You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by ka...@apache.org on 2014/01/08 10:44:50 UTC

svn commit: r1556475 - /directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java

Author: kayyagari
Date: Wed Jan  8 09:44:50 2014
New Revision: 1556475

URL: http://svn.apache.org/r1556475
Log:
use the subKey that was used in ApReq to decrypt the KrbPriv part present in the reply (DIRKRB-97)

Modified:
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java

Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1556475&r1=1556474&r2=1556475&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java Wed Jan  8 09:44:50 2014
@@ -595,13 +595,10 @@ public class KdcConnection
             }
             
             ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) reply;
-            ApRep chngApRep = chngPwdReply.getApplicationReply();
-            byte[] apRepData = cipherTextHandler.decrypt( tgt.getSessionKey(), chngApRep.getEncPart(), KeyUsage.AP_REP_ENC_PART_SESS_KEY );
-            
-            EncApRepPart encApRepPart = KerberosDecoder.decodeEncApRepPart( apRepData );
-            
+
             KrbPriv replyPriv = chngPwdReply.getPrivateMessage();
-            byte[] data = cipherTextHandler.decrypt( encApRepPart.getSubkey(), replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
+            // the same subKey present in ApReq is used for encrypting the KrbPriv present in reply
+            byte[] data = cipherTextHandler.decrypt( subKey, replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
             part = KerberosDecoder.decodeEncKrbPrivPart( data );
             
             ChangePasswordResult result = new ChangePasswordResult( part.getUserData() );