salt by default.
+ return encrypt(cipher, pwd, data, toBase64, true);
+ }
+
+ /**
+ * Encrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE encryption
+ * @param data InputStream to encrypt
+ * @param toBase64 true if resulting InputStream should contain base64,
+ * <br>false if InputStream should contain raw binary.
+ * @return encrypted bytes as an InputStream. First 16 bytes include the
+ * special OpenSSL "Salted__" info.
+ * @throws java.io.IOException problems with the data InputStream
+ * @throws java.security.GeneralSecurityException problems encrypting
+ */
+ public static InputStream encrypt(String cipher, char[] pwd,
+ InputStream data, boolean toBase64)
+ throws IOException, GeneralSecurityException {
+ // we use a salt by default.
+ return encrypt(cipher, pwd, data, toBase64, true);
+ }
+
+ /**
+ * Encrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE encryption
+ * @param data byte array to encrypt
+ * @param toBase64 true if resulting InputStream should contain base64,
+ * <br>false if InputStream should contain raw binary.
+ * @param useSalt true if a salt should be used to derive the key.
+ * <br>false otherwise. (Best security practises
+ * always recommend using a salt!).
+ * @return encrypted bytes as an array. First 16 bytes include the
+ * special OpenSSL "Salted__" info if <code>useSalt</code> is true.
+ * @throws java.io.IOException problems with the data InputStream
+ * @throws java.security.GeneralSecurityException problems encrypting
+ */
+ public static byte[] encrypt(String cipher, char[] pwd, byte[] data,
+ boolean toBase64, boolean useSalt)
+ throws IOException, GeneralSecurityException {
+ ByteArrayInputStream in = new ByteArrayInputStream(data);
+ InputStream encrypted = encrypt(cipher, pwd, in, toBase64, useSalt);
+ return Util.streamToBytes(encrypted);
+ }
+
+ /**
+ * Encrypts data using a password and an OpenSSL compatible cipher
+ * name.
+ *
+ * @param cipher The OpenSSL compatible cipher to use (try "man enc" on a
+ * unix box to see what's possible). Some examples:
+ * <ul><li>des, des3, des-ede3-cbc
+ * <li>aes128, aes192, aes256, aes-256-cbc
+ * <li>rc2, rc4, bf</ul>
+ * @param pwd password to use for this PBE encryption
+ * @param data InputStream to encrypt
+ * @param toBase64 true if resulting InputStream should contain base64,
+ * <br>false if InputStream should contain raw binary.
+ * @param useSalt true if a salt should be used to derive the key.
+ * <br>false otherwise. (Best security practises
+ * always recommend using a salt!).
+ * @return encrypted bytes as an InputStream. First 16 bytes include the
+ * special OpenSSL "Salted__" info if <code>useSalt</code> is true.
+ * @throws java.io.IOException problems with the data InputStream
+ * @throws java.security.GeneralSecurityException problems encrypting
+ */
+ public static InputStream encrypt(String cipher, char[] pwd,
+ InputStream data, boolean toBase64,
+ boolean useSalt)
+ throws IOException, GeneralSecurityException {
+ CipherInfo cipherInfo = lookup(cipher);
+ byte[] salt = null;
+ if (useSalt) {
+ SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
+ salt = new byte[8];
+ rand.nextBytes(salt);
+ }
+
+ int keySize = cipherInfo.keySize;
+ int ivSize = cipherInfo.ivSize;
+ boolean des2 = cipherInfo.des2;
+ DerivedKey dk = deriveKey(pwd, salt, keySize, ivSize, des2);
+ Cipher c = PKCS8Key.generateCipher(
+ cipherInfo.javaCipher, cipherInfo.blockMode, dk, des2, null, false
+ );
+
+ InputStream cipherStream = new CipherInputStream(data, c);
+
+ if (useSalt) {
+ byte[] saltLine = new byte[16];
+ byte[] salted = "Salted__".getBytes();
+ System.arraycopy(salted, 0, saltLine, 0, salted.length);
+ System.arraycopy(salt, 0, saltLine, salted.length, salt.length);
+ InputStream head = new ByteArrayInputStream(saltLine);
+ cipherStream = new ComboInputStream(head, cipherStream);
+ }
+ if (toBase64) {
+ cipherStream = new Base64InputStream(cipherStream, true);
+ }
+ return cipherStream;
+ }
+
+
+ public static byte[] decrypt(String cipher, byte[] key, byte[] iv,
+ byte[] encrypted)
+ throws IOException, GeneralSecurityException {
+ ByteArrayInputStream in = new ByteArrayInputStream(encrypted);
+ InputStream decrypted = decrypt(cipher, key, iv, in);
+ return Util.streamToBytes(decrypted);
+ }
+
+ public static InputStream decrypt(String cipher, byte[] key, byte[] iv,
+ InputStream encrypted)
+ throws IOException, GeneralSecurityException {
+ CipherInfo cipherInfo = lookup(cipher);
+ byte[] firstLine = Util.streamToBytes(encrypted, 16);
+ if (Base64.isArrayByteBase64(firstLine)) {
+ InputStream head = new ByteArrayInputStream(firstLine);
+ // Need to put that 16 byte "firstLine" back into the Stream.
+ encrypted = new ComboInputStream(head, encrypted);
+ encrypted = new Base64InputStream(encrypted);
+ } else {
+ // Encrypted data wasn't base64. Need to put the "firstLine" we
+ // extracted back into the stream.
+ InputStream head = new ByteArrayInputStream(firstLine);
+ encrypted = new ComboInputStream(head, encrypted);
+ }
+
+ int keySize = cipherInfo.keySize;
+ int ivSize = cipherInfo.ivSize;
+ if (key.length == keySize / 4) // Looks like key is in hex
+ {
+ key = Hex.decode(key);
+ }
+ if (iv.length == ivSize / 4) // Looks like IV is in hex
+ {
+ iv = Hex.decode(iv);
+ }
+ DerivedKey dk = new DerivedKey(key, iv);
+ Cipher c = PKCS8Key.generateCipher(cipherInfo.javaCipher,
+ cipherInfo.blockMode,
+ dk, cipherInfo.des2, null, true);
+ return new CipherInputStream(encrypted, c);
+ }
+
+ public static byte[] encrypt(String cipher, byte[] key, byte[] iv,
+ byte[] data)
+ throws IOException, GeneralSecurityException {
+ return encrypt(cipher, key, iv, data, true);
+ }
+
+ public static byte[] encrypt(String cipher, byte[] key, byte[] iv,
+ byte[] data, boolean toBase64)
+ throws IOException, GeneralSecurityException {
+ ByteArrayInputStream in = new ByteArrayInputStream(data);
+ InputStream encrypted = encrypt(cipher, key, iv, in, toBase64);
+ return Util.streamToBytes(encrypted);
+ }
+
+
+ public static InputStream encrypt(String cipher, byte[] key, byte[] iv,
+ InputStream data)
+ throws IOException, GeneralSecurityException {
+ return encrypt(cipher, key, iv, data, true);
+ }
+
+ public static InputStream encrypt(String cipher, byte[] key, byte[] iv,
+ InputStream data, boolean toBase64)
+ throws IOException, GeneralSecurityException {
+ CipherInfo cipherInfo = lookup(cipher);
+ int keySize = cipherInfo.keySize;
+ int ivSize = cipherInfo.ivSize;
+ if (key.length == keySize / 4) {
+ key = Hex.decode(key);
+ }
+ if (iv.length == ivSize / 4) {
+ iv = Hex.decode(iv);
+ }
+ DerivedKey dk = new DerivedKey(key, iv);
+ Cipher c = PKCS8Key.generateCipher(cipherInfo.javaCipher,
+ cipherInfo.blockMode,
+ dk, cipherInfo.des2, null, false);
+
+ InputStream cipherStream = new CipherInputStream(data, c);
+ if (toBase64) {
+ cipherStream = new Base64InputStream(cipherStream, true);
+ }
+ return cipherStream;
+ }
+
+
+ public static DerivedKey deriveKey(char[] password, byte[] salt,
+ int keySize, boolean des2)
+ throws NoSuchAlgorithmException {
+ return deriveKey(password, salt, keySize, 0, des2);
+ }
+
+ public static DerivedKey deriveKey(char[] password, byte[] salt,
+ int keySize, int ivSize, boolean des2)
+ throws NoSuchAlgorithmException {
+ if (des2) {
+ keySize = 128;
+ }
+ MessageDigest md = MessageDigest.getInstance("MD5");
+ byte[] pwdAsBytes = new byte[password.length];
+ for (int i = 0; i < password.length; i++) {
+ pwdAsBytes[i] = (byte) password[i];
+ }
+
+ md.reset();
+ byte[] keyAndIv = new byte[(keySize / 8) + (ivSize / 8)];
+ if (salt == null || salt.length == 0) {
+ // Unsalted! Bad idea!
+ salt = null;
+ }
+ byte[] result;
+ int currentPos = 0;
+ while (currentPos < keyAndIv.length) {
+ md.update(pwdAsBytes);
+ if (salt != null) {
+ // First 8 bytes of salt ONLY! That wasn't obvious to me
+ // when using AES encrypted private keys in "Traditional
+ // SSLeay Format".
+ //
+ // Example:
+ // DEK-Info: AES-128-CBC,8DA91D5A71988E3D4431D9C2C009F249
+ //
+ // Only the first 8 bytes are salt, but the whole thing is
+ // re-used again later as the IV. MUCH gnashing of teeth!
+ md.update(salt, 0, 8);
+ }
+ result = md.digest();
+ int stillNeed = keyAndIv.length - currentPos;
+ // Digest gave us more than we need. Let's truncate it.
+ if (result.length > stillNeed) {
+ byte[] b = new byte[stillNeed];
+ System.arraycopy(result, 0, b, 0, b.length);
+ result = b;
+ }
+ System.arraycopy(result, 0, keyAndIv, currentPos, result.length);
+ currentPos += result.length;
+ if (currentPos < keyAndIv.length) {
+ // Next round starts with a hash of the hash.
+ md.reset();
+ md.update(result);
+ }
+ }
+ if (des2) {
+ keySize = 192;
+ byte[] buf = new byte[keyAndIv.length + 8];
+ // Make space where 3rd key needs to go (16th - 24th bytes):
+ System.arraycopy(keyAndIv, 0, buf, 0, 16);
+ if (ivSize > 0) {
+ System.arraycopy(keyAndIv, 16, buf, 24, keyAndIv.length - 16);
+ }
+ keyAndIv = buf;
+ // copy first 8 bytes into last 8 bytes to create 2DES key.
+ System.arraycopy(keyAndIv, 0, keyAndIv, 16, 8);
+ }
+ if (ivSize == 0) {
+ // if ivSize == 0, then "keyAndIv" array is actually all key.
+
+ // Must be "Traditional SSLeay Format" encrypted private key in
+ // PEM. The "salt" in its entirety (not just first 8 bytes) will
+ // probably be re-used later as the IV (initialization vector).
+ return new DerivedKey(keyAndIv, salt);
+ } else {
+ byte[] key = new byte[keySize / 8];
+ byte[] iv = new byte[ivSize / 8];
+ System.arraycopy(keyAndIv, 0, key, 0, key.length);
+ System.arraycopy(keyAndIv, key.length, iv, 0, iv.length);
+ return new DerivedKey(key, iv);
+ }
+ }
+
+
+ public static class CipherInfo {
+ public final String javaCipher;
+ public final String blockMode;
+ public final int keySize;
+ public final int ivSize;
+ public final boolean des2;
+
+ public CipherInfo(String javaCipher, String blockMode, int keySize,
+ int ivSize, boolean des2) {
+ this.javaCipher = javaCipher;
+ this.blockMode = blockMode;
+ this.keySize = keySize;
+ this.ivSize = ivSize;
+ this.des2 = des2;
+ }
+
+ public String toString() {
+ return javaCipher + "/" + blockMode + " " + keySize + "bit des2=" + des2;
+ }
+ }
+
+ /**
+ * Converts the way OpenSSL names its ciphers into a Java-friendly naming.
+ *
+ * @param openSSLCipher OpenSSL cipher name, e.g. "des3" or "des-ede3-cbc".
+ * Try "man enc" on a unix box to see what's possible.
+ * @return CipherInfo object with the Java-friendly cipher information.
+ */
+ public static CipherInfo lookup(String openSSLCipher) {
+ openSSLCipher = openSSLCipher.trim();
+ if (openSSLCipher.charAt(0) == '-') {
+ openSSLCipher = openSSLCipher.substring(1);
+ }
+ String javaCipher = openSSLCipher.toUpperCase();
+ String blockMode = "CBC";
+ int keySize = -1;
+ int ivSize = 64;
+ boolean des2 = false;
+
+
+ StringTokenizer st = new StringTokenizer(openSSLCipher, "-");
+ if (st.hasMoreTokens()) {
+ javaCipher = st.nextToken().toUpperCase();
+ if (st.hasMoreTokens()) {
+ // Is this the middle token? Or the last token?
+ String tok = st.nextToken();
+ if (st.hasMoreTokens()) {
+ try {
+ keySize = Integer.parseInt(tok);
+ }
+ catch (NumberFormatException nfe) {
+ // I guess 2nd token isn't an integer
+ String upper = tok.toUpperCase();
+ if (upper.startsWith("EDE3")) {
+ javaCipher = "DESede";
+ } else if (upper.startsWith("EDE")) {
+ javaCipher = "DESede";
+ des2 = true;
+ }
+ }
+ blockMode = st.nextToken().toUpperCase();
+ } else {
+ try {
+ keySize = Integer.parseInt(tok);
+ }
+ catch (NumberFormatException nfe) {
+ // It's the last token, so must be mode (usually "CBC").
+ blockMode = tok.toUpperCase();
+ if (blockMode.startsWith("EDE3")) {
+ javaCipher = "DESede";
+ blockMode = "ECB";
+ } else if (blockMode.startsWith("EDE")) {
+ javaCipher = "DESede";
+ blockMode = "ECB";
+ des2 = true;
+ }
+ }
+ }
+ }
+ }
+ if (javaCipher.startsWith("BF")) {
+ javaCipher = "Blowfish";
+ } else if (javaCipher.startsWith("TWOFISH")) {
+ javaCipher = "Twofish";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("IDEA")) {
+ javaCipher = "IDEA";
+ } else if (javaCipher.startsWith("CAST6")) {
+ javaCipher = "CAST6";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("CAST")) {
+ javaCipher = "CAST5";
+ } else if (javaCipher.startsWith("GOST")) {
+ keySize = 256;
+ } else if (javaCipher.startsWith("DESX")) {
+ javaCipher = "DESX";
+ } else if ("DES3".equals(javaCipher)) {
+ javaCipher = "DESede";
+ } else if ("DES2".equals(javaCipher)) {
+ javaCipher = "DESede";
+ des2 = true;
+ } else if (javaCipher.startsWith("RIJNDAEL")) {
+ javaCipher = "Rijndael";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("SEED")) {
+ javaCipher = "SEED";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("SERPENT")) {
+ javaCipher = "Serpent";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("Skipjack")) {
+ javaCipher = "Skipjack";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("RC6")) {
+ javaCipher = "RC6";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("TEA")) {
+ javaCipher = "TEA";
+ } else if (javaCipher.startsWith("XTEA")) {
+ javaCipher = "XTEA";
+ } else if (javaCipher.startsWith("AES")) {
+ if (javaCipher.startsWith("AES128")) {
+ keySize = 128;
+ } else if (javaCipher.startsWith("AES192")) {
+ keySize = 192;
+ } else if (javaCipher.startsWith("AES256")) {
+ keySize = 256;
+ }
+ javaCipher = "AES";
+ ivSize = 128;
+ } else if (javaCipher.startsWith("CAMELLIA")) {
+ if (javaCipher.startsWith("CAMELLIA128")) {
+ keySize = 128;
+ } else if (javaCipher.startsWith("CAMELLIA192")) {
+ keySize = 192;
+ } else if (javaCipher.startsWith("CAMELLIA256")) {
+ keySize = 256;
+ }
+ javaCipher = "CAMELLIA";
+ ivSize = 128;
+ }
+ if (keySize == -1) {
+ if (javaCipher.startsWith("DESede")) {
+ keySize = 192;
+ } else if (javaCipher.startsWith("DES")) {
+ keySize = 64;
+ } else {
+ // RC2, RC4, RC5 and Blowfish ?
+ keySize = 128;
+ }
+ }
+ return new CipherInfo(javaCipher, blockMode, keySize, ivSize, des2);
+ }
+
+
+ /**
+ * @param args command line arguments: [password] [cipher] [file-to-decrypt]
+ * <br>[cipher] == OpenSSL cipher name, e.g. "des3" or "des-ede3-cbc".
+ * Try "man enc" on a unix box to see what's possible.
+ * @throws java.io.IOException problems with the [file-to-decrypt]
+ * @throws java.security.GeneralSecurityException decryption problems
+ */
+ public static void main(String[] args)
+ throws IOException, GeneralSecurityException {
+ if (args.length < 3) {
+ System.out.println(Version.versionString());
+ System.out.println("Pure-java utility to decrypt files previously encrypted by \'openssl enc\'");
+ System.out.println();
+ System.out.println("Usage: java -cp commons-ssl.jar org.apache.commons.ssl.OpenSSL [args]");
+ System.out.println(" [args] == [password] [cipher] [file-to-decrypt]");
+ System.out.println(" [cipher] == des, des3, des-ede3-cbc, aes256, rc2, rc4, bf, bf-cbc, etc...");
+ System.out.println(" Try 'man enc' on a unix box to see what's possible.");
+ System.out.println();
+ System.out.println("This utility can handle base64 or raw, salted or unsalted.");
+ System.out.println();
+ System.exit(1);
+ }
+ char[] password = args[0].toCharArray();
+
+ InputStream in = new FileInputStream(args[2]);
+ in = decrypt(args[1], password, in);
+
+ // in = encrypt( args[ 1 ], pwdAsBytes, in, true );
+
+ in = new BufferedInputStream(in);
+ BufferedOutputStream bufOut = new BufferedOutputStream( System.out );
+ Util.pipeStream(in, bufOut, false);
+ bufOut.flush();
+ System.out.flush();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PBETestCreate.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PBETestCreate.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PBETestCreate.java
new file mode 100644
index 0000000..f962e10
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PBETestCreate.java
@@ -0,0 +1,79 @@
+package org.apache.commons.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.TreeSet;
+
+/**
+ * @author Julius Davies
+ * @since 4-Jul-2007
+ */
+public class PBETestCreate {
+
+ public static void main(String[] args) throws Exception {
+ FileInputStream in = new FileInputStream(args[0]);
+ Properties p = new Properties();
+ p.load(in);
+ in.close();
+
+ String targetDir = p.getProperty("target");
+ File dir = new File(targetDir);
+ dir.mkdirs();
+ if (!dir.exists()) {
+ throw new IOException(dir.getCanonicalPath() + " doesn't exist!");
+ }
+
+ TreeSet ciphers = new TreeSet();
+ Iterator it = p.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry entry = (Map.Entry) it.next();
+ String key = (String) entry.getKey();
+ if (!"target".equalsIgnoreCase(key)) {
+ ciphers.add(key);
+ ciphers.add(key + "-cbc");
+ ciphers.add(key + "-cfb");
+ ciphers.add(key + "-cfb1");
+ ciphers.add(key + "-cfb8");
+ ciphers.add(key + "-ecb");
+ ciphers.add(key + "-ofb");
+ }
+ }
+
+ byte[] toEncrypt = "Hello World!".getBytes("UTF-8");
+ char[] pwd = "changeit".toCharArray();
+ it = ciphers.iterator();
+ while (it.hasNext()) {
+ String cipher = (String) it.next();
+ String cipherPadded = Util.pad(cipher, 15, false);
+ String fileNameBase64 = cipher + ".base64";
+ String fileNameRaw = cipher + ".raw";
+ String d = dir.getCanonicalPath() + "/";
+ try {
+ byte[] base64 = OpenSSL.encrypt(cipher, pwd, toEncrypt, true);
+ FileOutputStream out = new FileOutputStream(d + fileNameBase64);
+ out.write(base64);
+ out.close();
+ }
+ catch (Exception e) {
+ System.err.println("FAILURE \t" + cipherPadded + "\t" + fileNameBase64 + "\t" + e);
+ }
+
+ try {
+ byte[] raw = OpenSSL.encrypt(cipher, pwd, toEncrypt, false);
+ FileOutputStream out = new FileOutputStream(d + fileNameRaw);
+ out.write(raw);
+ out.close();
+ }
+ catch (Exception e) {
+ System.err.println("FAILURE \t" + cipherPadded + "\t" + fileNameRaw + "\t" + e);
+ }
+
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
new file mode 100644
index 0000000..e0a9684
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMItem.java
@@ -0,0 +1,106 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/PEMItem.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.Hex;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.TreeMap;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 13-Aug-2006
+ */
+public class PEMItem {
+ public final static String DEK_INFO = "dek-info";
+
+ private final byte[] derBytes;
+ public final String pemType;
+ public final Map properties;
+
+ public final String dekInfo;
+ public final byte[] iv;
+ public final String cipher;
+ public final boolean des2;
+ public final String mode;
+ public final int keySizeInBits;
+
+ public PEMItem(byte[] derBytes, String type) {
+ this(derBytes, type, null);
+ }
+
+ public PEMItem(byte[] derBytes, String type, Map properties) {
+ this.derBytes = derBytes;
+ this.pemType = type;
+ if (properties == null) {
+ properties = new TreeMap(); // empty map
+ }
+ this.properties = Collections.unmodifiableMap(properties);
+ String di = (String) properties.get(DEK_INFO);
+ String diCipher = "";
+ String diIV = "";
+ if (di != null) {
+ StringTokenizer st = new StringTokenizer(di, ",");
+ if (st.hasMoreTokens()) {
+ diCipher = st.nextToken().trim().toLowerCase();
+ }
+ if (st.hasMoreTokens()) {
+ diIV = st.nextToken().trim().toLowerCase();
+ }
+ }
+ this.dekInfo = diCipher;
+ this.iv = Hex.decode(diIV);
+ if (!"".equals(diCipher)) {
+ OpenSSL.CipherInfo cipherInfo = OpenSSL.lookup(diCipher);
+ this.cipher = cipherInfo.javaCipher;
+ this.mode = cipherInfo.blockMode;
+ this.keySizeInBits = cipherInfo.keySize;
+ this.des2 = cipherInfo.des2;
+ } else {
+ this.mode = "";
+ cipher = "UNKNOWN";
+ keySizeInBits = -1;
+ des2 = false;
+ }
+ }
+
+ public byte[] getDerBytes() {
+ byte[] b = new byte[derBytes.length];
+ System.arraycopy(derBytes, 0, b, 0, derBytes.length);
+ return b;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMUtil.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMUtil.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMUtil.java
new file mode 100644
index 0000000..c2a7099
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/PEMUtil.java
@@ -0,0 +1,250 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/PEMUtil.java $
+ * $Revision: 153 $
+ * $Date: 2009-09-15 22:40:53 -0700 (Tue, 15 Sep 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.ByteArrayReadLine;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.PublicKey;
+import java.util.*;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 13-Aug-2006
+ */
+public class PEMUtil {
+ final static String LINE_SEPARATOR = System.getProperty("line.separator");
+
+ public static byte[] encode(Collection items) throws IOException {
+ final byte[] LINE_SEPARATOR_BYTES = LINE_SEPARATOR.getBytes("UTF-8");
+ ByteArrayOutputStream out = new ByteArrayOutputStream(8192);
+ Iterator it = items.iterator();
+ while (it.hasNext()) {
+ PEMItem item = (PEMItem) it.next();
+ out.write("-----BEGIN ".getBytes("UTF-8"));
+ out.write(item.pemType.getBytes("UTF-8"));
+ out.write("-----".getBytes("UTF-8"));
+ out.write(LINE_SEPARATOR_BYTES);
+
+ byte[] derBytes = item.getDerBytes();
+ ByteArrayInputStream bin = new ByteArrayInputStream(derBytes);
+ byte[] line = Util.streamToBytes(bin, 48);
+ while (line.length == 48) {
+ byte[] base64Line = Base64.encodeBase64(line);
+ out.write(base64Line);
+ out.write(LINE_SEPARATOR_BYTES);
+ line = Util.streamToBytes(bin, 48);
+ }
+ if (line.length > 0) {
+ byte[] base64Line = Base64.encodeBase64(line);
+ out.write(base64Line);
+ out.write(LINE_SEPARATOR_BYTES);
+ }
+ out.write("-----END ".getBytes("UTF-8"));
+ out.write(item.pemType.getBytes("UTF-8"));
+ out.write("-----".getBytes("UTF-8"));
+ out.write(LINE_SEPARATOR_BYTES);
+ }
+ return out.toByteArray();
+ }
+
+ public static List decode(byte[] pemBytes) {
+ LinkedList pemItems = new LinkedList();
+ ByteArrayInputStream in = new ByteArrayInputStream(pemBytes);
+ ByteArrayReadLine readLine = new ByteArrayReadLine(in);
+ String line = readLine.next();
+ while (line != null) {
+ int len = 0;
+ byte[] decoded;
+ ArrayList listOfByteArrays = new ArrayList(64);
+ Map properties = new HashMap();
+ String type = "[unknown]";
+ while (line != null && !beginBase64(line)) {
+ line = readLine.next();
+ }
+ if (line != null) {
+ String upperLine = line.toUpperCase();
+ int x = upperLine.indexOf("-BEGIN") + "-BEGIN".length();
+ int y = upperLine.indexOf("-", x);
+ type = upperLine.substring(x, y).trim();
+ line = readLine.next();
+ }
+ while (line != null && !endBase64(line)) {
+ line = Util.trim(line);
+ if (!"".equals(line)) {
+ int x = line.indexOf(':');
+ if (x > 0) {
+ String k = line.substring(0, x).trim();
+ String v = "";
+ if (line.length() > x + 1) {
+ v = line.substring(x + 1).trim();
+ }
+ properties.put(k.toLowerCase(), v.toLowerCase());
+ } else {
+ byte[] base64 = line.getBytes();
+ byte[] rawBinary = Base64.decodeBase64(base64);
+ listOfByteArrays.add(rawBinary);
+ len += rawBinary.length;
+ }
+ }
+ line = readLine.next();
+ }
+ if (line != null) {
+ line = readLine.next();
+ }
+
+ if (!listOfByteArrays.isEmpty()) {
+ decoded = new byte[len];
+ int pos = 0;
+ Iterator it = listOfByteArrays.iterator();
+ while (it.hasNext()) {
+ byte[] oneLine = (byte[]) it.next();
+ System.arraycopy(oneLine, 0, decoded, pos, oneLine.length);
+ pos += oneLine.length;
+ }
+ PEMItem item = new PEMItem(decoded, type, properties);
+ pemItems.add(item);
+ }
+ }
+
+ // closing ByteArrayInputStream is a NO-OP
+ // in.close();
+
+ return pemItems;
+ }
+
+ private static boolean beginBase64(String line) {
+ line = line != null ? line.trim().toUpperCase() : "";
+ int x = line.indexOf("-BEGIN");
+ return x > 0 && startsAndEndsWithDashes(line);
+ }
+
+ private static boolean endBase64(String line) {
+ line = line != null ? line.trim().toUpperCase() : "";
+ int x = line.indexOf("-END");
+ return x > 0 && startsAndEndsWithDashes(line);
+ }
+
+ private static boolean startsAndEndsWithDashes(String line) {
+ line = Util.trim(line);
+ char c = line.charAt(0);
+ char d = line.charAt(line.length() - 1);
+ return c == '-' && d == '-';
+ }
+
+ public static String formatRSAPrivateKey(RSAPrivateCrtKey key) {
+ StringBuffer buf = new StringBuffer(2048);
+ buf.append("Private-Key:");
+ buf.append(LINE_SEPARATOR);
+ buf.append("modulus:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getModulus(), 129 * 2));
+ buf.append(LINE_SEPARATOR);
+ buf.append("publicExponent: ");
+ buf.append(key.getPublicExponent());
+ buf.append(LINE_SEPARATOR);
+ buf.append("privateExponent:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getPrivateExponent(), 128 * 2));
+ buf.append(LINE_SEPARATOR);
+ buf.append("prime1:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getPrimeP(), 65 * 2));
+ buf.append(LINE_SEPARATOR);
+ buf.append("prime2:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getPrimeQ(), 65 * 2));
+ buf.append(LINE_SEPARATOR);
+ buf.append("exponent1:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getPrimeExponentP(), 65 * 2));
+ buf.append(LINE_SEPARATOR);
+ buf.append("exponent2:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getPrimeExponentQ(), 65 * 2));
+ buf.append(LINE_SEPARATOR);
+ buf.append("coefficient:");
+ buf.append(LINE_SEPARATOR);
+ buf.append(formatBigInteger(key.getCrtCoefficient(), 65 * 2));
+ return buf.toString();
+ }
+
+ public static String formatBigInteger(BigInteger bi, int length) {
+ String s = bi.toString(16);
+ StringBuffer buf = new StringBuffer(s.length());
+ int zeroesToAppend = length - s.length();
+ int count = 0;
+ buf.append(" ");
+ for (int i = 0; i < zeroesToAppend; i++) {
+ count++;
+ buf.append('0');
+ if (i % 2 == 1) {
+ buf.append(':');
+ }
+ }
+ for (int i = 0; i < s.length() - 2; i++) {
+ count++;
+ buf.append(s.charAt(i));
+ if (i % 2 == 1) {
+ buf.append(':');
+ }
+ if (count % 30 == 0) {
+ buf.append(LINE_SEPARATOR);
+ buf.append(" ");
+ }
+ }
+ buf.append(s.substring(s.length() - 2));
+ return buf.toString();
+ }
+
+ public static String toPem(PublicKey key) throws IOException {
+ PEMItem item = null;
+ if (key instanceof RSAPublicKey) {
+ item = new PEMItem(key.getEncoded(), "PUBLIC KEY");
+ } else if (key instanceof DSAPublicKey) {
+ item = new PEMItem(key.getEncoded(), "PUBLIC KEY");
+ } else {
+ throw new IOException("Not an RSA or DSA key");
+ }
+ byte[] pem = encode(Collections.singleton(item));
+ return new String(pem, "UTF-8");
+ }
+
+}
[09/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/Authenticator.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/Authenticator.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/Authenticator.java
new file mode 100644
index 0000000..1d7b076
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/Authenticator.java
@@ -0,0 +1,125 @@
+package org.apache.kerberos.kerb.spec.ap;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+/**
+ Authenticator ::= [APPLICATION 2] SEQUENCE {
+ authenticator-vno [0] INTEGER (5),
+ crealm [1] Realm,
+ cname [2] PrincipalName,
+ cksum [3] Checksum OPTIONAL,
+ cusec [4] Microseconds,
+ ctime [5] KerberosTime,
+ subkey [6] EncryptionKey OPTIONAL,
+ seq-number [7] UInt32 OPTIONAL,
+ authorization-data [8] AuthorizationData OPTIONAL
+ }
+ */
+public class Authenticator extends KrbAppSequenceType {
+ public static int TAG = 2;
+ private static int AUTHENTICATOR_VNO = 0;
+ private static int CREALM = 1;
+ private static int CNAME = 2;
+ private static int CKSUM = 3;
+ private static int CUSEC = 4;
+ private static int CTIME = 5;
+ private static int SUBKEY = 6;
+ private static int SEQ_NUMBER = 7;
+ private static int AUTHORIZATION_DATA = 8;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(AUTHENTICATOR_VNO, 0, Asn1Integer.class),
+ new Asn1FieldInfo(CREALM, 1, KerberosString.class),
+ new Asn1FieldInfo(CNAME, 2, PrincipalName.class),
+ new Asn1FieldInfo(CKSUM, 3, CheckSum.class),
+ new Asn1FieldInfo(CUSEC, 4, Asn1Integer.class),
+ new Asn1FieldInfo(CTIME, 5, KerberosTime.class),
+ new Asn1FieldInfo(SUBKEY, 6, EncryptionKey.class),
+ new Asn1FieldInfo(SEQ_NUMBER, 7, Asn1Integer.class),
+ new Asn1FieldInfo(AUTHORIZATION_DATA, 8, AuthorizationData.class)
+ };
+
+ public Authenticator() {
+ super(TAG, fieldInfos);
+ }
+
+ public int getAuthenticatorVno() {
+ return getFieldAsInt(AUTHENTICATOR_VNO);
+ }
+
+ public void setAuthenticatorVno(int authenticatorVno) {
+ setFieldAsInt(AUTHENTICATOR_VNO, authenticatorVno);
+ }
+
+ public String getCrealm() {
+ return getFieldAsString(CREALM);
+ }
+
+ public void setCrealm(String crealm) {
+ setFieldAsString(CREALM, crealm);
+ }
+
+ public PrincipalName getCname() {
+ return getFieldAs(CNAME, PrincipalName.class);
+ }
+
+ public void setCname(PrincipalName cname) {
+ setFieldAs(CNAME, cname);
+ }
+
+ public CheckSum getCksum() {
+ return getFieldAs(CKSUM, CheckSum.class);
+ }
+
+ public void setCksum(CheckSum cksum) {
+ setFieldAs(CKSUM, cksum);
+ }
+
+ public int getCusec() {
+ return getFieldAsInt(CUSEC);
+ }
+
+ public void setCusec(int cusec) {
+ setFieldAsInt(CUSEC, cusec);
+ }
+
+ public KerberosTime getCtime() {
+ return getFieldAsTime(CTIME);
+ }
+
+ public void setCtime(KerberosTime ctime) {
+ setFieldAs(CTIME, ctime);
+ }
+
+ public EncryptionKey getSubKey() {
+ return getFieldAs(SUBKEY, EncryptionKey.class);
+ }
+
+ public void setSubKey(EncryptionKey subKey) {
+ setFieldAs(SUBKEY, subKey);
+ }
+
+ public int getSeqNumber() {
+ return getFieldAsInt(SEQ_NUMBER);
+ }
+
+ public void setSeqNumber(Integer seqNumber) {
+ setFieldAsInt(SEQ_NUMBER, seqNumber);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return getFieldAs(AUTHORIZATION_DATA, AuthorizationData.class);
+ }
+
+ public void setAuthorizationData(AuthorizationData authorizationData) {
+ setFieldAs(AUTHORIZATION_DATA, authorizationData);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/EncAPRepPart.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/EncAPRepPart.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/EncAPRepPart.java
new file mode 100644
index 0000000..871ffc1
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ap/EncAPRepPart.java
@@ -0,0 +1,66 @@
+package org.apache.kerberos.kerb.spec.ap;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+
+/**
+ EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
+ ctime [0] KerberosTime,
+ cusec [1] Microseconds,
+ subkey [2] EncryptionKey OPTIONAL,
+ seq-number [3] UInt32 OPTIONAL
+ }
+ */
+public class EncAPRepPart extends KrbAppSequenceType {
+ public static int TAG = 27;
+ private static int CTIME = 0;
+ private static int CUSEC = 1;
+ private static int SUBKEY = 2;
+ private static int SEQ_NUMBER = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(CTIME, 0, KerberosTime.class),
+ new Asn1FieldInfo(CUSEC, 1, Asn1Integer.class),
+ new Asn1FieldInfo(SUBKEY, 2, EncryptionKey.class),
+ new Asn1FieldInfo(SEQ_NUMBER, 3, Asn1Integer.class)
+ };
+
+ public EncAPRepPart() {
+ super(TAG, fieldInfos);
+ }
+
+ public KerberosTime getCtime() {
+ return getFieldAsTime(CTIME);
+ }
+
+ public void setCtime(KerberosTime ctime) {
+ setFieldAs(CTIME, ctime);
+ }
+
+ public int getCusec() {
+ return getFieldAsInt(CUSEC);
+ }
+
+ public void setCusec(int cusec) {
+ setFieldAsInt(CUSEC, cusec);
+ }
+
+ public EncryptionKey getSubkey() {
+ return getFieldAs(SUBKEY, EncryptionKey.class);
+ }
+
+ public void setSubkey(EncryptionKey subkey) {
+ setFieldAs(SUBKEY, subkey);
+ }
+
+ public int getSeqNumber() {
+ return getFieldAsInt(SEQ_NUMBER);
+ }
+
+ public void setSeqNumber(Integer seqNumber) {
+ setFieldAsInt(SEQ_NUMBER, seqNumber);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AdToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AdToken.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AdToken.java
new file mode 100644
index 0000000..11e8580
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AdToken.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ AD-TOKEN ::= SEQUENCE {
+ token [0] OCTET STRING,
+ }
+*/
+public class AdToken extends KrbSequenceType {
+ private static int TOKEN = 0;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TOKEN, KrbToken.class)
+ };
+
+ public AdToken() {
+ super(fieldInfos);
+ }
+
+ public KrbToken getToken() {
+ return getFieldAs(TOKEN, KrbToken.class);
+ }
+
+ public void setToken(KrbToken token) {
+ setFieldAs(TOKEN, token);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationData.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationData.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationData.java
new file mode 100644
index 0000000..88758b8
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationData.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ */
+public class AuthorizationData extends KrbSequenceOfType<AuthorizationDataEntry> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationDataEntry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationDataEntry.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationDataEntry.java
new file mode 100644
index 0000000..216eebe
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationDataEntry.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ */
+public class AuthorizationDataEntry extends KrbSequenceType {
+ private static int AD_TYPE = 0;
+ private static int AD_DATA = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(AD_TYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(AD_DATA, 1, Asn1OctetString.class)
+ };
+
+ public AuthorizationDataEntry() {
+ super(fieldInfos);
+ }
+
+ public AuthorizationType getAuthzType() {
+ Integer value = getFieldAsInteger(AD_TYPE);
+ return AuthorizationType.fromValue(value);
+ }
+
+ public void setAuthzType(AuthorizationType authzType) {
+ setFieldAsInt(AD_TYPE, authzType.getValue());
+ }
+
+ public byte[] getAuthzData() {
+ return getFieldAsOctets(AD_DATA);
+ }
+
+ public void setAuthzData(byte[] authzData) {
+ setFieldAsOctets(AD_DATA, authzData);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationType.java
new file mode 100644
index 0000000..53f5588
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/AuthorizationType.java
@@ -0,0 +1,124 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum AuthorizationType implements KrbEnum {
+ /**
+ * Constant for the "null" authorization type.
+ */
+ NULL(0),
+
+ /**
+ * Constant for the "if relevant" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_IF_RELEVANT(1),
+
+ /**
+ * Constant for the "intended for server" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_INTENDED_FOR_SERVER(2),
+
+ /**
+ * Constant for the "intended for application class" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_INTENDED_FOR_APPLICATION_CLASS(3),
+
+ /**
+ * Constant for the "kdc issued" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_KDC_ISSUED(4),
+
+ /**
+ * Constant for the "or" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_OR(5),
+
+ /**
+ * Constant for the "mandatory ticket extensions" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_MANDATORY_TICKET_EXTENSIONS(6),
+
+ /**
+ * Constant for the "in ticket extensions" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_IN_TICKET_EXTENSIONS(7),
+
+ /**
+ * Constant for the "mandatory-for-kdc" authorization type.
+ *
+ * RFC 4120
+ */
+ AD_MANDATORY_FOR_KDC(8),
+
+ /**
+ * Constant for the "OSF DCE" authorization type.
+ *
+ * RFC 1510
+ */
+ OSF_DCE(64),
+
+ /**
+ * Constant for the "sesame" authorization type.
+ *
+ * RFC 1510
+ */
+ SESAME(65),
+
+ /**
+ * Constant for the "OSF-DCE pki certid" authorization type.
+ *
+ * RFC 1510
+ */
+ AD_OSF_DCE_PKI_CERTID(66),
+
+ /**
+ * Constant for the "sesame" authorization type.
+ *
+ * RFC 1510
+ */
+ AD_WIN2K_PAC(128),
+
+ /**
+ * Constant for the "sesame" authorization type.
+ *
+ * RFC 1510
+ */
+ AD_ETYPE_NEGOTIATION(129);
+
+ private final int value;
+
+ private AuthorizationType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static AuthorizationType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (AuthorizationType) e;
+ }
+ }
+ }
+
+ return NULL;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSum.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSum.java
new file mode 100644
index 0000000..e50dbca
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSum.java
@@ -0,0 +1,76 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+import java.util.Arrays;
+
+/**
+ Checksum ::= SEQUENCE {
+ cksumtype [0] Int32,
+ checksum [1] OCTET STRING
+ }
+ */
+public class CheckSum extends KrbSequenceType {
+ private static int CKSUM_TYPE = 0;
+ private static int CHECK_SUM = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(CKSUM_TYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(CHECK_SUM, 1, Asn1OctetString.class)
+ };
+
+ public CheckSum() {
+ super(fieldInfos);
+ }
+
+ public CheckSum(CheckSumType cksumType, byte[] checksum) {
+ this();
+
+ setCksumtype(cksumType);
+ setChecksum(checksum);
+ }
+
+ public CheckSum(int cksumType, byte[] checksum) {
+ this(CheckSumType.fromValue(cksumType), checksum);
+ }
+
+ public CheckSumType getCksumtype() {
+ Integer value = getFieldAsInteger(CKSUM_TYPE);
+ return CheckSumType.fromValue(value);
+ }
+
+ public void setCksumtype(CheckSumType cksumtype) {
+ setFieldAsInt(CKSUM_TYPE, cksumtype.getValue());
+ }
+
+ public byte[] getChecksum() {
+ return getFieldAsOctets(CHECK_SUM);
+ }
+
+ public void setChecksum(byte[] checksum) {
+ setFieldAsOctets(CHECK_SUM, checksum);
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ if (this == other) return true;
+ if (other == null || getClass() != other.getClass()) return false;
+
+ CheckSum that = (CheckSum) other;
+
+ if (getCksumtype() != that.getCksumtype()) return false;
+
+ return Arrays.equals(getChecksum(), that.getChecksum());
+ }
+
+ public boolean isEqual(CheckSum other) {
+ return this.equals(other);
+ }
+
+ public boolean isEqual(byte[] cksumBytes) {
+ return Arrays.equals(getChecksum(), cksumBytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSumType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSumType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSumType.java
new file mode 100644
index 0000000..0dc7a4f
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/CheckSumType.java
@@ -0,0 +1,96 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum CheckSumType implements KrbEnum {
+ NONE(0, "none", "None checksum type"),
+
+ CRC32(0x0001, "crc32", "CRC-32"),
+
+ RSA_MD4(0x0002, "md4", "RSA-MD4"),
+
+ RSA_MD4_DES(0x0003, "md4-des", "RSA-MD4 with DES cbc mode"),
+
+ DES_CBC(0x0004, "des-cbc", "DES cbc mode"),
+ DES_MAC(0x0004, "des-mac", "DES cbc mode"),
+
+ //des-mac-k
+
+ //rsa-md4-des-k
+
+ RSA_MD5(0x0007, "md5", "RSA-MD5"),
+
+ RSA_MD5_DES(0x0008, "md5-des", "RSA-MD5 with DES cbc mode"),
+
+ NIST_SHA(0x0009, "sha", "NIST-SHA"),
+
+ HMAC_SHA1_DES3(0x000c, "hmac-sha1-des3", "HMAC-SHA1 DES3 key"),
+ HMAC_SHA1_DES3_KD(0x000c, "hmac-sha1-des3-kd", "HMAC-SHA1 DES3 key"),
+
+ ////RFC 3962. Used with ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ HMAC_SHA1_96_AES128(0x000f, "hmac-sha1-96-aes128", "HMAC-SHA1 AES128 key"),
+
+ //RFC 3962. Used with ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ HMAC_SHA1_96_AES256(0x0010, "hmac-sha1-96-aes256", "HMAC-SHA1 AES256 key"),
+
+ //RFC 6803
+ CMAC_CAMELLIA128(0x0011, "cmac-camellia128", "CMAC Camellia128 key"),
+
+ //RFC 6803
+ CMAC_CAMELLIA256(0x0012, "cmac-camellia256", "CMAC Camellia256 key"),
+
+ //Microsoft netlogon cksumtype
+ MD5_HMAC_ARCFOUR(-137, "md5-hmac-rc4", "Microsoft MD5 HMAC"),
+
+ //Microsoft md5 hmac cksumtype
+ HMAC_MD5_ARCFOUR(-138, "hmac-md5-arcfour", "Microsoft HMAC MD5"),
+ HMAC_MD5_ENC(-138, "hmac-md5-enc", "Microsoft HMAC MD5"),
+ HMAC_MD5_RC4(-138, "hmac-md5-rc4", "Microsoft HMAC MD5");
+
+ private final int value;
+
+ private final String name;
+
+ private final String displayName;
+
+ private CheckSumType(int value, String name, String displayName) {
+ this.value = value;
+ this.name = name;
+ this.displayName = displayName;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public static CheckSumType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (CheckSumType) e;
+ }
+ }
+ }
+ return NONE;
+ }
+
+ public static CheckSumType fromName(String name) {
+ if (name != null) {
+ for (CheckSumType cs : values()) {
+ if (cs.getName() == name) {
+ return (CheckSumType) cs;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptedData.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptedData.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptedData.java
new file mode 100644
index 0000000..27361fc
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptedData.java
@@ -0,0 +1,77 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+import java.util.Arrays;
+
+/**
+ EncryptedData ::= SEQUENCE {
+ etype [0] Int32 -- EncryptionType --,
+ kvno [1] UInt32 OPTIONAL,
+ cipher [2] OCTET STRING -- ciphertext
+ }
+ */
+public class EncryptedData extends KrbSequenceType {
+ private static int ETYPE = 0;
+ private static int KVNO = 1;
+ private static int CIPHER = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ETYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(KVNO, 1, Asn1Integer.class),
+ new Asn1FieldInfo(CIPHER, 2, Asn1OctetString.class)
+ };
+
+ public EncryptedData() {
+ super(fieldInfos);
+ }
+
+ public EncryptionType getEType() {
+ Integer value = getFieldAsInteger(ETYPE);
+ return EncryptionType.fromValue(value);
+ }
+
+ public void setEType(EncryptionType eType) {
+ setFieldAsInt(ETYPE, eType.getValue());
+ }
+
+ public int getKvno() {
+ Integer value = getFieldAsInteger(KVNO);
+ if (value != null) {
+ return value.intValue();
+ }
+ return -1;
+ }
+
+ public void setKvno(int kvno) {
+ setFieldAsInt(KVNO, kvno);
+ }
+
+ public byte[] getCipher() {
+ return getFieldAsOctets(CIPHER);
+ }
+
+ public void setCipher(byte[] cipher) {
+ setFieldAsOctets(CIPHER, cipher);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ EncryptedData that = (EncryptedData) o;
+
+ /*
+ if (getKvno() != -1 && that.getKvno() != -1 &&
+ getKvno() != that.getKvno()) return false;
+ */
+
+ if (getEType() != that.getEType()) return false;
+
+ return Arrays.equals(getCipher(), that.getCipher());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionKey.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionKey.java
new file mode 100644
index 0000000..4e1e440
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionKey.java
@@ -0,0 +1,88 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+import java.util.Arrays;
+
+/**
+ EncryptionKey ::= SEQUENCE {
+ keytype [0] Int32 -- actually encryption type --,
+ keyvalue [1] OCTET STRING
+ }
+ */
+public class EncryptionKey extends KrbSequenceType {
+ private static int KEY_TYPE = 0;
+ private static int KEY_VALUE = 1;
+
+ private int kvno = -1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(KEY_TYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(KEY_VALUE, 1, Asn1OctetString.class)
+ };
+
+ public EncryptionKey() {
+ super(fieldInfos);
+ }
+
+ public EncryptionKey(int keyType, byte[] keyData) {
+ this(keyType, keyData, -1);
+ }
+
+ public EncryptionKey(int keyType, byte[] keyData, int kvno) {
+ this(EncryptionType.fromValue(keyType), keyData, kvno);
+ }
+
+ public EncryptionKey(EncryptionType keyType, byte[] keyData) {
+ this(keyType, keyData, -1);
+ }
+
+ public EncryptionKey(EncryptionType keyType, byte[] keyData, int kvno) {
+ this();
+ setKeyType(keyType);
+ setKeyData(keyData);
+ setKvno(kvno);
+ }
+
+ public EncryptionType getKeyType() {
+ Integer value = getFieldAsInteger(KEY_TYPE);
+ return EncryptionType.fromValue(value);
+ }
+
+ public void setKeyType(EncryptionType keyType) {
+ setFieldAsInt(KEY_TYPE, keyType.getValue());
+ }
+
+ public byte[] getKeyData() {
+ return getFieldAsOctets(KEY_VALUE);
+ }
+
+ public void setKeyData(byte[] keyData) {
+ setFieldAsOctets(KEY_VALUE, keyData);
+ }
+
+ public void setKvno(int kvno) {
+ this.kvno = kvno;
+ }
+
+ public int getKvno() {
+ return kvno;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ EncryptionKey that = (EncryptionKey) o;
+
+ if (kvno != -1 && that.kvno != -1 && kvno != that.kvno) return false;
+
+ if (getKeyType() != that.getKeyType()) return false;
+
+ return Arrays.equals(getKeyData(), that.getKeyData());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionType.java
new file mode 100644
index 0000000..f50b05b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EncryptionType.java
@@ -0,0 +1,113 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+/**
+ * According to krb5.hin
+ */
+public enum EncryptionType implements KrbEnum {
+
+ NONE(0, "none", "None encryption type"),
+
+ DES_CBC_CRC(0x0001, "des-cbc-crc", "DES cbc mode with CRC-32"),
+
+ DES_CBC_MD4(0x0002, "des-cbc-md4", "DES cbc mode with RSA-MD4"),
+
+ DES_CBC_MD5(0x0003, "des-cbc-md5", "DES cbc mode with RSA-MD5"),
+ DES(0x0003, "des", "DES cbc mode with RSA-MD5"),
+
+ DES_CBC_RAW(0x0004, "des-cbc-raw", "DES cbc mode raw"),
+
+ DES3_CBC_SHA(0x0005, "des3-cbc-sha", "DES-3 cbc with SHA1"),
+
+ DES3_CBC_RAW(0x0006, "des3-cbc-raw", "Triple DES cbc mode raw"),
+
+ DES_HMAC_SHA1(0x0008, "des-hmac-sha1", "DES with HMAC/sha1"),
+
+ DSA_SHA1_CMS(0x0009, "dsa-sha1-cms", "DSA with SHA1, CMS signature"),
+
+ MD5_RSA_CMS(0x000a, "md5-rsa-cms", "MD5 with RSA, CMS signature"),
+
+ SHA1_RSA_CMS(0x000b, "sha1-rsa-cms", "SHA1 with RSA, CMS signature"),
+
+ RC2_CBC_ENV(0x000c, "rc2-cbc-env", "RC2 cbc mode, CMS enveloped data"),
+
+ RSA_ENV(0x000d, "rsa-env", "RSA encryption, CMS enveloped data"),
+
+ RSA_ES_OAEP_ENV(0x000e, "rsa-es-oaep-env", "RSA w/OEAP encryption, CMS enveloped data"),
+
+ DES3_CBC_ENV(0x000f, "des3-cbc-env", "DES-3 cbc mode, CMS enveloped data"),
+
+ DES3_CBC_SHA1(0x0010, "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1"),
+ DES3_HMAC_SHA1(0x0010, "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1"),
+ DES3_CBC_SHA1_KD(0x0010, "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1"),
+
+ AES128_CTS_HMAC_SHA1_96 (0x0011, "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC"),
+ AES128_CTS (0x0011, "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC"),
+
+ AES256_CTS_HMAC_SHA1_96(0x0012, "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC"),
+ AES256_CTS(0x0012, "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC"),
+
+ ARCFOUR_HMAC(0x0017, "arcfour-hmac", "ArcFour with HMAC/md5"),
+ RC4_HMAC(0x0017, "rc4-hmac", "ArcFour with HMAC/md5"),
+ ARCFOUR_HMAC_MD5(0x0017, "arcfour-hmac-md5", "ArcFour with HMAC/md5"),
+
+ ARCFOUR_HMAC_EXP(0x0018, "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5"),
+ RC4_HMAC_EXP(0x0018, "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5"),
+ ARCFOUR_HMAC_MD5_EXP(0x0018, "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5"),
+
+ CAMELLIA128_CTS_CMAC(0x0019, "camellia128-cts-cmac", "Camellia-128 CTS mode with CMAC"),
+ CAMELLIA128_CTS(0x0019, "camellia128-cts", "Camellia-128 CTS mode with CMAC"),
+
+ CAMELLIA256_CTS_CMAC(0x001a, "camellia256-cts-cmac", "Camellia-256 CTS mode with CMAC"),
+ CAMELLIA256_CTS(0x001a, "camellia256-cts", "Camellia-256 CTS mode with CMAC");
+
+ //UNKNOWN(0x01ff, "UNKNOWN", "Unknown encryption type");
+
+ private final int value;
+
+ private final String name;
+
+ private final String displayName;
+
+ private EncryptionType(int value, String name, String displayName) {
+ this.value = value;
+ this.name = name;
+ this.displayName = displayName;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public static EncryptionType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (EncryptionType) e;
+ }
+ }
+ }
+ return NONE;
+ }
+
+ public static EncryptionType fromName(String name) {
+ if (name != null) {
+ for (EncryptionType e : values()) {
+ if (e.getName() == name) {
+ return (EncryptionType) e;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo.java
new file mode 100644
index 0000000..c7b1eaf
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
+ */
+public class EtypeInfo extends KrbSequenceOfType<EtypeInfoEntry> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2.java
new file mode 100644
index 0000000..59d9a3b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
+ */
+public class EtypeInfo2 extends KrbSequenceOfType<EtypeInfo2Entry> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2Entry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2Entry.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2Entry.java
new file mode 100644
index 0000000..883abf8
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfo2Entry.java
@@ -0,0 +1,54 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ ETYPE-INFO2-ENTRY ::= SEQUENCE {
+ etype [0] Int32,
+ salt [1] KerberosString OPTIONAL,
+ s2kparams [2] OCTET STRING OPTIONAL
+ }
+ */
+public class EtypeInfo2Entry extends KrbSequenceType {
+ private static int ETYPE = 0;
+ private static int SALT = 1;
+ private static int S2KPARAMS = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ETYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(SALT, 1, KerberosString.class),
+ new Asn1FieldInfo(S2KPARAMS, 2, Asn1OctetString.class)
+ };
+
+ public EtypeInfo2Entry() {
+ super(fieldInfos);
+ }
+
+ public EncryptionType getEtype() {
+ return EncryptionType.fromValue(getFieldAsInt(ETYPE));
+ }
+
+ public void setEtype(EncryptionType etype) {
+ setField(ETYPE, etype);
+ }
+
+ public String getSalt() {
+ return getFieldAsString(SALT);
+ }
+
+ public void setSalt(String salt) {
+ setFieldAsString(SALT, salt);
+ }
+
+ public byte[] getS2kParams() {
+ return getFieldAsOctets(S2KPARAMS);
+ }
+
+ public void setS2kParams(byte[] s2kParams) {
+ setFieldAsOctets(S2KPARAMS, s2kParams);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfoEntry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfoEntry.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfoEntry.java
new file mode 100644
index 0000000..836db12
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/EtypeInfoEntry.java
@@ -0,0 +1,42 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ ETYPE-INFO-ENTRY ::= SEQUENCE {
+ etype [0] Int32,
+ salt [1] OCTET STRING OPTIONAL
+ }
+ */
+public class EtypeInfoEntry extends KrbSequenceType {
+ private static int ETYPE = 0;
+ private static int SALT = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ETYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(SALT, 1, Asn1OctetString.class)
+ };
+
+ public EtypeInfoEntry() {
+ super(fieldInfos);
+ }
+
+ public EncryptionType getEtype() {
+ return EncryptionType.fromValue(getFieldAsInt(ETYPE));
+ }
+
+ public void setEtype(EncryptionType etype) {
+ setField(ETYPE, etype);
+ }
+
+ public byte[] getSalt() {
+ return getFieldAsOctets(SALT);
+ }
+
+ public void setSalt(byte[] salt) {
+ setFieldAsOctets(SALT, salt);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddrType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddrType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddrType.java
new file mode 100644
index 0000000..cb49a94
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddrType.java
@@ -0,0 +1,81 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum HostAddrType implements KrbEnum {
+ /**
+ * Constant for the "null" host address type.
+ */
+ NULL(0),
+
+ /**
+ * Constant for the "Internet" host address type.
+ */
+ ADDRTYPE_INET(2),
+
+ /**
+ * Constant for the "Arpanet" host address type.
+ */
+ ADDRTYPE_IMPLINK(3),
+
+ /**
+ * Constant for the "CHAOS" host address type.
+ */
+ ADDRTYPE_CHAOS(5),
+
+ /**
+ * Constant for the "XEROX Network Services" host address type.
+ */
+ ADDRTYPE_XNS(6),
+
+ /**
+ * Constant for the "OSI" host address type.
+ */
+ ADDRTYPE_OSI(7),
+
+ /**
+ * Constant for the "DECnet" host address type.
+ */
+ ADDRTYPE_DECNET(12),
+
+ /**
+ * Constant for the "AppleTalk" host address type.
+ */
+ ADDRTYPE_APPLETALK(16),
+
+ /**
+ * Constant for the "NetBios" host address type.
+ *
+ * Not in RFC
+ */
+ ADDRTYPE_NETBIOS(20),
+
+ /**
+ * Constant for the "Internet Protocol V6" host address type.
+ */
+ ADDRTYPE_INET6(24);
+
+
+ private final int value;
+
+ private HostAddrType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static HostAddrType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (HostAddrType) e;
+ }
+ }
+ }
+
+ return NULL;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddress.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddress.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddress.java
new file mode 100644
index 0000000..5c44e04
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddress.java
@@ -0,0 +1,90 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+import java.net.InetAddress;
+import java.util.Arrays;
+
+/*
+HostAddress ::= SEQUENCE {
+ addr-type [0] Int32,
+ address [1] OCTET STRING
+}
+ */
+public class HostAddress extends KrbSequenceType {
+ private static int ADDR_TYPE = 0;
+ private static int ADDRESS = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ADDR_TYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(ADDRESS, 1, Asn1OctetString.class)
+ };
+
+ public HostAddress() {
+ super(fieldInfos);
+ }
+
+ public HostAddress(InetAddress inetAddress) {
+ this();
+
+ setAddrType(HostAddrType.ADDRTYPE_INET);
+ setAddress(inetAddress.getAddress());
+ }
+
+ public HostAddrType getAddrType() {
+ Integer value = getFieldAsInteger(ADDR_TYPE);
+ return HostAddrType.fromValue(value);
+ }
+
+ public void setAddrType(HostAddrType addrType) {
+ setField(ADDR_TYPE, addrType);
+ }
+
+ public byte[] getAddress() {
+ return getFieldAsOctets(ADDRESS);
+ }
+
+ public void setAddress(byte[] address) {
+ setFieldAsOctets(ADDRESS, address);
+ }
+
+ public boolean equalsWith(InetAddress address) {
+ if (address == null) {
+ return false;
+ }
+ HostAddress that = new HostAddress(address);
+ return that.equals(this);
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ if (other == null) {
+ return false;
+ }
+ if (other == this) {
+ return true;
+ } else if (! (other instanceof HostAddress)) {
+ return false;
+ }
+
+ HostAddress that = (HostAddress) other;
+ if (getAddrType() == that.getAddrType() &&
+ Arrays.equals(getAddress(), that.getAddress())) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = getAddrType().getValue();
+ if (getAddress() != null) {
+ result = 31 * result + getAddress().hashCode();
+ }
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddresses.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddresses.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddresses.java
new file mode 100644
index 0000000..fef9283
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/HostAddresses.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+import java.net.InetAddress;
+
+/**
+ -- NOTE: HostAddresses is always used as an OPTIONAL field and
+ -- should not be empty.
+ HostAddresses -- NOTE: subtly different from rfc1510,
+ -- but has a value mapping and encodes the same
+ ::= SEQUENCE OF HostAddress
+ */
+public class HostAddresses extends KrbSequenceOfType<HostAddress> {
+
+ public boolean contains(InetAddress address) {
+ for (HostAddress hostAddress : getElements()) {
+ if (hostAddress.equalsWith(address)) {
+ return true;
+ }
+ }
+ return false;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KeyUsage.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KeyUsage.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KeyUsage.java
new file mode 100644
index 0000000..ce6b930
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KeyUsage.java
@@ -0,0 +1,109 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+/**
+ * From krb5.hin
+ */
+public enum KeyUsage implements KrbEnum
+{
+ UNKNOWN(-1),
+ NONE(0),
+ //AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key
+ AS_REQ_PA_ENC_TS(1),
+ //AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key),
+ //encrypted with the service key (Section 5.3)
+ KDC_REP_TICKET(2),
+ //AS-REP encrypted part (includes TGS session key or application session key),
+ //encrypted with the client key (Section 5.4.2)
+ AS_REP_ENCPART(3),
+ //TGS-REQ KDC-REQ-BODY AuthorizationData,
+ //encrypted with the TGS session key (Section 5.4.1)
+ TGS_REQ_AD_SESSKEY(4),
+ //TGS-REQ KDC-REQ-BODY AuthorizationData,
+ //encrypted with the TGS authenticator subkey (Section 5.4.1)
+ TGS_REQ_AD_SUBKEY(5),
+ //TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum,
+ //keyed with the TGS session key (Section 5.5.1)
+ TGS_REQ_AUTH_CKSUM(6),
+ //TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey),
+ //encrypted with the TGS session key (Section 5.5.1)
+ TGS_REQ_AUTH(7),
+ //TGS-REP encrypted part (includes application session key),
+ //encrypted with the TGS session key (Section 5.4.2)
+ TGS_REP_ENCPART_SESSKEY(8),
+ //TGS-REP encrypted part (includes application session key),
+ //encrypted with the TGS authenticator subkey (Section 5.4.2)
+ TGS_REP_ENCPART_SUBKEY(9),
+ //AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1)
+ AP_REQ_AUTH_CKSUM(10),
+ //AP-REQ Authenticator (includes application authenticator subkey),
+ //encrypted with the application session key (Section 5.5.1)
+ AP_REQ_AUTH(11),
+ //AP-REP encrypted part (includes application session subkey),
+ //encrypted with the application session key (Section 5.5.2)
+ AP_REP_ENCPART(12),
+ //KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1)
+ KRB_PRIV_ENCPART(13),
+ KRB_CRED_ENCPART(14),
+ KRB_SAFE_CKSUM(15),
+ APP_DATA_ENCRYPT(16),
+ APP_DATA_CKSUM(17),
+ KRB_ERROR_CKSUM(18),
+ AD_KDCISSUED_CKSUM(19),
+ AD_MTE(20),
+ AD_ITE(21),
+ GSS_TOK_MIC(22),
+ GSS_TOK_WRAP_INTEG(23),
+ GSS_TOK_WRAP_PRIV(24),
+ //Defined in Integrating SAM Mechanisms with Kerberos draft
+ PA_SAM_CHALLENGE_CKSUM(25),
+ //Note conflict with @ref PA_S4U_X509_USER_REQUEST
+ PA_SAM_CHALLENGE_TRACKID(26),
+ //Note conflict with @ref PA_S4U_X509_USER_REPLY
+ PA_SAM_RESPONSE(27),
+ //Defined in [MS-SFU]
+ //Note conflict with @ref PA_SAM_CHALLENGE_TRACKID
+ PA_S4U_X509_USER_REQUEST(26),
+ //Note conflict with @ref PA_SAM_RESPONSE
+ PA_S4U_X509_USER_REPLY(27),
+ //unused
+ PA_REFERRAL(26),
+ AD_SIGNEDPATH(-21),
+ IAKERB_FINISHED(42),
+ PA_PKINIT_KX(44),
+ PA_OTP_REQUEST(45), //See RFC 6560 section 4.2
+ //define in preauth-framework
+ FAST_REQ_CHKSUM(50),
+ FAST_ENC(51),
+ FAST_REP(52),
+ FAST_FINISHED(53),
+ ENC_CHALLENGE_CLIENT(54),
+ ENC_CHALLENGE_KDC(55),
+ AS_REQ(56);
+
+ private int value;
+
+ private KeyUsage(int value) {
+ this.value = value;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public static KeyUsage fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (KeyUsage) e;
+ }
+ }
+ }
+ return UNKNOWN;
+ }
+
+ public static final boolean isValid(int usage) {
+ return usage > -1;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbError.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbError.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbError.java
new file mode 100644
index 0000000..0f49eb8
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbError.java
@@ -0,0 +1,147 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+
+/**
+ KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (30),
+ ctime [2] KerberosTime OPTIONAL,
+ cusec [3] Microseconds OPTIONAL,
+ stime [4] KerberosTime,
+ susec [5] Microseconds,
+ error-code [6] Int32,
+ crealm [7] Realm OPTIONAL,
+ cname [8] PrincipalName OPTIONAL,
+ realm [9] Realm -- service realm --,
+ sname [10] PrincipalName -- service name --,
+ e-text [11] KerberosString OPTIONAL,
+ e-data [12] OCTET STRING OPTIONAL
+ }
+ */
+public class KrbError extends KrbMessage {
+ private static int CTIME = 2;
+ private static int CUSEC = 3;
+ private static int STIME = 4;
+ private static int SUSEC = 5;
+ private static int ERROR_CODE = 6;
+ private static int CREALM = 7;
+ private static int CNAME = 8;
+ private static int REALM = 9;
+ private static int SNAME = 10;
+ private static int ETEXT = 11;
+ private static int EDATA = 12;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(CTIME, KerberosTime.class),
+ new Asn1FieldInfo(CUSEC, Asn1Integer.class),
+ new Asn1FieldInfo(STIME, KerberosTime.class),
+ new Asn1FieldInfo(SUSEC, Asn1Integer.class),
+ new Asn1FieldInfo(ERROR_CODE, Asn1Integer.class),
+ new Asn1FieldInfo(CREALM, KerberosString.class),
+ new Asn1FieldInfo(CNAME, PrincipalName.class),
+ new Asn1FieldInfo(REALM, KerberosString.class),
+ new Asn1FieldInfo(SNAME, PrincipalName.class),
+ new Asn1FieldInfo(ETEXT, KerberosString.class),
+ new Asn1FieldInfo(EDATA, Asn1OctetString.class)
+ };
+
+ public KrbError() {
+ super(KrbMessageType.KRB_ERROR, fieldInfos);
+ }
+
+ public KerberosTime getCtime() {
+ return getFieldAs(CTIME, KerberosTime.class);
+ }
+
+ public void setCtime(KerberosTime ctime) {
+ setFieldAs(CTIME, ctime);
+ }
+
+ public int getCusec() {
+ return getFieldAsInt(CUSEC);
+ }
+
+ public void setCusec(int cusec) {
+ setFieldAsInt(0, cusec);
+ }
+
+ public KerberosTime getStime() {
+ return getFieldAs(STIME, KerberosTime.class);
+ }
+
+ public void setStime(KerberosTime stime) {
+ setFieldAs(STIME, stime);
+ }
+
+ public int getSusec() {
+ return getFieldAsInt(SUSEC);
+ }
+
+ public void setSusec(int susec) {
+ setFieldAsInt(0, susec);
+ }
+
+ public KrbErrorCode getErrorCode() {
+ return KrbErrorCode.fromValue(getFieldAsInt(ERROR_CODE));
+ }
+
+ public void setErrorCode(KrbErrorCode errorCode) {
+ setField(0, errorCode);
+ }
+
+ public String getCrealm() {
+ return getFieldAsString(CREALM);
+ }
+
+ public void setCrealm(String realm) {
+ setFieldAs(CREALM, new KerberosString(realm));
+ }
+
+ public PrincipalName getCname() {
+ return getFieldAs(CNAME, PrincipalName.class);
+ }
+
+ public void setCname(PrincipalName sname) {
+ setFieldAs(CNAME, sname);
+ }
+
+ public PrincipalName getSname() {
+ return getFieldAs(SNAME, PrincipalName.class);
+ }
+
+ public void setSname(PrincipalName sname) {
+ setFieldAs(SNAME, sname);
+ }
+
+ public String getRealm() {
+ return getFieldAsString(REALM);
+ }
+
+ public void setRealm(String realm) {
+ setFieldAs(REALM, new KerberosString(realm));
+ }
+
+ public String getEtext() {
+ return getFieldAsString(ETEXT);
+ }
+
+ public void setEtext(String realm) {
+ setFieldAs(ETEXT, new KerberosString(realm));
+ }
+
+ public byte[] getEdata() {
+ return getFieldAsOctetBytes(EDATA);
+ }
+
+ public void setEdata(byte[] edata) {
+ setFieldAsOctetBytes(EDATA, edata);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbFlags.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbFlags.java
new file mode 100644
index 0000000..713ddff
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbFlags.java
@@ -0,0 +1,99 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1BitString;
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+import java.io.IOException;
+
+/**
+ KrbFlags ::= BIT STRING (SIZE (32..MAX))
+ -- minimum number of bits shall be sent,
+ -- but no fewer than 32
+ */
+public class KrbFlags extends Asn1BitString {
+ private static final int MAX_SIZE = 32;
+ private int flags;
+
+ public KrbFlags() {
+ this(0);
+ }
+
+ public KrbFlags(int value) {
+ super();
+ setFlags(value);
+ }
+
+ public void setFlags(int flags) {
+ this.flags = flags;
+ flags2Value();
+ }
+
+ public int getFlags() {
+ return flags;
+ }
+
+ public boolean isFlagSet(int flag) {
+ return (flags & (1 << flagPos(flag))) != 0;
+ }
+
+ public void setFlag(int flag) {
+ int newFlags = flags | 1 << flagPos(flag);
+ setFlags(newFlags);
+ }
+
+ public void clearFlag(int flag) {
+ int newFlags = flags & ~(1 << flagPos(flag));
+ setFlags(newFlags);
+ }
+
+ public void clear() {
+ setFlags(0);
+ }
+
+ public boolean isFlagSet(KrbEnum flag) {
+ return isFlagSet(flag.getValue());
+ }
+
+ public void setFlag(KrbEnum flag) {
+ setFlag(flag.getValue());
+ }
+
+ public void setFlag(KrbEnum flag, boolean isSet) {
+ if (isSet) {
+ setFlag(flag.getValue());
+ } else {
+ clearFlag(flag);
+ }
+ }
+
+ public void clearFlag(KrbEnum flag) {
+ clearFlag(flag.getValue());
+ }
+
+ private int flagPos(int flag) {
+ return MAX_SIZE - 1 - flag;
+ }
+
+ private void flags2Value() {
+ byte[] bytes = new byte[4];
+ bytes[0] = (byte) (flags >> 24);
+ bytes[1] = (byte) ((flags >> 16) & 0xFF);
+ bytes[2] = (byte) ((flags >> 8) & 0xFF);
+ bytes[3] = (byte) (flags & 0xFF);
+
+ setValue(bytes);
+ }
+
+ @Override
+ protected void toValue() throws IOException {
+ super.toValue();
+
+ if (getPadding() != 0 || getValue().length != 4) {
+ throw new IOException("Bad bitstring decoded as invalid krb flags");
+ }
+
+ byte[] valueBytes = getValue();
+ flags = ((valueBytes[0] & 0xFF) << 24) | ((valueBytes[1] & 0xFF) << 16) |
+ ((valueBytes[2] & 0xFF) << 8) | (0xFF & valueBytes[3]);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessage.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessage.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessage.java
new file mode 100644
index 0000000..a6fbe05
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessage.java
@@ -0,0 +1,35 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.KrbConstant;
+import org.apache.kerberos.kerb.spec.KrbAppSequenceType;
+
+public abstract class KrbMessage extends KrbAppSequenceType {
+ protected static int PVNO = 0;
+ protected static int MSG_TYPE = 1;
+
+ private final int pvno = KrbConstant.KRB_V5;
+
+ public KrbMessage(KrbMessageType msgType, Asn1FieldInfo[] fieldInfos) {
+ super(msgType.getValue(), fieldInfos);
+ setPvno(pvno);
+ setMsgType(msgType);
+ }
+
+ public int getPvno() {
+ return pvno;
+ }
+
+ protected void setPvno(int pvno) {
+ setFieldAsInt(0, pvno);
+ }
+
+ public KrbMessageType getMsgType() {
+ Integer value = getFieldAsInteger(MSG_TYPE);
+ return KrbMessageType.fromValue(value);
+ }
+
+ public void setMsgType(KrbMessageType msgType) {
+ setFieldAsInt(MSG_TYPE, msgType.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessageType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessageType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessageType.java
new file mode 100644
index 0000000..996aaf0
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbMessageType.java
@@ -0,0 +1,40 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum KrbMessageType implements KrbEnum {
+ NONE(-1),
+ AS_REQ(10),
+ AS_REP(11),
+ TGS_REQ(12),
+ TGS_REP(13),
+ AP_REQ(14),
+ AP_REP(15),
+ KRB_SAFE(20),
+ KRB_PRIV(21),
+ KRB_CRED(22),
+ KRB_ERROR(30);
+
+ private int value;
+
+ private KrbMessageType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static KrbMessageType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (KrbMessageType) e;
+ }
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbToken.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbToken.java
new file mode 100644
index 0000000..439bf3d
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbToken.java
@@ -0,0 +1,80 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+import java.nio.ByteBuffer;
+import java.util.Map;
+
+/**
+ KRB-TOKEN_VALUE ::= SEQUENCE {
+ token-format [0] INTEGER,
+ token-value [1] OCTET STRING,
+ }
+ */
+public class KrbToken extends KrbSequenceType {
+ private static KrbTokenEncoder tokenEncoder;
+
+ private static int TOKEN_FORMAT = 0;
+ private static int TOKEN_VALUE = 1;
+
+ private Map<String, Object> attributes;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TOKEN_FORMAT, 0, Asn1Integer.class),
+ new Asn1FieldInfo(TOKEN_VALUE, 1, Asn1OctetString.class)
+ };
+
+ public KrbToken() {
+ super(fieldInfos);
+ }
+
+ @Override
+ public void encode(ByteBuffer buffer) {
+ setTokenValue(tokenEncoder.encode(this));
+ super.encode(buffer);
+ }
+
+ /*
+ @Override
+ public void decode(ByteBuffer content) throws IOException {
+ super.decode(content);
+ this.attributes = tokenEncoder.decode(this);
+ }
+ */
+
+ public static void setTokenEncoder(KrbTokenEncoder encoder) {
+ tokenEncoder = encoder;
+ }
+
+ public TokenFormat getTokenFormat() {
+ Integer value = getFieldAsInteger(TOKEN_FORMAT);
+ return TokenFormat.fromValue(value);
+ }
+
+ public void setTokenFormat(TokenFormat tokenFormat) {
+ setFieldAsInt(TOKEN_FORMAT, tokenFormat.getValue());
+ }
+
+ public byte[] getTokenValue() {
+ return getFieldAsOctets(TOKEN_VALUE);
+ }
+
+ public void setTokenValue(byte[] tokenValue) {
+ setFieldAsOctets(TOKEN_VALUE, tokenValue);
+ }
+
+ public Map<String, Object> getAttributes() {
+ if (attributes == null) {
+ this.attributes = tokenEncoder.decode(this);
+ }
+ return attributes;
+ }
+
+ public String getPrincipal() {
+ return (String) attributes.get("sub");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbTokenEncoder.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbTokenEncoder.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbTokenEncoder.java
new file mode 100644
index 0000000..b8804a0
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/KrbTokenEncoder.java
@@ -0,0 +1,9 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import java.util.Map;
+
+public interface KrbTokenEncoder {
+
+ public byte[] encode(KrbToken token);
+ public Map<String, Object> decode(KrbToken token);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReq.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReq.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReq.java
new file mode 100644
index 0000000..2175536
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReq.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ LastReq ::= SEQUENCE OF SEQUENCE {
+ lr-type [0] Int32,
+ lr-value [1] KerberosTime
+ }
+ */
+public class LastReq extends KrbSequenceOfType<LastReqEntry> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqEntry.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqEntry.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqEntry.java
new file mode 100644
index 0000000..9bc4b44
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqEntry.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ LastReq ::= SEQUENCE OF SEQUENCE {
+ lr-type [0] Int32,
+ lr-value [1] KerberosTime
+ }
+ */
+public class LastReqEntry extends KrbSequenceType {
+ private static int LR_TYPE = 0;
+ private static int LR_VALUE = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(LR_TYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(LR_VALUE, 1, KerberosTime.class)
+ };
+
+ public LastReqEntry() {
+ super(fieldInfos);
+ }
+
+ public LastReqType getLrType() {
+ Integer value = getFieldAsInteger(LR_TYPE);
+ return LastReqType.fromValue(value);
+ }
+
+ public void setLrType(LastReqType lrType) {
+ setFieldAsInt(LR_TYPE, lrType.getValue());
+ }
+
+ public KerberosTime getLrValue() {
+ return getFieldAs(LR_VALUE, KerberosTime.class);
+ }
+
+ public void setLrValue(KerberosTime lrValue) {
+ setFieldAs(LR_VALUE, lrValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqType.java
new file mode 100644
index 0000000..19d25b7
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/LastReqType.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum LastReqType implements KrbEnum {
+ NONE(0),
+ ALL_LAST_TGT(1),
+ THE_LAST_TGT(-1),
+ ALL_LAST_INITIAL(2),
+ THE_LAST_INITIAL(-2),
+ ALL_LAST_TGT_ISSUED(3),
+ THE_LAST_TGT_ISSUED(-3),
+ ALL_LAST_RENEWAL(4),
+ THE_LAST_RENEWAL(-4),
+ ALL_LAST_REQ(5),
+ THE_LAST_REQ(-5),
+ ALL_PW_EXPTIME(6),
+ THE_PW_EXPTIME(-6),
+ ALL_ACCT_EXPTIME(7),
+ THE_ACCT_EXPTIME(-7);
+
+ private int value;
+
+ private LastReqType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static LastReqType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (LastReqType) e;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/MethodData.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/MethodData.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/MethodData.java
new file mode 100644
index 0000000..bece84c
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/MethodData.java
@@ -0,0 +1,11 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
+
+/**
+ METHOD-DATA ::= SEQUENCE OF PA-DATA
+ */
+public class MethodData extends KrbSequenceOfType<PaDataEntry> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/NameType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/NameType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/NameType.java
new file mode 100644
index 0000000..18cbdaf
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/NameType.java
@@ -0,0 +1,35 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum NameType implements KrbEnum {
+ NT_UNKNOWN(0),
+ NT_PRINCIPAL(1),
+ NT_SRV_INST(2),
+ NT_SRV_HST(3),
+ NT_SRV_XHST(4),
+ NT_UID(5);
+
+ private int value;
+
+ private NameType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static NameType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (NameType) e;
+ }
+ }
+ }
+
+ return NT_UNKNOWN;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/PrincipalName.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/PrincipalName.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/PrincipalName.java
new file mode 100644
index 0000000..79e296e
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/PrincipalName.java
@@ -0,0 +1,180 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.spec.KerberosStrings;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ PrincipalName ::= SEQUENCE {
+ name-type [0] Int32,
+ name-string [1] SEQUENCE OF KerberosString
+ }
+ */
+public class PrincipalName extends KrbSequenceType {
+ private String realm;
+
+ private static int NAME_TYPE = 0;
+ private static int NAME_STRING = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(NAME_STRING, KerberosStrings.class)
+ };
+
+ public PrincipalName() {
+ super(fieldInfos);
+ }
+
+ public PrincipalName(String nameString) {
+ this();
+ setNameType(NameType.NT_PRINCIPAL);
+ fromNameString(nameString);
+ }
+
+ public PrincipalName(List<String> nameStrings, NameType type) {
+ this();
+ setNameStrings(nameStrings);
+ setNameType(type);
+ }
+
+ public NameType getNameType() {
+ Integer value = getFieldAsInteger(NAME_TYPE);
+ return NameType.fromValue(value);
+ }
+
+ public void setNameType(NameType nameType) {
+ setFieldAsInt(NAME_TYPE, nameType.getValue());
+ }
+
+ public List<String> getNameStrings() {
+ KerberosStrings krbStrings = getFieldAs(NAME_STRING, KerberosStrings.class);
+ if (krbStrings != null) {
+ return krbStrings.getAsStrings();
+ }
+ return Collections.EMPTY_LIST;
+ }
+
+ public void setNameStrings(List<String> nameStrings) {
+ setFieldAs(NAME_STRING, new KerberosStrings(nameStrings));
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getRealm() {
+ return this.realm;
+ }
+
+ public String getName() {
+ return makeSingleName();
+ }
+
+ private String makeSingleName() {
+ List<String> names = getNameStrings();
+ StringBuilder sb = new StringBuilder();
+ boolean isFirst = true;
+ for (String name : names) {
+ sb.append(name);
+ if (isFirst && names.size() > 1) {
+ sb.append('/');
+ }
+ isFirst = false;
+ }
+
+ String realm = getRealm();
+ if (realm != null && !realm.isEmpty()) {
+ sb.append('@');
+ sb.append(realm);
+ }
+
+ return sb.toString();
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+ @Override
+ public int hashCode() {
+ return getName().hashCode();
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ if (other == null) {
+ return false;
+ } else if (this == other) {
+ return true;
+ } else if (other instanceof String) {
+ String otherPrincipal = (String) other;
+ String thisPrincipal = getName();
+ return thisPrincipal.equals(otherPrincipal);
+ } else if (! (other instanceof PrincipalName)) {
+ return false;
+ }
+
+ PrincipalName otherPrincipal = (PrincipalName) other;
+ if (getNameType() != ((PrincipalName) other).getNameType()) {
+ return false;
+ }
+
+ return getName().equals(otherPrincipal.getName());
+ }
+
+ private void fromNameString(String nameString) {
+ String tmpRealm = null;
+ List<String> nameStrings;
+ int pos = nameString.indexOf('@');
+ String nameParts = nameString;
+ if (pos != -1) {
+ nameParts = nameString.substring(0, pos);
+ tmpRealm = nameString.substring(pos + 1);
+ }
+ String parts[] = nameParts.split("\\/");
+ nameStrings = Arrays.asList(parts);
+
+ setNameStrings(nameStrings);
+ setRealm(tmpRealm);
+ }
+
+ public static String extractRealm(String principal) {
+ int pos = principal.indexOf('@');
+
+ if (pos > 0) {
+ return principal.substring(pos + 1);
+ }
+
+ throw new IllegalArgumentException("Not a valid principal, missing realm name");
+ }
+
+
+ public static String extractName(String principal) {
+ int pos = principal.indexOf('@');
+
+ if (pos < 0) {
+ return principal;
+ }
+
+ return principal.substring(0, pos);
+ }
+
+ public static String makeSalt(PrincipalName principalName) {
+ StringBuilder salt = new StringBuilder();
+ if (principalName.getRealm() != null) {
+ salt.append(principalName.getRealm().toString());
+ }
+ List<String> nameStrings = principalName.getNameStrings();
+ for (String ns : nameStrings) {
+ salt.append(ns);
+ }
+ return salt.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/Realm.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/Realm.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/Realm.java
new file mode 100644
index 0000000..3236dd5
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/Realm.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KerberosString;
+
+/**
+ * Realm ::= KerberosString
+ */
+public class Realm extends KerberosString {
+ public Realm() {
+ }
+
+ public Realm(String value) {
+ super(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/SamType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/SamType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/SamType.java
new file mode 100644
index 0000000..6c3ccc4
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/SamType.java
@@ -0,0 +1,47 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum SamType implements KrbEnum
+{
+ SAM_NONE(0),
+ /** safe SAM type enum for Enigma Logic */
+ SAM_TYPE_ENIGMA(1), // Enigma Logic"
+
+ /** safe SAM type enum for Digital Pathways */
+ SAM_TYPE_DIGI_PATH(2), // Digital Pathways
+
+ /** safe SAM type enum for S/key where KDC has key 0 */
+ SAM_TYPE_SKEY_K0(3), // S/key where KDC has key 0
+
+ /** safe SAM type enum for Traditional S/Key */
+ SAM_TYPE_SKEY(4), // Traditional S/Key
+
+ /** safe SAM type enum for Security Dynamics */
+ SAM_TYPE_SECURID(5), // Security Dynamics
+
+ /** safe SAM type enum for CRYPTOCard */
+ SAM_TYPE_CRYPTOCARD(6); // CRYPTOCard
+
+ private int value;
+
+ private SamType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static SamType fromValue(Integer value) {
+ if (value != null) {
+ for (SamType st : SamType.values() ) {
+ if (value == st.getValue()) {
+ return st;
+ }
+ }
+ }
+ return SAM_NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TokenFormat.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TokenFormat.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TokenFormat.java
new file mode 100644
index 0000000..f5a070b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TokenFormat.java
@@ -0,0 +1,31 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum TokenFormat implements KrbEnum {
+ NONE (0),
+ JWT (1);
+
+ private final int value;
+
+ private TokenFormat(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static TokenFormat fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (TokenFormat) e;
+ }
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncoding.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncoding.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncoding.java
new file mode 100644
index 0000000..80574b7
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncoding.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ TransitedEncoding ::= SEQUENCE {
+ tr-type [0] Int32 -- must be registered --,
+ contents [1] OCTET STRING
+ }
+ */
+public class TransitedEncoding extends KrbSequenceType {
+ private static int TR_TYPE = 0;
+ private static int CONTENTS = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TR_TYPE, 0, Asn1Integer.class),
+ new Asn1FieldInfo(CONTENTS, 1, Asn1OctetString.class)
+ };
+
+ public TransitedEncoding() {
+ super(fieldInfos);
+ }
+
+ public TransitedEncodingType getTrType() {
+ Integer value = getFieldAsInteger(TR_TYPE);
+ return TransitedEncodingType.fromValue(value);
+ }
+
+ public void setTrType(TransitedEncodingType trType) {
+ setField(TR_TYPE, trType);
+ }
+
+ public byte[] getContents() {
+ return getFieldAsOctets(CONTENTS);
+ }
+
+ public void setContents(byte[] contents) {
+ setFieldAsOctets(CONTENTS, contents);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncodingType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncodingType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncodingType.java
new file mode 100644
index 0000000..c96df4e
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/common/TransitedEncodingType.java
@@ -0,0 +1,32 @@
+package org.apache.kerberos.kerb.spec.common;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum TransitedEncodingType implements KrbEnum {
+ UNKNOWN(-1),
+ NULL(0),
+ DOMAIN_X500_COMPRESS(1);
+
+ private final int value;
+
+ private TransitedEncodingType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static TransitedEncodingType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (TransitedEncodingType) e;
+ }
+ }
+ }
+
+ return NULL;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/ArmorType.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/ArmorType.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/ArmorType.java
new file mode 100644
index 0000000..35a1011
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/ArmorType.java
@@ -0,0 +1,31 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum ArmorType implements KrbEnum {
+ NONE (0),
+ ARMOR_AP_REQUEST (1);
+
+ private final int value;
+
+ private ArmorType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static ArmorType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (ArmorType) e;
+ }
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOption.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOption.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOption.java
new file mode 100644
index 0000000..42cae2f
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOption.java
@@ -0,0 +1,32 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum FastOption implements KrbEnum {
+ NONE(-1),
+ RESERVED(0),
+ HIDE_CLIENT_NAMES(1),
+
+ KDC_FOLLOW_REFERRALS(16);
+
+ private final int value;
+
+ private FastOption(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static FastOption fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (FastOption) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOptions.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOptions.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOptions.java
new file mode 100644
index 0000000..65e0d0d
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/FastOptions.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+public class FastOptions extends KrbFlags {
+
+ public FastOptions() {
+ this(0);
+ }
+
+ public FastOptions(int value) {
+ setFlags(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmor.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmor.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmor.java
new file mode 100644
index 0000000..0e1de88
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmor.java
@@ -0,0 +1,45 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ KrbFastArmor ::= SEQUENCE {
+ armor-type [0] Int32,
+ -- Type of the armor.
+ armor-value [1] OCTET STRING,
+ -- Value of the armor.
+ }
+ */
+public class KrbFastArmor extends KrbSequenceType {
+ private static int ARMOR_TYPE = 0;
+ private static int ARMOR_VALUE = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ARMOR_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(ARMOR_VALUE, Asn1OctetString.class)
+ };
+
+ public KrbFastArmor() {
+ super(fieldInfos);
+ }
+
+ public ArmorType getArmorType() {
+ Integer value = getFieldAsInteger(ARMOR_TYPE);
+ return ArmorType.fromValue(value);
+ }
+
+ public void setArmorType(ArmorType armorType) {
+ setFieldAsInt(ARMOR_TYPE, armorType.getValue());
+ }
+
+ public byte[] getArmorValue() {
+ return getFieldAsOctets(ARMOR_VALUE);
+ }
+
+ public void setArmorValue(byte[] armorValue) {
+ setFieldAsOctets(ARMOR_VALUE, armorValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredRep.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredRep.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredRep.java
new file mode 100644
index 0000000..73b22e8
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/fast/KrbFastArmoredRep.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.spec.fast;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+
+/**
+ KrbFastArmoredRep ::= SEQUENCE {
+ enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
+ -- The encryption key is the armor key in the request, and
+ -- the key usage number is KEY_USAGE_FAST_REP.
+ }
+ */
+public class KrbFastArmoredRep extends KrbSequenceType {
+ private static int ENC_FAST_REP = 0;
+
+ //private
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ENC_FAST_REP, EncryptedData.class)
+ };
+
+ public KrbFastArmoredRep() {
+ super(fieldInfos);
+ }
+
+ public EncryptedData getEncFastRep() {
+ return getFieldAs(ENC_FAST_REP, EncryptedData.class);
+ }
+
+ public void setEncFastRep(EncryptedData encFastRep) {
+ setFieldAs(ENC_FAST_REP, encFastRep);
+ }
+}
[27/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Util.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Util.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Util.java
new file mode 100644
index 0000000..1cb7764
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Util.java
@@ -0,0 +1,211 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/ASN1Util.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.asn1.ASN1InputStream;
+import org.apache.commons.ssl.asn1.DEREncodable;
+import org.apache.commons.ssl.asn1.DERInteger;
+import org.apache.commons.ssl.asn1.DERObjectIdentifier;
+import org.apache.commons.ssl.asn1.DEROctetString;
+import org.apache.commons.ssl.asn1.DERPrintableString;
+import org.apache.commons.ssl.asn1.DERSequence;
+import org.apache.commons.ssl.asn1.DERSet;
+import org.apache.commons.ssl.asn1.DERTaggedObject;
+import org.apache.commons.ssl.util.Hex;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Vector;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+public class ASN1Util {
+ public static boolean DEBUG = false;
+ public final static BigInteger BIGGEST =
+ new BigInteger(Integer.toString(Integer.MAX_VALUE));
+
+ public static ASN1Structure analyze(byte[] asn1)
+ throws IOException {
+ ASN1InputStream asn = new ASN1InputStream(asn1);
+ DERSequence seq = (DERSequence) asn.readObject();
+ ASN1Structure pkcs8 = new ASN1Structure();
+ ASN1Util.analyze(seq, pkcs8, 0);
+ return pkcs8;
+ }
+
+ public static void main(String[] args) throws Exception {
+ DEBUG = true;
+ FileInputStream in = new FileInputStream(args[0]);
+ byte[] bytes = Util.streamToBytes(in);
+ List list = PEMUtil.decode(bytes);
+ if (!list.isEmpty()) {
+ bytes = ((PEMItem) list.get(0)).getDerBytes();
+ }
+
+ ASN1Structure asn1 = analyze(bytes);
+ while (asn1.bigPayload != null) {
+ System.out.println("------------------------------------------");
+ System.out.println(asn1);
+ System.out.println("------------------------------------------");
+ asn1 = analyze(asn1.bigPayload);
+ }
+ }
+
+
+ public static void analyze(DEREncodable seq, ASN1Structure pkcs8,
+ int depth) {
+ String tag = null;
+ if (depth >= 2) {
+ pkcs8.derIntegers = null;
+ }
+ Enumeration en;
+ if (seq instanceof DERSequence) {
+ en = ((DERSequence) seq).getObjects();
+ } else if (seq instanceof DERSet) {
+ en = ((DERSet) seq).getObjects();
+ } else if (seq instanceof DERTaggedObject) {
+ DERTaggedObject derTag = (DERTaggedObject) seq;
+ tag = Integer.toString(derTag.getTagNo());
+ Vector v = new Vector();
+ v.add(derTag.getObject());
+ en = v.elements();
+ } else {
+ throw new IllegalArgumentException("DEREncodable must be one of: DERSequence, DERSet, DERTaggedObject");
+ }
+ while (en != null && en.hasMoreElements()) {
+ DEREncodable obj = (DEREncodable) en.nextElement();
+ if (!(obj instanceof DERSequence) &&
+ !(obj instanceof DERSet) &&
+ !(obj instanceof DERTaggedObject)) {
+ String str = obj.toString();
+ String name = obj.getClass().getName();
+ name = name.substring(name.lastIndexOf('.') + 1);
+ if (tag != null) {
+ name = " [tag=" + tag + "] " + name;
+ }
+ for (int i = 0; i < depth; i++) {
+ name = " " + name;
+ }
+ if (obj instanceof DERInteger) {
+ DERInteger dInt = (DERInteger) obj;
+ if (pkcs8.derIntegers != null) {
+ pkcs8.derIntegers.add(dInt);
+ }
+ BigInteger big = dInt.getValue();
+ int intValue = big.intValue();
+ if (BIGGEST.compareTo(big) >= 0 && intValue > 0) {
+ if (pkcs8.iterationCount == 0) {
+ pkcs8.iterationCount = intValue;
+ } else if (pkcs8.keySize == 0) {
+ pkcs8.keySize = intValue;
+ }
+ }
+ str = dInt.getValue().toString();
+ } else if (obj instanceof DERObjectIdentifier) {
+ DERObjectIdentifier id = (DERObjectIdentifier) obj;
+ str = id.getId();
+ pkcs8.oids.add(str);
+ if (pkcs8.oid1 == null) {
+ pkcs8.oid1 = str;
+ } else if (pkcs8.oid2 == null) {
+ pkcs8.oid2 = str;
+ } else if (pkcs8.oid3 == null) {
+ pkcs8.oid3 = str;
+ }
+ } else {
+ pkcs8.derIntegers = null;
+ if (obj instanceof DEROctetString) {
+ DEROctetString oct = (DEROctetString) obj;
+ byte[] octets = oct.getOctets();
+ int len = Math.min(10, octets.length);
+ boolean probablyBinary = false;
+ for (int i = 0; i < len; i++) {
+ byte b = octets[i];
+ boolean isBinary = b > 128 || b < 0;
+ if (isBinary) {
+ probablyBinary = true;
+ break;
+ }
+ }
+ if (probablyBinary && octets.length > 64) {
+ if (pkcs8.bigPayload == null) {
+ pkcs8.bigPayload = octets;
+ }
+ str = "probably binary";
+ } else {
+ str = Hex.encode(octets);
+ if (octets.length <= 64) {
+ if (octets.length % 8 == 0) {
+ if (pkcs8.salt == null) {
+ pkcs8.salt = octets;
+ } else if (pkcs8.iv == null) {
+ pkcs8.iv = octets;
+ }
+ } else {
+ if (pkcs8.smallPayload == null) {
+ pkcs8.smallPayload = octets;
+ }
+ }
+ }
+ }
+ str += " (length=" + octets.length + ")";
+ } else if (obj instanceof DERPrintableString) {
+ DERPrintableString dps = (DERPrintableString) obj;
+ str = dps.getString();
+ }
+ }
+
+ if (DEBUG) {
+ System.out.println(name + ": [" + str + "]");
+ }
+ } else {
+ if (tag != null && DEBUG) {
+ String name = obj.getClass().getName();
+ name = name.substring(name.lastIndexOf('.') + 1);
+ name = " [tag=" + tag + "] " + name;
+ for (int i = 0; i < depth; i++) {
+ name = " " + name;
+ }
+ System.out.println(name);
+ }
+ analyze(obj, pkcs8, depth + 1);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java
new file mode 100644
index 0000000..99dc717
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64.java
@@ -0,0 +1,1048 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.UTF8;
+
+import java.math.BigInteger;
+
+/**
+ * Provides Base64 encoding and decoding as defined by RFC 2045.
+ *
+ * <p>
+ * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose
+ * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein.
+ * </p>
+ * <p>
+ * The class can be parameterized in the following manner with various constructors:
+ * <ul>
+ * <li>URL-safe mode: Default off.</li>
+ * <li>Line length: Default 76. Line length that aren't multiples of 4 will still essentially end up being multiples of
+ * 4 in the encoded data.
+ * <li>Line separator: Default is CRLF ("\r\n")</li>
+ * </ul>
+ * </p>
+ * <p>
+ * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode
+ * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc).
+ * </p>
+ *
+ * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>
+ * @author Apache Software Foundation
+ * @since 1.0
+ * @version $Id: Base64.java 155 2009-09-17 21:00:58Z julius $
+ */
+public class Base64 {
+ private static final int DEFAULT_BUFFER_RESIZE_FACTOR = 2;
+
+ private static final int DEFAULT_BUFFER_SIZE = 8192;
+
+ /**
+ * Chunk size per RFC 2045 section 6.8.
+ *
+ * <p>
+ * The {@value} character limit does not count the trailing CRLF, but counts all other characters, including any
+ * equal signs.
+ * </p>
+ *
+ * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 6.8</a>
+ */
+ static final int CHUNK_SIZE = 76;
+
+ /**
+ * Chunk separator per RFC 2045 section 2.1.
+ *
+ * <p>
+ * N.B. The next major release may break compatibility and make this field private.
+ * </p>
+ *
+ * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 2.1</a>
+ */
+ static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
+
+ /**
+ * This array is a lookup table that translates 6-bit positive integer index values into their "Base64 Alphabet"
+ * equivalents as specified in Table 1 of RFC 2045.
+ *
+ * Thanks to "commons" project in ws.apache.org for this code.
+ * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
+ */
+ private static final byte[] STANDARD_ENCODE_TABLE = {
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
+ 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
+ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
+ 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
+ };
+
+ /**
+ * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and /
+ * changed to - and _ to make the encoded Base64 results more URL-SAFE.
+ * This table is only used when the Base64's mode is set to URL-SAFE.
+ */
+ private static final byte[] URL_SAFE_ENCODE_TABLE = {
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
+ 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
+ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
+ 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_'
+ };
+
+ /**
+ * Byte used to pad output.
+ */
+ private static final byte PAD = '=';
+
+ /**
+ * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified in
+ * Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64
+ * alphabet but fall within the bounds of the array are translated to -1.
+ *
+ * Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63. This means decoder seamlessly handles both
+ * URL_SAFE and STANDARD base64. (The encoder, on the other hand, needs to know ahead of time what to emit).
+ *
+ * Thanks to "commons" project in ws.apache.org for this code.
+ * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
+ */
+ private static final byte[] DECODE_TABLE = {
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63, 52, 53, 54,
+ 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4,
+ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
+ 24, 25, -1, -1, -1, -1, 63, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34,
+ 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
+ };
+
+ /** Mask used to extract 6 bits, used when encoding */
+ private static final int MASK_6BITS = 0x3f;
+
+ /** Mask used to extract 8 bits, used in decoding base64 bytes */
+ private static final int MASK_8BITS = 0xff;
+
+ // The static final fields above are used for the original static byte[] methods on Base64.
+ // The private member fields below are used with the new streaming approach, which requires
+ // some state be preserved between calls of encode() and decode().
+
+ /**
+ * Encode table to use: either STANDARD or URL_SAFE. Note: the DECODE_TABLE above remains static because it is able
+ * to decode both STANDARD and URL_SAFE streams, but the encodeTable must be a member variable so we can switch
+ * between the two modes.
+ */
+ private final byte[] encodeTable;
+
+ /**
+ * Line length for encoding. Not used when decoding. A value of zero or less implies no chunking of the base64
+ * encoded data.
+ */
+ private final int lineLength;
+
+ /**
+ * Line separator for encoding. Not used when decoding. Only used if lineLength > 0.
+ */
+ private final byte[] lineSeparator;
+
+ /**
+ * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing.
+ * <code>decodeSize = 3 + lineSeparator.length;</code>
+ */
+ private final int decodeSize;
+
+ /**
+ * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing.
+ * <code>encodeSize = 4 + lineSeparator.length;</code>
+ */
+ private final int encodeSize;
+
+ /**
+ * Buffer for streaming.
+ */
+ private byte[] buffer;
+
+ /**
+ * Position where next character should be written in the buffer.
+ */
+ private int pos;
+
+ /**
+ * Position where next character should be read from the buffer.
+ */
+ private int readPos;
+
+ /**
+ * Variable tracks how many characters have been written to the current line. Only used when encoding. We use it to
+ * make sure each encoded line never goes beyond lineLength (if lineLength > 0).
+ */
+ private int currentLinePos;
+
+ /**
+ * Writes to the buffer only occur after every 3 reads when encoding, an every 4 reads when decoding. This variable
+ * helps track that.
+ */
+ private int modulus;
+
+ /**
+ * Boolean flag to indicate the EOF has been reached. Once EOF has been reached, this Base64 object becomes useless,
+ * and must be thrown away.
+ */
+ private boolean eof;
+
+ /**
+ * Place holder for the 3 bytes we're dealing with for our base64 logic. Bitwise operations store and extract the
+ * base64 encoding or decoding from this variable.
+ */
+ private int x;
+
+ /**
+ * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
+ * <p>
+ * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE.
+ * </p>
+ *
+ * <p>
+ * When decoding all variants are supported.
+ * </p>
+ */
+ public Base64() {
+ this(false);
+ }
+
+ /**
+ * Creates a Base64 codec used for decoding (all modes) and encoding in the given URL-safe mode.
+ * <p>
+ * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE.
+ * </p>
+ *
+ * <p>
+ * When decoding all variants are supported.
+ * </p>
+ *
+ * @param urlSafe
+ * if <code>true</code>, URL-safe encoding is used. In most cases this should be set to
+ * <code>false</code>.
+ * @since 1.4
+ */
+ public Base64(boolean urlSafe) {
+ this(CHUNK_SIZE, CHUNK_SEPARATOR, urlSafe);
+ }
+
+ /**
+ * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
+ * <p>
+ * When encoding the line length is given in the constructor, the line separator is CRLF, and the encoding table is
+ * STANDARD_ENCODE_TABLE.
+ * </p>
+ * <p>
+ * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
+ * </p>
+ * <p>
+ * When decoding all variants are supported.
+ * </p>
+ *
+ * @param lineLength
+ * Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4).
+ * If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when decoding.
+ * @since 1.4
+ */
+ public Base64(int lineLength) {
+ this(lineLength, CHUNK_SEPARATOR);
+ }
+
+ /**
+ * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
+ * <p>
+ * When encoding the line length and line separator are given in the constructor, and the encoding table is
+ * STANDARD_ENCODE_TABLE.
+ * </p>
+ * <p>
+ * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
+ * </p>
+ * <p>
+ * When decoding all variants are supported.
+ * </p>
+ *
+ * @param lineLength
+ * Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4).
+ * If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when decoding.
+ * @param lineSeparator
+ * Each line of encoded data will end with this sequence of bytes.
+ * @throws IllegalArgumentException
+ * Thrown when the provided lineSeparator included some base64 characters.
+ * @since 1.4
+ */
+ public Base64(int lineLength, byte[] lineSeparator) {
+ this(lineLength, lineSeparator, false);
+ }
+
+ /**
+ * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
+ * <p>
+ * When encoding the line length and line separator are given in the constructor, and the encoding table is
+ * STANDARD_ENCODE_TABLE.
+ * </p>
+ * <p>
+ * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
+ * </p>
+ * <p>
+ * When decoding all variants are supported.
+ * </p>
+ *
+ * @param lineLength
+ * Each line of encoded data will be at most of the given length (rounded down to nearest multiple of 4).
+ * If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when decoding.
+ * @param lineSeparator
+ * Each line of encoded data will end with this sequence of bytes.
+ * @param urlSafe
+ * Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode
+ * operations. Decoding seamlessly handles both modes.
+ * @throws IllegalArgumentException
+ * The provided lineSeparator included some base64 characters. That's not going to work!
+ * @since 1.4
+ */
+ public Base64(int lineLength, byte[] lineSeparator, boolean urlSafe) {
+ if (lineSeparator == null) {
+ lineLength = 0; // disable chunk-separating
+ lineSeparator = CHUNK_SEPARATOR; // this just gets ignored
+ }
+ this.lineLength = lineLength > 0 ? (lineLength / 4) * 4 : 0;
+ this.lineSeparator = new byte[lineSeparator.length];
+ System.arraycopy(lineSeparator, 0, this.lineSeparator, 0, lineSeparator.length);
+ if (lineLength > 0) {
+ this.encodeSize = 4 + lineSeparator.length;
+ } else {
+ this.encodeSize = 4;
+ }
+ this.decodeSize = this.encodeSize - 1;
+ if (containsBase64Byte(lineSeparator)) {
+ String sep = UTF8.toString(lineSeparator);
+ throw new IllegalArgumentException("lineSeperator must not contain base64 characters: [" + sep + "]");
+ }
+ this.encodeTable = urlSafe ? URL_SAFE_ENCODE_TABLE : STANDARD_ENCODE_TABLE;
+ }
+
+ /**
+ * Returns our current encode mode. True if we're URL-SAFE, false otherwise.
+ *
+ * @return true if we're in URL-SAFE mode, false otherwise.
+ * @since 1.4
+ */
+ public boolean isUrlSafe() {
+ return this.encodeTable == URL_SAFE_ENCODE_TABLE;
+ }
+
+ /**
+ * Returns true if this Base64 object has buffered data for reading.
+ *
+ * @return true if there is Base64 object still available for reading.
+ */
+ boolean hasData() {
+ return this.buffer != null;
+ }
+
+ /**
+ * Returns the amount of buffered data available for reading.
+ *
+ * @return The amount of buffered data available for reading.
+ */
+ int avail() {
+ return buffer != null ? pos - readPos : 0;
+ }
+
+ /** Doubles our buffer. */
+ private void resizeBuffer() {
+ if (buffer == null) {
+ buffer = new byte[DEFAULT_BUFFER_SIZE];
+ pos = 0;
+ readPos = 0;
+ } else {
+ byte[] b = new byte[buffer.length * DEFAULT_BUFFER_RESIZE_FACTOR];
+ System.arraycopy(buffer, 0, b, 0, buffer.length);
+ buffer = b;
+ }
+ }
+
+ /**
+ * Extracts buffered data into the provided byte[] array, starting at position bPos, up to a maximum of bAvail
+ * bytes. Returns how many bytes were actually extracted.
+ *
+ * @param b
+ * byte[] array to extract the buffered data into.
+ * @param bPos
+ * position in byte[] array to start extraction at.
+ * @param bAvail
+ * amount of bytes we're allowed to extract. We may extract fewer (if fewer are available).
+ * @return The number of bytes successfully extracted into the provided byte[] array.
+ */
+ int readResults(byte[] b, int bPos, int bAvail) {
+ if (buffer != null) {
+ int len = Math.min(avail(), bAvail);
+ if (buffer != b) {
+ System.arraycopy(buffer, readPos, b, bPos, len);
+ readPos += len;
+ if (readPos >= pos) {
+ buffer = null;
+ }
+ } else {
+ // Re-using the original consumer's output array is only
+ // allowed for one round.
+ buffer = null;
+ }
+ return len;
+ }
+ return eof ? -1 : 0;
+ }
+
+ /**
+ * Sets the streaming buffer. This is a small optimization where we try to buffer directly to the consumer's output
+ * array for one round (if the consumer calls this method first) instead of starting our own buffer.
+ *
+ * @param out
+ * byte[] array to buffer directly to.
+ * @param outPos
+ * Position to start buffering into.
+ * @param outAvail
+ * Amount of bytes available for direct buffering.
+ */
+ void setInitialBuffer(byte[] out, int outPos, int outAvail) {
+ // We can re-use consumer's original output array under
+ // special circumstances, saving on some System.arraycopy().
+ if (out != null && out.length == outAvail) {
+ buffer = out;
+ pos = outPos;
+ readPos = outPos;
+ }
+ }
+
+ /**
+ * <p>
+ * Encodes all of the provided data, starting at inPos, for inAvail bytes. Must be called at least twice: once with
+ * the data to encode, and once with inAvail set to "-1" to alert encoder that EOF has been reached, so flush last
+ * remaining bytes (if not multiple of 3).
+ * </p>
+ * <p>
+ * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
+ * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
+ * </p>
+ *
+ * @param in
+ * byte[] array of binary data to base64 encode.
+ * @param inPos
+ * Position to start reading data from.
+ * @param inAvail
+ * Amount of bytes available from input for encoding.
+ */
+ void encode(byte[] in, int inPos, int inAvail) {
+ if (eof) {
+ return;
+ }
+ // inAvail < 0 is how we're informed of EOF in the underlying data we're
+ // encoding.
+ if (inAvail < 0) {
+ eof = true;
+ if (buffer == null || buffer.length - pos < encodeSize) {
+ resizeBuffer();
+ }
+ switch (modulus) {
+ case 1 :
+ buffer[pos++] = encodeTable[(x >> 2) & MASK_6BITS];
+ buffer[pos++] = encodeTable[(x << 4) & MASK_6BITS];
+ // URL-SAFE skips the padding to further reduce size.
+ if (encodeTable == STANDARD_ENCODE_TABLE) {
+ buffer[pos++] = PAD;
+ buffer[pos++] = PAD;
+ }
+ break;
+
+ case 2 :
+ buffer[pos++] = encodeTable[(x >> 10) & MASK_6BITS];
+ buffer[pos++] = encodeTable[(x >> 4) & MASK_6BITS];
+ buffer[pos++] = encodeTable[(x << 2) & MASK_6BITS];
+ // URL-SAFE skips the padding to further reduce size.
+ if (encodeTable == STANDARD_ENCODE_TABLE) {
+ buffer[pos++] = PAD;
+ }
+ break;
+ }
+ if (lineLength > 0 && pos > 0) {
+ System.arraycopy(lineSeparator, 0, buffer, pos, lineSeparator.length);
+ pos += lineSeparator.length;
+ }
+ } else {
+ for (int i = 0; i < inAvail; i++) {
+ if (buffer == null || buffer.length - pos < encodeSize) {
+ resizeBuffer();
+ }
+ modulus = (++modulus) % 3;
+ int b = in[inPos++];
+ if (b < 0) {
+ b += 256;
+ }
+ x = (x << 8) + b;
+ if (0 == modulus) {
+ buffer[pos++] = encodeTable[(x >> 18) & MASK_6BITS];
+ buffer[pos++] = encodeTable[(x >> 12) & MASK_6BITS];
+ buffer[pos++] = encodeTable[(x >> 6) & MASK_6BITS];
+ buffer[pos++] = encodeTable[x & MASK_6BITS];
+ currentLinePos += 4;
+ if (lineLength > 0 && lineLength <= currentLinePos) {
+ System.arraycopy(lineSeparator, 0, buffer, pos, lineSeparator.length);
+ pos += lineSeparator.length;
+ currentLinePos = 0;
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * <p>
+ * Decodes all of the provided data, starting at inPos, for inAvail bytes. Should be called at least twice: once
+ * with the data to decode, and once with inAvail set to "-1" to alert decoder that EOF has been reached. The "-1"
+ * call is not necessary when decoding, but it doesn't hurt, either.
+ * </p>
+ * <p>
+ * Ignores all non-base64 characters. This is how chunked (e.g. 76 character) data is handled, since CR and LF are
+ * silently ignored, but has implications for other bytes, too. This method subscribes to the garbage-in,
+ * garbage-out philosophy: it will not check the provided data for validity.
+ * </p>
+ * <p>
+ * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
+ * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
+ * </p>
+ *
+ * @param in
+ * byte[] array of ascii data to base64 decode.
+ * @param inPos
+ * Position to start reading data from.
+ * @param inAvail
+ * Amount of bytes available from input for encoding.
+ */
+ void decode(byte[] in, int inPos, int inAvail) {
+ if (eof) {
+ return;
+ }
+ if (inAvail < 0) {
+ eof = true;
+ }
+ for (int i = 0; i < inAvail; i++) {
+ if (buffer == null || buffer.length - pos < decodeSize) {
+ resizeBuffer();
+ }
+ byte b = in[inPos++];
+ if (b == PAD) {
+ // We're done.
+ eof = true;
+ break;
+ } else {
+ if (b >= 0 && b < DECODE_TABLE.length) {
+ int result = DECODE_TABLE[b];
+ if (result >= 0) {
+ modulus = (++modulus) % 4;
+ x = (x << 6) + result;
+ if (modulus == 0) {
+ buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS);
+ buffer[pos++] = (byte) ((x >> 8) & MASK_8BITS);
+ buffer[pos++] = (byte) (x & MASK_8BITS);
+ }
+ }
+ }
+ }
+ }
+
+ // Two forms of EOF as far as base64 decoder is concerned: actual
+ // EOF (-1) and first time '=' character is encountered in stream.
+ // This approach makes the '=' padding characters completely optional.
+ if (eof && modulus != 0) {
+ x = x << 6;
+ switch (modulus) {
+ case 2 :
+ x = x << 6;
+ buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS);
+ break;
+ case 3 :
+ buffer[pos++] = (byte) ((x >> 16) & MASK_8BITS);
+ buffer[pos++] = (byte) ((x >> 8) & MASK_8BITS);
+ break;
+ }
+ }
+ }
+
+ /**
+ * Returns whether or not the <code>octet</code> is in the base 64 alphabet.
+ *
+ * @param octet
+ * The value to test
+ * @return <code>true</code> if the value is defined in the the base 64 alphabet, <code>false</code> otherwise.
+ * @since 1.4
+ */
+ public static boolean isBase64(byte octet) {
+ return octet == PAD || (octet >= 0 && octet < DECODE_TABLE.length && DECODE_TABLE[octet] != -1);
+ }
+
+ /**
+ * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. Currently the
+ * method treats whitespace as valid.
+ *
+ * @param arrayOctet
+ * byte array to test
+ * @return <code>true</code> if all bytes are valid characters in the Base64 alphabet or if the byte array is empty;
+ * false, otherwise
+ */
+ public static boolean isArrayByteBase64(byte[] arrayOctet) {
+ for (int i = 0; i < arrayOctet.length; i++) {
+ if (!isBase64(arrayOctet[i]) && !isWhiteSpace(arrayOctet[i])) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet.
+ *
+ * @param arrayOctet
+ * byte array to test
+ * @return <code>true</code> if any byte is a valid character in the Base64 alphabet; false herwise
+ */
+ private static boolean containsBase64Byte(byte[] arrayOctet) {
+ for (int i = 0; i < arrayOctet.length; i++) {
+ if (isBase64(arrayOctet[i])) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm but does not chunk the output.
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return byte[] containing Base64 characters in their UTF-8 representation.
+ */
+ public static byte[] encodeBase64(byte[] binaryData) {
+ return encodeBase64(binaryData, false);
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm into 76 character blocks separated by CRLF.
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return String containing Base64 characters.
+ * @since 1.4
+ */
+ public static String encodeBase64String(byte[] binaryData) {
+ return UTF8.toString(encodeBase64(binaryData, true));
+ }
+
+ /**
+ * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
+ * url-safe variation emits - and _ instead of + and / characters.
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return byte[] containing Base64 characters in their UTF-8 representation.
+ * @since 1.4
+ */
+ public static byte[] encodeBase64URLSafe(byte[] binaryData) {
+ return encodeBase64(binaryData, false, true);
+ }
+
+ /**
+ * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
+ * url-safe variation emits - and _ instead of + and / characters.
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return String containing Base64 characters
+ * @since 1.4
+ */
+ public static String encodeBase64URLSafeString(byte[] binaryData) {
+ return UTF8.toString(encodeBase64(binaryData, false, true));
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm and chunks the encoded output into 76 character blocks
+ *
+ * @param binaryData
+ * binary data to encode
+ * @return Base64 characters chunked in 76 character blocks
+ */
+ public static byte[] encodeBase64Chunked(byte[] binaryData) {
+ return encodeBase64(binaryData, true);
+ }
+
+ /**
+ * Decodes an Object using the base64 algorithm. This method is provided in order to satisfy the requirements of the
+ * Decoder interface, and will throw a DecoderException if the supplied object is not of type byte[] or String.
+ *
+ * @param pObject
+ * Object to decode
+ * @return An object (of type byte[]) containing the binary data which corresponds to the byte[] or String supplied.
+ */
+ public Object decode(Object pObject) {
+ if (pObject instanceof byte[]) {
+ return decode((byte[]) pObject);
+ } else if (pObject instanceof String) {
+ return decode((String) pObject);
+ } else {
+ throw new IllegalArgumentException("Parameter supplied to Base64 decode is not a byte[] or a String");
+ }
+ }
+
+ /**
+ * Decodes a String containing containing characters in the Base64 alphabet.
+ *
+ * @param pArray
+ * A String containing Base64 character data
+ * @return a byte array containing binary data
+ * @since 1.4
+ */
+ public byte[] decode(String pArray) {
+ return decode(UTF8.toBytes(pArray));
+ }
+
+ /**
+ * Decodes a byte[] containing containing characters in the Base64 alphabet.
+ *
+ * @param pArray
+ * A byte array containing Base64 character data
+ * @return a byte array containing binary data
+ */
+ public byte[] decode(byte[] pArray) {
+ reset();
+ if (pArray == null || pArray.length == 0) {
+ return pArray;
+ }
+ long len = (pArray.length * 3) / 4;
+ byte[] buf = new byte[(int) len];
+ setInitialBuffer(buf, 0, buf.length);
+ decode(pArray, 0, pArray.length);
+ decode(pArray, 0, -1); // Notify decoder of EOF.
+
+ // Would be nice to just return buf (like we sometimes do in the encode
+ // logic), but we have no idea what the line-length was (could even be
+ // variable). So we cannot determine ahead of time exactly how big an
+ // array is necessary. Hence the need to construct a 2nd byte array to
+ // hold the final result:
+
+ byte[] result = new byte[pos];
+ readResults(result, 0, result.length);
+ return result;
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
+ *
+ * @param binaryData
+ * Array containing binary data to encode.
+ * @param isChunked
+ * if <code>true</code> this encoder will chunk the base64 output into 76 character blocks
+ * @return Base64-encoded data.
+ * @throws IllegalArgumentException
+ * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
+ */
+ public static byte[] encodeBase64(byte[] binaryData, boolean isChunked) {
+ return encodeBase64(binaryData, isChunked, false);
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
+ *
+ * @param binaryData
+ * Array containing binary data to encode.
+ * @param isChunked
+ * if <code>true</code> this encoder will chunk the base64 output into 76 character blocks
+ * @param urlSafe
+ * if <code>true</code> this encoder will emit - and _ instead of the usual + and / characters.
+ * @return Base64-encoded data.
+ * @throws IllegalArgumentException
+ * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
+ * @since 1.4
+ */
+ public static byte[] encodeBase64(byte[] binaryData, boolean isChunked, boolean urlSafe) {
+ return encodeBase64(binaryData, isChunked, urlSafe, Integer.MAX_VALUE);
+ }
+
+ /**
+ * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
+ *
+ * @param binaryData
+ * Array containing binary data to encode.
+ * @param isChunked
+ * if <code>true</code> this encoder will chunk the base64 output into 76 character blocks
+ * @param urlSafe
+ * if <code>true</code> this encoder will emit - and _ instead of the usual + and / characters.
+ * @param maxResultSize
+ * The maximum result size to accept.
+ * @return Base64-encoded data.
+ * @throws IllegalArgumentException
+ * Thrown when the input array needs an output array bigger than maxResultSize
+ * @since 1.4
+ */
+ public static byte[] encodeBase64(byte[] binaryData, boolean isChunked, boolean urlSafe, int maxResultSize) {
+ if (binaryData == null || binaryData.length == 0) {
+ return binaryData;
+ }
+
+ long len = getEncodeLength(binaryData, CHUNK_SIZE, CHUNK_SEPARATOR);
+ if (len > maxResultSize) {
+ throw new IllegalArgumentException("Input array too big, the output array would be bigger (" +
+ len +
+ ") than the specified maxium size of " +
+ maxResultSize);
+ }
+
+ Base64 b64 = isChunked ? new Base64(urlSafe) : new Base64(0, CHUNK_SEPARATOR, urlSafe);
+ return b64.encode(binaryData);
+ }
+
+ /**
+ * Decodes a Base64 String into octets
+ *
+ * @param base64String
+ * String containing Base64 data
+ * @return Array containing decoded data.
+ * @since 1.4
+ */
+ public static byte[] decodeBase64(String base64String) {
+ return new Base64().decode(base64String);
+ }
+
+ /**
+ * Decodes Base64 data into octets
+ *
+ * @param base64Data
+ * Byte array containing Base64 data
+ * @return Array containing decoded data.
+ */
+ public static byte[] decodeBase64(byte[] base64Data) {
+ return new Base64().decode(base64Data);
+ }
+
+ /**
+ * Discards any whitespace from a base-64 encoded block.
+ *
+ * @param data
+ * The base-64 encoded data to discard the whitespace from.
+ * @return The data, less whitespace (see RFC 2045).
+ * @deprecated This method is no longer needed
+ */
+ static byte[] discardWhitespace(byte[] data) {
+ byte groomedData[] = new byte[data.length];
+ int bytesCopied = 0;
+ for (int i = 0; i < data.length; i++) {
+ switch (data[i]) {
+ case ' ' :
+ case '\n' :
+ case '\r' :
+ case '\t' :
+ break;
+ default :
+ groomedData[bytesCopied++] = data[i];
+ }
+ }
+ byte packedData[] = new byte[bytesCopied];
+ System.arraycopy(groomedData, 0, packedData, 0, bytesCopied);
+ return packedData;
+ }
+
+ /**
+ * Checks if a byte value is whitespace or not.
+ *
+ * @param byteToCheck
+ * the byte to check
+ * @return true if byte is whitespace, false otherwise
+ */
+ private static boolean isWhiteSpace(byte byteToCheck) {
+ switch (byteToCheck) {
+ case ' ' :
+ case '\n' :
+ case '\r' :
+ case '\t' :
+ return true;
+ default :
+ return false;
+ }
+ }
+
+ // Implementation of the Encoder Interface
+
+ /**
+ * Encodes an Object using the base64 algorithm. This method is provided in order to satisfy the requirements of the
+ * Encoder interface, and will throw an EncoderException if the supplied object is not of type byte[].
+ *
+ * @param pObject
+ * Object to encode
+ * @return An object (of type byte[]) containing the base64 encoded data which corresponds to the byte[] supplied.
+ */
+ public Object encode(Object pObject) {
+ if (!(pObject instanceof byte[])) {
+ throw new IllegalArgumentException("Parameter supplied to Base64 encode is not a byte[]");
+ }
+ return encode((byte[]) pObject);
+ }
+
+ /**
+ * Encodes a byte[] containing binary data, into a String containing characters in the Base64 alphabet.
+ *
+ * @param pArray
+ * a byte array containing binary data
+ * @return A String containing only Base64 character data
+ * @since 1.4
+ */
+ public String encodeToString(byte[] pArray) {
+ return UTF8.toString(encode(pArray));
+ }
+
+ /**
+ * Encodes a byte[] containing binary data, into a byte[] containing characters in the Base64 alphabet.
+ *
+ * @param pArray
+ * a byte array containing binary data
+ * @return A byte array containing only Base64 character data
+ */
+ public byte[] encode(byte[] pArray) {
+ reset();
+ if (pArray == null || pArray.length == 0) {
+ return pArray;
+ }
+ long len = getEncodeLength(pArray, lineLength, lineSeparator);
+ byte[] buf = new byte[(int) len];
+ setInitialBuffer(buf, 0, buf.length);
+ encode(pArray, 0, pArray.length);
+ encode(pArray, 0, -1); // Notify encoder of EOF.
+ // Encoder might have resized, even though it was unnecessary.
+ if (buffer != buf) {
+ readResults(buf, 0, buf.length);
+ }
+ // In URL-SAFE mode we skip the padding characters, so sometimes our
+ // final length is a bit smaller.
+ if (isUrlSafe() && pos < buf.length) {
+ byte[] smallerBuf = new byte[pos];
+ System.arraycopy(buf, 0, smallerBuf, 0, pos);
+ buf = smallerBuf;
+ }
+ return buf;
+ }
+
+ /**
+ * Pre-calculates the amount of space needed to base64-encode the supplied array.
+ *
+ * @param pArray byte[] array which will later be encoded
+ * @param chunkSize line-length of the output (<= 0 means no chunking) between each
+ * chunkSeparator (e.g. CRLF).
+ * @param chunkSeparator the sequence of bytes used to separate chunks of output (e.g. CRLF).
+ *
+ * @return amount of space needed to encoded the supplied array. Returns
+ * a long since a max-len array will require Integer.MAX_VALUE + 33%.
+ */
+ private static long getEncodeLength(byte[] pArray, int chunkSize, byte[] chunkSeparator) {
+ // base64 always encodes to multiples of 4.
+ chunkSize = (chunkSize / 4) * 4;
+
+ long len = (pArray.length * 4) / 3;
+ long mod = len % 4;
+ if (mod != 0) {
+ len += 4 - mod;
+ }
+ if (chunkSize > 0) {
+ boolean lenChunksPerfectly = len % chunkSize == 0;
+ len += (len / chunkSize) * chunkSeparator.length;
+ if (!lenChunksPerfectly) {
+ len += chunkSeparator.length;
+ }
+ }
+ return len;
+ }
+
+ // Implementation of integer encoding used for crypto
+ /**
+ * Decodes a byte64-encoded integer according to crypto standards such as W3C's XML-Signature
+ *
+ * @param pArray
+ * a byte array containing base64 character data
+ * @return A BigInteger
+ * @since 1.4
+ */
+ public static BigInteger decodeInteger(byte[] pArray) {
+ return new BigInteger(1, decodeBase64(pArray));
+ }
+
+ /**
+ * Encodes to a byte64-encoded integer according to crypto standards such as W3C's XML-Signature
+ *
+ * @param bigInt
+ * a BigInteger
+ * @return A byte array containing base64 character data
+ * @throws NullPointerException
+ * if null is passed in
+ * @since 1.4
+ */
+ public static byte[] encodeInteger(BigInteger bigInt) {
+ if (bigInt == null) {
+ throw new NullPointerException("encodeInteger called with null parameter");
+ }
+ return encodeBase64(toIntegerBytes(bigInt), false);
+ }
+
+ /**
+ * Returns a byte-array representation of a <code>BigInteger</code> without sign bit.
+ *
+ * @param bigInt
+ * <code>BigInteger</code> to be converted
+ * @return a byte array representation of the BigInteger parameter
+ */
+ static byte[] toIntegerBytes(BigInteger bigInt) {
+ int bitlen = bigInt.bitLength();
+ // round bitlen
+ bitlen = ((bitlen + 7) >> 3) << 3;
+ byte[] bigBytes = bigInt.toByteArray();
+
+ if (((bigInt.bitLength() % 8) != 0) && (((bigInt.bitLength() / 8) + 1) == (bitlen / 8))) {
+ return bigBytes;
+ }
+ // set up params for copying everything but sign bit
+ int startSrc = 0;
+ int len = bigBytes.length;
+
+ // if bigInt is exactly byte-aligned, just skip signbit in copy
+ if ((bigInt.bitLength() % 8) == 0) {
+ startSrc = 1;
+ len--;
+ }
+ int startDst = bitlen / 8 - len; // to pad w/ nulls as per spec
+ byte[] resizedBytes = new byte[bitlen / 8];
+ System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, len);
+ return resizedBytes;
+ }
+
+ /**
+ * Resets this Base64 object to its initial newly constructed state.
+ */
+ private void reset() {
+ buffer = null;
+ pos = 0;
+ readPos = 0;
+ currentLinePos = 0;
+ modulus = 0;
+ eof = false;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java
new file mode 100644
index 0000000..02f83bd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64InputStream.java
@@ -0,0 +1,174 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Provides Base64 encoding and decoding in a streaming fashion (unlimited size). When encoding the default lineLength
+ * is 76 characters and the default lineEnding is CRLF, but these can be overridden by using the appropriate
+ * constructor.
+ * <p>
+ * The default behaviour of the Base64InputStream is to DECODE, whereas the default behaviour of the Base64OutputStream
+ * is to ENCODE, but this behaviour can be overridden by using a different constructor.
+ * </p>
+ * <p>
+ * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose
+ * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein.
+ * </p>
+ * <p>
+ * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode
+ * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc).
+ * </p>
+ *
+ * @author Apache Software Foundation
+ * @version $Id: Base64InputStream.java 155 2009-09-17 21:00:58Z julius $
+ * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>
+ * @since 1.4
+ */
+public class Base64InputStream extends FilterInputStream {
+
+ private final boolean doEncode;
+
+ private final Base64 base64;
+
+ private final byte[] singleByte = new byte[1];
+
+ /**
+ * Creates a Base64InputStream such that all data read is Base64-decoded from the original provided InputStream.
+ *
+ * @param in
+ * InputStream to wrap.
+ */
+ public Base64InputStream(InputStream in) {
+ this(in, false);
+ }
+
+ /**
+ * Creates a Base64InputStream such that all data read is either Base64-encoded or Base64-decoded from the original
+ * provided InputStream.
+ *
+ * @param in
+ * InputStream to wrap.
+ * @param doEncode
+ * true if we should encode all data read from us, false if we should decode.
+ */
+ public Base64InputStream(InputStream in, boolean doEncode) {
+ super(in);
+ this.doEncode = doEncode;
+ this.base64 = new Base64();
+ }
+
+ /**
+ * Creates a Base64InputStream such that all data read is either Base64-encoded or Base64-decoded from the original
+ * provided InputStream.
+ *
+ * @param in
+ * InputStream to wrap.
+ * @param doEncode
+ * true if we should encode all data read from us, false if we should decode.
+ * @param lineLength
+ * If doEncode is true, each line of encoded data will contain lineLength characters (rounded down to
+ * nearest multiple of 4). If lineLength <=0, the encoded data is not divided into lines. If doEncode is
+ * false, lineLength is ignored.
+ * @param lineSeparator
+ * If doEncode is true, each line of encoded data will be terminated with this byte sequence (e.g. \r\n).
+ * If lineLength <= 0, the lineSeparator is not used. If doEncode is false lineSeparator is ignored.
+ */
+ public Base64InputStream(InputStream in, boolean doEncode, int lineLength, byte[] lineSeparator) {
+ super(in);
+ this.doEncode = doEncode;
+ this.base64 = new Base64(lineLength, lineSeparator);
+ }
+
+ /**
+ * Reads one <code>byte</code> from this input stream.
+ *
+ * @return the byte as an integer in the range 0 to 255. Returns -1 if EOF has been reached.
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ */
+ public int read() throws IOException {
+ int r = read(singleByte, 0, 1);
+ while (r == 0) {
+ r = read(singleByte, 0, 1);
+ }
+ if (r > 0) {
+ return singleByte[0] < 0 ? 256 + singleByte[0] : singleByte[0];
+ }
+ return -1;
+ }
+
+ /**
+ * Attempts to read <code>len</code> bytes into the specified <code>b</code> array starting at <code>offset</code>
+ * from this InputStream.
+ *
+ * @param b
+ * destination byte array
+ * @param offset
+ * where to start writing the bytes
+ * @param len
+ * maximum number of bytes to read
+ *
+ * @return number of bytes read
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ * @throws NullPointerException
+ * if the byte array parameter is null
+ * @throws IndexOutOfBoundsException
+ * if offset, len or buffer size are invalid
+ */
+ public int read(byte b[], int offset, int len) throws IOException {
+ if (b == null) {
+ throw new NullPointerException();
+ } else if (offset < 0 || len < 0) {
+ throw new IndexOutOfBoundsException();
+ } else if (offset > b.length || offset + len > b.length) {
+ throw new IndexOutOfBoundsException();
+ } else if (len == 0) {
+ return 0;
+ } else {
+ if (!base64.hasData()) {
+ byte[] buf = new byte[doEncode ? 4096 : 8192];
+ int c = in.read(buf);
+ // A little optimization to avoid System.arraycopy()
+ // when possible.
+ if (c > 0 && b.length == len) {
+ base64.setInitialBuffer(b, offset, len);
+ }
+ if (doEncode) {
+ base64.encode(buf, 0, c);
+ } else {
+ base64.decode(buf, 0, c);
+ }
+ }
+ return base64.readResults(b, offset, len);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return false
+ */
+ public boolean markSupported() {
+ return false; // not an easy job to support marks
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64OutputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64OutputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64OutputStream.java
new file mode 100644
index 0000000..a9cadde
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Base64OutputStream.java
@@ -0,0 +1,198 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * Provides Base64 encoding and decoding in a streaming fashion (unlimited size). When encoding the default lineLength
+ * is 76 characters and the default lineEnding is CRLF, but these can be overridden by using the appropriate
+ * constructor.
+ * <p>
+ * The default behaviour of the Base64OutputStream is to ENCODE, whereas the default behaviour of the Base64InputStream
+ * is to DECODE. But this behaviour can be overridden by using a different constructor.
+ * </p>
+ * <p>
+ * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose
+ * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein.
+ * </p>
+ * <p>
+ * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode
+ * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc).
+ * </p>
+ *
+ * @author Apache Software Foundation
+ * @version $Id$
+ * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>
+ * @since 1.4
+ */
+public class Base64OutputStream extends FilterOutputStream {
+ private final boolean doEncode;
+
+ private final Base64 base64;
+
+ private final byte[] singleByte = new byte[1];
+
+ /**
+ * Creates a Base64OutputStream such that all data written is Base64-encoded to the original provided OutputStream.
+ *
+ * @param out
+ * OutputStream to wrap.
+ */
+ public Base64OutputStream(OutputStream out) {
+ this(out, true);
+ }
+
+ /**
+ * Creates a Base64OutputStream such that all data written is either Base64-encoded or Base64-decoded to the
+ * original provided OutputStream.
+ *
+ * @param out
+ * OutputStream to wrap.
+ * @param doEncode
+ * true if we should encode all data written to us, false if we should decode.
+ */
+ public Base64OutputStream(OutputStream out, boolean doEncode) {
+ super(out);
+ this.doEncode = doEncode;
+ this.base64 = new Base64();
+ }
+
+ /**
+ * Creates a Base64OutputStream such that all data written is either Base64-encoded or Base64-decoded to the
+ * original provided OutputStream.
+ *
+ * @param out
+ * OutputStream to wrap.
+ * @param doEncode
+ * true if we should encode all data written to us, false if we should decode.
+ * @param lineLength
+ * If doEncode is true, each line of encoded data will contain lineLength characters (rounded down to
+ * nearest multiple of 4). If lineLength <=0, the encoded data is not divided into lines. If doEncode is
+ * false, lineLength is ignored.
+ * @param lineSeparator
+ * If doEncode is true, each line of encoded data will be terminated with this byte sequence (e.g. \r\n).
+ * If lineLength <= 0, the lineSeparator is not used. If doEncode is false lineSeparator is ignored.
+ */
+ public Base64OutputStream(OutputStream out, boolean doEncode, int lineLength, byte[] lineSeparator) {
+ super(out);
+ this.doEncode = doEncode;
+ this.base64 = new Base64(lineLength, lineSeparator);
+ }
+
+ /**
+ * Writes the specified <code>byte</code> to this output stream.
+ *
+ * @param i
+ * source byte
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ */
+ public void write(int i) throws IOException {
+ singleByte[0] = (byte) i;
+ write(singleByte, 0, 1);
+ }
+
+ /**
+ * Writes <code>len</code> bytes from the specified <code>b</code> array starting at <code>offset</code> to this
+ * output stream.
+ *
+ * @param b
+ * source byte array
+ * @param offset
+ * where to start reading the bytes
+ * @param len
+ * maximum number of bytes to write
+ *
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ * @throws NullPointerException
+ * if the byte array parameter is null
+ * @throws IndexOutOfBoundsException
+ * if offset, len or buffer size are invalid
+ */
+ public void write(byte b[], int offset, int len) throws IOException {
+ if (b == null) {
+ throw new NullPointerException();
+ } else if (offset < 0 || len < 0) {
+ throw new IndexOutOfBoundsException();
+ } else if (offset > b.length || offset + len > b.length) {
+ throw new IndexOutOfBoundsException();
+ } else if (len > 0) {
+ if (doEncode) {
+ base64.encode(b, offset, len);
+ } else {
+ base64.decode(b, offset, len);
+ }
+ flush(false);
+ }
+ }
+
+ /**
+ * Flushes this output stream and forces any buffered output bytes to be written out to the stream. If propogate is
+ * true, the wrapped stream will also be flushed.
+ *
+ * @param propogate
+ * boolean flag to indicate whether the wrapped OutputStream should also be flushed.
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ */
+ private void flush(boolean propogate) throws IOException {
+ int avail = base64.avail();
+ if (avail > 0) {
+ byte[] buf = new byte[avail];
+ int c = base64.readResults(buf, 0, avail);
+ if (c > 0) {
+ out.write(buf, 0, c);
+ }
+ }
+ if (propogate) {
+ out.flush();
+ }
+ }
+
+ /**
+ * Flushes this output stream and forces any buffered output bytes to be written out to the stream.
+ *
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ */
+ public void flush() throws IOException {
+ flush(true);
+ }
+
+ /**
+ * Closes this output stream and releases any system resources associated with the stream.
+ *
+ * @throws java.io.IOException
+ * if an I/O error occurs.
+ */
+ public void close() throws IOException {
+ // Notify encoder of EOF (-1).
+ if (doEncode) {
+ base64.encode(singleByte, 0, -1);
+ } else {
+ base64.decode(singleByte, 0, -1);
+ }
+ flush();
+ out.close();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLSocket.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLSocket.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLSocket.java
new file mode 100644
index 0000000..3a81e18
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLSocket.java
@@ -0,0 +1,100 @@
+package org.apache.commons.ssl;
+
+import javax.net.SocketFactory;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+
+public class CRLSocket extends SSLClient {
+ private final static CRLSocket secureInstance;
+ private final static CRLSocket plainInstance;
+
+ static {
+ CRLSocket sf1 = null, sf2 = null;
+ try {
+ sf1 = new CRLSocket();
+ sf2 = new CRLSocket();
+ sf2.setIsSecure(false);
+ }
+ catch (Exception e) {
+ System.out.println("could not create CRLSocket: " + e);
+ e.printStackTrace();
+ }
+ finally {
+ secureInstance = sf1;
+ plainInstance = sf2;
+ }
+ }
+
+ private CRLSocket() throws GeneralSecurityException, IOException {
+ super();
+
+ // For now we setup the usual trust infrastructure, but consumers
+ // are encouraged to call getInstance().addTrustMaterial() or
+ // getInstance().setTrustMaterial() to customize the trust.
+ if (TrustMaterial.JSSE_CACERTS != null) {
+ setTrustMaterial(TrustMaterial.JSSE_CACERTS);
+ } else {
+ setTrustMaterial(TrustMaterial.CACERTS);
+ }
+ setConnectTimeout(5000);
+ setSoTimeout(5000);
+ setCheckCRL(false);
+ }
+
+ public static SocketFactory getDefault() {
+ return getSecureInstance();
+ }
+
+ public static CRLSocket getSecureInstance() {
+ return secureInstance;
+ }
+
+ public static CRLSocket getPlainInstance() {
+ return plainInstance;
+ }
+
+ public static void main(String[] args) throws Exception {
+ String host = args[0];
+ String port = args[1];
+ String hello
+ = "HEAD / HTTP/1.1\r\n"
+ + "Host:" + host + ":" + port + "\r\n\r\n";
+ byte[] helloBytes = hello.getBytes("UTF-8");
+
+ System.out.println("About to getInstance() ");
+ CRLSocket sf = getPlainInstance();
+ long now = System.currentTimeMillis();
+ System.out.println("About to create socket: [" + host + ":" + port + "]");
+ Socket s = sf.createSocket(host, Integer.parseInt(port));
+ long delay = System.currentTimeMillis() - now;
+ System.out.println("Created socket! took " + delay + "ms ");
+ OutputStream out = s.getOutputStream();
+ out.write(helloBytes);
+ out.flush();
+
+ System.out.println("\n" + new String(helloBytes, "UTF-8"));
+
+ InputStream in = s.getInputStream();
+ int c = in.read();
+ StringBuffer buf = new StringBuffer();
+ System.out.println("Reading: ");
+ System.out.println("================================================================================");
+ while (c >= 0) {
+ byte b = (byte) c;
+ buf.append((char) b);
+ System.out.print((char) b);
+ if (-1 == buf.toString().indexOf("\r\n\r\n")) {
+ c = in.read();
+ } else {
+ break;
+ }
+ }
+ in.close();
+ out.close();
+ s.close();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLUtil.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLUtil.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLUtil.java
new file mode 100644
index 0000000..607a5fe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/CRLUtil.java
@@ -0,0 +1,75 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/CRLUtil.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+/*
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.DistributionPoint;
+import org.bouncycastle.asn1.x509.DistributionPointName;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
+*/
+
+import java.io.IOException;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 20-Dec-2005
+ */
+public class CRLUtil {
+
+ public static String getURLToCRL(byte[] extension2_5_29_31)
+ throws IOException {
+
+ throw new UnsupportedOperationException("not yet implemented");
+
+ /*
+ byte[] bytes = extension2_5_29_31;
+ ASN1Encodable asn1 = X509ExtensionUtil.fromExtensionValue(bytes);
+ DERObject obj = asn1.getDERObject();
+ CRLDistPoint distPoint = CRLDistPoint.getInstance(obj);
+ DistributionPoint[] points = distPoint.getDistributionPoints();
+ DistributionPointName dpn = points[0].getDistributionPoint();
+ obj = dpn.getName().toASN1Object();
+ ASN1Sequence seq = ASN1Sequence.getInstance(obj);
+ DERTaggedObject tag = (DERTaggedObject) seq.getObjectAt(0);
+ bytes = ASN1OctetString.getInstance(tag, false).getOctets();
+ return new String(bytes);
+ */
+ }
+}
[26/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Certificates.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Certificates.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Certificates.java
new file mode 100644
index 0000000..99259c8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Certificates.java
@@ -0,0 +1,591 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Certificates.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.naming.InvalidNameException;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+import javax.security.auth.x500.X500Principal;
+
+import javax.net.ssl.HttpsURLConnection;
+import java.io.*;
+import java.math.BigInteger;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.HttpURLConnection;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.*;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.*;
+import java.lang.reflect.Method;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 19-Aug-2005
+ */
+public class Certificates {
+
+ public final static CertificateFactory CF;
+ public final static String LINE_ENDING = System.getProperty("line.separator");
+
+ private final static HashMap crl_cache = new HashMap();
+
+ public final static String CRL_EXTENSION = "2.5.29.31";
+ public final static String OCSP_EXTENSION = "1.3.6.1.5.5.7.1.1";
+ private final static DateFormat DF = new SimpleDateFormat("yyyy/MMM/dd");
+
+ public interface SerializableComparator extends Comparator, Serializable {
+ }
+
+ public final static SerializableComparator COMPARE_BY_EXPIRY =
+ new SerializableComparator() {
+ public int compare(Object o1, Object o2) {
+ X509Certificate c1 = (X509Certificate) o1;
+ X509Certificate c2 = (X509Certificate) o2;
+ if (c1 == c2) // this deals with case where both are null
+ {
+ return 0;
+ }
+ if (c1 == null) // non-null is always bigger than null
+ {
+ return -1;
+ }
+ if (c2 == null) {
+ return 1;
+ }
+ if (c1.equals(c2)) {
+ return 0;
+ }
+ Date d1 = c1.getNotAfter();
+ Date d2 = c2.getNotAfter();
+ int c = d1.compareTo(d2);
+ if (c == 0) {
+ String s1 = JavaImpl.getSubjectX500(c1);
+ String s2 = JavaImpl.getSubjectX500(c2);
+ c = s1.compareTo(s2);
+ if (c == 0) {
+ s1 = JavaImpl.getIssuerX500(c1);
+ s2 = JavaImpl.getIssuerX500(c2);
+ c = s1.compareTo(s2);
+ if (c == 0) {
+ BigInteger big1 = c1.getSerialNumber();
+ BigInteger big2 = c2.getSerialNumber();
+ c = big1.compareTo(big2);
+ if (c == 0) {
+ try {
+ byte[] b1 = c1.getEncoded();
+ byte[] b2 = c2.getEncoded();
+ int len1 = b1.length;
+ int len2 = b2.length;
+ int i = 0;
+ for (; i < len1 && i < len2; i++) {
+ c = ((int) b1[i]) - ((int) b2[i]);
+ if (c != 0) {
+ break;
+ }
+ }
+ if (c == 0) {
+ c = b1.length - b2.length;
+ }
+ }
+ catch (CertificateEncodingException cee) {
+ // I give up. They can be equal if they
+ // really want to be this badly.
+ c = 0;
+ }
+ }
+ }
+ }
+ }
+ return c;
+ }
+ };
+
+ static {
+ CertificateFactory cf = null;
+ try {
+ cf = CertificateFactory.getInstance("X.509");
+ }
+ catch (CertificateException ce) {
+ ce.printStackTrace(System.out);
+ }
+ finally {
+ CF = cf;
+ }
+ }
+
+ public static String toPEMString(X509Certificate cert)
+ throws CertificateEncodingException {
+ return toString(cert.getEncoded());
+ }
+
+ public static String toString(byte[] x509Encoded) {
+ byte[] encoded = Base64.encodeBase64(x509Encoded);
+ StringBuffer buf = new StringBuffer(encoded.length + 100);
+ buf.append("-----BEGIN CERTIFICATE-----\n");
+ for (int i = 0; i < encoded.length; i += 64) {
+ if (encoded.length - i >= 64) {
+ buf.append(new String(encoded, i, 64));
+ } else {
+ buf.append(new String(encoded, i, encoded.length - i));
+ }
+ buf.append(LINE_ENDING);
+ }
+ buf.append("-----END CERTIFICATE-----");
+ buf.append(LINE_ENDING);
+ return buf.toString();
+ }
+
+ public static String toString(X509Certificate cert) {
+ return toString(cert, false);
+ }
+
+ public static String toString(X509Certificate cert, boolean htmlStyle) {
+ String cn = getCN(cert);
+ String startStart = DF.format(cert.getNotBefore());
+ String endDate = DF.format(cert.getNotAfter());
+ String subject = JavaImpl.getSubjectX500(cert);
+ String issuer = JavaImpl.getIssuerX500(cert);
+ Iterator crls = getCRLs(cert).iterator();
+ if (subject.equals(issuer)) {
+ issuer = "self-signed";
+ }
+ StringBuffer buf = new StringBuffer(128);
+ if (htmlStyle) {
+ buf.append("<strong class=\"cn\">");
+ }
+ buf.append(cn);
+ if (htmlStyle) {
+ buf.append("</strong>");
+ }
+ buf.append(LINE_ENDING);
+ buf.append("Valid: ");
+ buf.append(startStart);
+ buf.append(" - ");
+ buf.append(endDate);
+ buf.append(LINE_ENDING);
+ buf.append("s: ");
+ buf.append(subject);
+ buf.append(LINE_ENDING);
+ buf.append("i: ");
+ buf.append(issuer);
+ while (crls.hasNext()) {
+ buf.append(LINE_ENDING);
+ buf.append("CRL: ");
+ buf.append((String) crls.next());
+ }
+ buf.append(LINE_ENDING);
+ return buf.toString();
+ }
+
+ public static List getCRLs(X509Extension cert) {
+ // What follows is a poor man's CRL extractor, for those lacking
+ // a BouncyCastle "bcprov.jar" in their classpath.
+
+ // It's a very basic state-machine: look for a standard URL scheme
+ // (such as http), and then start looking for a terminator. After
+ // running hexdump a few times on these things, it looks to me like
+ // the UTF-8 value "65533" seems to happen near where these things
+ // terminate. (Of course this stuff is ASN.1 and not UTF-8, but
+ // I happen to like some of the functions available to the String
+ // object). - juliusdavies@cucbc.com, May 10th, 2006
+ byte[] bytes = cert.getExtensionValue(CRL_EXTENSION);
+ LinkedList httpCRLS = new LinkedList();
+ LinkedList ftpCRLS = new LinkedList();
+ LinkedList otherCRLS = new LinkedList();
+ if (bytes == null) {
+ // just return empty list
+ return httpCRLS;
+ } else {
+ String s;
+ try {
+ s = new String(bytes, "UTF-8");
+ }
+ catch (UnsupportedEncodingException uee) {
+ // We're screwed if this thing has more than one CRL, because
+ // the "indeOf( (char) 65533 )" below isn't going to work.
+ s = new String(bytes);
+ }
+ int pos = 0;
+ while (pos >= 0) {
+ int x = -1, y;
+ int[] indexes = new int[4];
+ indexes[0] = s.indexOf("http", pos);
+ indexes[1] = s.indexOf("ldap", pos);
+ indexes[2] = s.indexOf("file", pos);
+ indexes[3] = s.indexOf("ftp", pos);
+ Arrays.sort(indexes);
+ for (int i = 0; i < indexes.length; i++) {
+ if (indexes[i] >= 0) {
+ x = indexes[i];
+ break;
+ }
+ }
+ if (x >= 0) {
+ y = s.indexOf((char) 65533, x);
+ String crl = y > x ? s.substring(x, y - 1) : s.substring(x);
+ if (y > x && crl.endsWith("0")) {
+ crl = crl.substring(0, crl.length() - 1);
+ }
+ String crlTest = crl.trim().toLowerCase();
+ if (crlTest.startsWith("http")) {
+ httpCRLS.add(crl);
+ } else if (crlTest.startsWith("ftp")) {
+ ftpCRLS.add(crl);
+ } else {
+ otherCRLS.add(crl);
+ }
+ pos = y;
+ } else {
+ pos = -1;
+ }
+ }
+ }
+
+ httpCRLS.addAll(ftpCRLS);
+ httpCRLS.addAll(otherCRLS);
+ return httpCRLS;
+ }
+
+ public static void checkCRL(X509Certificate cert)
+ throws CertificateException {
+ // String name = cert.getSubjectX500Principal().toString();
+ byte[] bytes = cert.getExtensionValue("2.5.29.31");
+ if (bytes == null) {
+ // log.warn( "Cert doesn't contain X509v3 CRL Distribution Points (2.5.29.31): " + name );
+ } else {
+ List crlList = getCRLs(cert);
+ Iterator it = crlList.iterator();
+ while (it.hasNext()) {
+ String url = (String) it.next();
+ CRLHolder holder = (CRLHolder) crl_cache.get(url);
+ if (holder == null) {
+ holder = new CRLHolder(url);
+ crl_cache.put(url, holder);
+ }
+ // success == false means we couldn't actually load the CRL
+ // (probably due to an IOException), so let's try the next one in
+ // our list.
+ boolean success = holder.checkCRL(cert);
+ if (success) {
+ break;
+ }
+ }
+ }
+
+ }
+
+ public static BigInteger getFingerprint(X509Certificate x509)
+ throws CertificateEncodingException {
+ return getFingerprint(x509.getEncoded());
+ }
+
+ public static BigInteger getFingerprint(byte[] x509)
+ throws CertificateEncodingException {
+ MessageDigest sha1;
+ try {
+ sha1 = MessageDigest.getInstance("SHA1");
+ }
+ catch (NoSuchAlgorithmException nsae) {
+ throw JavaImpl.newRuntimeException(nsae);
+ }
+
+ sha1.reset();
+ byte[] result = sha1.digest(x509);
+ return new BigInteger(result);
+ }
+
+ private static class CRLHolder {
+ private final String urlString;
+
+ private File tempCRLFile;
+ private long creationTime;
+ private Set passedTest = new HashSet();
+ private Set failedTest = new HashSet();
+
+ CRLHolder(String urlString) {
+ if (urlString == null) {
+ throw new NullPointerException("urlString can't be null");
+ }
+ this.urlString = urlString;
+ }
+
+ public synchronized boolean checkCRL(X509Certificate cert)
+ throws CertificateException {
+ CRL crl = null;
+ long now = System.currentTimeMillis();
+ if (now - creationTime > 24 * 60 * 60 * 1000) {
+ // Expire cache every 24 hours
+ if (tempCRLFile != null && tempCRLFile.exists()) {
+ tempCRLFile.delete();
+ }
+ tempCRLFile = null;
+ passedTest.clear();
+
+ /*
+ Note: if any certificate ever fails the check, we will
+ remember that fact.
+
+ This breaks with temporary "holds" that CRL's can issue.
+ Apparently a certificate can have a temporary "hold" on its
+ validity, but I'm not interested in supporting that. If a "held"
+ certificate is suddenly "unheld", you're just going to need
+ to restart your JVM.
+ */
+ // failedTest.clear(); <-- DO NOT UNCOMMENT!
+ }
+
+ BigInteger fingerprint = getFingerprint(cert);
+ if (failedTest.contains(fingerprint)) {
+ throw new CertificateException("Revoked by CRL (cached response)");
+ }
+ if (passedTest.contains(fingerprint)) {
+ return true;
+ }
+
+ if (tempCRLFile == null) {
+ try {
+ // log.info( "Trying to load CRL [" + urlString + "]" );
+
+ // java.net.URL blocks forever by default, so CRL-checking
+ // is freezing some systems. Below we go to great pains
+ // to enforce timeouts for CRL-checking (5 seconds).
+ URL url = new URL(urlString);
+ URLConnection urlConn = url.openConnection();
+ if (urlConn instanceof HttpsURLConnection) {
+
+ // HTTPS sites will use special CRLSocket.getInstance() SocketFactory
+ // that is configured to timeout after 5 seconds:
+ HttpsURLConnection httpsConn = (HttpsURLConnection) urlConn;
+ httpsConn.setSSLSocketFactory(CRLSocket.getSecureInstance());
+
+ } else if (urlConn instanceof HttpURLConnection) {
+
+ // HTTP timeouts can only be set on Java 1.5 and up. :-(
+ // The code required to set it for Java 1.4 and Java 1.3 is just too painful.
+ HttpURLConnection httpConn = (HttpURLConnection) urlConn;
+ try {
+ // Java 1.5 and up support these, so using reflection. UGH!!!
+ Class c = httpConn.getClass();
+ Method setConnTimeOut = c.getDeclaredMethod("setConnectTimeout", new Class[]{Integer.TYPE});
+ Method setReadTimeout = c.getDeclaredMethod("setReadTimeout", new Class[]{Integer.TYPE});
+ setConnTimeOut.invoke(httpConn, Integer.valueOf(5000));
+ setReadTimeout.invoke(httpConn, Integer.valueOf(5000));
+ } catch (NoSuchMethodException nsme) {
+ // oh well, java 1.4 users can suffer.
+ } catch (Exception e) {
+ throw new RuntimeException("can't set timeout", e);
+ }
+ }
+
+ File tempFile = File.createTempFile("crl", ".tmp");
+ tempFile.deleteOnExit();
+
+ OutputStream out = new FileOutputStream(tempFile);
+ out = new BufferedOutputStream(out);
+ InputStream in = new BufferedInputStream(urlConn.getInputStream());
+ try {
+ Util.pipeStream(in, out);
+ }
+ catch (IOException ioe) {
+ // better luck next time
+ tempFile.delete();
+ throw ioe;
+ }
+ this.tempCRLFile = tempFile;
+ this.creationTime = System.currentTimeMillis();
+ }
+ catch (IOException ioe) {
+ // log.warn( "Cannot check CRL: " + e );
+ }
+ }
+
+ if (tempCRLFile != null && tempCRLFile.exists()) {
+ try {
+ InputStream in = new FileInputStream(tempCRLFile);
+ in = new BufferedInputStream(in);
+ synchronized (CF) {
+ crl = CF.generateCRL(in);
+ }
+ in.close();
+ if (crl.isRevoked(cert)) {
+ // log.warn( "Revoked by CRL [" + urlString + "]: " + name );
+ passedTest.remove(fingerprint);
+ failedTest.add(fingerprint);
+ throw new CertificateException("Revoked by CRL");
+ } else {
+ passedTest.add(fingerprint);
+ }
+ }
+ catch (IOException ioe) {
+ // couldn't load CRL that's supposed to be stored in Temp file.
+ // log.warn( );
+ }
+ catch (CRLException crle) {
+ // something is wrong with the CRL
+ // log.warn( );
+ }
+ }
+ return crl != null;
+ }
+ }
+
+ public static String getCN(X509Certificate cert) {
+ String[] cns = getCNs(cert);
+ boolean foundSomeCNs = cns != null && cns.length >= 1;
+ return foundSomeCNs ? cns[0] : null;
+ }
+
+ public static String[] getCNs(X509Certificate cert) {
+ try {
+ final String subjectPrincipal = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
+ final LinkedList<String> cnList = new LinkedList<String>();
+ final LdapName subjectDN = new LdapName(subjectPrincipal);
+ for (final Rdn rds : subjectDN.getRdns()) {
+ final Attributes attributes = rds.toAttributes();
+ final Attribute cn = attributes.get("cn");
+ if (cn != null) {
+ try {
+ final Object value = cn.get();
+ if (value != null) {
+ cnList.add(value.toString());
+ }
+ } catch (NoSuchElementException ignore) {
+ } catch (NamingException ignore) {
+ }
+ }
+ }
+ if (!cnList.isEmpty()) {
+ return cnList.toArray(new String[cnList.size()]);
+ }
+ } catch (InvalidNameException ignore) {
+ }
+ return null;
+ }
+
+ /**
+ * Extracts the array of SubjectAlt DNS names from an X509Certificate.
+ * Returns null if there aren't any.
+ * <p/>
+ * Note: Java doesn't appear able to extract international characters
+ * from the SubjectAlts. It can only extract international characters
+ * from the CN field.
+ * <p/>
+ * (Or maybe the version of OpenSSL I'm using to test isn't storing the
+ * international characters correctly in the SubjectAlts?).
+ *
+ * @param cert X509Certificate
+ * @return Array of SubjectALT DNS names stored in the certificate.
+ */
+ public static String[] getDNSSubjectAlts(X509Certificate cert) {
+ LinkedList subjectAltList = new LinkedList();
+ Collection c = null;
+ try {
+ c = cert.getSubjectAlternativeNames();
+ }
+ catch (CertificateParsingException cpe) {
+ // Should probably log.debug() this?
+ cpe.printStackTrace();
+ }
+ if (c != null) {
+ Iterator it = c.iterator();
+ while (it.hasNext()) {
+ List list = (List) it.next();
+ int type = ((Integer) list.get(0)).intValue();
+ // If type is 2, then we've got a dNSName
+ if (type == 2) {
+ String s = (String) list.get(1);
+ subjectAltList.add(s);
+ }
+ }
+ }
+ if (!subjectAltList.isEmpty()) {
+ String[] subjectAlts = new String[subjectAltList.size()];
+ subjectAltList.toArray(subjectAlts);
+ return subjectAlts;
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Trims off any null entries on the array. Returns a shrunk array.
+ *
+ * @param chain X509Certificate[] chain to trim
+ * @return Shrunk array with all trailing null entries removed.
+ */
+ public static Certificate[] trimChain(Certificate[] chain) {
+ for (int i = 0; i < chain.length; i++) {
+ if (chain[i] == null) {
+ X509Certificate[] newChain = new X509Certificate[i];
+ System.arraycopy(chain, 0, newChain, 0, i);
+ return newChain;
+ }
+ }
+ return chain;
+ }
+
+ /**
+ * Returns a chain of type X509Certificate[].
+ *
+ * @param chain Certificate[] chain to cast to X509Certificate[]
+ * @return chain of type X509Certificate[].
+ */
+ public static X509Certificate[] x509ifyChain(Certificate[] chain) {
+ if (chain instanceof X509Certificate[]) {
+ return (X509Certificate[]) chain;
+ } else {
+ X509Certificate[] x509Chain = new X509Certificate[chain.length];
+ System.arraycopy(chain, 0, x509Chain, 0, chain.length);
+ return x509Chain;
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ for (int i = 0; i < args.length; i++) {
+ FileInputStream in = new FileInputStream(args[i]);
+ TrustMaterial tm = new TrustMaterial(in);
+ Iterator it = tm.getCertificates().iterator();
+ while (it.hasNext()) {
+ X509Certificate x509 = (X509Certificate) it.next();
+ System.out.println(toString(x509));
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ComboInputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ComboInputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ComboInputStream.java
new file mode 100644
index 0000000..54d5dde
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ComboInputStream.java
@@ -0,0 +1,96 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/ComboInputStream.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 22-Feb-2007
+ */
+public class ComboInputStream extends InputStream {
+ private boolean headDone;
+ private InputStream head;
+ private InputStream tail;
+
+ public ComboInputStream(InputStream head, InputStream tail) {
+ this.head = head != null ? head : tail;
+ this.tail = tail != null ? tail : head;
+ }
+
+ public int read() throws IOException {
+ int c;
+ if (headDone) {
+ c = tail.read();
+ } else {
+ c = head.read();
+ if (c == -1) {
+ headDone = true;
+ c = tail.read();
+ }
+ }
+ return c;
+ }
+
+ public int available() throws IOException {
+ return tail.available() + head.available();
+ }
+
+ public void close() throws IOException {
+ try {
+ head.close();
+ }
+ finally {
+ if (head != tail) {
+ tail.close();
+ }
+ }
+ }
+
+ public int read(byte b[], int off, int len) throws IOException {
+ int c;
+ if (headDone) {
+ c = tail.read(b, off, len);
+ } else {
+ c = head.read(b, off, len);
+ if (c == -1) {
+ headDone = true;
+ c = tail.read(b, off, len);
+ }
+ }
+ return c;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/DerivedKey.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/DerivedKey.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/DerivedKey.java
new file mode 100644
index 0000000..7005187
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/DerivedKey.java
@@ -0,0 +1,49 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/DerivedKey.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 7-Nov-2006
+ */
+public class DerivedKey {
+ public final byte[] key;
+ public final byte[] iv;
+
+ DerivedKey(byte[] key, byte[] iv) {
+ this.key = key;
+ this.iv = iv;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostPort.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostPort.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostPort.java
new file mode 100644
index 0000000..56a8139
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostPort.java
@@ -0,0 +1,57 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/HostPort.java $
+ * $Revision: 166 $
+ * $Date: 2014-04-28 11:40:25 -0700 (Mon, 28 Apr 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.IPAddressParser;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 14-July-2006
+ */
+public class HostPort {
+ public final String host;
+ public final int port;
+ public final InetAddress addr;
+
+ public HostPort(String host, int port) throws UnknownHostException {
+ this.host = host;
+ this.port = port;
+ this.addr = Util.toInetAddress(host);
+ }
+
+ public String toString() { return host + ":" + port; }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostnameVerifier.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostnameVerifier.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostnameVerifier.java
new file mode 100644
index 0000000..e797abe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HostnameVerifier.java
@@ -0,0 +1,481 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/HostnameVerifier.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.TreeSet;
+
+/**
+ * Interface for checking if a hostname matches the names stored inside the
+ * server's X.509 certificate. Correctly implements
+ * javax.net.ssl.HostnameVerifier, but that interface is not recommended.
+ * Instead we added several check() methods that take SSLSocket,
+ * or X509Certificate, or ultimately (they all end up calling this one),
+ * String. (It's easier to supply JUnit with Strings instead of mock
+ * SSLSession objects!)
+ * </p><p>Our check() methods throw exceptions if the name is
+ * invalid, whereas javax.net.ssl.HostnameVerifier just returns true/false.
+ * <p/>
+ * We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and
+ * HostnameVerifier.ALLOW_ALL implementations. We also provide the more
+ * specialized HostnameVerifier.DEFAULT_AND_LOCALHOST, as well as
+ * HostnameVerifier.STRICT_IE6. But feel free to define your own
+ * implementations!
+ * <p/>
+ * Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the
+ * HttpClient "contrib" repository.
+ *
+ * @author Julius Davies
+ * @author <a href="mailto:hauer@psicode.com">Sebastian Hauer</a>
+ * @since 8-Dec-2006
+ */
+public interface HostnameVerifier extends javax.net.ssl.HostnameVerifier {
+
+ boolean verify(String host, SSLSession session);
+
+ void check(String host, SSLSocket ssl) throws IOException;
+
+ void check(String host, X509Certificate cert) throws SSLException;
+
+ void check(String host, String[] cns, String[] subjectAlts)
+ throws SSLException;
+
+ void check(String[] hosts, SSLSocket ssl) throws IOException;
+
+ void check(String[] hosts, X509Certificate cert) throws SSLException;
+
+
+ /**
+ * Checks to see if the supplied hostname matches any of the supplied CNs
+ * or "DNS" Subject-Alts. Most implementations only look at the first CN,
+ * and ignore any additional CNs. Most implementations do look at all of
+ * the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards
+ * according to RFC 2818.
+ *
+ * @param cns CN fields, in order, as extracted from the X.509
+ * certificate.
+ * @param subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted
+ * from the X.509 certificate.
+ * @param hosts The array of hostnames to verify.
+ * @throws javax.net.ssl.SSLException If verification failed.
+ */
+ void check(String[] hosts, String[] cns, String[] subjectAlts)
+ throws SSLException;
+
+
+ /**
+ * The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
+ * <p/>
+ * The hostname must match either the first CN, or any of the subject-alts.
+ * A wildcard can occur in the CN, and in any of the subject-alts.
+ * <p/>
+ * The only difference between DEFAULT and STRICT is that a wildcard (such
+ * as "*.foo.com") with DEFAULT matches all subdomains, including
+ * "a.b.foo.com".
+ */
+ public final static HostnameVerifier DEFAULT =
+ new AbstractVerifier() {
+ public final void check(final String[] hosts, final String[] cns,
+ final String[] subjectAlts)
+ throws SSLException {
+ check(hosts, cns, subjectAlts, false, false);
+ }
+
+ public final String toString() { return "DEFAULT"; }
+ };
+
+
+ /**
+ * The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT
+ * one with one additional relaxation: a host of "localhost",
+ * "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter
+ * what is in the server's certificate.
+ */
+ public final static HostnameVerifier DEFAULT_AND_LOCALHOST =
+ new AbstractVerifier() {
+ public final void check(final String[] hosts, final String[] cns,
+ final String[] subjectAlts)
+ throws SSLException {
+ if (isLocalhost(hosts[0])) {
+ return;
+ }
+ check(hosts, cns, subjectAlts, false, false);
+ }
+
+ public final String toString() { return "DEFAULT_AND_LOCALHOST"; }
+ };
+
+ /**
+ * The STRICT HostnameVerifier works the same way as java.net.URL in Sun
+ * Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6.
+ * This implementation appears to be compliant with RFC 2818 for dealing
+ * with wildcards.
+ * <p/>
+ * The hostname must match either the first CN, or any of the subject-alts.
+ * A wildcard can occur in the CN, and in any of the subject-alts. The
+ * one divergence from IE6 is how we only check the first CN. IE6 allows
+ * a match against any of the CNs present. We decided to follow in
+ * Sun Java 1.4's footsteps and only check the first CN.
+ * <p/>
+ * A wildcard such as "*.foo.com" matches only subdomains in the same
+ * level, for example "a.foo.com". It does not match deeper subdomains
+ * such as "a.b.foo.com".
+ */
+ public final static HostnameVerifier STRICT =
+ new AbstractVerifier() {
+ public final void check(final String[] host, final String[] cns,
+ final String[] subjectAlts)
+ throws SSLException {
+ check(host, cns, subjectAlts, false, true);
+ }
+
+ public final String toString() { return "STRICT"; }
+ };
+
+ /**
+ * The STRICT_IE6 HostnameVerifier works just like the STRICT one with one
+ * minor variation: the hostname can match against any of the CN's in the
+ * server's certificate, not just the first one. This behaviour is
+ * identical to IE6's behaviour.
+ */
+ public final static HostnameVerifier STRICT_IE6 =
+ new AbstractVerifier() {
+ public final void check(final String[] host, final String[] cns,
+ final String[] subjectAlts)
+ throws SSLException {
+ check(host, cns, subjectAlts, true, true);
+ }
+
+ public final String toString() { return "STRICT_IE6"; }
+ };
+
+ /**
+ * The ALLOW_ALL HostnameVerifier essentially turns hostname verification
+ * off. This implementation is a no-op, and never throws the SSLException.
+ */
+ public final static HostnameVerifier ALLOW_ALL =
+ new AbstractVerifier() {
+ public final void check(final String[] host, final String[] cns,
+ final String[] subjectAlts) {
+ // Allow everything - so never blowup.
+ }
+
+ public final String toString() { return "ALLOW_ALL"; }
+ };
+
+ abstract class AbstractVerifier implements HostnameVerifier {
+
+ /**
+ * This contains a list of 2nd-level domains that aren't allowed to
+ * have wildcards when combined with country-codes.
+ * For example: [*.co.uk].
+ * <p/>
+ * The [*.co.uk] problem is an interesting one. Should we just hope
+ * that CA's would never foolishly allow such a certificate to happen?
+ * Looks like we're the only implementation guarding against this.
+ * Firefox, Curl, Sun Java 1.4, 5, 6 don't bother with this check.
+ */
+ private final static String[] BAD_COUNTRY_2LDS =
+ {"ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info",
+ "lg", "ne", "net", "or", "org"};
+
+ private final static String[] LOCALHOSTS = {"::1", "127.0.0.1",
+ "localhost",
+ "localhost.localdomain"};
+
+
+ static {
+ // Just in case developer forgot to manually sort the array. :-)
+ Arrays.sort(BAD_COUNTRY_2LDS);
+ Arrays.sort(LOCALHOSTS);
+ }
+
+ protected AbstractVerifier() {}
+
+ /**
+ * The javax.net.ssl.HostnameVerifier contract.
+ *
+ * @param host 'hostname' we used to create our socket
+ * @param session SSLSession with the remote server
+ * @return true if the host matched the one in the certificate.
+ */
+ public boolean verify(String host, SSLSession session) {
+ try {
+ Certificate[] certs = session.getPeerCertificates();
+ X509Certificate x509 = (X509Certificate) certs[0];
+ check(new String[]{host}, x509);
+ return true;
+ }
+ catch (SSLException e) {
+ return false;
+ }
+ }
+
+ public void check(String host, SSLSocket ssl) throws IOException {
+ check(new String[]{host}, ssl);
+ }
+
+ public void check(String host, X509Certificate cert)
+ throws SSLException {
+ check(new String[]{host}, cert);
+ }
+
+ public void check(String host, String[] cns, String[] subjectAlts)
+ throws SSLException {
+ check(new String[]{host}, cns, subjectAlts);
+ }
+
+ public void check(String host[], SSLSocket ssl)
+ throws IOException {
+ if (host == null) {
+ throw new NullPointerException("host to verify is null");
+ }
+
+ SSLSession session = ssl.getSession();
+ if (session == null) {
+ // In our experience this only happens under IBM 1.4.x when
+ // spurious (unrelated) certificates show up in the server'
+ // chain. Hopefully this will unearth the real problem:
+ InputStream in = ssl.getInputStream();
+ in.available();
+ /*
+ If you're looking at the 2 lines of code above because
+ you're running into a problem, you probably have two
+ options:
+
+ #1. Clean up the certificate chain that your server
+ is presenting (e.g. edit "/etc/apache2/server.crt"
+ or wherever it is your server's certificate chain
+ is defined).
+
+ OR
+
+ #2. Upgrade to an IBM 1.5.x or greater JVM, or switch
+ to a non-IBM JVM.
+ */
+
+ // If ssl.getInputStream().available() didn't cause an
+ // exception, maybe at least now the session is available?
+ session = ssl.getSession();
+ if (session == null) {
+ // If it's still null, probably a startHandshake() will
+ // unearth the real problem.
+ ssl.startHandshake();
+
+ // Okay, if we still haven't managed to cause an exception,
+ // might as well go for the NPE. Or maybe we're okay now?
+ session = ssl.getSession();
+ }
+ }
+ Certificate[] certs;
+ try {
+ certs = session.getPeerCertificates();
+ } catch (SSLPeerUnverifiedException spue) {
+ InputStream in = ssl.getInputStream();
+ in.available();
+ // Didn't trigger anything interesting? Okay, just throw
+ // original.
+ throw spue;
+ }
+ X509Certificate x509 = (X509Certificate) certs[0];
+ check(host, x509);
+ }
+
+ public void check(String[] host, X509Certificate cert)
+ throws SSLException {
+ String[] cns = Certificates.getCNs(cert);
+ String[] subjectAlts = Certificates.getDNSSubjectAlts(cert);
+ check(host, cns, subjectAlts);
+ }
+
+ public void check(final String[] hosts, final String[] cns,
+ final String[] subjectAlts, final boolean ie6,
+ final boolean strictWithSubDomains)
+ throws SSLException {
+ // Build up lists of allowed hosts For logging/debugging purposes.
+ StringBuffer buf = new StringBuffer(32);
+ buf.append('<');
+ for (int i = 0; i < hosts.length; i++) {
+ String h = hosts[i];
+ h = h != null ? h.trim().toLowerCase() : "";
+ hosts[i] = h;
+ if (i > 0) {
+ buf.append('/');
+ }
+ buf.append(h);
+ }
+ buf.append('>');
+ String hostnames = buf.toString();
+ // Build the list of names we're going to check. Our DEFAULT and
+ // STRICT implementations of the HostnameVerifier only use the
+ // first CN provided. All other CNs are ignored.
+ // (Firefox, wget, curl, Sun Java 1.4, 5, 6 all work this way).
+ TreeSet names = new TreeSet();
+ if (cns != null && cns.length > 0 && cns[0] != null) {
+ names.add(cns[0]);
+ if (ie6) {
+ for (int i = 1; i < cns.length; i++) {
+ names.add(cns[i]);
+ }
+ }
+ }
+ if (subjectAlts != null) {
+ for (int i = 0; i < subjectAlts.length; i++) {
+ if (subjectAlts[i] != null) {
+ names.add(subjectAlts[i]);
+ }
+ }
+ }
+ if (names.isEmpty()) {
+ String msg = "Certificate for " + hosts[0] + " doesn't contain CN or DNS subjectAlt";
+ throw new SSLException(msg);
+ }
+
+ // StringBuffer for building the error message.
+ buf = new StringBuffer();
+
+ boolean match = false;
+ out:
+ for (Iterator it = names.iterator(); it.hasNext();) {
+ // Don't trim the CN, though!
+ String cn = (String) it.next();
+ cn = cn.toLowerCase();
+ // Store CN in StringBuffer in case we need to report an error.
+ buf.append(" <");
+ buf.append(cn);
+ buf.append('>');
+ if (it.hasNext()) {
+ buf.append(" OR");
+ }
+
+ // The CN better have at least two dots if it wants wildcard
+ // action. It also can't be [*.co.uk] or [*.co.jp] or
+ // [*.org.uk], etc...
+ boolean doWildcard = cn.startsWith("*.") &&
+ cn.lastIndexOf('.') >= 0 &&
+ !isIP4Address(cn) &&
+ acceptableCountryWildcard(cn);
+
+ for (int i = 0; i < hosts.length; i++) {
+ final String hostName = hosts[i].trim().toLowerCase();
+ if (doWildcard) {
+ match = hostName.endsWith(cn.substring(1));
+ if (match && strictWithSubDomains) {
+ // If we're in strict mode, then [*.foo.com] is not
+ // allowed to match [a.b.foo.com]
+ match = countDots(hostName) == countDots(cn);
+ }
+ } else {
+ match = hostName.equals(cn);
+ }
+ if (match) {
+ break out;
+ }
+ }
+ }
+ if (!match) {
+ throw new SSLException("hostname in certificate didn't match: " + hostnames + " !=" + buf);
+ }
+ }
+
+ public static boolean isIP4Address(final String cn) {
+ boolean isIP4 = true;
+ String tld = cn;
+ int x = cn.lastIndexOf('.');
+ // We only bother analyzing the characters after the final dot
+ // in the name.
+ if (x >= 0 && x + 1 < cn.length()) {
+ tld = cn.substring(x + 1);
+ }
+ for (int i = 0; i < tld.length(); i++) {
+ if (!Character.isDigit(tld.charAt(0))) {
+ isIP4 = false;
+ break;
+ }
+ }
+ return isIP4;
+ }
+
+ public static boolean acceptableCountryWildcard(final String cn) {
+ int cnLen = cn.length();
+ if (cnLen >= 7 && cnLen <= 9) {
+ // Look for the '.' in the 3rd-last position:
+ if (cn.charAt(cnLen - 3) == '.') {
+ // Trim off the [*.] and the [.XX].
+ String s = cn.substring(2, cnLen - 3);
+ // And test against the sorted array of bad 2lds:
+ int x = Arrays.binarySearch(BAD_COUNTRY_2LDS, s);
+ return x < 0;
+ }
+ }
+ return true;
+ }
+
+ public static boolean isLocalhost(String host) {
+ host = host != null ? host.trim().toLowerCase() : "";
+ if (host.startsWith("::1")) {
+ int x = host.lastIndexOf('%');
+ if (x >= 0) {
+ host = host.substring(0, x);
+ }
+ }
+ int x = Arrays.binarySearch(LOCALHOSTS, host);
+ return x >= 0;
+ }
+
+ /**
+ * Counts the number of dots "." in a string.
+ *
+ * @param s string to count dots from
+ * @return number of dots
+ */
+ public static int countDots(final String s) {
+ int count = 0;
+ for (int i = 0; i < s.length(); i++) {
+ if (s.charAt(i) == '.') {
+ count++;
+ }
+ }
+ return count;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HttpSecureProtocol.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HttpSecureProtocol.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HttpSecureProtocol.java
new file mode 100644
index 0000000..5ae3060
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/HttpSecureProtocol.java
@@ -0,0 +1,93 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/HttpSecureProtocol.java $
+ * $Revision: 165 $
+ * $Date: 2014-04-24 16:48:09 -0700 (Thu, 24 Apr 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+
+/**
+ * Hook into HttpClient.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 5-May-2006
+ */
+public class HttpSecureProtocol extends SSLClient
+ implements SecureProtocolSocketFactory {
+
+ public HttpSecureProtocol()
+ throws GeneralSecurityException, IOException {
+ super();
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the
+ * given time limit.
+ * <p/>
+ * To circumvent the limitations of older JREs that do not support connect
+ * timeout a controller thread is executed. The controller thread attempts
+ * to create a new socket within the given limit of time. If socket
+ * constructor does not return until the timeout expires, the controller
+ * terminates and throws an
+ * {@link org.apache.commons.httpclient.ConnectTimeoutException}
+ * </p>
+ *
+ * @param host the host name/IP
+ * @param port the port on the host
+ * @param localAddress the local host name/IP to bind the socket to
+ * @param localPort the port on the local machine
+ * @param params {@link org.apache.commons.httpclient.params.HttpConnectionParams Http connection parameters}
+ * @return Socket a new socket
+ * @throws java.io.IOException if an I/O error occurs while creating the socket
+ * @throws java.net.UnknownHostException if the IP address of the host cannot be
+ * determined
+ */
+ public Socket createSocket(final String host,
+ final int port,
+ final InetAddress localAddress,
+ final int localPort,
+ final HttpConnectionParams params)
+ throws IOException {
+ if (params == null) {
+ throw new IllegalArgumentException("Parameters may not be null");
+ }
+ int timeout = params.getConnectionTimeout();
+ return super.createSocket(host, port, localAddress, localPort, timeout);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java
new file mode 100644
index 0000000..1a2fb47
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13.java
@@ -0,0 +1,303 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java13.java $
+ * $Revision: 155 $
+ * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import com.sun.net.ssl.KeyManager;
+import com.sun.net.ssl.KeyManagerFactory;
+import com.sun.net.ssl.SSLContext;
+import com.sun.net.ssl.TrustManager;
+import com.sun.net.ssl.TrustManagerFactory;
+import com.sun.net.ssl.X509KeyManager;
+import com.sun.net.ssl.X509TrustManager;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Jun-2006
+ */
+public final class Java13 extends JavaImpl {
+ private final static Java13 instance = new Java13();
+
+ private Java13() {
+ try {
+ Class c = Class.forName("javax.crypto.Cipher");
+ Class[] sig = {String.class};
+ String[] args = {"DES/CBC/PKCS5Padding"};
+ Method m = c.getMethod("getInstance", sig);
+ m.invoke(null, (Object[]) args);
+ }
+ catch (Exception e) {
+ try {
+ Class c = Class.forName("com.sun.crypto.provider.SunJCE");
+ Security.addProvider((Provider) c.newInstance());
+ // System.out.println( "jce not loaded: " + e + " - loading SunJCE!" );
+ //e.printStackTrace( System.out );
+ }
+ catch (Exception e2) {
+ System.out.println("com.sun.crypto.provider.SunJCE unavailable: " + e2);
+ // e2.printStackTrace( System.out );
+ }
+ }
+ try {
+ URL u = new URL("https://vancity.com/");
+ u.openConnection();
+ }
+ catch (Exception e) {
+ // System.out.println( "java.net.URL support of https not loaded: " + e + " - attempting to load com.sun.net.ssl.internal.ssl.Provider!" );
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ }
+ // System.out.println( "old HANDLER: " + HANDLER );
+ }
+
+ public static Java13 getInstance() {
+ return instance;
+ }
+
+ public final String getVersion() {
+ return "Java13";
+ }
+
+ protected final String retrieveSubjectX500(X509Certificate cert) {
+ return cert.getSubjectDN().toString();
+ }
+
+ protected final String retrieveIssuerX500(X509Certificate cert) {
+ return cert.getIssuerDN().toString();
+ }
+
+ protected final Certificate[] retrievePeerCerts(SSLSession sslSession)
+ throws SSLPeerUnverifiedException {
+ javax.security.cert.X509Certificate[] chain;
+ chain = sslSession.getPeerCertificateChain();
+ X509Certificate[] newChain = new X509Certificate[chain.length];
+ try {
+ for (int i = 0; i < chain.length; i++) {
+ javax.security.cert.X509Certificate javaxCert = chain[i];
+ byte[] encoded = javaxCert.getEncoded();
+ ByteArrayInputStream in = new ByteArrayInputStream(encoded);
+ synchronized (Certificates.CF) {
+ Certificate c = Certificates.CF.generateCertificate(in);
+ newChain[i] = (X509Certificate) c;
+ }
+ }
+ }
+ catch (Exception e) {
+ throw buildRuntimeException(e);
+ }
+ return newChain;
+ }
+
+ protected final Object buildKeyManagerFactory(KeyStore ks, char[] password)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ UnrecoverableKeyException {
+ String alg = KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(alg);
+ kmf.init(ks, password);
+ return kmf;
+ }
+
+ protected final Object buildTrustManagerFactory(KeyStore ks)
+ throws NoSuchAlgorithmException, KeyStoreException {
+ String alg = TrustManagerFactory.getDefaultAlgorithm();
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(alg);
+ tmf.init(ks);
+ return tmf;
+ }
+
+
+ protected final Object[] retrieveKeyManagers(Object keyManagerFactory) {
+ KeyManagerFactory kmf = (KeyManagerFactory) keyManagerFactory;
+ return kmf.getKeyManagers();
+ }
+
+ protected final Object[] retrieveTrustManagers(Object trustManagerFactory) {
+ TrustManagerFactory tmf = (TrustManagerFactory) trustManagerFactory;
+ return tmf.getTrustManagers();
+ }
+
+ protected final SSLSocketFactory buildSSLSocketFactory(Object ssl) {
+ return ((SSLContext) ssl).getSocketFactory();
+ }
+
+ protected final SSLServerSocketFactory buildSSLServerSocketFactory(Object ssl) {
+ return ((SSLContext) ssl).getServerSocketFactory();
+ }
+
+ protected final RuntimeException buildRuntimeException(Exception cause) {
+ ByteArrayOutputStream byteOut = new ByteArrayOutputStream(512);
+ PrintStream ps = new PrintStream(byteOut);
+ ps.println(cause.toString());
+ cause.printStackTrace(ps);
+ ps.flush();
+ String originalCause = byteOut.toString();
+ return new RuntimeException(originalCause);
+ }
+
+ protected final SSLSocket buildSocket(SSL ssl) {
+ // Not supported in Java 1.3.
+ throw new UnsupportedOperationException();
+ }
+
+ protected final SSLSocket buildSocket(SSL ssl, String remoteHost,
+ int remotePort, InetAddress localHost,
+ int localPort, int connectTimeout)
+ throws IOException {
+ // Connect Timeout ignored for Java 1.3
+ SSLSocketFactory sf = ssl.getSSLSocketFactory();
+ SSLSocket s = (SSLSocket) connectSocket(
+ null, sf, remoteHost, remotePort, localHost, localPort, -1, ssl
+ );
+ ssl.doPreConnectSocketStuff(s);
+ ssl.doPostConnectSocketStuff(s, remoteHost);
+ return s;
+ }
+
+ protected final Socket buildPlainSocket(
+ SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int connectTimeout
+ )
+ throws IOException {
+ // Connect Timeout ignored for Java 1.3
+ SocketFactory sf = SocketFactory.getDefault();
+ Socket s = connectSocket(
+ null, sf, remoteHost, remotePort, localHost, localPort, -1, ssl
+ );
+ ssl.doPreConnectSocketStuff(s);
+ ssl.doPostConnectSocketStuff(s, remoteHost);
+ return s;
+ }
+
+ protected final Socket connectSocket(Socket s, SocketFactory sf,
+ String remoteHost, int remotePort,
+ InetAddress localHost, int localPort,
+ int timeout, SSL ssl)
+ throws IOException {
+
+ remoteHost = ssl.dnsOverride(remoteHost);
+
+ // Connect Timeout ignored for Java 1.3
+ if (s == null) {
+ if (sf == null) {
+ s = new Socket(remoteHost, remotePort, localHost, localPort);
+ } else {
+ s = sf.createSocket(remoteHost, remotePort, localHost, localPort);
+ }
+ }
+ return s;
+ }
+
+
+ protected final SSLServerSocket buildServerSocket(SSL ssl) {
+ // Not supported in Java 1.3.
+ throw new UnsupportedOperationException();
+ }
+
+ protected final void wantClientAuth(Object o, boolean wantClientAuth) {
+ // Not supported in Java 1.3.
+ }
+
+ protected final void enabledProtocols(Object o, String[] enabledProtocols) {
+ // Not supported in Java 1.3.
+ }
+
+ protected void checkTrusted(Object trustManager, X509Certificate[] chain,
+ String authType)
+ throws CertificateException {
+ X509TrustManager tm = (X509TrustManager) trustManager;
+ boolean result = tm.isServerTrusted(chain);
+ if (!result) {
+ throw new CertificateException("commons-ssl java13 mode: certificate chain not trusted");
+ }
+ }
+
+
+ protected final Object initSSL(SSL ssl, TrustChain tc, KeyMaterial k)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ CertificateException, KeyManagementException, IOException {
+ SSLContext context = SSLContext.getInstance(ssl.getDefaultProtocol());
+ TrustManager[] trustManagers = null;
+ KeyManager[] keyManagers = null;
+ if (tc != null) {
+ trustManagers = (TrustManager[]) tc.getTrustManagers();
+ }
+ if (k != null) {
+ keyManagers = (KeyManager[]) k.getKeyManagers();
+ }
+ if (keyManagers != null) {
+ for (int i = 0; i < keyManagers.length; i++) {
+ if (keyManagers[i] instanceof X509KeyManager) {
+ X509KeyManager km = (X509KeyManager) keyManagers[i];
+ keyManagers[i] = new Java13KeyManagerWrapper(km, k, ssl);
+ }
+ }
+ }
+ if (trustManagers != null) {
+ for (int i = 0; i < trustManagers.length; i++) {
+ if (trustManagers[i] instanceof X509TrustManager) {
+ X509TrustManager tm = (X509TrustManager) trustManagers[i];
+ trustManagers[i] = new Java13TrustManagerWrapper(tm, tc, ssl);
+ }
+ }
+ }
+ context.init(keyManagers, trustManagers, null);
+ return context;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java
new file mode 100644
index 0000000..81111b8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java
@@ -0,0 +1,82 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java13KeyManagerWrapper.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import com.sun.net.ssl.X509KeyManager;
+
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Jun-2006
+ */
+public class Java13KeyManagerWrapper implements X509KeyManager {
+
+ private final X509KeyManager keyManager;
+ // private final KeyMaterial keyMaterial; <-- maybe use one day in the
+ // private final SSL ssl; <-- in the future?
+
+ public Java13KeyManagerWrapper(X509KeyManager m, KeyMaterial km, SSL h) {
+ this.keyManager = m;
+ // this.keyMaterial = km; <-- maybe use one day in the
+ // this.ssl = h; <-- in the future?
+ }
+
+ public String chooseClientAlias(String keyType, Principal[] issuers) {
+ return keyManager.chooseClientAlias(keyType, issuers);
+ }
+
+ public String chooseServerAlias(String keyType, Principal[] issuers) {
+ return keyManager.chooseServerAlias(keyType, issuers);
+ }
+
+ public X509Certificate[] getCertificateChain(String alias) {
+ return keyManager.getCertificateChain(alias);
+ }
+
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return keyManager.getClientAliases(keyType, issuers);
+ }
+
+ public PrivateKey getPrivateKey(String alias) {
+ return keyManager.getPrivateKey(alias);
+ }
+
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return keyManager.getServerAliases(keyType, issuers);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java
new file mode 100644
index 0000000..ad86ee9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java
@@ -0,0 +1,103 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java13TrustManagerWrapper.java $
+ * $Revision: 138 $
+ * $Date: 2008-03-03 23:50:07 -0800 (Mon, 03 Mar 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import com.sun.net.ssl.X509TrustManager;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Jun-2006
+ */
+public class Java13TrustManagerWrapper implements X509TrustManager {
+
+ private final X509TrustManager trustManager;
+ private final TrustChain trustChain;
+ private final SSL ssl;
+
+ public Java13TrustManagerWrapper(X509TrustManager m, TrustChain tc, SSL h) {
+ this.trustManager = m;
+ this.trustChain = tc;
+ this.ssl = h;
+ }
+
+ public boolean isClientTrusted(X509Certificate[] chain) {
+ ssl.setCurrentClientChain(chain);
+ boolean firstTest = trustManager.isClientTrusted(chain);
+ return test(firstTest, chain);
+ }
+
+ public boolean isServerTrusted(X509Certificate[] chain) {
+ ssl.setCurrentServerChain(chain);
+ boolean firstTest = trustManager.isServerTrusted(chain);
+ return test(firstTest, chain);
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ if ( trustChain.containsTrustAll()) {
+ // This means we accept all issuers.
+ return new X509Certificate[0];
+ } else {
+ return trustManager.getAcceptedIssuers();
+ }
+ }
+
+ private boolean test(boolean firstTest, X509Certificate[] chain) {
+ // Even if the first test failed, we might still be okay as long as
+ // this SSLServer or SSLClient is setup to trust all certificates.
+ if (!firstTest) {
+ if (!trustChain.contains(TrustMaterial.TRUST_ALL)) {
+ return false;
+ }
+ }
+ try {
+ for (int i = 0; i < chain.length; i++) {
+ X509Certificate c = chain[i];
+ if (ssl.getCheckExpiry()) {
+ c.checkValidity();
+ }
+ if (ssl.getCheckCRL()) {
+ Certificates.checkCRL(c);
+ }
+ }
+ return true;
+ }
+ catch (CertificateException ce) {
+ return false;
+ }
+ }
+
+}
[14/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-config/src/test/java/org/apache/haox/config/ConfTest.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/test/java/org/apache/haox/config/ConfTest.java b/contrib/haox-config/src/test/java/org/apache/haox/config/ConfTest.java
new file mode 100644
index 0000000..677f1b1
--- /dev/null
+++ b/contrib/haox-config/src/test/java/org/apache/haox/config/ConfTest.java
@@ -0,0 +1,84 @@
+package org.apache.haox.config;
+
+import junit.framework.Assert;
+import org.apache.haox.config.Conf;
+import org.apache.haox.config.ConfigKey;
+import org.junit.Test;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+public class ConfTest {
+
+ @Test
+ public void testMapConfig() {
+ String strProp = "hello";
+ Integer intProp = 123456;
+ Boolean boolProp = true;
+ Map<String, String> mapConfig = new HashMap<String, String>();
+ mapConfig.put("strProp", strProp);
+ mapConfig.put("intProp", String.valueOf(intProp));
+ mapConfig.put("boolProp", String.valueOf(boolProp));
+
+ Conf conf = new Conf();
+ conf.addMapConfig(mapConfig);
+ Assert.assertEquals(conf.getString("strProp"), strProp);
+ Assert.assertEquals(conf.getInt("intProp"), intProp);
+ Assert.assertEquals(conf.getBoolean("boolProp"), boolProp);
+ }
+
+ @Test
+ public void testPropertiesConfig() {
+ String strProp = "hello";
+ Integer intProp = 123456;
+ Boolean boolProp = true;
+ Properties properties = new Properties();
+ properties.setProperty("strProp", strProp);
+ properties.setProperty("intProp", String.valueOf(intProp));
+ properties.setProperty("boolProp", String.valueOf(boolProp));
+
+ Conf conf = new Conf();
+ conf.addPropertiesConfig(properties);
+ Assert.assertEquals(conf.getString("strProp"), strProp);
+ Assert.assertEquals(conf.getInt("intProp"), intProp);
+ Assert.assertEquals(conf.getBoolean("boolProp"), boolProp);
+ }
+
+ static enum TestConfKey implements ConfigKey {
+ ADDRESS("127.0.0.1"),
+ PORT(8015),
+ ENABLE(false);
+
+ private Object defaultValue;
+ private TestConfKey(Object defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ @Override
+ public String getPropertyKey() {
+ return name().toLowerCase();
+ }
+
+ @Override
+ public Object getDefaultValue() {
+ return this.defaultValue;
+ }
+ }
+
+ @Test
+ public void testConfKey() {
+ Conf conf = new Conf();
+ Assert.assertEquals(conf.getString(TestConfKey.ADDRESS),
+ TestConfKey.ADDRESS.getDefaultValue());
+ Map<String, String> mapConfig = new HashMap<String, String>();
+ String myAddress = "www.google.com";
+ mapConfig.put(TestConfKey.ADDRESS.getPropertyKey(), myAddress);
+ conf.addMapConfig(mapConfig);
+ Assert.assertEquals(conf.getString(TestConfKey.ADDRESS), myAddress);
+ Assert.assertEquals(conf.getInt(TestConfKey.PORT),
+ TestConfKey.PORT.getDefaultValue());
+ Assert.assertEquals(conf.getBoolean(TestConfKey.ENABLE),
+ TestConfKey.ENABLE.getDefaultValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/README
----------------------------------------------------------------------
diff --git a/contrib/haox-event/README b/contrib/haox-event/README
new file mode 100644
index 0000000..cb3b88a
--- /dev/null
+++ b/contrib/haox-event/README
@@ -0,0 +1 @@
+An event driven application framework with mixed (TCP, UDP) x (connector, acceptor) supported.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/pom.xml
----------------------------------------------------------------------
diff --git a/contrib/haox-event/pom.xml b/contrib/haox-event/pom.xml
new file mode 100644
index 0000000..528b799
--- /dev/null
+++ b/contrib/haox-event/pom.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <artifactId>contrib</artifactId>
+ <groupId>org.haox</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>haox-event</artifactId>
+
+ <name>Haox Event</name>
+ <description>Haox Event and Transport facilities for both client and server</description>
+
+ <dependencies>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractEventHandler.java
new file mode 100644
index 0000000..95c4549
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractEventHandler.java
@@ -0,0 +1,36 @@
+package org.apache.haox.event;
+
+public abstract class AbstractEventHandler implements EventHandler {
+
+ private Dispatcher dispatcher;
+
+ public AbstractEventHandler() {
+
+ }
+
+ protected void dispatch(Event event) {
+ dispatcher.dispatch(event);
+ }
+
+ @Override
+ public Dispatcher getDispatcher() {
+ return dispatcher;
+ }
+
+ @Override
+ public void setDispatcher(Dispatcher dispatcher) {
+ this.dispatcher = dispatcher;
+ }
+
+ @Override
+ public void handle(Event event) {
+ try {
+ doHandle(event);
+ } catch (Exception e) {
+ throw new RuntimeException(event.toString(), e);
+ }
+ }
+
+ protected abstract void doHandle(Event event) throws Exception;
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractInternalEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractInternalEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractInternalEventHandler.java
new file mode 100644
index 0000000..8ecfaaf
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/AbstractInternalEventHandler.java
@@ -0,0 +1,47 @@
+package org.apache.haox.event;
+
+import java.util.concurrent.atomic.AtomicInteger;
+
+public abstract class AbstractInternalEventHandler extends AbstractEventHandler
+ implements InternalEventHandler {
+
+ private int id = -1;
+ protected EventHandler handler;
+
+ private static AtomicInteger idGen = new AtomicInteger(1);
+
+ public AbstractInternalEventHandler() {
+ super();
+
+ this.id = idGen.getAndIncrement();
+
+ init();
+ }
+
+ public AbstractInternalEventHandler(EventHandler handler) {
+ this();
+
+ this.handler = handler;
+ }
+
+ protected void setEventHandler(EventHandler handler) {
+ this.handler = handler;
+ }
+
+ @Override
+ public int id() {
+ return id;
+ }
+
+ public abstract void init();
+
+ protected void process(Event event) {
+ handler.handle(event);
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return handler.getInterestedEvents();
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/BufferedEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/BufferedEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/BufferedEventHandler.java
new file mode 100644
index 0000000..3b31e8c
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/BufferedEventHandler.java
@@ -0,0 +1,34 @@
+package org.apache.haox.event;
+
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+
+/**
+ * An EventHandler wrapper buffering events and processing them later
+ */
+public abstract class BufferedEventHandler extends AbstractInternalEventHandler {
+
+ protected BlockingQueue<Event> eventQueue;
+
+ public BufferedEventHandler(EventHandler handler) {
+ super(handler);
+ }
+
+ public BufferedEventHandler() {
+ super();
+ }
+
+ @Override
+ public void init() {
+ this.eventQueue = new ArrayBlockingQueue<Event>(2);
+ }
+
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ try {
+ eventQueue.put(event);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/Dispatcher.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/Dispatcher.java b/contrib/haox-event/src/main/java/org/apache/haox/event/Dispatcher.java
new file mode 100644
index 0000000..14ccdfd
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/Dispatcher.java
@@ -0,0 +1,10 @@
+package org.apache.haox.event;
+
+public interface Dispatcher {
+
+ public void dispatch(Event event);
+
+ public void register(EventHandler handler);
+
+ public void register(InternalEventHandler internalHandler);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/Event.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/Event.java b/contrib/haox-event/src/main/java/org/apache/haox/event/Event.java
new file mode 100644
index 0000000..83c6d7a
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/Event.java
@@ -0,0 +1,24 @@
+package org.apache.haox.event;
+
+public class Event {
+
+ private EventType eventType;
+ private Object eventData;
+
+ public Event(EventType eventType) {
+ this.eventType = eventType;
+ }
+
+ public Event(EventType eventType, Object eventData) {
+ this.eventType = eventType;
+ this.eventData = eventData;
+ }
+
+ public EventType getEventType() {
+ return eventType;
+ }
+
+ public Object getEventData() {
+ return eventData;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/EventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/EventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/EventHandler.java
new file mode 100644
index 0000000..6c31dd0
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/EventHandler.java
@@ -0,0 +1,12 @@
+package org.apache.haox.event;
+
+public interface EventHandler {
+
+ public void handle(Event event);
+
+ public EventType[] getInterestedEvents();
+
+ public Dispatcher getDispatcher();
+
+ public void setDispatcher(Dispatcher dispatcher);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/EventHub.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/EventHub.java b/contrib/haox-event/src/main/java/org/apache/haox/event/EventHub.java
new file mode 100644
index 0000000..08172bc
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/EventHub.java
@@ -0,0 +1,173 @@
+package org.apache.haox.event;
+
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+public class EventHub implements Dispatcher {
+
+ private enum BuiltInEventType implements EventType {
+ STOP,
+ ALL
+ }
+
+ private boolean started = false;
+
+ private Map<Integer, InternalEventHandler> handlers =
+ new ConcurrentHashMap<Integer, InternalEventHandler>();
+
+ private Map<EventType, Set<Integer>> eventHandlersMap =
+ new ConcurrentHashMap<EventType, Set<Integer>>();
+
+ private InternalEventHandler builtInHandler;
+
+ class BuiltInEventHandler extends AbstractEventHandler {
+ public BuiltInEventHandler() {
+ super();
+ }
+
+ @Override
+ protected void doHandle(Event event) {
+
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return BuiltInEventType.values();
+ }
+ }
+
+ public EventHub() {
+ init();
+ }
+
+ private void init() {
+ EventHandler eh = new BuiltInEventHandler();
+ builtInHandler = new ExecutedEventHandler(eh);
+ register(builtInHandler);
+ }
+
+ @Override
+ public void dispatch(Event event) {
+ process(event);
+ }
+
+ @Override
+ public void register(EventHandler handler) {
+ handler.setDispatcher(this);
+ InternalEventHandler ieh = new ExecutedEventHandler(handler);
+ register(ieh);
+ }
+
+ @Override
+ public void register(InternalEventHandler handler) {
+ handler.setDispatcher(this);
+ handler.init();
+ handlers.put(handler.id(), handler);
+
+ if (started) {
+ handler.start();
+ }
+
+ EventType[] interestedEvents = handler.getInterestedEvents();
+ Set<Integer> tmpHandlers;
+ for (EventType eventType : interestedEvents) {
+ if (eventHandlersMap.containsKey(eventType)) {
+ tmpHandlers = eventHandlersMap.get(eventType);
+ } else {
+ tmpHandlers = new HashSet<Integer>();
+ eventHandlersMap.put(eventType, tmpHandlers);
+ }
+ tmpHandlers.add(handler.id());
+ }
+ }
+
+ public EventWaiter waitEvent(final EventType event) {
+ return waitEvent(new EventType[] { event } );
+ }
+
+ public EventWaiter waitEvent(final EventType... events) {
+ EventHandler handler = new AbstractEventHandler() {
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ // no op;
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return events;
+ }
+ };
+
+ handler.setDispatcher(this);
+ final WaitEventHandler waitEventHandler = new WaitEventHandler(handler);
+ register(waitEventHandler);
+ EventWaiter waiter = new EventWaiter() {
+ @Override
+ public Event waitEvent(EventType event) {
+ return waitEventHandler.waitEvent(event);
+ }
+
+ @Override
+ public Event waitEvent() {
+ return waitEventHandler.waitEvent();
+ }
+
+ @Override
+ public Event waitEvent(EventType event, long timeout,
+ TimeUnit timeUnit) throws TimeoutException {
+ return waitEventHandler.waitEvent(event, timeout, timeUnit);
+ }
+
+ @Override
+ public Event waitEvent(long timeout, TimeUnit timeUnit) throws TimeoutException {
+ return waitEventHandler.waitEvent(timeout, timeUnit);
+ }
+ };
+
+ return waiter;
+ }
+
+ private void process(Event event) {
+ EventType eventType = event.getEventType();
+ InternalEventHandler handler;
+ Set<Integer> handlerIds;
+
+ if (eventHandlersMap.containsKey(eventType)) {
+ handlerIds = eventHandlersMap.get(eventType);
+ for (Integer hid : handlerIds) {
+ handler = handlers.get(hid);
+ handler.handle(event);
+ }
+ }
+
+ if (eventHandlersMap.containsKey(BuiltInEventType.ALL)) {
+ handlerIds = eventHandlersMap.get(BuiltInEventType.ALL);
+ for (Integer hid : handlerIds) {
+ handler = handlers.get(hid);
+ handler.handle(event);
+ }
+ }
+ }
+
+ public void start() {
+ if (!started) {
+ for (InternalEventHandler handler : handlers.values()) {
+ handler.start();
+ }
+ started = true;
+ }
+ }
+
+ public void stop() {
+ if (started) {
+ for (InternalEventHandler handler : handlers.values()) {
+ handler.stop();
+ }
+ started = false;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/EventType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/EventType.java b/contrib/haox-event/src/main/java/org/apache/haox/event/EventType.java
new file mode 100644
index 0000000..2ab4f02
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/EventType.java
@@ -0,0 +1,5 @@
+package org.apache.haox.event;
+
+public interface EventType {
+ // no op
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/EventWaiter.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/EventWaiter.java b/contrib/haox-event/src/main/java/org/apache/haox/event/EventWaiter.java
new file mode 100644
index 0000000..5a0fd53
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/EventWaiter.java
@@ -0,0 +1,16 @@
+package org.apache.haox.event;
+
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+public interface EventWaiter {
+
+ public abstract Event waitEvent(EventType event);
+
+ public abstract Event waitEvent();
+
+ public abstract Event waitEvent(EventType event, long timeout, TimeUnit timeUnit) throws TimeoutException;
+
+ public abstract Event waitEvent(long timeout, TimeUnit timeUnit) throws TimeoutException;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/ExecutedEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/ExecutedEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/ExecutedEventHandler.java
new file mode 100644
index 0000000..ae7d7fd
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/ExecutedEventHandler.java
@@ -0,0 +1,53 @@
+package org.apache.haox.event;
+
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * An EventHandler wrapper processing events using an ExecutorService
+ */
+public class ExecutedEventHandler extends AbstractInternalEventHandler {
+
+ private ExecutorService executorService;
+
+ public ExecutedEventHandler(EventHandler handler) {
+ super(handler);
+ }
+
+ @Override
+ protected void doHandle(final Event event) throws Exception {
+ executorService.execute(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ process(event);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ });
+ }
+
+ @Override
+ public void start() {
+ executorService = Executors.newFixedThreadPool(2);
+ }
+
+ @Override
+ public void stop() {
+ if (executorService.isShutdown()) {
+ return;
+ }
+ executorService.shutdownNow();
+ }
+
+ @Override
+ public boolean isStopped() {
+ return executorService.isShutdown();
+ }
+
+ @Override
+ public void init() {
+
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/InternalEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/InternalEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/InternalEventHandler.java
new file mode 100644
index 0000000..8137427
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/InternalEventHandler.java
@@ -0,0 +1,15 @@
+package org.apache.haox.event;
+
+public interface InternalEventHandler extends EventHandler {
+
+ public int id();
+
+ public void init();
+
+ public void start();
+
+ public void stop();
+
+ public boolean isStopped();
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/LongRunningEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/LongRunningEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/LongRunningEventHandler.java
new file mode 100644
index 0000000..a8d5726
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/LongRunningEventHandler.java
@@ -0,0 +1,58 @@
+package org.apache.haox.event;
+
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public abstract class LongRunningEventHandler extends BufferedEventHandler {
+
+ private ExecutorService executorService;
+
+ public LongRunningEventHandler(EventHandler handler) {
+ super(handler);
+ }
+
+ public LongRunningEventHandler() {
+ super();
+ }
+
+ protected abstract void loopOnce();
+
+ @Override
+ public void start() {
+ executorService = Executors.newFixedThreadPool(1);
+ executorService.execute(new Runnable() {
+ @Override
+ public void run() {
+ while (true) {
+
+ processEvents();
+
+ loopOnce();
+ }
+ }
+ });
+ }
+
+ @Override
+ public void stop() {
+ if (executorService.isShutdown()) {
+ return;
+ }
+ executorService.shutdownNow();
+ }
+
+ @Override
+ public boolean isStopped() {
+ return executorService.isShutdown();
+ }
+
+ protected void processEvents() {
+ while (! eventQueue.isEmpty()) {
+ try {
+ process(eventQueue.take());
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/event/WaitEventHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/event/WaitEventHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/event/WaitEventHandler.java
new file mode 100644
index 0000000..75d76a9
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/event/WaitEventHandler.java
@@ -0,0 +1,109 @@
+package org.apache.haox.event;
+
+import java.util.concurrent.*;
+
+public class WaitEventHandler extends BufferedEventHandler {
+
+ private ExecutorService executorService;
+
+ public WaitEventHandler(EventHandler handler) {
+ super(handler);
+ }
+
+ public Event waitEvent() {
+ return waitEvent(null);
+ }
+
+ public Event waitEvent(final EventType eventType) {
+ Future<Event> future = doWaitEvent(eventType);
+
+ try {
+ return future.get();
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ } catch (ExecutionException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public Event waitEvent(final EventType eventType,
+ long timeout, TimeUnit timeUnit) throws TimeoutException {
+ Future<Event> future = doWaitEvent(eventType);
+
+ try {
+ return future.get(timeout, timeUnit);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ } catch (ExecutionException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public Event waitEvent(long timeout, TimeUnit timeUnit) throws TimeoutException {
+ Future<Event> future = doWaitEvent(null);
+
+ try {
+ return future.get(timeout, timeUnit);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ } catch (ExecutionException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private Future<Event> doWaitEvent(final EventType eventType) {
+ Future<Event> future = executorService.submit(new Callable<Event>() {
+ @Override
+ public Event call() throws Exception {
+ if (eventType != null) {
+ return checkEvent(eventType);
+ } else {
+ return checkEvent();
+ }
+ }
+ });
+
+ return future;
+ }
+
+ private Event checkEvent() throws Exception {
+ return eventQueue.take();
+ }
+
+ private Event checkEvent(EventType eventType) throws Exception {
+ Event event = null;
+
+ while (true) {
+ if (eventQueue.size() == 1) {
+ if (eventQueue.peek().getEventType() == eventType) {
+ return eventQueue.take();
+ }
+ } else {
+ event = eventQueue.take();
+ if (event.getEventType() == eventType) {
+ return event;
+ } else {
+ eventQueue.put(event); // put back since not wanted
+ }
+ }
+ }
+ }
+
+ @Override
+ public void start() {
+ executorService = Executors.newFixedThreadPool(2);
+ }
+
+ @Override
+ public void stop() {
+ if (executorService.isShutdown()) {
+ return;
+ }
+ executorService.shutdown();
+ }
+
+ @Override
+ public boolean isStopped() {
+ return executorService.isShutdown();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/Acceptor.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/Acceptor.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/Acceptor.java
new file mode 100644
index 0000000..0888b18
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/Acceptor.java
@@ -0,0 +1,17 @@
+package org.apache.haox.transport;
+
+import java.net.InetSocketAddress;
+
+public abstract class Acceptor extends TransportSelector {
+
+ public Acceptor(TransportHandler transportHandler) {
+ super(transportHandler);
+ }
+
+ public void listen(String address, short listenPort) {
+ InetSocketAddress socketAddress = new InetSocketAddress(address, listenPort);
+ doListen(socketAddress);
+ }
+
+ protected abstract void doListen(InetSocketAddress socketAddress);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/BytesUtil.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/BytesUtil.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/BytesUtil.java
new file mode 100644
index 0000000..c3a3e99
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/BytesUtil.java
@@ -0,0 +1,144 @@
+package org.apache.haox.transport;
+
+public class BytesUtil {
+
+ public static short bytes2short(byte[] bytes, int offset, boolean bigEndian) {
+ short val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 8;
+ val += (bytes[offset + 1] & 0xff);
+ } else {
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static short bytes2short(byte[] bytes, boolean bigEndian) {
+ return bytes2short(bytes, 0, bigEndian);
+ }
+
+ public static byte[] short2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[2];
+
+ short2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void short2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 1] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val ) & 0xff);
+ }
+ }
+
+ public static int bytes2int(byte[] bytes, boolean bigEndian) {
+ return bytes2int(bytes, 0, bigEndian);
+ }
+
+ public static int bytes2int(byte[] bytes, int offset, boolean bigEndian) {
+ int val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 24;
+ val += (bytes[offset + 1] & 0xff) << 16;
+ val += (bytes[offset + 2] & 0xff) << 8;
+ val += (bytes[offset + 3] & 0xff);
+ } else {
+ val += (bytes[offset + 3] & 0xff) << 24;
+ val += (bytes[offset + 2] & 0xff) << 16;
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static byte[] int2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[4];
+
+ int2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void int2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 3] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 3] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val) & 0xff);
+ }
+ }
+
+ public static byte[] long2bytes(long val, boolean bigEndian) {
+ byte[] bytes = new byte[8];
+ long2bytes(val, bytes, 0, bigEndian);
+ return bytes;
+ }
+
+ public static void long2bytes(long val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> ((7 - i) * 8)) & 0xffL);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> (i * 8)) & 0xffL);
+ }
+ }
+ }
+
+ public static long bytes2long(byte[] bytes, boolean bigEndian) {
+ return bytes2long(bytes, 0, bigEndian);
+ }
+
+ public static long bytes2long(byte[] bytes, int offset, boolean bigEndian) {
+ long val = 0;
+
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << ((7 - i) * 8);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << (i * 8);
+ }
+ }
+
+ return val;
+ }
+
+ public static byte[] padding(byte[] data, int block) {
+ int len = data.length;
+ int paddingLen = len % block != 0 ? 8 - len % block : 0;
+ if (paddingLen == 0) {
+ return data;
+ }
+
+ byte[] result = new byte[len + + paddingLen];
+ System.arraycopy(data, 0, result, 0, len);
+ return result;
+ }
+
+ public static byte[] duplicate(byte[] bytes) {
+ return duplicate(bytes, 0, bytes.length);
+ }
+
+ public static byte[] duplicate(byte[] bytes, int offset, int len) {
+ byte[] dup = new byte[len];
+ System.arraycopy(bytes, offset, dup, 0, len);
+ return dup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/Connector.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/Connector.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/Connector.java
new file mode 100644
index 0000000..4ba18ae
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/Connector.java
@@ -0,0 +1,17 @@
+package org.apache.haox.transport;
+
+import java.net.InetSocketAddress;
+
+public abstract class Connector extends TransportSelector {
+
+ public Connector(TransportHandler transportHandler) {
+ super(transportHandler);
+ }
+
+ public void connect(String serverAddress, short serverPort) {
+ InetSocketAddress sa = new InetSocketAddress(serverAddress, serverPort);
+ doConnect(sa);
+ }
+
+ protected abstract void doConnect(InetSocketAddress sa);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/MessageHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/MessageHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/MessageHandler.java
new file mode 100644
index 0000000..1f61ca5
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/MessageHandler.java
@@ -0,0 +1,23 @@
+package org.apache.haox.transport;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.event.TransportEventType;
+
+public abstract class MessageHandler extends AbstractEventHandler {
+
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ handleMessage((MessageEvent) event);
+ }
+
+ protected abstract void handleMessage(MessageEvent event) throws Exception;
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] { TransportEventType.INBOUND_MESSAGE };
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/Network.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/Network.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/Network.java
new file mode 100644
index 0000000..017f661
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/Network.java
@@ -0,0 +1,278 @@
+package org.apache.haox.transport;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.event.LongRunningEventHandler;
+import org.apache.haox.transport.event.AddressEvent;
+import org.apache.haox.transport.event.TransportEvent;
+import org.apache.haox.transport.tcp.*;
+import org.apache.haox.transport.udp.UdpAddressEvent;
+import org.apache.haox.transport.udp.UdpEventType;
+import org.apache.haox.transport.udp.UdpTransport;
+import org.apache.haox.transport.udp.UdpTransportHandler;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.nio.channels.*;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * A combined and mixed network facility handling UDP and TCP in both connect and accept sides
+ */
+public class Network extends LongRunningEventHandler {
+
+ private Selector selector;
+ private StreamingDecoder streamingDecoder;
+ private UdpTransportHandler udpTransportHandler;
+ private TcpTransportHandler tcpTransportHandler;
+
+ class MyEventHandler extends AbstractEventHandler {
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ if (event.getEventType() == UdpEventType.ADDRESS_CONNECT) {
+ doUdpConnect((AddressEvent) event);
+ } else if (event.getEventType() == UdpEventType.ADDRESS_BIND) {
+ doUdpBind((AddressEvent) event);
+ } else if (event.getEventType() == TcpEventType.ADDRESS_CONNECT) {
+ doTcpConnect((AddressEvent) event);
+ } else if (event.getEventType() == TcpEventType.ADDRESS_BIND) {
+ doTcpBind((AddressEvent) event);
+ }
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[]{
+ UdpEventType.ADDRESS_CONNECT,
+ UdpEventType.ADDRESS_BIND,
+ TcpEventType.ADDRESS_CONNECT,
+ TcpEventType.ADDRESS_BIND
+ };
+ }
+ }
+
+ public Network() {
+ setEventHandler(new MyEventHandler());
+ }
+
+ @Override
+ public void init() {
+ super.init();
+
+ try {
+ selector = Selector.open();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * TCP transport only, for decoding tcp streaming into messages
+ * @param streamingDecoder
+ */
+ public void setStreamingDecoder(StreamingDecoder streamingDecoder) {
+ this.streamingDecoder = streamingDecoder;
+ }
+
+ /**
+ * TCP only. Connect on the given server address. Can be called multiple times
+ * for multiple servers
+ * @param serverAddress
+ * @param serverPort
+ */
+ public void tcpConnect(String serverAddress, short serverPort) {
+ InetSocketAddress sa = new InetSocketAddress(serverAddress, serverPort);
+ checkTcpTransportHandler();
+ doTcpConnect(sa);
+ }
+
+ /**
+ * UDP only. Connect on the given server address. Can be called multiple times
+ * for multiple servers
+ * @param serverAddress
+ * @param serverPort
+ */
+ public void udpConnect(String serverAddress, short serverPort) {
+ InetSocketAddress sa = new InetSocketAddress(serverAddress, serverPort);
+ checkUdpTransportHandler();
+ doUdpConnect(sa);
+ }
+
+ /**
+ * TCP only. Listen and accept connections on the address. Can be called multiple
+ * times for multiple server addresses.
+ * @param serverAddress
+ * @param serverPort
+ */
+ public void tcpListen(String serverAddress, short serverPort) {
+ InetSocketAddress sa = new InetSocketAddress(serverAddress, serverPort);
+ checkTcpTransportHandler();
+ doTcpListen(sa);
+ }
+
+ /**
+ * UDP only. Listen and accept connections on the address. Can be called multiple
+ * times for multiple server addresses.
+ * @param serverAddress
+ * @param serverPort
+ */
+ public void udpListen(String serverAddress, short serverPort) {
+ InetSocketAddress sa = new InetSocketAddress(serverAddress, serverPort);
+ checkUdpTransportHandler();
+ doUdpListen(sa);
+ }
+
+ @Override
+ protected void loopOnce() {
+ try {
+ selectOnce();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ protected void selectOnce() throws IOException {
+ if (selector.isOpen() && selector.select(2) > 0 && selector.isOpen()) {
+ Set<SelectionKey> selectionKeys = selector.selectedKeys();
+ Iterator<SelectionKey> iterator = selectionKeys.iterator();
+ while (iterator.hasNext()) {
+ SelectionKey selectionKey = iterator.next();
+ dealKey(selectionKey);
+ iterator.remove();
+ }
+ selectionKeys.clear();
+ }
+ }
+
+ private void checkTcpTransportHandler() {
+ if (tcpTransportHandler == null) {
+ if (streamingDecoder == null) {
+ throw new IllegalArgumentException("No streaming decoder set yet");
+ }
+ tcpTransportHandler = new TcpTransportHandler(streamingDecoder);
+ getDispatcher().register(tcpTransportHandler);
+ }
+ }
+
+ private void checkUdpTransportHandler() {
+ if (udpTransportHandler == null) {
+ udpTransportHandler = new UdpTransportHandler();
+ getDispatcher().register(udpTransportHandler);
+ }
+ }
+
+ private void dealKey(SelectionKey selectionKey) throws IOException {
+ if (selectionKey.isConnectable()) {
+ doTcpConnect(selectionKey);
+ } else if (selectionKey.isAcceptable()) {
+ doTcpAccept(selectionKey);
+ } else {
+ helpHandleSelectionKey(selectionKey);
+ }
+ }
+
+ private void helpHandleSelectionKey(SelectionKey selectionKey) throws IOException {
+ SelectableChannel channel = selectionKey.channel();
+ if (channel instanceof DatagramChannel) {
+ udpTransportHandler.helpHandleSelectionKey(selectionKey);
+ } else {
+ tcpTransportHandler.helpHandleSelectionKey(selectionKey);
+ }
+ }
+
+ private void doUdpConnect(InetSocketAddress sa) {
+ AddressEvent event = UdpAddressEvent.createAddressConnectEvent(sa);
+ dispatch(event);
+ }
+
+ private void doUdpConnect(AddressEvent event) throws IOException {
+ InetSocketAddress address = event.getAddress();
+ DatagramChannel channel = DatagramChannel.open();
+ channel.configureBlocking(false);
+ channel.connect(address);
+
+ channel.register(selector, SelectionKey.OP_READ | SelectionKey.OP_WRITE);
+
+ UdpTransport transport = new UdpTransport(channel, address);
+ onNewTransport(transport);
+ }
+
+ protected void doUdpListen(InetSocketAddress socketAddress) {
+ AddressEvent event = UdpAddressEvent.createAddressBindEvent(socketAddress);
+ dispatch(event);
+ }
+
+ private void doUdpBind(AddressEvent event) throws IOException {
+ DatagramChannel serverChannel = DatagramChannel.open();
+ serverChannel.configureBlocking(false);
+ serverChannel.bind(event.getAddress());
+ serverChannel.register(selector, SelectionKey.OP_READ);
+ }
+
+ protected void doTcpConnect(InetSocketAddress sa) {
+ AddressEvent event = TcpAddressEvent.createAddressConnectEvent(sa);
+ dispatch(event);
+ }
+
+ private void doTcpConnect(AddressEvent event) throws IOException {
+ SocketChannel channel = SocketChannel.open();
+ channel.configureBlocking(false);
+ channel.connect(event.getAddress());
+ channel.register(selector,
+ SelectionKey.OP_CONNECT | SelectionKey.OP_READ | SelectionKey.OP_WRITE);
+ }
+
+ private void doTcpConnect(SelectionKey key) throws IOException {
+ SocketChannel channel = (SocketChannel) key.channel();
+ if (channel.isConnectionPending()) {
+ channel.finishConnect();
+ }
+
+ Transport transport = new TcpTransport(channel, tcpTransportHandler.getStreamingDecoder());
+ channel.register(selector, SelectionKey.OP_READ | SelectionKey.OP_WRITE, transport);
+ onNewTransport(transport);
+ }
+
+ protected void doTcpListen(InetSocketAddress socketAddress) {
+ AddressEvent event = TcpAddressEvent.createAddressBindEvent(socketAddress);
+ dispatch(event);
+ }
+
+ void doTcpAccept(SelectionKey key) throws IOException {
+ ServerSocketChannel server = (ServerSocketChannel) key.channel();
+ SocketChannel channel;
+ while ((channel = server.accept()) != null) {
+ // Quick fix: avoid exception during exiting
+ if (! selector.isOpen()) {
+ channel.close();
+ break;
+ };
+
+ channel.configureBlocking(false);
+ channel.socket().setTcpNoDelay(true);
+ channel.socket().setKeepAlive(true);
+
+ Transport transport = new TcpTransport(channel,
+ tcpTransportHandler.getStreamingDecoder());
+ channel.register(selector,
+ SelectionKey.OP_READ | SelectionKey.OP_WRITE, transport);
+ onNewTransport(transport);
+ }
+ }
+
+ protected void doTcpBind(AddressEvent event) throws IOException {
+ ServerSocketChannel serverSocketChannel = ServerSocketChannel.open();
+ serverSocketChannel.configureBlocking(false);
+ ServerSocket serverSocket = serverSocketChannel.socket();
+ serverSocket.bind(event.getAddress());
+ serverSocketChannel.register(selector, SelectionKey.OP_ACCEPT, serverSocketChannel);
+ }
+
+ private void onNewTransport(Transport transport) {
+ transport.setDispatcher(getDispatcher());
+ dispatch(TransportEvent.createNewTransportEvent(transport));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/Transport.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/Transport.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/Transport.java
new file mode 100644
index 0000000..e32c8e9
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/Transport.java
@@ -0,0 +1,65 @@
+package org.apache.haox.transport;
+
+import org.apache.haox.event.Dispatcher;
+import org.apache.haox.transport.buffer.TransBuffer;
+import org.apache.haox.transport.event.TransportEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+
+public abstract class Transport {
+ private InetSocketAddress remoteAddress;
+ protected Dispatcher dispatcher;
+ private Object attachment;
+
+ protected TransBuffer sendBuffer;
+
+ private int readableCount = 0;
+ private int writableCount = 0;
+
+ public Transport(InetSocketAddress remoteAddress) {
+ this.remoteAddress = remoteAddress;
+ this.sendBuffer = new TransBuffer();
+ }
+
+ public void setDispatcher(Dispatcher dispatcher) {
+ this.dispatcher = dispatcher;
+ }
+
+ public InetSocketAddress getRemoteAddress() {
+ return remoteAddress;
+ }
+
+ public void sendMessage(ByteBuffer message) {
+ if (message != null) {
+ sendBuffer.write(message);
+ dispatcher.dispatch(TransportEvent.createWritableTransportEvent(this));
+ }
+ }
+
+ public void onWriteable() throws IOException {
+ this.writableCount ++;
+
+ if (! sendBuffer.isEmpty()) {
+ ByteBuffer message = sendBuffer.read();
+ if (message != null) {
+ sendOutMessage(message);
+ }
+ }
+ }
+
+ public void onReadable() throws IOException {
+ this.readableCount++;
+ }
+
+ protected abstract void sendOutMessage(ByteBuffer message) throws IOException;
+
+ public void setAttachment(Object attachment) {
+ this.attachment = attachment;
+ }
+
+ public Object getAttachment() {
+ return attachment;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportHandler.java
new file mode 100644
index 0000000..957360b
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportHandler.java
@@ -0,0 +1,15 @@
+package org.apache.haox.transport;
+
+import org.apache.haox.event.AbstractEventHandler;
+
+import java.io.IOException;
+import java.nio.channels.SelectionKey;
+
+/**
+ * Handling readable and writable events
+ */
+public abstract class TransportHandler extends AbstractEventHandler {
+
+ public abstract void helpHandleSelectionKey(SelectionKey selectionKey) throws IOException;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportSelector.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportSelector.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportSelector.java
new file mode 100644
index 0000000..dbf1678
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/TransportSelector.java
@@ -0,0 +1,81 @@
+package org.apache.haox.transport;
+
+import org.apache.haox.event.Dispatcher;
+import org.apache.haox.event.LongRunningEventHandler;
+import org.apache.haox.transport.event.TransportEvent;
+
+import java.io.IOException;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.util.Iterator;
+import java.util.Set;
+
+public abstract class TransportSelector extends LongRunningEventHandler {
+
+ protected Selector selector;
+ protected TransportHandler transportHandler;
+
+ public TransportSelector(TransportHandler transportHandler) {
+ super();
+ this.transportHandler = transportHandler;
+ }
+
+ @Override
+ public void setDispatcher(Dispatcher dispatcher) {
+ super.setDispatcher(dispatcher);
+ dispatcher.register(transportHandler);
+ }
+
+ @Override
+ public void init() {
+ super.init();
+
+ try {
+ selector = Selector.open();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ protected void loopOnce() {
+ try {
+ selectOnce();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ protected void selectOnce() throws IOException {
+ if (selector.isOpen() && selector.select(10) > 0 && selector.isOpen()) {
+ Set<SelectionKey> selectionKeys = selector.selectedKeys();
+ Iterator<SelectionKey> iterator = selectionKeys.iterator();
+ while (iterator.hasNext()) {
+ SelectionKey selectionKey = iterator.next();
+ dealKey(selectionKey);
+ iterator.remove();
+ }
+ selectionKeys.clear();
+ }
+ }
+
+ protected void dealKey(SelectionKey selectionKey) throws IOException {
+ transportHandler.helpHandleSelectionKey(selectionKey);
+ }
+
+ protected void onNewTransport(Transport transport) {
+ transport.setDispatcher(getDispatcher());
+ dispatch(TransportEvent.createNewTransportEvent(transport));
+ }
+
+ @Override
+ public void stop() {
+ super.stop();
+
+ try {
+ selector.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferPool.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferPool.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferPool.java
new file mode 100644
index 0000000..b8169c2
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferPool.java
@@ -0,0 +1,14 @@
+package org.apache.haox.transport.buffer;
+
+import java.nio.ByteBuffer;
+
+public class BufferPool {
+
+ public static ByteBuffer allocate(int len) {
+ return ByteBuffer.allocate(len);
+ }
+
+ public static void release(ByteBuffer buffer) {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferUtil.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferUtil.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferUtil.java
new file mode 100644
index 0000000..d9b9279
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/BufferUtil.java
@@ -0,0 +1,23 @@
+package org.apache.haox.transport.buffer;
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+
+public class BufferUtil {
+
+ /**
+ * Read len bytes from src buffer
+ */
+ public static ByteBuffer read(ByteBuffer src, int len) {
+ if (len > src.remaining())
+ throw new BufferOverflowException();
+
+ ByteBuffer result = ByteBuffer.allocate(len);
+ int n = src.remaining();
+ for (int i = 0; i < n; i++) {
+ result.put(src.get());
+ }
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/RecvBuffer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/RecvBuffer.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/RecvBuffer.java
new file mode 100644
index 0000000..e12b9df
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/RecvBuffer.java
@@ -0,0 +1,136 @@
+package org.apache.haox.transport.buffer;
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.util.Iterator;
+import java.util.LinkedList;
+
+public class RecvBuffer {
+
+ private LinkedList<ByteBuffer> bufferQueue;
+
+ public RecvBuffer() {
+ bufferQueue = new LinkedList<ByteBuffer>();
+ }
+
+ public synchronized void write(ByteBuffer buffer) {
+ bufferQueue.addLast(buffer);
+ }
+
+ /**
+ * Put buffer as the first into the buffer queue
+ */
+ public synchronized void writeFirst(ByteBuffer buffer) {
+ bufferQueue.addFirst(buffer);
+ }
+
+ /**
+ * Read and return the first buffer if available
+ */
+ public synchronized ByteBuffer readFirst() {
+ if (! bufferQueue.isEmpty()) {
+ return bufferQueue.removeFirst();
+ }
+ return null;
+ }
+
+ /**
+ * Read most available bytes into the dst buffer
+ */
+ public synchronized ByteBuffer readMostBytes() {
+ int len = remaining();
+ return readBytes(len);
+ }
+
+ /**
+ * Read len bytes into the dst buffer if available
+ */
+ public synchronized ByteBuffer readBytes(int len) {
+ if (remaining() < len) { // no enough data that's available
+ throw new BufferOverflowException();
+ }
+
+ ByteBuffer result = null;
+
+ ByteBuffer takenBuffer;
+ if (bufferQueue.size() == 1) {
+ takenBuffer = bufferQueue.removeFirst();
+
+ if (takenBuffer.remaining() == len) {
+ return takenBuffer;
+ }
+
+ result = BufferPool.allocate(len);
+ for (int i = 0; i < len; i++) {
+ result.put(takenBuffer.get());
+ }
+ // Has left bytes so put it back for future reading
+ if (takenBuffer.remaining() > 0) {
+ bufferQueue.addFirst(takenBuffer);
+ }
+ } else {
+ result = BufferPool.allocate(len);
+
+ Iterator<ByteBuffer> iter = bufferQueue.iterator();
+ int alreadyGot = 0, toGet;
+ while (iter.hasNext()) {
+ takenBuffer = iter.next();
+ iter.remove();
+
+ toGet = takenBuffer.remaining() < len - alreadyGot ?
+ takenBuffer.remaining() : len -alreadyGot;
+ byte[] toGetBytes = new byte[toGet];
+ takenBuffer.get(toGetBytes);
+ result.put(toGetBytes);
+
+ if (takenBuffer.remaining() > 0) {
+ bufferQueue.addFirst(takenBuffer);
+ }
+
+ alreadyGot += toGet;
+ if (alreadyGot == len) {
+ break;
+ }
+ }
+ }
+ result.flip();
+
+ return result;
+ }
+
+ public boolean isEmpty() {
+ return bufferQueue.isEmpty();
+ }
+
+ /**
+ * Return count of remaining and left bytes that's available
+ */
+ public int remaining() {
+ if (bufferQueue.isEmpty()) {
+ return 0;
+ } else if (bufferQueue.size() == 1) {
+ return bufferQueue.getFirst().remaining();
+ }
+
+ int result = 0;
+ Iterator<ByteBuffer> iter = bufferQueue.iterator();
+ while (iter.hasNext()) {
+ result += iter.next().remaining();
+ }
+ return result;
+ }
+
+ public synchronized void clear() {
+ if (bufferQueue.isEmpty()) {
+ return;
+ } else if (bufferQueue.size() == 1) {
+ BufferPool.release(bufferQueue.getFirst());
+ }
+
+ Iterator<ByteBuffer> iter = bufferQueue.iterator();
+ while (iter.hasNext()) {
+ BufferPool.release(iter.next());
+ }
+ bufferQueue.clear();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/TransBuffer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/TransBuffer.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/TransBuffer.java
new file mode 100644
index 0000000..869fe59
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/buffer/TransBuffer.java
@@ -0,0 +1,30 @@
+package org.apache.haox.transport.buffer;
+
+import java.nio.ByteBuffer;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+
+public class TransBuffer {
+
+ private BlockingQueue<ByteBuffer> bufferQueue;
+
+ public TransBuffer() {
+ bufferQueue = new ArrayBlockingQueue<ByteBuffer>(2);
+ }
+
+ public void write(ByteBuffer buffer) {
+ bufferQueue.add(buffer);
+ }
+
+ public void write(byte[] buffer) {
+ write(ByteBuffer.wrap(buffer));
+ }
+
+ public ByteBuffer read() {
+ return bufferQueue.poll();
+ }
+
+ public boolean isEmpty() {
+ return bufferQueue.isEmpty();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/event/AddressEvent.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/event/AddressEvent.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/AddressEvent.java
new file mode 100644
index 0000000..920b603
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/AddressEvent.java
@@ -0,0 +1,20 @@
+package org.apache.haox.transport.event;
+
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+
+import java.net.InetSocketAddress;
+
+public class AddressEvent extends Event {
+
+ private InetSocketAddress address;
+
+ public AddressEvent(InetSocketAddress address, EventType eventType) {
+ super(eventType);
+ this.address = address;
+ }
+
+ public InetSocketAddress getAddress() {
+ return address;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/event/MessageEvent.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/event/MessageEvent.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/MessageEvent.java
new file mode 100644
index 0000000..736e4ba
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/MessageEvent.java
@@ -0,0 +1,22 @@
+package org.apache.haox.transport.event;
+
+import org.apache.haox.transport.Transport;
+
+import java.nio.ByteBuffer;
+
+public class MessageEvent extends TransportEvent {
+
+ private MessageEvent(Transport transport, ByteBuffer message) {
+ super(transport, TransportEventType.INBOUND_MESSAGE, message);
+ }
+
+ public ByteBuffer getMessage() {
+ return (ByteBuffer) getEventData();
+ }
+
+ public static MessageEvent createInboundMessageEvent(
+ Transport transport, ByteBuffer message) {
+ return new MessageEvent(transport, message);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEvent.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEvent.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEvent.java
new file mode 100644
index 0000000..68882fb
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEvent.java
@@ -0,0 +1,37 @@
+package org.apache.haox.transport.event;
+
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Transport;
+
+public class TransportEvent extends Event {
+
+ private Transport transport;
+
+ public TransportEvent(Transport transport, EventType eventType) {
+ super(eventType);
+ this.transport = transport;
+ }
+
+ public TransportEvent(Transport transport, EventType eventType, Object eventData) {
+ super(eventType, eventData);
+ this.transport = transport;
+ }
+
+ public Transport getTransport() {
+ return transport;
+ }
+
+ public static TransportEvent createWritableTransportEvent(Transport transport) {
+ return new TransportEvent(transport, TransportEventType.TRANSPORT_WRITABLE);
+ }
+
+ public static TransportEvent createReadableTransportEvent(Transport transport) {
+ return new TransportEvent(transport, TransportEventType.TRANSPORT_READABLE);
+ }
+
+ public static TransportEvent createNewTransportEvent(Transport transport) {
+ return new TransportEvent(transport, TransportEventType.NEW_TRANSPORT);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEventType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEventType.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEventType.java
new file mode 100644
index 0000000..457bf25
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/event/TransportEventType.java
@@ -0,0 +1,10 @@
+package org.apache.haox.transport.event;
+
+import org.apache.haox.event.EventType;
+
+public enum TransportEventType implements EventType {
+ NEW_TRANSPORT,
+ TRANSPORT_WRITABLE,
+ TRANSPORT_READABLE,
+ INBOUND_MESSAGE
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/DecodingCallback.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/DecodingCallback.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/DecodingCallback.java
new file mode 100644
index 0000000..b656159
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/DecodingCallback.java
@@ -0,0 +1,19 @@
+package org.apache.haox.transport.tcp;
+
+public interface DecodingCallback {
+
+ /**
+ * OK, enough data is ready, a message can be out
+ */
+ public void onMessageComplete(int messageLength);
+
+ /**
+ * Need more data to be available
+ */
+ public void onMoreDataNeeded();
+
+ /**
+ * Need more data to be available, with determined more data length given
+ */
+ public void onMoreDataNeeded(int needDataLength);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/StreamingDecoder.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/StreamingDecoder.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/StreamingDecoder.java
new file mode 100644
index 0000000..2a90b94
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/StreamingDecoder.java
@@ -0,0 +1,7 @@
+package org.apache.haox.transport.tcp;
+
+import java.nio.ByteBuffer;
+
+public interface StreamingDecoder {
+ public void decode(ByteBuffer streamingBuffer, DecodingCallback callback);
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAcceptor.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAcceptor.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAcceptor.java
new file mode 100644
index 0000000..90eee59
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAcceptor.java
@@ -0,0 +1,96 @@
+package org.apache.haox.transport.tcp;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Acceptor;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.AddressEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.ServerSocketChannel;
+import java.nio.channels.SocketChannel;
+
+public class TcpAcceptor extends Acceptor {
+
+ public TcpAcceptor(StreamingDecoder streamingDecoder) {
+ this(new TcpTransportHandler(streamingDecoder));
+ }
+
+ public TcpAcceptor(TcpTransportHandler transportHandler) {
+ super(transportHandler);
+
+ setEventHandler(new AbstractEventHandler() {
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ if (event.getEventType() == TcpEventType.ADDRESS_BIND) {
+ try {
+ doBind((AddressEvent) event);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] {
+ TcpEventType.ADDRESS_BIND
+ };
+ }
+ });
+ }
+
+ @Override
+ protected void doListen(InetSocketAddress socketAddress) {
+ AddressEvent event = TcpAddressEvent.createAddressBindEvent(socketAddress);
+ dispatch(event);
+ }
+
+ @Override
+ protected void dealKey(SelectionKey selectionKey) throws IOException {
+ if (selectionKey.isAcceptable()) {
+ doAccept(selectionKey);
+ } else {
+ super.dealKey(selectionKey);
+ }
+ }
+
+ void doAccept(SelectionKey key) throws IOException {
+ ServerSocketChannel server = (ServerSocketChannel) key.channel();
+ SocketChannel channel;
+ while ((channel = server.accept()) != null) {
+ // Quick fix: avoid exception during exiting
+ if (! selector.isOpen()) {
+ channel.close();
+ break;
+ };
+
+ channel.configureBlocking(false);
+ channel.socket().setTcpNoDelay(true);
+ channel.socket().setKeepAlive(true);
+
+ Transport transport = new TcpTransport(channel,
+ ((TcpTransportHandler) transportHandler).getStreamingDecoder());
+
+ if (! selector.isOpen()) {
+ break;
+ }
+ channel.register(selector,
+ SelectionKey.OP_READ | SelectionKey.OP_WRITE, transport);
+ onNewTransport(transport);
+ }
+ }
+
+ protected void doBind(AddressEvent event) throws IOException {
+ ServerSocketChannel serverSocketChannel = ServerSocketChannel.open();
+ serverSocketChannel.configureBlocking(false);
+ ServerSocket serverSocket = serverSocketChannel.socket();
+ serverSocket.bind(event.getAddress());
+ serverSocketChannel.register(selector, SelectionKey.OP_ACCEPT, serverSocketChannel);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAddressEvent.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAddressEvent.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAddressEvent.java
new file mode 100644
index 0000000..23f3d31
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpAddressEvent.java
@@ -0,0 +1,17 @@
+package org.apache.haox.transport.tcp;
+
+import org.apache.haox.transport.event.AddressEvent;
+
+import java.net.InetSocketAddress;
+
+public class TcpAddressEvent {
+
+ public static AddressEvent createAddressBindEvent(InetSocketAddress address) {
+ return new AddressEvent(address, TcpEventType.ADDRESS_BIND);
+ }
+
+ public static AddressEvent createAddressConnectEvent(InetSocketAddress address) {
+ return new AddressEvent(address, TcpEventType.ADDRESS_CONNECT);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpConnector.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpConnector.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpConnector.java
new file mode 100644
index 0000000..f795804
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpConnector.java
@@ -0,0 +1,75 @@
+package org.apache.haox.transport.tcp;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Connector;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.AddressEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.SocketChannel;
+
+public class TcpConnector extends Connector {
+
+ public TcpConnector(StreamingDecoder streamingDecoder) {
+ this(new TcpTransportHandler(streamingDecoder));
+ }
+
+ public TcpConnector(TcpTransportHandler transportHandler) {
+ super(transportHandler);
+
+ setEventHandler(new AbstractEventHandler() {
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ if (event.getEventType() == TcpEventType.ADDRESS_CONNECT) {
+ doConnect((AddressEvent) event);
+ }
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] {
+ TcpEventType.ADDRESS_CONNECT
+ };
+ }
+ });
+ }
+
+ @Override
+ protected void doConnect(InetSocketAddress sa) {
+ AddressEvent event = TcpAddressEvent.createAddressConnectEvent(sa);
+ dispatch(event);
+ }
+
+ private void doConnect(AddressEvent event) throws IOException {
+ SocketChannel channel = SocketChannel.open();
+ channel.configureBlocking(false);
+ channel.connect(event.getAddress());
+ channel.register(selector,
+ SelectionKey.OP_CONNECT | SelectionKey.OP_READ | SelectionKey.OP_WRITE);
+ }
+
+ @Override
+ protected void dealKey(SelectionKey selectionKey) throws IOException {
+ if (selectionKey.isConnectable()) {
+ doConnect(selectionKey);
+ } else {
+ super.dealKey(selectionKey);
+ }
+ }
+
+ private void doConnect(SelectionKey key) throws IOException {
+ SocketChannel channel = (SocketChannel) key.channel();
+ if (channel.isConnectionPending()) {
+ channel.finishConnect();
+ }
+
+ Transport transport = new TcpTransport(channel,
+ ((TcpTransportHandler) transportHandler).getStreamingDecoder());
+ channel.register(selector, SelectionKey.OP_READ | SelectionKey.OP_WRITE, transport);
+ onNewTransport(transport);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpEventType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpEventType.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpEventType.java
new file mode 100644
index 0000000..2710ddb
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpEventType.java
@@ -0,0 +1,8 @@
+package org.apache.haox.transport.tcp;
+
+import org.apache.haox.event.EventType;
+
+public enum TcpEventType implements EventType {
+ ADDRESS_BIND,
+ ADDRESS_CONNECT
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransport.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransport.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransport.java
new file mode 100644
index 0000000..03ec89c
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransport.java
@@ -0,0 +1,91 @@
+package org.apache.haox.transport.tcp;
+
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.buffer.BufferPool;
+import org.apache.haox.transport.buffer.RecvBuffer;
+import org.apache.haox.transport.event.MessageEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.SocketChannel;
+
+public class TcpTransport extends Transport {
+
+ private SocketChannel channel;
+
+ private StreamingDecoder streamingDecoder;
+
+ private RecvBuffer recvBuffer;
+
+ public TcpTransport(SocketChannel channel,
+ StreamingDecoder streamingDecoder) throws IOException {
+ super((InetSocketAddress) channel.getRemoteAddress());
+ this.channel = channel;
+ this.streamingDecoder = streamingDecoder;
+
+ this.recvBuffer = new RecvBuffer();
+ }
+
+ @Override
+ protected void sendOutMessage(ByteBuffer message) throws IOException {
+ channel.write(message);
+ }
+
+ public void onReadable() throws IOException {
+ ByteBuffer writeBuffer = BufferPool.allocate(65536);
+ if (channel.read(writeBuffer) <= 0) {
+ BufferPool.release(writeBuffer);
+ return;
+ }
+
+ writeBuffer.flip();
+ recvBuffer.write(writeBuffer);
+
+ WithReadDataHander rdHandler = new WithReadDataHander();
+ rdHandler.handle();
+ }
+
+ class WithReadDataHander implements DecodingCallback {
+ private ByteBuffer streamingBuffer;
+
+ @Override
+ public void onMessageComplete(int messageLength) {
+ ByteBuffer message = null;
+
+ int remaining = streamingBuffer.remaining();
+ if (remaining == messageLength) {
+ message = streamingBuffer;
+ } else if (remaining > messageLength) {
+ message = streamingBuffer.duplicate();
+ int newLimit = streamingBuffer.position() + messageLength;
+ message.limit(newLimit);
+
+ streamingBuffer.position(newLimit);
+ recvBuffer.writeFirst(streamingBuffer);
+ }
+
+ if (message != null) {
+ dispatcher.dispatch(MessageEvent.createInboundMessageEvent(TcpTransport.this, message));
+ }
+ }
+
+ @Override
+ public void onMoreDataNeeded() {
+ recvBuffer.writeFirst(streamingBuffer);
+ }
+
+ @Override
+ public void onMoreDataNeeded(int needDataLength) {
+ recvBuffer.writeFirst(streamingBuffer);
+ }
+
+ public void handle() {
+ if (recvBuffer.isEmpty()) return;
+
+ streamingBuffer = recvBuffer.readMostBytes();
+
+ streamingDecoder.decode(streamingBuffer.duplicate(), this);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransportHandler.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransportHandler.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransportHandler.java
new file mode 100644
index 0000000..b8728b1
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/tcp/TcpTransportHandler.java
@@ -0,0 +1,58 @@
+package org.apache.haox.transport.tcp;
+
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.TransportEventType;
+import org.apache.haox.transport.TransportHandler;
+import org.apache.haox.transport.event.TransportEvent;
+
+import java.io.IOException;
+import java.nio.channels.SelectionKey;
+
+public class TcpTransportHandler extends TransportHandler {
+
+ private StreamingDecoder streamingDecoder;
+
+ public TcpTransportHandler(StreamingDecoder streamingDecoder) {
+ this.streamingDecoder = streamingDecoder;
+ }
+
+ public StreamingDecoder getStreamingDecoder() {
+ return streamingDecoder;
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new TransportEventType[] {
+ TransportEventType.TRANSPORT_READABLE,
+ TransportEventType.TRANSPORT_WRITABLE
+ };
+ }
+
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ EventType eventType = event.getEventType();
+ TransportEvent te = (TransportEvent) event;
+ Transport transport = te.getTransport();
+ if (eventType == TransportEventType.TRANSPORT_READABLE) {
+ transport.onReadable();
+ } else if (eventType == TransportEventType.TRANSPORT_WRITABLE) {
+ transport.onWriteable();
+ }
+ }
+
+ @Override
+ public void helpHandleSelectionKey(SelectionKey selectionKey) throws IOException {
+ if (selectionKey.isReadable()) {
+ selectionKey.interestOps(SelectionKey.OP_READ | SelectionKey.OP_WRITE);
+ TcpTransport transport = (TcpTransport) selectionKey.attachment();
+ dispatch(TransportEvent.createReadableTransportEvent(transport));
+ } else if (selectionKey.isWritable()) {
+ selectionKey.interestOps(SelectionKey.OP_READ);
+ TcpTransport transport = (TcpTransport) selectionKey.attachment();
+ dispatch(TransportEvent.createWritableTransportEvent(transport));
+ }
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAcceptor.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAcceptor.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAcceptor.java
new file mode 100644
index 0000000..e666edb
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAcceptor.java
@@ -0,0 +1,65 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Acceptor;
+import org.apache.haox.transport.event.AddressEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.SelectionKey;
+
+public class UdpAcceptor extends Acceptor {
+
+ private DatagramChannel serverChannel;
+
+ public UdpAcceptor() {
+ this(new UdpTransportHandler());
+ }
+
+ public UdpAcceptor(UdpTransportHandler udpTransportHandler) {
+ super(udpTransportHandler);
+
+ setEventHandler(new AbstractEventHandler() {
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ if (event.getEventType() == UdpEventType.ADDRESS_BIND) {
+ doBind((AddressEvent) event);
+ }
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] {
+ UdpEventType.ADDRESS_BIND
+ };
+ }
+ });
+ }
+
+ @Override
+ protected void doListen(InetSocketAddress socketAddress) {
+ AddressEvent event = UdpAddressEvent.createAddressBindEvent(socketAddress);
+ dispatch(event);
+ }
+
+ private void doBind(AddressEvent event) throws IOException {
+ serverChannel = DatagramChannel.open();
+ serverChannel.configureBlocking(false);
+ serverChannel.bind(event.getAddress());
+ serverChannel.register(selector, SelectionKey.OP_READ);
+ }
+
+ @Override
+ public void stop() {
+ super.stop();
+
+ try {
+ serverChannel.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAddressEvent.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAddressEvent.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAddressEvent.java
new file mode 100644
index 0000000..83459f5
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpAddressEvent.java
@@ -0,0 +1,17 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.transport.event.AddressEvent;
+
+import java.net.InetSocketAddress;
+
+public class UdpAddressEvent {
+
+ public static AddressEvent createAddressBindEvent(InetSocketAddress address) {
+ return new AddressEvent(address, UdpEventType.ADDRESS_BIND);
+ }
+
+ public static AddressEvent createAddressConnectEvent(InetSocketAddress address) {
+ return new AddressEvent(address, UdpEventType.ADDRESS_CONNECT);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpChannelEvent.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpChannelEvent.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpChannelEvent.java
new file mode 100644
index 0000000..ace00d6
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpChannelEvent.java
@@ -0,0 +1,28 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+
+import java.nio.channels.DatagramChannel;
+
+public class UdpChannelEvent extends Event {
+
+ private DatagramChannel channel;
+
+ private UdpChannelEvent(DatagramChannel channel, EventType eventType) {
+ super(eventType);
+ this.channel = channel;
+ }
+
+ public DatagramChannel getChannel() {
+ return channel;
+ }
+
+ public static UdpChannelEvent makeWritableChannelEvent(DatagramChannel channel) {
+ return new UdpChannelEvent(channel, UdpEventType.CHANNEL_WRITABLE);
+ }
+
+ public static UdpChannelEvent makeReadableChannelEvent(DatagramChannel channel) {
+ return new UdpChannelEvent(channel, UdpEventType.CHANNEL_READABLE);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpConnector.java
----------------------------------------------------------------------
diff --git a/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpConnector.java b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpConnector.java
new file mode 100644
index 0000000..c3419a9
--- /dev/null
+++ b/contrib/haox-event/src/main/java/org/apache/haox/transport/udp/UdpConnector.java
@@ -0,0 +1,57 @@
+package org.apache.haox.transport.udp;
+
+import org.apache.haox.event.AbstractEventHandler;
+import org.apache.haox.event.Event;
+import org.apache.haox.event.EventType;
+import org.apache.haox.transport.Connector;
+import org.apache.haox.transport.event.AddressEvent;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.channels.DatagramChannel;
+import java.nio.channels.SelectionKey;
+
+public class UdpConnector extends Connector {
+
+ public UdpConnector() {
+ this(new UdpTransportHandler());
+ }
+
+ public UdpConnector(UdpTransportHandler transportHandler) {
+ super(transportHandler);
+
+ setEventHandler(new AbstractEventHandler() {
+ @Override
+ protected void doHandle(Event event) throws Exception {
+ if (event.getEventType() == UdpEventType.ADDRESS_CONNECT) {
+ doConnect((AddressEvent) event);
+ }
+ }
+
+ @Override
+ public EventType[] getInterestedEvents() {
+ return new EventType[] {
+ UdpEventType.ADDRESS_CONNECT
+ };
+ }
+ });
+ }
+
+ @Override
+ protected void doConnect(InetSocketAddress sa) {
+ AddressEvent event = UdpAddressEvent.createAddressConnectEvent(sa);
+ dispatch(event);
+ }
+
+ private void doConnect(AddressEvent event) throws IOException {
+ InetSocketAddress address = event.getAddress();
+ DatagramChannel channel = DatagramChannel.open();
+ channel.configureBlocking(false);
+ channel.connect(address);
+
+ channel.register(selector, SelectionKey.OP_READ | SelectionKey.OP_WRITE);
+
+ UdpTransport transport = new UdpTransport(channel, address);
+ onNewTransport(transport);
+ }
+}
[32/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.base64
new file mode 100644
index 0000000..642f982
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+Qg5j8oNBcizevw2S/9a304WcUojYHEb8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.raw
new file mode 100644
index 0000000..1e50ac5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cbc.raw
@@ -0,0 +1 @@
+Salted__�����jt_�u���&��� K�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.base64
new file mode 100644
index 0000000..cf796db
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19wAkjNdLumDxGUBRFnlpxxfBa+xw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.raw
new file mode 100644
index 0000000..1d9e9cd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb.raw
@@ -0,0 +1 @@
+Salted__U���R.��G��I��F����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.base64
new file mode 100644
index 0000000..42bdb16
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18MxdLUbBHz6J3ImvUkHx1Mi7HgeQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.raw
new file mode 100644
index 0000000..19912d7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-cfb8.raw
@@ -0,0 +1 @@
+Salted__k��Evq���������3�n��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.base64
new file mode 100644
index 0000000..9739df3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/o+GDLgPn9NGJaxPBdnMY6dWlgEGdICbk=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.raw
new file mode 100644
index 0000000..9c44997
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ecb.raw
@@ -0,0 +1 @@
+Salted__kZ��E����w����#?���~��]�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.base64
new file mode 100644
index 0000000..8f090ec
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+Sm91Ol7VDaRp3AkCLVd66x/Pkhw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.raw
new file mode 100644
index 0000000..73e4be8
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed-ofb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.base64
new file mode 100644
index 0000000..393dfd5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.base64
@@ -0,0 +1 @@
+U2FsdGVkX19j1iVitL5B8/SoJbot/q0ZoJCh/crgiaQ=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.raw
new file mode 100644
index 0000000..4c27a0c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/seed.raw
@@ -0,0 +1 @@
+Salted__�%�/�+G�dT�-u�VL�w�'��k�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.base64
new file mode 100644
index 0000000..2b6cf49
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/Ruex6zZXcKY7UzTOEYf0rOS7jWiPN44E=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.raw
new file mode 100644
index 0000000..19bd450
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cbc.raw
@@ -0,0 +1 @@
+Salted__'���"���25�2G\ѝ5��%;`�'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.base64
new file mode 100644
index 0000000..26319af
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+XdD1519g75daA+/McW1GrmcrcsQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.raw
new file mode 100644
index 0000000..227d506
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.base64
new file mode 100644
index 0000000..e35a611
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19rsyCIbjU+kC1yUp68/DYighdcZA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.raw
new file mode 100644
index 0000000..cfbdd0b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-cfb8.raw
@@ -0,0 +1 @@
+Salted__�g��h��2�v���髢L��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.base64
new file mode 100644
index 0000000..404db36
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1958euEvux9tp6qt8zLCDmYDyBVVSTjY88=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.raw
new file mode 100644
index 0000000..ac78ceb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ecb.raw
@@ -0,0 +1 @@
+Salted__ņ���w��X��D]I�<a���S��x
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.base64
new file mode 100644
index 0000000..cc9c2ae
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/s6i6U5jeXh15/PrVKKpyIRNbuIg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.raw
new file mode 100644
index 0000000..9c9db35
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent-ofb.raw
@@ -0,0 +1 @@
+Salted__t�"��������]�j�y��C
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.base64
new file mode 100644
index 0000000..5a21227
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.base64
@@ -0,0 +1 @@
+U2FsdGVkX195qujaNzq14jxKvx+Lw8SHyaLJs4TQ8J0=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.raw
new file mode 100644
index 0000000..7aea741
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/serpent.raw
@@ -0,0 +1,2 @@
+Salted__�:����7q�;
+�����]cr�>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.base64
new file mode 100644
index 0000000..4adcdef
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+zMjVYCvOD+ewdBROea+7dkdJFDQQwW0E=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.raw
new file mode 100644
index 0000000..9f8a32c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cbc.raw
@@ -0,0 +1 @@
+Salted__���YN�[��y!�>O��#ذ��Dw
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.base64
new file mode 100644
index 0000000..45d51f7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19n4zca8LfA6iiKCnoRiQ/Okw7uww==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.raw
new file mode 100644
index 0000000..30950e0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb.raw
@@ -0,0 +1 @@
+Salted__fL��(����i����e�)� �
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.base64
new file mode 100644
index 0000000..ffe939f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18dc5fJxg3eO18jgj+CCBW8bEiBBg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.raw
new file mode 100644
index 0000000..b88eb97
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-cfb8.raw
@@ -0,0 +1 @@
+Salted__�J{�>�_���t��n7���8�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.base64
new file mode 100644
index 0000000..043f64f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Twzi0wluhUpj2mqCmsKpBAyG9NW3+9V0=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.raw
new file mode 100644
index 0000000..d70ffe4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ecb.raw
@@ -0,0 +1 @@
+Salted__���ؓCkG]�V�[n,�<���#���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.base64
new file mode 100644
index 0000000..185d89f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19+3i3BJd+8b2P4kc84XE0bvdKynw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.raw
new file mode 100644
index 0000000..39e4f27
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack-ofb.raw
@@ -0,0 +1 @@
+Salted__�T3�>f��O��B�I��N�û
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.base64
new file mode 100644
index 0000000..2ae32ac
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+GkkE/WR9HWr/3hK1+f0vCb2EwMPxvNws=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.raw
new file mode 100644
index 0000000..cf464a1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/skipjack.raw
@@ -0,0 +1 @@
+Salted__�DC�����!rɨ���\&94�-k�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.base64
new file mode 100644
index 0000000..3be186e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+N4jlJF5HA4CqXCaLMdgjGr4gCcWcMV6I=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.raw
new file mode 100644
index 0000000..15879f1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cbc.raw
@@ -0,0 +1 @@
+Salted__l�Ư��|àK��t�p�1RO�����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.base64
new file mode 100644
index 0000000..b7c9f91
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1//9v7c5qa6brx3B1IL8/k3DN9OeQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.raw
new file mode 100644
index 0000000..5841c0f
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.base64
new file mode 100644
index 0000000..ac42414
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18nOAp7ZtTx3hwVuGU7PvXkKXGp2Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.raw
new file mode 100644
index 0000000..c2ec5a1
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-cfb8.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.base64
new file mode 100644
index 0000000..b441619
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Nw7PSpP/e7N9eqS3VYCLU86sqN+sQs14=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.raw
new file mode 100644
index 0000000..382ba5b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ecb.raw
@@ -0,0 +1 @@
+Salted__����l�o���z;�#��WZ����W
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.base64
new file mode 100644
index 0000000..e2d5026
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18s9wJ3sg0L3FXWk7UwG2uqu11RgQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.raw
new file mode 100644
index 0000000..f59f0e4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea-ofb.raw
@@ -0,0 +1 @@
+Salted__Ϳ���z��vZ����Ƞ\��P
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.base64
new file mode 100644
index 0000000..1a5a668
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+sNDAL8YtooObpna/OX8DLzocbyvmSess=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.raw
new file mode 100644
index 0000000..3e84eb9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/tea.raw
@@ -0,0 +1 @@
+Salted__��[�q ��7y��,�"s�`ΖUN��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.base64
new file mode 100644
index 0000000..c54ee99
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/NNaFelxgWYsIzd+iFdfvLUZ250HQHQtI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.raw
new file mode 100644
index 0000000..d52b77e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cbc.raw
@@ -0,0 +1,2 @@
+Salted__|e�l��������;i�
+���3�-�P
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.base64
new file mode 100644
index 0000000..4170c55
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+j+QSgLHLu0GHIqdiVkVL+yobuaA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.raw
new file mode 100644
index 0000000..01ebdf9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb.raw
@@ -0,0 +1 @@
+Salted__0L�/'������p���B5X�6
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.base64
new file mode 100644
index 0000000..196e081
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/XCJv/O97fxn6yxzDAR/9H9C6THQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.raw
new file mode 100644
index 0000000..9e1d1ea
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-cfb8.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.base64
new file mode 100644
index 0000000..e1d44e7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX195dmAFm0b+1i24kugg4ou+e+HMPufBeuk=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.raw
new file mode 100644
index 0000000..3182afd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ecb.raw
@@ -0,0 +1 @@
+Salted__l��{��ݑl������>�q��i.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.base64
new file mode 100644
index 0000000..cced7ad
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19kjJcggRCb+18SAEJhmDWvlLMW7A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.raw
new file mode 100644
index 0000000..47949d4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish-ofb.raw
@@ -0,0 +1 @@
+Salted__Ϝ�5e���p�qz@-���?��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.base64
new file mode 100644
index 0000000..c6241b0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.base64
@@ -0,0 +1 @@
+U2FsdGVkX19CoOnVar7VaeII23EgP4ipAZ2XodKcQF0=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.raw
new file mode 100644
index 0000000..bae695e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/twofish.raw
@@ -0,0 +1 @@
+Salted__��\�/ޠX��RK���� �R�=�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.base64
new file mode 100644
index 0000000..8ca76da
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/VPpaWg1t9N5RSoA8Xg0Yfg7T9nRjNIm4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.raw
new file mode 100644
index 0000000..fef76ec
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cbc.raw
@@ -0,0 +1 @@
+Salted__b�8M�SM������n�� uZK���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.base64
new file mode 100644
index 0000000..7b45427
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+i85TvEyps5v51kOIKVH7BHrItnA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.raw
new file mode 100644
index 0000000..97a140a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb.raw
@@ -0,0 +1 @@
+Salted__x��g�W1����H�b�-�1��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.base64
new file mode 100644
index 0000000..21f524e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+fypkqSyuSpEfZKx80/3qRpV22Qg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.raw
new file mode 100644
index 0000000..0c019e2
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-cfb8.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.base64
new file mode 100644
index 0000000..6267b57
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19jhcs+AOGFPsPKqKHpCkbqCG75AptTPo0=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.raw
new file mode 100644
index 0000000..473b409
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ecb.raw
@@ -0,0 +1 @@
+Salted__[��.�x^�XR�@���S��b����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.base64
new file mode 100644
index 0000000..7022151
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18tAwVVVBYZnOl6r0cv/RuAtekpXA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.raw
new file mode 100644
index 0000000..371e663
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea-ofb.raw
@@ -0,0 +1 @@
+Salted__���JC���G�N��f��nO��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.base64
new file mode 100644
index 0000000..69a1592
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.base64
@@ -0,0 +1 @@
+U2FsdGVkX19j1TDNjQKQw1rE1KFHZns5eBmCvWeX01I=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.raw
new file mode 100644
index 0000000..990f578
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/xtea.raw
@@ -0,0 +1 @@
+Salted__ɣ��.f�
>�*��Q�F��^�Q�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/README.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/README.txt b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/README.txt
new file mode 100644
index 0000000..7853cd5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/README.txt
@@ -0,0 +1,5 @@
+Password for decrypting any of these files is
+always "changeit".
+
+These files should always decrypt to "Hello World!"
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.base64
new file mode 100644
index 0000000..1632bb7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/CR0ZIen7XtLIONFKXoUUwlU0il7SZIxg=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.raw
new file mode 100644
index 0000000..1212ec6
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cbc.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.base64
new file mode 100644
index 0000000..8df5dd9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19+j8Eer0XidAqV7fHKVgbwxnDk4A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.raw
new file mode 100644
index 0000000..653204a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb.raw
@@ -0,0 +1 @@
+Salted__�_��U\A����U��T�+�!�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.base64
new file mode 100644
index 0000000..4d00f4a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+dSFH+j10CyNLwAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.raw
new file mode 100644
index 0000000..484e62b
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.base64
new file mode 100644
index 0000000..ad0474e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/OSxAyDPgMDgjTvEekGK61k0rV+Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.raw
new file mode 100644
index 0000000..7333a96
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-cfb8.raw
@@ -0,0 +1,2 @@
+Salted__쑶��6�Icp�
+�r}��Y�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.base64
new file mode 100644
index 0000000..4dc065d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18J3uzuGOGrPMUHrmhquo/97Ps1kOKjvfU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.raw
new file mode 100644
index 0000000..631a48a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ecb.raw
@@ -0,0 +1 @@
+Salted__�y �؛u�$�3��W�
R�����h�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.base64
new file mode 100644
index 0000000..86459ac
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX181diQQs5GELPtmU73gs87cGoGFSg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.raw
new file mode 100644
index 0000000..ca86443
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-128-ofb.raw
@@ -0,0 +1 @@
+Salted__�[�2��H����GC.Z�����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.base64
new file mode 100644
index 0000000..44c5f3a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/k5HwF+FgOGOXs9fCuT9hSxEDuIYSblP8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.raw
new file mode 100644
index 0000000..e90973f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cbc.raw
@@ -0,0 +1 @@
+Salted__u5�&�GG31O�?q��Wt��͂�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.base64
new file mode 100644
index 0000000..6d914f5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/KIq1c4o4UvUpKK4s9SJz5jI11qg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.raw
new file mode 100644
index 0000000..347e984
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb.raw
@@ -0,0 +1 @@
+Salted__g�f��{�-�����]�h�U
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.base64
new file mode 100644
index 0000000..eccff7f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/QY2zPpdXFQu3gAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.raw
new file mode 100644
index 0000000..659e076
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.base64
new file mode 100644
index 0000000..8e04487
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18ORFdc9Vqh1g5OMXEdJTZKJ5Nrug==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.raw
new file mode 100644
index 0000000..85132cc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-cfb8.raw
@@ -0,0 +1 @@
+Salted__u֟��ҧ�Ä��������Vr
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.base64
new file mode 100644
index 0000000..95e9676
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18OqCEgXpiMyN4wc4mB+S9tTMLxtkPATgM=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.raw
new file mode 100644
index 0000000..5fb0ba4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ecb.raw
@@ -0,0 +1 @@
+Salted__8��ͺF���v)+QX}��8lZ�S5�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.base64
new file mode 100644
index 0000000..0916cb0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/OuNnbiSdlHOGGT9o6tIG29p+k3g==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.raw
new file mode 100644
index 0000000..1ac4b1b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-192-ofb.raw
@@ -0,0 +1 @@
+Salted__H�'܊���Rp�]h��#���a
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.base64
new file mode 100644
index 0000000..880daac
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/cfccZKdAm5MwO9uPkX/p2+WtVIvafIA8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.raw
new file mode 100644
index 0000000..e1808d4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cbc.raw
@@ -0,0 +1 @@
+Salted__2�,<Kj+�H��:�eȠ¿$�)9)+
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.base64
new file mode 100644
index 0000000..33d1dd6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19xnj0ssEJbv5hcgr6/57WDT6+lxA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.raw
new file mode 100644
index 0000000..ee4f70f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb.raw
@@ -0,0 +1 @@
+Salted__f������!����@�vs�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.base64
new file mode 100644
index 0000000..965ed83
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+jQxVlHdV1CqSwAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.raw
new file mode 100644
index 0000000..d483aea
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.base64
new file mode 100644
index 0000000..14b6174
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/vk1JozaSOqDGDIm8vAV6e2hL3Vw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.raw
new file mode 100644
index 0000000..814fd2e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-cfb8.raw
@@ -0,0 +1 @@
+Salted__����e��*��� B��5�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.base64
new file mode 100644
index 0000000..e27987d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18EBM0NsnydQq6slUNeyknxvEGAA2QCOgY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.raw
new file mode 100644
index 0000000..703bc0e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ecb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.base64
new file mode 100644
index 0000000..bbc278c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+C5homVRhjJYpwt6mPV9cVW3vGZw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.raw
new file mode 100644
index 0000000..dc1a75b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes-256-ofb.raw
@@ -0,0 +1 @@
+Salted__��N���<:l��/��������
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.base64
new file mode 100644
index 0000000..f79f113
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/5U/WWiPGrmTZRWZPyDHOMKMN5Je/kKbI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.raw
new file mode 100644
index 0000000..13c9415
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes128.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.base64
new file mode 100644
index 0000000..ae9b529
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.base64
@@ -0,0 +1 @@
+U2FsdGVkX192xm+Zu1nX/gx0WarzSZhjXXNYkkC46Mw=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.raw
new file mode 100644
index 0000000..0f9234e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes192.raw
@@ -0,0 +1,3 @@
+Salted__��V��Eq
+��������
+'�Kyy�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.base64
new file mode 100644
index 0000000..94b9d5f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.base64
@@ -0,0 +1 @@
+U2FsdGVkX19ZErtOI0xWaZpeebrblB6HNZSVB4QwbvU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.raw
new file mode 100644
index 0000000..8c95e24
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/aes256.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.base64
new file mode 100644
index 0000000..a315959
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18BCvjqlyAGSuP+yp4jdcjowm3aEV95ypM=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.raw
new file mode 100644
index 0000000..64011a8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cbc.raw
@@ -0,0 +1 @@
+Salted__����a߃\�bec��,k�H;%X=��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.base64
new file mode 100644
index 0000000..735d13b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+34fmh8JsQX+N3TaSXOnZ2wCmDRQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.raw
new file mode 100644
index 0000000..53be327
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-cfb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.base64
new file mode 100644
index 0000000..228042c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19JnXUueE7stEFnIl75kA0KiJf8PoXw8t8=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.raw
new file mode 100644
index 0000000..57477bd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ecb.raw
@@ -0,0 +1 @@
+Salted__�����3�w7={���@��������<
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.base64
new file mode 100644
index 0000000..65220e5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/qY/rlPjfOD14R0xNPzgRWMfw07A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.raw
new file mode 100644
index 0000000..69fde74
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf-ofb.raw
@@ -0,0 +1 @@
+Salted__�0�-�M�������0*���(�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.base64
new file mode 100644
index 0000000..01788ae
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.base64
@@ -0,0 +1 @@
+U2FsdGVkX18qjls17bp4yNuuyQ74RlpoY6QqRT9QAkk=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.raw
new file mode 100644
index 0000000..51edd1a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/bf.raw
@@ -0,0 +1 @@
+Salted__��c������K��������H�F
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.base64
new file mode 100644
index 0000000..88fe735
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.base64
@@ -0,0 +1 @@
+U2FsdGVkX18DFToo8Zb5k2/Q6hl6N7OwZotaTEWTrBw=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.raw
new file mode 100644
index 0000000..c34fa5f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/blowfish.raw
@@ -0,0 +1 @@
+Salted__�w�b{��R���(~��� 6I:�iW
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.base64
new file mode 100644
index 0000000..1b54479
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX191lwXrmRQxE0TrCNbeupylcJZ8VtJv2/M=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.raw
new file mode 100644
index 0000000..6c374a6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cbc.raw
@@ -0,0 +1 @@
+Salted__�V����T"���O����VI�y:k=�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.base64
new file mode 100644
index 0000000..9df07c4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19L18gNUQSx/Y+VPZuAf+Ey6dVHIw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.raw
new file mode 100644
index 0000000..c534d38
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb.raw
@@ -0,0 +1 @@
+Salted__ː��4x�`��U��
��:
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.base64
new file mode 100644
index 0000000..8b42799
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Ye+SfFNdm7U5wAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.raw
new file mode 100644
index 0000000..492135f
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.base64
new file mode 100644
index 0000000..6b4b38b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/ou3Wg0Obl2o0/fa+WwNAF+tyS0w==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.raw
new file mode 100644
index 0000000..4d83619
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-cfb8.raw
@@ -0,0 +1 @@
+Salted__����s�����f��q���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.base64
new file mode 100644
index 0000000..597a7cd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18AQ2nB+n58DNaX4mwTdbokFdol6VP2Sig=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.raw
new file mode 100644
index 0000000..968b5c3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ecb.raw
@@ -0,0 +1 @@
+Salted__+'ș*�Z�0�j��ooL��湱� l
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.base64
new file mode 100644
index 0000000..e1c76d2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/mQuHRAAq74ZdRlcfcZTTx17sySg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.raw
new file mode 100644
index 0000000..594b5a5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-128-ofb.raw
@@ -0,0 +1 @@
+Salted__&r)�������M�߾x�01
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.base64
new file mode 100644
index 0000000..202059b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+hcRQ4/yt8SNxOpXHyALH3sLeBJJ3dmd4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.raw
new file mode 100644
index 0000000..a7bc8ca
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cbc.raw
@@ -0,0 +1 @@
+Salted__?)��Uտ�S����"uTD�S۟���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.base64
new file mode 100644
index 0000000..f6f63e6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19M//cM++R922+a3AvqtTYN3sD+TA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.raw
new file mode 100644
index 0000000..6bf189d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb.raw
@@ -0,0 +1 @@
+Salted__ê^9���^�q�Y��̹]Xع
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.base64
new file mode 100644
index 0000000..9769a5e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/hZdJojga9mvBAAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.raw
new file mode 100644
index 0000000..5cfb273
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.base64
new file mode 100644
index 0000000..f4791ee
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+mqlN2aCBpyLgeXRQtqNX90++Jvw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.raw
new file mode 100644
index 0000000..7f9e80e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-cfb8.raw
@@ -0,0 +1 @@
+Salted__4���x�����/*���+���,
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.base64
new file mode 100644
index 0000000..be235fb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/1ByOMlVpW5gJ+hUEuYBQCf3p21m5hvHw=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.raw
new file mode 100644
index 0000000..6e723d2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ecb.raw
@@ -0,0 +1 @@
+Salted__�E�m"k��ؽy��!i�2D�f��K
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.base64
new file mode 100644
index 0000000..87999b7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19fDggOe33p5O85aMJg4Ic9Q86QEg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.raw
new file mode 100644
index 0000000..594b9f8
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-192-ofb.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.base64
new file mode 100644
index 0000000..ed2f582
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+xIS0t1hNR/OB6/3SpUooUlyjAKlwsumY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.raw
new file mode 100644
index 0000000..c024af7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cbc.raw
@@ -0,0 +1 @@
+Salted__�؝b�Q�ǔ�R�W���o��'�t�W
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.base64
new file mode 100644
index 0000000..5b68815
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19iJ77g6jgSSAAP5e/bIe7O6Iq/Sg==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.raw
new file mode 100644
index 0000000..3d15c99
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb.raw
@@ -0,0 +1,2 @@
+Salted__���y�_H�d���
+�R�n�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.base64
new file mode 100644
index 0000000..e515ceb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Vi0yGB2BogY+AAAAAAAAAAAAAAA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.raw
new file mode 100644
index 0000000..48ad2b7
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb1.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.base64
new file mode 100644
index 0000000..08a553e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX191muRJTezui22cEiJu1qyPJ2FSHw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.raw
new file mode 100644
index 0000000..205ba19
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-cfb8.raw
@@ -0,0 +1 @@
+Salted__94��:�آ�����m����^�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.base64
new file mode 100644
index 0000000..254449c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX199maVIVUYl/KMF5PrquhZxKT0JzrtYhAE=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.raw
new file mode 100644
index 0000000..007f44b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ecb.raw
@@ -0,0 +1 @@
+Salted__����H�}��H��Q�<�?���H:��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.base64
new file mode 100644
index 0000000..dc89309
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18Bp7PrPYIPJ8C6M/MHVO9p6tdNsw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.raw
new file mode 100644
index 0000000..d9b84d7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/openssl/camellia-256-ofb.raw
@@ -0,0 +1 @@
+Salted__Pl�c fe �d�ۄ��1���
\ No newline at end of file
[16/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/AbstractAsn1Type.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/AbstractAsn1Type.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/AbstractAsn1Type.java
new file mode 100644
index 0000000..a56a2c3
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/AbstractAsn1Type.java
@@ -0,0 +1,401 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.TaggingOption;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public abstract class AbstractAsn1Type<T> implements Asn1Type {
+ private TagClass tagClass = TagClass.UNKNOWN;
+ private int tagNo = -1;
+ private int tagFlags = -1;
+ protected EncodingOption encodingOption = EncodingOption.UNKNOWN;
+ private int encodingLen = -1;
+ private T value;
+
+ public AbstractAsn1Type(TagClass tagClass, int tagNo) {
+ this(tagClass, tagNo, null);
+ }
+
+ public AbstractAsn1Type(int tagFlags, int tagNo) {
+ this(tagFlags, tagNo, null);
+ }
+
+ public AbstractAsn1Type(int tagFlags, int tagNo, T value) {
+ this(TagClass.fromTagFlags(tagFlags), tagNo, value);
+ setTagFlags(tagFlags);
+ }
+
+ public AbstractAsn1Type(TagClass tagClass, int tagNo, T value) {
+ this.tagClass = tagClass;
+ this.tagNo = tagNo;
+ this.value = value;
+ }
+
+ public void setEncodingOption(EncodingOption encodingOption) {
+ this.encodingOption = encodingOption;
+ }
+
+ public T getValue() {
+ return value;
+ }
+
+ public void setValue(T value) {
+ this.value = value;
+ }
+
+ protected TagClass tagClass() {
+ return tagClass;
+ }
+
+ @Override
+ public int tagNo() {
+ return tagNo;
+ }
+
+ protected void setTagFlags(int tagFlags) {
+ this.tagFlags = tagFlags & 0xe0;
+ }
+
+ protected void setTagNo(int tagNo) {
+ this.tagNo = tagNo;
+ }
+
+ @Override
+ public byte[] encode() {
+ ByteBuffer byteBuffer = ByteBuffer.allocate(encodingLength());
+ encode(byteBuffer);
+ byteBuffer.flip();
+ return byteBuffer.array();
+ }
+
+ @Override
+ public void encode(ByteBuffer buffer) {
+ encodeTag(buffer, tagFlags(), tagNo());
+ encodeLength(buffer, encodingBodyLength());
+ encodeBody(buffer);
+ }
+
+ protected void encodeBody(ByteBuffer buffer) { }
+
+ @Override
+ public void decode(byte[] content) throws IOException {
+ decode(new LimitedByteBuffer(content));
+ }
+
+ @Override
+ public void decode(ByteBuffer content) throws IOException {
+ decode(new LimitedByteBuffer(content));
+ }
+
+ @Override
+ public int tagFlags() {
+ if (tagFlags == -1) {
+ int flags = tagClass.getValue();
+ if (isConstructed()) flags |= EncodingOption.CONSTRUCTED_FLAG;
+ return flags;
+ }
+ return tagFlags;
+ }
+
+ @Override
+ public int encodingLength() {
+ if (encodingLen == -1) {
+ int bodyLen = encodingBodyLength();
+ encodingLen = lengthOfTagLength(tagNo()) + lengthOfBodyLength(bodyLen) + bodyLen;
+ }
+ return encodingLen;
+ }
+
+ public boolean isConstructed() {
+ if (tagFlags != -1) {
+ return (tagFlags & EncodingOption.CONSTRUCTED_FLAG) != 0;
+ } else {
+ return false;
+ }
+ }
+
+ public boolean isUniversal() {
+ return tagClass.isUniversal();
+ }
+
+ public boolean isAppSpecific() {
+ return tagClass.isAppSpecific();
+ }
+
+ public boolean isContextSpecific() {
+ return tagClass.isContextSpecific();
+ }
+
+ public boolean isTagged() {
+ return tagClass.isTagged();
+ }
+
+ public boolean isSimple() {
+ return isUniversal() && Asn1Simple.isSimple(tagNo);
+ }
+
+ public boolean isCollection() {
+ return isUniversal() && Asn1Collection.isCollection(tagNo);
+ }
+
+ protected abstract int encodingBodyLength();
+
+ protected void decode(LimitedByteBuffer content) throws IOException {
+ int tag = readTag(content);
+ int tagNo = readTagNo(content, tag);
+ int length = readLength(content);
+
+ decode(tag, tagNo, new LimitedByteBuffer(content, length));
+ }
+
+ public void decode(int tagFlags, int tagNo, LimitedByteBuffer content) throws IOException {
+ if (this.tagClass != TagClass.UNKNOWN && this.tagClass != TagClass.fromTagFlags(tagFlags)) {
+ throw new IOException("Unexpected tagFlags " + tagFlags + ", expecting " + this.tagClass);
+ }
+ if (this.tagNo != -1 && this.tagNo != tagNo) {
+ throw new IOException("Unexpected tagNo " + tagNo + ", expecting " + this.tagNo);
+ }
+
+ this.tagClass = TagClass.fromTagFlags(tagFlags);
+ this.tagFlags = tagFlags;
+ this.tagNo = tagNo;
+
+ decodeBody(content);
+ }
+
+ protected abstract void decodeBody(LimitedByteBuffer content) throws IOException;
+
+ protected int taggedEncodingLength(TaggingOption taggingOption) {
+ int taggingTagNo = taggingOption.getTagNo();
+ int taggingBodyLen = taggingOption.isImplicit() ? encodingBodyLength() : encodingLength();
+ int taggingEncodingLen = lengthOfTagLength(taggingTagNo) + lengthOfBodyLength(taggingBodyLen) + taggingBodyLen;
+ return taggingEncodingLen;
+ }
+
+ public byte[] taggedEncode(TaggingOption taggingOption) {
+ ByteBuffer byteBuffer = ByteBuffer.allocate(taggedEncodingLength(taggingOption));
+ taggedEncode(byteBuffer, taggingOption);
+ byteBuffer.flip();
+ return byteBuffer.array();
+ }
+
+ @Override
+ public void taggedEncode(ByteBuffer buffer, TaggingOption taggingOption) {
+ int taggingTagFlags = taggingOption.tagFlags(isConstructed());
+ encodeTag(buffer, taggingTagFlags, taggingOption.getTagNo());
+ int taggingBodyLen = taggingOption.isImplicit() ? encodingBodyLength() : encodingLength();
+ encodeLength(buffer, taggingBodyLen);
+ if (taggingOption.isImplicit()) {
+ encodeBody(buffer);
+ } else {
+ encode(buffer);
+ }
+ }
+
+ public void taggedDecode(byte[] content, TaggingOption taggingOption) throws IOException {
+ taggedDecode(ByteBuffer.wrap(content), taggingOption);
+ }
+
+ @Override
+ public void taggedDecode(ByteBuffer content, TaggingOption taggingOption) throws IOException {
+ LimitedByteBuffer limitedBuffer = new LimitedByteBuffer(content);
+ taggedDecode(limitedBuffer, taggingOption);
+ }
+
+ protected void taggedDecode(LimitedByteBuffer content, TaggingOption taggingOption) throws IOException {
+ int taggingTag = readTag(content);
+ int taggingTagNo = readTagNo(content, taggingTag);
+ int taggingLength = readLength(content);
+ LimitedByteBuffer newContent = new LimitedByteBuffer(content, taggingLength);
+
+ int tagFlags = taggingTag & 0xe0;
+ taggedDecode(tagFlags, taggingTagNo, newContent, taggingOption);
+ }
+
+ protected void taggedDecode(int taggingTagFlags, int taggingTagNo, LimitedByteBuffer content, TaggingOption taggingOption) throws IOException {
+ int expectedTaggingTagFlags = taggingOption.tagFlags(isConstructed());
+ if (expectedTaggingTagFlags != taggingTagFlags) {
+ throw new IOException("Unexpected tag flags" + taggingTagFlags + ", expecting " + expectedTaggingTagFlags);
+ }
+ if (taggingOption.getTagNo() != taggingTagNo) {
+ throw new IOException("Unexpected tagNo " + taggingTagNo + ", expecting " + taggingOption.getTagNo());
+ }
+
+ if (taggingOption.isImplicit()) {
+ decodeBody(content);
+ } else {
+ decode(content);
+ }
+ }
+
+ public static Asn1Item decodeOne(LimitedByteBuffer content) throws IOException {
+ int tag = readTag(content);
+ int tagNo = readTagNo(content, tag);
+ boolean isConstructed = EncodingOption.isConstructed(tag);
+ int length = readLength(content);
+ if (length < 0) {
+ throw new IOException("Unexpected length");
+ }
+ LimitedByteBuffer valueContent = new LimitedByteBuffer(content, length);
+ content.skip(length);
+
+ Asn1Item result = new Asn1Item(tag, tagNo, valueContent);
+ if (result.isSimple()) {
+ result.decodeValueAsSimple();
+ }
+ return result;
+ }
+
+ public static void skipOne(LimitedByteBuffer content) throws IOException {
+ int tag = readTag(content);
+ int tagNo = readTagNo(content, tag);
+ int length = readLength(content);
+ if (length < 0) {
+ throw new IOException("Unexpected length");
+ }
+ content.skip(length);
+ }
+
+ public static int lengthOfBodyLength(int bodyLength) {
+ int length = 1;
+
+ if (bodyLength > 127) {
+ int payload = bodyLength;
+ while (payload != 0) {
+ payload >>= 8;
+ length++;
+ }
+ }
+
+ return length;
+ }
+
+ public static int lengthOfTagLength(int tagNo) {
+ int length = 1;
+
+ if (tagNo >= 31) {
+ if (tagNo < 128) {
+ length++;
+ } else {
+ length++;
+
+ do {
+ tagNo >>= 7;
+ length++;
+ } while (tagNo > 127);
+ }
+ }
+
+ return length;
+ }
+
+ public static void encodeTag(ByteBuffer buffer, int flags, int tagNo) {
+ if (tagNo < 31) {
+ buffer.put((byte) (flags | tagNo));
+ } else {
+ buffer.put((byte) (flags | 0x1f));
+ if (tagNo < 128) {
+ buffer.put((byte) tagNo);
+ } else {
+ byte[] tmpBytes = new byte[5]; // 5 * 7 > 32
+ int iPut = tmpBytes.length;
+
+ tmpBytes[--iPut] = (byte)(tagNo & 0x7f);
+ do {
+ tagNo >>= 7;
+ tmpBytes[--iPut] = (byte)(tagNo & 0x7f | 0x80);
+ } while (tagNo > 127);
+
+ buffer.put(tmpBytes, iPut, tmpBytes.length - iPut);
+ }
+ }
+ }
+
+ public static void encodeLength(ByteBuffer buffer, int bodyLength) {
+ if (bodyLength < 128) {
+ buffer.put((byte) bodyLength);
+ } else {
+ int length = 0;
+ int payload = bodyLength;
+
+ while (payload != 0) {
+ payload >>= 8;
+ length++;
+ }
+
+ buffer.put((byte) (length | 0x80));
+
+ payload = bodyLength;
+ for (int i = length - 1; i >= 0; i--) {
+ buffer.put((byte) (payload >> (i * 8)));
+ }
+ }
+ }
+
+ public static int readTag(LimitedByteBuffer buffer) throws IOException {
+ int tag = buffer.readByte() & 0xff;
+ if (tag == 0) {
+ throw new IOException("Bad tag 0 found");
+ }
+ return tag;
+ }
+
+ public static int readTagNo(LimitedByteBuffer buffer, int tag) throws IOException {
+ int tagNo = tag & 0x1f;
+
+ if (tagNo == 0x1f) {
+ tagNo = 0;
+
+ int b = buffer.readByte() & 0xff;
+ if ((b & 0x7f) == 0) {
+ throw new IOException("Invalid high tag number found");
+ }
+
+ while ((b >= 0) && ((b & 0x80) != 0)) {
+ tagNo |= (b & 0x7f);
+ tagNo <<= 7;
+ b = buffer.readByte();
+ }
+
+ tagNo |= (b & 0x7f);
+ }
+
+ return tagNo;
+ }
+
+ public static int readLength(LimitedByteBuffer buffer) throws IOException {
+ int bodyLength = buffer.readByte() & 0xff;
+ if (bodyLength < 0) {
+ throw new EOFException("Unexpected EOF");
+ }
+
+ if (bodyLength > 127) {
+ int length = bodyLength & 0x7f;
+ if (length > 4) {
+ throw new IOException("Bad bodyLength of more than 4 bytes: " + length);
+ }
+
+ bodyLength = 0;
+ int tmp;
+ for (int i = 0; i < length; i++) {
+ tmp = buffer.readByte() & 0xff;
+ bodyLength = (bodyLength << 8) + tmp;
+ }
+
+ if (bodyLength < 0) {
+ throw new IOException("Invalid bodyLength " + bodyLength);
+ }
+ if (bodyLength > buffer.hasLeft()) {
+ throw new IOException("Corrupt stream - less data "
+ + buffer.hasLeft() + " than expected " + bodyLength);
+ }
+ }
+
+ return bodyLength;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Any.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Any.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Any.java
new file mode 100644
index 0000000..29aeb1a
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Any.java
@@ -0,0 +1,28 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.LimitedByteBuffer;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class Asn1Any extends AbstractAsn1Type<Asn1Type> {
+
+ public Asn1Any(Asn1Type anyValue) {
+ super(anyValue.tagFlags(), anyValue.tagNo(), anyValue);
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return ((AbstractAsn1Type) getValue()).encodingBodyLength();
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ ((AbstractAsn1Type) getValue()).encodeBody(buffer);
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ ((AbstractAsn1Type) getValue()).decodeBody(content);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BigInteger.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BigInteger.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BigInteger.java
new file mode 100644
index 0000000..518d042
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BigInteger.java
@@ -0,0 +1,29 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+public class Asn1BigInteger extends Asn1Simple<BigInteger>
+{
+ public Asn1BigInteger() {
+ this(null);
+ }
+
+ public Asn1BigInteger(long value) {
+ this(BigInteger.valueOf(value));
+ }
+
+ public Asn1BigInteger(BigInteger value) {
+ super(UniversalTag.INTEGER, value);
+ }
+
+ protected void toBytes() {
+ setBytes(getValue().toByteArray());
+ }
+
+ protected void toValue() throws IOException {
+ setValue(new BigInteger(getBytes()));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BitString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BitString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BitString.java
new file mode 100644
index 0000000..e601ba9
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BitString.java
@@ -0,0 +1,67 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+
+public class Asn1BitString extends Asn1Simple<byte[]>
+{
+ private int padding;
+
+ public Asn1BitString() {
+ this(null);
+ }
+
+ public Asn1BitString(byte[] value) {
+ this(value, 0);
+ }
+
+ public Asn1BitString(byte[] value, int padding) {
+ super(UniversalTag.BIT_STRING, value);
+ this.padding = padding;
+ }
+
+ public void setPadding(int padding) {
+ this.padding = padding;
+ }
+
+ public int getPadding() {
+ return padding;
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return getValue().length + 1;
+ }
+
+ @Override
+ protected void toBytes() {
+ byte[] bytes = new byte[encodingBodyLength()];
+ bytes[0] = (byte)padding;
+ System.arraycopy(getValue(), 0, bytes, 1, bytes.length - 1);
+ setBytes(bytes);
+ }
+
+ @Override
+ protected void toValue() throws IOException {
+ byte[] bytes = getBytes();
+ if (bytes.length < 1) {
+ throw new IOException("Bad stream, zero bytes found for bitstring");
+ }
+ int paddingBits = bytes[0];
+ validatePaddingBits(paddingBits);
+ setPadding(paddingBits);
+
+ byte[] newBytes = new byte[bytes.length - 1];
+ if (bytes.length > 1) {
+ System.arraycopy(bytes, 1, newBytes, 0, bytes.length - 1);
+ }
+ setValue(newBytes);
+ }
+
+ private void validatePaddingBits(int paddingBits) throws IOException {
+ if (paddingBits < 0 || paddingBits > 7) {
+ throw new IOException("Bad padding number: " + paddingBits + ", should be in [0, 7]");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BmpString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BmpString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BmpString.java
new file mode 100644
index 0000000..1c3719a
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1BmpString.java
@@ -0,0 +1,53 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+
+public class Asn1BmpString extends Asn1Simple<String>
+{
+ public Asn1BmpString() {
+ super(null);
+ }
+
+ public Asn1BmpString(String value) {
+ super(UniversalTag.BMP_STRING, value);
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return getValue().length() * 2;
+ }
+
+ protected void toBytes(EncodingOption encodingOption) {
+ String strValue = getValue();
+ int len = strValue.length();
+ byte[] bytes = new byte[len * 2];
+ char c;
+ for (int i = 0; i != len; i++) {
+ c = strValue.charAt(i);
+ bytes[2 * i] = (byte)(c >> 8);
+ bytes[2 * i + 1] = (byte)c;
+ }
+ setBytes(bytes);
+ }
+
+ protected void toValue() throws IOException {
+ byte[] bytes = getBytes();
+ char[] chars = new char[bytes.length / 2];
+ for (int i = 0; i != chars.length; i++) {
+ chars[i] = (char)((bytes[2 * i] << 8) | (bytes[2 * i + 1] & 0xff));
+ }
+ setValue(new String(chars));
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ if (content.hasLeft() % 2 != 0) {
+ throw new IOException("Bad stream, BMP string expecting multiple of 2 bytes");
+ }
+ super.decodeBody(content);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Boolean.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Boolean.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Boolean.java
new file mode 100644
index 0000000..ee08fc3
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Boolean.java
@@ -0,0 +1,52 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+
+public class Asn1Boolean extends Asn1Simple<Boolean>
+{
+ private static final byte[] TRUE_BYTE = new byte[] { (byte)0xff };
+ private static final byte[] FALSE_BYTE = new byte[] { (byte)0x00 };
+
+ public static final Asn1Boolean TRUE = new Asn1Boolean(true);
+ public static final Asn1Boolean FALSE = new Asn1Boolean(false);
+
+ public Asn1Boolean() {
+ this(null);
+ }
+
+ public Asn1Boolean(Boolean value) {
+ super(UniversalTag.BOOLEAN, value);
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return 1;
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ if (content.hasLeft() != 1) {
+ throw new IOException("More than 1 byte found for Boolean");
+ }
+ super.decodeBody(content);
+ }
+
+ @Override
+ protected void toBytes() {
+ setBytes(getValue() ? TRUE_BYTE : FALSE_BYTE);
+ }
+
+ protected void toValue() throws IOException {
+ byte[] bytes = getBytes();
+ if (bytes[0] == 0) {
+ setValue(false);
+ } else if (bytes[0] == 0xff) {
+ setValue(true);
+ } else {
+ setValue(true);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Choice.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Choice.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Choice.java
new file mode 100644
index 0000000..c11f5cf
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Choice.java
@@ -0,0 +1,154 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.*;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class Asn1Choice extends AbstractAsn1Type<Asn1Type> {
+
+ private Asn1FieldInfo[] fieldInfos;
+ private Asn1Type[] fields;
+
+ public Asn1Choice(Asn1FieldInfo[] fieldInfos) {
+ super(TagClass.UNIVERSAL, UniversalTag.CHOICE.getValue());
+ setValue(this);
+ this.fieldInfos = fieldInfos;
+ this.fields = new Asn1Type[fieldInfos.length];
+ setEncodingOption(EncodingOption.CONSTRUCTED);
+ }
+
+ @Override
+ public boolean isConstructed() {
+ return true;
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ AbstractAsn1Type field;
+ TaggingOption taggingOption;
+ for (int i = 0; i < fields.length; ++i) {
+ field = (AbstractAsn1Type) fields[i];
+ if (field != null) {
+ if (fieldInfos[i].isTagged()) {
+ taggingOption = fieldInfos[i].getTaggingOption();
+ return field.taggedEncodingLength(taggingOption);
+ } else {
+ return field.encodingLength();
+ }
+ }
+ }
+ return 0;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ Asn1Type field;
+ TaggingOption taggingOption;
+ for (int i = 0; i < fields.length; ++i) {
+ field = fields[i];
+ if (field != null) {
+ if (fieldInfos[i].isTagged()) {
+ taggingOption = fieldInfos[i].getTaggingOption();
+ field.taggedEncode(buffer, taggingOption);
+ } else {
+ field.encode(buffer);
+ }
+ break;
+ }
+ }
+ }
+
+ @Override
+ protected void decode(LimitedByteBuffer content) throws IOException {
+ int foundPos = -1;
+ Asn1Item item = decodeOne(content);
+ for (int i = 0; i < fieldInfos.length; ++i) {
+ if (item.isContextSpecific()) {
+ if (fieldInfos[i].getTagNo() == item.tagNo()) {
+ foundPos = i;
+ break;
+ }
+ } else {
+ initField(i);
+ if (fields[i].tagFlags() == item.tagFlags() &&
+ fields[i].tagNo() == item.tagNo()) {
+ foundPos = i;
+ break;
+ } else {
+ fields[i] = null;
+ }
+ }
+ }
+ if (foundPos == -1) {
+ throw new RuntimeException("Unexpected item with (tagFlags, tagNo): ("
+ + item.tagFlags() + ", " + item.tagNo() + ")");
+ }
+
+ if (! item.isFullyDecoded()) {
+ AbstractAsn1Type fieldValue = (AbstractAsn1Type) fields[foundPos];
+ if (item.isContextSpecific()) {
+ item.decodeValueWith(fieldValue, fieldInfos[foundPos].getTaggingOption());
+ } else {
+ item.decodeValueWith(fieldValue);
+ }
+ }
+ fields[foundPos] = item.getValue();
+ }
+
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ // Not used
+ }
+
+ private void initField(int idx) {
+ try {
+ fields[idx] = fieldInfos[idx].getType().newInstance();
+ } catch (Exception e) {
+ throw new IllegalArgumentException("Bad field info specified at index of " + idx, e);
+ }
+ }
+
+ protected <T extends Asn1Type> T getFieldAs(int index, Class<T> t) {
+ Asn1Type value = fields[index];
+ if (value == null) return null;
+ return (T) value;
+ }
+
+ protected void setFieldAs(int index, Asn1Type value) {
+ fields[index] = value;
+ }
+
+ protected String getFieldAsString(int index) {
+ Asn1Type value = fields[index];
+ if (value == null) return null;
+
+ if (value instanceof Asn1String) {
+ return ((Asn1String) value).getValue();
+ }
+
+ throw new RuntimeException("The targeted field type isn't of string");
+ }
+
+ protected byte[] getFieldAsOctets(int index) {
+ Asn1OctetString value = getFieldAs(index, Asn1OctetString.class);
+ if (value != null) return value.getValue();
+ return null;
+ }
+
+ protected void setFieldAsOctets(int index, byte[] bytes) {
+ Asn1OctetString value = new Asn1OctetString(bytes);
+ setFieldAs(index, value);
+ }
+
+ protected Integer getFieldAsInteger(int index) {
+ Asn1Integer value = getFieldAs(index, Asn1Integer.class);
+ if (value != null) {
+ return value.getValue();
+ }
+ return null;
+ }
+
+ protected void setFieldAsInt(int index, int value) {
+ setFieldAs(index, new Asn1Integer(value));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Collection.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Collection.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Collection.java
new file mode 100644
index 0000000..b6b3c3b
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Collection.java
@@ -0,0 +1,118 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.List;
+
+public class Asn1Collection extends AbstractAsn1Type<List<Asn1Item>>
+{
+ public Asn1Collection(TagClass tagClass, int tagNo) {
+ super(tagClass, tagNo);
+ setValue(new ArrayList<Asn1Item>());
+ setEncodingOption(EncodingOption.CONSTRUCTED);
+ }
+
+ @Override
+ public boolean isConstructed() {
+ return true;
+ }
+
+ public void addItem(Asn1Type value) {
+ if (value instanceof Asn1Item) {
+ getValue().add((Asn1Item) value);
+ } else {
+ getValue().add(new Asn1Item(value));
+ }
+ }
+
+ public void clear() {
+ getValue().clear();
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ List<Asn1Item> valueItems = getValue();
+ int allLen = 0;
+ for (Asn1Item item : valueItems) {
+ if (item != null) {
+ allLen += item.encodingLength();
+ }
+ }
+ return allLen;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ List<Asn1Item> valueItems = getValue();
+ for (Asn1Item item : valueItems) {
+ if (item != null) {
+ item.encode(buffer);
+ }
+ }
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ while (content.available()) {
+ Asn1Type aValue = decodeOne(content);
+ if (aValue != null) {
+ if (aValue instanceof Asn1Item) {
+ addItem((Asn1Item) aValue);
+ } else {
+ addItem(aValue);
+ }
+ } else {
+ throw new RuntimeException("Unexpected running into here");
+ }
+ }
+ }
+
+ public static boolean isCollection(int tagNo) {
+ return isCollection(UniversalTag.fromValue(tagNo));
+ }
+
+ public static boolean isCollection(UniversalTag tagNo) {
+ switch (tagNo) {
+ case SEQUENCE:
+ case SEQUENCE_OF:
+ case SET:
+ case SET_OF:
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ public static Asn1Type createCollection(int tagNo) {
+ if (! isCollection(tagNo)) {
+ throw new IllegalArgumentException("Not collection type, tag: " + tagNo);
+ }
+ return createCollection(UniversalTag.fromValue(tagNo));
+ }
+
+ public static Asn1Type createCollection(UniversalTag tagNo) {
+ if (! isCollection(tagNo)) {
+ throw new IllegalArgumentException("Not collection type, tag: " + tagNo);
+ }
+
+ switch (tagNo) {
+ case SEQUENCE:
+ return new Asn1Sequence();
+ case SEQUENCE_OF:
+ return new Asn1Sequence();
+ case SET:
+ return new Asn1Set();
+ case SET_OF:
+ return new Asn1Set();
+ default:
+ throw new IllegalArgumentException("Unexpected tag " + tagNo.getValue());
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionOf.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionOf.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionOf.java
new file mode 100644
index 0000000..037d60e
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionOf.java
@@ -0,0 +1,69 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.TagClass;
+
+import java.io.IOException;
+import java.lang.reflect.ParameterizedType;
+import java.util.ArrayList;
+import java.util.List;
+
+public abstract class Asn1CollectionOf<T extends Asn1Type> extends Asn1Collection
+{
+ public Asn1CollectionOf(TagClass tagClass, int tagNo) {
+ super(tagClass, tagNo);
+ }
+
+ public List<T> getElements() {
+ List<Asn1Item> items = getValue();
+ int nElements = items != null ? items.size() : 0;
+ List<T> results = new ArrayList<T>(nElements);
+ if (nElements > 0) {
+ for (Asn1Item item : items) {
+ if (!item.isFullyDecoded()) {
+ try {
+ item.decodeValueAs(getElementType());
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ results.add((T) item.getValue());
+ }
+ }
+ return results;
+ }
+
+ public void setElements(List<T> elements) {
+ super.clear();
+
+ for (T ele : elements) {
+ addElement(ele);
+ }
+ }
+
+ public void addElements(T ... elements) {
+ for (T ele : elements) {
+ addElement(ele);
+ }
+ }
+
+ public void addElement(T element) {
+ super.addItem(element);
+ }
+
+ @Override
+ public void addItem(Asn1Type value) {
+ Class<T> eleType = getElementType();
+ if (value instanceof Asn1Item) {
+ super.addItem(value);
+ } else if (! eleType.isInstance(value)) {
+ throw new RuntimeException("Unexpected element type " + value.getClass().getCanonicalName());
+ } else {
+ addElement((T) value);
+ }
+ }
+
+ protected Class<T> getElementType() {
+ Class<T> elementType = (Class<T>) ((ParameterizedType) getClass().getGenericSuperclass()).getActualTypeArguments()[0];
+ return elementType;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionType.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionType.java
new file mode 100644
index 0000000..057c254
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1CollectionType.java
@@ -0,0 +1,176 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.TaggingOption;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * For collection type that may consist of tagged fields
+ */
+public abstract class Asn1CollectionType extends AbstractAsn1Type<Asn1CollectionType> {
+ private Asn1FieldInfo[] fieldInfos;
+ private Asn1Type[] fields;
+
+ public Asn1CollectionType(int universalTagNo, Asn1FieldInfo[] fieldInfos) {
+ super(TagClass.UNIVERSAL, universalTagNo);
+ setValue(this);
+ this.fieldInfos = fieldInfos;
+ this.fields = new Asn1Type[fieldInfos.length];
+ setEncodingOption(EncodingOption.CONSTRUCTED);
+ }
+
+ @Override
+ public boolean isConstructed() {
+ return true;
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ int allLen = 0;
+ AbstractAsn1Type field;
+ TaggingOption taggingOption;
+ for (int i = 0; i < fields.length; ++i) {
+ field = (AbstractAsn1Type) fields[i];
+ if (field != null) {
+ if (fieldInfos[i].isTagged()) {
+ taggingOption = fieldInfos[i].getTaggingOption();
+ allLen += field.taggedEncodingLength(taggingOption);
+ } else {
+ allLen += field.encodingLength();
+ }
+ }
+ }
+ return allLen;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ Asn1Type field;
+ TaggingOption taggingOption;
+ for (int i = 0; i < fields.length; ++i) {
+ field = fields[i];
+ if (field != null) {
+ if (fieldInfos[i].isTagged()) {
+ taggingOption = fieldInfos[i].getTaggingOption();
+ field.taggedEncode(buffer, taggingOption);
+ } else {
+ field.encode(buffer);
+ }
+ }
+ }
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ initFields();
+
+ Asn1Collection coll = createCollection();
+ coll.decode(tagFlags(), tagNo(), content);
+
+ int lastPos = -1, foundPos = -1;
+ for (Asn1Item item : coll.getValue()) {
+ foundPos = -1;
+ for (int i = lastPos + 1; i < fieldInfos.length; ++i) {
+ if (item.isContextSpecific()) {
+ if(fieldInfos[i].getTagNo() == item.tagNo()) {
+ foundPos = i;
+ break;
+ }
+ } else if (fields[i].tagFlags() == item.tagFlags() &&
+ fields[i].tagNo() == item.tagNo()) {
+ foundPos = i;
+ break;
+ }
+ }
+ if (foundPos == -1) {
+ throw new RuntimeException("Unexpected item with (tagFlags, tagNo): ("
+ + item.tagFlags() + ", " + item.tagNo() + ")");
+ }
+
+ if (! item.isFullyDecoded()) {
+ AbstractAsn1Type fieldValue = (AbstractAsn1Type) fields[foundPos];
+ if (item.isContextSpecific()) {
+ item.decodeValueWith(fieldValue, fieldInfos[foundPos].getTaggingOption());
+ } else {
+ item.decodeValueWith(fieldValue);
+ }
+ }
+ fields[foundPos] = item.getValue();
+ lastPos = foundPos;
+ }
+ }
+
+ private void initFields() {
+ for (int i = 0; i < fieldInfos.length; ++i) {
+ try {
+ fields[i] = fieldInfos[i].getType().newInstance();
+ } catch (Exception e) {
+ throw new IllegalArgumentException("Bad field info specified at index of " + i, e);
+ }
+ }
+ }
+
+ protected abstract Asn1Collection createCollection();
+
+ protected <T extends Asn1Type> T getFieldAs(int index, Class<T> t) {
+ Asn1Type value = fields[index];
+ if (value == null) return null;
+ return (T) value;
+ }
+
+ protected void setFieldAs(int index, Asn1Type value) {
+ fields[index] = value;
+ }
+
+ protected String getFieldAsString(int index) {
+ Asn1Type value = fields[index];
+ if (value == null) return null;
+
+ if (value instanceof Asn1String) {
+ return ((Asn1String) value).getValue();
+ }
+
+ throw new RuntimeException("The targeted field type isn't of string");
+ }
+
+ protected byte[] getFieldAsOctets(int index) {
+ Asn1OctetString value = getFieldAs(index, Asn1OctetString.class);
+ if (value != null) return value.getValue();
+ return null;
+ }
+
+ protected void setFieldAsOctets(int index, byte[] bytes) {
+ Asn1OctetString value = new Asn1OctetString(bytes);
+ setFieldAs(index, value);
+ }
+
+ protected Integer getFieldAsInteger(int index) {
+ Asn1Integer value = getFieldAs(index, Asn1Integer.class);
+ if (value != null) {
+ return value.getValue();
+ }
+ return null;
+ }
+
+ protected void setFieldAsInt(int index, int value) {
+ setFieldAs(index, new Asn1Integer(value));
+ }
+
+ protected Asn1Type getFieldAsAny(int index) {
+ Asn1Any any = getFieldAs(index, Asn1Any.class);
+ if (any != null) {
+ return any.getValue();
+ }
+ return null;
+ }
+
+ protected void setFieldAsAny(int index, Asn1Type value) {
+ if (value != null) {
+ setFieldAs(index, new Asn1Any(value));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1FieldInfo.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1FieldInfo.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1FieldInfo.java
new file mode 100644
index 0000000..734fa18
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1FieldInfo.java
@@ -0,0 +1,57 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.TaggingOption;
+
+public class Asn1FieldInfo {
+ private int index;
+ private int tagNo;
+ private boolean isImplicit;
+ private Class<? extends Asn1Type> type;
+
+ public Asn1FieldInfo(int index, int tagNo, Class<? extends Asn1Type> type) {
+ this(index, tagNo, type, false);
+ }
+
+ public Asn1FieldInfo(int index, Class<? extends Asn1Type> type) {
+ this(index, index, type, false);
+ }
+
+ public Asn1FieldInfo(int index, Class<? extends Asn1Type> type, boolean isImplicit) {
+ this(index, index, type, isImplicit);
+ }
+
+ public Asn1FieldInfo(int index, int tagNo, Class<? extends Asn1Type> type, boolean isImplicit) {
+ this.index = index;
+ this.tagNo = tagNo;
+ this.type = type;
+ this.isImplicit = isImplicit;
+ }
+
+ public boolean isTagged() {
+ return tagNo != -1;
+ }
+
+ public TaggingOption getTaggingOption() {
+ if (isImplicit) {
+ return TaggingOption.newImplicitContextSpecific(tagNo);
+ } else {
+ return TaggingOption.newExplicitContextSpecific(tagNo);
+ }
+ }
+
+ public int getTagNo() {
+ return tagNo;
+ }
+
+ public int getIndex() {
+ return index;
+ }
+
+ public boolean isImplicit() {
+ return isImplicit;
+ }
+
+ public Class<? extends Asn1Type> getType() {
+ return type;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralString.java
new file mode 100644
index 0000000..a76931b
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralString.java
@@ -0,0 +1,14 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1GeneralString extends Asn1String
+{
+ public Asn1GeneralString() {
+ super(UniversalTag.GENERAL_STRING);
+ }
+
+ public Asn1GeneralString(String value) {
+ super(UniversalTag.GENERAL_STRING, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralizedTime.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralizedTime.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralizedTime.java
new file mode 100644
index 0000000..d2e53fc
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1GeneralizedTime.java
@@ -0,0 +1,115 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.SimpleTimeZone;
+import java.util.TimeZone;
+
+public class Asn1GeneralizedTime extends Asn1Simple<Date>
+{
+ public Asn1GeneralizedTime() {
+ this(null);
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public Asn1GeneralizedTime(long time) {
+ super(UniversalTag.GENERALIZED_TIME, new Date(time));
+ }
+
+ public Asn1GeneralizedTime(Date date) {
+ super(UniversalTag.UTC_TIME, date);
+ }
+
+ protected void toValue() throws IOException {
+ String dateStr = new String(getBytes(), StandardCharsets.US_ASCII);
+ SimpleDateFormat sdf;
+ String fixedDateStr = dateStr;
+
+ boolean withZ = dateStr.endsWith("Z");
+ String timeZonePart = getTimeZonePart(dateStr);
+ boolean withZone = timeZonePart != null;
+ String millSecs = getMillSeconds(dateStr);
+
+ fixedDateStr = dateStr.substring(0, 14) + millSecs;
+ if (withZ) {
+ sdf = new SimpleDateFormat("yyyyMMddHHmmssSSS");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ } else if (withZone) {
+ fixedDateStr += timeZonePart;
+ sdf = new SimpleDateFormat("yyyyMMddHHmmssSSSz");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ } else {
+ sdf = new SimpleDateFormat("yyyyMMddHHmmssSSS");
+ sdf.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));
+ }
+
+ try {
+ setValue(sdf.parse(fixedDateStr));
+ } catch (ParseException e) {
+ throw new IOException("Failed to parse as generalized time string " + dateStr);
+ }
+ }
+
+ @Override
+ protected void toBytes() {
+ Date date = getValue();
+ SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+ dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+ String str = dateF.format(date);
+ byte[] bytes = str.getBytes(StandardCharsets.US_ASCII);
+ setBytes(bytes);
+ }
+
+ /**
+ * Extract the fractional part in seconds and convert into integer by (frac * 1000) as milli seconds
+ */
+ private String getMillSeconds(String dateStr) {
+ char[] millDigits = new char[] {'0', '0', '0'};
+
+ int iPos = dateStr.indexOf('.');
+ if (iPos > 0) {
+ if (iPos != 14) {
+ throw new IllegalArgumentException("Bad generalized time string, " +
+ "with improper milli seconds " + dateStr);
+ }
+
+ char chr;
+ int j = 0;
+ for (int i = 15; i < dateStr.length() && j < millDigits.length; i++) {
+ chr = dateStr.charAt(i);
+ if ('0' <= chr && chr <= '9') {
+ millDigits[j++] = chr;
+ } else break;
+ }
+ }
+
+ return new String(millDigits);
+ }
+
+ /**
+ * Extract the timezone part if any
+ */
+ private String getTimeZonePart(String dateStr) {
+ int iPos = dateStr.indexOf('+');
+ if (iPos == -1) {
+ iPos = dateStr.indexOf('-');
+ }
+ if (iPos > 0 && iPos != dateStr.length() - 5) {
+ throw new IllegalArgumentException("Bad generalized time string, " +
+ "with improper timezone part " + dateStr);
+ }
+
+ if (iPos > 0) {
+ return dateStr.substring(iPos);
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1IA5String.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1IA5String.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1IA5String.java
new file mode 100644
index 0000000..bf86ab9
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1IA5String.java
@@ -0,0 +1,14 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1IA5String extends Asn1String
+{
+ public Asn1IA5String() {
+ super(UniversalTag.IA5_STRING);
+ }
+
+ public Asn1IA5String(String value) {
+ super(UniversalTag.IA5_STRING, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Integer.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Integer.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Integer.java
new file mode 100644
index 0000000..210ac2b
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Integer.java
@@ -0,0 +1,27 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+public class Asn1Integer extends Asn1Simple<Integer>
+{
+ public Asn1Integer() {
+ this(null);
+ }
+
+ public Asn1Integer(Integer value) {
+ super(UniversalTag.INTEGER, value);
+ }
+
+ @Override
+ protected void toBytes() {
+ setBytes(BigInteger.valueOf(getValue()).toByteArray());
+ }
+
+ @Override
+ protected void toValue() throws IOException {
+ setValue(new BigInteger(getBytes()).intValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Item.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Item.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Item.java
new file mode 100644
index 0000000..b7d6f5d
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Item.java
@@ -0,0 +1,136 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.Asn1Factory;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TaggingOption;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Asn1Item serves two purposes:
+ * 1. Wrapping an existing Asn1Type value for Asn1Collection;
+ * 2. Wrapping a half decoded value whose body content is left to be decoded later when appropriate.
+ * Why not fully decoded at once? Lazy and decode on demand for collection, or impossible due to lacking
+ * key parameters, like implicit encoded value for tagged value.
+ *
+ * For not fully decoded value, you tell your case using isSimple/isCollection/isTagged/isContextSpecific etc.,
+ * then call decodeValueAsSimple/decodeValueAsCollection/decodeValueAsImplicitTagged/decodeValueAsExplicitTagged etc.
+ * to decode it fully. Or if you have already derived the value holder or the holder type, you can use decodeValueWith
+ * or decodeValueAs with your holder or hodler type.
+ */
+public class Asn1Item extends AbstractAsn1Type<Asn1Type>
+{
+ private LimitedByteBuffer bodyContent;
+
+ public Asn1Item(Asn1Type value) {
+ super(value.tagFlags(), value.tagNo(), value);
+ }
+
+ public Asn1Item(int tag, int tagNo, LimitedByteBuffer bodyContent) {
+ super(tag, tagNo);
+ this.bodyContent = bodyContent;
+ }
+
+ public LimitedByteBuffer getBodyContent() {
+ return bodyContent;
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ if (getValue() != null) {
+ return ((AbstractAsn1Type) getValue()).encodingBodyLength();
+ }
+ return (int) bodyContent.hasLeft();
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ if (getValue() != null) {
+ ((AbstractAsn1Type) getValue()).encodeBody(buffer);
+ } else {
+ try {
+ buffer.put(bodyContent.readAllLeftBytes());
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to read all left bytes from body content", e);
+ }
+ }
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer bodyContent) throws IOException {
+ this.bodyContent = bodyContent;
+ }
+
+ public boolean isFullyDecoded() {
+ return getValue() != null;
+ }
+
+ public void decodeValueAsSimple() throws IOException {
+ if (getValue() != null) return;
+ if (! isSimple()) {
+ throw new IllegalArgumentException("Attempting to decode non-simple value as simple");
+ }
+
+ Asn1Type value = Asn1Factory.create(tagNo());
+ decodeValueWith(value);
+ }
+
+ public void decodeValueAsCollection() throws IOException {
+ if (getValue() != null) return;
+ if (! isCollection()) {
+ throw new IllegalArgumentException("Attempting to decode non-collection value as collection");
+ }
+
+ Asn1Type value = Asn1Factory.create(tagNo());
+ decodeValueWith(value);
+ }
+
+ public void decodeValueAs(Class<? extends Asn1Type> type) throws IOException {
+ Asn1Type value;
+ try {
+ value = type.newInstance();
+ } catch (Exception e) {
+ throw new RuntimeException("Invalid type: " + type.getCanonicalName(), e);
+ }
+ decodeValueWith(value);
+ }
+
+ public void decodeValueWith(Asn1Type value) throws IOException {
+ setValue(value);
+ ((AbstractAsn1Type) value).decode(tagFlags(), tagNo(), bodyContent);
+ }
+
+ public void decodeValueAsImplicitTagged(int originalTag, int originalTagNo) throws IOException {
+ if (! isTagged()) {
+ throw new IllegalArgumentException("Attempting to decode non-tagged value using tagging way");
+ }
+ Asn1Item taggedValue = new Asn1Item(originalTag, originalTagNo, getBodyContent());
+ decodeValueWith(taggedValue);
+ }
+
+ public void decodeValueAsExplicitTagged() throws IOException {
+ if (! isTagged()) {
+ throw new IllegalArgumentException("Attempting to decode non-tagged value using tagging way");
+ }
+ Asn1Item taggedValue = decodeOne(getBodyContent());
+ decodeValueWith(taggedValue);
+ }
+
+ private void decodeValueWith(Asn1Item taggedValue) throws IOException {
+ taggedValue.decodeValueAsSimple();
+ if (taggedValue.isFullyDecoded()) {
+ setValue(taggedValue.getValue());
+ } else {
+ setValue(taggedValue);
+ }
+ }
+
+ public void decodeValueWith(Asn1Type value, TaggingOption taggingOption) throws IOException {
+ if (! isTagged()) {
+ throw new IllegalArgumentException("Attempting to decode non-tagged value using tagging way");
+ }
+ ((AbstractAsn1Type) value).taggedDecode(tagFlags(), tagNo(), getBodyContent(), taggingOption);
+ setValue(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Null.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Null.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Null.java
new file mode 100644
index 0000000..f4cdc77
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Null.java
@@ -0,0 +1,33 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+
+public class Asn1Null extends Asn1Simple<Object>
+{
+ public static final Asn1Null NULL = new Asn1Null();
+ private static final byte[] EMPTY_BYTES = new byte[0];
+
+ public Asn1Null() {
+ super(null, UniversalTag.NULL);
+ }
+
+ @Override
+ protected byte[] encodeBody() {
+ return EMPTY_BYTES;
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return 0;
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ if (content.hasLeft() != 0) {
+ throw new IOException("Unexpected bytes found for NULL");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1NumericsString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1NumericsString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1NumericsString.java
new file mode 100644
index 0000000..fc7092f
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1NumericsString.java
@@ -0,0 +1,31 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1NumericsString extends Asn1String
+{
+ public Asn1NumericsString() {
+ this(null);
+ }
+
+ public Asn1NumericsString(String value) {
+ super(UniversalTag.NUMERIC_STRING, value);
+ if (value != null) {
+ if (!isNumeric(value)) {
+ throw new IllegalArgumentException("Invalid numeric string");
+ }
+ }
+ }
+
+ public static boolean isNumeric(String s) {
+ char c;
+ for (int i = s.length() - 1; i >= 0; i--) {
+ c = s.charAt(i);
+ if ((c >= '0' && c <= '9') || c == ' ') {
+ continue;
+ }
+ return false;
+ }
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1ObjectIdentifier.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1ObjectIdentifier.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1ObjectIdentifier.java
new file mode 100644
index 0000000..515a879
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1ObjectIdentifier.java
@@ -0,0 +1,145 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+
+public class Asn1ObjectIdentifier extends Asn1Simple<String>
+{
+ public Asn1ObjectIdentifier() {
+ this(null);
+ }
+
+ public Asn1ObjectIdentifier(String value) {
+ super(UniversalTag.OBJECT_IDENTIFIER, value);
+ }
+
+ @Override
+ protected void toBytes() {
+ byte[][] bytesArr = convert(getValue());
+ int allLen = 0;
+ for (byte[] bytes : bytesArr) {
+ allLen += bytes.length;
+ }
+ ByteBuffer buffer = ByteBuffer.allocate(allLen);
+ for (byte[] bytes : bytesArr) {
+ buffer.put(bytes);
+ }
+ setBytes(buffer.array());
+ }
+
+ protected void toValue() {
+ StringBuilder sb = new StringBuilder();
+
+ byte[] bytes = getBytes();
+ byte[][] bytesGroups = group(bytes);
+ BigInteger[] coms = convert(bytesGroups);
+
+ long first = coms[0].longValue();
+ sb.append(first / 40).append('.');
+ sb.append(first % 40);
+ if (coms.length > 1) {
+ sb.append('.');
+ }
+
+ for (int i = 1; i < coms.length; ++i) {
+ sb.append(coms[i].toString());
+ if (i != coms.length - 1) {
+ sb.append('.');
+ }
+ }
+
+ String value = sb.toString();
+ setValue(value);
+ }
+
+ private BigInteger[] convert(byte[][] bytesGroups) {
+ BigInteger[] comps = new BigInteger[bytesGroups.length];
+
+ for (int i = 0; i < bytesGroups.length; ++i) {
+ comps[i] = convert(bytesGroups[i]);
+ }
+
+ return comps;
+ }
+
+ private BigInteger convert(byte[] bytes) {
+ BigInteger value = BigInteger.valueOf(bytes[0] & 0x7f);
+ for (int i = 1; i < bytes.length; ++i) {
+ value = value.shiftLeft(7);
+ value = value.or(BigInteger.valueOf(bytes[i] & 0x7f));
+ }
+
+ return value;
+ }
+
+ /**
+ * divide and group bytes together belonging to each component
+ */
+ private byte[][] group(byte[] bytes) {
+ int count = 0, i, j;
+ int[] countArr = new int[bytes.length]; // how many bytes for each group
+ for (i = 0; i < countArr.length; ++i) countArr[i] = 0;
+
+ for (j = 0, i = 0; i < bytes.length; ++i) {
+ if ((bytes[i] & 0x80) != 0) {
+ countArr[j]++;
+ } else {
+ countArr[j++]++;
+ }
+ }
+ count = j;
+
+ byte[][] bytesGroups = new byte[count][];
+ for (i = 0; i < count; ++i) {
+ bytesGroups[i] = new byte[countArr[i]];
+ }
+
+ int k = 0;
+ for (j = 0, i = 0; i < bytes.length; ++i) {
+ bytesGroups[j][k++] = bytes[i];
+ if ((bytes[i] & 0x80) == 0) {
+ j++;
+ k = 0;
+ }
+ }
+
+ return bytesGroups;
+ }
+
+ private byte[][] convert(String oid) {
+ String[] parts = oid.split("\\.");
+ BigInteger[] coms = new BigInteger[parts.length - 1];
+ for (int i = 1; i < parts.length; ++i) {
+ coms[i - 1] = new BigInteger(parts[i]);
+ }
+ coms[0] = coms[0].add(BigInteger.valueOf(Integer.parseInt(parts[0]) * 40));
+
+ byte[][] bytesGroups = new byte[coms.length][];
+ for (int i = 0; i < coms.length; ++i) {
+ bytesGroups[i] = convert(coms[i]);
+ }
+
+ return bytesGroups;
+ }
+
+ private byte[] convert(BigInteger value) {
+ int bitLen = value.bitLength();
+
+ if (bitLen < 8) {
+ return new byte[] { value.byteValue() };
+ }
+
+ int len = (bitLen + 6) / 7;
+ byte[] bytes = new byte[len];
+ BigInteger tmpValue = value;
+ for (int i = len - 1; i >= 0; i--) {
+ bytes[i] = (byte)((tmpValue.byteValue() & 0x7f) | 0x80);
+ tmpValue = tmpValue.shiftRight(7);
+ }
+ bytes[len - 1] &= 0x7f;
+
+ return bytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1OctetString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1OctetString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1OctetString.java
new file mode 100644
index 0000000..2d76aab
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1OctetString.java
@@ -0,0 +1,32 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+
+public class Asn1OctetString extends Asn1Simple<byte[]>
+{
+ public Asn1OctetString() {
+ this(null);
+ }
+
+ public Asn1OctetString(byte[] value) {
+ super(UniversalTag.OCTET_STRING, value);
+ }
+
+ @Override
+ protected byte[] encodeBody() {
+ return getValue();
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ return getValue().length;
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ setValue(content.readAllLeftBytes());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1PrintableString.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1PrintableString.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1PrintableString.java
new file mode 100644
index 0000000..e0af8ec
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1PrintableString.java
@@ -0,0 +1,14 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1PrintableString extends Asn1String
+{
+ public Asn1PrintableString() {
+ this(null);
+ }
+
+ public Asn1PrintableString(String value) {
+ super(UniversalTag.PRINTABLE_STRING, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Sequence.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Sequence.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Sequence.java
new file mode 100644
index 0000000..26b8ada
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Sequence.java
@@ -0,0 +1,11 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1Sequence extends Asn1Collection
+{
+ public Asn1Sequence() {
+ super(TagClass.UNIVERSAL, UniversalTag.SEQUENCE.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceOf.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceOf.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceOf.java
new file mode 100644
index 0000000..33e2c7b
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceOf.java
@@ -0,0 +1,19 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1SequenceOf<T extends Asn1Type> extends Asn1CollectionOf<T>
+{
+ public Asn1SequenceOf() {
+ super(TagClass.UNIVERSAL, UniversalTag.SEQUENCE_OF.getValue());
+ }
+
+ public boolean isEmpty() {
+ return (getValue() == null || getElements().size() == 0);
+ }
+
+ public void add(T element) {
+ getElements().add(element);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceType.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceType.java
new file mode 100644
index 0000000..70d13c2
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SequenceType.java
@@ -0,0 +1,18 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+/**
+ * For sequence type that consists of tagged fields
+ */
+public class Asn1SequenceType extends Asn1CollectionType {
+
+ public Asn1SequenceType(Asn1FieldInfo[] tags) {
+ super(UniversalTag.SEQUENCE.getValue(), tags);
+ }
+
+ @Override
+ protected Asn1Collection createCollection() {
+ return new Asn1Sequence();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Set.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Set.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Set.java
new file mode 100644
index 0000000..14763db
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Set.java
@@ -0,0 +1,11 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1Set extends Asn1Collection
+{
+ public Asn1Set() {
+ super(TagClass.UNIVERSAL, UniversalTag.SET.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetOf.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetOf.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetOf.java
new file mode 100644
index 0000000..b628ad6
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetOf.java
@@ -0,0 +1,11 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1SetOf<T extends Asn1Type> extends Asn1CollectionOf<T>
+{
+ public Asn1SetOf() {
+ super(TagClass.UNIVERSAL, UniversalTag.SET_OF.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetType.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetType.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetType.java
new file mode 100644
index 0000000..9843dec
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1SetType.java
@@ -0,0 +1,18 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+/**
+ * For set type that consists of tagged fields
+ */
+public class Asn1SetType extends Asn1CollectionType {
+
+ public Asn1SetType(Asn1FieldInfo[] tags) {
+ super(UniversalTag.SET.getValue(), tags);
+ }
+
+ @Override
+ protected Asn1Collection createCollection() {
+ return new Asn1Set();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Simple.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Simple.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Simple.java
new file mode 100644
index 0000000..b7d729c
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Simple.java
@@ -0,0 +1,165 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TagClass;
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public abstract class Asn1Simple<T> extends AbstractAsn1Type<T> {
+ private byte[] bytes;
+
+ public Asn1Simple(UniversalTag tagNo) {
+ this(tagNo, null);
+ }
+
+ public Asn1Simple(UniversalTag tagNo, T value) {
+ super(TagClass.UNIVERSAL, tagNo.getValue(), value);
+ setEncodingOption(EncodingOption.PRIMITIVE);
+ }
+
+ protected byte[] getBytes() {
+ return bytes;
+ }
+
+ protected void setBytes(byte[] bytes) {
+ this.bytes = bytes;
+ }
+
+ @Override
+ public void encode(ByteBuffer buffer) {
+ encodeTag(buffer, tagFlags(), tagNo());
+ int bodyLen = encodingBodyLength();
+ encodeLength(buffer, bodyLen);
+ if (bodyLen > 0) {
+ buffer.put(encodeBody());
+ }
+ }
+
+ protected byte[] encodeBody() {
+ if (bytes == null) {
+ toBytes();
+ }
+ return bytes;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ buffer.put(encodeBody());
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ if (getValue() == null) {
+ return 0;
+ }
+ if (bytes == null) {
+ toBytes();
+ }
+ return bytes.length;
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ byte[] leftBytes = content.readAllLeftBytes();
+ if (leftBytes.length > 0) {
+ setBytes(leftBytes);
+ toValue();
+ }
+ }
+
+ @Override
+ public boolean isConstructed() {
+ return false;
+ }
+
+ protected void toValue() throws IOException {}
+
+ protected void toBytes() {}
+
+ public static boolean isSimple(int tagNo) {
+ return isSimple(UniversalTag.fromValue(tagNo));
+ }
+
+ public static boolean isSimple(UniversalTag tagNo) {
+ switch (tagNo) {
+ case BIT_STRING:
+ case BMP_STRING:
+ case BOOLEAN:
+ case ENUMERATED:
+ case GENERALIZED_TIME:
+ case GENERAL_STRING:
+ case IA5_STRING:
+ case INTEGER:
+ case NULL:
+ case NUMERIC_STRING:
+ case OBJECT_IDENTIFIER:
+ case OCTET_STRING:
+ case PRINTABLE_STRING:
+ case T61_STRING:
+ case UNIVERSAL_STRING:
+ case UTC_TIME:
+ case UTF8_STRING:
+ case VISIBLE_STRING:
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ public static Asn1Type createSimple(int tagNo) {
+ if (! isSimple(tagNo)) {
+ throw new IllegalArgumentException("Not simple type, tag: " + tagNo);
+ }
+ return createSimple(UniversalTag.fromValue(tagNo));
+ }
+
+ public static Asn1Type createSimple(UniversalTag tagNo) {
+ if (! isSimple(tagNo)) {
+ throw new IllegalArgumentException("Not simple type, tag: " + tagNo);
+ }
+
+ switch (tagNo) {
+ case BIT_STRING:
+ return new Asn1BitString();
+ case BMP_STRING:
+ return new Asn1BmpString();
+ case BOOLEAN:
+ return new Asn1Boolean();
+ case ENUMERATED:
+ return null;
+ case GENERALIZED_TIME:
+ return new Asn1GeneralizedTime();
+ case GENERAL_STRING:
+ return new Asn1GeneralString();
+ case IA5_STRING:
+ return new Asn1IA5String();
+ case INTEGER:
+ return new Asn1Integer();
+ case NULL:
+ return new Asn1Null();
+ case NUMERIC_STRING:
+ return new Asn1NumericsString();
+ case OBJECT_IDENTIFIER:
+ return new Asn1ObjectIdentifier();
+ case OCTET_STRING:
+ return new Asn1OctetString();
+ case PRINTABLE_STRING:
+ return new Asn1PrintableString();
+ case T61_STRING:
+ return new Asn1T61String();
+ case UNIVERSAL_STRING:
+ return new Asn1UniversalString();
+ case UTC_TIME:
+ return new Asn1UtcTime();
+ case UTF8_STRING:
+ return new Asn1Utf8String();
+ case VISIBLE_STRING:
+ return new Asn1VisibleString();
+ default:
+ throw new IllegalArgumentException("Unexpected tag " + tagNo.getValue());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1String.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1String.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1String.java
new file mode 100644
index 0000000..328d278
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1String.java
@@ -0,0 +1,273 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+public abstract class Asn1String extends Asn1Simple<String>
+{
+ public Asn1String(UniversalTag tagNo) {
+ super(tagNo, null);
+ }
+
+ public Asn1String(UniversalTag tagNo, String value) {
+ super(tagNo, value);
+ }
+
+ @Override
+ protected void toBytes() {
+ byte[] bytes = getValue().getBytes(StandardCharsets.US_ASCII);
+ setBytes(bytes);
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ if (getValue() != null) {
+ return getValue().length();
+ }
+ return 0;
+ }
+
+ protected void toValue() throws IOException {
+ byte[] bytes = getBytes();
+ setValue(new String(bytes, StandardCharsets.US_ASCII));
+ }
+
+ public static String fromUTF8ByteArray(byte[] bytes) {
+ int i = 0;
+ int length = 0;
+
+ while (i < bytes.length) {
+ length++;
+ if ((bytes[i] & 0xf0) == 0xf0) {
+ // surrogate pair
+ length++;
+ i += 4;
+ } else if ((bytes[i] & 0xe0) == 0xe0) {
+ i += 3;
+ } else if ((bytes[i] & 0xc0) == 0xc0) {
+ i += 2;
+ } else {
+ i += 1;
+ }
+ }
+
+ char[] cs = new char[length];
+ i = 0;
+ length = 0;
+
+ while (i < bytes.length) {
+ char ch;
+
+ if ((bytes[i] & 0xf0) == 0xf0) {
+ int codePoint = ((bytes[i] & 0x03) << 18) | ((bytes[i+1] & 0x3F) << 12) | ((bytes[i+2] & 0x3F) << 6) | (bytes[i+3] & 0x3F);
+ int U = codePoint - 0x10000;
+ char W1 = (char)(0xD800 | (U >> 10));
+ char W2 = (char)(0xDC00 | (U & 0x3FF));
+ cs[length++] = W1;
+ ch = W2;
+ i += 4;
+ } else if ((bytes[i] & 0xe0) == 0xe0) {
+ ch = (char)(((bytes[i] & 0x0f) << 12)
+ | ((bytes[i + 1] & 0x3f) << 6) | (bytes[i + 2] & 0x3f));
+ i += 3;
+ } else if ((bytes[i] & 0xd0) == 0xd0) {
+ ch = (char)(((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
+ i += 2;
+ } else if ((bytes[i] & 0xc0) == 0xc0) {
+ ch = (char)(((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
+ i += 2;
+ } else {
+ ch = (char)(bytes[i] & 0xff);
+ i += 1;
+ }
+
+ cs[length++] = ch;
+ }
+
+ return new String(cs);
+ }
+
+ public static byte[] toUTF8ByteArray(String string) {
+ return toUTF8ByteArray(string.toCharArray());
+ }
+
+ public static byte[] toUTF8ByteArray(char[] string) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ try {
+ toUTF8ByteArray(string, bOut);
+ } catch (IOException e) {
+ throw new IllegalStateException("cannot encode string to byte array!");
+ }
+
+ return bOut.toByteArray();
+ }
+
+ public static void toUTF8ByteArray(char[] string, OutputStream sOut) throws IOException {
+ char[] c = string;
+ int i = 0;
+
+ while (i < c.length) {
+ char ch = c[i];
+
+ if (ch < 0x0080) {
+ sOut.write(ch);
+ } else if (ch < 0x0800) {
+ sOut.write(0xc0 | (ch >> 6));
+ sOut.write(0x80 | (ch & 0x3f));
+ }
+ // surrogate pair
+ else if (ch >= 0xD800 && ch <= 0xDFFF) {
+ // in error - can only happen, if the Java String class has a
+ // bug.
+ if (i + 1 >= c.length) {
+ throw new IllegalStateException("invalid UTF-16 codepoint");
+ }
+ char W1 = ch;
+ ch = c[++i];
+ char W2 = ch;
+ // in error - can only happen, if the Java String class has a
+ // bug.
+ if (W1 > 0xDBFF) {
+ throw new IllegalStateException("invalid UTF-16 codepoint");
+ }
+ int codePoint = (((W1 & 0x03FF) << 10) | (W2 & 0x03FF)) + 0x10000;
+ sOut.write(0xf0 | (codePoint >> 18));
+ sOut.write(0x80 | ((codePoint >> 12) & 0x3F));
+ sOut.write(0x80 | ((codePoint >> 6) & 0x3F));
+ sOut.write(0x80 | (codePoint & 0x3F));
+ } else {
+ sOut.write(0xe0 | (ch >> 12));
+ sOut.write(0x80 | ((ch >> 6) & 0x3F));
+ sOut.write(0x80 | (ch & 0x3F));
+ }
+
+ i++;
+ }
+ }
+
+ /**
+ * A locale independent version of toUpperCase.
+ *
+ * @param string input to be converted
+ * @return a US Ascii uppercase version
+ */
+ public static String toUpperCase(String string) {
+ boolean changed = false;
+ char[] chars = string.toCharArray();
+
+ for (int i = 0; i != chars.length; i++) {
+ char ch = chars[i];
+ if ('a' <= ch && 'z' >= ch) {
+ changed = true;
+ chars[i] = (char)(ch - 'a' + 'A');
+ }
+ }
+
+ if (changed) {
+ return new String(chars);
+ }
+
+ return string;
+ }
+
+ /**
+ * A locale independent version of toLowerCase.
+ *
+ * @param string input to be converted
+ * @return a US ASCII lowercase version
+ */
+ public static String toLowerCase(String string) {
+ boolean changed = false;
+ char[] chars = string.toCharArray();
+
+ for (int i = 0; i != chars.length; i++) {
+ char ch = chars[i];
+ if ('A' <= ch && 'Z' >= ch) {
+ changed = true;
+ chars[i] = (char)(ch - 'A' + 'a');
+ }
+ }
+
+ if (changed) {
+ return new String(chars);
+ }
+
+ return string;
+ }
+
+ public static byte[] toByteArray(char[] chars) {
+ byte[] bytes = new byte[chars.length];
+
+ for (int i = 0; i != bytes.length; i++) {
+ bytes[i] = (byte)chars[i];
+ }
+
+ return bytes;
+ }
+
+ public static byte[] toByteArray(String string) {
+ byte[] bytes = new byte[string.length()];
+
+ for (int i = 0; i != bytes.length; i++) {
+ char ch = string.charAt(i);
+
+ bytes[i] = (byte)ch;
+ }
+
+ return bytes;
+ }
+
+ /**
+ * Convert an array of 8 bit characters into a string.
+ *
+ * @param bytes 8 bit characters.
+ * @return resulting String.
+ */
+ public static String fromByteArray(byte[] bytes) {
+ return new String(asCharArray(bytes));
+ }
+
+ /**
+ * Do a simple conversion of an array of 8 bit characters into a string.
+ *
+ * @param bytes 8 bit characters.
+ * @return resulting String.
+ */
+ public static char[] asCharArray(byte[] bytes) {
+ char[] chars = new char[bytes.length];
+
+ for (int i = 0; i != chars.length; i++) {
+ chars[i] = (char)(bytes[i] & 0xff);
+ }
+
+ return chars;
+ }
+
+ public static String[] split(String input, char delimiter) {
+ List<String> v = new ArrayList<String>();
+ boolean moreTokens = true;
+ String subString;
+
+ while (moreTokens) {
+ int tokenLocation = input.indexOf(delimiter);
+ if (tokenLocation > 0) {
+ subString = input.substring(0, tokenLocation);
+ v.add(subString);
+ input = input.substring(tokenLocation + 1);
+ } else {
+ moreTokens = false;
+ v.add(input);
+ }
+ }
+
+ return v.toArray(new String[v.size()]);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61String.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61String.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61String.java
new file mode 100644
index 0000000..e7e3ca6
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61String.java
@@ -0,0 +1,14 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+public class Asn1T61String extends Asn1String
+{
+ public Asn1T61String() {
+ this(null);
+ }
+
+ public Asn1T61String(String value) {
+ super(UniversalTag.T61_STRING, value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61Utf8String.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61Utf8String.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61Utf8String.java
new file mode 100644
index 0000000..e5b264a
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1T61Utf8String.java
@@ -0,0 +1,24 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.UniversalTag;
+
+import java.nio.charset.StandardCharsets;
+
+public class Asn1T61Utf8String extends Asn1String
+{
+ public Asn1T61Utf8String() {
+ this(null);
+ }
+
+ public Asn1T61Utf8String(String value) {
+ super(UniversalTag.T61_STRING, value);
+ }
+
+ protected void toBytes() {
+ setBytes(getValue().getBytes(StandardCharsets.UTF_8));
+ }
+
+ protected void toValue() {
+ setValue(new String(getBytes(), StandardCharsets.UTF_8));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Tagging.java
----------------------------------------------------------------------
diff --git a/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Tagging.java b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Tagging.java
new file mode 100644
index 0000000..904c04f
--- /dev/null
+++ b/contrib/haox-asn1/src/main/java/org/apache/haox/asn1/type/Asn1Tagging.java
@@ -0,0 +1,85 @@
+package org.apache.haox.asn1.type;
+
+import org.apache.haox.asn1.EncodingOption;
+import org.apache.haox.asn1.LimitedByteBuffer;
+import org.apache.haox.asn1.TagClass;
+
+import java.io.IOException;
+import java.lang.reflect.ParameterizedType;
+import java.nio.ByteBuffer;
+
+/**
+ * For tagging any Asn1Type with a tagNo
+ */
+public class Asn1Tagging<T extends Asn1Type> extends AbstractAsn1Type<T> {
+
+ public Asn1Tagging(boolean isAppSpecific) {
+ this(-1, null, isAppSpecific);
+ }
+
+ public Asn1Tagging(int tagNo, T value, boolean isAppSpecific) {
+ super(isAppSpecific ? TagClass.APPLICATION : TagClass.CONTEXT_SPECIFIC, tagNo, value);
+ setEncodingOption(EncodingOption.EXPLICIT);
+ if (value == null) {
+ initValue();
+ }
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ AbstractAsn1Type value = (AbstractAsn1Type) getValue();
+ if (encodingOption.isExplicit()) {
+ return value.encodingLength();
+ } else if (encodingOption.isImplicit()) {
+ return value.encodingBodyLength();
+ } else {
+ throw new RuntimeException("Invalid util option, only allowing explicit/implicit");
+ }
+ }
+
+ @Override
+ public boolean isConstructed() {
+ if (encodingOption.isExplicit()) {
+ return true;
+ } else if (encodingOption.isImplicit()) {
+ AbstractAsn1Type value = (AbstractAsn1Type) getValue();
+ return value.isConstructed();
+ }
+ return false;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) {
+ AbstractAsn1Type value = (AbstractAsn1Type) getValue();
+ if (encodingOption.isExplicit()) {
+ value.encode(buffer);
+ } else if (encodingOption.isImplicit()) {
+ value.encodeBody(buffer);
+ } else {
+ throw new RuntimeException("Invalid util option, only allowing explicit/implicit");
+ }
+ }
+
+ @Override
+ protected void decodeBody(LimitedByteBuffer content) throws IOException {
+ AbstractAsn1Type value = (AbstractAsn1Type) getValue();
+ if (encodingOption.isExplicit()) {
+ value.decode(content);
+ } else if (encodingOption.isImplicit()) {
+ value.decodeBody(content);
+ } else {
+ throw new RuntimeException("Invalid util option, only allowing explicit/implicit");
+ }
+ }
+
+ private void initValue() {
+ Class<? extends Asn1Type> valueType = (Class<T>) ((ParameterizedType) getClass().getGenericSuperclass()).getActualTypeArguments()[0];
+ AbstractAsn1Type value = null;
+ try {
+ value = (AbstractAsn1Type) valueType.newInstance();
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to create tagged value", e);
+ }
+ setValue((T) value);
+ }
+}
[35/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pem b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pem
new file mode 100644
index 0000000..7418215
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pem
@@ -0,0 +1,289 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: dsaWithSHA1
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+
+ Signature Algorithm: dsaWithSHA1
+ 30:2d:02:15:00:86:ec:d5:ef:f1:75:60:a2:09:36:40:ff:ca:
+ 83:67:6a:08:5d:d4:1e:02:14:51:6c:df:41:80:43:74:2a:1c:
+ 48:c2:08:85:5b:9b:7d:07:46:6b:84
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462055 (0x20090527)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=dsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 7a:a9:65:fb:76:ba:be:f3:fa:94:59:52:ed:4e:fc:
+ e4:70:5e:8f:7c:14:e7:73:d6:d2:36:6b:62:d2:56:
+ c9:6e:7a:91:63:72:4e:a9:ce:2e:eb:38:5e:c4:72:
+ f6:2c:52:aa:51:f4:ce:3b:28:55:39:c3:ad:5d:52:
+ fa:ac:0c:32:48:fc:00:9f:c3:d9:75:09:8d:82:e0:
+ cb:07:65:29:25:7a:34:2e:bb:a0:2d:30:91:59:0e:
+ ce:82:fb:2d:ad:a5:b2:b9:2b:ec:6b:b1:04:07:0c:
+ 52:16:7d:6c:0c:b2:64:c7:c6:cb:ab:18:ab:a6:fa:
+ 3e:31:f3:8f:49:75:33:69:d3:2a:2a:e7:2c:38:b5:
+ d6:7d:33:94:ba:a6:3e:2f:e5:3b:cc:4a:27:d1:59:
+ f3:9c:71:b1:46:64:3f:28:f1:33:d1:bc:c2:8b:47:
+ 92:2d:c6:1f:fb:23:34:56:f1:6e:18:8e:7c:0b:75:
+ 42:8a:bb:92:44:04:58:41:d1:9b:6e:d6:14:98:94:
+ 3d:77:8d:93:d3:1f:e9:7b:a7:71:94:10:ee:e9:d3:
+ 5a:4a:b8:91:61:35:4c:00:76:f2:b2:3a:bd:9f:42:
+ f9:f0:8e:da:bd:8c:60:fd:7d:65:85:98:c5:7d:42:
+ b9:27:de:09:0a:1c:85:a7:63:e5:71:3c:ab:78:de:
+ cf
+ P:
+ 00:8f:5a:80:34:53:e1:52:68:8c:cf:9b:d5:7a:01:
+ 60:57:63:f9:f8:01:55:9e:55:17:7f:f4:cc:cd:d7:
+ fb:f7:1e:36:00:1c:ae:5c:70:e8:1b:33:ef:b8:8d:
+ aa:69:2a:66:f0:48:fd:bb:25:82:eb:56:be:ac:ca:
+ 49:6e:7f:17:fd:3b:61:57:a7:14:c1:eb:99:5d:6b:
+ 82:03:db:1c:18:2a:25:05:19:ec:34:b8:c3:1b:2c:
+ 69:89:37:7b:85:9b:c0:a9:39:84:43:f1:60:0b:91:
+ 50:e0:b5:93:3c:ad:1c:b8:33:4e:9b:00:ed:cd:60:
+ 59:9b:57:04:7b:c0:fb:2d:49:45:e3:ce:c0:8a:aa:
+ 4d:07:3a:43:a3:3d:06:70:66:fc:9f:b2:8f:d6:c5:
+ 1f:a5:7b:00:36:a9:42:5e:50:db:38:34:8c:4a:c6:
+ f6:3a:58:9a:a6:57:93:f7:4e:55:8b:46:f0:b0:1b:
+ 9c:a0:cb:fc:57:91:be:6d:47:56:a9:d1:46:cd:43:
+ 7b:ff:24:96:0a:dd:d7:d8:b7:58:8e:6a:a1:eb:2a:
+ ba:40:0a:f6:d1:53:7c:84:06:fc:14:1c:d5:33:79:
+ 88:bb:4f:fa:b5:87:35:61:0d:b0:7b:07:bb:74:7c:
+ 30:a7:a3:60:7d:76:a6:d1:46:2b:84:a2:9a:28:61:
+ f2:89
+ Q:
+ 00:bf:87:b6:dd:a6:62:0f:88:a2:44:a5:99:ac:b9:
+ 12:82:05:7b:2e:af
+ G:
+ 00:86:37:bd:1d:60:12:25:f5:01:7f:7e:e0:e7:de:
+ 26:f4:3d:d4:75:fe:91:41:41:b3:c6:70:7f:71:c6:
+ 5e:4e:c1:0f:3e:cc:be:9c:0b:df:b4:8f:6e:2a:0f:
+ 90:5b:20:14:75:c7:31:13:e2:d8:73:73:76:b6:c4:
+ f5:5f:ac:b4:2a:26:4e:8c:af:87:2e:f5:1d:78:69:
+ 15:b5:b4:b7:d3:52:ec:f4:c8:6e:c5:65:bd:88:e5:
+ c4:da:0c:48:ac:d3:2d:a2:da:b0:72:75:09:1d:aa:
+ d9:64:80:b7:18:31:54:07:d6:7a:8b:f3:be:b7:22:
+ 87:1c:3a:c7:2f:a9:4b:8d:79:06:a1:ff:1c:db:f3:
+ 17:9b:32:a0:61:20:6e:37:92:eb:27:a1:6f:b8:22:
+ 0e:26:4d:71:9a:b3:a0:9a:fb:fb:91:68:5b:52:3b:
+ 20:75:d5:36:a6:aa:c3:dc:52:01:87:06:58:68:62:
+ 20:b8:aa:bd:2b:c9:58:60:b7:02:2e:c4:4f:bf:ec:
+ b7:43:13:3f:90:51:65:65:a9:ba:48:74:9e:3c:ad:
+ 93:b6:00:3f:93:11:e7:cd:ea:5f:11:44:b2:4f:d1:
+ e3:fd:19:a8:bc:4a:c6:ae:4c:ec:83:85:fa:98:ed:
+ 0b:a3:8f:a0:35:38:d4:9f:96:fd:f3:b2:b5:80:d5:
+ 1e:a4
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 94:A7:CC:B9:AB:D7:48:81:B3:3A:71:6E:2B:F4:24:FE:2A:A4:C0:39
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 30:75:fb:1e:e2:d0:ff:18:3a:de:7d:49:8a:20:33:bc:0e:0c:
+ ad:7a:68:f8:57:91:3a:bd:2b:07:a7:25:a6:c6:d0:f7:30:57:
+ 73:a3:34:af:ee:d3:5d:06:9f:80:f5:41:b7:7f:e8:0e:e2:28:
+ 6c:a5:d7:82:9b:81:89:85:9f:47:5d:af:17:ab:f6:e1:02:4c:
+ 01:2b:07:7c:2b:e1:77:1c:a4:e9:a6:89:97:50:49:87:73:04:
+ 6e:32:50:f5:b7:be:f2:60:b3:9c:5f:b4:2a:d2:2f:c0:0b:82:
+ 47:71:70:62:cc:98:ad:47:20:58:61:d6:c0:c5:30:65:3f:97:
+ 43:47:50:cb:90:4c:c3:7c:50:c4:28:27:b7:2d:c8:2a:61:40:
+ 18:7e:fa:ce:03:39:20:f9:96:a2:da:1c:fe:5e:c7:9f:f1:bc:
+ 98:18:c1:63:e6:f6:35:35:d8:5d:18:2e:ef:87:7d:af:00:a3:
+ bc:12:18:c3:11:1e:8a:6d:bf:5d:10:87:6f:79:f3:8f:11:9d:
+ cb:0d:fe:f6:fe:4f:d0:2b:de:8e:3a:da:f3:46:11:ca:12:bb:
+ ca:22:67:05:45:e6:fd:9f:71:09:98:0b:1e:cf:51:73:b2:ad:
+ 48:f9:06:2a:b5:5c:9f:f3:97:e0:8e:a3:df:57:1c:a7:94:ca:
+ f2:97:8e:56
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:28 2009 GMT
+ Not After : May 25 21:44:28 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+ 59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+ e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+ dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+ 29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+ 28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+ f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+ 49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+ 89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+ f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+ 4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+ 3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+ 1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+ 8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+ a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+ 3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+ 7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+ d2:15
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+ af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+ 18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+ 7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+ ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+ 35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+ 65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+ 6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+ 2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+ 67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+ fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+ b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+ 29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+ f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+ 52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.der b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.der
new file mode 100644
index 0000000..36a0635
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.pem b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.pem
new file mode 100644
index 0000000..fa2ccb0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.pkcs12.pem
@@ -0,0 +1,112 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAvugAwIBAgIEIAkFJTAJBgcqhkjOOAQDMIGUMQswCQYDVQQGEwJDQTEL
+MAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMT
+bm90LXlldC1jb21tb25zLXNzbDEZMBcGA1UEAxMQZHNhLWludGVybWVkaWF0ZTEl
+MCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbTAeFw0wOTA1MjUy
+MTQ0MzFaFw00OTA1MjUyMTQ0MzFaMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
+QkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1j
+b21tb25zLXNzbDENMAsGA1UEAxMEdGVzdDElMCMGCSqGSIb3DQEJARYWanVsaXVz
+ZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho
+4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA
+/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hN
+KXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnG
+d87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxp
+TKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ8U
+d78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFJSnzLmr10iBszpxbiv0JP4q
+pMA5MAkGByqGSM44BAMDMAAwLQIVAIbs1e/xdWCiCTZA/8qDZ2oIXdQeAhRRbN9B
+gEN0KhxIwgiFW5t9B0ZrhA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGoTCCBYmgAwIBAgIEIAkFJzANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDMxWhcN
+NDkwNTI1MjE0NDMxWjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEGRzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggM7MIICLgYHKoZIzjgEATCCAiECggEBAI9a
+gDRT4VJojM+b1XoBYFdj+fgBVZ5VF3/0zM3X+/ceNgAcrlxw6Bsz77iNqmkqZvBI
+/bslgutWvqzKSW5/F/07YVenFMHrmV1rggPbHBgqJQUZ7DS4wxssaYk3e4WbwKk5
+hEPxYAuRUOC1kzytHLgzTpsA7c1gWZtXBHvA+y1JRePOwIqqTQc6Q6M9BnBm/J+y
+j9bFH6V7ADapQl5Q2zg0jErG9jpYmqZXk/dOVYtG8LAbnKDL/FeRvm1HVqnRRs1D
+e/8klgrd19i3WI5qoesqukAK9tFTfIQG/BQc1TN5iLtP+rWHNWENsHsHu3R8MKej
+YH12ptFGK4Simihh8okCFQC/h7bdpmIPiKJEpZmsuRKCBXsurwKCAQEAhje9HWAS
+JfUBf37g594m9D3Udf6RQUGzxnB/ccZeTsEPPsy+nAvftI9uKg+QWyAUdccxE+LY
+c3N2tsT1X6y0KiZOjK+HLvUdeGkVtbS301Ls9MhuxWW9iOXE2gxIrNMtotqwcnUJ
+HarZZIC3GDFUB9Z6i/O+tyKHHDrHL6lLjXkGof8c2/MXmzKgYSBuN5LrJ6FvuCIO
+Jk1xmrOgmvv7kWhbUjsgddU2pqrD3FIBhwZYaGIguKq9K8lYYLcCLsRPv+y3QxM/
+kFFlZam6SHSePK2TtgA/kxHnzepfEUSyT9Hj/RmovErGrkzsg4X6mO0Lo4+gNTjU
+n5b987K1gNUepAOCAQUAAoIBAHqpZft2ur7z+pRZUu1O/ORwXo98FOdz1tI2a2LS
+VsluepFjck6pzi7rOF7EcvYsUqpR9M47KFU5w61dUvqsDDJI/ACfw9l1CY2C4MsH
+ZSklejQuu6AtMJFZDs6C+y2tpbK5K+xrsQQHDFIWfWwMsmTHxsurGKum+j4x849J
+dTNp0yoq5yw4tdZ9M5S6pj4v5TvMSifRWfOccbFGZD8o8TPRvMKLR5Itxh/7IzRW
+8W4YjnwLdUKKu5JEBFhB0Ztu1hSYlD13jZPTH+l7p3GUEO7p01pKuJFhNUwAdvKy
+Or2fQvnwjtq9jGD9fWWFmMV9Qrkn3gkKHIWnY+VxPKt43s+jgeswgegwHQYDVR0O
+BBYEFJSnzLmr10iBszpxbiv0JP4qpMA5MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2u
+wgcwLgCsWGObIH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMx
+GDAWBgNVBAoTD2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21t
+b25zLXNzbDENMAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2
+aWVzQGdtYWlsLmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
+A4IBAQAwdfse4tD/GDrefUmKIDO8Dgytemj4V5E6vSsHpyWmxtD3MFdzozSv7tNd
+Bp+A9UG3f+gO4ihspdeCm4GJhZ9HXa8Xq/bhAkwBKwd8K+F3HKTppomXUEmHcwRu
+MlD1t77yYLOcX7Qq0i/AC4JHcXBizJitRyBYYdbAxTBlP5dDR1DLkEzDfFDEKCe3
+LcgqYUAYfvrOAzkg+Zai2hz+Xsef8byYGMFj5vY1NdhdGC7vh32vAKO8EhjDER6K
+bb9dEIdvefOPEZ3LDf72/k/QK96OOtrzRhHKErvKImcFReb9n3EJmAsez1Fzsq1I
++QYqtVyf85fgjqPfVxynlMryl45W
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIY6+Wgj6MqdEd
+Yq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2NgZWIaODvOF9uOEK2U0Zf
+JEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rkcs3qwP2ba5VKn/pSqNLl
+nKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7UlWNO4TSlwG9qHZ1aoM3GI
+g5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr/AapxnfO8UFNxVWSOLW7
+ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGolSU8aUyqspvd8IWJPd5d
+6HBHueXNAgMBAAECggEAV3q9MpVVPQ79TTjBO2Km0D+nt+QMzk8dUHGHfZbGejmm
+Pw96shqJ24rK5FWHs+8lEwmnD3TcGsAr3mjzjtZY5U5oXtNwoYwFRElRLqZqIlLt
+NugrVltRWeyD8j30CuGJVQoYOGWyX9d3ielg8NjO3NcvMtembttLoKK68/vrbH11
+9W7wr5p8/xyMfyl9curnmCFk5QqJ1FBpjPWY05NDIBCUJB0tGAqViCpxEeWPSlvb
+xcElqWfdbtnsYUxYU+iOTHHotoKnz4nLHYK2/njMhlCEyMXfu1DJOd8rg5yXewJF
+v6NhXgWStSexAT1bZ17LROazVcHfWB9QmXF1Fm7vOQKBgQD+dZxPDOi3Y4gCFegn
+Z+epNyl2aPTkseEZxrIqPKLHsGxUfYjQqkX2RdfTrq2vf4vFlN6uCXhSlZKXfLH/
+iQ8FAzqenhVVHK2fv5xB0SE5zNmcHDrHshl+/zUNI2u5AMFECVO2SVbgoFjvgkou
+FolK8XUXfHfb4f732LUyYI0lEwKBgQDJmkWHhzekz3P5iWaAt1SH8bZpt2hqa6Bx
+A4VvMdtmjCxEDETN0Rb3CPYxw3qa3xGfW1y1j/49xi4gr69yaT2Tbca7PFGUmWRo
+OJwfCUB5uBUi6UVytK19OVKReOm4666x8P3YO4cxxSI/HeoSU0HR1kkX9rGmrsGN
+MgUQ15+FnwKBgAKf6/DUzUG3ARwkZbSiWb1hGEhkZMJHI29EoWnWHke5BiUI9nRQ
+jVAxADzqvFfnFOYA1xssddVEPbLaUmu0WjdPBTfFoaqzFQdkzpPPOGyENGpr0B9n
+MuQgdceg6eeKnnO5NOfYcdD3VnOCAInhKaFgRDjty7604hBkZ9oRLOOJAoGBAIJ+
+dmUMlGr80XADjTLh+DhqsA1r542DDv44LkXUetS9BOYjHuIuZnQO+/UoOBNJMsn4
+xGDNzN7FihQkRCeFkZL9arbFi3TpeUGw6vV38qEXE69eWVKvOuEkmpqJLphBDfom
+KNmvZopDtTAvt9SWybL+xp9ZUpK26ZfwebD2MU63AoGBAOa2Kt01DxoqiWiQP/ds
+Mc9wOw1zJsSmIK7wEiW3FkCz8uw3UgjF9ymYY/YAW3eZtuUpuxEzyENb9f21p4b2
+zYoZ7nCUo4TmVXxgCjiEWglg3b/R3xjQr1dAABhTeI8bXMv5r/tMUsnS79uKqwGD
+2Gc1syc3+055K4qcfZHH0XWu
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.ks
new file mode 100644
index 0000000..048ccd5
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pem b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pem
new file mode 100644
index 0000000..2326bcf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pem
@@ -0,0 +1,254 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:31 2009 GMT
+ Not After : May 25 21:44:31 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=test/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 02:ea:45:04:9c:7b:79:4b:bc:24:7d:b4:5a:43:fa:cc:06:48:
+ d3:60:3f:a0:04:bc:42:ef:01:cc:0d:75:64:85:0a:86:37:e7:
+ 14:09:29:92:f0:e0:c1:d4:e5:c1:6b:82:82:74:74:74:ae:68:
+ ac:0d:08:d3:95:e4:aa:3b:6a:a7:fd:f6:ea:f1:de:7b:4d:7b:
+ 70:f8:a4:b1:21:a3:b2:e6:b1:5a:85:ca:c5:47:4b:c3:35:23:
+ 3d:cd:f3:f8:fa:07:35:7d:df:a9:7e:a5:11:86:83:8f:06:13:
+ b5:93:73:78:ab:35:90:0d:a1:7d:8a:11:e7:55:d8:15:bd:bd:
+ 54:e0:ae:6a:77:1a:13:ea:4c:23:11:64:d2:2f:2c:e1:04:2c:
+ 05:b4:c7:25:73:6d:3b:69:be:94:16:6d:28:00:bc:67:48:f8:
+ 1e:dd:1d:63:4c:6b:9f:85:e4:bb:10:ff:bf:b6:f2:2c:c8:53:
+ 3c:23:b6:55:85:fd:68:95:27:93:ff:34:d7:29:7b:18:19:4b:
+ 77:88:e8:75:a5:ba:2c:d6:64:f7:25:2e:fa:af:14:63:95:1b:
+ d1:77:3c:bc:0c:13:5f:37:5a:06:b7:92:22:ed:a0:d1:6c:b1:
+ e7:3f:af:95:c1:8a:7f:47:46:a0:74:ad:35:d0:52:59:31:b5:
+ 2b:3c:fe:3d
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlh
+dGUxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkw
+NTI1MjE0NDMxWhcNNDkwNTI1MjE0NDMxWjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNV
+BAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15
+ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHRlc3QxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDIY6+Wgj6MqdEdYq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2N
+gZWIaODvOF9uOEK2U0ZfJEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rk
+cs3qwP2ba5VKn/pSqNLlnKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7Ul
+WNO4TSlwG9qHZ1aoM3GIg5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr
+/AapxnfO8UFNxVWSOLW7ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGo
+lSU8aUyqspvd8IWJPd5d6HBHueXNAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBQu9M2htK0DhdivaZfV
+LZVA1r8SvzANBgkqhkiG9w0BAQUFAAOCAQEAAupFBJx7eUu8JH20WkP6zAZI02A/
+oAS8Qu8BzA11ZIUKhjfnFAkpkvDgwdTlwWuCgnR0dK5orA0I05Xkqjtqp/326vHe
+e017cPiksSGjsuaxWoXKxUdLwzUjPc3z+PoHNX3fqX6lEYaDjwYTtZNzeKs1kA2h
+fYoR51XYFb29VOCuancaE+pMIxFk0i8s4QQsBbTHJXNtO2m+lBZtKAC8Z0j4Ht0d
+Y0xrn4XkuxD/v7byLMhTPCO2VYX9aJUnk/801yl7GBlLd4jodaW6LNZk9yUu+q8U
+Y5Ub0Xc8vAwTXzdaBreSIu2g0Wyx5z+vlcGKf0dGoHStNdBSWTG1Kzz+PQ==
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462054 (0x20090526)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:29 2009 GMT
+ Not After : May 25 21:44:29 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=rsa-intermediate/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ce:1b:db:73:49:85:a4:3c:42:14:84:6a:7d:47:
+ 78:d2:e1:58:27:ed:e4:78:5e:5d:2b:ee:c3:29:c5:
+ a2:d2:6f:f3:0e:0a:d6:d6:7f:5a:f7:30:6f:c9:8f:
+ ad:fe:53:22:46:aa:5e:0b:f6:e8:21:f3:dc:5f:75:
+ 9b:55:c5:07:ab:75:54:fd:9b:2e:31:da:12:45:3c:
+ 7b:1e:27:f6:a1:5b:5d:ac:0a:b4:e8:dd:d3:ba:ff:
+ af:f1:43:31:4c:5b:5e:73:d4:a8:ce:93:b9:f1:9d:
+ 8b:17:1f:16:74:4f:9a:07:80:7c:1a:41:a6:49:21:
+ 2a:a8:83:75:18:3d:ed:17:8b:8b:b4:f8:46:d3:28:
+ 25:35:e1:17:df:e6:b4:f7:87:a7:71:0f:a0:b5:22:
+ 4d:48:35:2c:a3:dc:fc:58:33:76:fb:07:cf:fb:64:
+ e9:fa:05:a8:be:63:eb:32:48:01:10:fd:44:a2:79:
+ 72:5d:33:62:1b:ad:f4:60:3f:7d:59:9c:07:cf:9c:
+ b1:b5:e7:18:84:5e:ec:e0:78:6c:53:f0:cf:67:8d:
+ 91:95:73:72:de:70:c7:ca:ea:27:6f:d2:61:c8:7d:
+ a5:28:28:61:c8:c9:e9:6b:7e:ae:07:9d:36:87:04:
+ a4:97:1c:1d:f5:39:cb:b2:8a:32:8d:25:68:05:2d:
+ 86:65
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 2E:F4:CD:A1:B4:AD:03:85:D8:AF:69:97:D5:2D:95:40:D6:BF:12:BF
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 03:b6:83:af:6c:ff:2b:21:12:b9:8a:cd:8e:2f:d9:1a:28:88:
+ 0c:9f:f1:6b:73:fb:76:3f:70:d8:cd:ce:5a:f6:0f:08:6a:0a:
+ a3:f7:ad:b2:72:19:eb:0e:9c:36:bb:a4:fb:3f:90:78:ba:45:
+ ee:da:c9:8e:a0:ef:b3:ac:05:4c:f4:b4:37:18:0d:bb:20:5d:
+ f4:e7:b3:77:ea:56:0c:ad:81:42:80:04:92:ca:3b:73:ed:35:
+ d5:35:f6:9f:95:a2:2d:81:4d:e6:3a:3c:13:64:f1:0f:36:7e:
+ 90:c2:a0:37:c6:19:9e:13:47:92:a3:e8:18:3d:f4:d8:a0:83:
+ 80:0f:7b:a7:57:9c:60:6c:6a:3e:d4:1d:cc:5e:8c:13:7f:1c:
+ d7:f6:df:ad:ae:0a:95:12:f1:71:c2:70:98:d1:2f:6c:f0:24:
+ 43:b4:7e:a4:e4:31:d4:bc:50:90:03:4b:34:ba:a3:d0:fd:f5:
+ 01:17:eb:11:83:44:86:65:17:bf:89:00:c7:93:d6:70:7e:0b:
+ 4b:93:dc:f9:92:50:4c:3e:11:23:c5:50:1c:49:bd:8c:0c:2c:
+ 60:1c:d8:e6:5f:a4:fa:21:db:8c:62:bf:74:a3:83:1c:8d:cc:
+ 8e:34:8c:16:1c:c6:71:63:89:c2:c4:45:0c:90:71:98:68:2f:
+ 9d:a7:87:f7
+-----BEGIN CERTIFICATE-----
+MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
+NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
+j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
+QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
+5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
+P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
+nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
+rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
+IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
+D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
+MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
+LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
+bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
+ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
+OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
+rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
+fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
+xEUMkHGYaC+dp4f3
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 537462053 (0x20090525)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: May 25 21:44:28 2009 GMT
+ Not After : May 25 21:44:28 2049 GMT
+ Subject: C=CA, ST=BC, O=juliusdavies.ca, OU=not-yet-commons-ssl, CN=root/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b9:db:04:16:8c:41:eb:91:c4:b8:d1:1a:73:28:
+ 59:09:b8:7a:b5:05:40:db:4f:2b:63:7b:bf:01:70:
+ e1:0d:4c:09:3a:3b:63:9e:22:13:fa:55:d1:bc:e8:
+ dd:31:71:df:0d:a6:0b:29:29:cc:da:bd:69:5c:cb:
+ 29:7e:6c:8c:93:82:c7:8b:00:ea:0b:8c:35:5c:fe:
+ 28:12:cf:ba:11:24:48:bc:0a:ee:37:54:a3:f2:9b:
+ f2:76:94:7d:56:c0:52:35:f0:ff:c8:8c:08:7e:b0:
+ 49:c5:2f:fd:41:92:06:e8:c2:71:0d:f6:70:e5:93:
+ 89:80:a2:13:43:ac:53:56:ba:1a:44:44:98:cd:ba:
+ f9:3a:93:20:71:34:93:0f:3f:34:34:2e:53:b2:d7:
+ 4a:22:3e:89:0a:c3:6e:12:40:ba:f3:22:6d:38:63:
+ 3b:f0:ef:42:2b:2d:f4:d2:f8:a9:76:ce:13:37:ce:
+ 1a:a4:bd:42:a0:7b:71:df:0e:3f:93:10:9d:22:0a:
+ 8b:61:92:c6:4c:fe:e7:bf:56:f4:5c:d3:85:98:92:
+ a2:dc:d1:3d:f8:6e:3e:ac:e1:87:2f:e1:fb:30:d5:
+ 3d:24:fc:d9:d1:ac:b9:ca:9c:41:ff:60:aa:e4:57:
+ 7e:b1:93:ac:4f:64:b5:0a:d3:57:4e:12:68:5b:18:
+ d2:15
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ X509v3 Authority Key Identifier:
+ keyid:07:D8:71:DB:2B:1A:9D:AE:C2:07:30:2E:00:AC:58:63:9B:20:7D:A6
+ DirName:/C=CA/ST=BC/O=juliusdavies.ca/OU=not-yet-commons-ssl/CN=root/emailAddress=juliusdavies@gmail.com
+ serial:20:09:05:25
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 9a:29:28:5e:4f:4f:59:f8:6b:b0:96:bf:ef:69:02:36:d1:72:
+ af:a2:f3:c0:7d:c1:50:5a:b8:63:61:18:1a:d4:4d:8f:a4:b2:
+ 18:5d:1b:75:1d:b6:ce:e6:aa:b3:c1:16:ab:dd:64:ac:be:62:
+ 7f:77:1d:d4:6a:eb:5d:f7:19:eb:6a:6a:60:6d:ca:d6:2a:4d:
+ ee:c9:5b:1e:05:eb:bb:3f:5f:a4:76:ae:fd:32:ac:1e:63:e7:
+ 35:d3:95:1d:c9:bc:7a:2f:e7:0e:04:95:59:4d:30:51:ac:67:
+ 65:41:74:b3:62:f6:4d:85:4b:88:26:15:c2:2d:03:69:16:f7:
+ 6a:8a:5c:ca:ca:7b:ba:41:f9:7b:f4:ae:f8:29:56:48:9d:86:
+ 2e:0a:06:7a:21:97:01:b3:d4:45:5a:14:05:d3:b1:3a:da:0a:
+ 67:6d:d5:45:db:ba:88:09:4b:53:b3:69:1a:52:de:57:03:89:
+ fa:99:82:1d:79:fb:ae:55:d7:13:fd:5e:99:25:cb:75:a1:62:
+ b4:27:f0:54:4b:78:42:8b:54:63:62:f4:a3:0b:e2:26:a4:0c:
+ 29:ae:49:b4:1a:34:e6:a4:07:8a:64:cb:63:46:ae:fa:ec:d0:
+ f4:e1:e2:25:11:57:27:61:e8:d1:48:ad:60:13:2d:b9:38:a3:
+ 52:03:0f:ad
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.der b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.der
new file mode 100644
index 0000000..b535a8f
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.pem b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.pem
new file mode 100644
index 0000000..2a4afc9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_rsa_rsa.pkcs12.pem
@@ -0,0 +1,105 @@
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlh
+dGUxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkw
+NTI1MjE0NDMxWhcNNDkwNTI1MjE0NDMxWjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNV
+BAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15
+ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHRlc3QxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDIY6+Wgj6MqdEdYq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2N
+gZWIaODvOF9uOEK2U0ZfJEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rk
+cs3qwP2ba5VKn/pSqNLlnKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7Ul
+WNO4TSlwG9qHZ1aoM3GIg5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr
+/AapxnfO8UFNxVWSOLW7ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGo
+lSU8aUyqspvd8IWJPd5d6HBHueXNAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBQu9M2htK0DhdivaZfV
+LZVA1r8SvzANBgkqhkiG9w0BAQUFAAOCAQEAAupFBJx7eUu8JH20WkP6zAZI02A/
+oAS8Qu8BzA11ZIUKhjfnFAkpkvDgwdTlwWuCgnR0dK5orA0I05Xkqjtqp/326vHe
+e017cPiksSGjsuaxWoXKxUdLwzUjPc3z+PoHNX3fqX6lEYaDjwYTtZNzeKs1kA2h
+fYoR51XYFb29VOCuancaE+pMIxFk0i8s4QQsBbTHJXNtO2m+lBZtKAC8Z0j4Ht0d
+Y0xrn4XkuxD/v7byLMhTPCO2VYX9aJUnk/801yl7GBlLd4jodaW6LNZk9yUu+q8U
+Y5Ub0Xc8vAwTXzdaBreSIu2g0Wyx5z+vlcGKf0dGoHStNdBSWTG1Kzz+PQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEiDCCA3CgAwIBAgIEIAkFJjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI5WhcN
+NDkwNTI1MjE0NDI5WjCBlDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxGTAXBgNVBAMTEHJzYS1pbnRlcm1lZGlhdGUxJTAjBgkqhkiG9w0BCQEWFmp1
+bGl1c2Rhdmllc0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDOG9tzSYWkPEIUhGp9R3jS4Vgn7eR4Xl0r7sMpxaLSb/MOCtbWf1r3MG/J
+j63+UyJGql4L9ugh89xfdZtVxQerdVT9my4x2hJFPHseJ/ahW12sCrTo3dO6/6/x
+QzFMW15z1KjOk7nxnYsXHxZ0T5oHgHwaQaZJISqog3UYPe0Xi4u0+EbTKCU14Rff
+5rT3h6dxD6C1Ik1INSyj3PxYM3b7B8/7ZOn6Bai+Y+sySAEQ/USieXJdM2IbrfRg
+P31ZnAfPnLG15xiEXuzgeGxT8M9njZGVc3LecMfK6idv0mHIfaUoKGHIyelrfq4H
+nTaHBKSXHB31OcuyijKNJWgFLYZlAgMBAAGjgeswgegwHQYDVR0OBBYEFC70zaG0
+rQOF2K9pl9UtlUDWvxK/MIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGOb
+IH2moYGOpIGLMIGIMQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoT
+D2p1bGl1c2Rhdmllcy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDEN
+MAsGA1UEAxMEcm9vdDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWls
+LmNvbYIEIAkFJTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQADtoOv
+bP8rIRK5is2OL9kaKIgMn/Frc/t2P3DYzc5a9g8Iagqj962ychnrDpw2u6T7P5B4
+ukXu2smOoO+zrAVM9LQ3GA27IF3057N36lYMrYFCgASSyjtz7TXVNfaflaItgU3m
+OjwTZPEPNn6QwqA3xhmeE0eSo+gYPfTYoIOAD3unV5xgbGo+1B3MXowTfxzX9t+t
+rgqVEvFxwnCY0S9s8CRDtH6k5DHUvFCQA0s0uqPQ/fUBF+sRg0SGZRe/iQDHk9Zw
+fgtLk9z5klBMPhEjxVAcSb2MDCxgHNjmX6T6IduMYr90o4McjcyONIwWHMZxY4nC
+xEUMkHGYaC+dp4f3
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIEIAkFJTANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgTAkJDMRgwFgYDVQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNV
+BAsTE25vdC15ZXQtY29tbW9ucy1zc2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG
+9w0BCQEWFmp1bGl1c2Rhdmllc0BnbWFpbC5jb20wHhcNMDkwNTI1MjE0NDI4WhcN
+NDkwNTI1MjE0NDI4WjCBiDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAkJDMRgwFgYD
+VQQKEw9qdWxpdXNkYXZpZXMuY2ExHDAaBgNVBAsTE25vdC15ZXQtY29tbW9ucy1z
+c2wxDTALBgNVBAMTBHJvb3QxJTAjBgkqhkiG9w0BCQEWFmp1bGl1c2Rhdmllc0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52wQWjEHr
+kcS40RpzKFkJuHq1BUDbTytje78BcOENTAk6O2OeIhP6VdG86N0xcd8NpgspKcza
+vWlcyyl+bIyTgseLAOoLjDVc/igSz7oRJEi8Cu43VKPym/J2lH1WwFI18P/IjAh+
+sEnFL/1BkgbownEN9nDlk4mAohNDrFNWuhpERJjNuvk6kyBxNJMPPzQ0LlOy10oi
+PokKw24SQLrzIm04Yzvw70IrLfTS+Kl2zhM3zhqkvUKge3HfDj+TEJ0iCothksZM
+/ue/VvRc04WYkqLc0T34bj6s4Ycv4fsw1T0k/NnRrLnKnEH/YKrkV36xk6xPZLUK
+01dOEmhbGNIVAgMBAAGjgeswgegwHQYDVR0OBBYEFAfYcdsrGp2uwgcwLgCsWGOb
+IH2mMIG4BgNVHSMEgbAwga2AFAfYcdsrGp2uwgcwLgCsWGObIH2moYGOpIGLMIGI
+MQswCQYDVQQGEwJDQTELMAkGA1UECBMCQkMxGDAWBgNVBAoTD2p1bGl1c2Rhdmll
+cy5jYTEcMBoGA1UECxMTbm90LXlldC1jb21tb25zLXNzbDENMAsGA1UEAxMEcm9v
+dDElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNvbYIEIAkFJTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCaKSheT09Z+Guwlr/vaQI2
+0XKvovPAfcFQWrhjYRga1E2PpLIYXRt1HbbO5qqzwRar3WSsvmJ/dx3Uautd9xnr
+ampgbcrWKk3uyVseBeu7P1+kdq79MqweY+c105Udybx6L+cOBJVZTTBRrGdlQXSz
+YvZNhUuIJhXCLQNpFvdqilzKynu6Qfl79K74KVZInYYuCgZ6IZcBs9RFWhQF07E6
+2gpnbdVF27qICUtTs2kaUt5XA4n6mYIdefuuVdcT/V6ZJct1oWK0J/BUS3hCi1Rj
+YvSjC+ImpAwprkm0GjTmpAeKZMtjRq767ND04eIlEVcnYejRSK1gEy25OKNSAw+t
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIY6+Wgj6MqdEd
+Yq6FgH5xMgTBmFqAonR/eshjxY2C6MHs+WmCmNSDik2NgZWIaODvOF9uOEK2U0Zf
+JEG2LcZxoeIEgg/mfII2f4DLy1JYajm/llzwFBzAd/Rkcs3qwP2ba5VKn/pSqNLl
+nKHMXkXO+9SjfHDx95x2dK1dB8eGQGculOMcTm3uK7UlWNO4TSlwG9qHZ1aoM3GI
+g5C1fIpbxJqDVjFq6fFAapE3KRIWIQmKd3E5ICcDErqr/AapxnfO8UFNxVWSOLW7
+ZAfis4w/c8/EAgyQHw42R0dNyjUOZsToF8McCsOpRjGolSU8aUyqspvd8IWJPd5d
+6HBHueXNAgMBAAECggEAV3q9MpVVPQ79TTjBO2Km0D+nt+QMzk8dUHGHfZbGejmm
+Pw96shqJ24rK5FWHs+8lEwmnD3TcGsAr3mjzjtZY5U5oXtNwoYwFRElRLqZqIlLt
+NugrVltRWeyD8j30CuGJVQoYOGWyX9d3ielg8NjO3NcvMtembttLoKK68/vrbH11
+9W7wr5p8/xyMfyl9curnmCFk5QqJ1FBpjPWY05NDIBCUJB0tGAqViCpxEeWPSlvb
+xcElqWfdbtnsYUxYU+iOTHHotoKnz4nLHYK2/njMhlCEyMXfu1DJOd8rg5yXewJF
+v6NhXgWStSexAT1bZ17LROazVcHfWB9QmXF1Fm7vOQKBgQD+dZxPDOi3Y4gCFegn
+Z+epNyl2aPTkseEZxrIqPKLHsGxUfYjQqkX2RdfTrq2vf4vFlN6uCXhSlZKXfLH/
+iQ8FAzqenhVVHK2fv5xB0SE5zNmcHDrHshl+/zUNI2u5AMFECVO2SVbgoFjvgkou
+FolK8XUXfHfb4f732LUyYI0lEwKBgQDJmkWHhzekz3P5iWaAt1SH8bZpt2hqa6Bx
+A4VvMdtmjCxEDETN0Rb3CPYxw3qa3xGfW1y1j/49xi4gr69yaT2Tbca7PFGUmWRo
+OJwfCUB5uBUi6UVytK19OVKReOm4666x8P3YO4cxxSI/HeoSU0HR1kkX9rGmrsGN
+MgUQ15+FnwKBgAKf6/DUzUG3ARwkZbSiWb1hGEhkZMJHI29EoWnWHke5BiUI9nRQ
+jVAxADzqvFfnFOYA1xssddVEPbLaUmu0WjdPBTfFoaqzFQdkzpPPOGyENGpr0B9n
+MuQgdceg6eeKnnO5NOfYcdD3VnOCAInhKaFgRDjty7604hBkZ9oRLOOJAoGBAIJ+
+dmUMlGr80XADjTLh+DhqsA1r542DDv44LkXUetS9BOYjHuIuZnQO+/UoOBNJMsn4
+xGDNzN7FihQkRCeFkZL9arbFi3TpeUGw6vV38qEXE69eWVKvOuEkmpqJLphBDfom
+KNmvZopDtTAvt9SWybL+xp9ZUpK26ZfwebD2MU63AoGBAOa2Kt01DxoqiWiQP/ds
+Mc9wOw1zJsSmIK7wEiW3FkCz8uw3UgjF9ymYY/YAW3eZtuUpuxEzyENb9f21p4b2
+zYoZ7nCUo4TmVXxgCjiEWglg3b/R3xjQr1dAABhTeI8bXMv5r/tMUsnS79uKqwGD
+2Gc1syc3+055K4qcfZHH0XWu
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/generate.sh
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/generate.sh b/3rdparty/not-yet-commons-ssl/samples/keystores/generate.sh
new file mode 100644
index 0000000..1865d3a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/generate.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+export DNAME_SUFFIX="OU=commons-ssl, O=apache, L=Victoria, ST=BC, C=CA"
+export PASS=changeit
+export KEYPASS=itchange
+export EXPIRY_IN_YEARS=40
+
+export VALIDITY=`echo 366 \* $EXPIRY_IN_YEARS | bc`
+
+# bouncy-castle BKS
+export TYPE=BKS; export NAME=BC.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# bouncy-castle UBER
+export TYPE=UBER; export NAME=BC.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# bouncy-castle PKCS12
+export TYPE=PKCS12; export NAME=BC.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# bouncy-castle PKCS12-DEF
+export TYPE=PKCS12-DEF; export NAME=BC.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# bouncy-castle PKCS12-3DES-3DES
+export TYPE=PKCS12-3DES-3DES; export NAME=BC.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# bouncy-castle PKCS12-DEF-3DES-3DES
+export TYPE=PKCS12-DEF-3DES-3DES; export NAME=BC.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# SunJCE
+export TYPE=jceks; export NAME=SunJCE.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+# SUN
+export TYPE=jks; export NAME=Sun.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $PASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
+
+
+# SUN with different key password
+export TYPE=jks; export NAME=Sun.2pass.$TYPE.ks;
+rm -f $NAME
+export CMD="$JAVA_HOME/bin/keytool -genkey -v -keyalg RSA -keysize 2048 -sigalg SHA1WithRSA -dname \"CN=$NAME, $DNAME_SUFFIX\" -validity $VALIDITY -keypass $KEYPASS -keystore $NAME -storepass $PASS -storetype $TYPE"
+bash -c "$CMD"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/rsa.key
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/rsa.key b/3rdparty/not-yet-commons-ssl/samples/keystores/rsa.key
new file mode 100644
index 0000000..1e87d53
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/rsa.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFETBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQId8Qhy+607E8CAggA
+MB0GCWCGSAFlAwQBBAQQac2kffj8EBtimaC+HXnM2wSCBMKaK+sjj94S1ZJ0El82
+Wt+oFB7t0Wi1oE4fCWofX4T04VGR+6NYzj0qZ+LiXS/4rw9AQjbCfkYm+WFhMs23
+b37+/jfwZ1N8WYMxfQ94Q4YiN6EknPouqBpKwUqUgXL+WJbmAzMfH877ok3Pc9YR
+5LKwShKJLAQkHlxkDMq6ZWRZuCSVhRzDOvR4bmrwxViE5nmyWJJZmdwz8uI2eEbz
+WA/hCON4N023fqAQrhFMrWtklPVvG78HtCTo9r9x8kNjdOF2rue7eE3TH7ysdr5J
+/xlWVDXjSOVuPzUOdeCmUusjpgC2vSqq+oKF+MsYDN04sUZ6MksZcJnt/aOESc09
+lOHmxoEo0fZ210HCKaCU8yDGvQNyUdAmfmoZ+yDoT7x0AD2WkNGPab6jsCOSaDxN
+RtMoQG7Py7OUElVj0wkidKd7oPOzxZx1WdNG1V/PoGfP/ITAxeBZhM6rq44pLvtL
+nfdkrasQ7zDHwbDO4f1K0KcgDrl3p3Gbj09Vh9Go6ENfImLoF7N4a/Vmh0vtfPJ/
+PsPXUv+fLP/lKJgd9fFPdBbaR2LWcl7sdDSxuFlgFkN0Z0EKT/9S4hWA2IETKGRc
+7lmq+PU2yljkISz6LgJOLO9LC71HavEbDB9VsBmfnj2RkvfXs94HpBQVATG3BF/o
+maTznQel8aMjglxhTZPwB/bGvxf3BYd2zGtDdbrBB4huhgKygyTaHAQMbb9UaIGx
+GtrUyD0mJ7Zj97z+WIbbTcCkqINeDtbatI00SQXCaldN4luSj9cF0+mHIaQJcEQK
+5/mQnDVYD06INUR7kOVI7/4EsBQ8TXkjwwjTAyRM9fcC2DKCt5RJuS++6G2eXm8s
+Iep9neO0YKF0NXARnLw+3qsY7PLUfUeWtTTpUfOBW+i44kW+mw3MqwxlgICgZfp6
+OmkArD0ZpdaMrIJi/EcAN/hqB+DEAkO6qd46cDK3PJkNGDBNCEM48bwNeRwzl5IG
+Dqq3gFyek0DaPpdiGBnP8W9VdG/mfzYCZkaMptRKQg01iN3KHujSZpTrJ+MPfwFc
+eDCIet7L2z8tI4p+Xm+XHBU4+7V4aiplXAqY3Bt3QgnyGe5L+r73nl21/2tpDNGM
+JdYvLecji7KK/uoSE7icYKXuZNM8F8vdEUE3UvSkv3UVStVijZdchV+0nHeTBo1k
+fD3LVWLTUw8SrrOUWpkFAUbNSmuoQxZti9vl+0cBaCipG1cc28opKuIEt1U/HYl+
+GTxOO2W+9vJy7nzm7cw7Tf+HC0ROAbrG0tPOFdePGAp1sWZyq+ox85PMcjqmeMPJ
+6SuMUXzZ/zeRa3MjifY9QywEJY8TsvtMadPAK+jm6otDxOneXcZwzuwHnd5Sygxo
+A1WwlcmrV9eq6748wopD330EZj1oSqz++6givL9nGxuk6IDi+HMmJCGgX0IXnB1q
+pqt2skUTVX5oWTrGnsbGb/JDBqmMl6q0NRGQInTr23GwRftIsBWPHIgpplqpBWPs
+lUXhdZWukX+RJX5oPL6esik5XJvN8d7souKmxWQjgPwzocn2FL1d9l+SfQeVjJVL
+zpyPCACnXFCygpwT6hqfYWz+yXSLQwOFc6CgHV6SAm8Sgz0CIfBVev8PYSgeuNFm
+momSCys=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe.tests
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe.tests b/3rdparty/not-yet-commons-ssl/samples/pbe.tests
new file mode 100644
index 0000000..046ec46
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe.tests
@@ -0,0 +1,45 @@
+target=/home/julius/dev/commons-ssl/samples/pbe/java
+
+aes-128
+aes-192
+aes-256
+bf
+camellia-128
+camellia-192
+camellia-256
+cast5
+des
+des-ede
+des-ede3
+idea
+rc2
+rc4
+rc5
+
+# Naming variations:
+aes128
+aes192
+aes256
+blowfish
+camellia128
+camellia192
+camellia256
+des2
+des3
+gost
+rc2-40
+rc2-64
+rc4-40
+rijndael
+
+
+# OpenSSL doesn't support these yet:
+cast6
+gost28147
+rc6
+seed
+serpent
+skipjack
+tea
+twofish
+xtea
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/README.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/README.txt b/3rdparty/not-yet-commons-ssl/samples/pbe/README.txt
new file mode 100644
index 0000000..c1bb157
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/README.txt
@@ -0,0 +1,36 @@
+
+not-yet-commons-ssl PBE tests
+=====================================
+by Julius Davies
+July 4th, 2007
+
+
+README
+-------------------------------------
+
+Underneath this directory are 500+ small files used for testing
+commons-ssl's ability to interop with OpenSSL's password-based
+symmetric encryption (see OpenSSL's 'enc' command).
+
+Each file is encrypted using the cipher in its filename. The
+password is always "changeit", and every file decrypts to the
+phrase "Hello World!" in UTF-8 with no trailing line-feed.
+
+The files underneath "pbe/java/" were created using commons-ssl's
+org.apache.commons.ssl.PBETestCreate utility, along with
+samples/pbe.tests as the single command-line argument. These
+files were created using pure java. It is useful to see whether
+commons-ssl can decrypt files it created itself, as well as to see
+if OpenSSL can also decrypt them.
+
+The files underneath "pbe/openssl/" were created using OpenSSL.
+Take a look at the "samples/createPBESamples.sh" shell script
+to see how these were created. You'll probably need to build
+your own version of OpenSSL from source to use some of the
+ciphers (idea, rc5, for example).
+
+org.apache.commons.ssl.OpenSSLTest tries to decrypt both the
+"pbe/java/" and the "pbe/openssl/" files, and reports on any
+failures.
+
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.base64
new file mode 100644
index 0000000..854990a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX18tgSw33f+3SBISyYVeIkFpwZ/7fyE6IGA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.raw
new file mode 100644
index 0000000..f7fc29f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cbc.raw
@@ -0,0 +1 @@
+Salted__ь�ͻ��S��|^�bzԏG�a3�}�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.base64
new file mode 100644
index 0000000..c949990
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+aEXYNHZXWHd599zBpykFGRkhdvw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.raw
new file mode 100644
index 0000000..feee3a4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb.raw
@@ -0,0 +1 @@
+Salted__��Y$5��[��=Q>)�"�_�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.base64
new file mode 100644
index 0000000..024bab6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+LUWFrYVLxL7Ig+S+sGlA2HXQFnw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.raw
new file mode 100644
index 0000000..229db5d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-cfb8.raw
@@ -0,0 +1 @@
+Salted__q������b�ӥ!���B_���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.base64
new file mode 100644
index 0000000..9146001
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+2C1jR9HIDttUbQ5if/FugiwJWHnvw9nE=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.raw
new file mode 100644
index 0000000..1065ef4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ecb.raw
@@ -0,0 +1 @@
+Salted__�$U�ƽ!��8� 'Mi������q�r
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.base64
new file mode 100644
index 0000000..f7459a0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19aJ6WDYWY7FPQIkpp/6FgjhHrxHQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.raw
new file mode 100644
index 0000000..f475a8b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128-ofb.raw
@@ -0,0 +1 @@
+Salted__�-H4I�Ȗ� �fzV��j�l�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.base64
new file mode 100644
index 0000000..4cb1703
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.base64
@@ -0,0 +1 @@
+U2FsdGVkX18FP9Ocup5k311G9zgGlCnh9zas3Xdj0tU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.raw
new file mode 100644
index 0000000..0a36280
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-128.raw
@@ -0,0 +1 @@
+Salted__���.�}�����*=*<�G��]���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.base64
new file mode 100644
index 0000000..d402ec3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/Pw8ptccG+s6ZDELJSrvJ2ZctgWQGJFAA=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.raw
new file mode 100644
index 0000000..09d5789
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cbc.raw
@@ -0,0 +1 @@
+Salted__�Y���$�����?a�ByF�����;�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.base64
new file mode 100644
index 0000000..fa4e9b4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18f1Q3JHkC82JVsgDi+mCM9dsLoDw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.raw
new file mode 100644
index 0000000..f569c15
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb.raw
@@ -0,0 +1 @@
+Salted__������6���W]�ntD4�N$
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.base64
new file mode 100644
index 0000000..d51d5dd
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX19ly+xGnMtLS9cfR8LfWky7HRNtnQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.raw
new file mode 100644
index 0000000..96e1460
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-cfb8.raw
@@ -0,0 +1 @@
+Salted__����?��l6-
(n�u���uI
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.base64
new file mode 100644
index 0000000..a401033
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+2N1TfkuHLaGKTV8UbxAQ4q6Zq2yPyI0s=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.raw
new file mode 100644
index 0000000..85fc440
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ecb.raw
@@ -0,0 +1,2 @@
+Salted__��^$D�>5��51g�,z�ۍ
+�!��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.base64
new file mode 100644
index 0000000..73a53e9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/Amis2JdWVZwzVHM396jtsZbIEJw==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.raw
new file mode 100644
index 0000000..510475f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192-ofb.raw
@@ -0,0 +1 @@
+Salted__�IH��x��J��������!(
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.base64
new file mode 100644
index 0000000..c8236dc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+fyoUNT8WlenheACOWMcd++BG67BrAVZY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.raw
new file mode 100644
index 0000000..3a0bb76
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-192.raw
@@ -0,0 +1 @@
+Salted__n�����4�m�_m��q��Q��F�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.base64
new file mode 100644
index 0000000..5d2c32f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+83KKHWiQjV2cPLD4vnvX7jB9nzF7KSr4=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.raw
new file mode 100644
index 0000000..4c4b343
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cbc.raw
@@ -0,0 +1 @@
+Salted__w����+�V�I���o��Bc�c�k"
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.base64
new file mode 100644
index 0000000..b0b632f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/r2qI9504wQdQk+10DnjuZx74VWA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.raw
new file mode 100644
index 0000000..16db14d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb.raw
@@ -0,0 +1 @@
+Salted__W�����R�V�d�}����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.base64
new file mode 100644
index 0000000..f8a92e2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX18OrQNbniV4S+jfRZg7flFPHiT5MA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.raw
new file mode 100644
index 0000000..0b3431f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-cfb8.raw
@@ -0,0 +1 @@
+Salted__��j��������(�&!��W��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.base64
new file mode 100644
index 0000000..8e754c1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19UgKG5AJSnofrockP9DOx0X0UEIRrcpwI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.raw
new file mode 100644
index 0000000..3805337
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ecb.raw
@@ -0,0 +1 @@
+Salted__��H���"��E|�9m@��#��ϖ�m
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.base64
new file mode 100644
index 0000000..143a65a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX18MFvQbl2SXe0fhKwTF9mjNmN9f4A==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.raw
new file mode 100644
index 0000000..44d53ef
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256-ofb.raw
@@ -0,0 +1 @@
+Salted__ުqۮ�
?R���8��El���
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.base64
new file mode 100644
index 0000000..8f901f5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.base64
@@ -0,0 +1 @@
+U2FsdGVkX19M77p3hPsAsk2LeJM6zIQBMmTpmjGdaHY=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.raw
new file mode 100644
index 0000000..e64d1e0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes-256.raw
@@ -0,0 +1 @@
+Salted__�xA��������s]���I��թ*S�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.base64
new file mode 100644
index 0000000..f57f204
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+yeIg0SOvBDsjJmBCufP4ga2BB4rRsXio=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.raw
new file mode 100644
index 0000000..bb10166
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cbc.raw
@@ -0,0 +1 @@
+Salted__���p���>3ο�h�VJ�{)�H�}v
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.base64
new file mode 100644
index 0000000..93ce4ab
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX19tWJZmJ48v/XfHfnB2w1e//fdR8Q==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.raw
new file mode 100644
index 0000000..735aba0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb.raw
@@ -0,0 +1 @@
+Salted__��g�����1��[碤�����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.base64
new file mode 100644
index 0000000..d85ad96
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+XyvFXsj5UFwtv8gyG1oIXvve+oQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.raw
new file mode 100644
index 0000000..1fe531f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-cfb8.raw
@@ -0,0 +1 @@
+Salted__d?�ٗ��5�ד���������
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.base64
new file mode 100644
index 0000000..5b43322
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/UoGJhhyX4cVn2rw/7X7fgdqhhgiWlp7M=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.raw
new file mode 100644
index 0000000..50dffdc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ecb.raw
@@ -0,0 +1 @@
+Salted__��iќW�gS�k�+>�����7��?�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.base64
new file mode 100644
index 0000000..8b8a266
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/lTN4sZ1doqxbZpX0IC10FLDCaUA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.raw
new file mode 100644
index 0000000..61ca060
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128-ofb.raw
@@ -0,0 +1 @@
+Salted__�<����Y��s�xq�U؏��D
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.base64
new file mode 100644
index 0000000..203a047
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/1UuVXOj3RtEMceVcMua7qDQw0530YPTU=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.raw
new file mode 100644
index 0000000..d533a8b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes128.raw
@@ -0,0 +1 @@
+Salted__��O�s��u��dS��� �J$�ik{�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.base64
new file mode 100644
index 0000000..85a50be
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.base64
@@ -0,0 +1 @@
+U2FsdGVkX19Gp+yjlyN/zD/rgggvOVVFY4SmgOZCmRM=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.raw
new file mode 100644
index 0000000..7ac614e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cbc.raw differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.base64
new file mode 100644
index 0000000..c70e576
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/im+oIYCd9d7VAJxwuyTKpXnatBA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.raw
new file mode 100644
index 0000000..926bbdc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb.raw
@@ -0,0 +1,2 @@
+Salted__
+�]WW�aM��+`���o��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.base64
new file mode 100644
index 0000000..e968571
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.base64
@@ -0,0 +1 @@
+U2FsdGVkX186iw+KCu0VBo9RdYAKHo9vNfDSFQ==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.raw
new file mode 100644
index 0000000..a71a670
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-cfb8.raw
@@ -0,0 +1 @@
+Salted__���N��{����a�����
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.base64
new file mode 100644
index 0000000..eaa6ef9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1++cAjnHEiPvcYEXga2MZ/nPphLkC9FDpI=
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.raw
new file mode 100644
index 0000000..f59bb04
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ecb.raw
@@ -0,0 +1 @@
+Salted__8��X?V�
�����c�T��є�B��
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.base64
new file mode 100644
index 0000000..2055b4f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.base64
@@ -0,0 +1 @@
+U2FsdGVkX1+tB5EoA+99EgMjaRsrhrIdu+4MgA==
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.raw
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.raw b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.raw
new file mode 100644
index 0000000..c13e590
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192-ofb.raw
@@ -0,0 +1 @@
+Salted__AQ(��h�1�!�a�U��$C7�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.base64
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.base64 b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.base64
new file mode 100644
index 0000000..709506b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/pbe/java/aes192.base64
@@ -0,0 +1 @@
+U2FsdGVkX1/FEWgPPq4v5tSeC0JqBLLTmnm3mZyVQy8=
[07/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfo.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfo.java
new file mode 100644
index 0000000..01dc8cb
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfo.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.spec.pa.token;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1OctetString;
+import org.apache.haox.asn1.type.Asn1Utf8String;
+import org.apache.kerberos.kerb.spec.KrbSequenceType;
+
+/**
+ TokenInfo ::= SEQUENCE {
+ flags [0] TokenFlags,
+ tokenVendor [1] UTF8String,
+ }
+ */
+public class TokenInfo extends KrbSequenceType {
+ private static int FLAGS = 0;
+ private static int TOKEN_VENDOR = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FLAGS, Asn1OctetString.class, true),
+ new Asn1FieldInfo(TOKEN_VENDOR, Asn1Utf8String.class),
+ };
+
+ public TokenInfo() {
+ super(fieldInfos);
+ }
+
+ public TokenFlags getFlags() {
+ return getFieldAs(FLAGS, TokenFlags.class);
+ }
+
+ public void setFlags(TokenFlags flags) {
+ setFieldAs(FLAGS, flags);
+ }
+
+ public String getTokenVendor() {
+ return getFieldAsString(TOKEN_VENDOR);
+ }
+
+ public void setTokenVendor(String tokenVendor) {
+ setFieldAs(TOKEN_VENDOR, new Asn1Utf8String(tokenVendor));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfos.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfos.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfos.java
new file mode 100644
index 0000000..56e7a63
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/pa/token/TokenInfos.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.pa.token;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ SEQUENCE (SIZE(1..MAX)) OF TokenInfo,
+*/
+public class TokenInfos extends KrbSequenceOfType<TokenInfo> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/AbstractServiceTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/AbstractServiceTicket.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/AbstractServiceTicket.java
new file mode 100644
index 0000000..b119263
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/AbstractServiceTicket.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.kdc.EncKdcRepPart;
+
+public class AbstractServiceTicket {
+ private Ticket ticket;
+ private EncKdcRepPart encKdcRepPart;
+
+ public AbstractServiceTicket(Ticket ticket, EncKdcRepPart encKdcRepPart) {
+ this.ticket = ticket;
+ this.encKdcRepPart = encKdcRepPart;
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+
+ public EncKdcRepPart getEncKdcRepPart() {
+ return encKdcRepPart;
+ }
+
+ public EncryptionKey getSessionKey() {
+ return encKdcRepPart.getKey();
+ }
+
+ public String getRealm() {
+ return ticket.getRealm();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/EncTicketPart.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/EncTicketPart.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/EncTicketPart.java
new file mode 100644
index 0000000..d33e695
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/EncTicketPart.java
@@ -0,0 +1,145 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerberos.kerb.spec.common.*;
+
+/**
+ -- Encrypted part of ticket
+ EncTicketPart ::= [APPLICATION 3] SEQUENCE {
+ flags [0] TicketFlags,
+ key [1] EncryptionKey,
+ crealm [2] Realm,
+ cname [3] PrincipalName,
+ transited [4] TransitedEncoding,
+ authtime [5] KerberosTime,
+ starttime [6] KerberosTime OPTIONAL,
+ endtime [7] KerberosTime,
+ renew-till [8] KerberosTime OPTIONAL,
+ caddr [9] HostAddresses OPTIONAL,
+ authorization-data [10] AuthorizationData OPTIONAL
+ }
+ */
+public class EncTicketPart extends KrbAppSequenceType {
+ public static final int TAG = 3;
+
+ private static int FLAGS = 0;
+ private static int KEY = 1;
+ private static int CREALM = 2;
+ private static int CNAME = 3;
+ private static int TRANSITED = 4;
+ private static int AUTHTIME = 5;
+ private static int STARTTIME = 6;
+ private static int ENDTIME = 7;
+ private static int RENEW_TILL = 8;
+ private static int CADDR = 9;
+ private static int AUTHORIZATION_DATA = 10;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(FLAGS, 0, TicketFlags.class),
+ new Asn1FieldInfo(KEY, 1, EncryptionKey.class),
+ new Asn1FieldInfo(CREALM, 2, KerberosString.class),
+ new Asn1FieldInfo(CNAME, 3, PrincipalName.class),
+ new Asn1FieldInfo(TRANSITED, 4, TransitedEncoding.class),
+ new Asn1FieldInfo(AUTHTIME, 5, KerberosTime.class),
+ new Asn1FieldInfo(STARTTIME, 6, KerberosTime.class),
+ new Asn1FieldInfo(ENDTIME, 7, KerberosTime.class),
+ new Asn1FieldInfo(ENDTIME, 8, KerberosTime.class),
+ new Asn1FieldInfo(CADDR, 9, HostAddresses.class),
+ new Asn1FieldInfo(AUTHORIZATION_DATA, 10, AuthorizationData.class)
+ };
+
+ public EncTicketPart() {
+ super(TAG, fieldInfos);
+ }
+
+ public TicketFlags getFlags() {
+ return getFieldAs(FLAGS, TicketFlags.class);
+ }
+
+ public void setFlags(TicketFlags flags) {
+ setFieldAs(FLAGS, flags);
+ }
+
+ public EncryptionKey getKey() {
+ return getFieldAs(KEY, EncryptionKey.class);
+ }
+
+ public void setKey(EncryptionKey key) {
+ setFieldAs(KEY, key);
+ }
+
+ public String getCrealm() {
+ return getFieldAsString(CREALM);
+ }
+
+ public void setCrealm(String crealm) {
+ setFieldAsString(CREALM, crealm);
+ }
+
+ public PrincipalName getCname() {
+ return getFieldAs(CNAME, PrincipalName.class);
+ }
+
+ public void setCname(PrincipalName cname) {
+ setFieldAs(CNAME, cname);
+ }
+
+ public TransitedEncoding getTransited() {
+ return getFieldAs(TRANSITED, TransitedEncoding.class);
+ }
+
+ public void setTransited(TransitedEncoding transited) {
+ setFieldAs(TRANSITED, transited);
+ }
+
+ public KerberosTime getAuthTime() {
+ return getFieldAs(AUTHTIME, KerberosTime.class);
+ }
+
+ public void setAuthTime(KerberosTime authTime) {
+ setFieldAs(AUTHTIME, authTime);
+ }
+
+ public KerberosTime getStartTime() {
+ return getFieldAs(STARTTIME, KerberosTime.class);
+ }
+
+ public void setStartTime(KerberosTime startTime) {
+ setFieldAs(STARTTIME, startTime);
+ }
+
+ public KerberosTime getEndTime() {
+ return getFieldAs(ENDTIME, KerberosTime.class);
+ }
+
+ public void setEndTime(KerberosTime endTime) {
+ setFieldAs(ENDTIME, endTime);
+ }
+
+ public KerberosTime getRenewtill() {
+ return getFieldAs(RENEW_TILL, KerberosTime.class);
+ }
+
+ public void setRenewtill(KerberosTime renewtill) {
+ setFieldAs(RENEW_TILL, renewtill);
+ }
+
+ public HostAddresses getClientAddresses() {
+ return getFieldAs(CADDR, HostAddresses.class);
+ }
+
+ public void setClientAddresses(HostAddresses clientAddresses) {
+ setFieldAs(CADDR, clientAddresses);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return getFieldAs(AUTHORIZATION_DATA, AuthorizationData.class);
+ }
+
+ public void setAuthorizationData(AuthorizationData authorizationData) {
+ setFieldAs(AUTHORIZATION_DATA, authorizationData);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/ServiceTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/ServiceTicket.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/ServiceTicket.java
new file mode 100644
index 0000000..46926ba
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/ServiceTicket.java
@@ -0,0 +1,9 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.kerberos.kerb.spec.kdc.EncTgsRepPart;
+
+public class ServiceTicket extends AbstractServiceTicket {
+ public ServiceTicket(Ticket ticket, EncTgsRepPart encKdcRepPart) {
+ super(ticket, encKdcRepPart);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TgtTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TgtTicket.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TgtTicket.java
new file mode 100644
index 0000000..dcf9d5b
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TgtTicket.java
@@ -0,0 +1,17 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerberos.kerb.spec.kdc.EncAsRepPart;
+
+public class TgtTicket extends AbstractServiceTicket {
+ private PrincipalName clientPrincipal;
+
+ public TgtTicket(Ticket ticket, EncAsRepPart encKdcRepPart, String clientPrincipal) {
+ super(ticket, encKdcRepPart);
+ this.clientPrincipal = new PrincipalName(clientPrincipal);
+ }
+
+ public PrincipalName getClientPrincipal() {
+ return clientPrincipal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Ticket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Ticket.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Ticket.java
new file mode 100644
index 0000000..594d756
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Ticket.java
@@ -0,0 +1,80 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1Integer;
+import org.apache.kerberos.kerb.KrbConstant;
+import org.apache.kerberos.kerb.spec.KerberosString;
+import org.apache.kerberos.kerb.spec.KrbAppSequenceType;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+/**
+ Ticket ::= [APPLICATION 1] SEQUENCE {
+ tkt-vno [0] INTEGER (5),
+ realm [1] Realm,
+ sname [2] PrincipalName,
+ enc-part [3] EncryptedData -- EncTicketPart
+ }
+ */
+public class Ticket extends KrbAppSequenceType {
+ public static final int TKT_KVNO = KrbConstant.KRB_V5;
+ public static final int TAG = 1;
+
+ private static int TKT_VNO = 0;
+ private static int REALM = 1;
+ private static int SNAME = 2;
+ private static int ENC_PART = 3;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(TKT_VNO, 0, Asn1Integer.class),
+ new Asn1FieldInfo(REALM, 1, KerberosString.class),
+ new Asn1FieldInfo(SNAME, 2, PrincipalName.class),
+ new Asn1FieldInfo(ENC_PART, 3, EncryptedData.class)
+ };
+
+ public Ticket() {
+ super(TAG, fieldInfos);
+ setTktKvno(TKT_KVNO);
+ }
+
+ private EncTicketPart encPart;
+
+ public int getTktvno() {
+ return getFieldAsInt(TKT_VNO);
+ }
+
+ public void setTktKvno(int kvno) {
+ setFieldAsInt(TKT_VNO, kvno);
+ }
+ public PrincipalName getSname() {
+ return getFieldAs(SNAME, PrincipalName.class);
+ }
+
+ public void setSname(PrincipalName sname) {
+ setFieldAs(SNAME, sname);
+ }
+
+ public String getRealm() {
+ return getFieldAsString(REALM);
+ }
+
+ public void setRealm(String realm) {
+ setFieldAs(REALM, new KerberosString(realm));
+ }
+
+ public EncryptedData getEncryptedEncPart() {
+ return getFieldAs(ENC_PART, EncryptedData.class);
+ }
+
+ public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
+ setFieldAs(ENC_PART, encryptedEncPart);
+ }
+
+ public EncTicketPart getEncPart() {
+ return encPart;
+ }
+
+ public void setEncPart(EncTicketPart encPart) {
+ this.encPart = encPart;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlag.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlag.java
new file mode 100644
index 0000000..42925de
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlag.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.kerberos.kerb.spec.KrbEnum;
+
+public enum TicketFlag implements KrbEnum {
+ NONE(-1),
+ FORWARDABLE(0x40000000),
+ FORWARDED(0x20000000),
+ PROXIABLE(0x10000000),
+ PROXY(0x08000000),
+ MAY_POSTDATE(0x04000000),
+ POSTDATED(0x02000000),
+ INVALID(0x01000000),
+ RENEWABLE(0x00800000),
+ INITIAL(0x00400000),
+ PRE_AUTH(0x00200000),
+ HW_AUTH(0x00100000),
+ TRANSIT_POLICY_CHECKED( 0x00080000),
+ OK_AS_DELEGATE(0x00040000),
+ ENC_PA_REP(0x00010000),
+ ANONYMOUS(0x00008000);
+
+ private final int value;
+
+ private TicketFlag(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static TicketFlag fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (TicketFlag) e;
+ }
+ }
+
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlags.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlags.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlags.java
new file mode 100644
index 0000000..87a0cc6
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/TicketFlags.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.kerberos.kerb.spec.common.KrbFlags;
+
+import static org.apache.kerberos.kerb.spec.ticket.TicketFlag.INVALID;
+
+public class TicketFlags extends KrbFlags {
+
+ public TicketFlags() {
+ this(0);
+ }
+
+ public TicketFlags(int value) {
+ setFlags(value);
+ }
+
+ public boolean isInvalid() {
+ return isFlagSet(INVALID.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Tickets.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Tickets.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Tickets.java
new file mode 100644
index 0000000..40d891f
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/ticket/Tickets.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.spec.ticket;
+
+import org.apache.kerberos.kerb.spec.KrbSequenceOfType;
+
+/**
+ SEQUENCE OF Ticket
+ */
+public class Tickets extends KrbSequenceOfType<Ticket> {
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/AlgorithmIdentifier.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/AlgorithmIdentifier.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/AlgorithmIdentifier.java
new file mode 100644
index 0000000..1ce8534
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/AlgorithmIdentifier.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.spec.x509;
+
+import org.apache.haox.asn1.type.*;
+
+/**
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL
+ }
+ */
+public class AlgorithmIdentifier extends Asn1SequenceType {
+ private static int ALGORITHM = 0;
+ private static int PARAMETERS = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ALGORITHM, -1, Asn1ObjectIdentifier.class),
+ new Asn1FieldInfo(PARAMETERS, -1, Asn1Any.class)
+ };
+
+ public AlgorithmIdentifier() {
+ super(fieldInfos);
+ }
+
+ public Asn1ObjectIdentifier getAlgorithm() {
+ return getFieldAs(ALGORITHM, Asn1ObjectIdentifier.class);
+ }
+
+ public void setAlgorithm(Asn1ObjectIdentifier algorithm) {
+ setFieldAs(ALGORITHM, algorithm);
+ }
+
+ public Asn1Type getParameters() {
+ return getFieldAsAny(PARAMETERS);
+ }
+
+ public void setParameters(Asn1Type parameters) {
+ setFieldAsAny(PARAMETERS, parameters);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java
new file mode 100644
index 0000000..71fad22
--- /dev/null
+++ b/haox-kerb/kerb-core/src/main/java/org/apache/kerberos/kerb/spec/x509/SubjectPublicKeyInfo.java
@@ -0,0 +1,41 @@
+package org.apache.kerberos.kerb.spec.x509;
+
+import org.apache.haox.asn1.type.Asn1BitString;
+import org.apache.haox.asn1.type.Asn1FieldInfo;
+import org.apache.haox.asn1.type.Asn1SequenceType;
+
+/**
+ SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING
+ }
+ */
+public class SubjectPublicKeyInfo extends Asn1SequenceType {
+ private static int ALGORITHM = 0;
+ private static int SUBJECT_PUBLIC_KEY = 1;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(ALGORITHM, -1, AlgorithmIdentifier.class),
+ new Asn1FieldInfo(SUBJECT_PUBLIC_KEY, -1, Asn1BitString.class)
+ };
+
+ public SubjectPublicKeyInfo() {
+ super(fieldInfos);
+ }
+
+ public AlgorithmIdentifier getAlgorithm() {
+ return getFieldAs(ALGORITHM, AlgorithmIdentifier.class);
+ }
+
+ public void setAlgorithm(AlgorithmIdentifier algorithm) {
+ setFieldAs(ALGORITHM, algorithm);
+ }
+
+ public byte[] getSubjectPubKey() {
+ return getFieldAsOctets(SUBJECT_PUBLIC_KEY);
+ }
+
+ public void setSubjectPubKey(byte[] subjectPubKey) {
+ setFieldAs(SUBJECT_PUBLIC_KEY, new Asn1BitString(subjectPubKey));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/pom.xml b/haox-kerb/kerb-crypto/pom.xml
new file mode 100644
index 0000000..8166952
--- /dev/null
+++ b/haox-kerb/kerb-crypto/pom.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-crypto</artifactId>
+
+ <name>Haox-kerb Crypto</name>
+ <description>Haox-kerb Crypto facility</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
new file mode 100644
index 0000000..ccdeb3a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
@@ -0,0 +1,49 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+import java.util.Arrays;
+
+public abstract class AbstractCryptoTypeHandler implements CryptoTypeHandler {
+
+ private EncryptProvider encProvider;
+ private HashProvider hashProvider;
+
+ public AbstractCryptoTypeHandler(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ this.encProvider = encProvider;
+ this.hashProvider = hashProvider;
+ }
+
+ @Override
+ public EncryptProvider encProvider() {
+ return encProvider;
+ }
+
+ @Override
+ public HashProvider hashProvider() {
+ return hashProvider;
+ }
+
+ protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2) {
+ return Arrays.equals(cksum1, cksum2);
+ }
+
+ protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2, int cksum2Start, int len) {
+ if (cksum1 == cksum2)
+ return true;
+ if (cksum1 == null || cksum2 == null)
+ return false;
+
+ if (len <= cksum2.length && len <= cksum1.length) {
+ for (int i = 0; i < len; i++)
+ if (cksum1[i] != cksum2[cksum2Start + i])
+ return false;
+ } else {
+ return false;
+ }
+
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java
new file mode 100644
index 0000000..7282107
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/BytesUtil.java
@@ -0,0 +1,144 @@
+package org.apache.kerberos.kerb.crypto;
+
+public class BytesUtil {
+
+ public static short bytes2short(byte[] bytes, int offset, boolean bigEndian) {
+ short val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 8;
+ val += (bytes[offset + 1] & 0xff);
+ } else {
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static short bytes2short(byte[] bytes, boolean bigEndian) {
+ return bytes2short(bytes, 0, bigEndian);
+ }
+
+ public static byte[] short2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[2];
+
+ short2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void short2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 1] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val ) & 0xff);
+ }
+ }
+
+ public static int bytes2int(byte[] bytes, boolean bigEndian) {
+ return bytes2int(bytes, 0, bigEndian);
+ }
+
+ public static int bytes2int(byte[] bytes, int offset, boolean bigEndian) {
+ int val = 0;
+
+ if (bigEndian) {
+ val += (bytes[offset + 0] & 0xff) << 24;
+ val += (bytes[offset + 1] & 0xff) << 16;
+ val += (bytes[offset + 2] & 0xff) << 8;
+ val += (bytes[offset + 3] & 0xff);
+ } else {
+ val += (bytes[offset + 3] & 0xff) << 24;
+ val += (bytes[offset + 2] & 0xff) << 16;
+ val += (bytes[offset + 1] & 0xff) << 8;
+ val += (bytes[offset + 0] & 0xff);
+ }
+
+ return val;
+ }
+
+ public static byte[] int2bytes(int val, boolean bigEndian) {
+ byte[] bytes = new byte[4];
+
+ int2bytes(val, bytes, 0, bigEndian);
+
+ return bytes;
+ }
+
+ public static void int2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ bytes[offset + 0] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 3] = (byte) ((val) & 0xff);
+ } else {
+ bytes[offset + 3] = (byte) ((val >> 24) & 0xff);
+ bytes[offset + 2] = (byte) ((val >> 16) & 0xff);
+ bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
+ bytes[offset + 0] = (byte) ((val) & 0xff);
+ }
+ }
+
+ public static byte[] long2bytes(long val, boolean bigEndian) {
+ byte[] bytes = new byte[8];
+ long2bytes(val, bytes, 0, bigEndian);
+ return bytes;
+ }
+
+ public static void long2bytes(long val, byte[] bytes, int offset, boolean bigEndian) {
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> ((7 - i) * 8)) & 0xffL);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ bytes[i + offset] = (byte) ((val >> (i * 8)) & 0xffL);
+ }
+ }
+ }
+
+ public static long bytes2long(byte[] bytes, boolean bigEndian) {
+ return bytes2long(bytes, 0, bigEndian);
+ }
+
+ public static long bytes2long(byte[] bytes, int offset, boolean bigEndian) {
+ long val = 0;
+
+ if (bigEndian) {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << ((7 - i) * 8);
+ }
+ } else {
+ for (int i = 0; i < 8; i++) {
+ val |= (((long) bytes[i + offset]) & 0xffL) << (i * 8);
+ }
+ }
+
+ return val;
+ }
+
+ public static byte[] padding(byte[] data, int block) {
+ int len = data.length;
+ int paddingLen = len % block != 0 ? 8 - len % block : 0;
+ if (paddingLen == 0) {
+ return data;
+ }
+
+ byte[] result = new byte[len + + paddingLen];
+ System.arraycopy(data, 0, result, 0, len);
+ return result;
+ }
+
+ public static byte[] duplicate(byte[] bytes) {
+ return duplicate(bytes, 0, bytes.length);
+ }
+
+ public static byte[] duplicate(byte[] bytes, int offset, int len) {
+ byte[] dup = new byte[len];
+ System.arraycopy(bytes, offset, dup, 0, len);
+ return dup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java
new file mode 100644
index 0000000..89db740
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Camellia.java
@@ -0,0 +1,231 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
+ *
+ * This is based on CamelliaEngine.java from bouncycastle library.
+ */
+
+public class Camellia {
+ private static final int BLOCK_SIZE = 16;
+ private int[] state = new int[4]; // for encryption and decryption
+
+ private CamelliaKey camKey;
+
+ public void setKey(boolean forEncryption, byte[] key) {
+ camKey = new CamelliaKey(key, forEncryption);
+ }
+
+ private void process128Block(byte[] in, int inOff,
+ byte[] out, int outOff) {
+ for (int i = 0; i < 4; i++) {
+ state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
+ state[i] ^= camKey.kw[i];
+ }
+
+ camKey.f2(state, camKey.subkey, 0);
+ camKey.f2(state, camKey.subkey, 4);
+ camKey.f2(state, camKey.subkey, 8);
+ camKey.fls(state, camKey.ke, 0);
+ camKey.f2(state, camKey.subkey, 12);
+ camKey.f2(state, camKey.subkey, 16);
+ camKey.f2(state, camKey.subkey, 20);
+ camKey.fls(state, camKey.ke, 4);
+ camKey.f2(state, camKey.subkey, 24);
+ camKey.f2(state, camKey.subkey, 28);
+ camKey.f2(state, camKey.subkey, 32);
+
+ state[2] ^= camKey.kw[4];
+ state[3] ^= camKey.kw[5];
+ state[0] ^= camKey.kw[6];
+ state[1] ^= camKey.kw[7];
+
+ BytesUtil.int2bytes(state[2], out, outOff, true);
+ BytesUtil.int2bytes(state[3], out, outOff + 4, true);
+ BytesUtil.int2bytes(state[0], out, outOff + 8, true);
+ BytesUtil.int2bytes(state[1], out, outOff + 12, true);
+ }
+
+ private void processBlockLargerBlock(byte[] in, int inOff,
+ byte[] out, int outOff) {
+ for (int i = 0; i < 4; i++) {
+ state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
+ state[i] ^= camKey.kw[i];
+ }
+
+ camKey.f2(state, camKey.subkey, 0);
+ camKey.f2(state, camKey.subkey, 4);
+ camKey.f2(state, camKey.subkey, 8);
+ camKey.fls(state, camKey.ke, 0);
+ camKey.f2(state, camKey.subkey, 12);
+ camKey.f2(state, camKey.subkey, 16);
+ camKey.f2(state, camKey.subkey, 20);
+ camKey.fls(state, camKey.ke, 4);
+ camKey.f2(state, camKey.subkey, 24);
+ camKey.f2(state, camKey.subkey, 28);
+ camKey.f2(state, camKey.subkey, 32);
+ camKey.fls(state, camKey.ke, 8);
+ camKey.f2(state, camKey.subkey, 36);
+ camKey.f2(state, camKey.subkey, 40);
+ camKey.f2(state, camKey.subkey, 44);
+
+ state[2] ^= camKey.kw[4];
+ state[3] ^= camKey.kw[5];
+ state[0] ^= camKey.kw[6];
+ state[1] ^= camKey.kw[7];
+
+ BytesUtil.int2bytes(state[2], out, outOff, true);
+ BytesUtil.int2bytes(state[3], out, outOff + 4, true);
+ BytesUtil.int2bytes(state[0], out, outOff + 8, true);
+ BytesUtil.int2bytes(state[1], out, outOff + 12, true);
+ }
+
+ public void processBlock(byte[] in, int inOff) {
+ byte[] out = new byte[BLOCK_SIZE];
+
+ if (camKey.is128()) {
+ process128Block(in, inOff, out, 0);
+ } else {
+ processBlockLargerBlock(in, inOff, out, 0);
+ }
+
+ System.arraycopy(out, 0, in, inOff, BLOCK_SIZE);
+ }
+
+ public void encrypt(byte[] data, byte[] iv) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ byte[] cipherState = new byte[BLOCK_SIZE];
+
+ int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
+ if (blocksNum == 1) {
+ cbcEnc(data, 0, 1, cipherState);
+ return;
+ }
+
+ if (iv != null) {
+ System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
+ }
+
+ int contBlocksNum, offset = 0;
+ while (blocksNum > 2) {
+ contBlocksNum = (data.length - offset) / BLOCK_SIZE;
+ if (contBlocksNum > 0) {
+ // Encrypt a series of contiguous blocks in place if we can, but
+ // don't touch the last two blocks.
+ contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
+ cbcEnc(data, offset, contBlocksNum, cipherState);
+ offset += contBlocksNum * BLOCK_SIZE;
+ blocksNum -= contBlocksNum;
+ } else {
+ cbcEnc(data, offset, 1, cipherState);
+ offset += BLOCK_SIZE;
+ blocksNum--;
+ }
+ }
+
+ // Encrypt the last two blocks and store the results in reverse order
+ byte[] blockN2 = new byte[BLOCK_SIZE];
+ byte[] blockN1 = new byte[BLOCK_SIZE];
+
+ System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
+ cbcEnc(blockN2, 0, 1, cipherState);
+ System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
+ cbcEnc(blockN1, 0, 1, cipherState);
+
+ System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
+ System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
+
+ if (iv != null) {
+ System.arraycopy(cipherState, 0, iv, 0, BLOCK_SIZE);
+ }
+ }
+
+ public void decrypt(byte[] data, byte[] iv) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ byte[] cipherState = new byte[BLOCK_SIZE];
+
+ int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
+ if (blocksNum == 1) {
+ cbcDec(data, 0, 1, cipherState);
+ return;
+ }
+
+ if (iv != null) {
+ System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
+ }
+
+ int contBlocksNum, offset = 0;
+ while (blocksNum > 2) {
+ contBlocksNum = (data.length - offset) / BLOCK_SIZE;
+ if (contBlocksNum > 0) {
+ // Decrypt a series of contiguous blocks in place if we can, but
+ // don't touch the last two blocks.
+ contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
+ cbcDec(data, offset, contBlocksNum, cipherState);
+ offset += contBlocksNum * BLOCK_SIZE;
+ blocksNum -= contBlocksNum;
+ } else {
+ cbcDec(data, offset, 1, cipherState);
+ offset += BLOCK_SIZE;
+ blocksNum--;
+ }
+ }
+
+ // Decrypt the last two blocks
+ byte[] blockN2 = new byte[BLOCK_SIZE];
+ byte[] blockN1 = new byte[BLOCK_SIZE];
+ System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
+ System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
+ if (iv != null) {
+ System.arraycopy(blockN2, 0, iv, 0, BLOCK_SIZE);
+ }
+
+ byte[] tmpCipherState = new byte[BLOCK_SIZE];
+ System.arraycopy(blockN1, 0, tmpCipherState, 0, BLOCK_SIZE);
+ cbcDec(blockN2, 0, 1, tmpCipherState);
+ System.arraycopy(blockN2, lastBlockLen, blockN1, lastBlockLen, BLOCK_SIZE - lastBlockLen);
+ cbcDec(blockN1, 0, 1, cipherState);
+
+ System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
+ System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
+ }
+
+ /**
+ * CBC encrypt nblocks blocks of data in place, using and updating iv.
+ */
+ public void cbcEnc(byte[] data, int offset, int blocksNum, byte[] cipherState) {
+ byte[] cipher = new byte[BLOCK_SIZE];
+ for (int i = 0; i < blocksNum; ++i) {
+ System.arraycopy(data, offset + i * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
+ Util.xor(cipherState, 0, cipher);
+ processBlock(cipher, 0);
+ System.arraycopy(cipher, 0, data, offset + i * BLOCK_SIZE, BLOCK_SIZE);
+ System.arraycopy(cipher, 0, cipherState, 0, BLOCK_SIZE);
+ }
+ }
+
+ /**
+ * CBC encrypt nblocks blocks of data in place, using and updating iv.
+ */
+ public void cbcDec(byte[] data, int offset, int blocksNum, byte[] cipherState) {
+ byte[] lastBlock = new byte[BLOCK_SIZE];
+ byte[] cipher = new byte[BLOCK_SIZE];
+
+ System.arraycopy(data, offset + (blocksNum - 1) * BLOCK_SIZE, lastBlock, 0, BLOCK_SIZE);
+ for (int i = blocksNum; i > 0; i--) {
+ System.arraycopy(data, offset + (i - 1) * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
+ processBlock(cipher, 0);
+
+ if (i == 1) {
+ Util.xor(cipherState, 0, cipher);
+ } else {
+ Util.xor(data, offset + (i - 2) * BLOCK_SIZE, cipher);
+ }
+
+ System.arraycopy(cipher, 0, data, offset + (i - 1) * BLOCK_SIZE, BLOCK_SIZE);
+ }
+ System.arraycopy(lastBlock, 0, cipherState, 0, BLOCK_SIZE);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java
new file mode 100644
index 0000000..f31085e
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CamelliaKey.java
@@ -0,0 +1,414 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
+ *
+ * This is based on CamelliaEngine.java from bouncycastle library.
+ */
+
+public class CamelliaKey {
+ private int keySize;
+
+ protected int[] subkey = new int[24 * 4];
+ protected int[] kw = new int[4 * 2]; // for whitening
+ protected int[] ke = new int[6 * 2]; // for FL and FL^(-1)
+
+ private static final int SIGMA[] = {
+ 0xa09e667f, 0x3bcc908b,
+ 0xb67ae858, 0x4caa73b2,
+ 0xc6ef372f, 0xe94f82be,
+ 0x54ff53a5, 0xf1d36f1c,
+ 0x10e527fa, 0xde682d1d,
+ 0xb05688c2, 0xb3e6c1fd
+ };
+
+ // S-box data
+ protected static final byte SBOX1[] = {
+ (byte)112, (byte)130, (byte)44, (byte)236,
+ (byte)179, (byte)39, (byte)192, (byte)229,
+ (byte)228, (byte)133, (byte)87, (byte)53,
+ (byte)234, (byte)12, (byte)174, (byte)65,
+ (byte)35, (byte)239, (byte)107, (byte)147,
+ (byte)69, (byte)25, (byte)165, (byte)33,
+ (byte)237, (byte)14, (byte)79, (byte)78,
+ (byte)29, (byte)101, (byte)146, (byte)189,
+ (byte)134, (byte)184, (byte)175, (byte)143,
+ (byte)124, (byte)235, (byte)31, (byte)206,
+ (byte)62, (byte)48, (byte)220, (byte)95,
+ (byte)94, (byte)197, (byte)11, (byte)26,
+ (byte)166, (byte)225, (byte)57, (byte)202,
+ (byte)213, (byte)71, (byte)93, (byte)61,
+ (byte)217, (byte)1, (byte)90, (byte)214,
+ (byte)81, (byte)86, (byte)108, (byte)77,
+ (byte)139, (byte)13, (byte)154, (byte)102,
+ (byte)251, (byte)204, (byte)176, (byte)45,
+ (byte)116, (byte)18, (byte)43, (byte)32,
+ (byte)240, (byte)177, (byte)132, (byte)153,
+ (byte)223, (byte)76, (byte)203, (byte)194,
+ (byte)52, (byte)126, (byte)118, (byte)5,
+ (byte)109, (byte)183, (byte)169, (byte)49,
+ (byte)209, (byte)23, (byte)4, (byte)215,
+ (byte)20, (byte)88, (byte)58, (byte)97,
+ (byte)222, (byte)27, (byte)17, (byte)28,
+ (byte)50, (byte)15, (byte)156, (byte)22,
+ (byte)83, (byte)24, (byte)242, (byte)34,
+ (byte)254, (byte)68, (byte)207, (byte)178,
+ (byte)195, (byte)181, (byte)122, (byte)145,
+ (byte)36, (byte)8, (byte)232, (byte)168,
+ (byte)96, (byte)252, (byte)105, (byte)80,
+ (byte)170, (byte)208, (byte)160, (byte)125,
+ (byte)161, (byte)137, (byte)98, (byte)151,
+ (byte)84, (byte)91, (byte)30, (byte)149,
+ (byte)224, (byte)255, (byte)100, (byte)210,
+ (byte)16, (byte)196, (byte)0, (byte)72,
+ (byte)163, (byte)247, (byte)117, (byte)219,
+ (byte)138, (byte)3, (byte)230, (byte)218,
+ (byte)9, (byte)63, (byte)221, (byte)148,
+ (byte)135, (byte)92, (byte)131, (byte)2,
+ (byte)205, (byte)74, (byte)144, (byte)51,
+ (byte)115, (byte)103, (byte)246, (byte)243,
+ (byte)157, (byte)127, (byte)191, (byte)226,
+ (byte)82, (byte)155, (byte)216, (byte)38,
+ (byte)200, (byte)55, (byte)198, (byte)59,
+ (byte)129, (byte)150, (byte)111, (byte)75,
+ (byte)19, (byte)190, (byte)99, (byte)46,
+ (byte)233, (byte)121, (byte)167, (byte)140,
+ (byte)159, (byte)110, (byte)188, (byte)142,
+ (byte)41, (byte)245, (byte)249, (byte)182,
+ (byte)47, (byte)253, (byte)180, (byte)89,
+ (byte)120, (byte)152, (byte)6, (byte)106,
+ (byte)231, (byte)70, (byte)113, (byte)186,
+ (byte)212, (byte)37, (byte)171, (byte)66,
+ (byte)136, (byte)162, (byte)141, (byte)250,
+ (byte)114, (byte)7, (byte)185, (byte)85,
+ (byte)248, (byte)238, (byte)172, (byte)10,
+ (byte)54, (byte)73, (byte)42, (byte)104,
+ (byte)60, (byte)56, (byte)241, (byte)164,
+ (byte)64, (byte)40, (byte)211, (byte)123,
+ (byte)187, (byte)201, (byte)67, (byte)193,
+ (byte)21, (byte)227, (byte)173, (byte)244,
+ (byte)119, (byte)199, (byte)128, (byte)158
+ };
+
+ public CamelliaKey(byte[] key, boolean isEncrypt) {
+ init(key, isEncrypt);
+ }
+
+ protected boolean is128() {
+ return keySize == 16;
+ }
+
+ private static int rightRotate(int x, int s) {
+ return (((x) >>> (s)) + ((x) << (32 - s)));
+ }
+
+ private static int leftRotate(int x, int s) {
+ return ((x) << (s)) + ((x) >>> (32 - s));
+ }
+
+ private static void roldq(int rot, int[] ki, int ioff,
+ int[] ko, int ooff) {
+ ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
+ ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
+ ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
+ ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
+ ki[0 + ioff] = ko[0 + ooff];
+ ki[1 + ioff] = ko[1 + ooff];
+ ki[2 + ioff] = ko[2 + ooff];
+ ki[3 + ioff] = ko[3 + ooff];
+ }
+
+ private static void decroldq(int rot, int[] ki, int ioff,
+ int[] ko, int ooff) {
+ ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
+ ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
+ ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
+ ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
+ ki[0 + ioff] = ko[2 + ooff];
+ ki[1 + ioff] = ko[3 + ooff];
+ ki[2 + ioff] = ko[0 + ooff];
+ ki[3 + ioff] = ko[1 + ooff];
+ }
+
+ private static void roldqo32(int rot, int[] ki, int ioff,
+ int[] ko, int ooff)
+ {
+ ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
+ ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
+ ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
+ ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
+ ki[0 + ioff] = ko[0 + ooff];
+ ki[1 + ioff] = ko[1 + ooff];
+ ki[2 + ioff] = ko[2 + ooff];
+ ki[3 + ioff] = ko[3 + ooff];
+ }
+
+ private static void decroldqo32(int rot, int[] ki, int ioff,
+ int[] ko, int ooff) {
+ ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
+ ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
+ ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
+ ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
+ ki[0 + ioff] = ko[2 + ooff];
+ ki[1 + ioff] = ko[3 + ooff];
+ ki[2 + ioff] = ko[0 + ooff];
+ ki[3 + ioff] = ko[1 + ooff];
+ }
+
+ private byte lRot8(byte v, int rot)
+ {
+ return (byte)((v << rot) | ((v & 0xff) >>> (8 - rot)));
+ }
+
+ private int sbox2(int x)
+ {
+ return (lRot8(SBOX1[x], 1) & 0xff);
+ }
+
+ private int sbox3(int x)
+ {
+ return (lRot8(SBOX1[x], 7) & 0xff);
+ }
+
+ private int sbox4(int x)
+ {
+ return (SBOX1[((int)lRot8((byte)x, 1) & 0xff)] & 0xff);
+ }
+
+ protected void fls(int[] s, int[] fkey, int keyoff) {
+ s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1);
+ s[0] ^= fkey[1 + keyoff] | s[1];
+
+ s[2] ^= fkey[3 + keyoff] | s[3];
+ s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1);
+ }
+
+ protected void f2(int[] s, int[] skey, int keyoff) {
+ int t1, t2, u, v;
+
+ t1 = s[0] ^ skey[0 + keyoff];
+ u = sbox4((t1 & 0xff));
+ u |= (sbox3(((t1 >>> 8) & 0xff)) << 8);
+ u |= (sbox2(((t1 >>> 16) & 0xff)) << 16);
+ u |= ((int)(SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24);
+
+ t2 = s[1] ^ skey[1 + keyoff];
+ v = (int)SBOX1[(t2 & 0xff)] & 0xff;
+ v |= (sbox4(((t2 >>> 8) & 0xff)) << 8);
+ v |= (sbox3(((t2 >>> 16) & 0xff)) << 16);
+ v |= (sbox2(((t2 >>> 24) & 0xff)) << 24);
+
+ v = leftRotate(v, 8);
+ u ^= v;
+ v = leftRotate(v, 8) ^ u;
+ u = rightRotate(u, 8) ^ v;
+ s[2] ^= leftRotate(v, 16) ^ u;
+ s[3] ^= leftRotate(u, 8);
+
+ t1 = s[2] ^ skey[2 + keyoff];
+ u = sbox4((t1 & 0xff));
+ u |= sbox3(((t1 >>> 8) & 0xff)) << 8;
+ u |= sbox2(((t1 >>> 16) & 0xff)) << 16;
+ u |= ((int)SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24;
+
+ t2 = s[3] ^ skey[3 + keyoff];
+ v = ((int)SBOX1[(t2 & 0xff)] & 0xff);
+ v |= sbox4(((t2 >>> 8) & 0xff)) << 8;
+ v |= sbox3(((t2 >>> 16) & 0xff)) << 16;
+ v |= sbox2(((t2 >>> 24) & 0xff)) << 24;
+
+ v = leftRotate(v, 8);
+ u ^= v;
+ v = leftRotate(v, 8) ^ u;
+ u = rightRotate(u, 8) ^ v;
+ s[0] ^= leftRotate(v, 16) ^ u;
+ s[1] ^= leftRotate(u, 8);
+ }
+
+ private void init(byte[] key, boolean isEncrypt) {
+ keySize = key.length;
+
+ int[] k = new int[8];
+ int[] ka = new int[4];
+ int[] kb = new int[4];
+ int[] t = new int[4];
+
+ switch (key.length) {
+ case 16:
+ k[0] = BytesUtil.bytes2int(key, 0, true);
+ k[1] = BytesUtil.bytes2int(key, 4, true);
+ k[2] = BytesUtil.bytes2int(key, 8, true);
+ k[3] = BytesUtil.bytes2int(key, 12, true);
+ k[4] = k[5] = k[6] = k[7] = 0;
+ break;
+ case 24:
+ k[0] = BytesUtil.bytes2int(key, 0, true);
+ k[1] = BytesUtil.bytes2int(key, 4, true);
+ k[2] = BytesUtil.bytes2int(key, 8, true);
+ k[3] = BytesUtil.bytes2int(key, 12, true);
+ k[4] = BytesUtil.bytes2int(key, 16, true);
+ k[5] = BytesUtil.bytes2int(key, 20, true);
+ k[6] = ~k[4];
+ k[7] = ~k[5];
+ break;
+ case 32:
+ k[0] = BytesUtil.bytes2int(key, 0, true);
+ k[1] = BytesUtil.bytes2int(key, 4, true);
+ k[2] = BytesUtil.bytes2int(key, 8, true);
+ k[3] = BytesUtil.bytes2int(key, 12, true);
+ k[4] = BytesUtil.bytes2int(key, 16, true);
+ k[5] = BytesUtil.bytes2int(key, 20, true);
+ k[6] = BytesUtil.bytes2int(key, 24, true);
+ k[7] = BytesUtil.bytes2int(key, 28, true);
+ break;
+ default:
+ throw new
+ IllegalArgumentException("Invalid key size, only support 16/24/32 bytes");
+ }
+
+ for (int i = 0; i < 4; i++) {
+ ka[i] = k[i] ^ k[i + 4];
+ }
+
+ /* compute KA */
+ f2(ka, SIGMA, 0);
+ for (int i = 0; i < 4; i++) {
+ ka[i] ^= k[i];
+ }
+ f2(ka, SIGMA, 4);
+
+ if (keySize == 16) {
+ if (isEncrypt) {
+ /* KL dependant keys */
+ kw[0] = k[0];
+ kw[1] = k[1];
+ kw[2] = k[2];
+ kw[3] = k[3];
+ roldq(15, k, 0, subkey, 4);
+ roldq(30, k, 0, subkey, 12);
+ roldq(15, k, 0, t, 0);
+ subkey[18] = t[2];
+ subkey[19] = t[3];
+ roldq(17, k, 0, ke, 4);
+ roldq(17, k, 0, subkey, 24);
+ roldq(17, k, 0, subkey, 32);
+ /* KA dependant keys */
+ subkey[0] = ka[0];
+ subkey[1] = ka[1];
+ subkey[2] = ka[2];
+ subkey[3] = ka[3];
+ roldq(15, ka, 0, subkey, 8);
+ roldq(15, ka, 0, ke, 0);
+ roldq(15, ka, 0, t, 0);
+ subkey[16] = t[0];
+ subkey[17] = t[1];
+ roldq(15, ka, 0, subkey, 20);
+ roldqo32(34, ka, 0, subkey, 28);
+ roldq(17, ka, 0, kw, 4);
+
+ } else { // decryption
+ /* KL dependant keys */
+ kw[4] = k[0];
+ kw[5] = k[1];
+ kw[6] = k[2];
+ kw[7] = k[3];
+ decroldq(15, k, 0, subkey, 28);
+ decroldq(30, k, 0, subkey, 20);
+ decroldq(15, k, 0, t, 0);
+ subkey[16] = t[0];
+ subkey[17] = t[1];
+ decroldq(17, k, 0, ke, 0);
+ decroldq(17, k, 0, subkey, 8);
+ decroldq(17, k, 0, subkey, 0);
+ /* KA dependant keys */
+ subkey[34] = ka[0];
+ subkey[35] = ka[1];
+ subkey[32] = ka[2];
+ subkey[33] = ka[3];
+ decroldq(15, ka, 0, subkey, 24);
+ decroldq(15, ka, 0, ke, 4);
+ decroldq(15, ka, 0, t, 0);
+ subkey[18] = t[2];
+ subkey[19] = t[3];
+ decroldq(15, ka, 0, subkey, 12);
+ decroldqo32(34, ka, 0, subkey, 4);
+ roldq(17, ka, 0, kw, 0);
+ }
+ } else { // 192bit or 256bit
+ /* compute KB */
+ for (int i = 0; i < 4; i++) {
+ kb[i] = ka[i] ^ k[i + 4];
+ }
+ f2(kb, SIGMA, 8);
+
+ if (isEncrypt) {
+ /* KL dependant keys */
+ kw[0] = k[0];
+ kw[1] = k[1];
+ kw[2] = k[2];
+ kw[3] = k[3];
+ roldqo32(45, k, 0, subkey, 16);
+ roldq(15, k, 0, ke, 4);
+ roldq(17, k, 0, subkey, 32);
+ roldqo32(34, k, 0, subkey, 44);
+ /* KR dependant keys */
+ roldq(15, k, 4, subkey, 4);
+ roldq(15, k, 4, ke, 0);
+ roldq(30, k, 4, subkey, 24);
+ roldqo32(34, k, 4, subkey, 36);
+ /* KA dependant keys */
+ roldq(15, ka, 0, subkey, 8);
+ roldq(30, ka, 0, subkey, 20);
+ /* 32bit rotation */
+ ke[8] = ka[1];
+ ke[9] = ka[2];
+ ke[10] = ka[3];
+ ke[11] = ka[0];
+ roldqo32(49, ka, 0, subkey, 40);
+
+ /* KB dependant keys */
+ subkey[0] = kb[0];
+ subkey[1] = kb[1];
+ subkey[2] = kb[2];
+ subkey[3] = kb[3];
+ roldq(30, kb, 0, subkey, 12);
+ roldq(30, kb, 0, subkey, 28);
+ roldqo32(51, kb, 0, kw, 4);
+
+ } else { // decryption
+ /* KL dependant keys */
+ kw[4] = k[0];
+ kw[5] = k[1];
+ kw[6] = k[2];
+ kw[7] = k[3];
+ decroldqo32(45, k, 0, subkey, 28);
+ decroldq(15, k, 0, ke, 4);
+ decroldq(17, k, 0, subkey, 12);
+ decroldqo32(34, k, 0, subkey, 0);
+ /* KR dependant keys */
+ decroldq(15, k, 4, subkey, 40);
+ decroldq(15, k, 4, ke, 8);
+ decroldq(30, k, 4, subkey, 20);
+ decroldqo32(34, k, 4, subkey, 8);
+ /* KA dependant keys */
+ decroldq(15, ka, 0, subkey, 36);
+ decroldq(30, ka, 0, subkey, 24);
+ /* 32bit rotation */
+ ke[2] = ka[1];
+ ke[3] = ka[2];
+ ke[0] = ka[3];
+ ke[1] = ka[0];
+ decroldqo32(49, ka, 0, subkey, 4);
+
+ /* KB dependant keys */
+ subkey[46] = kb[0];
+ subkey[47] = kb[1];
+ subkey[44] = kb[2];
+ subkey[45] = kb[3];
+ decroldq(30, kb, 0, subkey, 32);
+ decroldq(30, kb, 0, subkey, 16);
+ roldqo32(51, kb, 0, kw, 0);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java
new file mode 100644
index 0000000..2f25dde
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumHandler.java
@@ -0,0 +1,134 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.cksum.*;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+
+public class CheckSumHandler {
+
+ public static CheckSumTypeHandler getCheckSumHandler(String cksumType) throws KrbException {
+ CheckSumType eTypeEnum = CheckSumType.fromName(cksumType);
+ return getCheckSumHandler(eTypeEnum);
+ }
+
+ public static CheckSumTypeHandler getCheckSumHandler(int cksumType) throws KrbException {
+ CheckSumType eTypeEnum = CheckSumType.fromValue(cksumType);
+ return getCheckSumHandler(eTypeEnum);
+ }
+
+ public static boolean isImplemented(CheckSumType cksumType) throws KrbException {
+ return getCheckSumHandler(cksumType, true) != null;
+ }
+
+ public static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType) throws KrbException {
+ return getCheckSumHandler(cksumType, false);
+ }
+
+ private static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType, boolean check) throws KrbException {
+ CheckSumTypeHandler cksumHandler = null;
+ switch (cksumType) {
+ case CRC32:
+ cksumHandler = new Crc32CheckSum();
+ break;
+
+ case DES_MAC:
+ cksumHandler = new DesCbcCheckSum();
+ break;
+
+ case RSA_MD4:
+ cksumHandler = new RsaMd4CheckSum();
+ break;
+
+ case RSA_MD5:
+ cksumHandler = new RsaMd5CheckSum();
+ break;
+
+ case NIST_SHA:
+ cksumHandler = new Sha1CheckSum();
+ break;
+
+ case RSA_MD4_DES:
+ cksumHandler = new RsaMd4DesCheckSum();
+ break;
+
+ case RSA_MD5_DES:
+ cksumHandler = new RsaMd5DesCheckSum();
+ break;
+
+ case HMAC_SHA1_DES3:
+ case HMAC_SHA1_DES3_KD:
+ cksumHandler = new HmacSha1Des3CheckSum();
+ break;
+
+ case HMAC_SHA1_96_AES128:
+ cksumHandler = new HmacSha1Aes128CheckSum();
+ break;
+
+ case HMAC_SHA1_96_AES256:
+ cksumHandler = new HmacSha1Aes256CheckSum();
+ break;
+
+ case CMAC_CAMELLIA128:
+ cksumHandler = new CmacCamellia128CheckSum();
+ break;
+
+ case CMAC_CAMELLIA256:
+ cksumHandler = new CmacCamellia256CheckSum();
+ break;
+
+ case HMAC_MD5_ARCFOUR:
+ cksumHandler = new HmacMd5Rc4CheckSum();
+ break;
+
+ case MD5_HMAC_ARCFOUR:
+ cksumHandler = new Md5HmacRc4CheckSum();
+ break;
+
+ default:
+ break;
+ }
+
+ if (cksumHandler == null && ! check) {
+ String message = "Unsupported checksum type: " + cksumType.name();
+ throw new KrbException(KrbErrorCode.KDC_ERR_SUMTYPE_NOSUPP, message);
+ }
+
+ return cksumHandler;
+ }
+
+ public static CheckSum checksum(CheckSumType checkSumType, byte[] bytes) throws KrbException {
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ byte[] checksumBytes = handler.checksum(bytes);
+ CheckSum checkSum = new CheckSum();
+ checkSum.setCksumtype(checkSumType);
+ checkSum.setChecksum(checksumBytes);
+ return checkSum;
+ }
+
+ public static boolean verify(CheckSum checkSum, byte[] bytes) throws KrbException {
+ CheckSumType checkSumType = checkSum.getCksumtype();
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ return handler.verify(bytes, checkSum.getChecksum());
+ }
+
+ public static CheckSum checksumWithKey(CheckSumType checkSumType,
+ byte[] bytes, byte[] key, KeyUsage usage) throws KrbException {
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ byte[] checksumBytes = handler.checksumWithKey(bytes, key, usage.getValue());
+ CheckSum checkSum = new CheckSum();
+ checkSum.setCksumtype(checkSumType);
+ checkSum.setChecksum(checksumBytes);
+ return checkSum;
+ }
+
+ public static boolean verifyWithKey(CheckSum checkSum, byte[] bytes,
+ byte[] key, KeyUsage usage) throws KrbException {
+ CheckSumType checkSumType = checkSum.getCksumtype();
+ CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+ return handler.verifyWithKey(bytes, key,
+ usage.getValue(), checkSum.getChecksum());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java
new file mode 100644
index 0000000..175e93b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CheckSumTypeHandler.java
@@ -0,0 +1,38 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public interface CheckSumTypeHandler extends CryptoTypeHandler {
+
+ public int confounderSize();
+
+ public CheckSumType cksumType();
+
+ public int computeSize(); // allocation size for checksum computation
+
+ public int outputSize(); // possibly truncated output size
+
+ public boolean isSafe();
+
+ public int cksumSize();
+
+ public int keySize();
+
+ public byte[] checksum(byte[] data) throws KrbException;
+
+ public byte[] checksum(byte[] data, int start, int len) throws KrbException;
+
+ public boolean verify(byte[] data, byte[] checksum) throws KrbException;
+
+ public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException;
+
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException;
+
+ public byte[] checksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException;
+
+ public boolean verifyWithKey(byte[] data,
+ byte[] key, int usage, byte[] checksum) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java
new file mode 100644
index 0000000..7f7d333
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Cmac.java
@@ -0,0 +1,159 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 cmac.c
+ */
+public class Cmac {
+
+ private static byte[] constRb = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, (byte) 0x87
+ };
+
+ public static byte[] cmac(EncryptProvider encProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return cmac(encProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] cmac(EncryptProvider encProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Cmac.cmac(encProvider, key, data, start, len);
+ if (hash.length > outputSize) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ } else {
+ return hash;
+ }
+ }
+
+ public static byte[] cmac(EncryptProvider encProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return cmac(encProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] cmac(EncryptProvider encProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockSize = encProvider.blockSize();
+
+ byte[] Y = new byte[blockSize];
+ byte[] mLast = new byte[blockSize];
+ byte[] padded = new byte[blockSize];
+ byte[] K1 = new byte[blockSize];
+ byte[] K2 = new byte[blockSize];
+
+ // step 1
+ makeSubkey(encProvider, key, K1, K2);
+
+ // step 2
+ int n = (len + blockSize - 1) / blockSize;
+
+ // step 3
+ boolean lastIsComplete;
+ if (n == 0) {
+ n = 1;
+ lastIsComplete = false;
+ } else {
+ lastIsComplete = ((len % blockSize) == 0);
+ }
+
+ // Step 6 (all but last block)
+ byte[] cipherState = new byte[blockSize];
+ byte[] cipher = new byte[blockSize];
+ for (int i = 0; i < n - 1; i++) {
+ System.arraycopy(data, i * blockSize, cipher, 0, blockSize);
+ encryptBlock(encProvider, key, cipherState, cipher);
+ System.arraycopy(cipher, 0, cipherState, 0, blockSize);
+ }
+
+ // step 5
+ System.arraycopy(cipher, 0, Y, 0, blockSize);
+
+ // step 4
+ int lastPos = (n - 1) * blockSize;
+ int lastLen = lastIsComplete ? blockSize : len % blockSize;
+ byte[] lastBlock = new byte[lastLen];
+ System.arraycopy(data, lastPos, lastBlock, 0, lastLen);
+ if (lastIsComplete) {
+ Util.xor(lastBlock, K1, mLast);
+ } else {
+ padding(lastBlock, padded);
+ Util.xor(padded, K2, mLast);
+ }
+
+ // Step 6 (last block)
+ encryptBlock(encProvider, key, cipherState, mLast);
+
+ return mLast;
+ }
+
+ // Generate subkeys K1 and K2 as described in RFC 4493 figure 2.2.
+ private static void makeSubkey(EncryptProvider encProvider,
+ byte[] key, byte[] K1, byte[] K2) throws KrbException {
+
+ // L := encrypt(K, const_Zero)
+ byte[] L = new byte[K1.length];
+ Arrays.fill(L, (byte) 0);
+ encryptBlock(encProvider, key, null, L);
+
+ // K1 := (MSB(L) == 0) ? L << 1 : (L << 1) XOR const_Rb
+ if ((L[0] & 0x80) == 0) {
+ leftShiftByOne(L, K1);
+ } else {
+ byte[] tmp = new byte[K1.length];
+ leftShiftByOne(L, tmp);
+ Util.xor(tmp, constRb, K1);
+ }
+
+ // K2 := (MSB(K1) == 0) ? K1 << 1 : (K1 << 1) XOR const_Rb
+ if ((K1[0] & 0x80) == 0) {
+ leftShiftByOne(K1, K2);
+ } else {
+ byte[] tmp = new byte[K1.length];
+ leftShiftByOne(K1, tmp);
+ Util.xor(tmp, constRb, K2);
+ }
+ }
+
+ private static void encryptBlock(EncryptProvider encProvider,
+ byte[] key, byte[] cipherState, byte[] block) throws KrbException {
+ if (cipherState == null) {
+ cipherState = new byte[encProvider.blockSize()];
+ }
+ if (encProvider.supportCbcMac()) {
+ encProvider.cbcMac(key, cipherState, block);
+ } else {
+ encProvider.encrypt(key, cipherState, block);
+ }
+ }
+
+ private static void leftShiftByOne(byte[] input, byte[] output) {
+ byte overflow = 0;
+
+ for (int i = input.length - 1; i >= 0; i--) {
+ output[i] = (byte) (input[i] << 1);
+ output[i] |= overflow;
+ overflow = (byte) ((input[i] & 0x80) != 0 ? 1 : 0);
+ }
+ }
+
+ // Padding out data with a 1 bit followed by 0 bits, placing the result in pad
+ private static void padding(byte[] data, byte[] padded) {
+ int len = data.length;
+
+ // original last block
+ System.arraycopy(data, 0, padded, 0, len);
+
+ padded[len] = (byte) 0x80;
+
+ for (int i = len + 1; i < padded.length; i++) {
+ padded[i] = 0x00;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java
new file mode 100644
index 0000000..a79fa43
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Confounder.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Confounder {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static byte[] makeBytes(int size) {
+ byte[] data = new byte[size];
+ srand.nextBytes(data);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java
new file mode 100644
index 0000000..2c9f600
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Crc32.java
@@ -0,0 +1,59 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Reference: http://introcs.cs.princeton.edu/java/51data/CRC32.java
+ */
+public class Crc32 {
+
+ private static long[] table = {
+ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
+ 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
+ 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
+ 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
+ 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
+ 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
+ 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
+ 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
+ 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
+ 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
+ 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
+ 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
+ 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
+ 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
+ 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
+ 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
+ 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
+ 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
+ };
+
+ public static byte[] crc(byte[] data, int start, int size) {
+ long c = crc(0, data, start, size);
+ return BytesUtil.int2bytes((int) c, false);
+ }
+
+ public static long crc(long initial, byte[] data, int start, int len) {
+ long c = initial;
+
+ int idx;
+ for (int i = 0; i < len; i++) {
+ idx = (int) ((data[start + i] ^ c) & 0xff);
+ c = ((c & 0xffffffffL) >>> 8) ^ table[idx]; // why?
+ }
+
+ return c;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java
new file mode 100644
index 0000000..fee7433
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/CryptoTypeHandler.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public interface CryptoTypeHandler {
+
+ public String name();
+
+ public String displayName();
+
+ public EncryptProvider encProvider();
+
+ public HashProvider hashProvider();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
new file mode 100644
index 0000000..54fbc3b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
@@ -0,0 +1,62 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 weak_key.c
+ */
+public class Des {
+
+ /*
+ * The following are the weak DES keys:
+ */
+ static byte[][] WEAK_KEYS = {
+ /* weak keys */
+ {(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01},
+ {(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe},
+ {(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e},
+ {(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1},
+
+ /* semi-weak */
+ {(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe},
+ {(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01},
+
+ {(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1},
+ {(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e},
+
+ {(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1},
+ {(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1,(byte) 0x01},
+
+ {(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe},
+ {(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e},
+
+ {(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e},
+ {(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e,(byte) 0x01},
+
+ {(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe},
+ {(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1}
+ };
+
+ public static boolean isWeakKey(byte[] key, int offset, int len) {
+ for (byte[] weakKey : WEAK_KEYS) {
+ if (weakKey.length != len)
+ return false;
+
+ for (int i = 0; i < len; i++) {
+ if (weakKey[i] != key[i]) {
+ return false;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * MIT krb5 FIXUP(k) in s2k_des.c
+ */
+ public static void fixKey(byte[] key, int offset, int len) {
+ if (isWeakKey(key, offset, len)) {
+ key[offset + 7] ^= (byte) 0xf0;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java
new file mode 100644
index 0000000..1021106
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncTypeHandler.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public interface EncTypeHandler extends CryptoTypeHandler {
+
+ public EncryptionType eType();
+
+ public int keyInputSize();
+
+ public int keySize();
+
+ public int confounderSize();
+
+ public int checksumSize();
+
+ public int paddingSize();
+
+ public byte[] str2key(String string,
+ String salt, byte[] param) throws KrbException;
+
+ public byte[] random2Key(byte[] randomBits) throws KrbException;
+
+ public CheckSumType checksumType();
+
+ public byte[] encrypt(byte[] data, byte[] key, int usage)
+ throws KrbException;
+
+ public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException;
+
+ public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java
new file mode 100644
index 0000000..c269b36
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/EncryptionHandler.java
@@ -0,0 +1,157 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.enc.*;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.*;
+
+public class EncryptionHandler {
+
+ public static EncryptionType getEncryptionType(String eType) throws KrbException {
+ EncryptionType result = EncryptionType.fromName(eType);
+ return result;
+ }
+
+ public static EncTypeHandler getEncHandler(String eType) throws KrbException {
+ EncryptionType result = EncryptionType.fromName(eType);
+ return getEncHandler(result);
+ }
+
+ public static EncTypeHandler getEncHandler(int eType) throws KrbException {
+ EncryptionType eTypeEnum = EncryptionType.fromValue(eType);
+ return getEncHandler(eTypeEnum);
+ }
+
+ public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException {
+ return getEncHandler(eType, false);
+ }
+
+ private static EncTypeHandler getEncHandler(EncryptionType eType, boolean check) throws KrbException {
+ EncTypeHandler encHandler = null;
+ /**
+ * As it's still incomplete yet for the DesKeyMaker, commented DES_* types for now.
+ */
+ switch (eType) {
+ case DES_CBC_CRC:
+ //encHandler = new DesCbcCrcEnc();
+ break;
+
+ case DES_CBC_MD5:
+ case DES:
+ //encHandler = new DesCbcMd5Enc();
+ break;
+
+ case DES_CBC_MD4:
+ //encHandler = new DesCbcMd4Enc();
+ break;
+
+ case DES3_CBC_SHA1:
+ case DES3_CBC_SHA1_KD:
+ case DES3_HMAC_SHA1:
+ encHandler = new Des3CbcSha1Enc();
+ break;
+
+ case AES128_CTS_HMAC_SHA1_96:
+ case AES128_CTS:
+ encHandler = new Aes128CtsHmacSha1Enc();
+ break;
+
+ case AES256_CTS_HMAC_SHA1_96:
+ case AES256_CTS:
+ encHandler = new Aes256CtsHmacSha1Enc();
+ break;
+
+ case CAMELLIA128_CTS_CMAC:
+ case CAMELLIA128_CTS:
+ encHandler = new Camellia128CtsCmacEnc();
+ break;
+
+ case CAMELLIA256_CTS_CMAC:
+ case CAMELLIA256_CTS:
+ encHandler = new Camellia256CtsCmacEnc();
+ break;
+
+ case RC4_HMAC:
+ case ARCFOUR_HMAC:
+ case ARCFOUR_HMAC_MD5:
+ encHandler = new Rc4HmacEnc();
+ break;
+
+ case RC4_HMAC_EXP:
+ case ARCFOUR_HMAC_EXP:
+ case ARCFOUR_HMAC_MD5_EXP:
+ encHandler = new Rc4HmacExpEnc();
+ break;
+
+ case NONE:
+ default:
+ break;
+ }
+
+ if (encHandler == null && ! check) {
+ String message = "Unsupported encryption type: " + eType.name();
+ throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message);
+ }
+
+ return encHandler;
+ }
+
+ public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+ byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue());
+
+ EncryptedData ed = new EncryptedData();
+ ed.setCipher(cipher);
+ ed.setEType(key.getKeyType());
+ ed.setKvno(key.getKvno());
+
+ return ed;
+ }
+
+ public static byte[] decrypt(byte[] data, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+ byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue());
+ return plainData;
+ }
+
+ public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+ byte[] plainData = handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue());
+ return plainData;
+ }
+
+ public static boolean isImplemented(EncryptionType eType) {
+ EncTypeHandler handler = null;
+ try {
+ handler = getEncHandler(eType, true);
+ } catch (KrbException e) {
+ return false;
+ }
+ return handler != null;
+ }
+
+ public static EncryptionKey string2Key(String principalName,
+ String passPhrase, EncryptionType eType) throws KrbException {
+ PrincipalName principal = new PrincipalName(principalName);
+ return string2Key(passPhrase,
+ PrincipalName.makeSalt(principal), null, eType);
+ }
+
+ public static EncryptionKey string2Key(String string, String salt,
+ byte[] s2kparams, EncryptionType eType) throws KrbException {
+ EncTypeHandler handler = getEncHandler(eType);
+ byte[] keyBytes = handler.str2key(string, salt, s2kparams);
+ return new EncryptionKey(eType, keyBytes);
+ }
+
+ public static EncryptionKey random2Key(EncryptionType eType) throws KrbException {
+ EncTypeHandler handler = getEncHandler(eType);
+
+ byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
+ byte[] keyBytes = handler.random2Key(randomBytes);
+ EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
+ return encKey;
+ }
+}
[25/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14.java
new file mode 100644
index 0000000..3e64e5d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14.java
@@ -0,0 +1,272 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java14.java $
+ * $Revision: 166 $
+ * $Date: 2014-04-28 11:40:25 -0700 (Mon, 28 Apr 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.IPAddressParser;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
+
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Jun-2006
+ */
+public final class Java14 extends JavaImpl {
+ private static Java14 instance = new Java14();
+
+ private Java14() {
+ try {
+ SSLSocketFactory.getDefault().createSocket();
+ }
+ catch (IOException ioe) {
+ ioe.hashCode();
+ }
+ }
+
+ public static Java14 getInstance() {
+ return instance;
+ }
+
+ public final String getVersion() {
+ return "Java14";
+ }
+
+ protected final String retrieveSubjectX500(X509Certificate cert) {
+ return cert.getSubjectX500Principal().toString();
+ }
+
+ protected final String retrieveIssuerX500(X509Certificate cert) {
+ return cert.getIssuerX500Principal().toString();
+ }
+
+ protected final Certificate[] retrievePeerCerts(SSLSession sslSession)
+ throws SSLPeerUnverifiedException {
+ return sslSession.getPeerCertificates();
+ }
+
+ protected final Object buildKeyManagerFactory(KeyStore ks, char[] password)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ UnrecoverableKeyException {
+ String alg = KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(alg);
+ kmf.init(ks, password);
+ return kmf;
+ }
+
+ protected final Object buildTrustManagerFactory(KeyStore ks)
+ throws NoSuchAlgorithmException, KeyStoreException {
+ String alg = TrustManagerFactory.getDefaultAlgorithm();
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(alg);
+ tmf.init(ks);
+ return tmf;
+ }
+
+ protected final Object[] retrieveKeyManagers(Object keyManagerFactory) {
+ KeyManagerFactory kmf = (KeyManagerFactory) keyManagerFactory;
+ return kmf.getKeyManagers();
+ }
+
+ protected final Object[] retrieveTrustManagers(Object trustManagerFactory) {
+ TrustManagerFactory tmf = (TrustManagerFactory) trustManagerFactory;
+ return tmf.getTrustManagers();
+ }
+
+ protected final SSLSocketFactory buildSSLSocketFactory(Object ssl) {
+ return ((SSLContext) ssl).getSocketFactory();
+ }
+
+ protected final SSLServerSocketFactory buildSSLServerSocketFactory(Object ssl) {
+ return ((SSLContext) ssl).getServerSocketFactory();
+ }
+
+ protected final RuntimeException buildRuntimeException(Exception cause) {
+ return new RuntimeException(cause);
+ }
+
+ protected final SSLSocket buildSocket(SSL ssl) throws IOException {
+ SSLSocketFactory sf = ssl.getSSLSocketFactory();
+ SSLSocket s = (SSLSocket) sf.createSocket();
+ ssl.doPreConnectSocketStuff(s);
+ return s;
+ }
+
+ protected final SSLSocket buildSocket(SSL ssl, String remoteHost,
+ int remotePort, InetAddress localHost,
+ int localPort, int timeout)
+ throws IOException {
+ SSLSocket s = buildSocket(ssl);
+ s = (SSLSocket) connectSocket(s, null, remoteHost, remotePort,
+ localHost, localPort, timeout, ssl);
+ ssl.doPostConnectSocketStuff(s, remoteHost);
+ return s;
+ }
+
+
+ protected final Socket buildPlainSocket(
+ SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int timeout
+ ) throws IOException {
+ Socket s = SocketFactory.getDefault().createSocket();
+ ssl.doPreConnectSocketStuff(s);
+ s = connectSocket(
+ s, null, remoteHost, remotePort, localHost, localPort, timeout, ssl
+ );
+ ssl.doPostConnectSocketStuff(s, remoteHost);
+ return s;
+ }
+
+ protected final Socket connectSocket(Socket s, SocketFactory sf,
+ String host, int remotePort,
+ InetAddress localHost, int localPort,
+ int timeout, SSL ssl)
+ throws IOException {
+ if (s == null) {
+ if (sf == null) {
+ s = new Socket();
+ } else {
+ s = sf.createSocket();
+ }
+ }
+ host = ssl.dnsOverride(host);
+ InetAddress remoteHost = Util.toInetAddress(host);
+ InetSocketAddress dest = new InetSocketAddress(remoteHost, remotePort);
+ InetSocketAddress src = new InetSocketAddress(localHost, localPort);
+ s.bind(src);
+ s.connect(dest, timeout);
+ return s;
+ }
+
+ protected final SSLServerSocket buildServerSocket(SSL ssl)
+ throws IOException {
+ ServerSocket s = ssl.getSSLServerSocketFactory().createServerSocket();
+ SSLServerSocket ss = (SSLServerSocket) s;
+ ssl.doPreConnectServerSocketStuff(ss);
+ return ss;
+ }
+
+ protected final void wantClientAuth(Object o, boolean wantClientAuth) {
+ SSLSocket s;
+ SSLServerSocket ss;
+ if (o instanceof SSLSocket) {
+ s = (SSLSocket) o;
+ s.setWantClientAuth(wantClientAuth);
+ } else if (o instanceof SSLServerSocket) {
+ ss = (SSLServerSocket) o;
+ ss.setWantClientAuth(wantClientAuth);
+ } else {
+ throw new ClassCastException("need SSLSocket or SSLServerSocket");
+ }
+ }
+
+ protected final void enabledProtocols(Object o, String[] enabledProtocols) {
+ SSLSocket s;
+ SSLServerSocket ss;
+ if (o instanceof SSLSocket) {
+ s = (SSLSocket) o;
+ s.setEnabledProtocols(enabledProtocols);
+ } else if (o instanceof SSLServerSocket) {
+ ss = (SSLServerSocket) o;
+ ss.setEnabledProtocols(enabledProtocols);
+ } else {
+ throw new ClassCastException("need SSLSocket or SSLServerSocket");
+ }
+ }
+
+ protected void checkTrusted(Object trustManager, X509Certificate[] chain,
+ String authType)
+ throws CertificateException {
+ X509TrustManager tm = (X509TrustManager) trustManager;
+ tm.checkServerTrusted(chain, authType);
+ }
+
+ protected final Object initSSL(SSL ssl, TrustChain tc, KeyMaterial k)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ CertificateException, KeyManagementException, IOException {
+ SSLContext context = SSLContext.getInstance(ssl.getDefaultProtocol());
+ TrustManager[] trustManagers = null;
+ KeyManager[] keyManagers = null;
+ if (tc != null) {
+ trustManagers = (TrustManager[]) tc.getTrustManagers();
+ }
+ if (k != null) {
+ keyManagers = (KeyManager[]) k.getKeyManagers();
+ }
+ if (keyManagers != null) {
+ for (int i = 0; i < keyManagers.length; i++) {
+ if (keyManagers[i] instanceof X509KeyManager) {
+ X509KeyManager km = (X509KeyManager) keyManagers[i];
+ keyManagers[i] = new Java14KeyManagerWrapper(km, k, ssl);
+ }
+ }
+ }
+ if (trustManagers != null) {
+ for (int i = 0; i < trustManagers.length; i++) {
+ if (trustManagers[i] instanceof X509TrustManager) {
+ X509TrustManager tm = (X509TrustManager) trustManagers[i];
+ trustManagers[i] = new Java14TrustManagerWrapper(tm, tc, ssl);
+ }
+ }
+ }
+ context.init(keyManagers, trustManagers, null);
+ return context;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14KeyManagerWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14KeyManagerWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14KeyManagerWrapper.java
new file mode 100644
index 0000000..baf7d1e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14KeyManagerWrapper.java
@@ -0,0 +1,82 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java14KeyManagerWrapper.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.X509KeyManager;
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Mar-2006
+ */
+public class Java14KeyManagerWrapper implements X509KeyManager {
+ private final X509KeyManager keyManager;
+ // private final KeyMaterial keyMaterial;
+ // private final SSL ssl;
+
+ public Java14KeyManagerWrapper(X509KeyManager m, KeyMaterial km, SSL h) {
+ this.keyManager = m;
+ // this.keyMaterial = km;
+ // this.ssl = h;
+ }
+
+ public String chooseClientAlias(String[] keyType, Principal[] issuers,
+ Socket socket) {
+ return keyManager.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ public String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket) {
+ return keyManager.chooseServerAlias(keyType, issuers, socket);
+ }
+
+ public X509Certificate[] getCertificateChain(String alias) {
+ return keyManager.getCertificateChain(alias);
+ }
+
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return keyManager.getClientAliases(keyType, issuers);
+ }
+
+ public PrivateKey getPrivateKey(String alias) {
+ return keyManager.getPrivateKey(alias);
+ }
+
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return keyManager.getServerAliases(keyType, issuers);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14TrustManagerWrapper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14TrustManagerWrapper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14TrustManagerWrapper.java
new file mode 100644
index 0000000..31b4df9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/Java14TrustManagerWrapper.java
@@ -0,0 +1,133 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/Java14TrustManagerWrapper.java $
+ * $Revision: 138 $
+ * $Date: 2008-03-03 23:50:07 -0800 (Mon, 03 Mar 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Mar-2006
+ */
+public class Java14TrustManagerWrapper implements X509TrustManager {
+ private final X509TrustManager trustManager;
+ private final TrustChain trustChain;
+ private final SSL ssl;
+
+ public Java14TrustManagerWrapper(X509TrustManager m, TrustChain tc, SSL h) {
+ this.trustManager = m;
+ this.trustChain = tc;
+ this.ssl = h;
+ }
+
+ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ ssl.setCurrentClientChain(chain);
+ CertificateException ce = null;
+ try {
+ trustManager.checkClientTrusted(chain, authType);
+ }
+ catch (CertificateException e) {
+ ce = e;
+ }
+ testShouldWeThrow(ce, chain);
+ }
+
+ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ ssl.setCurrentServerChain(chain);
+ CertificateException ce = null;
+ try {
+ trustManager.checkServerTrusted(chain, authType);
+ }
+ catch (CertificateException e) {
+ ce = e;
+ }
+ testShouldWeThrow(ce, chain);
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ if (trustChain.containsTrustAll()) {
+ // Counter-intuitively, this means we accept all issuers.
+ return new X509Certificate[0];
+ } else {
+ return trustManager.getAcceptedIssuers();
+ }
+ }
+
+ private void testShouldWeThrow(CertificateException checkException,
+ X509Certificate[] chain)
+ throws CertificateException {
+ if (checkException != null) {
+ Throwable root = getRootThrowable(checkException);
+ boolean expiryProblem = root instanceof CertificateExpiredException;
+ if (expiryProblem) {
+ if (ssl.getCheckExpiry()) {
+ // We're expired, and this factory cares.
+ throw checkException;
+ }
+ } else {
+ // Probably the cert isn't trusted. Only let it through if
+ // this factory trusts everything.
+ if (!trustChain.contains(TrustMaterial.TRUST_ALL)) {
+ throw checkException;
+ }
+ }
+ }
+
+ for (int i = 0; i < chain.length; i++) {
+ X509Certificate c = chain[i];
+ if (ssl.getCheckExpiry()) {
+ c.checkValidity();
+ }
+ if (ssl.getCheckCRL()) {
+ Certificates.checkCRL(c);
+ }
+ }
+ }
+
+ private static Throwable getRootThrowable(Throwable t) {
+ if (t == null) {
+ return t;
+ }
+ Throwable cause = t.getCause();
+ while (cause != null && !t.equals(cause)) {
+ t = cause;
+ cause = t.getCause();
+ }
+ return t;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
new file mode 100644
index 0000000..81d91a7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/JavaImpl.java
@@ -0,0 +1,256 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/JavaImpl.java $
+ * $Revision: 155 $
+ * $Date: 2009-09-17 14:00:58 -0700 (Thu, 17 Sep 2009) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 30-Jun-2006
+ */
+public abstract class JavaImpl {
+ private static JavaImpl HANDLER;
+
+ static {
+ JavaImpl h = null;
+ try {
+ h = Java14.getInstance();
+ }
+ catch (Throwable t) {
+ // System.out.println( t.toString() );
+ System.out.println("commons-ssl reverting to: Java 1.3 + jsse.jar");
+ }
+ if (h == null) {
+ h = Java13.getInstance();
+ }
+ HANDLER = h;
+ }
+
+ public static void downgrade() {
+ if (HANDLER instanceof Java14) {
+ HANDLER = Java13.getInstance();
+ }
+ }
+
+ public static boolean isJava13() {
+ return HANDLER instanceof Java13;
+ }
+
+ public static void uprade() {
+ if (HANDLER instanceof Java13) {
+ HANDLER = Java14.getInstance();
+ }
+ }
+
+ public abstract String getVersion();
+
+ protected abstract Object buildKeyManagerFactory(KeyStore ks, char[] pass)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ UnrecoverableKeyException;
+
+ protected abstract Object[] retrieveKeyManagers(Object keyManagerFactory);
+
+ protected abstract Object buildTrustManagerFactory(KeyStore ks)
+ throws NoSuchAlgorithmException, KeyStoreException;
+
+ protected abstract Object[] retrieveTrustManagers(Object trustManagerFactory);
+
+ protected abstract String retrieveSubjectX500(X509Certificate cert);
+
+ protected abstract String retrieveIssuerX500(X509Certificate cert);
+
+ protected abstract Certificate[] retrievePeerCerts(SSLSession sslSession)
+ throws SSLPeerUnverifiedException;
+
+ protected abstract SSLSocketFactory buildSSLSocketFactory(Object ssl);
+
+ protected abstract SSLServerSocketFactory buildSSLServerSocketFactory(Object ssl);
+
+ protected abstract SSLSocket buildSocket(SSL ssl)
+ throws IOException;
+
+ protected abstract SSLSocket buildSocket(
+ SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int connectTimeout
+ ) throws IOException;
+
+ protected abstract Socket buildPlainSocket(
+ SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort, int connectTimeout
+ ) throws IOException;
+
+ protected abstract Socket connectSocket(Socket s, SocketFactory sf,
+ String remoteHost, int remotePort,
+ InetAddress localHost, int localPort,
+ int timeout, SSL ssl)
+ throws IOException;
+
+ protected abstract SSLServerSocket buildServerSocket(SSL ssl)
+ throws IOException;
+
+ protected abstract void wantClientAuth(Object o, boolean wantClientAuth);
+
+ protected abstract void enabledProtocols(Object o, String[] enabledProtocols);
+
+ protected abstract RuntimeException buildRuntimeException(Exception cause);
+
+ protected abstract Object initSSL(SSL ssl, TrustChain tc, KeyMaterial km)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ CertificateException, KeyManagementException, IOException;
+
+ protected abstract void checkTrusted(Object trustManager,
+ X509Certificate[] chain,
+ String authType)
+ throws CertificateException;
+
+ public static Object init(SSL ssl, TrustChain trustChain, KeyMaterial keyMaterial)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ CertificateException, KeyManagementException, IOException {
+ return HANDLER.initSSL(ssl, trustChain, keyMaterial);
+ }
+
+ public static RuntimeException newRuntimeException(Exception cause) {
+ return HANDLER.buildRuntimeException(cause);
+ }
+
+ public static SSLSocketFactory getSSLSocketFactory(Object sslContext) {
+ return HANDLER.buildSSLSocketFactory(sslContext);
+ }
+
+ public static SSLServerSocketFactory getSSLServerSocketFactory(Object sslContext) {
+ return HANDLER.buildSSLServerSocketFactory(sslContext);
+ }
+
+ public static String getSubjectX500(X509Certificate cert) {
+ return HANDLER.retrieveSubjectX500(cert);
+ }
+
+ public static String getIssuerX500(X509Certificate cert) {
+ return HANDLER.retrieveIssuerX500(cert);
+ }
+
+ public static Object newKeyManagerFactory(KeyStore ks, char[] password)
+ throws NoSuchAlgorithmException, KeyStoreException,
+ UnrecoverableKeyException {
+ return HANDLER.buildKeyManagerFactory(ks, password);
+ }
+
+ public static Object[] getKeyManagers(Object keyManagerFactory) {
+ return HANDLER.retrieveKeyManagers(keyManagerFactory);
+ }
+
+ public static Object newTrustManagerFactory(KeyStore ks)
+ throws NoSuchAlgorithmException, KeyStoreException {
+ return HANDLER.buildTrustManagerFactory(ks);
+ }
+
+ public static Object[] getTrustManagers(Object trustManagerFactory) {
+ return HANDLER.retrieveTrustManagers(trustManagerFactory);
+ }
+
+ public static SSLSocket createSocket(SSL ssl)
+ throws IOException {
+ return HANDLER.buildSocket(ssl);
+ }
+
+ public static SSLSocket createSocket(SSL ssl, String remoteHost,
+ int remotePort, InetAddress localHost,
+ int localPort, int connectTimeout)
+ throws IOException {
+ return HANDLER.buildSocket(ssl, remoteHost, remotePort, localHost,
+ localPort, connectTimeout);
+ }
+
+ public static Socket createPlainSocket(
+ SSL ssl, String remoteHost, int remotePort, InetAddress localHost, int localPort,
+ int connectTimeout
+ ) throws IOException {
+ return HANDLER.buildPlainSocket(
+ ssl, remoteHost, remotePort, localHost, localPort, connectTimeout
+ );
+ }
+
+ protected static Socket connect(Socket s, SocketFactory sf,
+ String remoteHost, int remotePort,
+ InetAddress localHost, int localPort,
+ int timeout, SSL ssl)
+ throws IOException {
+ return HANDLER.connectSocket(s, sf, remoteHost, remotePort, localHost,
+ localPort, timeout, ssl);
+ }
+
+ public static SSLServerSocket createServerSocket(SSL ssl)
+ throws IOException {
+ return HANDLER.buildServerSocket(ssl);
+ }
+
+ public static void setWantClientAuth(Object o, boolean wantClientAuth) {
+ HANDLER.wantClientAuth(o, wantClientAuth);
+ }
+
+ public static void setEnabledProtocols(Object o, String[] enabledProtocols) {
+ HANDLER.enabledProtocols(o, enabledProtocols);
+ }
+
+ public static Certificate[] getPeerCertificates(SSLSession session)
+ throws SSLPeerUnverifiedException {
+ return HANDLER.retrievePeerCerts(session);
+ }
+
+ public static void testTrust(Object trustManager, X509Certificate[] chain,
+ String authType)
+ throws CertificateException {
+ HANDLER.checkTrusted(trustManager, chain, authType);
+ }
+
+ public static void load() {
+ HANDLER.hashCode();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyMaterial.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyMaterial.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyMaterial.java
new file mode 100644
index 0000000..fdd7eee
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyMaterial.java
@@ -0,0 +1,289 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/KeyMaterial.java $
+ * $Revision: 138 $
+ * $Date: 2008-03-03 23:50:07 -0800 (Mon, 03 Mar 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 27-Feb-2006
+ */
+public class KeyMaterial extends TrustMaterial {
+ private final Object keyManagerFactory;
+ private final List aliases;
+ private final List associatedChains;
+
+ public KeyMaterial(InputStream jks, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(Util.streamToBytes(jks), password);
+ }
+
+ public KeyMaterial(InputStream jks, char[] jksPass, char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(Util.streamToBytes(jks), jksPass, keyPass);
+ }
+
+ public KeyMaterial(InputStream jks, InputStream key, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(jks != null ? Util.streamToBytes(jks) : null,
+ key != null ? Util.streamToBytes(key) : null,
+ password);
+ }
+
+ public KeyMaterial(InputStream jks, InputStream key, char[] jksPass,
+ char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(jks != null ? Util.streamToBytes(jks) : null,
+ key != null ? Util.streamToBytes(key) : null,
+ jksPass, keyPass);
+ }
+
+ public KeyMaterial(String pathToJksFile, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(new File(pathToJksFile), password);
+ }
+
+ public KeyMaterial(String pathToJksFile, char[] jksPass, char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(new File(pathToJksFile), jksPass, keyPass);
+ }
+
+ public KeyMaterial(String pathToCerts, String pathToKey, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(pathToCerts != null ? new File(pathToCerts) : null,
+ pathToKey != null ? new File(pathToKey) : null,
+ password);
+ }
+
+ public KeyMaterial(String pathToCerts, String pathToKey, char[] jksPass,
+ char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(pathToCerts != null ? new File(pathToCerts) : null,
+ pathToKey != null ? new File(pathToKey) : null,
+ jksPass, keyPass);
+ }
+
+ public KeyMaterial(File jksFile, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(new FileInputStream(jksFile), password);
+ }
+
+ public KeyMaterial(File jksFile, char[] jksPass, char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(new FileInputStream(jksFile), jksPass, keyPass);
+ }
+
+ public KeyMaterial(File certsFile, File keyFile, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(certsFile != null ? new FileInputStream(certsFile) : null,
+ keyFile != null ? new FileInputStream(keyFile) : null,
+ password);
+ }
+
+ public KeyMaterial(File certsFile, File keyFile, char[] jksPass,
+ char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(certsFile != null ? new FileInputStream(certsFile) : null,
+ keyFile != null ? new FileInputStream(keyFile) : null,
+ jksPass, keyPass);
+ }
+
+ public KeyMaterial(URL urlToJKS, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(urlToJKS.openStream(), password);
+ }
+
+ public KeyMaterial(URL urlToJKS, char[] jksPass, char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(urlToJKS.openStream(), jksPass, keyPass);
+ }
+
+ public KeyMaterial(URL urlToCerts, URL urlToKey, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(urlToCerts.openStream(), urlToKey.openStream(), password);
+ }
+
+ public KeyMaterial(URL urlToCerts, URL urlToKey, char[] jksPass,
+ char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(urlToCerts.openStream(), urlToKey.openStream(), jksPass, keyPass);
+ }
+
+ public KeyMaterial(byte[] jks, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(jks, (byte[]) null, password);
+ }
+
+ public KeyMaterial(byte[] jks, char[] jksPass, char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ this(jks, null, jksPass, keyPass);
+ }
+
+ public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] password)
+ throws GeneralSecurityException, IOException {
+ this(jksOrCerts, key, password, password);
+ }
+
+
+ public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] jksPass,
+ char[] keyPass)
+ throws GeneralSecurityException, IOException {
+ // We're not a simple trust type, so set "simpleTrustType" value to 0.
+ // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types.
+ super(KeyStoreBuilder.build(jksOrCerts, key, jksPass, keyPass), 0);
+ KeyStore ks = getKeyStore();
+ Enumeration en = ks.aliases();
+ List myAliases = new LinkedList();
+ List myChains = new LinkedList();
+ while (en.hasMoreElements()) {
+ X509Certificate[] c; // chain
+ String alias = (String) en.nextElement();
+ if (ks.isKeyEntry(alias)) {
+ try {
+ ks.getKey(alias, keyPass);
+ // No Exception thrown, so we're good!
+ myAliases.add(alias);
+ Certificate[] chain = ks.getCertificateChain(alias);
+ if (chain != null) {
+ c = Certificates.x509ifyChain(chain);
+ // Cleanup chain to remove any spurious entries.
+ if (c != null) {
+ X509Certificate l = c[0]; // The leaf node.
+ c = X509CertificateChainBuilder.buildPath(l, c);
+ }
+ myChains.add(c);
+ } else {
+ throw new KeyStoreException("Could not find KeyMaterial's associated certificate chain with alis=[" + alias + "]");
+ }
+
+ } catch (GeneralSecurityException gse) {
+ // oh well, we can't use that KeyStore alias.
+ }
+ }
+ }
+ if (myAliases.isEmpty()) {
+ throw new KeyStoreException("KeyMaterial provided does not contain any keys!");
+ }
+ this.aliases = Collections.unmodifiableList(myAliases);
+ this.associatedChains = Collections.unmodifiableList(myChains);
+ this.keyManagerFactory = JavaImpl.newKeyManagerFactory(ks, keyPass);
+ }
+
+ public Object[] getKeyManagers() {
+ return JavaImpl.getKeyManagers(keyManagerFactory);
+ }
+
+ public List getAssociatedCertificateChains() {
+ return associatedChains;
+ }
+
+ public KeyStore getKeyStore() {
+ return super.getKeyStore();
+ }
+
+ public List getAliases() {
+ return aliases;
+ }
+
+ public static void main(String[] args) throws Exception {
+ if (args.length < 2) {
+ System.out.println("Usage1: java org.apache.commons.ssl.KeyMaterial [password] [pkcs12 or jks]");
+ System.out.println("Usage2: java org.apache.commons.ssl.KeyMaterial [password] [private-key] [cert-chain]");
+ System.exit(1);
+ }
+ char[] jksPass = args[0].toCharArray();
+ char[] keyPass = jksPass;
+ String path1 = args[1];
+ String path2 = null;
+ if (args.length >= 3) {
+ path2 = args[2];
+ }
+ if (args.length >= 4) {
+ keyPass = args[3].toCharArray();
+ } else if (path2 != null) {
+ File f = new File(path2);
+ if (!f.exists()) {
+ // Hmmm... maybe it's a password.
+ keyPass = path2.toCharArray();
+ path2 = null;
+ }
+ }
+
+ KeyMaterial km = new KeyMaterial(path1, path2, jksPass, keyPass);
+ System.out.println(km);
+ }
+
+ public String toString() {
+ List chains = getAssociatedCertificateChains();
+ List aliases = getAliases();
+ Iterator it = chains.iterator();
+ Iterator aliasesIt = aliases.iterator();
+ StringBuffer buf = new StringBuffer(8192);
+ while (it.hasNext()) {
+ X509Certificate[] certs = (X509Certificate[]) it.next();
+ String alias = (String) aliasesIt.next();
+ buf.append("Alias: ");
+ buf.append(alias);
+ buf.append('\n');
+ if (certs != null) {
+ for (int i = 0; i < certs.length; i++) {
+ buf.append(Certificates.toString(certs[i]));
+ try {
+ buf.append(Certificates.toPEMString(certs[i]));
+ }
+ catch (CertificateEncodingException cee) {
+ buf.append(cee.toString());
+ buf.append('\n');
+ }
+ }
+ }
+ }
+ return buf.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyStoreBuilder.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyStoreBuilder.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyStoreBuilder.java
new file mode 100644
index 0000000..9f635ae
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/KeyStoreBuilder.java
@@ -0,0 +1,698 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/KeyStoreBuilder.java $
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.asn1.ASN1EncodableVector;
+import org.apache.commons.ssl.asn1.DERInteger;
+import org.apache.commons.ssl.asn1.DERSequence;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * Builds Java Key Store files out of pkcs12 files, or out of pkcs8 files +
+ * certificate chains. Also supports OpenSSL style private keys (encrypted or
+ * unencrypted).
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 4-Nov-2006
+ */
+public class KeyStoreBuilder {
+ private final static String PKCS7_ENCRYPTED = "1.2.840.113549.1.7.6";
+
+ public static KeyStore build(byte[] jksOrCerts, char[] password)
+ throws IOException, CertificateException, KeyStoreException,
+ NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, ProbablyBadPasswordException,
+ UnrecoverableKeyException {
+ return build(jksOrCerts, null, password);
+ }
+
+ public static KeyStore build(byte[] jksOrCerts, byte[] privateKey,
+ char[] password)
+ throws IOException, CertificateException, KeyStoreException,
+ NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, ProbablyBadPasswordException,
+ UnrecoverableKeyException {
+ return build(jksOrCerts, privateKey, password, null);
+ }
+
+
+ public static KeyStore build(byte[] jksOrCerts, byte[] privateKey,
+ char[] jksPassword, char[] keyPassword)
+ throws IOException, CertificateException, KeyStoreException,
+ NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, ProbablyBadPasswordException,
+ UnrecoverableKeyException {
+
+ if (keyPassword == null || keyPassword.length <= 0) {
+ keyPassword = jksPassword;
+ }
+
+ BuildResult br1 = parse(jksOrCerts, jksPassword, keyPassword);
+ BuildResult br2 = null;
+ KeyStore jks = null;
+ if (br1.jks != null) {
+ jks = br1.jks;
+ } else if (privateKey != null && privateKey.length > 0) {
+ br2 = parse(privateKey, jksPassword, keyPassword);
+ if (br2.jks != null) {
+ jks = br2.jks;
+ }
+ }
+
+ // If we happened to find a JKS file, let's just return that.
+ // JKS files get priority (in case some weirdo specifies both a PKCS12
+ // and a JKS file!).
+ if (jks != null) {
+ // Make sure the keystore we found is not corrupt.
+ br1 = validate(jks, keyPassword);
+ if (br1 == null) {
+ return jks;
+ }
+ }
+
+ List keys = br1.keys;
+ List chains = br1.chains;
+ boolean atLeastOneNotSet = keys == null || chains == null || keys.isEmpty() || chains.isEmpty();
+ if (atLeastOneNotSet && br2 != null) {
+ if (br2.keys != null && !br2.keys.isEmpty()) {
+ // Notice that the key from build-result-2 gets priority over the
+ // key from build-result-1 (if both had valid keys).
+ keys = br2.keys;
+ }
+ if (chains == null || chains.isEmpty()) {
+ chains = br2.chains;
+ }
+ }
+
+ atLeastOneNotSet = keys == null || chains == null || keys.isEmpty() || chains.isEmpty();
+ if (atLeastOneNotSet) {
+ String missing = "";
+ if (keys == null) {
+ missing = " [Private key missing (bad password?)]";
+ }
+ if (chains == null) {
+ missing += " [Certificate chain missing]";
+ }
+ throw new KeyStoreException("Can't build keystore:" + missing);
+ } else {
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(null, jksPassword);
+ Iterator keysIt = keys.iterator();
+ Iterator chainsIt = chains.iterator();
+ int i = 1;
+ while (keysIt.hasNext() && chainsIt.hasNext()) {
+ Key key = (Key) keysIt.next();
+ Certificate[] c = (Certificate[]) chainsIt.next();
+ X509Certificate theOne = buildChain(key, c);
+ String alias = "alias_" + i++;
+ // The theOne is not null, then our chain was probably altered.
+ // Need to trim out the newly introduced null entries at the end of
+ // our chain.
+ if (theOne != null) {
+ c = Certificates.trimChain(c);
+ alias = Certificates.getCN(theOne);
+ alias = alias.replace(' ', '_');
+ }
+ ks.setKeyEntry(alias, key, keyPassword, c);
+ }
+ return ks;
+ }
+ }
+
+ /**
+ * Builds the chain up such that chain[ 0 ] contains the public key
+ * corresponding to the supplied private key.
+ *
+ * @param key private key
+ * @param chain array of certificates to build chain from
+ * @return theOne!
+ * @throws java.security.KeyStoreException no certificates correspond to private key
+ * @throws java.security.cert.CertificateException java libraries complaining
+ * @throws java.security.NoSuchAlgorithmException java libraries complaining
+ * @throws java.security.InvalidKeyException java libraries complaining
+ * @throws java.security.NoSuchProviderException java libraries complaining
+ */
+ public static X509Certificate buildChain(Key key, Certificate[] chain)
+ throws CertificateException, KeyStoreException,
+ NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException {
+ X509Certificate theOne = null;
+ if (key instanceof RSAPrivateCrtKey) {
+ final RSAPrivateCrtKey rsa = (RSAPrivateCrtKey) key;
+ BigInteger publicExponent = rsa.getPublicExponent();
+ BigInteger modulus = rsa.getModulus();
+ for (int i = 0; i < chain.length; i++) {
+ X509Certificate c = (X509Certificate) chain[i];
+ PublicKey pub = c.getPublicKey();
+ if (pub instanceof RSAPublicKey) {
+ RSAPublicKey certKey = (RSAPublicKey) pub;
+ BigInteger pe = certKey.getPublicExponent();
+ BigInteger mod = certKey.getModulus();
+ if (publicExponent.equals(pe) && modulus.equals(mod)) {
+ theOne = c;
+ }
+ }
+ }
+ if (theOne == null) {
+ throw new KeyStoreException("Can't build keystore: [No certificates belong to the private-key]");
+ }
+ X509Certificate[] newChain;
+ newChain = X509CertificateChainBuilder.buildPath(theOne, chain);
+ Arrays.fill(chain, null);
+ System.arraycopy(newChain, 0, chain, 0, newChain.length);
+ }
+ return theOne;
+ }
+
+ public static BuildResult validate(KeyStore jks, char[] keyPass)
+ throws CertificateException, KeyStoreException,
+ NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, UnrecoverableKeyException {
+ Enumeration en = jks.aliases();
+ boolean atLeastOneSuccess = false;
+ boolean atLeastOneFailure = false;
+
+ List keys = new LinkedList();
+ List chains = new LinkedList();
+ while (en.hasMoreElements()) {
+ String alias = (String) en.nextElement();
+ if (jks.isKeyEntry(alias)) {
+ try {
+ PrivateKey key = (PrivateKey) jks.getKey(alias, keyPass);
+ // No Exception thrown, so we're good!
+ atLeastOneSuccess = true;
+ Certificate[] chain = jks.getCertificateChain(alias);
+ X509Certificate[] c;
+ if (chain != null) {
+ c = Certificates.x509ifyChain(chain);
+ X509Certificate theOne = buildChain(key, c);
+ // The theOne is not null, then our chain was probably
+ // altered. Need to trim out the newly introduced null
+ // entries at the end of our chain.
+ if (theOne != null) {
+ c = (X509Certificate[]) Certificates.trimChain(c);
+ jks.deleteEntry(alias);
+ jks.setKeyEntry(alias, key, keyPass, c);
+ }
+ keys.add(key);
+ chains.add(c);
+ }
+ } catch (GeneralSecurityException gse) {
+ atLeastOneFailure = true;
+ // This is not the key you're looking for.
+ }
+ }
+ }
+ if (!atLeastOneSuccess) {
+ throw new KeyStoreException("No private keys found in keystore!");
+ }
+ // The idea is a bit hacky: if we return null, all is cool. If
+ // we return a list, we're telling upstairs to abandon the JKS and
+ // build a new one from the BuildResults we provide.
+ // (Sun's builtin SSL refuses to deal with keystores where not all
+ // keys can be decrypted).
+ return atLeastOneFailure ? new BuildResult(keys, chains, null) : null;
+ }
+
+ public static class BuildResult {
+ protected final List keys;
+ protected final List chains;
+ protected final KeyStore jks;
+
+ protected BuildResult(List keys, List chains, KeyStore jks) {
+ if (keys == null || keys.isEmpty()) {
+ this.keys = null;
+ } else {
+ this.keys = Collections.unmodifiableList(keys);
+ }
+ this.jks = jks;
+ List x509Chains = new LinkedList();
+ if (chains != null) {
+ Iterator it = chains.iterator();
+ while (it.hasNext()) {
+ Certificate[] chain = (Certificate[]) it.next();
+ if (chain != null && chain.length > 0) {
+ int len = chain.length;
+ X509Certificate[] x509 = new X509Certificate[len];
+ for (int i = 0; i < x509.length; i++) {
+ x509[i] = (X509Certificate) chain[i];
+ }
+ x509Chains.add(x509);
+ }
+ }
+ }
+ if (x509Chains == null || x509Chains.isEmpty()) {
+ this.chains = null;
+ } else {
+ this.chains = Collections.unmodifiableList(x509Chains);
+ }
+ }
+ }
+
+
+ public static BuildResult parse(byte[] stuff, char[] jksPass,
+ char[] keyPass)
+ throws IOException, CertificateException, KeyStoreException,
+ ProbablyBadPasswordException {
+
+ return parse(stuff, jksPass, keyPass, false);
+ }
+
+ static BuildResult parse(byte[] stuff, char[] jksPass,
+ char[] keyPass, boolean forTrustMaterial)
+ throws IOException, CertificateException, KeyStoreException,
+ ProbablyBadPasswordException {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Key key = null;
+ Certificate[] chain = null;
+ try {
+ PKCS8Key pkcs8Key = new PKCS8Key(stuff, jksPass);
+ key = pkcs8Key.getPrivateKey();
+ }
+ catch (ProbablyBadPasswordException pbpe) {
+ throw pbpe;
+ }
+ catch (GeneralSecurityException gse) {
+ // no luck
+ }
+
+ List pemItems = PEMUtil.decode(stuff);
+ Iterator it = pemItems.iterator();
+ LinkedList certificates = new LinkedList();
+ while (it.hasNext()) {
+ PEMItem item = (PEMItem) it.next();
+ byte[] derBytes = item.getDerBytes();
+ String type = item.pemType.trim().toUpperCase();
+ if (type.startsWith("CERT") ||
+ type.startsWith("X509") ||
+ type.startsWith("PKCS7")) {
+ ByteArrayInputStream in = new ByteArrayInputStream(derBytes);
+ X509Certificate c = (X509Certificate) cf.generateCertificate(in);
+ certificates.add(c);
+ }
+ chain = toChain(certificates);
+ }
+
+ if (chain != null || key != null) {
+ List chains = chain != null ? Collections.singletonList(chain) : null;
+ List keys = key != null ? Collections.singletonList(key) : null;
+ return new BuildResult(keys, chains, null);
+ }
+
+ boolean isProbablyPKCS12 = false;
+ boolean isASN = false;
+ ASN1Structure asn1 = null;
+ try {
+ asn1 = ASN1Util.analyze(stuff);
+ isASN = true;
+ isProbablyPKCS12 = asn1.oids.contains(PKCS7_ENCRYPTED);
+ if (!isProbablyPKCS12 && asn1.bigPayload != null) {
+ asn1 = ASN1Util.analyze(asn1.bigPayload);
+ isProbablyPKCS12 = asn1.oids.contains(PKCS7_ENCRYPTED);
+ }
+ }
+ catch (Exception e) {
+ // isProbablyPKCS12 and isASN are set properly by now.
+ }
+
+ ByteArrayInputStream stuffStream = new ByteArrayInputStream(stuff);
+ // Try default keystore... then try others.
+ BuildResult br = tryJKS(KeyStore.getDefaultType(), stuffStream, jksPass, keyPass, forTrustMaterial);
+ if (br == null) {
+ br = tryJKS("jks", stuffStream, jksPass, keyPass, forTrustMaterial);
+ if (br == null) {
+ br = tryJKS("jceks", stuffStream, jksPass, keyPass, forTrustMaterial);
+ if (br == null) {
+ br = tryJKS("BKS", stuffStream, jksPass, keyPass, forTrustMaterial);
+ if (br == null) {
+ br = tryJKS("UBER", stuffStream, jksPass, keyPass, forTrustMaterial);
+ }
+ }
+ }
+ }
+ if (br != null) {
+ return br;
+ }
+ if (isASN && isProbablyPKCS12) {
+ br = tryJKS("pkcs12", stuffStream, jksPass, null, forTrustMaterial);
+ }
+
+ if (br == null) {
+ // Okay, it's ASN.1, but it's not PKCS12. Only one possible
+ // interesting things remains: X.509.
+ stuffStream.reset();
+
+ try {
+ certificates = new LinkedList();
+ Collection certs = cf.generateCertificates(stuffStream);
+ it = certs.iterator();
+ while (it.hasNext()) {
+ X509Certificate x509 = (X509Certificate) it.next();
+ certificates.add(x509);
+ }
+ chain = toChain(certificates);
+ if (chain != null && chain.length > 0) {
+ List chains = Collections.singletonList(chain);
+ return new BuildResult(null, chains, null);
+ }
+ }
+ catch (CertificateException ce) {
+ // oh well
+ }
+
+ stuffStream.reset();
+ // Okay, still no luck. Maybe it's an ASN.1 DER stream
+ // containing only a single certificate? (I don't completely
+ // trust CertificateFactory.generateCertificates).
+ try {
+ Certificate c = cf.generateCertificate(stuffStream);
+ X509Certificate x509 = (X509Certificate) c;
+ chain = toChain(Collections.singleton(x509));
+ if (chain != null && chain.length > 0) {
+ List chains = Collections.singletonList(chain);
+ return new BuildResult(null, chains, null);
+ }
+ }
+ catch (CertificateException ce) {
+ // oh well
+ }
+ }
+
+ br = tryJKS("pkcs12", stuffStream, jksPass, null, forTrustMaterial);
+ if (br != null) {
+ // no exception thrown, so must be PKCS12.
+ /*
+ Hmm, well someone finally reported this bug! And they want the library to be quiet....
+ Commenting out for now, maybe investigate why it's happening one day....
+
+ System.out.println("Please report bug!");
+ System.out.println("PKCS12 detection failed to realize this was PKCS12!");
+ System.out.println(asn1);
+ */
+ return br;
+ }
+ throw new KeyStoreException("failed to extract any certificates or private keys - maybe bad password?");
+ }
+
+ private static BuildResult tryJKS(
+ String keystoreType, ByteArrayInputStream in, char[] jksPassword, char[] keyPassword,
+ boolean forTrustMaterial
+ ) throws ProbablyBadPasswordException {
+ in.reset();
+ if (keyPassword == null || keyPassword.length <= 0) {
+ keyPassword = jksPassword;
+ }
+
+ keystoreType = keystoreType.trim().toLowerCase();
+ boolean isPKCS12 = "pkcs12".equalsIgnoreCase(keystoreType);
+ try {
+ Key key = null;
+ Certificate[] chain = null;
+ UnrecoverableKeyException uke = null;
+ KeyStore jksKeyStore = KeyStore.getInstance(keystoreType);
+ jksKeyStore.load(in, jksPassword);
+ Enumeration en = jksKeyStore.aliases();
+ while (en.hasMoreElements()) {
+ String alias = (String) en.nextElement();
+ if (jksKeyStore.isKeyEntry(alias)) {
+ try {
+ if (keyPassword != null) {
+ key = jksKeyStore.getKey(alias, keyPassword);
+ }
+ if (key instanceof PrivateKey) {
+ chain = jksKeyStore.getCertificateChain(alias);
+ break;
+ }
+ } catch (UnrecoverableKeyException e) {
+ uke = e; // We might throw this one later.
+ } catch (GeneralSecurityException gse) {
+ // Swallow... keep looping.
+ }
+ }
+ if (isPKCS12 && en.hasMoreElements()) {
+ System.out.println("what kind of weird pkcs12 file has more than one alias?");
+ }
+ }
+ if (key == null && uke != null) {
+ // If we're trying to load KeyMaterial, then we *need* that key we spotted.
+ // But if we're trying to load TrustMaterial, then we're fine, and we can ignore the key.
+ if (!forTrustMaterial) {
+ throw new ProbablyBadPasswordException("Probably bad JKS-Key password: " + uke);
+ }
+ }
+ if (isPKCS12) {
+ // PKCS12 is supposed to be just a key and a chain, anyway.
+ jksKeyStore = null;
+ }
+
+ List keys = Collections.singletonList(key);
+ List chains = Collections.singletonList(chain);
+ return new BuildResult(keys, chains, jksKeyStore);
+ }
+ catch (ProbablyBadPasswordException pbpe) {
+ throw pbpe;
+ }
+ catch (GeneralSecurityException gse) {
+ // swallow it, return null
+ return null;
+ }
+ catch (IOException ioe) {
+ String msg = ioe.getMessage();
+ msg = msg != null ? msg.trim().toLowerCase() : "";
+ if (isPKCS12) {
+ int x = msg.indexOf("failed to decrypt");
+ int y = msg.indexOf("verify mac");
+ x = Math.max(x, y);
+ if (x >= 0) {
+ throw new ProbablyBadPasswordException("Probably bad PKCS12 password: " + ioe);
+ }
+ } else {
+ int x = msg.indexOf("password");
+ if (x >= 0) {
+ throw new ProbablyBadPasswordException("Probably bad JKS password: " + ioe);
+ }
+ }
+ // swallow it, return null.
+ return null;
+ }
+ }
+
+ private static X509Certificate[] toChain(Collection certs) {
+ if (certs != null && !certs.isEmpty()) {
+ X509Certificate[] x509Chain = new X509Certificate[certs.size()];
+ certs.toArray(x509Chain);
+ return x509Chain;
+ } else {
+ return null;
+ }
+ }
+
+
+ public static void main(String[] args) throws Exception {
+ if (args.length < 2) {
+ System.out.println("KeyStoreBuilder: creates '[alias].jks' (Java Key Store)");
+ System.out.println(" -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8)");
+ System.out.println("[alias] will be set to the first CN value of the X509 certificate.");
+ System.out.println("-------------------------------------------------------------------");
+ System.out.println("Usage1: [password] [file:pkcs12]");
+ System.out.println("Usage2: [password] [file:private-key] [file:certificate-chain]");
+ System.out.println("Usage3: -topk8 [password] [file:jks]");
+ System.out.println("-------------------------------------------------------------------");
+ System.out.println("[private-key] can be openssl format, or pkcs8.");
+ System.out.println("[password] decrypts [private-key], and also encrypts outputted JKS file.");
+ System.out.println("All files can be PEM or DER.");
+ System.exit(1);
+ }
+ char[] password = args[0].toCharArray();
+ boolean toPKCS8 = false;
+ if ("-topk8".equalsIgnoreCase(args[0])) {
+ toPKCS8 = true;
+ password = args[1].toCharArray();
+ args[1] = args[2];
+ args[2] = null;
+ }
+
+ FileInputStream fin1 = new FileInputStream(args[1]);
+ byte[] bytes1 = Util.streamToBytes(fin1);
+ byte[] bytes2 = null;
+ if (args.length > 2 && args[2] != null) {
+ FileInputStream fin2 = new FileInputStream(args[2]);
+ bytes2 = Util.streamToBytes(fin2);
+ }
+
+ KeyStore ks = build(bytes1, bytes2, password);
+ Enumeration en = ks.aliases();
+ String alias = "keystorebuilder";
+
+ // We're going to assume that the biggest key is the one we want
+ // to convert to PKCS8 (PEM). That's until someone figures out a
+ // better way to deal with this annoying situation (more than 1
+ // key in the KeyStore).
+ int biggestKey = 0;
+ while (en.hasMoreElements()) {
+ String s = (String) en.nextElement();
+ try {
+ PrivateKey pk = (PrivateKey) ks.getKey(s, password);
+ byte[] encoded = pk.getEncoded();
+ int len = encoded != null ? encoded.length : 0;
+ if (len >= biggestKey) {
+ biggestKey = len;
+ alias = s;
+ }
+ } catch (Exception e) {
+ // oh well, try next one.
+ }
+ }
+
+ String suffix = toPKCS8 ? ".pem" : ".jks";
+ String fileName = alias;
+ Certificate[] chain = ks.getCertificateChain(alias);
+ if (chain != null && chain[0] != null) {
+ String cn = Certificates.getCN((X509Certificate) chain[0]);
+ cn = cn != null ? cn.trim() : "";
+ if (!"".equals(cn)) {
+ fileName = cn;
+ }
+ }
+
+ File f = new File(fileName + suffix);
+ int count = 1;
+ while (f.exists()) {
+ f = new File(alias + "_" + count + suffix);
+ count++;
+ }
+
+ FileOutputStream fout = new FileOutputStream(f);
+ if (toPKCS8) {
+ List pemItems = new LinkedList();
+ PrivateKey key = (PrivateKey) ks.getKey(alias, password);
+ chain = ks.getCertificateChain(alias);
+ byte[] pkcs8DerBytes = null;
+ if (key instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey rsa = (RSAPrivateCrtKey) key;
+ ASN1EncodableVector vec = new ASN1EncodableVector();
+ vec.add(new DERInteger(BigInteger.ZERO));
+ vec.add(new DERInteger(rsa.getModulus()));
+ vec.add(new DERInteger(rsa.getPublicExponent()));
+ vec.add(new DERInteger(rsa.getPrivateExponent()));
+ vec.add(new DERInteger(rsa.getPrimeP()));
+ vec.add(new DERInteger(rsa.getPrimeQ()));
+ vec.add(new DERInteger(rsa.getPrimeExponentP()));
+ vec.add(new DERInteger(rsa.getPrimeExponentQ()));
+ vec.add(new DERInteger(rsa.getCrtCoefficient()));
+ DERSequence seq = new DERSequence(vec);
+ byte[] derBytes = PKCS8Key.encode(seq);
+ PKCS8Key pkcs8 = new PKCS8Key(derBytes, null);
+ pkcs8DerBytes = pkcs8.getDecryptedBytes();
+ } else if (key instanceof DSAPrivateKey) {
+ DSAPrivateKey dsa = (DSAPrivateKey) key;
+ DSAParams params = dsa.getParams();
+ BigInteger g = params.getG();
+ BigInteger p = params.getP();
+ BigInteger q = params.getQ();
+ BigInteger x = dsa.getX();
+ BigInteger y = q.modPow(x, p);
+
+ ASN1EncodableVector vec = new ASN1EncodableVector();
+ vec.add(new DERInteger(BigInteger.ZERO));
+ vec.add(new DERInteger(p));
+ vec.add(new DERInteger(q));
+ vec.add(new DERInteger(g));
+ vec.add(new DERInteger(y));
+ vec.add(new DERInteger(x));
+ DERSequence seq = new DERSequence(vec);
+ byte[] derBytes = PKCS8Key.encode(seq);
+ PKCS8Key pkcs8 = new PKCS8Key(derBytes, null);
+ pkcs8DerBytes = pkcs8.getDecryptedBytes();
+ }
+ if (chain != null && chain.length > 0) {
+ for (int i = 0; i < chain.length; i++) {
+ X509Certificate x509 = (X509Certificate) chain[i];
+ byte[] derBytes = x509.getEncoded();
+ PEMItem item = new PEMItem(derBytes, "CERTIFICATE");
+ pemItems.add(item);
+ }
+ }
+ if (pkcs8DerBytes != null) {
+ PEMItem item = new PEMItem(pkcs8DerBytes, "PRIVATE KEY");
+ pemItems.add(item);
+ }
+ byte[] pem = PEMUtil.encode(pemItems);
+ fout.write(pem);
+ } else {
+ // If we're not converting to unencrypted PKCS8 style PEM,
+ // then we are converting to Sun JKS. It happens right here:
+ KeyStore jks = KeyStore.getInstance(KeyStore.getDefaultType());
+ jks.load(null, password);
+ jks.setKeyEntry(alias, ks.getKey(alias, password), password, ks.getCertificateChain(alias));
+ jks.store(fout, password);
+ }
+ fout.flush();
+ fout.close();
+ System.out.println("Successfuly wrote: [" + f.getPath() + "]");
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LDAPSocket.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LDAPSocket.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LDAPSocket.java
new file mode 100644
index 0000000..93cf7e2
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LDAPSocket.java
@@ -0,0 +1,83 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/LDAPSocket.java $
+ * $Revision: 165 $
+ * $Date: 2014-04-24 16:48:09 -0700 (Thu, 24 Apr 2014) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import javax.net.SocketFactory;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 28-Feb-2006
+ */
+public class LDAPSocket extends SSLClient {
+ private final static LDAPSocket instance;
+
+ static {
+ LDAPSocket sf = null;
+ try {
+ sf = new LDAPSocket();
+ }
+ catch (Exception e) {
+ System.out.println("could not create LDAPSocket: " + e);
+ e.printStackTrace();
+ }
+ finally {
+ instance = sf;
+ }
+ }
+
+ private LDAPSocket() throws GeneralSecurityException, IOException {
+ super();
+
+ // For now we setup the usual trust infrastructure, but consumers
+ // are encouraged to call getInstance().addTrustMaterial() or
+ // getInstance().setTrustMaterial() to customize the trust.
+ if (TrustMaterial.JSSE_CACERTS != null) {
+ setTrustMaterial(TrustMaterial.JSSE_CACERTS);
+ } else {
+ setTrustMaterial(TrustMaterial.CACERTS);
+ }
+ }
+
+ public static SocketFactory getDefault() {
+ return getInstance();
+ }
+
+ public static LDAPSocket getInstance() {
+ return instance;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java
new file mode 100644
index 0000000..7a0f090
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/LogHelper.java
@@ -0,0 +1,87 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/LogHelper.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.log4j.Logger;
+
+/**
+ * <p/>
+ * Wraps a Log4j Logger. This non-public class is the one actually interacting
+ * with the log4j.jar library. That way LogWrapper can safely attempt to use
+ * log4j.jar, but still degrade gracefully and provide logging via standard-out
+ * even if log4j is unavailable.
+ * <p/>
+ * The interactions with log4j.jar could be done directly inside LogWrapper
+ * as long as the Java code is compiled by Java 1.4 or greater (still works
+ * at runtime in Java 1.3). The interactions with log4j.jar only need to be
+ * pushed out into a separate class like this for people using a Java 1.3
+ * compiler, which creates bytecode that is more strict with depedency
+ * checking.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 3-Aug-2006
+ */
+final class LogHelper {
+ private final Logger l;
+
+ LogHelper(Class c) { l = Logger.getLogger(c); }
+
+ LogHelper(String s) { l = Logger.getLogger(s); }
+
+ void debug(Object o) { l.debug(o); }
+
+ void debug(Object o, Throwable t) { l.debug(o, t); }
+
+ void info(Object o) { l.info(o); }
+
+ void info(Object o, Throwable t) { l.info(o, t); }
+
+ void warn(Object o) { l.warn(o); }
+
+ void warn(Object o, Throwable t) { l.warn(o, t); }
+
+ void error(Object o) { l.error(o); }
+
+ void error(Object o, Throwable t) { l.error(o, t); }
+
+ void fatal(Object o) { l.fatal(o); }
+
+ void fatal(Object o, Throwable t) { l.fatal(o, t); }
+
+ boolean isDebugEnabled() { return l.isDebugEnabled(); }
+
+ boolean isInfoEnabled() { return l.isInfoEnabled(); }
+
+ Object getLog4jLogger() { return l; }
+}
[40/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/pbe.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/pbe.html b/3rdparty/not-yet-commons-ssl/docs/pbe.html
new file mode 100644
index 0000000..eab326a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/pbe.html
@@ -0,0 +1,204 @@
+<html>
+<head>
+<title>OpenSSL's "enc" in Java (PBE / Password Based Encryption)</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+li.top { margin-top: 10px; }
+li { margin-top: 6px; width: 750px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+i { color: purple; }
+i.special { color: red; }
+dt { font-weight: bold; }
+dd { margin-top: 1em; margin-bottom: 1em; }
+sup a { text-decoration: none; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<span class="hl" href="pbe.html">pbe</span> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>OpenSSL's "enc" in Java (PBE / Password Based Encryption)</h2>
+<p>Not-Yet-Commons-SSL has an implementation of PBE ("password based encryption") that is 100%
+compatible with OpenSSL's command-line "enc" utility. PBE is a form of symmetric encryption where
+the same key or password is used to encrypt and decrypt the file.
+</p>
+<p>
+We are also compatible with <code>openssl enc -K [key] -iv [IV]</code>, where the key and IV are provided explicitly,
+instead of being derived from a password. Look for encrypt()/decrypt() methods that take
+<a href="http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20byte[],%20byte[],%20byte[])">byte[] key, byte[] iv</a>
+instead of char[] password.
+
+</p>
+<p>Please visit the <a href="#Quick-FAQ">Quick-FAQ</a> if you are having problems.</p>
+
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>PBE code example (DES-3):</b></u><sup><a href="#fn">*</a></sup>
+
+char[] password = {'c','h','a','n','g','e','i','t'};
+byte[] data = "Hello World!".getBytes();
+
+<em style="color: green;">// Encrypt!</em>
+byte[] encrypted = OpenSSL.encrypt("des3", password, data);
+System.out.println("ENCRYPTED: [" + new String(encrypted) + "]");
+
+<em style="color: green;">// Decrypt results of previous!</em>
+data = OpenSSL.decrypt("des3", password, encrypted);
+System.out.println("DECRYPTED: [" + new String(data) + "]");
+
+
+OUTPUT:
+=======================
+ENCRYPTED: [U2FsdGVkX19qplb9qVDVVEYxH8wjJDGpMS+F4/2pS2c=]
+DECRYPTED: [Hello World!]
+
+<sup><a name="fn">*</a></sup> <span style="font-size: 85%;">- This code example is <a href="#nqr">not quite right</a>.</span>
+</pre>
+<br clear="all"/>
+<p>Some notes:
+<ul>
+ <li>The OpenSSL.encrypt() and OpenSSL.decrypt() methods have InputStream and byte[] versions. For large
+ files you're going to have to use the InputStream versions.</li>
+ <li>OpenSSL.encrypt() produces base64 output by default. Use
+<a href="http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20char[],%20byte[],%20boolean)">OpenSSL.encrypt(alg, pwd, data, false)</a>
+ to turn that off.</li>
+ <li>OpenSSL.decrypt() auto-detects whether input is base64 or raw binary, so you don't need to worry about it
+ when decrypting. The base64 "true/false" parameter is only applicable when encrypting.</li>
+ <li>We also have methods that are compatible with "<code>openssl enc -K [key] -iv [IV]</code>" where key and iv
+ are explicitly provided, rather than being derived from a password. The [key] and [IV] should be specified
+ in either raw binary, or hexidecimal (4 bits per character). This isn't really PBE anymore, but it's a
+ common use case.</li>
+</ul>
+</p>
+
+<p>Here's a list of supported OpenSSL ciphers. The <i>purple ones</i> require the <a href="http://www.bouncycastle.org/latest_releases.html">BouncyCastle JCE</a>.
+The <i class="special">red ones (desx, desx-cbc)</i> probably require RSA's <a href="http://www.rsa.com/node.aspx?id=1204">BSAFE JCE</a>,
+and have not been tested.
+</p>
+<pre>
+aes-128-cbc aes-128-cfb <!-- aes-128-cfb1 -->
+aes-128-cfb8 aes-128-ecb aes-128-ofb
+aes-192-cbc aes-192-cfb <!-- aes-192-cfb1 -->
+aes-192-cfb8 aes-192-ecb aes-192-ofb
+aes-256-cbc aes-256-cfb <!-- aes-256-cfb1 -->
+aes-256-cfb8 aes-256-ecb aes-256-ofb
+aes128 aes192 aes256
+bf bf-cbc bf-cfb
+bf-ecb bf-ofb blowfish
+<i>camellia-128-cbc</i> <i>camellia-128-cfb</i> <!-- <i>camellia-128-cfb1</i> -->
+<i>camellia-128-cfb8</i> <i>camellia-128-ecb</i> <i>camellia-128-ofb</i>
+<i>camellia-192-cbc</i> <i>camellia-192-cfb</i> <!-- <i>camellia-192-cfb1</i> -->
+<i>camellia-192-cfb8</i> <i>camellia-192-ecb</i> <i>camellia-192-ofb</i>
+<i>camellia-256-cbc</i> <i>camellia-256-cfb</i> <!-- <i>camellia-256-cfb1</i> -->
+<i>camellia-256-cfb8</i> <i>camellia-256-ecb</i> <i>camellia-256-ofb</i>
+<i>camellia128</i> <i>camellia192</i> <i>camellia256</i>
+<i>cast</i> <i>cast-cbc</i> <i>cast5-cbc</i>
+<i>cast5-cfb</i> <i>cast5-ecb</i> <i>cast5-ofb</i>
+des des-cbc des-cfb
+<!-- des-cfb1 --> des-cfb8 des-ecb
+des-ede des-ede-cbc des-ede-cfb
+des-ede-ofb des-ede3 des-ede3-cbc
+des-ede3-cfb des-ede3-ofb des-ofb
+des3 <i class="special">desx</i> <i class="special">desx-cbc</i>
+<i>idea</i> <i>idea-cbc</i> <i>idea-cfb</i>
+<i>idea-ecb</i> <i>idea-ofb</i> rc2
+rc2-40-cbc rc2-64-cbc rc2-cbc
+rc2-cfb rc2-ecb rc2-ofb
+rc4 rc4-40 <i>rc5</i>
+<i>rc5-cbc</i> <i>rc5-cfb</i> <i>rc5-ecb</i>
+<i>rc5-ofb</i>
+</pre>
+
+<p>Here are some additional ciphers supported by BouncyCastle, but not by OpenSSL:</p>
+<pre>
+<i>cast6</i>
+<i>gost</i> (aka: <i>gost28147</i>)
+<i>rc6</i>
+<i>seed</i>
+<i>serpent</i>
+<i>skipjack</i>
+<i>tea</i>
+<i>twofish</i>
+<i>xtea</i>
+</pre>
+
+<hr/>
+<h3><a name="Quick-FAQ">Quick FAQ about PBE and Java</a></h3>
+<hr/>
+<dl>
+<dt>Why do I keep getting "java.security.InvalidKeyException: Illegal key size"?</dt>
+<dd>
+Don't forget to install your JVM's Unlimited Strength
+Jurisdiction Policy Files if you want AES-192 and AES-256 to work. (Same is true
+for Camillia-192, Camellia-256, and GOST28147).
+
+Visit <a href="http://java.sun.com/javase/downloads/">http://java.sun.com/javase/downloads/</a>
+and scroll to the bottom:
+<blockquote>
+Other Downloads
+<br/>Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
+</blockquote>
+You can use DES-3 (168 bit keys) without
+installing the extra policy files.
+</dd>
+<dt>Why do the encrypted files always start with "Salted__" ("U2FsdGVkX1" in base64)?
+Isn't giving away information like this insecure?</dt>
+<dd>
+The encrypted files must always start with "Salted__" to interoperate with OpenSSL.
+OpenSSL expects this. The 8 bytes that spell "Salted__" are always immediately followed
+by another random 8 bytes of salt. The encrypted stream starts at the 17th byte.
+This way, even if you use the same password to encrypt 2 different files, the actual
+secret keys used to encrypt these 2 files are very different.
+<br/>
+<br/>
+It is possible to omit the salt, but this is highly discouraged:
+
+<pre style="padding: 10px; float: left;">
+boolean useBase64 = true;
+boolean useSalt = false; <em style="color: green;">// Omitting the salt is bad for security!</em>
+byte[] result = <a href="http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/OpenSSL.html#encrypt(java.lang.String,%20char[],%20byte[],%20boolean,%20boolean)">OpenSSL.encrypt(alg, pwd, data, useBase64, useSalt);</a>
+</pre>
+<br clear="all"/>
+</dd>
+<dt><a name="nqr">Why</a> is code example above "not quite right"?</dt>
+<dd>It relies on the platform's default character set. Here is the proper version (forcing UTF-8):
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>PBE example (DES-3):</b></u>
+
+char[] password = {'c','h','a','n','g','e','i','t'};
+byte[] data = "Hello World!".getBytes("UTF-8");
+
+<em style="color: green;">// Encrypt!</em>
+byte[] encrypted = OpenSSL.encrypt("des3", password, data);
+System.out.println("ENCRYPTED: [" + new String(encrypted, "UTF-8") + "]");
+
+<em style="color: green;">// Decrypt results of previous!</em>
+data = OpenSSL.decrypt("des3", password, encrypted);
+System.out.println("DECRYPTED: [" + new String(data, "UTF-8") + "]");
+
+OUTPUT:
+======================
+ENCRYPTED: [U2FsdGVkX19qplb9qVDVVEYxH8wjJDGpMS+F4/2pS2c=]
+DECRYPTED: [Hello World!]
+</pre>
+</dd>
+</dl>
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/ping.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/ping.html b/3rdparty/not-yet-commons-ssl/docs/ping.html
new file mode 100644
index 0000000..3458d07
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/ping.html
@@ -0,0 +1,93 @@
+<html>
+<head>
+<title>Commons-SSL - Utilities</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<span class="hl" href="utilities.html">utilities</span> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Ping</h2>
+
+<p>"org.apache.commons.ssl.Ping" contains a main method to help you diagnose SSL issues.
+It's modeled on OpenSSL's very handy "s_client" utility. We've been very careful to
+make sure "org.apache.commons.ssl.Ping" can execute without any additional jar files
+on the classpath (except if using Java 1.3 - then you'll need jsse.jar).</p>
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>"Ping" Utility Attempts "HEAD / HTTP/1.1" Request</b></u>
+This utility is very handy because it can get you the server's public
+certificate even if your client certificate is bad (so even though the SSL
+handshake fails). And unlike "openssl s_client", this utility can bind
+against any IP address available.
+
+Usage: java -jar not-yet-commons-ssl-0.3.13.jar [options]
+Version: 0.3.13 Compiled: [PDT:2014-05-08/14:15:16.000]
+Options: (*=required)
+* -t --target [hostname[:port]] default port=443
+ -b --bind [hostname[:port]] default port=0 "ANY"
+ -r --proxy [hostname[:port]] default port=80
+ -tm --trust-cert [path to trust material] {pem, der, crt, jks}
+ -km --client-cert [path to client's private key] {jks, pkcs12, pkcs8}
+ -cc --cert-chain [path to client's cert chain for pkcs8/OpenSSL key]
+ -p --password [client cert password]
+ -h --host-header [http-host-header] in case -t is an IP address
+ -u --path [path for GET/HEAD request] default=/
+ -m --method [http method to use] default=HEAD
+
+Example:
+
+java -jar commons-ssl.jar -t host.com:443 -c ./client.pfx -p `cat ./pass.txt` </pre><br clear="all"/>
+
+<p style="margin-top: 8px;"><b>TODO:</b><br/>Apparently Java 6.0 includes support for grabbing passwords from
+standard-in without echoing the typed characters. Would be nice to use that feature when it's
+available, instead of requiring the password to be specified as a command-line argument.</p>
+
+<hr/>
+<h2>KeyStoreBuilder</em></h2>
+<p><code>java -cp not-yet-commons-ssl-0.3.13.jar org.apache.commons.ssl.KeyStoreBuilder</code></p>
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>KeyStoreBuilder converts PKCS12 and PKCS8 to Java "Keystore", and vice versa.</b></u>
+KeyStoreBuilder: creates '[alias].jks' (Java Key Store)
+ -topk8 mode: creates '[alias].pem' (x509 chain + unencrypted pkcs8)
+[alias] will be set to the first CN value of the X509 certificate.
+-------------------------------------------------------------------
+Usage1: [password] [file:pkcs12]
+Usage2: [password] [file:private-key] [file:certificate-chain]
+Usage3: -topk8 [password] [file:jks]
+-------------------------------------------------------------------
+[private-key] can be openssl format, or pkcs8.
+[password] decrypts [private-key], and also encrypts outputted JKS file.
+All files can be PEM or DER.</pre><br clear="all"/>
+
+<br/><b>Warning:</b>
+ <span style="color: red; font-weight: bold;">-topk8 outputs the private key UNENCRYPTED!
+Cut and paste the private key into a separate file, and then use "openssl rsa" or "openssl dsa"
+to encrypt it with a password.</span>
+<br/>
+<br/>
+
+
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/pkcs8.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/pkcs8.html b/3rdparty/not-yet-commons-ssl/docs/pkcs8.html
new file mode 100644
index 0000000..2119983
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/pkcs8.html
@@ -0,0 +1,156 @@
+<html>
+<head>
+<title>Decrypting PKCS #8 and OpenSSL Private Keys with Java</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+<span class="hl" href="pkcs8.html">pkcs8</span> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>PKCS #8 / OpenSSL Encrypted Keys</em></h2>
+<br/>
+<h3>Java 1.3 Compatible! (with <a href="http://java.sun.com/products/jce/index-122.html">jce1_2_2.jar</a>) (or <a href="http://bouncycastle.org/latest_releases.html">bcprov-jdk13.jar</a>)</h3>
+<p>Commons-SSL includes support for extracting private keys from PKCS #8 files.
+We also support the OpenSSL formats ("traditional SSLeay"). The private keys can be in PEM (base64)
+or DER (raw ASN.1 - a binary format).
+</p>
+<p>The code works with Java 1.3 (+JCE), 1.4, 5.0, 6.0, but not all of the ciphers and hashes are available
+until Java 5.0 (unless you use BouncyCastle). Fortunately the most common formats [OpenSSL MD5 with 3DES], [PKCS #8 V1.5 MD5 with DES], [PKCS #8 V2.0 HmacSHA1 with 3DES]
+work with all versions of Java, including Java 1.3.</p>
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>pkcs8 example:</b></u>
+
+FileInputStream in = new FileInputStream( "/path/to/pkcs8_private_key.der" );
+
+<em style="color: green;">// If the provided InputStream is encrypted, we need a password to decrypt</em>
+<em style="color: green;">// it. If the InputStream is not encrypted, then the password is ignored</em>
+<em style="color: green;">// (can be null). The InputStream can be DER (raw ASN.1) or PEM (base64).</em>
+PKCS8Key pkcs8 = new PKCS8Key( in, "changeit".toCharArray() );
+
+<em style="color: green;">// If an unencrypted PKCS8 key was provided, then this actually returns</em>
+<em style="color: green;">// exactly what was originally passed in (with no changes). If an OpenSSL</em>
+<em style="color: green;">// key was provided, it gets reformatted as PKCS #8 first, and so these</em>
+<em style="color: green;">// bytes will still be PKCS #8, not OpenSSL.</em>
+byte[] decrypted = pkcs8.getDecryptedBytes();
+PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( decrypted );
+
+<em style="color: green;">// A Java PrivateKey object is born.</em>
+PrivateKey pk = null;
+if ( pkcs8.isDSA() )
+{
+ pk = KeyFactory.getInstance( "DSA" ).generatePrivate( spec );
+}
+else if ( pkcs8.isRSA() )
+{
+ pk = KeyFactory.getInstance( "RSA" ).generatePrivate( spec );
+}
+
+<em style="color: green;">// For lazier types:</em>
+pk = pkcs8.getPrivateKey();
+</pre>
+<br clear="all"/>
+<p>Both RSA and DSA keys are supported. Here is a list of supported formats:</p>
+<ul>
+<li class="top"><b>OpenSSL "Traditional SSLeay Compatible Format"</b><ul>
+<li>Unencrypted PEM or DER</li>
+<li>Encrypted PEM:<br/>
+<ul class="openssl"><li>des</li><li>des2</li><li>des3</li><li>blowfish</li></ul>
+<ul class="openssl"><li>aes128</li><li>aes192</li><li>aes256</li></ul>
+<ul class="openssl"><li>rc2-40</li><li>rc2-64</li><li>rc2-128</li></ul>
+<br clear="all"/>
+<dl style="margin-top: 1em; width: 600px;"><dt>Note:</dt><dd>OpenSSL "traditional SSLeay" format does not allow encrypted keys to be encoded in DER. Only
+unencrypted keys can be encoded in DER.</dd></dl></li>
+</ul>
+</li>
+<li class="top"><b>PKCS #8 (Unencrypted)</b>
+<ul><li>PEM or DER</li></ul></li>
+<li class="top"><b>PKCS #8 with PKCS #5 Version 1.5 Encryption</b>
+<ul><li>PEM or DER:
+<ul class="pkcs8">
+<li>MD2 with DES</li>
+<li>MD2 with RC2-64</li>
+</ul>
+<ul class="pkcs8">
+<li>MD5 with DES</li>
+<li>MD5 with RC2-64</li>
+</ul>
+<ul class="pkcs8">
+<li>SHA1 with DES</li>
+<li>SHA1 with RC2-64</li>
+</ul>
+<br clear="all"/>
+</li></ul></li>
+<li class="top"><b>PKCS #8 with PKCS #5 Version 1.5 Encryption and PKCS #12 Key Derivation</b>
+<ul><li>PEM or DER:
+<ul class="pkcs8">
+<li>SHA1 with 3DES</li>
+<li>SHA1 with 2DES</li>
+</ul>
+<ul class="pkcs8">
+<li>SHA1 with RC2-128</li>
+<li>SHA1 with RC2-40</li>
+</ul>
+<ul class="pkcs8">
+<li>SHA1 with RC4-128</li>
+<li>SHA1 with RC4-40</li>
+</ul>
+<br clear="all"/>
+</li></ul></li>
+<li class="top"><b>PKCS #8 with PKCS #5 Version 2.0 Encryption and HmacSHA1</b>
+<ul><li>PEM or DER:
+<ul class="pkcs8">
+<li>DES</li>
+<li>3DES</li>
+<li>Blowfish</li>
+</ul>
+<ul class="pkcs8">
+<li>AES-128</li>
+<li>AES-192</li>
+<li>AES-256</li>
+</ul>
+<ul class="pkcs8">
+<li>RC2-40</li>
+<li>RC2-64</li>
+<li>RC2-128</li>
+</ul>
+<br clear="all"/>
+</li></ul></li></ul>
+<hr/>
+<p>
+Here are links to the raw samples and test results:
+<ol>
+<li><a href="samples/rsa_result.html">2048 Bit RSA</a></li>
+<li><a href="samples/dsa_result.html">2048 Bit DSA</a></li>
+</ol>
+</p>
+<p>The samples were all generated using OpenSSL's
+<code>rsa</code>, <code>genrsa</code>, <code>dsa</code>, <code>gendsa</code>, <code>dsaparam</code>
+and <code>pkcs8</code> commands. We're curious to know if
+PKCS #8 keys created by other programs will also work, but OpenSSL is all we have to play
+with at the moment.</p>
+<p>The password to decrypt the samples is always "changeit", and they all have the same RSA or DSA
+key.</p>
+
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/rmi.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/rmi.html b/3rdparty/not-yet-commons-ssl/docs/rmi.html
new file mode 100644
index 0000000..6d7b2b6
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/rmi.html
@@ -0,0 +1,102 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - RMI over SSL Java Example</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+ol.points li { margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<span class="hl" href="rmi.html">rmi</span> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>RMI over SSL <em style="color: red; font-weight: normal;">(experimental)</em></h2>
+<br/><b>3 points to consider:</b>
+<ol class="points">
+<li>To run the RMI-SSL server, you must invoke <code>LocateRegistry.createRegistry( 1099 )</code>
+from within your own application. You must do this AFTER calling <code>RMISocketFactory.setSocketFactory( impl )</code>.
+RMISocketFactoryImpl will open the registry on 1099, and will open anonymous RMI servers (where port 0 is
+specified) on port 31099.
+RMI-SSL, as shown here, doesn't work with <code>$JAVA_HOME/bin/rmiregistry</code>.
+<br/>See the example code below for help with <code>RMISocketFactory.setSocketFactory( impl )</code>.
+</li>
+<li>To run the RMI-SSL client, you need to find an RMI-SSL server to connect to. See #1, above. ;-)</li>
+<li>If you don't manage to find an RMI-SSL server, then the RMI-SSL client will automatically downgrade itself
+to plain-socket. There is an important security consideration to consider regarding this: RMISocketFactoryImpl
+at this time only guarantees the security of the registry and the server sockets it opens. Client sockets
+it creates might be plain-socket.</li>
+</ol>
+
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>RMI over SSL Example</b></u>
+
+import org.apache.commons.ssl.RMISocketFactoryImpl;
+
+<em style="color: green;">// RMISocketFactoryImpl tries to detect plain sockets, so you should be able to use</em>
+<em style="color: green;">// this even in situations where not all of the RMI servers you are talking to are</em>
+<em style="color: green;">// using SSL.</em>
+RMISocketFactoryImpl impl = new RMISocketFactoryImpl();
+
+<em style="color: green;">// Let's change some settings on our default SSL client.</em>
+SSLClient defaultClient = (SSLClient) impl.getDefaultClient();
+client.setCheckHostname( false );
+client.setCheckCRL( true );
+client.setCheckExpiry( false );
+
+<em style="color: green;">// By default we trust Java's "cacerts", as well as whatever cert is on localhost:1099,</em>
+<em style="color: green;">// so this is redundant: (Trusting localhost:1099 is some commons-ssl magic).</em>
+client.addTrustMaterial( TrustMaterial.DEFAULT );
+
+<em style="color: green;">// But if we had used setTrustMaterial() instead of addTrustMaterial(), we would (probably)</em>
+<em style="color: green;">// no longer trust localhost:1099! Using set instead of add causes all previous "adds" to</em>
+<em style="color: green;">// to be thrown out.</em>
+
+<em style="color: green;">// Meanwhile, RMI calls to rmi://special.com:1099/ need to trust a self-signed certificate,</em>
+<em style="color: green;">// but we don't want to pollute our default trust with this shoddy cert. So only calls</em>
+<em style="color: green;">// specifically to "special.com" (any port) will use this.</em>
+SSLClient specialClient = new SSLClient();
+TrustMaterial tm = new TrustMaterial( "special.pem" );
+specialClient.addTrustMaterial( tm );
+<em style="color: green;">// Here's where the special cert gets associated with "special.com":</em>
+impl.setClient( "special.com", specialClient );
+
+
+<em style="color: green;">// We're might also want to be an RMI server ourselves!</em>
+<em style="color: green;">// By default commons-ssl looks for "~/.keystore" and tries password "changeit",</em>
+<em style="color: green;">// but we can change things if we want:</em>
+SSLServer server = (SSLServer) impl.getDefaultServer();
+tm = new TrustMaterial( "trust_only_these_client_certs.pem" );
+KeyMaterial km = new KeyMaterial( "/path/to/myKey.p12", "password".toCharArray() );
+server.setTrustMaterial( tm );
+server.setKeyMaterial( km );
+<em style="color: green;">// This particular RMI server will only accept connections with client certs!</em>
+server.setNeedClientAuth( true );
+
+<em style="color: green;">// Finally, we tell Java to use our new RMI socket factory!</em>
+RMISocketFactory.setSocketFactory( impl );</pre>
+<br clear="all">
+<pre>
+<!-- make the page scroll a little more -->
+
+</pre>
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/roadmap.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/roadmap.html b/3rdparty/not-yet-commons-ssl/docs/roadmap.html
new file mode 100644
index 0000000..3962540
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/roadmap.html
@@ -0,0 +1,86 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - Downloads, Features, Future Directions</title>
+<style type="text/css">
+dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+td.v { text-align: center; }
+dt { padding: 8px 0 8px 5px; }
+dd { padding-left: 15px; }
+li { padding-bottom: 6px; }
+tr.released td, tr.released th { background-color: yellow; font-weight: bold; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+
+<span class="hl" href="download.html">download</span>
+</div>
+<br clear="all"/>
+<hr/>
+<h1>This page is out of date. These days we just do maintenance releases to fix bugs reported on the mailing list.
+Current version is 0.3.15.</h1>
+<h3><a name="roadmap">Road Map For Future Versions</a></h3>
+<p>0.3.10 - 0.3.11 are just some feature ideas. They might not be feasible. <b style="background-color: yellow;">0.3.9 is the current version.</b></p>
+<table cellspacing="0" cellpadding="4" border="1">
+<tr><th>Version</th><th>Release Date?</th><th>Description</th></tr>
+<tr><td class="v">0.3.4</td><td class="v">Nov 2006</td><td>90% feature complete. Probably contains some bugs.</td></tr>
+
+<tr><td class="v">0.3.5</td><td class="v">Dec 2006</td><td>PKCS8Key constructor is public now. Whoops. Hostname verification
+knows about more than just CN's now - also checks subjectAlts in the server's certificate.</td></tr>
+<tr><td class="v">0.3.6</td><td class="v">Jan 2007</td><td>Fixed Java 1.4 bug with HttpsURLConnection.</td></tr>
+<tr><td class="v">0.3.7</td><td class="v">Feb 2007</td><td>40 bit and 56 bit ciphers disabled by default. RMI-SSL improved. getSSLContext() added. Various other improvements.</td></tr>
+<tr class="v"><td class="v">0.3.8</td><td class="v">Nov 2007</td><td>PBE (password-based-encryption) formally introduced and improved. 40 bit and 56 bit ciphers still disabled by default, but working better when re-enabled.</td></tr>
+
+<tr class="released"><td class="v">0.3.9</td><td class="v">May 2008</td><td>Some PBE fixes. Using latest ASN.1 code from BouncyCastle.</td></tr>
+<tr class="unreleased"><td class="v">0.3.10</td><td class="v">May 2008</td><td>
+<p>
+Socket monitoring. Make it easier for long-running server applications to warn
+about impending certificate expiries.
+</p>
+<p>
+<a href="http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol">OCSP</a> - Online Certificate Status Protocol
+</p>
+
+<p>
+NotQuiteSoEasySSLProtocolSocketFactory will trust any server The First Time, and store that server's cert on disk for future accesses.
+</p>
+</td></tr>
+<tr><td class="v">0.3.11</td><td class="v">Jun 2008</td><td><code>TrustMaterial.setAutoReload( true / false )</code>, and <code>KeyMaterial.setAutoReload( true / false )</code>,
+but only if no password, or "changeit" was provided. (Question: should this "reload" tear down all open sockets?).
+</td></tr>
+<tr><td class="v">0.4.0</td><td class="v">Jul 2008</td><td>Non-public code (protected, private, etc) moved into a separate "impl" package where possible.</td></tr>
+
+<tr><td class="v">0.5.0</td><td class="v">Aug 2008</td><td>API froven. All future versions must be reverse-compatible with 0.5.0 (except for any parts of 0.5.0 later found to be insecure).</td></tr>
+<tr><td class="v">0.7.0</td><td class="v">Nov 2008</td><td>JavaDocs written for all public methods and classes.</td></tr>
+<tr><td class="v">0.7.5</td><td class="v">Mar 2009</td><td>JUnit tests written for all classes.</td></tr>
+<tr><td class="v">0.9.0</td><td class="v">May 2009</td><td>First BETA release. JUnit tests passing on all targetted platforms:
+
+<ol>
+<li>Intel/AMD: (Sun, IBM, BEA) x (Linux, Mac, Windows) x (1.3, 1.4, 5, 6, 7)</li>
+<li>All of the above with and without BouncyCastle.</li>
+<li>PowerPC: Mac OS X 10.4, 10.5</li>
+<li>Linux: Latest GCJ, Kaffe, and Blackdown releases. BouncyCastle added if necessary to get tests to pass.</li>
+<li>Anyone got an IBM mainframe we can test on?</li>
+</td></tr>
+<tr><td class="v">0.9.1 - 0.9.9</td><td class="v">Aug 2009</td><td>Bug fixes.</td></tr>
+
+<tr><td class="v">1.0.0</td><td class="v">Jan 2010</td><td>Development mostly stops.</td></tr>
+</table>
+<p>The problem we're solving with Commons-SSL
+is quite small, so I don't see any reason to ever go beyond 1.0.0, except for fixing bugs.</p>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/source.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/source.html b/3rdparty/not-yet-commons-ssl/docs/source.html
new file mode 100644
index 0000000..6c2fc85
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/source.html
@@ -0,0 +1,38 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - Source Tree</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<a href="ssl.html">ssl</a> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<span class="hl" href="source.html">source</span> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>not-yet-commons-ssl Source Code</em></h2>
+<br clear="all">
+
+<!--#include virtual="tree.html" -->
+
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/docs/ssl.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/ssl.html b/3rdparty/not-yet-commons-ssl/docs/ssl.html
new file mode 100644
index 0000000..86bfa4d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/docs/ssl.html
@@ -0,0 +1,106 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<meta name="Author" content="Julius Davies">
+<title>Java Examples for Creating SSL/TLS Sockets</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="index.html">main</a> |
+<span class="hl" href="ssl.html">ssl</span> |
+<a href="pkcs8.html">pkcs8</a> |
+<a href="pbe.html">pbe</a> |
+<a href="rmi.html">rmi</a> |
+<a href="utilities.html">utilities</a> |
+<a href="source.html">source</a> |
+<a href="javadocs/">javadocs</a> |
+<a href="download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Code Examples For Creating SSL Sockets</h2>
+<div style="font-family: arial; margin-top: 18px;">
+<b class="n">Note:</b>
+<br/>SSLClient <b class="n">extends</b> SSLSocketFactory
+<br/>SSLServer <b class="n">extends</b> SSLServerSocketFactory
+</div>
+<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>Client Example:</b></u>
+
+SSLClient client = new SSLClient();
+
+<em style="color: green;">// Let's trust usual "cacerts" that come with Java. Plus, let's also trust a self-signed cert</em>
+<em style="color: green;">// we know of. We have some additional certs to trust inside a java keystore file.</em>
+client.addTrustMaterial( TrustMaterial.DEFAULT );
+client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
+client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks", "changeit".toCharArray() ) );
+
+<em style="color: green;">// To be different, let's allow for expired certificates (not recommended).</em>
+client.setCheckHostname( true ); <em style="color: green;">// default setting is "true" for SSLClient</em>
+client.setCheckExpiry( false ); <em style="color: green;">// default setting is "true" for SSLClient</em>
+client.setCheckCRL( true ); <em style="color: green;">// default setting is "true" for SSLClient</em>
+
+<em style="color: green;">// Let's load a client certificate (max: 1 per SSLClient instance).</em>
+client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx", "secret".toCharArray() ) );
+SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );</pre>
+
+<br clear="all"><pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>Server Example (OpenSSL/Apache Style)</b></u>
+<em style="color: green;">// Compatible with the private key / certificate chain created from following the Apache2</em>
+<em style="color: green;">// TLS FAQ: "How do I create a self-signed SSL Certificate for testing purposes?"</em>
+<em style="color: green;">// <a href="http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert">http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert</a></em>
+
+SSLServer server = new SSLServer();
+
+<em style="color: green;">// Server needs some key material. We'll use an OpenSSL/PKCS8 style key (possibly encrypted).</em>
+String certificateChain = "/path/to/this/server.crt";
+String privateKey = "/path/to/this/server.key";
+char[] password = "changeit".toCharArray();
+KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );
+
+server.setKeyMaterial( km );
+
+<em style="color: green;">// These settings have to do with how we'll treat client certificates that are presented</em>
+<em style="color: green;">// to us. If the client doesn't present any client certificate, then these are ignored.</em>
+server.setCheckHostname( false ); <em style="color: green;">// default setting is "false" for SSLServer</em>
+server.setCheckExpiry( true ); <em style="color: green;">// default setting is "true" for SSLServer</em>
+server.setCheckCRL( true ); <em style="color: green;">// default setting is "true" for SSLServer</em>
+
+<em style="color: green;">// This server trusts all client certificates presented (usually people won't present</em>
+<em style="color: green;">// client certs, but if they do, we'll give them a socket at the very least).</em>
+server.addTrustMaterial( TrustMaterial.TRUST_ALL );
+SSLServerSocket ss = (SSLServerSocket) server.createServerSocket( 7443 );
+SSLSocket socket = (SSLSocket) ss.accept();</pre>
+
+<br clear="all"><pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>Server Example (Traditional Java "KeyStore" Style)</b></u>
+
+SSLServer server = new SSLServer();
+
+<em style="color: green;">// Server needs some key material. We'll use a Java Keystore (.jks) or Netscape</em>
+<em style="color: green;">// PKCS12 (.pfx or .p12) file. Commons-ssl automatically detects the type.</em>
+String pathToKeyMaterial = "/path/to/.keystore";
+char[] password = "changeit".toCharArray();
+KeyMaterial km = new KeyMaterial( pathToKeyMaterial, password );
+
+server.setKeyMaterial( km );
+
+<em style="color: green;">// This server trusts all client certificates presented (usually people won't present</em>
+<em style="color: green;">// client certs, but if they do, we'll give them a socket at the very least).</em>
+server.addTrustMaterial( TrustMaterial.TRUST_ALL );
+SSLServerSocket ss = (SSLServerSocket) server.createServerSocket( 7443 );
+SSLSocket socket = (SSLSocket) ss.accept();</pre>
+
+
+<br clear="all">
+
+</body>
+</html>
[36/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.der b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.der
new file mode 100644
index 0000000..32e51eb
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.pem
new file mode 100644
index 0000000..ee815db
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/openssl_dsa_unencrypted.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPgIBAAKCAQEAyKItMopMK218pcmy6PkrMVXAv5dt07TdGBuNhVWpQ52ldK9X
+mL7CPKpo4Dy85EZRPvRNyOnhe+LRJZ+ReKntpEkEiar/ZsKVkUthPsiUMpoM5S79
+JK8iT8F9HdFjIFKaXGySBZ4xcrj8HQ/v75iolYCso+66Ybgjs9/nsWS0UQyGE6rc
+ibx7xPAtcbaGZUBaBtdkNER7+P2ueJwej89aNZxj+AKuvrWrArq6/5zOIhGR12wQ
+EQQjj7FQ66ZFivJ/AYsv1yXDS7mZBNp5eMuxk8Kmis/++HKcP7tdbVRnlfTGdBuN
+BMyOcBTIsE11jwikcI+KIbr9cEZoaikkm4KyuwIVAP4DZEC+/JZJ0PHSEtJTt6uz
+yn1hAoIBAHhLbqDib7zqaFBrNnbaBSNiltY3GxWM6uQT88NH9YWz3wXRb6i4KJFH
+9NtLbK0RF7MoQVprJY6LuGQHZ/e61Fs2EabDwT4vB2HT619fVUvDndbuSW6qfUR4
+y9kbG7zLkE4Mnym/ikmUwLABLA67cZUS9yjtcRXGpOkiTAQfCGBeUH6nWOFEaWjI
+fGNMQ5awKvZhIvGyN4Zvd+mE+199s/kAsCKFux2Sq9tYw3qS0Tw2IEebHsHvX7A3
+bvxV6p7czVxlO9+O0w7bBTekPpw1BnCYmPyy0H36g/7aF2V70UCWzER8zT1Pfh7d
+3P0hLqHYzX375l/7oxuDawtcDAV++iwCggEASajPdllHVQ8JvKdPH6qDkjC5XJTZ
+RK46mYm1cCu8Q9Dy9ZfL67CcJBpwKVHNC3sXmk4XPfs91AZf/t01qbMJvCrR8NHs
+jRyJkNIaMyDeWcFmO0KmMi374BQpFyIDQ6mK1y9BilneZ6gHDdfHMsKniLFW+SQf
+9hlwlArIPYuELu7riJhNcuRUTJEfybDHwM4/ht0IFbyUIFl00mMdTrozk+e/esEs
+QdWbx2UBjNs8meZPivFbT2HpQF1I0qZhtn3e7jcR5YatBQ3e4abnu1RrDc73q7d4
+g2SYQK3PmIWwxiFhJQTzeiQtl5rKzEn76knAydOtPVRgjXWzHUoW6Az0qwIVAMvw
+thRrEZxNdxELdnwW3rpYBm6B
+-----END DSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.der
new file mode 100644
index 0000000..66d0ea8
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.pem
new file mode 100644
index 0000000..22b8e3c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8_dsa_unencrypted.pem
@@ -0,0 +1,15 @@
+-----BEGIN PRIVATE KEY-----
+MIICTQIBADCCAi0GByqGSM44BAEwggIgAoIBAQDIoi0yikwrbXylybLo+SsxVcC/
+l23TtN0YG42FValDnaV0r1eYvsI8qmjgPLzkRlE+9E3I6eF74tEln5F4qe2kSQSJ
+qv9mwpWRS2E+yJQymgzlLv0kryJPwX0d0WMgUppcbJIFnjFyuPwdD+/vmKiVgKyj
+7rphuCOz3+exZLRRDIYTqtyJvHvE8C1xtoZlQFoG12Q0RHv4/a54nB6Pz1o1nGP4
+Aq6+tasCurr/nM4iEZHXbBARBCOPsVDrpkWK8n8Biy/XJcNLuZkE2nl4y7GTwqaK
+z/74cpw/u11tVGeV9MZ0G40EzI5wFMiwTXWPCKRwj4ohuv1wRmhqKSSbgrK7AhUA
+/gNkQL78lknQ8dIS0lO3q7PKfWECggEAeEtuoOJvvOpoUGs2dtoFI2KW1jcbFYzq
+5BPzw0f1hbPfBdFvqLgokUf020tsrREXsyhBWmsljou4ZAdn97rUWzYRpsPBPi8H
+YdPrX19VS8Od1u5Jbqp9RHjL2RsbvMuQTgyfKb+KSZTAsAEsDrtxlRL3KO1xFcak
+6SJMBB8IYF5QfqdY4URpaMh8Y0xDlrAq9mEi8bI3hm936YT7X32z+QCwIoW7HZKr
+21jDepLRPDYgR5sewe9fsDdu/FXqntzNXGU7347TDtsFN6Q+nDUGcJiY/LLQffqD
+/toXZXvRQJbMRHzNPU9+Ht3c/SEuodjNffvmX/ujG4NrC1wMBX76LAQXAhUAy/C2
+FGsRnE13EQt2fBbeulgGboE=
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der
new file mode 100644
index 0000000..b6afff4
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem
new file mode 100644
index 0000000..8c2115e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_des1_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICeTAbBgkqhkiG9w0BBQEwDgQILnlhJxK+WWMCAggABIICWNqg8COg3x5fM2G/
+GrG28BE081hCiuAlNwMAeP+Akp0UNVbWJUFDGmpuMPmOY8vXlPfSJFI5FzCr9Wt1
+PIEtw66CoNvjN59Qb8EclEx/DaEv7rI74zpqp/gSkufYww8O87fPPk+qtEr0s0P/
+Ed+8rv/BERaaRa5nPx+7XhQ/VFeWgCPRNICmSB3z5CX2lvujY9rhw5cdiEkARg/N
+YwFwnx/L/ogBVntWHRoKkJj77TXXd4+Wx8wD+kyB7dvKQZg4Z9DhQSlQtKoDcUeX
+SCLdd9yRiuixDXGI0XMThmMnRfB7G2bT/BfucKCWvlPn2fsZKsdI7QOKLJm3b+Ud
+PrHc1z1HAlHhnlaBSWux/ZFxGrSuPS03z5lYfZEDzV0uFxCP9r9QYOEumfuiUAEk
+uIjoT8vfiSdL/ftONMx7yOIBnuVcW0KUO1K3wepccGIaOHd1oYJeCNab4yLELu2o
+qannuyLofxkY+F5N4j6cgw6FOpB2LBHIEzKNmz6S6GJLRaeUzIMzGD0fAsnaulx2
+HZqUNJRnPLPN721Ejwu14Dj2O1r2/4GpVUUzJu7ZmVLPHbfQxXXx8hy9Gp+v3woQ
+D2N1qjA6E0YMM9yfEtPJhLYH6JWG4t0X0ThFKe2ATIdoMFq9Jou9evksLrjNcNGE
+L78pgcuQ98R7YniY53t2tBpwrklrfCN5RMUPIuCM6JfUKyZngnnwPFus8xiwl8b3
+1Cm9fnlQkeZDjG7GkMuR8SIfydboEg4RGVdvdxlA9+hoybkOruxIsyzNwSO+VLnZ
+7Xa76zHGwT42cZHEyw==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der
new file mode 100644
index 0000000..f811b8d
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem
new file mode 100644
index 0000000..c2c9efc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md2_rc2_64_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICeTAbBgkqhkiG9w0BBQQwDgQI70W+LvOB544CAggABIICWEnwZx+DsIKrb0WM
+p/+Fs1/XRo6e6aVFMACsmmbBvWaKqRpdrKb1kfQC/Fnprq2m+PouqdZOBujXcgGt
+Z0wzGJsO/rTQivfAtxQagSQus1c5OrXBvYC5FlIjSIS5sPOjqhpF9WkcsAvp2YZm
+TBYbzfzMMMfth1FD78LDYL3FgxnKFZLvxAmx1JNJPOPPihDDSUFR88riDR1Fig8j
+PeDA86iMGy9ruApr5UXP9GRsli64HrhgLbP4EArTQUnvSZz/ADjljce9K93Ntds7
+9lUIJgzpGAi3L+dCnhxdQGLamDCbzNvBvdsWqStQCh8sCoKtvoAiF/B7Q/lQgNTx
+PE89LluCNtPkKd6sU2FwqL1Yi8mnDmBr4xVLECOlbEyp/rdLdf2D2Uwv6+7at5tt
+dUokGy6lAO6sAPe5bVoAbhiWQozfaezfL/SwAQRDzvSfeIx8L1OFPFtinTx2pKYa
+glzLFJrjAPnQlcwao7j+6D0gP/O5tgFkYmNN8LfWwocDPNr5/V23jPBJwi6kDKOi
+wmFgLu5/ZJo4X7wNnbXuVMBS770ML4TjbgO3hNZgaIqXD9AhrNhRCHPsdiAUEp0n
+I0xwyrQdYj9zjjuo/9uVJ9b64+wRtBIROTobTajjQKs/pASG/tLSDYBpkx1RLuMM
+BqSSyx7D8+r8iSBBVUDGGUcFml0PC91ACUo+KQWqHQ8ERbg/kjeAbOQzUfeknhWm
+8yh5HEc2WpD3bwSy2cbIPgQ/A2icC+LV6juwEDuKWCGWnJCDGzA1SFY/NOmBbCrT
+Mxq6M6a9kkf1KnJYtA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der
new file mode 100644
index 0000000..4b6eba1
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem
new file mode 100644
index 0000000..39c76c5
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_des1_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICeTAbBgkqhkiG9w0BBQMwDgQIWNmWjbywMD0CAggABIICWHcMAiGPtw2iCZUE
+IbuPuw56XzQVzgDvAWYucbrIxXgLVKhoI0yVxpba8Vck2a1z1sTDmPVAd3VVFH4s
+hiKWfItjkuxkAKz2VbUeZRijTCIEAJiLSB29hIBEJSjYwjrM8TjjH/6Qe/iDJ5ZF
+lHBzawtL5DYj7d04vkvBfprbNdyzx/2ClIX8G/6GV290Bhem+xytPNv1iZkNE9se
+zxPVfB+bj40zFkWataAD7mgJdjOzXfCZJtyEcj1gsyALW+QiLUqiaDQyiB0ygjLQ
+BKVYd2OSHnvaCzl+hH+swfFXb7N0Bu0ip5+0vCdgvV3g3kbeFh4zLhU8PFd/NFGz
+Lz+ggi4VvXfoX/AeuiDxazKwyEnqkiX84VeR2LFhxosfdAk1f+kMmGM3WDOXo87P
+F6BuJQojPkizO90pUZthsY0DESqxt5Hno35VBNKpusOLDeKzqSN8onjZJpA8054n
+fg6k3qM0HLsHL/nur5NS4mSIeLMd9jWlNTaWn9ErHprqTYqHNdHn0pHFDBLm6El0
+7tUuGfOBbxstQI6RApxiIuW5JGwmvkHdlImZr0Dlll4jfjM96ybvAi8WkoMN2geg
+CQ1i22/muW1k/fmlKrGaqzPE11glsRcGG1jhp9EHwcbWDI2ZDvseL/N7PivDkdga
+QOEiuDv0bzNdpAle95OCAtFhEBxO9moksMOm8p5G93lAmvJvV5BAsZlzj7y7Tybw
+eKZnXGK3CfUXdaoGGqbT6G/vCHgpN3Y3833g/QMqmgRKwgZvhRQYJivR62mb24/f
+zlmQDSgtENDag/LzYg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der
new file mode 100644
index 0000000..a9dfab6
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem
new file mode 100644
index 0000000..5ff8802
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_md5_rc2_64_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICeTAbBgkqhkiG9w0BBQYwDgQI8PQy9izofhwCAggABIICWE4fHw0T09n+EgDG
+t8tPYTSshSAHYi8EoFIvqyB7DNnZ6goes6H24JN03lFF+FIvC6rwYq5et8Ugde4O
+Cyk90bDUBRFUT7hcc2zsxyTXvUaEBCCPfaVnn8TnEzaQi0UnVvuKiSvKJ0bBY/8y
+bN0O/yaPKppwpegumrrxABAf8muqh/jB/p91OPMuLrmtp01chrRNakVKOlz05zJ5
+sQ//dphwrUn/5KaaUjk7H+jTHuFReb4R4MvzEUMu+P8Xf4WNk6eFxlWsVWeuDoeZ
+1TruVIJMDW1khv2dsh+fGVtmIn7x90dKnIQkT26R7R8btPnB3WmLY1JYtZW2zmR0
+so5sU6KhCKI3xbMh4C7zgAxu6R+Et09HvpuOme6vjjfCs1A3y3F+f1OS0R35BVXX
+8pctPGCL/rlPwSXXx9UmDMCQYDhbfDJBb8CqA8/nf+I3X7p4A1M3GuXJTgC13E33
+Vy/QDLT3yUWbZKQOypDR/b4Q/mYeMJweaF/JJUe4oeNsVjSZsBL/NV4niRy9ZIcZ
+xUMEQx32k8K5V00S40BwgLUDsuncsVY4ME0VvE7eXhVtYwVJ590ay5QRhuOTKg9/
+ilohSE3pBDikP54y0ng0Kd13T18DrVgYxb+j9Dktq3RkMbzgctevIVChuYVJC/j7
+YQkCBjfNihzFDq1E4cCfTfhxLtPp+UjaWnnGvUgwuqxbRKcAKMKxL/Yu0/tBvjjT
+yxdptn61fZMGYNdx7XJZg0rpNo6Qseje1McTLrtLMrX22L2I1Ut1Mo2r9qlpKCpm
+3aZVBh/y9biFn8U6rw==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der
new file mode 100644
index 0000000..792669e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem
new file mode 100644
index 0000000..674fe1a
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des1_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICeTAbBgkqhkiG9w0BBQowDgQI2I9eXNtoy3gCAggABIICWB1+Jzm6a83jaMaq
+1SEE+0zERuQvg60nuzH52rSQCGU95tClKJNalXWj4CrTg9QeId0FT0H4LMA2VR3V
+jbu0F3zeP2+8wV+PxcArDB7vVsIE27/8cGbqMzNJ/2bxxpUd9z5NfO/Ez4yCVRhc
+B157Fa6xjrMhE8a5kRZm1Cb+GJTwys1/HlpyeCN40ZmPvRqo1bOd+bUHpXDMu5Yg
+MaVuz2tne78HORpE20ddHyYX+X6I1+z6cJ64Jp6Ohc2cxGA/ihxIY6ZndAtYvHYv
+QQNTzri7LiNh/Lh+MHO8ToMjLkxdEY2jcC/3YHowiTA6ZaxjDUyPAXISj1o+5vW/
+hzCSbiJ/WO6aBu5iLhlMf++b2TkLll11PHeq7VbAE4Ljfi1mUQpsQR4mL9RXaKiT
+pxUyu0JJOPtYVlHIJqFl9mlq4dF+fBmGddrqHbZm0Dfkjqu9KzeeCVTz1wZoByqe
+r2sNFEEUKS1jLfPWytnKeEpAT2Q17BzmYZ5n/l4yEqjIP2wCkwVua90XnUvfThGi
+EkK+EVhlkxoMC07GaCM2QMh8pUVTXaX6Y2g+6JSvgl66unGTWgu9m23Py20mlwU9
+AjfOjq+6KTUCyj/r1FP6Z2qfigCVx6QCWqb/cKiCUuFAIuuLvat4CeoJIElqJqVw
+ZSZlzUJHb1jY4FrGQzQ37r938H9sxNZoUWZBdZr+xpfClbCsR6otezoiewFX1Hht
+SXL0nOsHRhXfOgTw5FLTJwU2gIcSQHZK5ulb5z+jLMuEzDWJueOj5gbG0DaDEwFq
+TYY6+GzHjmiuQnCNdQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der
new file mode 100644
index 0000000..75d37c4
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem
new file mode 100644
index 0000000..0f8ac47
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des2_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICejAcBgoqhkiG9w0BDAEEMA4ECBuhyw497mDPAgIIAASCAlgVSYSosi331Kp5
+/HuB+fawVN8+6yIdh9F7amRjaJDcNYEisZDrWTmygXgEdEFzJaoQ1eicxIBVis6+
+V968aeRKcF1VtEdB+varexHsCKPv0TEEx8zCHUwHtt7z8F1oZ3ITrb6GNDouEqSO
+3wm1MGEwcx10632ePnLe7pozwjHEYStYKlwOM80qdL48evXRm1ZzZRW+XvzDZTaa
+XriWXzRHMvZ+kV53oo8JJjE+XPUKWM5RvAFOoYTn8f4hzG3hI8a0Y78wzwFFbXTN
+e5xu6YlefTOUnnmbKh9NPlAyASn429nMs0kT2Y/a2arikQImKH9NDgh1NOk02ICJ
+xbG/eFvbch9Yz9jqiCPs8LxNkpCHZiwaXi0UkKx7ayPISIST8YwO8+RfhxG84hzs
+Ub8+Xf7UO9Rnc3vAXqG7l7j325OtB5cvID951YRfWxJ7I3ZWrgswiCFnXYP+0E7D
+Lyd/P++9cfFs5VZBgvw4i71CsFvYzL3INXCYD4CNykwE9A9Zj7hZzZ+TUiybg67e
+5Yyw5xZd/l0aO5akDW/H7i3v81Ng9dbxD4IZ/c2zNp87R9MkKkASjrLt63DBxnRE
+Gc0bgIu3DuufwHjAYaL51St9DzlaF0lag+qIq0999R5arqTecRSggRdSCETMWrzN
+ljiAoU85VHpfUgFCJREtLmhGijJfamTkpRnhaGqRlRE2Muwnmi/lyHJnuxQyGkhg
+lZzPsyU2jJovg98As3GSVX03fNPI8rK+fsmljJgMlNaD1oJcWGo7MDuP1d9LRZYZ
+fdcquhQmth262zbNGT0=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der
new file mode 100644
index 0000000..68b0a1a
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem
new file mode 100644
index 0000000..acf3660
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_des3_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICejAcBgoqhkiG9w0BDAEDMA4ECM6ngp6E+lnbAgIIAASCAlhrFWJC8cJUasbL
+3SAaPd9yEfDHIZ94HihcFP8XHWZ5wEIw6F5gQd+FZS6PRJwxHIiZ+1v0iUs8KT0+
+e348cNrwaySjdzzbwlMUFR9CecmX/3dlaOLfiU8X4+TaZ3nXTvwyXkQon0Z4djgx
+7KUHt95t/c+FP0pXGboYmf5Aj23CXV3Jquy2RUKEPueUuqQ34AstgBlul2Sia/p0
+3kH2k/KZiPVRoKEwnUP66IOuWi/M3EfORM80RcWzAiBWuvRao7zqxFeYolXX0BS0
+V6v9ZiVv9NeLHMry5GNQ08Yz6jQwJN0pdM3Dj8qi/2FL0B6YX7eWc56V3wHubwdO
+7xx2ogYWLWybu7180g9FK+If/mkAUtVGcxqMm/j5wbmOOE1w6BAYaSxmxAeL3kEu
+r3g5r0vpbvTyDOBixXlrxQl0xsdME27YkC9IZWn+WetcBheOo76a79eblE0Qs6pH
+wBXnL4ZTcBVxDFoO2AjY6stioqYFRMAP1BliCBQIim380K3mgjNFhZ1jC0+HFNA1
+RO/xFAs0ytM0UlEz12Jk9z1DwrNX5nnNLLsNm49AADlrK0Dnfv5ues2eI+dK0noc
+zdQT7IeKBHU859iSqmepwtygyImM5TGIy4gxGD1xqJnv8cqFKE/ormCZBhuEI38O
+c7xXqeR/MbXE1VdV/M2E4SLvGmC738+q16wWG9kzGPcgk4yGzsHOGE3aRkaSYm1O
+ffekfyJR4M0h5gO+hT1X1fB4SToEwx5/+RIUTsNLl9+PkgZBXDU0rmW5hYRZrL2a
+RaU8WZui7X7WWAB3UrE=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der
new file mode 100644
index 0000000..f79b30e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem
new file mode 100644
index 0000000..3dd4b75
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_128_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICejAcBgoqhkiG9w0BDAEFMA4ECFpivEsiPIHZAgIIAASCAli2TjjB4dAYatF7
+PLjdvx5RjdCm9l9DdWTHrSb4YVamt51U69itpQbWAk5LctxkNfhTsxsy1asZGSkI
++7qB3wXl3vycPQAyU3/jECK6XM4ML6OXE5fZ8W09ump/Y0yhQcj34unJ78T5T17N
+k/T61tovhh5HYDg+IcY63ZVUy9gllpMPavPdS1H3DNJBeV2+AMgOc+YmgvHYFOpd
+WcRGFqMe7QZ8M7XG9ru3S02NVfpVjioFHQcbRe8F2YW4lh2MkYXwMS6b+LFHsQc+
+9PPHqRVIH6HXuK0WrvMJ2DNMMAK4FwkvHwEi5poiXF1MGRq5BxDUcdBbKdM/v2zA
+veiAAAr+p1mti+1rWjcjHPfpWGLhdOmh6sGTI2Cmg3Z49DzT+bgWa9dmvfBaZOYu
+JcoNAkVMTD1bENktIHkjdxJG/+St/9q+NVdaQXB4ZPfkVeuAvcmwUgyyPggJKjT/
+YhRaBeKYHisG6MJo5JAIjeo6bi2eAo/9mdYwYwbvXPSu22n4LCQIyVbfF3Thfatz
+IRTmRX5F8E4zHz1rG5A8qwVgr1Bx3sM53Gbpu2orv1vDw5MFX/K2/q7W/uMI0CAS
+RBCW5VqP+MlqEO3UzIR/AU/wkN7rMAryLamEPnVDfAFKiScAUDewmdnHuRz0PSnt
+3+KPLxPr+0V43AnqiJzVEQLcUWB5b+B3+PLaUg96fe86B6LZnvTAaY9cooFCCB8d
+/ehmeeWUMDnHvOnv7yf/7ZdaDNoiyBenZsSZoAVGu6gr6D4guqocWeAKJ17vbKl1
+c7dkl0vwmLaS/4S2Tns=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der
new file mode 100644
index 0000000..c29f0cc
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem
new file mode 100644
index 0000000..dafc030
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_40_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICejAcBgoqhkiG9w0BDAEGMA4ECJsw2lYbcvERAgIIAASCAli3go11vsjJ3Gj+
+XTEOzG1k8m/n7LqUh95evnpUhaS08O8a/HX5DLfMSrA9cAAba+TNW1C2VDAcvsQY
+eYz8++Bb/evbtv4YJiSgUMqKtGAR0HeAnS46JgqwNEeARCK9Z5aJSSXKSIaJX9+K
+h81ppHdBURXapFTTqlsLDS5m0MS7NGzKYx6CEBrjKO4qXlphQvyKatBbnRL1+xk4
+EPnYHY6uNHBVuMf2zuc4N6j03N11sjYdRBSOnBrwjAXrMb/nCEqhJXRNN/cDBqGT
+v/ixYBYvLzh0zxoW/RqpzhtXLyIrAKBaN+HATgbcacQJoIq42ow5S3jxE74IzeiJ
+rqnvJY5t40146oMjMlPH3dYh/8I5BHF6S4gpFSs/knyYL55VrY8yU1QC5frsS7a8
+wehrIqrE0WssKzuWhUCZHXQN1Y3ywo7GmxjKqUadhZtwdyCEUKWvaimI11ISa0rz
+FxYw2Sx43UBoOTzSagCwv2jHibuU8V59QyNakZvdYoy9VupIxIQARJVAkcGCLn2H
+TP8m4OGnzfYyqXJGfHqIu43gbfztp7qDnlXCDvpI26T60g6vwtTa6G8ACV4K4evD
+x5OUE8jxA2mvKnV+STJOna4KGsadZV/j9v5MH63YI4DGTCVnDUVMb2/MlegDATVm
+cFn0A0CA6TMA0MuK0FogtbnSG99FYdEcpw7zxO+mzWufvYdewfT4mHDhILpuZSpc
+qm2FO/OnErsZw4U4/ZKql3wUWAsam0vvHQekRAKocUHgLMoAvmLzEgW+xOpgUpbw
+HXOKalNLA8Jw2hQ7aB4=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der
new file mode 100644
index 0000000..f51c856
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem
new file mode 100644
index 0000000..a6027f4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc2_64_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICeTAbBgkqhkiG9w0BBQswDgQITUmepoEoZ4ACAggABIICWHldPT37g3sHtvvV
+ICHi12nOx12AAv4vP1fDXzyUPp/PmGIYymbCC7gOA4XdgPnNfYcsWvq99nY7zoSD
+j3vbSk4vBa/8d5Pen2hmJO8rjD6jrLqMIofviIxK70H6CE+rPpbyhgO8IAPhm9cy
+f76yH9q3qZw5i0K9CiSFQHOaiwepu2tBgu/v7ls4DasNKP+0wZ7bNMHg1AxQYRGe
+kmoXsyxrAH/ndShv1Saqu+zGY381E7/QSzQyxGb5DSzB1qQ5n/QHjZz1dwRljXln
+YNNDSYUbXueMsl7kmuzZHGMhVmlcq5XH9mbRxgI1+8h4TETbRbohHwhWkO4on476
+Vsm5ty7eJN+QVptiXM3UFCnPyXLScT10xi8bqoJXG96HbzYz0D96SrvHpN00pv/5
+GSA0DWdF7mGVLISumVPG/rAxyCY+l4RT3wb+e1cozJ69YtyzHMSOLWKCRKi4pnvp
+l4cHT9vUStY2odFNgD8kVZSGEsLjJYlbjSeA2ODle0fXwU25c8AVhdIoZNI9LYld
+MAggWH24CdEKGC8AxPjVpStg9NTIEppqwT4OROyRnk1OSibXZhAfyT7Dm2rQc2E9
+CMWa1fExB9lPo3jyufeww3hBt5BTbV6xrKwFpodxFBD+FAzbEdM/8+W7jljaou7r
+kdE+5kHKT6YAnUeACRnsZU04h8ZPq6MzQ/wlR6179BjCgagQmPpIf0CfrUNZOrQg
+ssRgQ8sq7z7h/ziPqoqDaxEZS1SzQMoVuO0P9S9mW3hLCmikIUQHCGZ2ZhK17D5T
+bdVtaimI9jw7vHpTxA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der
new file mode 100644
index 0000000..101ef9e
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem
new file mode 100644
index 0000000..7e14a22
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_128.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICczAcBgoqhkiG9w0BDAEBMA4ECPTj3whspub+AgIIAASCAlHPexOq5Jioh4/2
+9/DdnqDmv730znWAXFC1oubdtMYGs8HQjAZNObYdgUHoRcao8/DqVLJ4m7LY0RdB
+lPGwDzCtHQRMNep2Z9CtNRhfuZ24/3F+lgfjgvZGOYVSVAFr43ltcfrRZlEny3+8
+YAoa/QrLF/viQip3JuiniOn+cwSQ70KZaE4V6PXiqKxYQ6+uZzB+c0HM3WIKwwjx
+ZKiDu20LVyVeApsPrrS2SUJs4EVYaslCCsKlvZ2g6fDAYQiiwX2u3/0f2jO5g5Hn
+HTaYTj19zpe4mx9K3P/d+sOTEaI6lvv7RVoZOAFs9ILNpy1fr/uvl8AhzR2UPvlM
+0jhNn+NNuSFsDwoD0Fw8tuMvXghcw8imxid5eQ2iFIPcUhH6gPtVpqtRZsnSsW1h
+pUES9TYSPT4QwDjXqrcjmbg9o3ypNDA4emCWLhUuIcqw4zAUg9ww4gWTZmKOJogq
+NqpCf8/OZ68jFpzutpDqRbjLIJfMONJ7jK0XW9gtg1PhrapSlfETZS5tMPaJqMdj
+sa/juRQ9mmm/K7Ogzocyhui9FpIcOKtR9mfZPpdP3JVE0Xws0/c72JxOa/dyNsiu
+Q1CfGNSyL899lLyFJ1TJRAfifcrYMMRbR6W/BCxEm7yO5zbdtuzaI7/EmSO0uQ30
+DdPICp+2MphPX6ASo2v+u5Ra1nvzhZ4df1ST3LEM8+aFeEIm0yGFNn/RQE701EBB
+e+KzkcMtcPlQe5tjdb9ol7FMZd033ET9+n0nodb97F5p1ZqGWCF55jgllB/Tq48g
+uL0AiLI0BQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der
new file mode 100644
index 0000000..e49f3da
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem
new file mode 100644
index 0000000..af91ca4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v1_dsa_sha1_rc4_40.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICczAcBgoqhkiG9w0BDAECMA4ECE2PR4rrfglfAgIIAASCAlFpGatgV+VXUbs9
+VnqsgAgPIVvDn8FYT3rPeK4qMfNjJ2u9bt8cP51QPsJReeUFUxVMY4T0jG4NQjuc
+sw3M4jc9ukerdZoSDpF/HwWfI79gAqh7ekIziCTO7ZTiXKmS2SfQdEjpU7dHI4+8
+Zvk4iUskMgXayVYg+yaP/nZlBjVQB08TSvl7kxIo4dlay8J33Fj7JDqZNYEaymCD
+U0CVUvvfCw8ZqxVYbLIEGChu0w+Vjy2TvTm3C9iQ3vrGsYuSN5gyYwGXpOwCdG4z
+UfTZjUBu3nQQKDuD5Kh9c8aw7bgZbSVQFCW4yc8yzXa4nDqFOg9Akr3vBGhsrbBA
+ksi57crWE8pqa14D8L44Yb8bj1ceO2qPMQc1CI94NeZRiGsQ4XRr5fB4OT6+jd+E
+T2ceQkIVonN+808/jyInVmgCMwgx7mZ2NcNvrBFIABv1v5rkJwtXC/Or0r2nQgwR
+/SoMfreNBQhBe7Y/Qr9ayuQIels6omLP8pX7rd3ahR5SLPxRudjWNzaEzrHgRaiL
+nYeOtUqVEQoAr1CPylzWmd3xdhSXFNlPlCd+DzM8nkiy//qqHyob/DCwH4o/r18D
+kvg2q+HMCseuH/QbsZKLkTqAnjrSvp9CMEDyQ+XrCHrAq+YuWgjTCegIavD3LE67
+o2NKOV5GBoRCDWBIyjUY5fmS8To5S5qVWw5YDqk+O8L6iS+lLk8yiCaFiYM1D/Ys
+7VXSHCYfs3ZADRGqNUncVzQzsD1zNC0wdEXUYhvxkPUi9r2XIqDNN4Do0ztg34el
+AeTZ8rklcQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.der
new file mode 100644
index 0000000..6edf1a7
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.pem
new file mode 100644
index 0000000..24c9ac8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIVT9pRMUZAPwCAggA
+MB0GCWCGSAFlAwQBAgQQh2Ut0m0ZJC+riWEInObeSgSCAmAhqKgYzBa2hbJaNgrr
+K9xxqtZJeIOz6ZiRZOcSyaHLKmpS6FA0MBz6VDHNytKmZY69qzXYdspd8istAaJa
+1BzY85MFkShWheRo7aRc4fj1WZdbsElBfjUhUezZqqsFQqGblrPZZnJDyMNh5yQW
+r+9h+sGsbO8ZONckKHGIlQBoZmju+3IY17W7xCC1FLztUE3+OdUng9L97PSmIpnz
+2cYcFdQZa5f6Y3b78g+veS3XdEzHXETkpt7srpvSvIZy9HcCX9YDDseZBU/1Ny6u
+zNoGScH90K16oXCHoHzHmbJy4XsRcWiUnPqKIqS8AytoqD39IDCPzdoY4BTbgH6K
+zv+jQPzI3NaMtRJpEpOZ/546tDw5ysg4i6lE9KDg17ImA4hHlBHrSkVfhwhwDokm
+abONpmtFCCakNMggvVaiWAc1Mh2DceVIQVlDtItGtNZBOTfoGPXRrcb2+A8XljBO
+BRz2LEQIdtlbKdZqc5GxTWlyGz4lweIxRPu259oMuQr4dLGYx322wqT92o1VscQo
+NSG57GmH6lTEHASCuilvQq+n/6LfcaiQnF47Q7A9MFvgC3nJ6+LESuhXUz8EIn5t
+8xvxOgAVY7grbV0+ja+eBJXLl3PKdh8/CY0BGBF4QlmtTMczqWHIYUXygkA6E8By
+oR1uvNjtAT3h1VvbhFSo1cc91GnjPOPcaq7lFSuaKY/2rxphBb0OoRxp5pVjbf/i
+VpWP6bMiw9yrY2yJGcjDairL/BE5p30BnKXzeOtbaDHdmZ1JYvfqgWgqilNEEdlO
+Nyqb+J5VE5CT+fCVpchlGcPMDQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.der
new file mode 100644
index 0000000..1e68bae
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.pem
new file mode 100644
index 0000000..be7f84e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_cfb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoDBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI8gVAKqHLSqUCAggA
+MB0GCWCGSAFlAwQBBAQQyXjtzzM4bHUQb2p2D9nT9ASCAlGaMXLjbDixyccz3TFC
+MOeSV3CmZ9RzfYFdZ01CrGPqXGyElfWhG/cEfH6DMmiAqtYTuEoYH4SkwJbvFmZJ
+J8dEGPAnHzpi0JBHsoxllJnoost8wgF4V5V/yAsklbts/EC7ZWVjekoAT/0o+Xxr
+La+pAYH3TAJQBYi2+mXTCsnRWMcUVQyzCCU5wJxAjoqmW9FFe6Jc5ej+eCkIYmCm
+569VwpinVhN+scLNOCc8DF3tn22ARz3ca1QyeJ74Y4hv4MCuNJXTJVBpeg6kzwAV
+ovB1hfRIoK7A2f4O0iT7/7NeFvXoUXTwQMWh0RpTN+V8EIsVaNF2fdTadj0GDnRz
+g5em0MTLuln9/4aZPQsyDqNdMTzo5mzXpdQk3tfGJT28kJG8IKYGkx1OcaDNN6HP
+uSjvqgfV4ZyEQm0spzWccyPevnrAUqwFjG9fBmbObLMwdMooSt9/Q4PkoCfft97k
+XwPVN+S5J5QvBxdTsn/nFXDUMIpfAxVfkSlcmUBemu1TQyuM035khznhdUkoRQvk
+fQiEMGx/r9RI3XfiNjIzQxjdg5TG2g1n9TTDg85GPedEeGpvQS/eRzfcTyhxnuHe
+rNWmkCEgqt6AsJS40ZcT5Y3wiDIlBjO/A/oItQq90Es+lblizBzrFgT4Lw3Pp0Aw
+DnTmpz+DfNNyFaHC/AOiNesKU1iK1SKwm36sjA3jQ2dpp4AwSYqFY1G8xgcHFoch
+2Ftg6igz2//TRhEFdyv4Odgtrqp17n3yqYel9YNjFSm8Ox1Rvgy9JioKqTwiq0mA
+FEHptQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.der
new file mode 100644
index 0000000..bf07867
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.pem
new file mode 100644
index 0000000..0ef40bb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ecb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIaU8h+/kZXn8CAggA
+MB0GCWCGSAFlAwQBAQQQAAAAAAAAAAAAAAAAAAAAAASCAmCh2crl4UYag/ZgKQO9
+P4M9uFFmCcrNaVkEihHZobQ65/H3ouOk5SY8y4A04i16Gt2v3cHuT+uj9JkU/6mL
+debfDvGDAHO9/9vxQkSqZzvYorc3CV8SSsQdtJNB7QVkzGGuSz50AG3OqUYCRUIY
+5xrFjwkgO/p1eTraXU/ZLdS79rFNq5Y9xpg5xLKONEIrOhNIoCfApW/fMiZ7mNo3
+p+eaqFwu0qYm5ah+ssLIsN5IJS4uX/TBi5QENJMlCGSCQP96f+SM/BNUN8he3Y0d
+SEj9lLaxk7x0fIEbkm2v7cgpTO07wGVwgrF5hduPswEz0vpR9hI8FjaYRGWTN9Ws
+nhCPTpDHKIpYTcWtfa0JyYhcQ2xGIh8oWKa31v8vIpey+f7g3CUmV5ehFANII8FP
+2DVl8JWkCG5Y1ti0B3yKY2m3b8OVFGlgN2OykmqNHmaW33VDS/L6C6qvP1myArnp
+5MJRjUTKL2HGwJNyG9gykpECp+DG9W8uHWNWhQsvQp69T3tDY7+V2ZBct92dXWFo
+4URUr0/6JnhSjY8c60dHYjRnMZHVtCpGNCiWEHohrKURtqV+SJBTOagGdl0Itef1
+kYQ78PN+rnjy+dvNCR4FZL72nhwMY1ESibDnqcelYePYH1nCCoXCCZf+u4lNJX+/
+3axj0xAMpbyA5D5NbWXJ2OFCAsMhFitWJ5TOcfRyNMlRPdGqZAsw7I40Qw8+GGjf
+a/G5DC/Y121Vp/MlzgXkPQCs3/C/Z/itof6NvVpHL0HA54FIKglQvryybBq0oiq3
+PK7Td42p1YOJ8Ehi62QJnVFd9w==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.der
new file mode 100644
index 0000000..e70eca8
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.pem
new file mode 100644
index 0000000..2efac45
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes128_ofb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoDBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIrZNAt1U6TfcCAggA
+MB0GCWCGSAFlAwQBAwQQidHP60HVqIm9iweIcXnC1wSCAlFyQKlM4PNky2ejPLFE
+GBoZZwMY8rK0RYx4SjloG1k67xZpzb2uTa/W8TSirQnUkpWJIk0fICCH/39OJ7lC
+OQ/XdwcvL/6dgEE7U7kK3snAfy2DuAJx8eMVOxjUCnM6T6aQML1vFJRgXoZRTgA3
+ua1OL+ilWXUia0MHmctnoEkgHQql0n1fK6U/mvZh4T9faaIwPwtRmhqVufkcIkvu
+64mijzWCldhyGZLBCrN7KhUnPRcfYLEb535+PvktSIW3LTtskDchZQ3RUneAf++w
+DZau4eCAjD3I7YJCPxLxoMpvzlJvMbeOQR14XxnkH+Nfh+KTeTYRDW75Qh/liXs+
+FVZpc9V8c2+1tRH6Biwt7WK9Yusbuvn8dKzGtNsxtJq8obLDbmfC0+JRsPRM7fXn
+3gAIAn8VSBFSN1Zftxyhz9Xt/Jm4dFUR6h2Xp/1QObfO35OFnbPD2T3L1/37SDxg
+SeQrDejyM0Hm3RL1MAAyFs0wXIoL5IGTCeMWSZUSiiq2Cuw3Z9AgljjhtF23CXTM
+FFH0N3926GQInmHFJfw5BHokY0uiz5T53getE7sbHYmPOgFG8yufJz517Jhebm4s
+kNr6pkvbbTFk4k+TEopkmPOjIRJqE4l8XBfCXBnQGpeIR8DEeAc9eWPuansD2+Rb
+q0S1k5Wa1BnpNmnlt+zpDmf8xbL4y4BSNqk/U0Jnil54xX/RcSeX86TkREwpcz2r
+urnox8sM666j3gEVBU9y8whnjOMEKYrwNQOiC1b9v5HyWDXHCG6SDS8Xxxj4L9Jl
+LxHgeQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.der
new file mode 100644
index 0000000..b6d73a8
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.pem
new file mode 100644
index 0000000..e27d863
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIZmGICQBO0F4CAggA
+MB0GCWCGSAFlAwQBFgQQlmyTdrgzQmqR+VD8QdAHogSCAmDXl0vqwCjNFFHE9op+
+3sr+aRGYFeTFbwvh06ENmlxiW2FVZMaJM2BaZ9W6VkSrEUs6j5m1uDLloEsGalzp
+FFbgSUG0KeqaTflaZHdjHKtB0CoBzR88Ee8o0hcRazs4w1sh9QVx9PAOzUKPSpOw
+0og7ACKAk0q1doUu6PoNRURshI9nCM2/ON99YbdjeMPMPoFth7PEGdXiFzeWl88m
+kCb6s+u6XHUIrAynUNM6btpjNYeMqRlejXqPdEacTWLlxhiZim5hHcTIj7uihQax
+qP0BJVoiv4sfm7ktrszIfwdIIajSwaiekB9MM45pe7vp6RvYxKvd4Geny/bSLVvm
+dt505dXBD5S5Km7oz68vJIzYUcXY7NEi2VRbNzM2WwtO9rDQchiz4i1zvomtLs6E
+MqEZfhml9ay1bEn/fLNCJuTtxB8d5JWqZSOkd1Mtrz5ZgdpIMiuoGEM6VrdIU/PZ
+5oVU1tPxym3kNH/R07ne8+ILfp4UBJFqwKGiqKEoYeJPotmxZ02Kx3PUbGds6xSG
+DRkVfZj8/I9Hb3M75btFKAEqAYOQp/2kJsbqyC+Cr/0OCirrsc5jUmtiYQR5PRqG
+I0IWLwyT/uZS+MFQc+kxjNv92ciDaXDDN1CF43cC6CKIa28cCs1Ryk0DgE591MFM
+vbefGteomOi1BkIFjGOM5XHZrZPUnf/YFoKs1GTrE3szMXTisx7CndsBNh32Xoeg
+PO3ljMt8CtX+qtBwBnp39PKcVz7Gjehav5AbQM3cuVDNl7EWcBqYHpSHntZua2hH
+MnQADADRgaNknIy8LOSQ5pVD6g==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.der
new file mode 100644
index 0000000..7577516
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.pem
new file mode 100644
index 0000000..f6092d8
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_cfb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoDBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQItU3Io6IcujwCAggA
+MB0GCWCGSAFlAwQBGAQQv9xQKusfF5mrGHGN5+nlywSCAlHBOOksXFxcOKg8f5hg
+0mlb8qbw/vzLjMD5Qiz9Aenv9vMArtF9GNUxiBWl1bnJjEsgREuA794NhfDeShAS
+jcD0YwQLVZ9lPoL7Loi+icp1hu0gKHhfNxmwfQt+UKkmwHxP1NYOLX550xTdcQiD
+Cax+CFUIhu/7iBJR8CLHKXWFt7Wss1YdQQy489smzCKReZmeedSWTpDpXSAz+lYz
++RURI6jhV6peuO1ChDLJGvtHwWl327CqBfcthegv1OA/E8sGYXy21/8iLMOEdJHH
+sJbrO90HI/txx7trwz+9XcXVbemwkW7jfF21CIPUXVCdnjdaRMY1jBaNj0s9jvSM
+db8+9D4r7QWz9Co2KOx+2QoqUMorq6Z2tdsw+uM6hJI/3qUHG+/F5oRi0yx6sz8y
+NWSsahJW5+0QE6MeAJZElYDokSRx6154kRbYO3BPQfEkgs7BQ4PPmyJWAs155Df8
+E+D7XDbT51kaQwYGhzHJwCT+3DghkSd+5ZxEWVpoEfjrtq12cl0MTHmL3sX4DRKM
+y8INcE5ndxjCKekTdbEvNyK7yjwktkjwgJW5QF+n9TWn+zPFxvDHi5zhMkfpOhPZ
+jlu4Ci8LcksqiYf0C5mb00RDY8JWkDI1HzNNw+9cZLsjmlLs4IDQaSshGI4D7f16
+uhqoJP6p98BhnAE114iM60lW0E1bpguDYqVF5iDTWWpjed27+CzO9RBej4F2c95O
+/LlziWkRdxajvcvyBlR1E/AbF15NnDzFsy07jI3zpEndc3tYbYZ8RG7Y2PLW7N9O
+TZScPg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.der
new file mode 100644
index 0000000..772bf00
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.pem
new file mode 100644
index 0000000..a237a1b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ecb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI4eXCz1GJbssCAggA
+MB0GCWCGSAFlAwQBFQQQAAAAAAAAAAAAAAAAAAAAAASCAmAToI3InDEJNaUCgY1E
++sf2a+o0LCMAokx7yJNU59t1BoIQk8sP28lznNCRRE5mudPR+RbYcB0nqw6lYqHK
+e6uZ4TbrAgMd3cxV0PRS9nzyvy9VDfbZGjTcZQjQy5I4yf4NoXLu9+GXZ9ND20bX
+fODHItoQaYbOStB78DQ8ZPvKcv3h+YcDRmfulQEyNjEMfShjyE2wxJsAXyVOBC7v
+uDLUlXzYU2SufDg7n/vMbQuJgWWcXL9OIf/Fhxu0sfyh3hiw7WkojP07lyFdhPQ7
+QY8a5vL3MdVnYMlmkBumvwRkoHLZmwvSzgz39i5qFTd5E8cr/uJ7OoFLE+xQxBgU
+OOLGXXnMf6zpadqTol5jENvvW6YvzMLxPsZE+vbl7DP+XzlXpnEcfgOFJnXWyxFu
+NMdOOqbk5JNQ4mNc3WO5LtTyS4amDLhmnk6+g7d5daDV7CZjT6PvGBGX/M9UYTWn
+SttVV8cnljB+KLIN+s9n07v2OH1MLxyyHrIjHIIx4XC4o75tfJfqwGqJT9m9nna3
+OugtsIGnPMDfuSsFaFWpBo9HvJr9vfzkjuBeOzokzXDwdq2bQflDOnMZ+BcpF70c
+6qnYDGj/duvrYOD8JDcr0sJQYAgF7dTDtGdE72XB6tyYN6q4DtUV9M0JUwBxFBSR
+pq/J8N6vquQ9oDcXqw3NJKe39FQOTiGtEvYpf/Aa+BKybjRwouwhjeqOTTf6P0Pe
+GGUPjDmXe3lKiU4lqPZ8YgMyb9JplYwH5gx5cFhbjQBCWCAaJQGZgE42+x6vLLpi
+Jz139T6ggaLBNb1Z2sfhWoeozQ==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.der
new file mode 100644
index 0000000..e3f3000
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.pem
new file mode 100644
index 0000000..e10fe62
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes192_ofb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoDBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIyro6EoodcAsCAggA
+MB0GCWCGSAFlAwQBFwQQago17Qje81NeNh6Lb9K1JQSCAlEuFmc2phK7H+1Fl7cM
+a8bP4EFCg3cgwUOmqGZLj0IYwfHib4x+xVTc1xVjQMV0QdCru73o0+8+MpKb3Tvr
+WQS+kN4D3sw8WkOeTqB0zXQ6lHwZ0BVkGqRduLu/8nL0q5MCsmCSHDY6kd79Nnk8
+ClPTGONEiZOHy9Kv1nLWTClQCvtrtSNDqVd61Jg91s54L4Xjn7k2B4rLrp4dORM5
+Nfcz5rbQXcVv0wF2NZWHaZUDxp4Ca+xabwju0TV9YVMzu3PCUAWhwLMgNZ9pyyer
+iK+EXCtirmkDqpRCajLdJ+1WAY5lSm3hOXIijL4UEypVY1d/aJk6IBly/KdCXlR2
+gOqzYcKsM7kI5VM2DoCNMVxuafzxi/pqInXn6TUhcwZeTY5eXE7FjN0Ih9vqo4+m
+78ixBCFbovyTOBknEo2ly6EKPra2Y2UpE+I5ay+ZmFZ0JTrl99IsV8WIFHEtA3fU
++g0KRHxKDE1e8mdDHqeR4OJlJs5uhudRL5eo8X8rW+syFUvLk06fOHenr0M+o1Wq
+XaINGg8Vxfr4IDQf/JOGc543IhcYCJHTUKPRqW/FLGUHzqllAHYnvkP7ExvWYgwG
+XQSsSv9H5pZ9morvt8ymLc1ujON6Xmcn1AGgqG/OVuTpiSJ9/RYS3I/l4ezkECwt
+EY4g1ZCvtLj/2lg7GKVPPjCXEU8Np0ek0lv4U0URCFD/clTkMl2xMkwDwyH4dK7X
+FEtNU1HQc5OshjXzoyBQ0e9xrNw7qVhBgYlumfSvPuU0ucwYT2374M1Lg7uvTIRl
+S+tjhg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.der
new file mode 100644
index 0000000..71f2441
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.pem
new file mode 100644
index 0000000..c685f88
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIYf686YwXqLcCAggA
+MB0GCWCGSAFlAwQBKgQQri4tfjkmhqskQWKEZGvMnwSCAmBbHumpuZoaypjiOxGS
+HgMHZqnUxR0C/BiVnEcC66rBPjlCjlyAQ9I98i0e/01Wb1pHay6F9vsm+Vj+hzB1
+GuM9TahBuXAQAjleUHjik34gKzewSWeRYEIAN/ywNYHHLJJ3+ogoI3fgCNLnXXb8
+9orQCgkZHCY+cffL/yR4jrFcOIQJmhvsNDmP7IaKZCH00H4mgWC4dI04KnhmTczq
+XX5xqcoNll1viTehM0OEpocsRm1OOwBIO5O2d6iOwxuo+4I5FtTHELsnVP5yii7m
+oIzOa2Tg+v8uVgrAxFsJ3eLkuBJx6dvS3iM9aRJvDPX8jxcR+Fb5cepsEmNydT7l
+diDtMil/QKWSZWVRnPCVD2KClA5nVG/BzX5jJPDj55ryvlYUFdEqrTPXrZ8Vvkkc
+AFqPc6+IHBXEeaVYh/lRfTmVS2MU2tIpW6QPIIUA0WSSFm0CxxzDEE24txL9+D+M
+jjtPu6yTeYDTlQUo0eNzOE6A7xGUT2dI4IopBvyrcgnmUSdsVNifAPoL1uO43aku
+8kKsZHy9cKs4l7J30m8xXUBkBrqpA0T+TRB0YPdJZ69okBv8J3BHuARSeQNxF/l9
+ANTy58CDjaoubtP7izw5AVpcljXTnM4cMvFRnimCpugx85o80bmZ5VNPWlhdDZF9
+oS5fsgfuonv4UNgyXKQIMiY+W3n8DKfdkoHSlqjn/D7ANda6rwovtKhSkg+4Z1dE
+7YF6aV/6Mkd/5/LyNmc8rP33ORUN2anHCATbn1zeEno8+A3GYB/5a5ZvAsX7+Lx3
+z/Z9Np/PFhy7wIN39oUFc4aaGg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.der
new file mode 100644
index 0000000..967c799
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.pem
new file mode 100644
index 0000000..dd625a4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_cfb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoDBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQItCbXuFZgB00CAggA
+MB0GCWCGSAFlAwQBLAQQ6YyWngfQjfCH/nPHx16UAQSCAlHHhF7hJaPcC0sG9rBA
+3btgv+iuZZcISp9gpSAUioVRNRjrukDGLGv99njCbDZUSSplpj9vubQXAHk0Ugwn
+D3SkXkFpt0bll/AZ4ZloXSLXO5Y1d+UijXb80N5re20GKrN4V99yuS/dtc/kerAO
+mv+l9T5cIWPwamO9xzFScB74f1d54Cg+DBxt+afV0NHGwBhUZXtGsKmah+xgSO2s
+cN9EJyhFAFWI43wugkUCJsyIZA/2mX8KI04hroiPf1yKk78siOIPHf/yDdef/Y81
+cBFAiaaMAar2o5iKzbc/7CYwXVLwCr+gk/Tq+rmk/qphG1sKonhaGs+akBUt5qca
+VtKcQio9BMGRhwZlJF5QEzoGif6HuKVsRpSBDdAiVn+tgmv+ubtjc3yodfmw5C75
+tpToo24TdnZ7gYFOH1bKRavF/UuM+2EBMzgJH7s1CI8Jrlt8uTwumXYwo9/VumiB
+MZvU8Ky4qO3qIslY2nkLs+OBSVgdcbVwltJDcePL9uEY+UoAWZnDcUIbKqKvfTKb
+8gl6P31tp+MRokgy8Xw0oOy0jhDY++68COhuv2i9Tq6mcUYTwCybif0pqqX4xIIX
+ND/MJMT9Na4JYv4KR7w3nBCyDrkNws7d13zopl2Cpti9FJB2XZA8oo3avl6YJJ3j
+wLQoqGxADC00ffXDKjSw9B30iDhUYKRcbwKo5YxJKY66x0MY/rfZQcX8SQbBB0zT
+ph1BpRh+PQUIHHoArCRsYYZo17R+tAbnxn99dSlP3ZESkfYIlOyUoED2+AaKDTQj
+N8u2og==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.der
new file mode 100644
index 0000000..675254a
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.pem
new file mode 100644
index 0000000..f63bbe1
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ecb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIPDwBoMog+vgCAggA
+MB0GCWCGSAFlAwQBKQQQAAAAAAAAAAAAAAAAAAAAAASCAmB+CKtEXun0FkPeuzre
+HWHD3lD1neK8YpJLPWgI7pJAui2mYiZcbAW2HOsC9NGXZYMuv5/eWsAwrbU+SV2Z
+gkNx0wDi3bOt+mW4ng4svXWedTRchW2MHIE2xOVWT1ETA8i2mLg1/xbflWrpGNPV
+ZqzwvDUW6SY9P9PRebTp2ssggRQ59s6XvzVHRO8/O6rTf9WkE8bzeWXTD5YVsLeQ
+QNoNCfa3dMflOCY3PgpJ9Kfye5JTP5MV90gGL3iUrXR8I7kbNh5UlnZgWuvB7bbG
+Fe4jAxDL1iYjdTOwfNk2kb/q9674wXzeUK9/D9EFTs29qM78IyWXnxG8MvzFCCrY
+xAGbNU9C+41Zylf2hDeOcW3vsaAwJwZkS+297E7LtweXlz8zaQiYEO324StKCBES
+J5UCEm1L77zTYYXPhby988ZkWgQ/qHU8Cv3j0F0HaWwkGo1VvchLwUj3MvE2RDjO
+13yy4DIjT36kEA39iZeF33qSB0cPN3pUsOFKB3OR8DoLMGidnN4ErMndKtMTPGyn
+ppSPGZhZgnoXYXTNll1okBqUcPRY87sN2HLyMDPNehxUzBnEK1JMNXbQWqzOqWCN
+QSbRJnaRLQxec6EfTsfmC2taCJlLdUdTsJgGkH/Zk0ZHNV4izG6gP1nztirpX3YG
+JPQgG0QTFxW6sCm3I8H1XBBVB9mOuGw1Nrb+rk0cjNQnJpTnaEerbdMgmIxhsmBX
+50eMTa6XlwtEiZA6B+/f5huBv8l64v/JrWRkLYsQW1s8iBSOTZgY56Lfj9gmlPhQ
+PMP9BS3aytaYhLEfkSl59/OExA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.der
new file mode 100644
index 0000000..d32080b
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.pem
new file mode 100644
index 0000000..4ba3f46
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_aes256_ofb.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoDBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIejP9qnm498ACAggA
+MB0GCWCGSAFlAwQBKwQQcaXLlr9tbaJT/ZMRwZfdgASCAlFlUGkJFPwG6DNpnm4X
+YGNe08E49EI7XJoTecIqOaAwcozx2uXyo8+6KdsPkUG3xfEmZyiPijSAThvL5vQo
+IYpnQPjI0KUSzFhYwRwU2o45V4rmPfkyr/ghqbArU6fHSeSfHZ8TLaAPkfF4YUSE
+MYwdG9Hh/sRjaEgAxNsnqMA4ahAWv5grKLYa+h5LnvVDqU+Ub4wL9x23V7/aB8Y9
+BuKT3b8dD7b5v6RXsgT5wuv7yGOAtuHRBkf40dbznFfsyso2a222plvvkzkorisX
+1W7zCVI4LRumSVkOc67yl2HknxM02R+iACQ1EhM7qC0YmglqZlLzBUuX9EHzOvJg
+cP+CqFw66TtGl44dlipffySfs7naPvXPLlf4n5ZwQ4JeoPbNKXpIXO+btw4BOISs
+BS6ipHbfnYDUy2WR3fYhP7rjTP6YJc67ObAy0SWCb8MxOYLb/Bx0pzFX4VykX1Hj
+Zu8OHdnFbcecPgDXgK3ka+6pSiLNSR8+momRZIq6NL5h+lYQkt9oKasf5qspGvAl
+rC3jSgRmQ39jaPTrZPaQYrTbUYwKZHKPb2rB1KYaCewgVu1UXIEZwk+5sL0wcWC/
+HhlGRiF8aRNHpwvJOaXRarXBrqe7un3KbFhp65zQ6WgOA/QUNT1XA5EfQPGFE6HQ
+fWMStgkLWIWtoMuaxQqPE/BOMjwOxQo4FmtqMnUywck0nglxRz7mkSt8tY/Igcka
+2tJUgwe7faG11YEW0nuFW9JgR8nMn1BoY0rKHiRroEYvmwA2B3InhJ7Y6qgMmj6+
+jJTrvg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.der
new file mode 100644
index 0000000..544b2e0
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem
new file mode 100644
index 0000000..73edf17
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_blowfish_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICnzBBBgkqhkiG9w0BBQ0wNDAbBgkqhkiG9w0BBQwwDgQIO8fmVZptTFUCAggA
+MBUGCSsGAQQBl1UBAgQIpmZqVdyl28MEggJYFaMnV7GvxdtOL0oduTx2NT99aQ39
+isC7W3/7Looumt14SGXLmB/B5lpU7CpkhQdKflKnh+kUw8b35snYq9DUpXKmwKQ8
+OLG6osiPkNbeX+UXqRZ1KB2n45oUTmkeiws1lXovwElqDLlqDRxve/Ks0/Y1WBSN
+mR1lZealI2Ut1E+1KjJFBi/1zJIIFaH+Mvau4R6/vab0Lh/XR7XfakmMrweOH8Zj
+1/bRLUnuYPo8R1MGFGbWRipxgQ1bvxsIAreuewTkdC2S2PYHvGnAdCC8hcLV8mJ0
+/q9tf030ho/M50VIXa7cNS6N/beLXye9L/wBozi8ZzmI4LlEC8nR8OVgkPgKfS82
+mGY5wWVkXiRBx9nMuTjBKRV8MpAjzYz48BpX21UXr/LZEsJ/PKfmy0OYN0TiPNhn
+WAZtHhe84abP3vMfMbNlfHgakfbH31HGAVVWHysSRTeeY6NZqah0CxtlLTPU6+R9
+88cZKG7v0HP6YoW+0Jyh8vmSzrepbcSDWSB/1ToHCjOiNaLcF+SOwyP477bZiAOf
+2AFzu33iFZUo5VaNYAfKiwUkwo3MMs3jxZH6hP07/GJIDPU06N8Phiw5K5R/riv0
+ZKrayJBVMXhnCsf70Q1YWd6UFrGFgGsZyhr97FDiQLjOpT1kGTPFDCgMoWX2AbNO
+gH+kTQGXyRp/FoWFG4stuzMoMbpfH3TrG1b3CG5DloG6PEvyqbXjtKJp3eMer1+S
+JNwu3qwn+/+jRpV/wWaxFYfbidO6QVNypbJu/zLxNwPj+g8fwDU4V6FpNmQRu4xM
+bBzR
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.der
new file mode 100644
index 0000000..8facb1c
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.pem
new file mode 100644
index 0000000..081b384
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cbc.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICmzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIvknMDSuj5Y0CAggA
+MBEGBSsOAwIHBAh7q0KSczfiTgSCAlgdfxa+tG7vg2LymyI6rl/+npMdBxHn3iX2
+a9AsFbqctw7kCE/SzhwWnEl4IHOvHYVZ0vBCYHbwMm+deZUZLFIR9cExVSOX9lOl
+9sf3s/RocdapAQTHPlLMTn3lMHYYQKywRHdbdyYFOGGZJNMVwZ4O1yZ0AZaAbFqi
+JglfKzRrRuE8u+/byHZbGq/2xaV80l2O4FenDWcOi3GxZW7DmKVcLRqFeYZ0ZyGL
+5ta3sz37XOpFL7q62GPsG7F9Es9Z49DkPDMwyseidK7bFHVkp+WFpsdA0+/V52X4
+m3r0Y35XBeD18CGAqE5l2BlUot+ddh6wjNp8+VJx+f7fgRKKNCgbcgcTwAilFJfv
+DP83G2vHO1i5MV65CiK/cCbEMeme7e4uW5IFO+PyvY9VWgudw/uo8HRKMUMlvz4B
+btG8Zuwr95o57E1C0VyOYHceqa521y7KxiUdD/CM/ktYp5BB7l0cfnnVI7NHHxil
+DViqjtRGWAfdgseG2lkgy9ke5cbD/P3p+lt/pma94/wEJEFSD7d17+Wp65rj+64w
+9HdEvwyN9AlluBPraciWZPzaf0xGqqQ5s8MQYOvm1XLIgupWGlFL8bR3oOrcq7Ea
+O+6TTEAgJYTxQMQKTscZsXFNtBjwiiVOdPOydYiC2qIKSKEIowsZbkDJp7D7ZF9+
+H2olIK+BB3EAe+98QBsEPICwc/40lKxU3y4L8usgEulvE5sgLnYZrX6BsyWqTKeT
+P/Hish6ijo2wQ2wVtPINOqrT+NhGI3zYOtLMMUlRyZU6YCg1Jzw/ajjcnJxXbAU=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.der
new file mode 100644
index 0000000..93f00ad
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.pem
new file mode 100644
index 0000000..7df7a52
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_cfb.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIClDA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIT8vKpxOwlw0CAggA
+MBEGBSsOAwIJBAgpDzkbHIm/IASCAlHxdvd6wK/40oaT73deAeXNns9WnYDRNiOh
+rCc7PoUfz7nXhhHJ+4eniHbsP9C0h89zL9MFuNZxtD0GQdAQu+w1Awu+IX7RxPc7
+wernjf/9zM6Zrz2Fj4p/EjqVi5NJHGjpCgUQOtgaipRyUZwRLUeRtZZAozTmBRcN
+2+oJGSnJ1kLMwbM+j/0Q/FVuelhGGR15yh6kFOY94UauxSWX11M09d8LlduGM/9t
+bx5jArxuM/t0gFfkLrQsZ+0TPhinor3HNE0k9KhzhxcgGA7g2RcvJRXL/XQTig56
+J6ykHhXLi+dxMBx2bHXKJNTZ/1xNFankGDhJesynjoWAOD5oowTB+5KMEWmihdlG
+IQBkJmqxENNdguG5bylwtqg/iEPOKrggqUuZ9wAR/NOi2Dnp+Oe3Dt5jLem6XHLv
+sgZrouIc8pG+nKMwxANfBZ+XcGQE0QHtE3LS5W5AHa6hkSw6VVHg3JJE3heVYdNE
+lNg/lZolldR9dMQ3rEQvayUqelhDQfxy3di29cw2nsVaaBgQyl2XeFhUeWskEICA
+rYXz4bV6aR1F4CxjmliX3Vsj369Y0x7lJxoyk6d/urUVgEdNUaELoCQ6bXs4VD1D
+5h4aN2iVRHRxPCxNIINzwHK6QDM1jlp2W1Tqk7UQvQwxmTXkpqREby8DOvJsBP+D
+kPk+bGcKLPeCb4f9q2sJhkCSDamENtQ4KB2QmahFlplKZr9tdBnSRIIDA9MLpAfk
+rnp8hD5KFVl/FB8oonI0KphoZ7hyQG5MttDfJidlOH+pPvJuazUMDA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.der
new file mode 100644
index 0000000..0cd9962
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.pem
new file mode 100644
index 0000000..8f4a03d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ecb.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICmzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIJN51OJttWjkCAggA
+MBEGBSsOAwIGBAgAAAAAAAAAAASCAljQ3CT/RuzXtjbAq0BFhInN/gljOnYT6mHA
+MecNI+QRyXgjjipIQ0G3uqrAL2aMzQYZbNd31zcpI7+F7yy0PKWlr6kl/mU/P/zt
+zTzjAFEVWLY/cG1mscejYg1aru7OChzP8OSq2qV4cr4RFdxt8Jgkq1gwmQ/IsQsA
+KefKbeQdcj5y+27A32L/aK4R0hTEkLpVh3rwFaUcOXXnQnww3m/dGxVZfCG+RFKY
+cyhgFlKlHKkv51fOYnLShzTNbSOIdkx1Sim9rOuIuUT4nI+enom9NlLynKH5Mc11
+HY93RRX62/Yepd/+g0RDE4wuAXjK5YCgGtPaQxhz5WQvpq50c0WXAonFhYKoojza
+D5dB7qn2bfhgVam/lmnqantsafvy5sQFJAlnDT/gn7P9QYrYZWqSc78Ln27OQF10
+VTr/mjAQyUnxAGrZj/2LoLouFkw/K1ryahH/nFzbaChyhZ7EnsO2gNT12cp915sa
+5sw60r1L9G4YUxapILD3xJMVMH75yR1kHwGJvQjfmEyM62LLFenWQA7hxBp08AMj
+dMcUambSKhl0Mzj01vEk6JAyxp5oX+/vVEaxKO8sLb53d3p/9AxPrmT1oQbANs+F
+Ju003wwarcq3hez8C/Q/01jaXJJOjv7wmAHH4/2SDajFGyobgGSiHsJspD24uNED
+dhZZrYtSsodAPSBU/enpHxH8oc62E3897nlUOtc5FtVZPoh/AGJPUzwCdDwwsAoO
+jYUrUKNdEvTrjwwjAt0PWTbVVDq6IoxBUHbk1BbIoQqHcPzyQFIm3ciVKS5SeiM=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.der
new file mode 100644
index 0000000..7ea4251
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.pem
new file mode 100644
index 0000000..116c352
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des1_ofb.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIClDA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQImwccDkLMI1cCAggA
+MBEGBSsOAwIIBAihhtOLmLYIYgSCAlGnW7biQAKuL4Ypqr0RCpHdKfU3YxUgFJCr
+rEuxTEV1ttS3u58Adj7ldaFgUpFIfsaGbpsPeEw+nxHRnZ76xrck6l3MvFxW+WPM
+osKcaITYCNg7TSyzqR33CxMzkdH4FmEVr55nyR1ir2JcQ8QG7/nBN8YTNBpACJIR
+F3kzP3BGz1aAS8ef7v22BcMYkVNb0DJ38z5SUryTqEOwUPWPpNiKaA0chE6nrwjD
+8xlaMPowUjE97bcj+eIQM9hm7Gcwcv5Z4qHPd6NiwRstg0X9GL00wyFjukCV4GJp
+CRK41XwTmyrb6mYGLS6TFRg96R+VyYmB6DL5rCGFuT5oeVIh1FP1TdflOMK8z/sU
+Qftz6Y3ILLbKMGXUVQG6rrXxSD017sBlqK4iPntANH/Ogh6WN2VGeAsRw82ty2YY
+1jJIlEJa7kMFJRZgvboFZf9jsePd8crxMHvyefAGbJcoHvSEku3wZQ2Nil1ddW++
+IvNq6xyNUiYVgCOUtA/7bB0kP6mUpG2tU3MS+C8SknS8lLxcS+Et6yjj1Z+2gEN/
+R1Se9nrhfyUdI/boPmwfmwcVlPnCPI0HlcqHy04oSJVDJlOlOpSkw4cPZCgBIMmq
+N2KgtLYXK6xQQKwVM1RGyqBXEOkngXkddNdwl1PcG5UUxsliw6cDtgZUuv5D6Xht
+9IlxB1eRN+w4kVLRsh+cZCFIUdqiTky3VEBGtO2ohSkBw5Hz6gaqIDZbUqFfal3V
+rS/MLKUOCUwxKUBr8mvwjRUm17caIGnHZVuXUhJtt3MDB+Su107+Eg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der
new file mode 100644
index 0000000..7005d4c
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem
new file mode 100644
index 0000000..e98e115
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des2_ecb_SEEMS_WRONG.pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICmzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIz6I345rIqbYCAggA
+MBEGBSsOAwIRBAgAAAAAAAAAAASCAlha7ykjKoRo9RdbHoFnA8gTksfk//hKNzBi
+tdl0MKBYMlDbzG1p548W0hO6OlU5oO1KE27x3hRmKfi+RMGq83MqHbME6OB2bOQL
+QL0xDMI6kpRi4adH8JgOAA46YQFEj5zRDcZg2XOfrGGJOu/fF6Ne4ALrXkewcMIv
+iaFib19vpCHqe5E9ixvDyX/RQRxN2r12II7UctmZyZhqNEHJtp7ZuOROm3M83HuQ
+bMEMLAeNgHslXBDPhrx/ByXi6LmhJJPXk3wAySNwSKCF7bpTtIb51SUDAE2pRaw4
+PrshVZ4hnt9s+xEPz3a7Rs56F06HRyXT4YgXsJsVm6Fmg1DqQwC18aV0ioTEeJ80
+h92btKTg9wJ1+Av/FWIf0scIUnhBmzAC6A0h4mRueSC9xbcQvBb4QquFeDYhxiA6
+MtFS5MtZ4guYyMJlKpKF97c5gfheglxDA/iWrb3TN4dz+eM2D7uBQjfzugF0zQRI
+2VGSO+hRyLlF9/ooozjJ0OO/gVEKz0j8ks6fZ7Ol5ctryT/tGYxhfVR5YPpEW8hk
+iSiEh7QluPGGhjrC955IZBXkfmFqN67X1L9UlExuePj7sPtQjznaLs7rK3fZ9vRm
+9x0JILZOis+I5MOfeoVqDzEtUNI51rpJl8bpt/BOlM0jdnohAIjPPICFZMeBfEzQ
+RmH6VuPWwMhV1KjMQPcoZT5BPl5fxUcpqpLeY86bsCdSHfYJVBBxo1iet8+mC3VK
+mGXwucHoDMh1oGNkPToCCD7x34zMBBDvm9oKyjy51ub9kztWUUctnkDrb0IyEFs=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.der
new file mode 100644
index 0000000..57ec533
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.pem
new file mode 100644
index 0000000..33e7665
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_des3_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIsclhoXWd7bkCAggA
+MBQGCCqGSIb3DQMHBAgsjKjs6xPhKwSCAlgtME7PW1sMaRjbUecyCKazv2QgvwUn
+Z4s2J5pNf8ORBuBdil5lNu+T/9GvdiEGo4R1uA866403Nc2KA8ZpfgOwNPSUn/wb
+iMdCg5S18mvgFT+1Mh1Mz1EUp+RfnVYRI0MlpvKoQf/vFqmEbUVSuQJsq6aBXs/R
+2cJqC6pBGoSAZ0kQza2P1RJ4cTvgf+1OJj4aL8+OMK1rMmYLLkrl0qF+2pppj/nn
+b3djuBPYCN1WbM7Alk8/pxttZxlPnsywBzFAnEYAyAsDAvsAcnx6MeVSnlT6Z91r
+T88AqXREN8c6N+QP9S93K8nBhJ3VSAFRwnqWYG9S/M5itBl636Lna8fwIWmYuOAe
+9+pDA8Ki+aqLDMsz4Aqw1LJ1cOtnjr4Y9ebReo90/hpGVWrASfmQ/Vq+lboz5bSM
+385UyoA+jyiveHVsFctN4rQJLQeIwNWL74jy4RaFRbnoFqlR3HwjLANcnVK3Yx1M
+Hvkvayd+ozj8LsqMjQei5uaxZjet9EhFLJhIMeRq4AnbE+5t2O8MVUhirlq7kENQ
+ZJW9hZF6KARC0dPRIL3Cr0TRYt3Cxci+ZvQOxmcRNUf4rXIe0ySHNVoiYETJ6m2a
+HwQlY3fIDkmGPylTVlp9yax0SWn8ySdVXPFEUiMLZWme8BMeCyWoBrMTwHQESNke
+dUCA30SeNXuDVlY5KX3EsxESNOd427P6SEqEtZAAsiIvXwGUdsKlIPCTs3xG/aP8
+uQzl0E/LoHrT4QuXzDm1IIJlAM6MIV/fYThJ+KRBXegx2YxBY8LgsOlcqvrdjfg+
+zko=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der
new file mode 100644
index 0000000..fe6a921
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem
new file mode 100644
index 0000000..8bc30f7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_128_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICpjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIQKUAK0PkWtsCAggA
+AgEQMBkGCCqGSIb3DQMCMA0CAToECNtxT/+Pqog1BIICWIY6YcTRO+YYTzYH6AW+
+ST1mb7WaW1MPFF1Fgmr59u2pm1OvH9Cq1ylcSZUJ7xYHcpBC5iigjitcJIo7KrIP
+PdOh5ZMhebNYVREjWL5drrlUEQpM+R5MFsYo8t3Solz9tgujZhYBBNO5b9xMdKu1
+iddJAerTssjJNonHzh0M54wHJ8DthO1hHuF0ljUitIXSKDwQQiKu6nGMdQejgxcM
+RZ+jmm2RwgDBlTnQumR3FUInRjUDdsfC2u7EPyJOKCBEi+V1Knz8dnvfgbwr6yVC
+ka9kjm3zDqbijs2si6tnRdNxXPob8Yld0jwfKuhzoNPQTSLDTm8jtnu8Jlj2WOk9
++pCJPMfPECH1eE0DlVAQEjIDmrQIw5ZEpdMpkOfReaHujT8AiyvcjmxqcgFgNosR
+q757fi/LhQlYi59gpNAKxhAV9rB+5iANDF2ILg9KtIWxg1cFuls6ll4oT13YR+oM
+5+iiTAWwUoVLlKwNAAuUyyvofTHV7oRDnl9p27ZnsBI7DWYKBRirMBcYfatBxWub
+/AeFhXFtCA+LptKuPXepvYbtr4A/A/1bFW9cbKSGNDJ5mxQLofKXeQ0R2oOxbFxN
+F5OJNeg3y1K/GPFw2SMRaf+kPK0K2pm4jkLASM48hwOnfEu0X/lgBVRHIqqekdYq
+pVcGaR1yTBycviabU1grfI49mUbj2EbmUAaIPevN6SFg/gscMOObxZCFiddX38yT
+Pmx13vDnPpKIDh1qrWsDh3ShvjC0y0vVG89ZSDsSph7JSQsT9lKfJZovKkOIoxty
+e/CYyA30P+jUJA==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der
new file mode 100644
index 0000000..fa93428
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem
new file mode 100644
index 0000000..551357b
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_40_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICpzBJBgkqhkiG9w0BBQ0wPDAeBgkqhkiG9w0BBQwwEQQIlYIY7do+vY8CAggA
+AgEFMBoGCCqGSIb3DQMCMA4CAgCgBAiYdTRbZ4lQVASCAljYj8mWvuSo7R5pG4RC
+sakmf8knGoSCAKWX4IkyVrOT1tglQpj/TATeNqmykOmF7x96QedoTbTQSFJCDhFR
+ieIyiGYdJYJOOZ0PbwrRKzFJe9RPMC0HxNOSYWq8Ghq801r5SpMgB0GuKsXQIawj
+OazhGWkzKD7G8khfM/AFS3DivxV4gAV7e3PcGeEpXDipDW8wFmGpnva0rUSiQj87
+j5AGeo9R/5QFAhf4KvKLdKeT9BcU4N1lVToibTAImoTNMp9eJdUU43Jf0JWOp18M
+Ws4eP3Cs8xreo8qyB9T4AJ95UFSuPQRCLe2SwjNOgguwzdc0s1nbrFj4bMhphT6+
+ic2aQDXQbTtzahqZz5/UvbzuC3FJ/8AFCrTcxKCRaqKKm3vx2mRGjps1dQaxdq7f
+ePRK+kvThzv6A061rv1PnJF2oi+GOjLzFix7rJjXFvZ79btV7qbb1k1qrAuJzmN4
+rC+iurxT6Nx303PzsSHxr1Rzi9wn3SznFqIRz9K0brhGbG3CqeVsoFnI79K7bB0b
+Rm79vsm9P9zCyJamYYhcQ5fMtXhzvRAfmh0rZjUE+QsPbr60U2JamjYUj28BW/2y
+FPdidr/hFC0Ol/AfQkQJjLG2QGiorFN5QxrBHjeQMAi5AES0/RjW7SH9y6mLKr4+
+vjBEf0adW+kR7PC9Q8An7IVqeQ9vC8FP888fmAbwtxXaQKCp7p1bCLpgg9rlkCdu
+F+WN87Cf9lhR1/ElicLueEryOAlmRWvZwXV4OC6WNQ/meE2EUfkoC0tJXe/2Dw6z
+XXW4BLa4C32ynWQ=
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der
new file mode 100644
index 0000000..861d040
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.der differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem
new file mode 100644
index 0000000..aabe3ab
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa/pkcs8v2_dsa_rc2_64_cbc.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICpjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQI9j+oZ2rYhkYCAggA
+AgEIMBkGCCqGSIb3DQMCMA0CAXgECBbPri4fuLQqBIICWMCy6hNMdpB/4DhIM67V
+cr4F7cZuXn4nIxpKa9B/Z7EaHJnwVShwECCrz7wOVsP0M5uZYrfZ7NXCbz2ESXI8
+B7jCwcMf8/8U2uSlTtyWmJLTrukBifvPtzy4hPYUCiNobtcEipOB/DnLE/c8w7kC
+UR3o6wuHvsaqKcSNminUY0VfyfRWJ+orTBqK1cGQtrtg+6bMYZbJQeKgJeM6BuvJ
+0/yxw4jGMfX/bqqqjPl8PtSchOtSqLCDfMjHQu5IlQUxRYzrqde7KAxWztmBRSHw
+VtWsUKHizEZuOWTC8ZF4LLHHLOpuRr4ChIRihKYjtLp0xgj464RMyvT26gUtSmKS
+v7iPJInt08oOwTxABU9TIgEG7aVp/PHuLwofR6gHJO+vEvdygMpcL38VYp/6E9iL
+NRDr7oGc5IqS65H5pPrwXmtej4A128N9deVzbHJ2v9jEmpfZlFg/FhH5hPccy9Lt
+6dC5xAK18zK4QQ8GWKpa2WJaTiTHWdpd06KHKaisNBUVY48etslcsGSo/XZRlDE1
+aOXGyOY8GKWnhWKfHVDw0Wlg1nIROhm0TvHXWH/IwdaaCAWQL+9o3ObNc7pLPQ+j
+4kpebB4DnbwBZuNAA2QqzjyPPk7s2S0kVWrgf6X3PBd+Tt44GtyMR/jgdLoVzPka
+aPgJLAHYl5/X8h/VuUOnOI+vCfr6E+cyRbs03GOXDv8/Ugeb6QQMKTfU/czidNSB
+9aINJZslQnuHLxlFbmO4VQ0uVUvNWlp1fBzf+MDFeXY3WFNo7YDpclCjQwf1gd6T
+T4qym0e+jm9iYg==
+-----END ENCRYPTED PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/dsa_result.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/dsa_result.html b/3rdparty/not-yet-commons-ssl/samples/dsa_result.html
new file mode 100644
index 0000000..c618ea0
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/dsa_result.html
@@ -0,0 +1,38 @@
+<html>
+<head>
+<title>Not-Yet-Commons-SSL - Decrypting DSA Private Keys in Java</title>
+<style type="text/css">
+h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
+h1 { float: left; color: red; }
+b.n { font-family: arial; font-weight: bold; }
+span.hl { color: white; background-color: green; }
+div.nav { float: left; margin-left: 20px; font-weight: bold; }
+.nav a, .nav span { padding: 0 5px; }
+.nav a { color: blue; }
+.nav span.hl a { color: white; }
+li.top { margin-top: 10px; }
+ul.openssl { float: left; width: 100px; margin-top: 8px; }
+ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
+</style>
+</head>
+<body>
+<h1>not-yet-commons-ssl</h1>
+<div class="nav">
+<a href="../index.html">main</a> |
+<a href="../ssl.html">ssl</a> |
+<span class="hl"><a href="../pkcs8.html">pkcs8</a></span> |
+<a href="../pbe.html">pbe</a> |
+<a href="../rmi.html">rmi</a> |
+<a href="../utilities.html">utilities</a> |
+<a href="../source.html">source</a> |
+<a href="../javadocs/">javadocs</a> |
+<a href="../download.html">download</a>
+</div>
+<br clear="all"/>
+<hr/>
+<h2>Decrypting DSA Private Keys in Java</h2>
+<p>Don't forget to install your JVM's <a href="http://java.sun.com/javase/downloads/">Unlimited Strength Jurisdiction Policy Files</a>
+if you want the AES-192 and AES-256 tests to pass.</p>
+<!--#include virtual="dsa.html" -->
+</body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/BC.BKS.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/BC.BKS.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.BKS.ks
new file mode 100644
index 0000000..a0ed53b
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.BKS.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-3DES-3DES.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-3DES-3DES.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-3DES-3DES.ks
new file mode 100644
index 0000000..7050936
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-3DES-3DES.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF-3DES-3DES.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF-3DES-3DES.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF-3DES-3DES.ks
new file mode 100644
index 0000000..0b392ec
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF-3DES-3DES.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF.ks
new file mode 100644
index 0000000..5fbaef4
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12-DEF.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12.ks
new file mode 100644
index 0000000..a738611
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.PKCS12.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/BC.UBER.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/BC.UBER.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.UBER.ks
new file mode 100644
index 0000000..28f5378
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/BC.UBER.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/README.txt
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/README.txt b/3rdparty/not-yet-commons-ssl/samples/keystores/README.txt
new file mode 100644
index 0000000..bec2157
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/keystores/README.txt
@@ -0,0 +1,8 @@
+
+
+Password for single-password JKS is "changeit".
+
+Password to open dual-password JKS is "changeit", and the password to decrypt
+the private key is "itchange".
+
+
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.2pass.jks.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.2pass.jks.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.2pass.jks.ks
new file mode 100644
index 0000000..e866ac5
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.2pass.jks.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.jks.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.jks.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.jks.ks
new file mode 100644
index 0000000..fbbe8d9
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/Sun.jks.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/SunJCE.jceks.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/SunJCE.jceks.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/SunJCE.jceks.ks
new file mode 100644
index 0000000..808c792
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/SunJCE.jceks.ks differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.ks
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.ks b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.ks
new file mode 100644
index 0000000..d2f0867
Binary files /dev/null and b/3rdparty/not-yet-commons-ssl/samples/keystores/chain-rsa_dsa_rsa.ks differ
[19/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
Posted by dr...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObjectParser.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObjectParser.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObjectParser.java
new file mode 100644
index 0000000..0f45cdb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/BERTaggedObjectParser.java
@@ -0,0 +1,118 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class BERTaggedObjectParser
+ implements ASN1TaggedObjectParser {
+ private int _baseTag;
+ private int _tagNumber;
+ private InputStream _contentStream;
+
+ private boolean _indefiniteLength;
+
+ protected BERTaggedObjectParser(
+ int baseTag,
+ int tagNumber,
+ InputStream contentStream) {
+ _baseTag = baseTag;
+ _tagNumber = tagNumber;
+ _contentStream = contentStream;
+ _indefiniteLength = contentStream instanceof IndefiniteLengthInputStream;
+ }
+
+ public boolean isConstructed() {
+ return (_baseTag & DERTags.CONSTRUCTED) != 0;
+ }
+
+ public int getTagNo() {
+ return _tagNumber;
+ }
+
+ public DEREncodable getObjectParser(
+ int tag,
+ boolean isExplicit)
+ throws IOException {
+ if (isExplicit) {
+ return new ASN1StreamParser(_contentStream).readObject();
+ } else {
+ switch (tag) {
+ case DERTags.SET:
+ if (_indefiniteLength) {
+ return new BERSetParser(new ASN1ObjectParser(_baseTag, _tagNumber, _contentStream));
+ } else {
+ return new DERSet(loadVector(_contentStream)).parser();
+ }
+ case DERTags.SEQUENCE:
+ if (_indefiniteLength) {
+ return new BERSequenceParser(new ASN1ObjectParser(_baseTag, _tagNumber, _contentStream));
+ } else {
+ return new DERSequence(loadVector(_contentStream)).parser();
+ }
+ case DERTags.OCTET_STRING:
+ if (_indefiniteLength || this.isConstructed()) {
+ return new BEROctetStringParser(new ASN1ObjectParser(_baseTag, _tagNumber, _contentStream));
+ } else {
+ return new DEROctetString(((DefiniteLengthInputStream) _contentStream).toByteArray()).parser();
+ }
+ }
+ }
+
+ throw new RuntimeException("implicit tagging not implemented");
+ }
+
+ private ASN1EncodableVector loadVector(InputStream in)
+ throws IOException {
+ ASN1StreamParser aIn = new ASN1StreamParser(in);
+ ASN1EncodableVector v = new ASN1EncodableVector();
+ DEREncodable obj = aIn.readObject();
+
+ while (obj != null) {
+ v.add(obj.getDERObject());
+ obj = aIn.readObject();
+ }
+
+ return v;
+ }
+
+ private ASN1EncodableVector rLoadVector(InputStream in) {
+ try {
+ return loadVector(in);
+ }
+ catch (IOException e) {
+ throw new IllegalStateException(e.getMessage());
+ }
+ }
+
+ public DERObject getDERObject() {
+ if (_indefiniteLength) {
+ ASN1EncodableVector v = rLoadVector(_contentStream);
+
+ if (v.size() > 1) {
+ return new BERTaggedObject(false, _tagNumber, new BERSequence(v));
+ } else if (v.size() == 1) {
+ return new BERTaggedObject(true, _tagNumber, v.get(0));
+ } else {
+ return new BERTaggedObject(false, _tagNumber, new BERSequence());
+ }
+ } else {
+ if (this.isConstructed()) {
+ ASN1EncodableVector v = rLoadVector(_contentStream);
+
+ if (v.size() == 1) {
+ return new DERTaggedObject(true, _tagNumber, v.get(0));
+ }
+
+ return new DERTaggedObject(false, _tagNumber, new DERSequence(v));
+ }
+
+ try {
+ return new DERTaggedObject(false, _tagNumber, new DEROctetString(((DefiniteLengthInputStream) _contentStream).toByteArray()));
+ }
+ catch (IOException e) {
+ throw new IllegalStateException(e.getMessage());
+ }
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ConstructedOctetStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ConstructedOctetStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ConstructedOctetStream.java
new file mode 100644
index 0000000..18565bb
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/ConstructedOctetStream.java
@@ -0,0 +1,92 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+class ConstructedOctetStream
+ extends InputStream {
+ private final ASN1ObjectParser _parser;
+
+ private boolean _first = true;
+ private InputStream _currentStream;
+
+ ConstructedOctetStream(
+ ASN1ObjectParser parser) {
+ _parser = parser;
+ }
+
+ public int read(byte[] b, int off, int len) throws IOException {
+ if (_currentStream == null) {
+ if (!_first) {
+ return -1;
+ }
+
+ ASN1OctetStringParser s = (ASN1OctetStringParser) _parser.readObject();
+
+ if (s == null) {
+ return -1;
+ }
+
+ _first = false;
+ _currentStream = s.getOctetStream();
+ }
+
+ int totalRead = 0;
+
+ for (; ;) {
+ int numRead = _currentStream.read(b, off + totalRead, len - totalRead);
+
+ if (numRead >= 0) {
+ totalRead += numRead;
+
+ if (totalRead == len) {
+ return totalRead;
+ }
+ } else {
+ ASN1OctetStringParser aos = (ASN1OctetStringParser) _parser.readObject();
+
+ if (aos == null) {
+ _currentStream = null;
+ return totalRead < 1 ? -1 : totalRead;
+ }
+
+ _currentStream = aos.getOctetStream();
+ }
+ }
+ }
+
+ public int read()
+ throws IOException {
+ if (_currentStream == null) {
+ if (!_first) {
+ return -1;
+ }
+
+ ASN1OctetStringParser s = (ASN1OctetStringParser) _parser.readObject();
+
+ if (s == null) {
+ return -1;
+ }
+
+ _first = false;
+ _currentStream = s.getOctetStream();
+ }
+
+ for (; ;) {
+ int b = _currentStream.read();
+
+ if (b >= 0) {
+ return b;
+ }
+
+ ASN1OctetStringParser s = (ASN1OctetStringParser) _parser.readObject();
+
+ if (s == null) {
+ _currentStream = null;
+ return -1;
+ }
+
+ _currentStream = s.getOctetStream();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERApplicationSpecific.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERApplicationSpecific.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERApplicationSpecific.java
new file mode 100644
index 0000000..1396f91
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERApplicationSpecific.java
@@ -0,0 +1,143 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+/** Base class for an application specific object */
+public class DERApplicationSpecific
+ extends ASN1Object {
+ private int tag;
+ private byte[] octets;
+
+ public DERApplicationSpecific(
+ int tag,
+ byte[] octets) {
+ this.tag = tag;
+ this.octets = octets;
+ }
+
+ public DERApplicationSpecific(
+ int tag,
+ DEREncodable object)
+ throws IOException {
+ this(true, tag, object);
+ }
+
+ public DERApplicationSpecific(
+ boolean explicit,
+ int tag,
+ DEREncodable object)
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dos = new DEROutputStream(bOut);
+
+ dos.writeObject(object);
+
+ byte[] data = bOut.toByteArray();
+
+ if (tag >= 0x1f) {
+ throw new IOException("unsupported tag number");
+ }
+
+ if (explicit) {
+ this.tag = tag | DERTags.CONSTRUCTED;
+ this.octets = data;
+ } else {
+ this.tag = tag;
+ int lenBytes = getLengthOfLength(data);
+ byte[] tmp = new byte[data.length - lenBytes];
+ System.arraycopy(data, lenBytes, tmp, 0, tmp.length);
+ this.octets = tmp;
+ }
+ }
+
+ private int getLengthOfLength(byte[] data) {
+ int count = 2; // TODO: assumes only a 1 byte tag number
+
+ while ((data[count - 1] & 0x80) != 0) {
+ count++;
+ }
+
+ return count;
+ }
+
+ public boolean isConstructed() {
+ return (tag & DERTags.CONSTRUCTED) != 0;
+ }
+
+ public byte[] getContents() {
+ return octets;
+ }
+
+ public int getApplicationTag() {
+ return tag;
+ }
+
+ public DERObject getObject()
+ throws IOException {
+ return new ASN1InputStream(getContents()).readObject();
+ }
+
+ /**
+ * Return the enclosed object assuming implicit tagging.
+ *
+ * @param derTagNo the type tag that should be applied to the object's contents.
+ * @return the resulting object
+ * @throws java.io.IOException if reconstruction fails.
+ */
+ public DERObject getObject(int derTagNo)
+ throws IOException {
+ if (tag >= 0x1f) {
+ throw new IOException("unsupported tag number");
+ }
+
+ byte[] tmp = this.getEncoded();
+
+ tmp[0] = (byte) derTagNo;
+
+ return new ASN1InputStream(tmp).readObject();
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.ssl.asn1.DERObject#encode(org.apache.commons.ssl.asn1.DEROutputStream)
+ */
+ void encode(DEROutputStream out) throws IOException {
+ out.writeEncoded(DERTags.APPLICATION | tag, octets);
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERApplicationSpecific)) {
+ return false;
+ }
+
+ DERApplicationSpecific other = (DERApplicationSpecific) o;
+
+ if (tag != other.tag) {
+ return false;
+ }
+
+ if (octets.length != other.octets.length) {
+ return false;
+ }
+
+ for (int i = 0; i < octets.length; i++) {
+ if (octets[i] != other.octets[i]) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ public int hashCode() {
+ byte[] b = this.getContents();
+ int value = 0;
+
+ for (int i = 0; i != b.length; i++) {
+ value ^= (b[i] & 0xff) << (i % 4);
+ }
+
+ return value ^ this.getApplicationTag();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBMPString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBMPString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBMPString.java
new file mode 100644
index 0000000..e093582
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBMPString.java
@@ -0,0 +1,104 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER BMPString object. */
+public class DERBMPString
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return a BMP String from the given object.
+ *
+ * @param obj the object we want converted.
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERBMPString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERBMPString) {
+ return (DERBMPString) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERBMPString(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return a BMP String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERBMPString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+
+ /** basic constructor - byte encoded string. */
+ public DERBMPString(
+ byte[] string) {
+ char[] cs = new char[string.length / 2];
+
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) ((string[2 * i] << 8) | (string[2 * i + 1] & 0xff));
+ }
+
+ this.string = new String(cs);
+ }
+
+ /** basic constructor */
+ public DERBMPString(
+ String string) {
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+
+ protected boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERBMPString)) {
+ return false;
+ }
+
+ DERBMPString s = (DERBMPString) o;
+
+ return this.getString().equals(s.getString());
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ char[] c = string.toCharArray();
+ byte[] b = new byte[c.length * 2];
+
+ for (int i = 0; i != c.length; i++) {
+ b[2 * i] = (byte) (c[i] >> 8);
+ b[2 * i + 1] = (byte) c[i];
+ }
+
+ out.writeEncoded(BMP_STRING, b);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBitString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBitString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBitString.java
new file mode 100644
index 0000000..2cb649c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBitString.java
@@ -0,0 +1,245 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public class DERBitString
+ extends ASN1Object
+ implements DERString {
+ private static final char[] table = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
+
+ protected byte[] data;
+ protected int padBits;
+
+ /**
+ * return the correct number of pad bits for a bit string defined in
+ * a 32 bit constant
+ */
+ static protected int getPadBits(
+ int bitString) {
+ int val = 0;
+ for (int i = 3; i >= 0; i--) {
+ //
+ // this may look a little odd, but if it isn't done like this pre jdk1.2
+ // JVM's break!
+ //
+ if (i != 0) {
+ if ((bitString >> (i * 8)) != 0) {
+ val = (bitString >> (i * 8)) & 0xFF;
+ break;
+ }
+ } else {
+ if (bitString != 0) {
+ val = bitString & 0xFF;
+ break;
+ }
+ }
+ }
+
+ if (val == 0) {
+ return 7;
+ }
+
+
+ int bits = 1;
+
+ while (((val <<= 1) & 0xFF) != 0) {
+ bits++;
+ }
+
+ return 8 - bits;
+ }
+
+ /**
+ * return the correct number of bytes for a bit string defined in
+ * a 32 bit constant
+ */
+ static protected byte[] getBytes(int bitString) {
+ int bytes = 4;
+ for (int i = 3; i >= 1; i--) {
+ if ((bitString & (0xFF << (i * 8))) != 0) {
+ break;
+ }
+ bytes--;
+ }
+
+ byte[] result = new byte[bytes];
+ for (int i = 0; i < bytes; i++) {
+ result[i] = (byte) ((bitString >> (i * 8)) & 0xFF);
+ }
+
+ return result;
+ }
+
+ /**
+ * return a Bit String from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERBitString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERBitString) {
+ return (DERBitString) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ byte[] bytes = ((ASN1OctetString) obj).getOctets();
+ int padBits = bytes[0];
+ byte[] data = new byte[bytes.length - 1];
+
+ System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
+
+ return new DERBitString(data, padBits);
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return a Bit String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERBitString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ protected DERBitString(
+ byte data,
+ int padBits) {
+ this.data = new byte[1];
+ this.data[0] = data;
+ this.padBits = padBits;
+ }
+
+ /**
+ * @param data the octets making up the bit string.
+ * @param padBits the number of extra bits at the end of the string.
+ */
+ public DERBitString(
+ byte[] data,
+ int padBits) {
+ this.data = data;
+ this.padBits = padBits;
+ }
+
+ public DERBitString(
+ byte[] data) {
+ this(data, 0);
+ }
+
+ public DERBitString(
+ DEREncodable obj) {
+ try {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ dOut.writeObject(obj);
+ dOut.close();
+
+ this.data = bOut.toByteArray();
+ this.padBits = 0;
+ }
+ catch (IOException e) {
+ throw new IllegalArgumentException("Error processing object : " + e.toString());
+ }
+ }
+
+ public byte[] getBytes() {
+ return data;
+ }
+
+ public int getPadBits() {
+ return padBits;
+ }
+
+
+ /** @return the value of the bit string as an int (truncating if necessary) */
+ public int intValue() {
+ int value = 0;
+
+ for (int i = 0; i != data.length && i != 4; i++) {
+ value |= (data[i] & 0xff) << (8 * i);
+ }
+
+ return value;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ byte[] bytes = new byte[getBytes().length + 1];
+
+ bytes[0] = (byte) getPadBits();
+ System.arraycopy(getBytes(), 0, bytes, 1, bytes.length - 1);
+
+ out.writeEncoded(BIT_STRING, bytes);
+ }
+
+ public int hashCode() {
+ int value = 0;
+
+ for (int i = 0; i != data.length; i++) {
+ value ^= (data[i] & 0xff) << (i % 4);
+ }
+
+ return value;
+ }
+
+ protected boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERBitString)) {
+ return false;
+ }
+
+ DERBitString other = (DERBitString) o;
+
+ if (data.length != other.data.length) {
+ return false;
+ }
+
+ for (int i = 0; i != data.length; i++) {
+ if (data[i] != other.data[i]) {
+ return false;
+ }
+ }
+
+ return (padBits == other.padBits);
+ }
+
+ public String getString() {
+ StringBuffer buf = new StringBuffer("#");
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ try {
+ aOut.writeObject(this);
+ }
+ catch (IOException e) {
+ throw new RuntimeException("internal error encoding BitString");
+ }
+
+ byte[] string = bOut.toByteArray();
+
+ for (int i = 0; i != string.length; i++) {
+ buf.append(table[(string[i] >>> 4) & 0xf]);
+ buf.append(table[string[i] & 0xf]);
+ }
+
+ return buf.toString();
+ }
+
+ public String toString() {
+ return getString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBoolean.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBoolean.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBoolean.java
new file mode 100644
index 0000000..e49ec6c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERBoolean.java
@@ -0,0 +1,96 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public class DERBoolean
+ extends ASN1Object {
+ byte value;
+
+ public static final DERBoolean FALSE = new DERBoolean(false);
+ public static final DERBoolean TRUE = new DERBoolean(true);
+
+ /**
+ * return a boolean from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERBoolean getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERBoolean) {
+ return (DERBoolean) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERBoolean(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /** return a DERBoolean from the passed in boolean. */
+ public static DERBoolean getInstance(
+ boolean value) {
+ return (value ? TRUE : FALSE);
+ }
+
+ /**
+ * return a Boolean from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERBoolean getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ public DERBoolean(
+ byte[] value) {
+ this.value = value[0];
+ }
+
+ public DERBoolean(
+ boolean value) {
+ this.value = (value) ? (byte) 0xff : (byte) 0;
+ }
+
+ public boolean isTrue() {
+ return (value != 0);
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ byte[] bytes = new byte[1];
+
+ bytes[0] = value;
+
+ out.writeEncoded(BOOLEAN, bytes);
+ }
+
+ protected boolean asn1Equals(
+ DERObject o) {
+ if ((o == null) || !(o instanceof DERBoolean)) {
+ return false;
+ }
+
+ return (value == ((DERBoolean) o).value);
+ }
+
+ public int hashCode() {
+ return value;
+ }
+
+
+ public String toString() {
+ return (value != 0) ? "TRUE" : "FALSE";
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSequence.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSequence.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSequence.java
new file mode 100644
index 0000000..f7cad53
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSequence.java
@@ -0,0 +1,46 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
+
+/** @deprecated use DERSequence. */
+public class DERConstructedSequence
+ extends ASN1Sequence {
+ public void addObject(
+ DEREncodable obj) {
+ super.addObject(obj);
+ }
+
+ public int getSize() {
+ return size();
+ }
+
+ /*
+ * A note on the implementation:
+ * <p>
+ * As DER requires the constructed, definite-length model to
+ * be used for structured types, this varies slightly from the
+ * ASN.1 descriptions given. Rather than just outputing SEQUENCE,
+ * we also have to specify CONSTRUCTED, and the objects length.
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+ Enumeration e = this.getObjects();
+
+ while (e.hasMoreElements()) {
+ Object obj = e.nextElement();
+
+ dOut.writeObject(obj);
+ }
+
+ dOut.close();
+
+ byte[] bytes = bOut.toByteArray();
+
+ out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSet.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSet.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSet.java
new file mode 100644
index 0000000..50adf8e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERConstructedSet.java
@@ -0,0 +1,63 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Enumeration;
+
+/** @deprecated use DERSet */
+public class DERConstructedSet
+ extends ASN1Set {
+ public DERConstructedSet() {
+ }
+
+ /** @param obj - a single object that makes up the set. */
+ public DERConstructedSet(
+ DEREncodable obj) {
+ this.addObject(obj);
+ }
+
+ /** @param v - a vector of objects making up the set. */
+ public DERConstructedSet(
+ DEREncodableVector v) {
+ for (int i = 0; i != v.size(); i++) {
+ this.addObject(v.get(i));
+ }
+ }
+
+ public void addObject(
+ DEREncodable obj) {
+ super.addObject(obj);
+ }
+
+ public int getSize() {
+ return size();
+ }
+
+ /*
+ * A note on the implementation:
+ * <p>
+ * As DER requires the constructed, definite-length model to
+ * be used for structured types, this varies slightly from the
+ * ASN.1 descriptions given. Rather than just outputing SET,
+ * we also have to specify CONSTRUCTED, and the objects length.
+ */
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+ Enumeration e = this.getObjects();
+
+ while (e.hasMoreElements()) {
+ Object obj = e.nextElement();
+
+ dOut.writeObject(obj);
+ }
+
+ dOut.close();
+
+ byte[] bytes = bOut.toByteArray();
+
+ out.writeEncoded(SET | CONSTRUCTED, bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodable.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodable.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodable.java
new file mode 100644
index 0000000..cbaebf9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodable.java
@@ -0,0 +1,5 @@
+package org.apache.commons.ssl.asn1;
+
+public interface DEREncodable {
+ public DERObject getDERObject();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodableVector.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodableVector.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodableVector.java
new file mode 100644
index 0000000..d441a44
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREncodableVector.java
@@ -0,0 +1,31 @@
+package org.apache.commons.ssl.asn1;
+
+import java.util.Vector;
+
+/**
+ * a general class for building up a vector of DER encodable objects -
+ * this will eventually be superceded by ASN1EncodableVector so you should
+ * use that class in preference.
+ */
+public class DEREncodableVector {
+ private Vector v = new Vector();
+
+ /** @deprecated use ASN1EncodableVector instead. */
+ public DEREncodableVector() {
+
+ }
+
+ public void add(
+ DEREncodable obj) {
+ v.addElement(obj);
+ }
+
+ public DEREncodable get(
+ int i) {
+ return (DEREncodable) v.elementAt(i);
+ }
+
+ public int size() {
+ return v.size();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREnumerated.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREnumerated.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREnumerated.java
new file mode 100644
index 0000000..faacf13
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEREnumerated.java
@@ -0,0 +1,96 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+public class DEREnumerated
+ extends ASN1Object {
+ byte[] bytes;
+
+ /**
+ * return an integer from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DEREnumerated getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DEREnumerated) {
+ return (DEREnumerated) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DEREnumerated(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an Enumerated from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DEREnumerated getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ public DEREnumerated(
+ int value) {
+ bytes = BigInteger.valueOf(value).toByteArray();
+ }
+
+ public DEREnumerated(
+ BigInteger value) {
+ bytes = value.toByteArray();
+ }
+
+ public DEREnumerated(
+ byte[] bytes) {
+ this.bytes = bytes;
+ }
+
+ public BigInteger getValue() {
+ return new BigInteger(bytes);
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(ENUMERATED, bytes);
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DEREnumerated)) {
+ return false;
+ }
+
+ DEREnumerated other = (DEREnumerated) o;
+
+ if (bytes.length != other.bytes.length) {
+ return false;
+ }
+
+ for (int i = 0; i != bytes.length; i++) {
+ if (bytes[i] != other.bytes[i]) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ public int hashCode() {
+ return this.getValue().hashCode();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralString.java
new file mode 100644
index 0000000..d571a1d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralString.java
@@ -0,0 +1,75 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public class DERGeneralString
+ extends ASN1Object implements DERString {
+ private String string;
+
+ public static DERGeneralString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERGeneralString) {
+ return (DERGeneralString) obj;
+ }
+ if (obj instanceof ASN1OctetString) {
+ return new DERGeneralString(((ASN1OctetString) obj).getOctets());
+ }
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+ throw new IllegalArgumentException("illegal object in getInstance: "
+ + obj.getClass().getName());
+ }
+
+ public static DERGeneralString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ public DERGeneralString(byte[] string) {
+ char[] cs = new char[string.length];
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) (string[i] & 0xff);
+ }
+ this.string = new String(cs);
+ }
+
+ public DERGeneralString(String string) {
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ public byte[] getOctets() {
+ char[] cs = string.toCharArray();
+ byte[] bs = new byte[cs.length];
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+ return bs;
+ }
+
+ void encode(DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(GENERAL_STRING, this.getOctets());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+
+ boolean asn1Equals(DERObject o) {
+ if (!(o instanceof DERGeneralString)) {
+ return false;
+ }
+ DERGeneralString s = (DERGeneralString) o;
+ return this.getString().equals(s.getString());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralizedTime.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralizedTime.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralizedTime.java
new file mode 100644
index 0000000..0e2de28
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGeneralizedTime.java
@@ -0,0 +1,242 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.SimpleTimeZone;
+import java.util.TimeZone;
+
+/** Generalized time object. */
+public class DERGeneralizedTime
+ extends ASN1Object {
+ String time;
+
+ /**
+ * return a generalized time from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERGeneralizedTime getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERGeneralizedTime) {
+ return (DERGeneralizedTime) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERGeneralizedTime(((ASN1OctetString) obj).getOctets());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return a Generalized Time object from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERGeneralizedTime getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /**
+ * The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z
+ * for local time, or Z+-HHMM on the end, for difference between local
+ * time and UTC time. The fractional second amount f must consist of at
+ * least one number with trailing zeroes removed.
+ *
+ * @param time the time string.
+ * @throws IllegalArgumentException if String is an illegal format.
+ */
+ public DERGeneralizedTime(
+ String time) {
+ this.time = time;
+ try {
+ this.getDate();
+ }
+ catch (ParseException e) {
+ throw new IllegalArgumentException("invalid date string: " + e.getMessage());
+ }
+ }
+
+ /** base constructer from a java.util.date object */
+ public DERGeneralizedTime(
+ Date time) {
+ SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+
+ dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+ this.time = dateF.format(time);
+ }
+
+ DERGeneralizedTime(
+ byte[] bytes) {
+ //
+ // explicitly convert to characters
+ //
+ char[] dateC = new char[bytes.length];
+
+ for (int i = 0; i != dateC.length; i++) {
+ dateC[i] = (char) (bytes[i] & 0xff);
+ }
+
+ this.time = new String(dateC);
+ }
+
+ /**
+ * Return the time.
+ *
+ * @return The time string as it appeared in the encoded object.
+ */
+ public String getTimeString() {
+ return time;
+ }
+
+ /**
+ * return the time - always in the form of
+ * YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).
+ * <p/>
+ * Normally in a certificate we would expect "Z" rather than "GMT",
+ * however adding the "GMT" means we can just use:
+ * <pre>
+ * dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+ * </pre>
+ * To read in the time and get a date which is compatible with our local
+ * time zone.
+ */
+ public String getTime() {
+ //
+ // standardise the format.
+ //
+ if (time.charAt(time.length() - 1) == 'Z') {
+ return time.substring(0, time.length() - 1) + "GMT+00:00";
+ } else {
+ int signPos = time.length() - 5;
+ char sign = time.charAt(signPos);
+ if (sign == '-' || sign == '+') {
+ return time.substring(0, signPos)
+ + "GMT"
+ + time.substring(signPos, signPos + 3)
+ + ":"
+ + time.substring(signPos + 3);
+ } else {
+ signPos = time.length() - 3;
+ sign = time.charAt(signPos);
+ if (sign == '-' || sign == '+') {
+ return time.substring(0, signPos)
+ + "GMT"
+ + time.substring(signPos)
+ + ":00";
+ }
+ }
+ }
+ return time + calculateGMTOffset();
+ }
+
+ private String calculateGMTOffset() {
+ String sign = "+";
+ TimeZone timeZone = TimeZone.getDefault();
+ int offset = timeZone.getRawOffset();
+ if (offset < 0) {
+ sign = "-";
+ offset = -offset;
+ }
+ int hours = offset / (60 * 60 * 1000);
+ int minutes = (offset - (hours * 60 * 60 * 1000)) / (60 * 1000);
+
+ try {
+ if (timeZone.useDaylightTime() && timeZone.inDaylightTime(this.getDate())) {
+ hours += sign.equals("+") ? 1 : -1;
+ }
+ }
+ catch (ParseException e) {
+ // we'll do our best and ignore daylight savings
+ }
+
+ return "GMT" + sign + convert(hours) + ":" + convert(minutes);
+ }
+
+ private String convert(int time) {
+ if (time < 10) {
+ return "0" + time;
+ }
+
+ return Integer.toString(time);
+ }
+
+ public Date getDate()
+ throws ParseException {
+ SimpleDateFormat dateF;
+ String d = time;
+
+ if (time.endsWith("Z")) {
+ if (hasFractionalSeconds()) {
+ dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSS'Z'");
+ } else {
+ dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+ }
+
+ dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+ } else if (time.indexOf('-') > 0 || time.indexOf('+') > 0) {
+ d = this.getTime();
+ if (hasFractionalSeconds()) {
+ dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSSz");
+ } else {
+ dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+ }
+
+ dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+ } else {
+ if (hasFractionalSeconds()) {
+ dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSS");
+ } else {
+ dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+ }
+
+ dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));
+ }
+
+ return dateF.parse(d);
+ }
+
+ private boolean hasFractionalSeconds() {
+ return time.indexOf('.') == 14;
+ }
+
+ private byte[] getOctets() {
+ char[] cs = time.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(GENERALIZED_TIME, this.getOctets());
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERGeneralizedTime)) {
+ return false;
+ }
+
+ return time.equals(((DERGeneralizedTime) o).time);
+ }
+
+ public int hashCode() {
+ return time.hashCode();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGenerator.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGenerator.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGenerator.java
new file mode 100644
index 0000000..359d931
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERGenerator.java
@@ -0,0 +1,108 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+public abstract class DERGenerator
+ extends ASN1Generator {
+ private boolean _tagged = false;
+ private boolean _isExplicit;
+ private int _tagNo;
+
+ protected DERGenerator(
+ OutputStream out) {
+ super(out);
+ }
+
+ public DERGenerator(
+ OutputStream out,
+ int tagNo,
+ boolean isExplicit) {
+ super(out);
+
+ _tagged = true;
+ _isExplicit = isExplicit;
+ _tagNo = tagNo;
+ }
+
+ private void writeLength(
+ OutputStream out,
+ int length)
+ throws IOException {
+ if (length > 127) {
+ int size = 1;
+ int val = length;
+
+ while ((val >>>= 8) != 0) {
+ size++;
+ }
+
+ out.write((byte) (size | 0x80));
+
+ for (int i = (size - 1) * 8; i >= 0; i -= 8) {
+ out.write((byte) (length >> i));
+ }
+ } else {
+ out.write((byte) length);
+ }
+ }
+
+ void writeDEREncoded(
+ OutputStream out,
+ int tag,
+ byte[] bytes)
+ throws IOException {
+ out.write(tag);
+ writeLength(out, bytes.length);
+ out.write(bytes);
+ }
+
+ void writeDEREncoded(
+ int tag,
+ byte[] bytes)
+ throws IOException {
+ if (_tagged) {
+ int tagNum = _tagNo | DERTags.TAGGED;
+
+ if (_isExplicit) {
+ int newTag = _tagNo | DERTags.CONSTRUCTED | DERTags.TAGGED;
+
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ writeDEREncoded(bOut, tag, bytes);
+
+ writeDEREncoded(_out, newTag, bOut.toByteArray());
+ } else {
+ if ((tag & DERTags.CONSTRUCTED) != 0) {
+ writeDEREncoded(_out, tagNum | DERTags.CONSTRUCTED, bytes);
+ } else {
+ writeDEREncoded(_out, tagNum, bytes);
+ }
+ }
+ } else {
+ writeDEREncoded(_out, tag, bytes);
+ }
+ }
+
+ void writeDEREncoded(
+ OutputStream out,
+ int tag,
+ InputStream in)
+ throws IOException {
+ out.write(tag);
+
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ int b = 0;
+ while ((b = in.read()) >= 0) {
+ bOut.write(b);
+ }
+
+ byte[] bytes = bOut.toByteArray();
+
+ writeLength(out, bytes.length);
+ out.write(bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERIA5String.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERIA5String.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERIA5String.java
new file mode 100644
index 0000000..53d1abf
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERIA5String.java
@@ -0,0 +1,142 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER IA5String object - this is an ascii string. */
+public class DERIA5String
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return a IA5 string from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERIA5String getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERIA5String) {
+ return (DERIA5String) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERIA5String(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an IA5 String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERIA5String getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - with bytes. */
+ public DERIA5String(
+ byte[] string) {
+ char[] cs = new char[string.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) (string[i] & 0xff);
+ }
+
+ this.string = new String(cs);
+ }
+
+ /** basic constructor - without validation. */
+ public DERIA5String(
+ String string) {
+ this(string, false);
+ }
+
+ /**
+ * Constructor with optional validation.
+ *
+ * @param string the base string to wrap.
+ * @param validate whether or not to check the string.
+ * @throws IllegalArgumentException if validate is true and the string
+ * contains characters that should not be in an IA5String.
+ */
+ public DERIA5String(
+ String string,
+ boolean validate) {
+ if (validate && !isIA5String(string)) {
+ throw new IllegalArgumentException("string contains illegal characters");
+ }
+
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ public byte[] getOctets() {
+ char[] cs = string.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(IA5_STRING, this.getOctets());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERIA5String)) {
+ return false;
+ }
+
+ DERIA5String s = (DERIA5String) o;
+
+ return this.getString().equals(s.getString());
+ }
+
+ /**
+ * return true if the passed in String can be represented without
+ * loss as an IA5String, false otherwise.
+ *
+ * @return true if in printable set, false otherwise.
+ */
+ public static boolean isIA5String(
+ String str) {
+ for (int i = str.length() - 1; i >= 0; i--) {
+ char ch = str.charAt(i);
+
+ if (ch > 0x007f) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInputStream.java
new file mode 100644
index 0000000..5d35bd3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInputStream.java
@@ -0,0 +1,237 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayInputStream;
+import java.io.EOFException;
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Don't use this class. It will eventually disappear, use ASN1InputStream.
+ * <br>
+ * This class is scheduled for removal.
+ *
+ * @deprecated use ASN1InputStream
+ */
+public class DERInputStream
+ extends FilterInputStream implements DERTags {
+ /** @deprecated use ASN1InputStream */
+ public DERInputStream(
+ InputStream is) {
+ super(is);
+ }
+
+ protected int readLength()
+ throws IOException {
+ int length = read();
+ if (length < 0) {
+ throw new IOException("EOF found when length expected");
+ }
+
+ if (length == 0x80) {
+ return -1; // indefinite-length encoding
+ }
+
+ if (length > 127) {
+ int size = length & 0x7f;
+
+ if (size > 4) {
+ throw new IOException("DER length more than 4 bytes");
+ }
+
+ length = 0;
+ for (int i = 0; i < size; i++) {
+ int next = read();
+
+ if (next < 0) {
+ throw new IOException("EOF found reading length");
+ }
+
+ length = (length << 8) + next;
+ }
+
+ if (length < 0) {
+ throw new IOException("corrupted stream - negative length found");
+ }
+ }
+
+ return length;
+ }
+
+ protected void readFully(
+ byte[] bytes)
+ throws IOException {
+ int left = bytes.length;
+
+ if (left == 0) {
+ return;
+ }
+
+ while (left > 0) {
+ int l = read(bytes, bytes.length - left, left);
+
+ if (l < 0) {
+ throw new EOFException("unexpected end of stream");
+ }
+
+ left -= l;
+ }
+ }
+
+ /**
+ * build an object given its tag and a byte stream to construct it
+ * from.
+ */
+ protected DERObject buildObject(
+ int tag,
+ byte[] bytes)
+ throws IOException {
+ switch (tag) {
+ case NULL:
+ return null;
+ case SEQUENCE | CONSTRUCTED:
+ ByteArrayInputStream bIn = new ByteArrayInputStream(bytes);
+ BERInputStream dIn = new BERInputStream(bIn);
+ DERConstructedSequence seq = new DERConstructedSequence();
+
+ try {
+ for (; ;) {
+ DERObject obj = dIn.readObject();
+
+ seq.addObject(obj);
+ }
+ }
+ catch (EOFException ex) {
+ return seq;
+ }
+ case SET | CONSTRUCTED:
+ bIn = new ByteArrayInputStream(bytes);
+ dIn = new BERInputStream(bIn);
+
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ try {
+ for (; ;) {
+ DERObject obj = dIn.readObject();
+
+ v.add(obj);
+ }
+ }
+ catch (EOFException ex) {
+ return new DERConstructedSet(v);
+ }
+ case BOOLEAN:
+ return new DERBoolean(bytes);
+ case INTEGER:
+ return new DERInteger(bytes);
+ case ENUMERATED:
+ return new DEREnumerated(bytes);
+ case OBJECT_IDENTIFIER:
+ return new DERObjectIdentifier(bytes);
+ case BIT_STRING:
+ int padBits = bytes[0];
+ byte[] data = new byte[bytes.length - 1];
+
+ System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
+
+ return new DERBitString(data, padBits);
+ case UTF8_STRING:
+ return new DERUTF8String(bytes);
+ case PRINTABLE_STRING:
+ return new DERPrintableString(bytes);
+ case IA5_STRING:
+ return new DERIA5String(bytes);
+ case T61_STRING:
+ return new DERT61String(bytes);
+ case VISIBLE_STRING:
+ return new DERVisibleString(bytes);
+ case UNIVERSAL_STRING:
+ return new DERUniversalString(bytes);
+ case GENERAL_STRING:
+ return new DERGeneralString(bytes);
+ case BMP_STRING:
+ return new DERBMPString(bytes);
+ case OCTET_STRING:
+ return new DEROctetString(bytes);
+ case UTC_TIME:
+ return new DERUTCTime(bytes);
+ case GENERALIZED_TIME:
+ return new DERGeneralizedTime(bytes);
+ default:
+ //
+ // with tagged object tag number is bottom 5 bits
+ //
+ if ((tag & TAGGED) != 0) {
+ if ((tag & 0x1f) == 0x1f) {
+ throw new IOException("unsupported high tag encountered");
+ }
+
+ if (bytes.length == 0) // empty tag!
+ {
+ if ((tag & CONSTRUCTED) == 0) {
+ return new DERTaggedObject(false, tag & 0x1f, new DERNull());
+ } else {
+ return new DERTaggedObject(false, tag & 0x1f, new DERConstructedSequence());
+ }
+ }
+
+ //
+ // simple type - implicit... return an octet string
+ //
+ if ((tag & CONSTRUCTED) == 0) {
+ return new DERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes));
+ }
+
+ bIn = new ByteArrayInputStream(bytes);
+ dIn = new BERInputStream(bIn);
+
+ DEREncodable dObj = dIn.readObject();
+
+ //
+ // explicitly tagged (probably!) - if it isn't we'd have to
+ // tell from the context
+ //
+ if (dIn.available() == 0) {
+ return new DERTaggedObject(tag & 0x1f, dObj);
+ }
+
+ //
+ // another implicit object, we'll create a sequence...
+ //
+ seq = new DERConstructedSequence();
+
+ seq.addObject(dObj);
+
+ try {
+ for (; ;) {
+ dObj = dIn.readObject();
+
+ seq.addObject(dObj);
+ }
+ }
+ catch (EOFException ex) {
+ // ignore --
+ }
+
+ return new DERTaggedObject(false, tag & 0x1f, seq);
+ }
+
+ return new DERUnknownTag(tag, bytes);
+ }
+ }
+
+ public DERObject readObject()
+ throws IOException {
+ int tag = read();
+ if (tag == -1) {
+ throw new EOFException();
+ }
+
+ int length = readLength();
+ byte[] bytes = new byte[length];
+
+ readFully(bytes);
+
+ return buildObject(tag, bytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInteger.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInteger.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInteger.java
new file mode 100644
index 0000000..4265efe
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERInteger.java
@@ -0,0 +1,114 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+public class DERInteger
+ extends ASN1Object {
+ byte[] bytes;
+
+ /**
+ * return an integer from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERInteger getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERInteger) {
+ return (DERInteger) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERInteger(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an Integer from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERInteger getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ public DERInteger(
+ int value) {
+ bytes = BigInteger.valueOf(value).toByteArray();
+ }
+
+ public DERInteger(
+ BigInteger value) {
+ bytes = value.toByteArray();
+ }
+
+ public DERInteger(
+ byte[] bytes) {
+ this.bytes = bytes;
+ }
+
+ public BigInteger getValue() {
+ return new BigInteger(bytes);
+ }
+
+ /**
+ * in some cases positive values get crammed into a space,
+ * that's not quite big enough...
+ */
+ public BigInteger getPositiveValue() {
+ return new BigInteger(1, bytes);
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(INTEGER, bytes);
+ }
+
+ public int hashCode() {
+ int value = 0;
+
+ for (int i = 0; i != bytes.length; i++) {
+ value ^= (bytes[i] & 0xff) << (i % 4);
+ }
+
+ return value;
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERInteger)) {
+ return false;
+ }
+
+ DERInteger other = (DERInteger) o;
+
+ if (bytes.length != other.bytes.length) {
+ return false;
+ }
+
+ for (int i = 0; i != bytes.length; i++) {
+ if (bytes[i] != other.bytes[i]) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ public String toString() {
+ return getValue().toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNull.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNull.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNull.java
new file mode 100644
index 0000000..774cb6e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNull.java
@@ -0,0 +1,20 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** A NULL object. */
+public class DERNull
+ extends ASN1Null {
+ public static final DERNull INSTANCE = new DERNull();
+
+ byte[] zeroBytes = new byte[0];
+
+ public DERNull() {
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(NULL, zeroBytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNumericString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNumericString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNumericString.java
new file mode 100644
index 0000000..9b72196
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERNumericString.java
@@ -0,0 +1,148 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }. */
+public class DERNumericString
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return a Numeric string from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERNumericString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERNumericString) {
+ return (DERNumericString) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERNumericString(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an Numeric String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERNumericString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - with bytes. */
+ public DERNumericString(
+ byte[] string) {
+ char[] cs = new char[string.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) (string[i] & 0xff);
+ }
+
+ this.string = new String(cs);
+ }
+
+ /** basic constructor - without validation.. */
+ public DERNumericString(
+ String string) {
+ this(string, false);
+ }
+
+ /**
+ * Constructor with optional validation.
+ *
+ * @param string the base string to wrap.
+ * @param validate whether or not to check the string.
+ * @throws IllegalArgumentException if validate is true and the string
+ * contains characters that should not be in a NumericString.
+ */
+ public DERNumericString(
+ String string,
+ boolean validate) {
+ if (validate && !isNumericString(string)) {
+ throw new IllegalArgumentException("string contains illegal characters");
+ }
+
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ public byte[] getOctets() {
+ char[] cs = string.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(NUMERIC_STRING, this.getOctets());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERNumericString)) {
+ return false;
+ }
+
+ DERNumericString s = (DERNumericString) o;
+
+ return this.getString().equals(s.getString());
+ }
+
+ /**
+ * Return true if the string can be represented as a NumericString ('0'..'9', ' ')
+ *
+ * @param str string to validate.
+ * @return true if numeric, fale otherwise.
+ */
+ public static boolean isNumericString(
+ String str) {
+ for (int i = str.length() - 1; i >= 0; i--) {
+ char ch = str.charAt(i);
+
+ if (ch > 0x007f) {
+ return false;
+ }
+
+ if (('0' <= ch && ch <= '9') || ch == ' ') {
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObject.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObject.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObject.java
new file mode 100644
index 0000000..df6dd86
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObject.java
@@ -0,0 +1,18 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public abstract class DERObject
+ extends ASN1Encodable
+ implements DERTags {
+ public DERObject toASN1Object() {
+ return this;
+ }
+
+ public abstract int hashCode();
+
+ public abstract boolean equals(Object o);
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObjectIdentifier.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObjectIdentifier.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObjectIdentifier.java
new file mode 100644
index 0000000..f53153f
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERObjectIdentifier.java
@@ -0,0 +1,245 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.math.BigInteger;
+
+public class DERObjectIdentifier
+ extends ASN1Object {
+ String identifier;
+
+ /**
+ * return an OID from the passed in object
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERObjectIdentifier getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERObjectIdentifier) {
+ return (DERObjectIdentifier) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERObjectIdentifier(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return an Object Identifier from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERObjectIdentifier getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+
+ DERObjectIdentifier(
+ byte[] bytes) {
+ StringBuffer objId = new StringBuffer();
+ long value = 0;
+ BigInteger bigValue = null;
+ boolean first = true;
+
+ for (int i = 0; i != bytes.length; i++) {
+ int b = bytes[i] & 0xff;
+
+ if (value < 0x80000000000000L) {
+ value = value * 128 + (b & 0x7f);
+ if ((b & 0x80) == 0) // end of number reached
+ {
+ if (first) {
+ switch ((int) value / 40) {
+ case 0:
+ objId.append('0');
+ break;
+ case 1:
+ objId.append('1');
+ value -= 40;
+ break;
+ default:
+ objId.append('2');
+ value -= 80;
+ }
+ first = false;
+ }
+
+ objId.append('.');
+ objId.append(value);
+ value = 0;
+ }
+ } else {
+ if (bigValue == null) {
+ bigValue = BigInteger.valueOf(value);
+ }
+ bigValue = bigValue.shiftLeft(7);
+ bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f));
+ if ((b & 0x80) == 0) {
+ objId.append('.');
+ objId.append(bigValue);
+ bigValue = null;
+ value = 0;
+ }
+ }
+ }
+
+ this.identifier = objId.toString();
+ }
+
+ public DERObjectIdentifier(
+ String identifier) {
+ if (!isValidIdentifier(identifier)) {
+ throw new IllegalArgumentException("string " + identifier + " not an OID");
+ }
+
+ this.identifier = identifier;
+ }
+
+ public String getId() {
+ return identifier;
+ }
+
+ private void writeField(
+ OutputStream out,
+ long fieldValue)
+ throws IOException {
+ if (fieldValue >= (1L << 7)) {
+ if (fieldValue >= (1L << 14)) {
+ if (fieldValue >= (1L << 21)) {
+ if (fieldValue >= (1L << 28)) {
+ if (fieldValue >= (1L << 35)) {
+ if (fieldValue >= (1L << 42)) {
+ if (fieldValue >= (1L << 49)) {
+ if (fieldValue >= (1L << 56)) {
+ out.write((int) (fieldValue >> 56) | 0x80);
+ }
+ out.write((int) (fieldValue >> 49) | 0x80);
+ }
+ out.write((int) (fieldValue >> 42) | 0x80);
+ }
+ out.write((int) (fieldValue >> 35) | 0x80);
+ }
+ out.write((int) (fieldValue >> 28) | 0x80);
+ }
+ out.write((int) (fieldValue >> 21) | 0x80);
+ }
+ out.write((int) (fieldValue >> 14) | 0x80);
+ }
+ out.write((int) (fieldValue >> 7) | 0x80);
+ }
+ out.write((int) fieldValue & 0x7f);
+ }
+
+ private void writeField(
+ OutputStream out,
+ BigInteger fieldValue)
+ throws IOException {
+ int byteCount = (fieldValue.bitLength() + 6) / 7;
+ if (byteCount == 0) {
+ out.write(0);
+ } else {
+ BigInteger tmpValue = fieldValue;
+ byte[] tmp = new byte[byteCount];
+ for (int i = byteCount - 1; i >= 0; i--) {
+ tmp[i] = (byte) ((tmpValue.intValue() & 0x7f) | 0x80);
+ tmpValue = tmpValue.shiftRight(7);
+ }
+ tmp[byteCount - 1] &= 0x7f;
+ out.write(tmp);
+ }
+
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ OIDTokenizer tok = new OIDTokenizer(identifier);
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ writeField(bOut,
+ Integer.parseInt(tok.nextToken()) * 40
+ + Integer.parseInt(tok.nextToken()));
+
+ while (tok.hasMoreTokens()) {
+ String token = tok.nextToken();
+ if (token.length() < 18) {
+ writeField(bOut, Long.parseLong(token));
+ } else {
+ writeField(bOut, new BigInteger(token));
+ }
+ }
+
+ dOut.close();
+
+ byte[] bytes = bOut.toByteArray();
+
+ out.writeEncoded(OBJECT_IDENTIFIER, bytes);
+ }
+
+ public int hashCode() {
+ return identifier.hashCode();
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERObjectIdentifier)) {
+ return false;
+ }
+
+ return identifier.equals(((DERObjectIdentifier) o).identifier);
+ }
+
+ public String toString() {
+ return getId();
+ }
+
+ private static boolean isValidIdentifier(
+ String identifier) {
+ if (identifier.length() < 3
+ || identifier.charAt(1) != '.') {
+ return false;
+ }
+
+ char first = identifier.charAt(0);
+ if (first < '0' || first > '2') {
+ return false;
+ }
+
+ boolean periodAllowed = false;
+ for (int i = identifier.length() - 1; i >= 2; i--) {
+ char ch = identifier.charAt(i);
+
+ if ('0' <= ch && ch <= '9') {
+ periodAllowed = true;
+ continue;
+ }
+
+ if (ch == '.') {
+ if (!periodAllowed) {
+ return false;
+ }
+
+ periodAllowed = false;
+ continue;
+ }
+
+ return false;
+ }
+
+ return periodAllowed;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROctetString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROctetString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROctetString.java
new file mode 100644
index 0000000..113a99c
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROctetString.java
@@ -0,0 +1,23 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+public class DEROctetString
+ extends ASN1OctetString {
+ /** @param string the octets making up the octet string. */
+ public DEROctetString(
+ byte[] string) {
+ super(string);
+ }
+
+ public DEROctetString(
+ DEREncodable obj) {
+ super(obj);
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(OCTET_STRING, string);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROutputStream.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROutputStream.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROutputStream.java
new file mode 100644
index 0000000..4a85500
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DEROutputStream.java
@@ -0,0 +1,73 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class DEROutputStream
+ extends FilterOutputStream implements DERTags {
+ public DEROutputStream(
+ OutputStream os) {
+ super(os);
+ }
+
+ private void writeLength(
+ int length)
+ throws IOException {
+ if (length > 127) {
+ int size = 1;
+ int val = length;
+
+ while ((val >>>= 8) != 0) {
+ size++;
+ }
+
+ write((byte) (size | 0x80));
+
+ for (int i = (size - 1) * 8; i >= 0; i -= 8) {
+ write((byte) (length >> i));
+ }
+ } else {
+ write((byte) length);
+ }
+ }
+
+ void writeEncoded(
+ int tag,
+ byte[] bytes)
+ throws IOException {
+ write(tag);
+ writeLength(bytes.length);
+ write(bytes);
+ }
+
+ protected void writeNull()
+ throws IOException {
+ write(NULL);
+ write(0x00);
+ }
+
+ public void write(byte[] buf)
+ throws IOException {
+ out.write(buf, 0, buf.length);
+ }
+
+ public void write(byte[] buf, int offSet, int len)
+ throws IOException {
+ out.write(buf, offSet, len);
+ }
+
+ public void writeObject(
+ Object obj)
+ throws IOException {
+ if (obj == null) {
+ writeNull();
+ } else if (obj instanceof DERObject) {
+ ((DERObject) obj).encode(this);
+ } else if (obj instanceof DEREncodable) {
+ ((DEREncodable) obj).getDERObject().encode(this);
+ } else {
+ throw new IOException("object not DEREncodable");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERPrintableString.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERPrintableString.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERPrintableString.java
new file mode 100644
index 0000000..48bd5c7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/asn1/DERPrintableString.java
@@ -0,0 +1,172 @@
+package org.apache.commons.ssl.asn1;
+
+import java.io.IOException;
+
+/** DER PrintableString object. */
+public class DERPrintableString
+ extends ASN1Object
+ implements DERString {
+ String string;
+
+ /**
+ * return a printable string from the passed in object.
+ *
+ * @throws IllegalArgumentException if the object cannot be converted.
+ */
+ public static DERPrintableString getInstance(
+ Object obj) {
+ if (obj == null || obj instanceof DERPrintableString) {
+ return (DERPrintableString) obj;
+ }
+
+ if (obj instanceof ASN1OctetString) {
+ return new DERPrintableString(((ASN1OctetString) obj).getOctets());
+ }
+
+ if (obj instanceof ASN1TaggedObject) {
+ return getInstance(((ASN1TaggedObject) obj).getObject());
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+ }
+
+ /**
+ * return a Printable String from a tagged object.
+ *
+ * @param obj the tagged object holding the object we want
+ * @param explicit true if the object is meant to be explicitly
+ * tagged false otherwise.
+ * @throws IllegalArgumentException if the tagged object cannot
+ * be converted.
+ */
+ public static DERPrintableString getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit) {
+ return getInstance(obj.getObject());
+ }
+
+ /** basic constructor - byte encoded string. */
+ public DERPrintableString(
+ byte[] string) {
+ char[] cs = new char[string.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ cs[i] = (char) (string[i] & 0xff);
+ }
+
+ this.string = new String(cs);
+ }
+
+ /** basic constructor - this does not validate the string */
+ public DERPrintableString(
+ String string) {
+ this(string, false);
+ }
+
+ /**
+ * Constructor with optional validation.
+ *
+ * @param string the base string to wrap.
+ * @param validate whether or not to check the string.
+ * @throws IllegalArgumentException if validate is true and the string
+ * contains characters that should not be in a PrintableString.
+ */
+ public DERPrintableString(
+ String string,
+ boolean validate) {
+ if (validate && !isPrintableString(string)) {
+ throw new IllegalArgumentException("string contains illegal characters");
+ }
+
+ this.string = string;
+ }
+
+ public String getString() {
+ return string;
+ }
+
+ public byte[] getOctets() {
+ char[] cs = string.toCharArray();
+ byte[] bs = new byte[cs.length];
+
+ for (int i = 0; i != cs.length; i++) {
+ bs[i] = (byte) cs[i];
+ }
+
+ return bs;
+ }
+
+ void encode(
+ DEROutputStream out)
+ throws IOException {
+ out.writeEncoded(PRINTABLE_STRING, this.getOctets());
+ }
+
+ public int hashCode() {
+ return this.getString().hashCode();
+ }
+
+ boolean asn1Equals(
+ DERObject o) {
+ if (!(o instanceof DERPrintableString)) {
+ return false;
+ }
+
+ DERPrintableString s = (DERPrintableString) o;
+
+ return this.getString().equals(s.getString());
+ }
+
+ public String toString() {
+ return string;
+ }
+
+ /**
+ * return true if the passed in String can be represented without
+ * loss as a PrintableString, false otherwise.
+ *
+ * @return true if in printable set, false otherwise.
+ */
+ public static boolean isPrintableString(
+ String str) {
+ for (int i = str.length() - 1; i >= 0; i--) {
+ char ch = str.charAt(i);
+
+ if (ch > 0x007f) {
+ return false;
+ }
+
+ if ('a' <= ch && ch <= 'z') {
+ continue;
+ }
+
+ if ('A' <= ch && ch <= 'Z') {
+ continue;
+ }
+
+ if ('0' <= ch && ch <= '9') {
+ continue;
+ }
+
+ switch (ch) {
+ case ' ':
+ case '\'':
+ case '(':
+ case ')':
+ case '+':
+ case '-':
+ case '.':
+ case ':':
+ case '=':
+ case '?':
+ case '/':
+ case ',':
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+}