directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [20/36] directory-kerby git commit: Refactoring the anonymous pkinit preauth of processing response.
Date Sat, 16 Jan 2016 09:49:18 GMT
Refactoring the anonymous pkinit preauth of processing response.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5c598f95
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5c598f95
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5c598f95

Branch: refs/heads/kadmin-remote
Commit: 5c598f958fae46b5cf7ab3b82ac8dce79a696728
Parents: 4d674d5
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Mon Jan 11 11:31:33 2016 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Mon Jan 11 11:31:33 2016 +0800

----------------------------------------------------------------------
 .../kerb/client/preauth/PreauthHandler.java     |   9 +-
 .../client/preauth/pkinit/PkinitPreauth.java    | 123 +++++++++++++++--
 .../preauth/pkinit/PkinitRequestContext.java    |  10 ++
 .../kerb/client/request/AsRequestWithCert.java  | 134 ++-----------------
 .../kerb/client/request/KdcRequest.java         |  11 --
 .../kerby/kerberos/kerb/crypto/dh/DhClient.java | 126 -----------------
 .../kerby/kerberos/kerb/crypto/dh/DhServer.java | 124 -----------------
 .../kerb/crypto/dh/DiffieHellmanClient.java     | 126 +++++++++++++++++
 .../kerb/crypto/dh/DiffieHellmanServer.java     | 124 +++++++++++++++++
 .../kerb/crypto/dh/DhKeyAgreementTest.java      |  12 +-
 .../server/preauth/pkinit/PkinitPreauth.java    |   4 +-
 11 files changed, 396 insertions(+), 407 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
index 8cccd0b..443195a 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
@@ -167,10 +167,11 @@ public class PreauthHandler {
                 }
 
                 // Make sure this type is for the current pass
-                int tmpReal = handle.isReal(pae.getPaDataType()) ? 1 : 0;
-                if (tmpReal != real) {
-                    continue;
-                }
+                // TODO
+//                int tmpReal = handle.isReal(pae.getPaDataType()) ? 1 : 0;
+//                if (tmpReal != real) {
+//                    continue;
+//                }
 
                 if (real > 0 && preauthContext.checkAndPutTried(pae.getPaDataType())) {
                     continue;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index d793622..30aaff2 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -22,18 +22,26 @@ package org.apache.kerby.kerberos.kerb.client.preauth.pkinit;
 import org.apache.kerby.KOptions;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.cms.type.CertificateChoices;
+import org.apache.kerby.cms.type.CertificateSet;
+import org.apache.kerby.cms.type.ContentInfo;
+import org.apache.kerby.cms.type.SignedData;
 import org.apache.kerby.kerberos.kerb.KrbCodec;
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.client.KrbContext;
 import org.apache.kerby.kerberos.kerb.client.PkinitOption;
 import org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
 import org.apache.kerby.kerberos.kerb.client.request.KdcRequest;
 import org.apache.kerby.kerberos.kerb.common.CheckSumUtil;
-import org.apache.kerby.kerberos.kerb.crypto.dh.DhClient;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
 import org.apache.kerby.kerberos.kerb.crypto.dh.DhGroup;
+import org.apache.kerby.kerberos.kerb.crypto.dh.DiffieHellmanClient;
 import org.apache.kerby.kerberos.kerb.preauth.PaFlag;
 import org.apache.kerby.kerberos.kerb.preauth.PaFlags;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
+import org.apache.kerby.kerberos.kerb.preauth.pkinit.CertificateHelper;
+import org.apache.kerby.kerberos.kerb.preauth.pkinit.CmsMessageType;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitCrypto;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
@@ -42,14 +50,19 @@ import org.apache.kerby.kerberos.kerb.type.base.CheckSum;
 import org.apache.kerby.kerberos.kerb.type.base.CheckSumType;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.type.pa.PaData;
 import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.AuthPack;
+import org.apache.kerby.kerberos.kerb.type.pa.pkinit.DhRepInfo;
+import org.apache.kerby.kerberos.kerb.type.pa.pkinit.KdcDhKeyInfo;
+import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsRep;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsReq;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PkAuthenticator;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.TrustedCertifiers;
 import org.apache.kerby.x509.type.AlgorithmIdentifier;
+import org.apache.kerby.x509.type.Certificate;
 import org.apache.kerby.x509.type.DhParameter;
 import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
 import org.slf4j.Logger;
@@ -57,7 +70,10 @@ import org.slf4j.LoggerFactory;
 
 import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
+import java.io.IOException;
 import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Calendar;
 import java.util.Date;
@@ -202,12 +218,12 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
         if (processingRequest) {
             generateRequest(reqCtx, kdcRequest, outPadata);
+            return true;
         } else {
             EncryptionType encType = kdcRequest.getEncType();
             processReply(kdcRequest, reqCtx, inPadata, encType);
+            return true;
         }
-
-        return false;
     }
 
     private void generateRequest(PkinitRequestContext reqCtx, KdcRequest kdcRequest,
@@ -243,7 +259,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
             AlgorithmIdentifier dhAlg = new AlgorithmIdentifier();
             dhAlg.setAlgorithm(dhOid.getValue());
 
-            DhClient client = new DhClient();
+            DiffieHellmanClient client = new DiffieHellmanClient();
 
             DHPublicKey clientPubKey = null;
             try {
@@ -252,7 +268,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
                 e.printStackTrace();
             }
 
-            kdcRequest.setDhClient(client);
+            reqCtx.setDhClient(client);
 
             DHParameterSpec type = null;
             try {
@@ -308,14 +324,101 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
     private void processReply(KdcRequest kdcRequest,
                               PkinitRequestContext reqCtx,
-                              PaDataEntry inPadata,
-                              EncryptionType encType) {
+                              PaDataEntry paEntry,
+                              EncryptionType encType) throws KrbException {
+
+        // Parse PA-PK-AS-REP message.
+        if (paEntry.getPaDataType() == PaDataType.PK_AS_REP) {
+            LOG.info("processing PK_AS_REP");
+
+            PaPkAsRep paPkAsRep = KrbCodec.decode(paEntry.getPaDataValue(), PaPkAsRep.class);
+            DhRepInfo dhRepInfo = paPkAsRep.getDHRepInfo();
+
+            byte[] dhSignedData = dhRepInfo.getDHSignedData();
+
+            ContentInfo contentInfo = new ContentInfo();
+            try {
+                contentInfo.decode(dhSignedData);
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+
+            SignedData signedData = contentInfo.getContentAs(SignedData.class);
 
-        EncryptionKey asKey = null;
+            PkinitCrypto.verifyCmsSignedData(
+                    CmsMessageType.CMS_SIGN_SERVER, signedData);
 
-        // TODO
 
-        kdcRequest.setAsKey(asKey);
+            String anchorFileName = kdcRequest.getContext().getConfig().getPkinitAnchors().get(0);
+
+            X509Certificate x509Certificate = null;
+            try {
+                x509Certificate = (X509Certificate) CertificateHelper.loadCerts(
+                        anchorFileName).iterator().next();
+            } catch (KrbException e) {
+                e.printStackTrace();
+            }
+            Certificate archorCertificate = PkinitCrypto.changeToCertificate(x509Certificate);
+
+            CertificateSet certificateSet = signedData.getCertificates();
+            List<CertificateChoices> certificateChoicesList = certificateSet.getElements();
+            List<Certificate> certificates = new ArrayList<>();
+            for (CertificateChoices certificateChoices : certificateChoicesList) {
+                certificates.add(certificateChoices.getCertificate());
+            }
+            try {
+                PkinitCrypto.validateChain(certificates, archorCertificate);
+            } catch (Exception e) {
+                throw new KrbException(KrbErrorCode.KDC_ERR_INVALID_CERTIFICATE, e);
+            }
+
+            PrincipalName kdcPrincipal = KrbUtil.makeTgsPrincipal(
+                    kdcRequest.getContext().getConfig().getKdcRealm());
+            //TODO USE CertificateSet
+            boolean validSan = PkinitCrypto.verifyKdcSan(
+                    kdcRequest.getContext().getConfig().getPkinitKdcHostName(), kdcPrincipal,
+                    certificates);
+            if (!validSan) {
+                LOG.error("Did not find an acceptable SAN in KDC certificate");
+            }
+
+            LOG.info("skipping EKU check");
+
+            LOG.info("as_rep: DH key transport algorithm");
+            KdcDhKeyInfo kdcDhKeyInfo = new KdcDhKeyInfo();
+            try {
+                kdcDhKeyInfo.decode(signedData.getEncapContentInfo().getContent());
+            } catch (IOException e) {
+                String errMessage = "failed to decode KdcDhKeyInfo " + e.getMessage();
+                LOG.error(errMessage);
+                throw new KrbException(errMessage);
+            }
+
+            byte[] subjectPublicKey = kdcDhKeyInfo.getSubjectPublicKey().getValue();
+
+            Asn1Integer clientPubKey = KrbCodec.decode(subjectPublicKey, Asn1Integer.class);
+            BigInteger y = clientPubKey.getValue();
+
+            DiffieHellmanClient client = reqCtx.getDhClient();
+            BigInteger p = client.getDhParam().getP();
+            BigInteger g = client.getDhParam().getG();
+
+            DHPublicKey dhPublicKey = PkinitCrypto.createDHPublicKey(p, g, y);
+
+            EncryptionKey secretKey = null;
+            try {
+                client.doPhase(dhPublicKey.getEncoded());
+                secretKey = client.generateKey(null, null, encType);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+            // Set the DH shared key as the client key
+            if (secretKey == null) {
+                throw new KrbException("Fail to create client key.");
+            } else {
+                kdcRequest.setAsKey(secretKey);
+            }
+        }
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
index 05eaf36..4fd72b8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitRequestContext.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.client.preauth.pkinit;
 
+import org.apache.kerby.kerberos.kerb.crypto.dh.DiffieHellmanClient;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.IdentityOpts;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.PluginOpts;
@@ -33,6 +34,7 @@ public class PkinitRequestContext implements PluginRequestContext {
     public boolean rfc6112Kdc;
     public boolean identityInitialized;
     public boolean identityPrompted;
+    private DiffieHellmanClient dhClient;
     
     public void updateRequestOpts(PluginOpts pluginOpts) {
         requestOpts.requireEku = pluginOpts.requireEku;
@@ -41,4 +43,12 @@ public class PkinitRequestContext implements PluginRequestContext {
         requestOpts.usingRsa = pluginOpts.usingRsa;
         requestOpts.requireCrlChecking = pluginOpts.requireCrlChecking;
     }
+
+    public void setDhClient(DiffieHellmanClient client) {
+        this.dhClient = client;
+    }
+
+    public DiffieHellmanClient getDhClient() {
+        return this.dhClient;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
index 3e7c114..a1f1725 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
@@ -20,47 +20,19 @@
 package org.apache.kerby.kerberos.kerb.client.request;
 
 import org.apache.kerby.KOptions;
-import org.apache.kerby.asn1.type.Asn1Integer;
-import org.apache.kerby.cms.type.CertificateChoices;
-import org.apache.kerby.cms.type.CertificateSet;
-import org.apache.kerby.cms.type.ContentInfo;
-import org.apache.kerby.cms.type.SignedData;
-import org.apache.kerby.kerberos.kerb.KrbCodec;
-import org.apache.kerby.kerberos.kerb.KrbErrorCode;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.client.KrbContext;
 import org.apache.kerby.kerberos.kerb.client.PkinitOption;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.crypto.dh.DhClient;
-import org.apache.kerby.kerberos.kerb.preauth.pkinit.CmsMessageType;
-import org.apache.kerby.kerberos.kerb.preauth.pkinit.CertificateHelper;
-import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitCrypto;
+import org.apache.kerby.kerberos.kerb.client.preauth.PreauthContext;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.type.kdc.AsReq;
 import org.apache.kerby.kerberos.kerb.type.kdc.KdcOption;
 import org.apache.kerby.kerberos.kerb.type.kdc.KdcRep;
 import org.apache.kerby.kerberos.kerb.type.kdc.KdcReqBody;
-import org.apache.kerby.kerberos.kerb.type.pa.PaData;
-import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
-import org.apache.kerby.kerberos.kerb.type.pa.pkinit.DhRepInfo;
-import org.apache.kerby.kerberos.kerb.type.pa.pkinit.KdcDhKeyInfo;
-import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsRep;
-import org.apache.kerby.x509.type.Certificate;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.crypto.interfaces.DHPublicKey;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
 
 public class AsRequestWithCert extends AsRequest {
 
-    private static final Logger LOG = LoggerFactory.getLogger(AsRequestWithCert.class);
     public static final String ANONYMOUS_PRINCIPAL = "ANONYMOUS@WELLKNOWN:ANONYMOUS";
 
     public AsRequestWithCert(KrbContext context) {
@@ -103,101 +75,15 @@ public class AsRequestWithCert extends AsRequest {
     @Override
     public void processResponse(KdcRep kdcRep) throws KrbException {
 
-        PaData paData = kdcRep.getPaData();
-        for (PaDataEntry paEntry : paData.getElements()) {
-            // Parse PA-PK-AS-REP message.
-            if (paEntry.getPaDataType() == PaDataType.PK_AS_REP) {
-                LOG.info("processing PK_AS_REP");
-
-                PaPkAsRep paPkAsRep = KrbCodec.decode(paEntry.getPaDataValue(), PaPkAsRep.class);
-                DhRepInfo dhRepInfo = paPkAsRep.getDHRepInfo();
-
-                byte[] dhSignedData = dhRepInfo.getDHSignedData();
-
-                ContentInfo contentInfo = new ContentInfo();
-                try {
-                    contentInfo.decode(dhSignedData);
-                } catch (IOException e) {
-                    e.printStackTrace();
-                }
-
-                SignedData signedData = contentInfo.getContentAs(SignedData.class);
-
-                PkinitCrypto.verifyCmsSignedData(
-                    CmsMessageType.CMS_SIGN_SERVER, signedData);
-
-
-                String anchorFileName = getContext().getConfig().getPkinitAnchors().get(0);
-
-                X509Certificate x509Certificate = null;
-                try {
-                    x509Certificate = (X509Certificate) CertificateHelper.loadCerts(
-                            anchorFileName).iterator().next();
-                } catch (KrbException e) {
-                    e.printStackTrace();
-                }
-                Certificate archorCertificate = PkinitCrypto.changeToCertificate(x509Certificate);
-
-                CertificateSet certificateSet = signedData.getCertificates();
-                List<CertificateChoices> certificateChoicesList = certificateSet.getElements();
-                List<Certificate> certificates = new ArrayList<>();
-                for (CertificateChoices certificateChoices : certificateChoicesList) {
-                    certificates.add(certificateChoices.getCertificate());
-                }
-                try {
-                    PkinitCrypto.validateChain(certificates, archorCertificate);
-                } catch (Exception e) {
-                    throw new KrbException(KrbErrorCode.KDC_ERR_INVALID_CERTIFICATE, e);
-                }
-
-                PrincipalName kdcPrincipal = KrbUtil.makeTgsPrincipal(
-                        getContext().getConfig().getKdcRealm());
-                //TODO USE CertificateSet
-                boolean validSan = PkinitCrypto.verifyKdcSan(
-                        getContext().getConfig().getPkinitKdcHostName(), kdcPrincipal,
-                        certificates);
-                if (!validSan) {
-                    LOG.error("Did not find an acceptable SAN in KDC certificate");
-                }
-
-                LOG.info("skipping EKU check");
-
-                LOG.info("as_rep: DH key transport algorithm");
-                KdcDhKeyInfo kdcDhKeyInfo = new KdcDhKeyInfo();
-                try {
-                    kdcDhKeyInfo.decode(signedData.getEncapContentInfo().getContent());
-                } catch (IOException e) {
-                    String errMessage = "failed to decode KdcDhKeyInfo " + e.getMessage();
-                    LOG.error(errMessage);
-                    throw new KrbException(errMessage);
-                }
-
-                byte[] subjectPublicKey = kdcDhKeyInfo.getSubjectPublicKey().getValue();
-
-                Asn1Integer clientPubKey = KrbCodec.decode(subjectPublicKey, Asn1Integer.class);
-                BigInteger y = clientPubKey.getValue();
-
-                DhClient client = getDhClient();
-                BigInteger p = client.getDhParam().getP();
-                BigInteger g = client.getDhParam().getG();
-
-                DHPublicKey dhPublicKey = PkinitCrypto.createDHPublicKey(p, g, y);
-
-                EncryptionKey secretKey = null;
-                try {
-                    client.doPhase(dhPublicKey.getEncoded());
-                    secretKey = client.generateKey(null, null, getEncType());
-                } catch (Exception e) {
-                    e.printStackTrace();
-                }
-                // Set the DH shared key as the client key
-                if (secretKey == null) {
-                    throw new KrbException("Fail to create client key.");
-                } else {
-                    setClientKey(secretKey);
-                }
-            }
-        }
+        PreauthContext preauthContext = getPreauthContext();
+        preauthContext.setInputPaData(kdcRep.getPaData());
+        preauth();
+
         super.processResponse(kdcRep);
     }
+
+    @Override
+    public EncryptionKey getClientKey() throws KrbException {
+        return getAsKey();
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
index 32e0db2..1900783 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
@@ -30,7 +30,6 @@ import org.apache.kerby.kerberos.kerb.client.preauth.PreauthContext;
 import org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
-import org.apache.kerby.kerberos.kerb.crypto.dh.DhClient;
 import org.apache.kerby.kerberos.kerb.type.KerberosTime;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
@@ -77,8 +76,6 @@ public abstract class KdcRequest {
 
     private boolean isRetrying;
 
-    private DhClient dhClient;
-
     public KdcRequest(KrbContext context) {
         this.context = context;
         this.isRetrying = false;
@@ -419,12 +416,4 @@ public abstract class KdcRequest {
             }
         }
     }
-
-    public void setDhClient(DhClient client) {
-        this.dhClient = client;
-    }
-
-    public DhClient getDhClient() {
-        return this.dhClient;
-    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhClient.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhClient.java
deleted file mode 100644
index d58c4ff..0000000
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhClient.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.crypto.dh;
-
-import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
-import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
-
-import javax.crypto.KeyAgreement;
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PublicKey;
-import java.security.spec.X509EncodedKeySpec;
-
-
-/**
- * The client-side of Diffie-Hellman key agreement for Kerberos PKINIT.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- * @version $Rev$, $Date$
- */
-public class DhClient {
-
-    private KeyAgreement clientKeyAgree;
-    private EncryptionKey clientKey;
-    private DHParameterSpec dhParameterSpec;
-
-
-    public DHParameterSpec getDhParam() {
-        return dhParameterSpec;
-    }
-
-    public DHPublicKey init(DHParameterSpec dhParamSpec) throws Exception {
-        dhParameterSpec = dhParamSpec;
-        // The client creates its own DH key pair, using the DH parameters from above.
-        KeyPairGenerator clientKpairGen = KeyPairGenerator.getInstance("DH");
-        clientKpairGen.initialize(dhParamSpec);
-        KeyPair clientKpair = clientKpairGen.generateKeyPair();
-
-        // The client creates and initializes its DH KeyAgreement object.
-        clientKeyAgree = KeyAgreement.getInstance("DH");
-        clientKeyAgree.init(clientKpair.getPrivate());
-
-        // The client encodes its public key, and sends it over to the server.
-        return (DHPublicKey) clientKpair.getPublic();
-    }
-
-
-    public void doPhase(byte[] serverPubKeyEnc) throws Exception {
-        /*
-         * The client uses the server's public key for the first (and only) phase
-         * of its version of the DH protocol.  Before it can do so, it has to
-         * instantiate a DH public key from the server's encoded key material.
-         */
-        KeyFactory clientKeyFac = KeyFactory.getInstance("DH");
-        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(serverPubKeyEnc);
-        PublicKey serverPubKey = clientKeyFac.generatePublic(x509KeySpec);
-
-        clientKeyAgree.doPhase(serverPubKey, true);
-    }
-
-    public EncryptionKey generateKey(byte[] clientDhNonce, byte[] serverDhNonce, EncryptionType type) {
-        // ZZ length will be same as public key.
-        byte[] dhSharedSecret = clientKeyAgree.generateSecret();
-        byte[] x = dhSharedSecret;
-
-        if (clientDhNonce != null && clientDhNonce.length > 0
-                && serverDhNonce != null && serverDhNonce.length > 0) {
-            x = concatenateBytes(dhSharedSecret, clientDhNonce);
-            x = concatenateBytes(x, serverDhNonce);
-        }
-
-        byte[] secret = OctetString2Key.kTruncate(dhSharedSecret.length, x);
-
-        clientKey = new EncryptionKey(type, secret);
-
-        return clientKey;
-    }
-
-    /**
-     * Decrypt
-     *
-     * @param cipherText
-     * @return The decrypted byte
-     * @throws Exception e
-     */
-    public byte[] decrypt(byte[] cipherText, KeyUsage usage) throws Exception {
-        // Use the secret key to encrypt/decrypt data.
-        EncTypeHandler encType = EncryptionHandler.getEncHandler(clientKey.getKeyType());
-        return encType.decrypt(cipherText, clientKey.getKeyData(), usage.getValue());
-    }
-
-    private byte[] concatenateBytes(byte[] array1, byte[] array2) {
-        byte[] concatenatedBytes = new byte[array1.length + array2.length];
-
-        System.arraycopy(array1, 0, concatenatedBytes, 0, array1.length);
-
-        for (int j = array1.length; j < concatenatedBytes.length; j++) {
-            concatenatedBytes[j] = array2[j - array1.length];
-        }
-
-        return concatenatedBytes;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhServer.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhServer.java
deleted file mode 100644
index bac5ca0..0000000
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhServer.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.crypto.dh;
-
-import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
-import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
-
-import javax.crypto.KeyAgreement;
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PublicKey;
-import java.security.spec.X509EncodedKeySpec;
-
-
-/**
- * The server-side of Diffie-Hellman key agreement for Kerberos PKINIT.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- * @version $Rev$, $Date$
- */
-public class DhServer {
-
-    private KeyAgreement serverKeyAgree;
-    private EncryptionKey serverKey;
-
-    public PublicKey initAndDoPhase(byte[] clientPubKeyEnc) throws Exception {
-        /*
-         * The server has received the client's public key in encoded format.  The
-         * server instantiates a DH public key from the encoded key material.
-         */
-        KeyFactory serverKeyFac = KeyFactory.getInstance("DH");
-        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(clientPubKeyEnc);
-        PublicKey clientPubKey = serverKeyFac.generatePublic(x509KeySpec);
-
-        /*
-         * The server gets the DH parameters associated with the client's public
-         * key.  The server must use the same parameters when it generates its own key pair.
-         */
-        DHParameterSpec dhParamSpec = ((DHPublicKey) clientPubKey).getParams();
-
-        // The server creates its own DH key pair.
-        KeyPairGenerator serverKpairGen = KeyPairGenerator.getInstance("DH");
-        serverKpairGen.initialize(dhParamSpec);
-        KeyPair serverKpair = serverKpairGen.generateKeyPair();
-
-        // The server creates and initializes its DH KeyAgreement object.
-        serverKeyAgree = KeyAgreement.getInstance("DH");
-        serverKeyAgree.init(serverKpair.getPrivate());
-
-        /*
-         * The server uses the client's public key for the only phase of its
-         * side of the DH protocol.
-         */
-        serverKeyAgree.doPhase(clientPubKey, true);
-
-        // The server encodes its public key, and sends it over to the client.
-        return serverKpair.getPublic();
-    }
-
-    public EncryptionKey generateKey(byte[] clientDhNonce, byte[] serverDhNonce, EncryptionType type) {
-        // ZZ length will be same as public key.
-        byte[] dhSharedSecret = serverKeyAgree.generateSecret();
-        byte[] x = dhSharedSecret;
-
-        if (clientDhNonce != null && clientDhNonce.length > 0
-                && serverDhNonce != null && serverDhNonce.length > 0) {
-            x = concatenateBytes(dhSharedSecret, clientDhNonce);
-            x = concatenateBytes(x, serverDhNonce);
-        }
-
-        byte[] secret = OctetString2Key.kTruncate(dhSharedSecret.length, x);
-        serverKey = new EncryptionKey(type, secret);
-
-        return serverKey;
-    }
-
-    /**
-     * Encrypt
-     *
-     * @param clearText The clear test
-     * @return The cipher text.
-     * @throws Exception e
-     */
-    public byte[] encrypt(byte[] clearText, KeyUsage usage) throws Exception {
-        // Use the secret key to encrypt/decrypt data.
-        EncTypeHandler encType = EncryptionHandler.getEncHandler(serverKey.getKeyType());
-        return encType.encrypt(clearText, serverKey.getKeyData(), usage.getValue());
-    }
-
-    private byte[] concatenateBytes(byte[] array1, byte[] array2) {
-        byte[] concatenatedBytes = new byte[array1.length + array2.length];
-
-        System.arraycopy(array1, 0, concatenatedBytes, 0, array1.length);
-
-        for (int j = array1.length; j < concatenatedBytes.length; j++) {
-            concatenatedBytes[j] = array2[j - array1.length];
-        }
-
-        return concatenatedBytes;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanClient.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanClient.java
new file mode 100644
index 0000000..1997f7c
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanClient.java
@@ -0,0 +1,126 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.dh;
+
+import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
+
+import javax.crypto.KeyAgreement;
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+
+
+/**
+ * The client-side of Diffie-Hellman key agreement for Kerberos PKINIT.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class DiffieHellmanClient {
+
+    private KeyAgreement clientKeyAgree;
+    private EncryptionKey clientKey;
+    private DHParameterSpec dhParameterSpec;
+
+
+    public DHParameterSpec getDhParam() {
+        return dhParameterSpec;
+    }
+
+    public DHPublicKey init(DHParameterSpec dhParamSpec) throws Exception {
+        dhParameterSpec = dhParamSpec;
+        // The client creates its own DH key pair, using the DH parameters from above.
+        KeyPairGenerator clientKpairGen = KeyPairGenerator.getInstance("DH");
+        clientKpairGen.initialize(dhParamSpec);
+        KeyPair clientKpair = clientKpairGen.generateKeyPair();
+
+        // The client creates and initializes its DH KeyAgreement object.
+        clientKeyAgree = KeyAgreement.getInstance("DH");
+        clientKeyAgree.init(clientKpair.getPrivate());
+
+        // The client encodes its public key, and sends it over to the server.
+        return (DHPublicKey) clientKpair.getPublic();
+    }
+
+
+    public void doPhase(byte[] serverPubKeyEnc) throws Exception {
+        /*
+         * The client uses the server's public key for the first (and only) phase
+         * of its version of the DH protocol.  Before it can do so, it has to
+         * instantiate a DH public key from the server's encoded key material.
+         */
+        KeyFactory clientKeyFac = KeyFactory.getInstance("DH");
+        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(serverPubKeyEnc);
+        PublicKey serverPubKey = clientKeyFac.generatePublic(x509KeySpec);
+
+        clientKeyAgree.doPhase(serverPubKey, true);
+    }
+
+    public EncryptionKey generateKey(byte[] clientDhNonce, byte[] serverDhNonce, EncryptionType type) {
+        // ZZ length will be same as public key.
+        byte[] dhSharedSecret = clientKeyAgree.generateSecret();
+        byte[] x = dhSharedSecret;
+
+        if (clientDhNonce != null && clientDhNonce.length > 0
+                && serverDhNonce != null && serverDhNonce.length > 0) {
+            x = concatenateBytes(dhSharedSecret, clientDhNonce);
+            x = concatenateBytes(x, serverDhNonce);
+        }
+
+        byte[] secret = OctetString2Key.kTruncate(dhSharedSecret.length, x);
+
+        clientKey = new EncryptionKey(type, secret);
+
+        return clientKey;
+    }
+
+    /**
+     * Decrypt
+     *
+     * @param cipherText
+     * @return The decrypted byte
+     * @throws Exception e
+     */
+    public byte[] decrypt(byte[] cipherText, KeyUsage usage) throws Exception {
+        // Use the secret key to encrypt/decrypt data.
+        EncTypeHandler encType = EncryptionHandler.getEncHandler(clientKey.getKeyType());
+        return encType.decrypt(cipherText, clientKey.getKeyData(), usage.getValue());
+    }
+
+    private byte[] concatenateBytes(byte[] array1, byte[] array2) {
+        byte[] concatenatedBytes = new byte[array1.length + array2.length];
+
+        System.arraycopy(array1, 0, concatenatedBytes, 0, array1.length);
+
+        for (int j = array1.length; j < concatenatedBytes.length; j++) {
+            concatenatedBytes[j] = array2[j - array1.length];
+        }
+
+        return concatenatedBytes;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanServer.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanServer.java
new file mode 100644
index 0000000..501f638
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/dh/DiffieHellmanServer.java
@@ -0,0 +1,124 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.dh;
+
+import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
+
+import javax.crypto.KeyAgreement;
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+
+
+/**
+ * The server-side of Diffie-Hellman key agreement for Kerberos PKINIT.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class DiffieHellmanServer {
+
+    private KeyAgreement serverKeyAgree;
+    private EncryptionKey serverKey;
+
+    public PublicKey initAndDoPhase(byte[] clientPubKeyEnc) throws Exception {
+        /*
+         * The server has received the client's public key in encoded format.  The
+         * server instantiates a DH public key from the encoded key material.
+         */
+        KeyFactory serverKeyFac = KeyFactory.getInstance("DH");
+        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(clientPubKeyEnc);
+        PublicKey clientPubKey = serverKeyFac.generatePublic(x509KeySpec);
+
+        /*
+         * The server gets the DH parameters associated with the client's public
+         * key.  The server must use the same parameters when it generates its own key pair.
+         */
+        DHParameterSpec dhParamSpec = ((DHPublicKey) clientPubKey).getParams();
+
+        // The server creates its own DH key pair.
+        KeyPairGenerator serverKpairGen = KeyPairGenerator.getInstance("DH");
+        serverKpairGen.initialize(dhParamSpec);
+        KeyPair serverKpair = serverKpairGen.generateKeyPair();
+
+        // The server creates and initializes its DH KeyAgreement object.
+        serverKeyAgree = KeyAgreement.getInstance("DH");
+        serverKeyAgree.init(serverKpair.getPrivate());
+
+        /*
+         * The server uses the client's public key for the only phase of its
+         * side of the DH protocol.
+         */
+        serverKeyAgree.doPhase(clientPubKey, true);
+
+        // The server encodes its public key, and sends it over to the client.
+        return serverKpair.getPublic();
+    }
+
+    public EncryptionKey generateKey(byte[] clientDhNonce, byte[] serverDhNonce, EncryptionType type) {
+        // ZZ length will be same as public key.
+        byte[] dhSharedSecret = serverKeyAgree.generateSecret();
+        byte[] x = dhSharedSecret;
+
+        if (clientDhNonce != null && clientDhNonce.length > 0
+                && serverDhNonce != null && serverDhNonce.length > 0) {
+            x = concatenateBytes(dhSharedSecret, clientDhNonce);
+            x = concatenateBytes(x, serverDhNonce);
+        }
+
+        byte[] secret = OctetString2Key.kTruncate(dhSharedSecret.length, x);
+        serverKey = new EncryptionKey(type, secret);
+
+        return serverKey;
+    }
+
+    /**
+     * Encrypt
+     *
+     * @param clearText The clear test
+     * @return The cipher text.
+     * @throws Exception e
+     */
+    public byte[] encrypt(byte[] clearText, KeyUsage usage) throws Exception {
+        // Use the secret key to encrypt/decrypt data.
+        EncTypeHandler encType = EncryptionHandler.getEncHandler(serverKey.getKeyType());
+        return encType.encrypt(clearText, serverKey.getKeyData(), usage.getValue());
+    }
+
+    private byte[] concatenateBytes(byte[] array1, byte[] array2) {
+        byte[] concatenatedBytes = new byte[array1.length + array2.length];
+
+        System.arraycopy(array1, 0, concatenatedBytes, 0, array1.length);
+
+        for (int j = array1.length; j < concatenatedBytes.length; j++) {
+            concatenatedBytes[j] = array2[j - array1.length];
+        }
+
+        return concatenatedBytes;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
index 91af336..1421dbb 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
@@ -60,8 +60,8 @@ public class DhKeyAgreementTest {
      */
     @Test
     public void testPreGeneratedDhParams() throws Exception {
-        DhClient client = new DhClient();
-        DhServer server = new DhServer();
+        DiffieHellmanClient client = new DiffieHellmanClient();
+        DiffieHellmanServer server = new DiffieHellmanServer();
 
         byte[] clientPubKeyEnc = client.init(DhGroup.MODP_GROUP2).getEncoded();
         byte[] serverPubKeyEnc = server.initAndDoPhase(clientPubKeyEnc).getEncoded();
@@ -98,8 +98,8 @@ public class DhKeyAgreementTest {
         byte[] serverDhNonce = new byte[16];
         secureRandom.nextBytes(serverDhNonce);
 
-        DhClient client = new DhClient();
-        DhServer server = new DhServer();
+        DiffieHellmanClient client = new DiffieHellmanClient();
+        DiffieHellmanServer server = new DiffieHellmanServer();
 
         byte[] clientPubKeyEnc = client.init(DhGroup.MODP_GROUP2).getEncoded();
         byte[] serverPubKeyEnc = server.initAndDoPhase(clientPubKeyEnc).getEncoded();
@@ -120,8 +120,8 @@ public class DhKeyAgreementTest {
 
     @Test
     public void testGeneratedDhParams() throws Exception {
-        DhClient client = new DhClient();
-        DhServer server = new DhServer();
+        DiffieHellmanClient client = new DiffieHellmanClient();
+        DiffieHellmanServer server = new DiffieHellmanServer();
 
         DHPublicKey clientPubKey = client.init(DhGroup.MODP_GROUP2);
         DHParameterSpec spec = clientPubKey.getParams();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c598f95/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 128d22c..aa4d32d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -32,7 +32,7 @@ import org.apache.kerby.kerberos.kerb.KrbErrorCode;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.CheckSumUtil;
 import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.crypto.dh.DhServer;
+import org.apache.kerby.kerberos.kerb.crypto.dh.DiffieHellmanServer;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.CertificateHelper;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.CmsMessageType;
@@ -225,7 +225,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
                 DHPublicKey dhPublicKey = PkinitCrypto.createDHPublicKey(p, g, y);
 
-                DhServer server = new DhServer();
+                DiffieHellmanServer server = new DiffieHellmanServer();
                 DHPublicKey serverPubKey = null;
                 try {
                     serverPubKey = (DHPublicKey) server.initAndDoPhase(dhPublicKey.getEncoded());


Mime
View raw message