PKINIT. Simpilified some codes around object identifier
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index d178d03..26b7203 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -50,7 +50,7 @@
import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PkAuthenticator;
import org.apache.kerby.kerberos.kerb.type.pa.pkinit.TrustedCertifiers;
import org.apache.kerby.x509.type.AlgorithmIdentifier;
-import org.apache.kerby.x509.type.DHParameter;
+import org.apache.kerby.x509.type.DhParameter;
import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -241,7 +241,7 @@
String content = "0x06 07 2A 86 48 ce 3e 02 01";
Asn1ObjectIdentifier dhOid = PkinitCrypto.createOid(content);
AlgorithmIdentifier dhAlg = new AlgorithmIdentifier();
- dhAlg.setAlgorithm(dhOid);
+ dhAlg.setAlgorithm(dhOid.getValue());
DhClient client = new DhClient();
@@ -256,7 +256,7 @@
DHParameterSpec type = clientPubKey.getParams();
BigInteger q = type.getP().shiftRight(1);
- DHParameter dhParameter = new DHParameter();
+ DhParameter dhParameter = new DhParameter();
dhParameter.setP(type.getP());
dhParameter.setG(type.getG());
dhParameter.setQ(q);
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
index 389f29c..ac082fa 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
@@ -31,7 +31,7 @@
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.x509.type.Certificate;
-import org.apache.kerby.x509.type.DHParameter;
+import org.apache.kerby.x509.type.DhParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -117,10 +117,10 @@
* KDC check the key parameter
* @param pluginOpts The PluginOpts
* @param cryptoctx The PkinitPlgCryptoContext
- * @param dhParameter The DHParameter
+ * @param dhParameter The DhParameter
*/
public static void serverCheckDH(PluginOpts pluginOpts, PkinitPlgCryptoContext cryptoctx,
- DHParameter dhParameter) throws KrbException {
+ DhParameter dhParameter) throws KrbException {
/* KDC SHOULD check to see if the key parameters satisfy its policy */
int dhPrimeBits = dhParameter.getP().bitLength();
if (dhPrimeBits < pluginOpts.dhMinBits) {
@@ -135,12 +135,12 @@
/**
* Check DH wellknown
* @param cryptoctx The PkinitPlgCryptoContext
- * @param dhParameter The DHParameter
+ * @param dhParameter The DhParameter
* @param dhPrimeBits The dh prime bits
* @return boolean
*/
public static boolean checkDHWellknown(PkinitPlgCryptoContext cryptoctx,
- DHParameter dhParameter, int dhPrimeBits) throws KrbException {
+ DhParameter dhParameter, int dhPrimeBits) throws KrbException {
boolean valid = false;
switch (dhPrimeBits) {
case 1024:
@@ -161,9 +161,9 @@
* Check parameters against a well-known DH group
*
* @param dh1 The DHParameterSpec
- * @param dh2 The DHParameter
+ * @param dh2 The DhParameter
*/
- public static boolean pkinitCheckDhParams(DHParameterSpec dh1, DHParameter dh2) {
+ public static boolean pkinitCheckDhParams(DHParameterSpec dh1, DhParameter dh2) {
if (!dh1.getP().equals(dh2.getP())) {
LOG.error("p is not well-known group dhparameter");
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
index dcb55bd..c347a5b 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PluginOpts.java
@@ -49,7 +49,7 @@
/* krb5_data des3oid = {0, 8, "\x2A\x86\x48\x86\xF7\x0D\x03\x07" };*/
String content = "0x06 08 2A 86 48 86 F7 0D 03 07";
Asn1ObjectIdentifier des3Oid = PkinitCrypto.createOid(content);
- des3Alg.setAlgorithm(des3Oid);
+ des3Alg.setAlgorithm(des3Oid.getValue());
cmsAlgorithms.add(des3Alg);
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java
index 176382f..4dd44ee 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java
@@ -54,11 +54,11 @@
super(fieldInfos);
}
- public Asn1ObjectIdentifier getKdfId() {
- return getFieldAs(KdfAlgorithmIdField.KDF_ID, Asn1ObjectIdentifier.class);
+ public String getKdfId() {
+ return getFieldAsObjId(KdfAlgorithmIdField.KDF_ID);
}
- public void setKdfId(Asn1ObjectIdentifier kdfId) {
- setFieldAs(KdfAlgorithmIdField.KDF_ID, kdfId);
+ public void setKdfId(String kdfId) {
+ setFieldAsObjId(KdfAlgorithmIdField.KDF_ID, kdfId);
}
}
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
index f5a2de8..1b9a80b 100644
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
@@ -34,7 +34,7 @@
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
import org.apache.kerby.kerberos.kerb.type.pa.pkinit.AuthPack;
import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsReq;
-import org.apache.kerby.x509.type.DHParameter;
+import org.apache.kerby.x509.type.DhParameter;
import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
import org.junit.Test;
@@ -130,21 +130,22 @@
Asn1.parseAndDump(signedData.getEncapContentInfo().getContent());
authPack.decode(signedData.getEncapContentInfo().getContent());
assertThat(authPack.getsupportedCmsTypes().getElements().size()).isEqualTo(1);
- assertThat(authPack.getsupportedCmsTypes().getElements().get(0).getAlgorithm().getValue())
+ assertThat(authPack.getsupportedCmsTypes().getElements().get(0).getAlgorithm())
.isEqualTo("1.2.840.113549.3.7");
SubjectPublicKeyInfo subjectPublicKeyInfo = authPack.getClientPublicValue();
- assertThat(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getValue())
+ assertThat(subjectPublicKeyInfo.getAlgorithm().getAlgorithm())
.isEqualTo("1.2.840.10046.2.1");
- DHParameter dhParameter = subjectPublicKeyInfo.getAlgorithm().getParametersAs(DHParameter.class);
+ DhParameter dhParameter =
+ subjectPublicKeyInfo.getAlgorithm().getParametersAs(DhParameter.class);
assertThat(dhParameter.getG()).isEqualTo(BigInteger.valueOf(2));
assertThat(authPack.getsupportedKDFs().getElements().size()).isEqualTo(3);
- assertThat(authPack.getsupportedKDFs().getElements().get(0).getKdfId().getValue())
+ assertThat(authPack.getsupportedKDFs().getElements().get(0).getKdfId())
.isEqualTo("1.3.6.1.5.2.3.6.2");
- assertThat(authPack.getsupportedKDFs().getElements().get(1).getKdfId().getValue())
+ assertThat(authPack.getsupportedKDFs().getElements().get(1).getKdfId())
.isEqualTo("1.3.6.1.5.2.3.6.1");
- assertThat(authPack.getsupportedKDFs().getElements().get(2).getKdfId().getValue())
+ assertThat(authPack.getsupportedKDFs().getElements().get(2).getKdfId())
.isEqualTo("1.3.6.1.5.2.3.6.3");
}
}
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index ac512ac..a34ac42 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -57,7 +57,7 @@
import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsReq;
import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PkAuthenticator;
import org.apache.kerby.x509.type.Certificate;
-import org.apache.kerby.x509.type.DHParameter;
+import org.apache.kerby.x509.type.DhParameter;
import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -212,9 +212,9 @@
SubjectPublicKeyInfo publicKeyInfo = authPack.getClientPublicValue();
- DHParameter dhParameter;
+ DhParameter dhParameter;
if (publicKeyInfo.getSubjectPubKey() != null) {
- dhParameter = authPack.getClientPublicValue().getAlgorithm().getParametersAs(DHParameter.class);
+ dhParameter = authPack.getClientPublicValue().getAlgorithm().getParametersAs(DhParameter.class);
PkinitCrypto.serverCheckDH(pkinitContext.pluginOpts, pkinitContext.cryptoctx, dhParameter);
byte[] clientSubjectPubKey = publicKeyInfo.getSubjectPubKey().getValue();
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
index 913768a..97623a2 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
@@ -60,12 +60,12 @@
super(fieldInfos);
}
- public Asn1ObjectIdentifier getAlgorithm() {
- return getFieldAs(ALGORITHM, Asn1ObjectIdentifier.class);
+ public String getAlgorithm() {
+ return getFieldAsObjId(ALGORITHM);
}
- public void setAlgorithm(Asn1ObjectIdentifier algorithm) {
- setFieldAs(ALGORITHM, algorithm);
+ public void setAlgorithm(String algorithm) {
+ setFieldAsObjId(ALGORITHM, algorithm);
}
public <T extends Asn1Type> T getParametersAs(Class<T> t) {
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java
index 551c0c3..af319ce 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java
@@ -7,10 +7,10 @@
import java.math.BigInteger;
-import static org.apache.kerby.x509.type.DHParameter.MyEnum.*;
+import static org.apache.kerby.x509.type.DhParameter.MyEnum.*;
-public class DHParameter extends Asn1SequenceType {
- protected static enum MyEnum implements EnumType {
+public class DhParameter extends Asn1SequenceType {
+ protected enum MyEnum implements EnumType {
P,
G,
Q;
@@ -32,7 +32,7 @@
new Asn1FieldInfo(Q, Asn1Integer.class),
};
- public DHParameter() {
+ public DhParameter() {
super(fieldInfos);
}
