PluginOpts.java

package org.apache.kerberos.kerb.preauth.pkinit;

import org.apache.haox.asn1.type.Asn1ObjectIdentifier;
import org.apache.kerberos.kerb.spec.pa.pkinit.AlgorithmIdentifiers;
import org.apache.kerberos.kerb.spec.pa.pkinit.TrustedCertifiers;
import org.apache.kerberos.kerb.spec.x509.AlgorithmIdentifier;

public class PluginOpts {

    // From MIT Krb5 _pkinit_plg_opts

    // require EKU checking (default is true)
    public boolean requireEku = true;
    // accept secondary EKU (default is false)
    public boolean acceptSecondaryEku = false;
    // allow UPN-SAN instead of pkinit-SAN
    public boolean allowUpn = true;
    // selects DH or RSA based pkinit
    public boolean usingRsa = true;
    // require CRL for a CA (default is false)
    public boolean requireCrlChecking = false;
    // the size of the Diffie-Hellman key the client will attempt to use.
    // The acceptable values are 1024, 2048, and 4096. The default is 2048.
    public int dhMinBits = 2048;

    public AlgorithmIdentifiers createSupportedCMSTypes() {
        AlgorithmIdentifiers cmsAlgorithms = new AlgorithmIdentifiers();
        AlgorithmIdentifier des3Alg = new AlgorithmIdentifier();
        cmsAlgorithms.add(des3Alg);

        String oidStr = "DES3-OID";
        Asn1ObjectIdentifier des3Oid = new Asn1ObjectIdentifier(oidStr);
        des3Alg.setAlgorithm(des3Oid);
        des3Alg.setParameters(null);

        return cmsAlgorithms;
    }

    public TrustedCertifiers createTrustedCertifiers() {
        TrustedCertifiers trustedCertifiers = new TrustedCertifiers();

        return trustedCertifiers;
    }

    public byte[] createIssuerAndSerial() {
        return null;
    }
}