You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/10 14:31:12 UTC
[28/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem b/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem
new file mode 100644
index 0000000..5ddca1e
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/two-crls.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINjCCBx6gAwIBAgIKB3SNcwAAAAAAlDANBgkqhkiG9w0BAQUFADCBojELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xKjAoBgNVBAMTIVVTRVJUUlVTVCAtIFNlcnZlciBB
+dXRoZW50aWNhdGlvbjAeFw0wNTA0MDUxODM1MDZaFw0wNzAzMDYwMzIyMDRaMHYx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxEjAQBgNVBAoTCVVTRVJUUlVTVDERMA8GA1UECxMIREFUQUNvcnAxGjAYBgNV
+BAMTEXd3dy51c2VydHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1yFt+Fjn7VJaPv7lv5IyQTjx7mFv2myDOci0sf13SjWo6D8Lv/8tC7Xt
+VoDXyonDY4ulBu2wIoKNocbtyNQGjb7RaYMxpxMrFydypIWXVfz3yuvJr74ZeGc1
+0X+vLTzThsQe/QLkqxDq0btjGfuaYe0wfogOGh6nptWNAiCvvrAO9TBE4NW5q7F2
+ZZQD/MhVgG2o+rGUOL7ieEWNtX7P596hCUaji6t2UIVQXViReCGjot0dw9wLGJ38
+hLIX+KdI5arB00ODSeo1X+EobDOpL6xiIh1vRJS7Cb59/cXk/P+STGOXVlP+d1xT
+W66rfYuvdKzqMICxbghXhQF9tD0mZQIDAQABo4IElzCCBJMwCwYDVR0PBAQDAgG4
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSgPNyE/1EGrMbLIevLBQfX
+EMJo5jCB0wYDVR0jBIHLMIHIgBR1ASiXxkYbNG7ooJEVcZJ57rcDzqGBnaSBmjCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmWCEAAVbCcaVP6zgr6vVP70ooswDAYDVR0TAQH/BAIwADCBkwYDVR0f
+BIGLMIGIMEGgP6A9hjtodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRSVVNU
+LVNlcnZlckF1dGhlbnRpY2F0aW9uLmNybDBDoEGgP4Y9aHR0cDovL3d3dy51dG5z
+ZWN1cml0eS5jb20vVVNFUlRSVVNULVNlcnZlckF1dGhlbnRpY2F0aW9uLmNybDCB
+tAYIKwYBBQUHAQEEgacwgaQwTwYIKwYBBQUHMAKGQ2h0dHA6Ly93d3cudXNlcnRy
+dXN0LmNvbS9DQUNlcnRzL1VTRVJUUlVTVC1TZXJ2ZXJBdXRoZW50aWNhdGlvbi5j
+cnQwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cudXRuc2VjdXJpdHkuY29tL0NBQ2Vy
+dHMvVVNFUlRSVVNULVNlcnZlckF1dGhlbnRpY2F0aW9uLmNydDCCAh0GA1UdIASC
+AhQwggIQMIICDAYIKoZIhvpfAQEwggH+MCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3
+LnVzZXJ0cnVzdC5jb20vQ1BTMIIB0AYIKwYBBQUHAgIwggHCGoIBvlRoaXMgY2Vy
+dGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2Ug
+aXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFVTRVJGaXJzdCBDZXJ0aWZpY2F0
+aW9uIFByYWN0aWNlcyBTdGF0ZW1lbnQgKENQUykuIFB1cnN1YW50IHRvIHRoZSBD
+UFMsIFV0YWggU3RhdGUgbGF3LCBhbmQgRmVkZXJhbCBsYXcsIGNlcnRhaW4gd2Fy
+cmFudGllcyBhcmUgZGlzY2xhaW1lZCBhbmQgbGlhYmlsaXR5IGlzIGxpbWl0ZWQu
+IENvcGllcyBvZiB0aGUgQ1BTIGFyZSBhdmFpbGFibGUgYXQ6IGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbS9DUFM7IG9yIGJ5IG1haWwgYXQgVVNFUlRydXN0LCBJbmMu
+LCAyNjUgRWFzdCAxMDAgU291dGgsIFNhbHQgTGFrZSBDaXR5LCBVVCA4NDExMS4g
+Q29weXJpZ2h0KGMpIDIwMDIgVVNFUlRydXN0LCBJbmMuIEFsbCBSaWdodHMgUmVz
+ZXJ2ZWQuMA0GCSqGSIb3DQEBBQUAA4IBAQDPZpUYi6Nz5wSo+hbzYmBKJvG1N7PN
+etSdYz+h7lIwKZ56sue6oPm/T5VjY7upz8W5GL1q5YLNOr836pxXvNgg2L4ajPUA
+nq3EZtNgkt0iZmGISQwFcgUDnYJ4L56c84vXlreLS2xAD3rL+XeIE/d08OcxLpSB
+udQKfNEd84tM564hEkD5ah99qJbckBFqRNf89ZijW7xPUavbhGStaeaCvdllekRD
+ZYtppwGMlA1Lw74p74GpgAwzRtc3vkya4Ls/FZ7d7/R/cOkLX+MYp6SAi+GsHEYz
+55ACEUNhFU6X6sIkhFgxqDe0hL/AcKCV+WTJ0pSGXCFdUbPGsPQCy3ck
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem
new file mode 100644
index 0000000..c7601e9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:90
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:31:41 2006 GMT
+ Not After : Nov 5 15:31:41 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b7:8d:19:84:c9:ae:ac:40:29:26:89:e5:0b:72:fc:7c:cf:3d:
+ 5e:b8:29:3d:7d:27:b3:ec:11:2d:92:2f:3e:76:67:cc:5d:ed:
+ ca:ee:c1:f4:94:8f:1f:e2:32:51:d2:b6:d2:0a:3a:66:09:02:
+ d8:9b:30:b7:37:10:4a:78:93:96:d1:17:23:34:1a:4e:73:62:
+ 65:18:ef:5a:b9:7b:f6:18:33:f8:21:88:97:12:52:c9:e9:54:
+ aa:73:c5:af:0e:29:2f:d0:99:82:09:69:b4:66:06:be:6d:96:
+ d1:fc:45:8d:e4:37:84:b4:57:45:f3:5e:42:2e:92:59:35:c6:
+ 30:89:8c:06:cb:f0:95:43:bc:36:4e:75:e5:1b:e9:ab:69:93:
+ b3:fa:8c:2b:f9:c2:fa:27:f6:5e:b1:b7:44:59:f8:e8:4b:5f:
+ 9c:50:48:44:1f:09:4d:ac:0b:bc:8e:56:76:52:a4:a0:b2:44:
+ 96:96:16:1d:31:30:0f:f4:23:c7:89:4b:fd:37:b1:5c:4f:9f:
+ 08:b6:ff:c8:e1:f2:91:10:83:50:62:30:e9:bd:07:31:49:a4:
+ d8:6f:d7:6b:e6:c0:78:58:b3:60:96:4e:f3:c4:3b:4c:f3:41:
+ f9:d7:c5:6f:8a:14:dc:3f:b1:47:2f:e1:a7:ea:0e:23:e5:f9:
+ 08:f7:cf:92
+-----BEGIN CERTIFICATE-----
+MIIERjCCAy6gAwIBAgIJAIz+EYMBU6aQMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1MzE0MVoXDTI4MTEwNTE1MzE0MVowgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxMHZm9vLmNvbTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
+hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FJ8Ud78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNS
+yoemDT4NMA0GCSqGSIb3DQEBBQUAA4IBAQC3jRmEya6sQCkmieULcvx8zz1euCk9
+fSez7BEtki8+dmfMXe3K7sH0lI8f4jJR0rbSCjpmCQLYmzC3NxBKeJOW0RcjNBpO
+c2JlGO9auXv2GDP4IYiXElLJ6VSqc8WvDikv0JmCCWm0Zga+bZbR/EWN5DeEtFdF
+815CLpJZNcYwiYwGy/CVQ7w2TnXlG+mraZOz+owr+cL6J/ZesbdEWfjoS1+cUEhE
+HwlNrAu8jlZ2UqSgskSWlhYdMTAP9CPHiUv9N7FcT58Itv/I4fKREINQYjDpvQcx
+SaTYb9dr5sB4WLNglk7zxDtM80H518VvihTcP7FHL+Gn6g4j5fkI98+S
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem
new file mode 100644
index 0000000..04c9ddc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:91
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:36:29 2006 GMT
+ Not After : Nov 5 15:36:29 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:bar.com
+ Signature Algorithm: sha1WithRSAEncryption
+ 75:0c:a9:ac:d6:41:99:59:ef:b9:55:a3:57:8d:ac:7b:2f:cf:
+ 4d:f9:18:4a:12:70:cb:58:f4:fe:37:05:65:1f:f2:a5:95:28:
+ be:98:87:18:33:b5:0e:02:f7:63:72:0f:cd:54:36:ea:e8:54:
+ b1:2c:3a:1b:48:06:46:26:81:0d:ef:f4:2d:47:25:5d:9a:09:
+ cd:75:f5:aa:94:b9:e4:e6:9d:c5:6e:f7:6e:bc:e2:4b:4b:31:
+ 46:01:ab:64:4f:dd:de:0e:64:92:2a:3a:20:40:f8:ec:e3:fa:
+ c1:89:e5:99:9e:c4:28:ff:5c:aa:35:b0:96:7b:c7:9e:75:1c:
+ 67:64:ac:72:82:cd:62:cf:6b:37:d7:1c:a7:cb:6e:ab:66:f2:
+ f3:c3:b2:84:ac:06:8c:97:e1:3a:e7:6a:7d:33:59:70:3c:d1:
+ 1f:1e:05:ce:6e:d4:b1:56:b2:71:5c:38:b8:39:a1:10:72:6b:
+ 02:c9:8c:3e:98:ff:f9:74:4a:f7:fe:36:db:1a:be:f1:b7:3a:
+ 1e:88:dd:b5:b0:b2:ba:0f:df:bc:16:6f:66:a4:17:4a:65:3c:
+ 9b:c2:15:70:c9:96:33:3d:19:40:ef:1e:7b:74:24:04:73:19:
+ 7c:2c:bb:3f:f9:2b:55:b5:b1:fe:e1:13:22:65:2e:f8:d6:60:
+ db:67:b0:13
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIJAIz+EYMBU6aRMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1MzYyOVoXDTI4MTEwNTE1MzYyOVowgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxMHZm9vLmNvbTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaOBkDCBjTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuz
+A1LKh6YNPg0wEgYDVR0RBAswCYIHYmFyLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+dQyprNZBmVnvuVWjV42sey/PTfkYShJwy1j0/jcFZR/ypZUovpiHGDO1DgL3Y3IP
+zVQ26uhUsSw6G0gGRiaBDe/0LUclXZoJzXX1qpS55OadxW73brziS0sxRgGrZE/d
+3g5kkio6IED47OP6wYnlmZ7EKP9cqjWwlnvHnnUcZ2SscoLNYs9rN9ccp8tuq2by
+88OyhKwGjJfhOudqfTNZcDzRHx4Fzm7UsVaycVw4uDmhEHJrAsmMPpj/+XRK9/42
+2xq+8bc6HojdtbCyug/fvBZvZqQXSmU8m8IVcMmWMz0ZQO8ee3QkBHMZfCy7P/kr
+VbWx/uETImUu+NZg22ewEw==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem
new file mode 100644
index 0000000..4e80578
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_foo_bar_hanako.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:92
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:38:13 2006 GMT
+ Not After : Nov 5 15:38:13 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:bar.com, DNS:花子.co.jp
+ Signature Algorithm: sha1WithRSAEncryption
+ 5e:66:ce:d9:21:8c:8a:b5:d9:d5:c5:5b:dd:2e:0c:32:48:43:
+ ce:13:8a:41:49:78:a2:ed:76:2f:d1:0f:50:52:f1:bf:fb:e8:
+ 05:19:08:7c:f4:78:40:07:30:35:99:55:23:1f:97:49:4d:0a:
+ 92:2c:5b:d1:7e:a4:c7:a8:ba:71:4b:14:96:a8:c1:e7:bd:13:
+ 38:70:f0:64:21:1a:7f:5e:53:0a:3e:55:da:75:8b:49:2c:f4:
+ e0:a5:b8:2f:ba:50:35:89:c9:02:f4:4c:25:35:85:a7:a3:06:
+ 78:bb:19:df:b0:c8:21:5b:81:ec:90:1a:9a:57:e3:e7:43:c6:
+ 6f:cb:72:f4:d7:67:3b:0a:0e:26:28:a4:b9:a5:bd:47:75:1b:
+ a2:0f:6a:29:67:e1:dc:ef:b8:11:40:bb:ed:58:d4:bc:8d:0b:
+ dd:fe:24:db:87:a7:ee:bd:32:9f:00:e1:68:5f:0d:b6:b1:62:
+ 0a:1d:8a:e6:84:22:11:b2:15:0d:a2:11:97:bf:9d:26:da:8f:
+ b5:c3:da:16:99:0e:83:92:ae:e5:0a:37:d7:7d:40:78:c0:86:
+ e0:80:98:e9:c8:4b:5b:36:a0:6d:8f:83:02:db:1e:6b:7e:c2:
+ ca:2a:a4:e8:2a:63:44:ee:91:44:82:ac:1e:f3:ff:c0:6a:bd:
+ 5b:f9:08:fe
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIJAIz+EYMBU6aSMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1MzgxM1oXDTI4MTEwNTE1MzgxM1owgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxMHZm9vLmNvbTElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaOBnjCBmzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuz
+A1LKh6YNPg0wIAYDVR0RBBkwF4IHYmFyLmNvbYIM6Iqx5a2QLmNvLmpwMA0GCSqG
+SIb3DQEBBQUAA4IBAQBeZs7ZIYyKtdnVxVvdLgwySEPOE4pBSXii7XYv0Q9QUvG/
+++gFGQh89HhABzA1mVUjH5dJTQqSLFvRfqTHqLpxSxSWqMHnvRM4cPBkIRp/XlMK
+PlXadYtJLPTgpbgvulA1ickC9EwlNYWnowZ4uxnfsMghW4HskBqaV+PnQ8Zvy3L0
+12c7Cg4mKKS5pb1HdRuiD2opZ+Hc77gRQLvtWNS8jQvd/iTbh6fuvTKfAOFoXw22
+sWIKHYrmhCIRshUNohGXv50m2o+1w9oWmQ6Dkq7lCjfXfUB4wIbggJjpyEtbNqBt
+j4MC2x5rfsLKKqToKmNE7pFEgqwe8//Aar1b+Qj+
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem
new file mode 100644
index 0000000..548c546
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_hanako.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:93
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 15:42:15 2006 GMT
+ Not After : Nov 5 15:42:15 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=\xE8\x8A\xB1\xE5\xAD\x90.co.jp/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b2:76:ee:2d:e8:91:5f:ca:be:50:e9:e8:a3:08:0f:78:1d:21:
+ 39:7a:f0:fc:88:b7:3c:f1:f9:2a:ae:17:c8:1a:84:c8:74:d7:
+ a3:57:ef:7c:ff:a1:56:68:55:43:5d:7e:d9:5a:f3:03:d4:07:
+ 51:b0:22:40:27:1a:48:50:f4:b1:ca:b2:90:5d:6d:18:82:8f:
+ 48:0c:98:b0:ac:5f:c4:ab:8c:5b:eb:ed:c6:1b:d9:c2:ba:27:
+ f7:c9:7b:dd:a5:d6:d8:3f:ed:8e:28:ed:5f:ec:e0:90:5e:fd:
+ cc:bd:53:dc:3c:6b:47:2d:b8:39:84:04:28:02:ef:ce:09:30:
+ 3b:53:eb:b9:25:45:fa:ff:d8:b9:6a:5a:19:4e:12:ae:e9:50:
+ 5c:51:2d:b8:69:aa:e6:80:1d:23:a3:98:87:16:9d:5a:70:f4:
+ 1b:0e:ee:a7:b8:ea:18:9d:82:7d:fd:84:a8:75:5a:32:8a:d9:
+ 57:0b:ff:76:11:b0:2e:30:52:2d:0f:06:d1:56:e9:27:0c:0a:
+ e3:21:80:84:57:48:f5:39:e5:16:9e:50:89:4e:74:f8:e3:af:
+ 54:94:35:61:88:77:5a:c3:ed:6d:7a:49:ca:70:9e:49:e7:df:
+ 5d:05:37:11:4c:1d:52:34:19:31:85:90:d7:64:8a:53:42:14:
+ 97:08:a1:10
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIJAIz+EYMBU6aTMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE1NDIxNVoXDTI4MTEwNTE1NDIxNVowgakx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEUMBIGA1UEBwwLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoMDmh0dHBjb21wb25lbnRzMRowGAYDVQQLDBF0ZXN0IGNl
+cnRpZmljYXRlczEVMBMGA1UEAwwM6Iqx5a2QLmNvLmpwMSUwIwYJKoZIhvcNAQkB
+FhZqdWxpdXNkYXZpZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjU
+g4pNjYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQc
+wHf0ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t
+7iu1JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAn
+AxK6q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArD
+qUYxqJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABo3sweTAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLS
+rNuzA1LKh6YNPg0wDQYJKoZIhvcNAQEFBQADggEBALJ27i3okV/KvlDp6KMID3gd
+ITl68PyItzzx+SquF8gahMh016NX73z/oVZoVUNdftla8wPUB1GwIkAnGkhQ9LHK
+spBdbRiCj0gMmLCsX8SrjFvr7cYb2cK6J/fJe92l1tg/7Y4o7V/s4JBe/cy9U9w8
+a0ctuDmEBCgC784JMDtT67klRfr/2LlqWhlOEq7pUFxRLbhpquaAHSOjmIcWnVpw
+9BsO7qe46hidgn39hKh1WjKK2VcL/3YRsC4wUi0PBtFW6ScMCuMhgIRXSPU55Rae
+UIlOdPjjr1SUNWGId1rD7W16Scpwnknn310FNxFMHVI0GTGFkNdkilNCFJcIoRA=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem
new file mode 100644
index 0000000..5e77ce4
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_no_cns_foo.pem
@@ -0,0 +1,87 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:98
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:26:10 2006 GMT
+ Not After : Nov 5 16:26:10 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:foo.com
+ Signature Algorithm: sha1WithRSAEncryption
+ 8e:5e:fc:a0:c8:f3:15:db:0c:cb:a1:75:b0:68:3f:22:43:bc:
+ b4:5e:72:52:03:e0:15:8a:ec:e3:5c:b3:01:c6:bb:21:0b:ba:
+ 1b:da:ad:14:32:73:ff:b7:a1:87:ff:47:a0:6f:a8:a8:20:88:
+ 1c:fb:88:3a:64:bb:49:dd:30:9e:4c:89:63:b6:34:e2:35:57:
+ 21:bd:da:e9:fe:80:80:19:04:14:fd:67:39:3d:33:ea:48:d3:
+ ee:f9:00:e4:b2:76:cb:73:22:0d:c5:ee:44:d3:12:b5:ae:4f:
+ 61:59:eb:5f:c6:99:ca:2a:95:50:d8:b8:d2:97:ae:67:64:7c:
+ 98:05:12:06:f5:a0:0f:bc:f6:a9:68:45:f1:88:03:6f:bc:16:
+ 68:58:e0:e7:72:37:ea:f5:8a:9f:dd:19:12:d8:b7:c0:d0:b0:
+ a8:05:6a:8b:13:3e:27:4a:89:99:04:ad:80:07:39:de:2d:9a:
+ 4c:cb:c0:42:ed:c0:de:c9:ef:1f:f3:c7:4c:1a:3e:e5:42:fb:
+ da:7f:52:d6:46:72:34:2b:15:7f:54:28:9f:c8:ca:4e:24:6b:
+ 88:43:3e:7c:c1:65:72:04:0f:db:ce:04:04:5c:d8:1f:20:97:
+ 15:bf:4e:fe:13:23:2b:6f:ba:99:8f:5e:b8:c0:75:53:56:85:
+ 17:33:3f:06
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIJAIz+EYMBU6aYMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MjYxMFoXDTI4MTEwNTE2MjYxMFowgZIx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEUMBIGA1UEBwwLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoMDmh0dHBjb21wb25lbnRzMRowGAYDVQQLDBF0ZXN0IGNl
+cnRpZmljYXRlczElMCMGCSqGSIb3DQEJARYWanVsaXVzZGF2aWVzQGdtYWlsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhjr5aCPoyp0R1iroWA
+fnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2BlYho4O84X244QrZTRl8kQbYt
+xnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRyzerA/ZtrlUqf+lKo0uWcocxe
+Rc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY07hNKXAb2odnVqgzcYiDkLV8
+ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8BqnGd87xQU3FVZI4tbtkB+Kz
+jD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiVJTxpTKqym93whYk93l3ocEe5
+5c0CAwEAAaOBkDCBjTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnxR3vz86tso4gkJIFiza
+0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuzA1LKh6YNPg0wEgYDVR0RBAsw
+CYIHZm9vLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAjl78oMjzFdsMy6F1sGg/IkO8
+tF5yUgPgFYrs41yzAca7IQu6G9qtFDJz/7ehh/9HoG+oqCCIHPuIOmS7Sd0wnkyJ
+Y7Y04jVXIb3a6f6AgBkEFP1nOT0z6kjT7vkA5LJ2y3MiDcXuRNMSta5PYVnrX8aZ
+yiqVUNi40peuZ2R8mAUSBvWgD7z2qWhF8YgDb7wWaFjg53I36vWKn90ZEti3wNCw
+qAVqixM+J0qJmQStgAc53i2aTMvAQu3A3snvH/PHTBo+5UL72n9S1kZyNCsVf1Qo
+n8jKTiRriEM+fMFlcgQP284EBFzYHyCXFb9O/hMjK2+6mY9euMB1U1aFFzM/Bg==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem
new file mode 100644
index 0000000..a57ef79
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_three_cns_foo_bar_hanako.pem
@@ -0,0 +1,86 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:97
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:19:45 2006 GMT
+ Not After : Nov 5 16:19:45 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=foo.com, CN=bar.com, CN=\xE8\x8A\xB1\xE5\xAD\x90.co.jp/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6b:99:6f:c6:a2:d4:d3:b6:8f:8b:f7:cb:d4:cb:66:f7:79:b3:
+ 4b:e1:e7:f4:c4:ee:7e:d1:5f:ef:14:cb:7e:ce:2f:99:3b:c7:
+ d9:ed:d2:63:35:4f:20:0a:c6:50:9c:63:ef:61:e9:fa:ee:7b:
+ c3:1e:99:92:08:2d:22:2f:32:bb:73:71:ca:8d:cf:45:75:58:
+ a8:00:f8:ea:df:b9:4a:da:6e:69:fe:0b:11:c5:e6:0a:72:ea:
+ 0d:50:b3:62:23:55:85:80:e5:fe:c5:44:e9:ff:27:e0:1d:f2:
+ 02:58:73:56:b3:39:60:8b:42:a4:b2:7e:93:51:2d:2b:d8:12:
+ b8:90:14:45:7a:dd:7b:e4:27:c2:6b:1b:ad:9b:fb:63:93:da:
+ 5a:93:e0:e3:b4:ee:04:8f:7a:da:69:76:54:9a:f0:d0:52:28:
+ fe:80:ae:8f:51:21:7d:59:8d:46:50:4a:94:05:09:fa:34:d8:
+ d3:b4:b8:d4:43:3d:47:49:c7:68:6e:c9:c7:4d:6f:e0:17:1d:
+ a3:bb:79:77:af:0c:b2:7e:42:7a:88:98:8c:f1:5a:26:3a:cc:
+ b3:9d:ce:38:c8:54:13:24:2c:79:a7:3f:b4:a3:19:24:37:5c:
+ 0e:01:ca:b4:0e:c5:f3:94:4f:22:f2:13:b3:6e:7a:68:47:a6:
+ 9b:90:3f:11
+-----BEGIN CERTIFICATE-----
+MIIEbzCCA1egAwIBAgIJAIz+EYMBU6aXMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTk0NVoXDTI4MTEwNTE2MTk0NVowgc0x
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDEUMBIGA1UEBwwLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoMDmh0dHBjb21wb25lbnRzMRowGAYDVQQLDBF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAwwHZm9vLmNvbTEQMA4GA1UEAwwHYmFyLmNvbTEV
+MBMGA1UEAwwM6Iqx5a2QLmNvLmpwMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGOv
+loI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjUg4pNjYGViGjg7zhf
+bjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQcwHf0ZHLN6sD9m2uV
+Sp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t7iu1JVjTuE0pcBva
+h2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAnAxK6q/wGqcZ3zvFB
+TcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArDqUYxqJUlPGlMqrKb
+3fCFiT3eXehwR7nlzQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnxR3vz86
+tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuzA1LKh6YNPg0w
+DQYJKoZIhvcNAQEFBQADggEBAGuZb8ai1NO2j4v3y9TLZvd5s0vh5/TE7n7RX+8U
+y37OL5k7x9nt0mM1TyAKxlCcY+9h6frue8MemZIILSIvMrtzccqNz0V1WKgA+Orf
+uUrabmn+CxHF5gpy6g1Qs2IjVYWA5f7FROn/J+Ad8gJYc1azOWCLQqSyfpNRLSvY
+EriQFEV63XvkJ8JrG62b+2OT2lqT4OO07gSPetppdlSa8NBSKP6Aro9RIX1ZjUZQ
+SpQFCfo02NO0uNRDPUdJx2huycdNb+AXHaO7eXevDLJ+QnqImIzxWiY6zLOdzjjI
+VBMkLHmnP7SjGSQ3XA4ByrQOxfOUTyLyE7NuemhHppuQPxE=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem
new file mode 100644
index 0000000..1dc9ae7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_co_jp.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:95
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:16:30 2006 GMT
+ Not After : Nov 5 16:16:30 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=*.co.jp/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 34:b1:68:25:56:53:31:db:33:46:bd:4a:85:0b:bd:d7:b5:11:
+ 30:8a:2e:77:09:f3:0c:ea:6b:5f:db:e7:f7:93:f7:7c:29:78:
+ 4b:37:24:ab:83:c4:51:94:dd:75:ce:09:a9:3d:a2:ed:6d:d4:
+ cb:ae:61:b8:51:d0:07:1d:8a:fc:3b:8c:b6:04:19:84:d5:cc:
+ 4d:7c:6c:71:79:c8:60:17:c1:d7:d7:44:15:e1:d9:32:ce:9e:
+ 99:d5:c7:f0:bc:27:8c:ad:3e:46:fd:5d:69:7a:36:a0:a3:46:
+ b2:5f:1f:86:3c:b6:d6:94:d7:99:4b:e2:a5:d2:6d:e9:f9:0a:
+ 65:5e:e8:ed:c0:6e:5f:61:c2:29:68:6a:62:62:b6:81:2f:1d:
+ d3:69:d8:a1:df:d4:0d:eb:90:a7:02:1f:f3:44:38:4b:09:4c:
+ ca:ca:df:65:50:63:cb:11:40:f3:44:73:0f:1c:b9:d2:a9:3d:
+ 67:e5:45:39:50:34:72:b5:b8:c9:3d:7c:c5:fa:5f:fe:59:92:
+ 2c:6a:77:9f:58:bb:31:9e:48:00:b9:97:bf:a0:c3:05:10:93:
+ 2b:c8:4c:ce:8e:0e:13:7e:e7:39:a8:cd:04:5e:83:dc:43:f2:
+ 65:85:e6:b1:67:8d:29:d8:8c:87:a9:bb:16:57:83:11:62:e1:
+ 47:e1:b9:0c
+-----BEGIN CERTIFICATE-----
+MIIERjCCAy6gAwIBAgIJAIz+EYMBU6aVMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTYzMFoXDTI4MTEwNTE2MTYzMFowgaQx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczEQMA4GA1UEAxQHKi5jby5qcDElMCMGCSqGSIb3DQEJARYWanVs
+aXVzZGF2aWVzQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMhjr5aCPoyp0R1iroWAfnEyBMGYWoCidH96yGPFjYLowez5aYKY1IOKTY2B
+lYho4O84X244QrZTRl8kQbYtxnGh4gSCD+Z8gjZ/gMvLUlhqOb+WXPAUHMB39GRy
+zerA/ZtrlUqf+lKo0uWcocxeRc771KN8cPH3nHZ0rV0Hx4ZAZy6U4xxObe4rtSVY
+07hNKXAb2odnVqgzcYiDkLV8ilvEmoNWMWrp8UBqkTcpEhYhCYp3cTkgJwMSuqv8
+BqnGd87xQU3FVZI4tbtkB+KzjD9zz8QCDJAfDjZHR03KNQ5mxOgXwxwKw6lGMaiV
+JTxpTKqym93whYk93l3ocEe55c0CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
+hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FJ8Ud78/OrbKOIJCSBYs2tDLXofYMB8GA1UdIwQYMBaAFHua2o+QmU5S0qzbswNS
+yoemDT4NMA0GCSqGSIb3DQEBBQUAA4IBAQA0sWglVlMx2zNGvUqFC73XtREwii53
+CfMM6mtf2+f3k/d8KXhLNySrg8RRlN11zgmpPaLtbdTLrmG4UdAHHYr8O4y2BBmE
+1cxNfGxxechgF8HX10QV4dkyzp6Z1cfwvCeMrT5G/V1pejago0ayXx+GPLbWlNeZ
+S+Kl0m3p+QplXujtwG5fYcIpaGpiYraBLx3Tadih39QN65CnAh/zRDhLCUzKyt9l
+UGPLEUDzRHMPHLnSqT1n5UU5UDRytbjJPXzF+l/+WZIsanefWLsxnkgAuZe/oMMF
+EJMryEzOjg4Tfuc5qM0EXoPcQ/JlheaxZ40p2IyHqbsWV4MRYuFH4bkM
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem
new file mode 100644
index 0000000..62ecdf3
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo.pem
@@ -0,0 +1,85 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:94
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:15:55 2006 GMT
+ Not After : Nov 5 16:15:55 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=*.foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 7d:22:a4:6e:89:e7:ad:54:29:47:e0:91:e5:bb:1a:f6:30:5b:
+ df:01:37:56:68:a1:65:fe:24:41:19:2b:bf:8f:7f:ff:7a:77:
+ 72:23:d2:bc:3d:00:27:cd:e1:ba:5f:9c:2a:b4:55:43:59:55:
+ 26:01:f8:6b:61:43:6c:d8:bb:3e:ed:7f:f5:18:03:a9:f1:56:
+ 04:7f:22:31:ba:f4:19:ac:06:5f:76:b8:53:bb:25:33:6d:1f:
+ 3b:6e:88:fa:81:9f:9f:69:b7:eb:cd:c7:8c:8f:be:7a:3b:ce:
+ 6c:6c:7c:8e:e3:bf:4c:30:c9:fb:3e:d0:53:66:ec:5c:1d:b0:
+ 2d:64:e3:b1:81:48:e6:86:c3:7f:24:b8:85:56:a9:74:80:6c:
+ be:04:5f:d1:a4:af:21:86:38:a1:8d:87:4a:af:00:43:42:75:
+ 14:81:1b:d6:7a:b7:23:1b:99:f4:58:f9:d2:d2:87:76:bd:27:
+ 0a:04:70:15:2c:a3:a1:16:60:16:a4:2d:ba:b8:9c:6f:e7:bd:
+ 87:58:bc:6f:5e:86:b9:cb:57:06:45:2f:cd:9e:97:74:3f:44:
+ af:79:6e:70:3a:72:e4:42:94:6b:ac:2d:a7:74:7b:a6:e3:90:
+ 1c:f1:fd:54:37:55:aa:c3:12:90:24:4c:b5:06:54:06:b4:08:
+ b5:ed:9f:27
+-----BEGIN CERTIFICATE-----
+MIIESDCCAzCgAwIBAgIJAIz+EYMBU6aUMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTU1NVoXDTI4MTEwNTE2MTU1NVowgaYx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczESMBAGA1UEAxQJKi5mb28uY29tMSUwIwYJKoZIhvcNAQkBFhZq
+dWxpdXNkYXZpZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjUg4pN
+jYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQcwHf0
+ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t7iu1
+JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAnAxK6
+q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArDqUYx
+qJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUnxR3vz86tso4gkJIFiza0Mteh9gwHwYDVR0jBBgwFoAUe5raj5CZTlLSrNuz
+A1LKh6YNPg0wDQYJKoZIhvcNAQEFBQADggEBAH0ipG6J561UKUfgkeW7GvYwW98B
+N1ZooWX+JEEZK7+Pf/96d3Ij0rw9ACfN4bpfnCq0VUNZVSYB+GthQ2zYuz7tf/UY
+A6nxVgR/IjG69BmsBl92uFO7JTNtHztuiPqBn59pt+vNx4yPvno7zmxsfI7jv0ww
+yfs+0FNm7FwdsC1k47GBSOaGw38kuIVWqXSAbL4EX9GkryGGOKGNh0qvAENCdRSB
+G9Z6tyMbmfRY+dLSh3a9JwoEcBUso6EWYBakLbq4nG/nvYdYvG9ehrnLVwZFL82e
+l3Q/RK95bnA6cuRClGusLad0e6bjkBzx/VQ3VarDEpAkTLUGVAa0CLXtnyc=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem
new file mode 100644
index 0000000..2c751b7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/samples/x509/x509_wild_foo_bar_hanako.pem
@@ -0,0 +1,88 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 8c:fe:11:83:01:53:a6:96
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=CA, ST=BC, L=Vancouver, O=www.cucbc.com, OU=commons_ssl, CN=demo_intermediate_ca/emailAddress=juliusdavies@gmail.com
+ Validity
+ Not Before: Dec 11 16:17:31 2006 GMT
+ Not After : Nov 5 16:17:31 2028 GMT
+ Subject: C=US, ST=Maryland, L=Forest Hill, O=httpcomponents, OU=test certificates, CN=*.foo.com/emailAddress=juliusdavies@gmail.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c8:63:af:96:82:3e:8c:a9:d1:1d:62:ae:85:80:
+ 7e:71:32:04:c1:98:5a:80:a2:74:7f:7a:c8:63:c5:
+ 8d:82:e8:c1:ec:f9:69:82:98:d4:83:8a:4d:8d:81:
+ 95:88:68:e0:ef:38:5f:6e:38:42:b6:53:46:5f:24:
+ 41:b6:2d:c6:71:a1:e2:04:82:0f:e6:7c:82:36:7f:
+ 80:cb:cb:52:58:6a:39:bf:96:5c:f0:14:1c:c0:77:
+ f4:64:72:cd:ea:c0:fd:9b:6b:95:4a:9f:fa:52:a8:
+ d2:e5:9c:a1:cc:5e:45:ce:fb:d4:a3:7c:70:f1:f7:
+ 9c:76:74:ad:5d:07:c7:86:40:67:2e:94:e3:1c:4e:
+ 6d:ee:2b:b5:25:58:d3:b8:4d:29:70:1b:da:87:67:
+ 56:a8:33:71:88:83:90:b5:7c:8a:5b:c4:9a:83:56:
+ 31:6a:e9:f1:40:6a:91:37:29:12:16:21:09:8a:77:
+ 71:39:20:27:03:12:ba:ab:fc:06:a9:c6:77:ce:f1:
+ 41:4d:c5:55:92:38:b5:bb:64:07:e2:b3:8c:3f:73:
+ cf:c4:02:0c:90:1f:0e:36:47:47:4d:ca:35:0e:66:
+ c4:e8:17:c3:1c:0a:c3:a9:46:31:a8:95:25:3c:69:
+ 4c:aa:b2:9b:dd:f0:85:89:3d:de:5d:e8:70:47:b9:
+ e5:cd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 9F:14:77:BF:3F:3A:B6:CA:38:82:42:48:16:2C:DA:D0:CB:5E:87:D8
+ X509v3 Authority Key Identifier:
+ keyid:7B:9A:DA:8F:90:99:4E:52:D2:AC:DB:B3:03:52:CA:87:A6:0D:3E:0D
+
+ X509v3 Subject Alternative Name:
+ DNS:*.bar.com, DNS:*.花子.co.jp
+ Signature Algorithm: sha1WithRSAEncryption
+ 68:6d:60:be:0f:9f:e5:c7:a6:21:5f:ae:02:c1:9d:ba:5c:b8:
+ f1:68:4d:12:e3:5e:5a:8d:b0:6a:0c:ae:e5:cf:e4:60:ef:33:
+ 84:dc:6b:13:00:c8:be:95:d5:18:9e:1c:b3:d3:00:e2:5c:1f:
+ 14:c0:a5:e5:d1:20:d3:a0:1d:99:e0:63:a0:a9:08:c0:aa:83:
+ 26:ac:fd:2e:58:1e:98:e9:da:64:7d:dd:6a:0d:15:33:23:5d:
+ b4:cc:f6:20:49:db:17:8c:75:bd:ab:61:fb:ee:25:76:df:c8:
+ 6a:21:4e:ea:0a:f1:33:fa:57:ea:a9:61:18:e7:4e:33:85:83:
+ 65:92:76:d4:9d:1e:76:e4:8b:68:b0:45:70:5c:50:49:4e:46:
+ 77:63:0f:20:83:4d:9c:d7:dc:a2:f1:30:21:e4:b8:b7:01:df:
+ 17:42:69:92:24:c5:81:57:85:ca:a8:5a:f4:00:86:4a:06:58:
+ 3a:35:96:45:7f:fd:1d:3f:dc:dc:2a:1c:d2:ae:25:b6:ed:b6:
+ 34:5d:fc:c0:e8:64:a2:44:35:eb:0e:38:17:ab:a6:da:45:3e:
+ 98:c2:02:20:a6:02:6c:0d:b2:6d:65:f1:e7:57:59:dd:dc:ce:
+ b3:3a:d4:0f:9b:54:c8:42:93:66:30:c3:1d:fc:33:eb:19:c5:
+ 10:7a:b0:f7
+-----BEGIN CERTIFICATE-----
+MIIEcDCCA1igAwIBAgIJAIz+EYMBU6aWMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJDQTELMAkGA1UECBMCQkMxEjAQBgNVBAcTCVZhbmNvdXZlcjEWMBQGA1UE
+ChMNd3d3LmN1Y2JjLmNvbTEUMBIGA1UECxQLY29tbW9uc19zc2wxHTAbBgNVBAMU
+FGRlbW9faW50ZXJtZWRpYXRlX2NhMSUwIwYJKoZIhvcNAQkBFhZqdWxpdXNkYXZp
+ZXNAZ21haWwuY29tMB4XDTA2MTIxMTE2MTczMVoXDTI4MTEwNTE2MTczMVowgaYx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEUMBIGA1UEBxMLRm9yZXN0
+IEhpbGwxFzAVBgNVBAoTDmh0dHBjb21wb25lbnRzMRowGAYDVQQLExF0ZXN0IGNl
+cnRpZmljYXRlczESMBAGA1UEAxQJKi5mb28uY29tMSUwIwYJKoZIhvcNAQkBFhZq
+dWxpdXNkYXZpZXNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAyGOvloI+jKnRHWKuhYB+cTIEwZhagKJ0f3rIY8WNgujB7PlpgpjUg4pN
+jYGViGjg7zhfbjhCtlNGXyRBti3GcaHiBIIP5nyCNn+Ay8tSWGo5v5Zc8BQcwHf0
+ZHLN6sD9m2uVSp/6UqjS5ZyhzF5FzvvUo3xw8fecdnStXQfHhkBnLpTjHE5t7iu1
+JVjTuE0pcBvah2dWqDNxiIOQtXyKW8Sag1YxaunxQGqRNykSFiEJindxOSAnAxK6
+q/wGqcZ3zvFBTcVVkji1u2QH4rOMP3PPxAIMkB8ONkdHTco1DmbE6BfDHArDqUYx
+qJUlPGlMqrKb3fCFiT3eXehwR7nlzQIDAQABo4GiMIGfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBSfFHe/Pzq2yjiCQkgWLNrQy16H2DAfBgNVHSMEGDAWgBR7mtqPkJlOUtKs
+27MDUsqHpg0+DTAkBgNVHREEHTAbggkqLmJhci5jb22CDiou6Iqx5a2QLmNvLmpw
+MA0GCSqGSIb3DQEBBQUAA4IBAQBobWC+D5/lx6YhX64CwZ26XLjxaE0S415ajbBq
+DK7lz+Rg7zOE3GsTAMi+ldUYnhyz0wDiXB8UwKXl0SDToB2Z4GOgqQjAqoMmrP0u
+WB6Y6dpkfd1qDRUzI120zPYgSdsXjHW9q2H77iV238hqIU7qCvEz+lfqqWEY504z
+hYNlknbUnR525ItosEVwXFBJTkZ3Yw8gg02c19yi8TAh5Li3Ad8XQmmSJMWBV4XK
+qFr0AIZKBlg6NZZFf/0dP9zcKhzSriW27bY0XfzA6GSiRDXrDjgXq6baRT6YwgIg
+pgJsDbJtZfHnV1nd3M6zOtQPm1TIQpNmMMMd/DPrGcUQerD3
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
new file mode 100644
index 0000000..df7f095
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
@@ -0,0 +1,204 @@
+/*
+ * $Header$
+ * $Revision: 168 $
+ * $Date: 2014-05-06 16:25:46 -0700 (Tue, 06 May 2014) $
+ *
+ * ====================================================================
+ *
+ * Copyright 2002-2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.KeyMaterial;
+import org.apache.commons.ssl.TrustMaterial;
+
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+
+/**
+ * <p/>
+ * AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS
+ * server against a list of trusted certificates and to authenticate to the HTTPS
+ * server using a private key.
+ * </p>
+ * <p/>
+ * <p/>
+ * AuthSSLProtocolSocketFactory will enable server authentication when supplied with
+ * a {@link java.security.KeyStore truststore} file containg one or several trusted certificates.
+ * The client secure socket will reject the connection during the SSL session handshake
+ * if the target HTTPS server attempts to authenticate itself with a non-trusted
+ * certificate.
+ * </p>
+ * <p/>
+ * <p/>
+ * Use JDK keytool utility to import a trusted certificate and generate a truststore file:
+ * <pre>
+ * keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
+ * </pre>
+ * </p>
+ * <p/>
+ * <p/>
+ * AuthSSLProtocolSocketFactory will enable client authentication when supplied with
+ * a {@link java.security.KeyStore keystore} file containg a private key/public certificate pair.
+ * The client secure socket will use the private key to authenticate itself to the target
+ * HTTPS server during the SSL session handshake if requested to do so by the server.
+ * The target HTTPS server will in its turn verify the certificate presented by the client
+ * in order to establish client's authenticity
+ * </p>
+ * <p/>
+ * <p/>
+ * Use the following sequence of actions to generate a keystore file
+ * </p>
+ * <ul>
+ * <li>
+ * <p/>
+ * Use JDK keytool utility to generate a new key
+ * <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
+ * For simplicity use the same password for the key as that of the keystore
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Issue a certificate signing request (CSR)
+ * <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Send the certificate request to the trusted Certificate Authority for signature.
+ * One may choose to act as her own CA and sign the certificate request using a PKI
+ * tool, such as OpenSSL.
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Import the trusted CA root certificate
+ * <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Import the PKCS#7 file containg the complete certificate chain
+ * <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p/>
+ * Verify the content the resultant keystore file
+ * <pre>keytool -list -v -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * </ul>
+ * <p/>
+ * Example of using custom protocol socket factory for a specific host:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, authhttps);
+ * // use relative url only
+ * GetMethod httpget = new GetMethod("/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * <p/>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ * Protocol.registerProtocol("https", authhttps);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https://localhost/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ * <p/>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file
+ * must be given. Otherwise SSL context initialization error will result.
+ *
+ * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS client
+ * authentication is not to be used.
+ * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation
+ * assumes that the same password is used to protect the key and the keystore itself.
+ * @param truststoreUrl URL of the truststore file. May be <tt>null</tt> if HTTPS server
+ * authentication is not to be used.
+ * @param truststorePassword Password to unlock the truststore.
+ */
+ public AuthSSLProtocolSocketFactory(final URL keystoreUrl,
+ final String keystorePassword,
+ final URL truststoreUrl,
+ final String truststorePassword)
+ throws GeneralSecurityException, IOException {
+
+ super();
+
+ // prepare key material
+ if (keystoreUrl != null) {
+ char[] ksPass = null;
+ if (keystorePassword != null) {
+ ksPass = keystorePassword.toCharArray();
+ }
+ KeyMaterial km = new KeyMaterial(keystoreUrl, ksPass);
+ super.setKeyMaterial(km);
+ }
+
+ // prepare trust material
+ if (truststoreUrl != null) {
+ char[] tsPass = null;
+ if (truststorePassword != null) {
+ tsPass = truststorePassword.toCharArray();
+ }
+ TrustMaterial tm;
+ try {
+ tm = new KeyMaterial(truststoreUrl, tsPass);
+ } catch (KeyStoreException kse) {
+ // KeyMaterial constructor blows up in no keys found,
+ // so we fall back to TrustMaterial constructor instead.
+ tm = new TrustMaterial(truststoreUrl, tsPass);
+ }
+ super.setTrustMaterial(tm);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
new file mode 100644
index 0000000..e7c55bc
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
@@ -0,0 +1,101 @@
+/*
+ * $Header$
+ * $Revision: 180 $
+ * $Date: 2014-09-23 11:33:47 -0700 (Tue, 23 Sep 2014) $
+ *
+ * ====================================================================
+ *
+ * Copyright 2002-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.TrustMaterial;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+
+/**
+ * <p/>
+ * EasySSLProtocolSocketFactory can be used to creats SSL {@link java.net.Socket}s
+ * that accept self-signed certificates.
+ * </p>
+ * <p/>
+ * This socket factory SHOULD NOT be used for productive systems
+ * due to security reasons, unless it is a concious decision and
+ * you are perfectly aware of security implications of accepting
+ * self-signed certificates
+ * </p>
+ * <p/>
+ * <p/>
+ * Example of using custom protocol socket factory for a specific host:
+ * <pre>
+ * Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, easyhttps);
+ * // use relative url only
+ * GetMethod httpget = new GetMethod("/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * <p/>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ * <pre>
+ * Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ * Protocol.registerProtocol("https", easyhttps);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https://localhost/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ * <p/>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class EasySSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * Constructor for EasySSLProtocolSocketFactory.
+ *
+ * @throws java.security.GeneralSecurityException GeneralSecurityException
+ * @throws java.io.IOException IOException
+ */
+ public EasySSLProtocolSocketFactory()
+ throws GeneralSecurityException, IOException {
+ super();
+ super.setTrustMaterial(TrustMaterial.TRUST_ALL);
+ super.setCheckHostname(false);
+ super.setCheckExpiry(false);
+ super.setCheckCRL(false );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
new file mode 100644
index 0000000..05e207d
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java
@@ -0,0 +1,131 @@
+/*
+ * $Header$
+ * $Revision: 129 $
+ * $Date: 2007-11-14 19:21:33 -0800 (Wed, 14 Nov 2007) $
+ *
+ * ====================================================================
+ *
+ * Copyright 1999-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * [Additional notices, if required by prior licensing conditions]
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU Lesser General Public License Version 2 or later
+ * (the "LGPL"), in which case the provisions of the LGPL are
+ * applicable instead of those above. See terms of LGPL at
+ * <http://www.gnu.org/copyleft/lesser.txt>.
+ * If you wish to allow use of your version of this file only under
+ * the terms of the LGPL and not to allow others to use your version
+ * of this file under the Apache Software License, indicate your
+ * decision by deleting the provisions above and replace them with
+ * the notice and other provisions required by the LGPL. If you do
+ * not delete the provisions above, a recipient may use your version
+ * of this file under either the Apache Software License or the LGPL.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+/**
+ * A <code>SecureProtocolSocketFactory</code> that uses JSSE to create
+ * SSL sockets. It will also support host name verification to help preventing
+ * man-in-the-middle attacks. Host name verification is turned <b>on</b> by
+ * default but one will be able to turn it off, which might be a useful feature
+ * during development. Host name verification will make sure the SSL sessions
+ * server host name matches with the the host name returned in the
+ * server certificates "Common Name" field of the "SubjectDN" entry.
+ *
+ * @author <a href="mailto:hauer@psicode.com">Sebastian Hauer</a>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+public class StrictSSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * Constructor for StrictSSLProtocolSocketFactory.
+ *
+ * @param verifyHostname The host name verification flag. If set to
+ * <code>true</code> the SSL sessions server host name will be compared
+ * to the host name returned in the server certificates "Common Name"
+ * field of the "SubjectDN" entry. If these names do not match a
+ * Exception is thrown to indicate this. Enabling host name verification
+ * will help to prevent from man-in-the-middle attacks. If set to
+ * <code>false</code> host name verification is turned off.
+ * <p/>
+ * Code sample:
+ * <p/>
+ * <blockquote>
+ * Protocol stricthttps = new Protocol(
+ * "https", new StrictSSLProtocolSocketFactory(true), 443);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, stricthttps);
+ * </blockquote>
+ */
+ public StrictSSLProtocolSocketFactory(boolean verifyHostname)
+ throws GeneralSecurityException, IOException {
+ super();
+ super.setCheckHostname(verifyHostname);
+ }
+
+ /**
+ * Constructor for StrictSSLProtocolSocketFactory.
+ * Host name verification will be enabled by default.
+ */
+ public StrictSSLProtocolSocketFactory()
+ throws GeneralSecurityException, IOException {
+ this(true);
+ }
+
+ /**
+ * Set the host name verification flag.
+ *
+ * @param verifyHostname The host name verification flag. If set to
+ * <code>true</code> the SSL sessions server host name will be compared
+ * to the host name returned in the server certificates "Common Name"
+ * field of the "SubjectDN" entry. If these names do not match a
+ * Exception is thrown to indicate this. Enabling host name verification
+ * will help to prevent from man-in-the-middle attacks. If set to
+ * <code>false</code> host name verification is turned off.
+ */
+ public void setHostnameVerification(boolean verifyHostname) {
+ super.setCheckHostname(verifyHostname);
+ }
+
+ /**
+ * Gets the status of the host name verification flag.
+ *
+ * @return Host name verification flag. Either <code>true</code> if host
+ * name verification is turned on, or <code>false</code> if host name
+ * verification is turned off.
+ */
+ public boolean getHostnameVerification() {
+ return super.getCheckHostname();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
new file mode 100644
index 0000000..31362c7
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.java
@@ -0,0 +1,207 @@
+/*
+ * ====================================================================
+ *
+ * Copyright 1999-2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import org.apache.commons.ssl.HttpSecureProtocol;
+import org.apache.commons.ssl.KeyMaterial;
+import org.apache.commons.ssl.TrustMaterial;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+/**
+ * <p/>
+ * TrustSSLProtocolSocketFactory allows you exercise full control over the
+ * HTTPS server certificates you are going to trust. Instead of relying
+ * on the Certificate Authorities already present in "jre/lib/security/cacerts",
+ * TrustSSLProtocolSocketFactory only trusts the public certificates you provide
+ * to its constructor.
+ * </p>
+ * <p/>
+ * TrustSSLProtocolSocketFactory can be used to create SSL {@link java.net.Socket}s
+ * that accepts self-signed certificates. Unlike EasySSLProtocolSocketFactory,
+ * TrustSSLProtocolSocketFactory can be used in production. This is because
+ * it forces you to pre-install the self-signed certificate you are going to
+ * trust locally.
+ * <p/>
+ * TrustSSLProtocolSocketFactory can parse both Java Keystore Files (*.jks)
+ * and base64 PEM encoded public certificates (*.pem).
+ * </p>
+ * <p/>
+ * Example of using TrustSSLProtocolSocketFactory
+ * <pre>
+ * 1. First we must find the certificate we want to trust. In this example
+ * we'll use gmail.google.com's certificate.
+ * <p/>
+ * openssl s_client -showcerts -connect gmail.google.com:443
+ * <p/>
+ * 2. Cut & paste into a "cert.pem" any certificates you are interested in
+ * trusting in accordance with your security policies. In this example I'll
+ * actually use the current "gmail.google.com" certificate (instead of the
+ * Thawte CA certificate that signed the gmail certificate - that would be
+ * too boring) - but it expires on June 7th, 2006, so this example won't be
+ * useful for very long!
+ * <p/>
+ * Here's what my "cert.pem" file looks like:
+ * <p/>
+ * -----BEGIN CERTIFICATE-----
+ * MIIDFjCCAn+gAwIBAgIDP3PeMA0GCSqGSIb3DQEBBAUAMEwxCzAJBgNVBAYTAlpB
+ * MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMRYwFAYDVQQD
+ * Ew1UaGF3dGUgU0dDIENBMB4XDTA1MDYwNzIyMTI1N1oXDTA2MDYwNzIyMTI1N1ow
+ * ajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
+ * dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGTAXBgNVBAMTEGdtYWls
+ * Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoRiWYW0hZw
+ * 9TSn3s9912syZg1CP2TaC86PU1Ao2qf3pVu7Mx10Wl8W+aKZrQlvrYjTwku4sEh+
+ * 9uI+gWnfmCd0OyVcXr1eFOGCYiiyaPv79Wtb0m0d8GuiRSJhYkZGzGlgFViws2vR
+ * BAMCD2fdp7WGJUVGYOO+s52dgAMUHQXxAgMBAAGjgecwgeQwKAYDVR0lBCEwHwYI
+ * KwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwNgYDVR0fBC8wLTAroCmgJ4Yl
+ * aHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNHQ0NBLmNybDByBggrBgEFBQcB
+ * AQRmMGQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wPgYIKwYB
+ * BQUHMAKGMmh0dHA6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5L1RoYXd0ZV9T
+ * R0NfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAktM1l1cV
+ * ebi+Uo6fCE/eLnvvY6QbNNCsU5Pi9B5E1BlEUG+AGpgzE2cSPw1N4ZZb+2AWWwjx
+ * H8/IrJ143KZZXM49ri3Z2e491Jj8qitrMauT7/hb16Jw6I02/74/do4TtHu/Eifr
+ * EZCaSOobSHGeufHjlqlC3ehC4Bx4mLexIMk=
+ * -----END CERTIFICATE-----
+ * <p/>
+ * 3. Run "openssl x509" to analyze the certificate more deeply. This helps
+ * us answer questions like "Do we really want to trust it? When does it
+ * expire? What's the value of the CN (Common Name) field?".
+ * <p/>
+ * "openssl x509" is also super cool, and will impress all your friends,
+ * coworkers, family, and that cute girl at the starbucks. :-)
+ * <p/>
+ * If you dig through "man x509" you'll find this example. Run it:
+ * <p/>
+ * openssl x509 -in cert.pem -noout -text
+ * <p/>
+ * 4. Rename "cert.pem" to "gmail.pem" so that step 5 works.
+ * <p/>
+ * 5. Setup the TrustSSLProtocolSocketFactory to trust "gmail.google.com"
+ * for URLS of the form "https-gmail://" - but don't trust anything else
+ * when using "https-gmail://":
+ * <p/>
+ * TrustSSLProtocolSocketFactory sf = new TrustSSLProtocolSocketFactory( "/path/to/gmail.pem" );
+ * Protocol trustHttps = new Protocol("https-gmail", sf, 443);
+ * Protocol.registerProtocol("https-gmail", trustHttps);
+ * <p/>
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https-gmail://gmail.google.com/");
+ * client.executeMethod(httpget);
+ * <p/>
+ * 6. Notice that "https-gmail://" cannot connect to "www.wellsfargo.com" -
+ * the server's certificate isn't trusted! It would still work using
+ * regular "https://" because Java would use the "jre/lib/security/cacerts"
+ * file.
+ * <p/>
+ * httpget = new GetMethod("https-gmail://www.wellsfargo.com/");
+ * client.executeMethod(httpget);
+ * <p/>
+ * javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
+ * <p/>
+ * <p/>
+ * 7. Of course "https-gmail://" cannot connect to hosts where the CN field
+ * in the certificate doesn't match the hostname. The same is supposed to
+ * be true of regular "https://", but HTTPClient is a bit lenient.
+ * <p/>
+ * httpget = new GetMethod("https-gmail://gmail.com/");
+ * client.executeMethod(httpget);
+ * <p/>
+ * javax.net.ssl.SSLException: hostname in certificate didn't match: <gmail.com> != <gmail.google.com>
+ * <p/>
+ * <p/>
+ * 8. You can use "*.jks" files instead of "*.pem" if you prefer. Use the 2nd constructor
+ * in that case to pass along the JKS password:
+ * <p/>
+ * new TrustSSLProtocolSocketFactory( "/path/to/gmail.jks", "my_password".toCharArray() );
+ * <p/>
+ * </pre>
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * <p/>
+ * <p/>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ * @since 17-Feb-2006
+ */
+
+public class TrustSSLProtocolSocketFactory extends HttpSecureProtocol {
+
+ /**
+ * @param pathToTrustStore Path to either a ".jks" Java Key Store, or a
+ * ".pem" base64 encoded certificate. If it's a
+ * ".pem" base64 certificate, the file must start
+ * with "------BEGIN CERTIFICATE-----", and must end
+ * with "-------END CERTIFICATE--------".
+ */
+ public TrustSSLProtocolSocketFactory(String pathToTrustStore)
+ throws GeneralSecurityException, IOException {
+ this(pathToTrustStore, null);
+ }
+
+ /**
+ * @param pathToTrustStore Path to either a ".jks" Java Key Store, or a
+ * ".pem" base64 encoded certificate. If it's a
+ * ".pem" base64 certificate, the file must start
+ * with "------BEGIN CERTIFICATE-----", and must end
+ * with "-------END CERTIFICATE--------".
+ * @param password Password to open the ".jks" file. If "truststore"
+ * is a ".pem" file, then password can be null; if
+ * password isn't null and we're using a ".pem" file,
+ * then technically, this becomes the password to
+ * open up the special in-memory keystore we create
+ * to hold the ".pem" file, but it's not important at
+ * all.
+ * @throws java.security.cert.CertificateException
+ * @throws java.security.KeyStoreException
+ * @throws java.io.IOException
+ * @throws java.security.NoSuchAlgorithmException
+ * @throws java.security.KeyManagementException
+ */
+ public TrustSSLProtocolSocketFactory(String pathToTrustStore, char[] password)
+ throws GeneralSecurityException, IOException {
+ super();
+ TrustMaterial tm;
+ try {
+ tm = new KeyMaterial(pathToTrustStore, password);
+ } catch (KeyStoreException kse) {
+ // KeyMaterial constructor blows up in no keys found,
+ // so we fall back to TrustMaterial constructor instead.
+ tm = new TrustMaterial(pathToTrustStore, password);
+ }
+ super.setTrustMaterial(tm);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java
new file mode 100644
index 0000000..d9df5b9
--- /dev/null
+++ b/3rdparty/not-yet-commons-ssl/src/main/java/org/apache/commons/ssl/ASN1Structure.java
@@ -0,0 +1,112 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/ASN1Structure.java $
+ * $Revision: 121 $
+ * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import org.apache.commons.ssl.util.Hex;
+
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
+/**
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+class ASN1Structure {
+ List derIntegers = new LinkedList();
+ Set oids = new TreeSet();
+ String oid1;
+ String oid2;
+ String oid3;
+ byte[] salt;
+ byte[] iv;
+ int iterationCount;
+ int keySize;
+ byte[] bigPayload;
+ byte[] smallPayload;
+
+ public String toString() {
+ StringBuffer buf = new StringBuffer(256);
+ buf.append("------ ASN.1 PKCS Structure ------");
+ buf.append("\noid1: ");
+ buf.append(oid1);
+ if (oid2 != null) {
+ buf.append("\noid2: ");
+ buf.append(oid2);
+ }
+ buf.append("\nsalt: ");
+ if (salt != null) {
+ buf.append(Hex.encode(salt));
+ } else {
+ buf.append("[null]");
+ }
+ buf.append("\nic: ");
+ buf.append(Integer.toString(iterationCount));
+ if (keySize != 0) {
+ buf.append("\nkeySize: ");
+ buf.append(Integer.toString(keySize * 8));
+ }
+ if (oid2 != null) {
+ buf.append("\noid3: ");
+ buf.append(oid3);
+ }
+ if (oid2 != null) {
+ buf.append("\niv: ");
+ if (iv != null) {
+ buf.append(Hex.encode(iv));
+ } else {
+ buf.append("[null]");
+ }
+ }
+ if (bigPayload != null) {
+ buf.append("\nbigPayload-length: ");
+ buf.append(bigPayload.length);
+ }
+ if (smallPayload != null) {
+ buf.append("\nsmallPayload-length: ");
+ buf.append(smallPayload.length);
+ }
+ if (!oids.isEmpty()) {
+ Iterator it = oids.iterator();
+ buf.append("\nAll oids:");
+ while (it.hasNext()) {
+ buf.append("\n");
+ buf.append((String) it.next());
+ }
+ }
+ return buf.toString();
+ }
+}