DIRKRB-514 Fix the failure of decoding SupportedKDFs.
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/AuthPack.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/AuthPack.java
index c84af34..bd948f8 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/AuthPack.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/AuthPack.java
@@ -31,8 +31,11 @@
clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
clientDHNonce [3] DHNonce OPTIONAL
- supportedCMSTypes [4] SEQUENCE OF AlgorithmIdentifier,
- OIDs of KDFs OPTIONAL,
+ supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
+ -- Contains an unordered set of KDFs supported by the client.
+ KDFAlgorithmId ::= SEQUENCE {
+ kdf-id [0] OBJECT IDENTIFIER,
+ -- The object identifier of the KDF
}
*/
public class AuthPack extends KrbSequenceType {
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java
new file mode 100644
index 0000000..0633fb1
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/KDFAlgorithmId.java
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.pa.pkinit;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+
+/*
+ KDFAlgorithmId ::= SEQUENCE {
+ kdf-id [0] OBJECT IDENTIFIER,
+ -- The object identifier of the KDF
+ }
+ */
+public class KDFAlgorithmId extends KrbSequenceType {
+ protected enum KDFAlgorithmIdField implements EnumType {
+ KDF_ID;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(KDFAlgorithmIdField.KDF_ID, Asn1ObjectIdentifier.class)
+ };
+
+ public KDFAlgorithmId() {
+ super(fieldInfos);
+ }
+
+ public Asn1ObjectIdentifier getKdfId() {
+ return getFieldAs(KDFAlgorithmIdField.KDF_ID, Asn1ObjectIdentifier.class);
+ }
+
+ public void setKdfId(Asn1ObjectIdentifier kdfId) {
+ setFieldAs(KDFAlgorithmIdField.KDF_ID, kdfId);
+ }
+}
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/SupportedKDFs.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/SupportedKDFs.java
index 2d1e654..9a4d7b5 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/SupportedKDFs.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/pkinit/SupportedKDFs.java
@@ -19,8 +19,7 @@
*/
package org.apache.kerby.kerberos.kerb.type.pa.pkinit;
-import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
-public class SupportedKDFs extends KrbSequenceOfType<Asn1ObjectIdentifier> {
+public class SupportedKDFs extends KrbSequenceOfType<KDFAlgorithmId> {
}
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
index 8a59ee1..ed8c058 100644
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
@@ -139,12 +139,11 @@
assertThat(authPack.getsupportedKDFs().getElements().size()).isEqualTo(3);
- //TO BE FIXED
-// assertThat(authPack.getsupportedKDFs().getElements().get(0).getValue())
-// .isEqualTo("1.3.6.1.5.2.3.6.2");
-// assertThat(authPack.getsupportedKDFs().getElements().get(1).getValue())
-// .isEqualTo("1.3.6.1.5.2.3.6.1");
-// assertThat(authPack.getsupportedKDFs().getElements().get(2).getValue())
-// .isEqualTo("1.3.6.1.5.2.3.6.3");
+ assertThat(authPack.getsupportedKDFs().getElements().get(0).getKdfId().getValue())
+ .isEqualTo("1.3.6.1.5.2.3.6.2");
+ assertThat(authPack.getsupportedKDFs().getElements().get(1).getKdfId().getValue())
+ .isEqualTo("1.3.6.1.5.2.3.6.1");
+ assertThat(authPack.getsupportedKDFs().getElements().get(2).getKdfId().getValue())
+ .isEqualTo("1.3.6.1.5.2.3.6.3");
}
}
