directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1556475 - /directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Date Wed, 08 Jan 2014 09:44:50 GMT
Author: kayyagari
Date: Wed Jan  8 09:44:50 2014
New Revision: 1556475

URL: http://svn.apache.org/r1556475
Log:
use the subKey that was used in ApReq to decrypt the KrbPriv part present in the reply (DIRKRB-97)

Modified:
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java

Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1556475&r1=1556474&r2=1556475&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
(original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Wed Jan  8 09:44:50 2014
@@ -595,13 +595,10 @@ public class KdcConnection
             }
             
             ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) reply;
-            ApRep chngApRep = chngPwdReply.getApplicationReply();
-            byte[] apRepData = cipherTextHandler.decrypt( tgt.getSessionKey(), chngApRep.getEncPart(),
KeyUsage.AP_REP_ENC_PART_SESS_KEY );
-            
-            EncApRepPart encApRepPart = KerberosDecoder.decodeEncApRepPart( apRepData );
-            
+
             KrbPriv replyPriv = chngPwdReply.getPrivateMessage();
-            byte[] data = cipherTextHandler.decrypt( encApRepPart.getSubkey(), replyPriv.getEncPart(),
KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
+            // the same subKey present in ApReq is used for encrypting the KrbPriv present
in reply
+            byte[] data = cipherTextHandler.decrypt( subKey, replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY
);
             part = KerberosDecoder.decodeEncKrbPrivPart( data );
             
             ChangePasswordResult result = new ChangePasswordResult( part.getUserData() );



Mime
View raw message