Java 类javax.crypto.interfaces.DHPublicKey 实例源码

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        return new BCElGamalPublicKey((DHPublicKey)key);
    }
    else if (key instanceof DHPrivateKey)
    {
        return new BCElGamalPrivateKey((DHPrivateKey)key);
    }
    else if (key instanceof ElGamalPublicKey)
    {
        return new BCElGamalPublicKey((ElGamalPublicKey)key);
    }
    else if (key instanceof ElGamalPrivateKey)
    {
        return new BCElGamalPrivateKey((ElGamalPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}

/**
 * 甲方初始化并返回密钥对
 */
public static Map<String, Object> initKey() throws Exception{
    //实例化密钥对生成器
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
    //初始化密钥对生成器  默认是1024  512-1024 & 64的倍数
    keyPairGenerator.initialize(1024);
    //生成密钥对
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    //得到甲方公钥
    DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
    //得到甲方私钥
    DHPrivateKey peivateKey = (DHPrivateKey) keyPair.getPrivate();
    //将公钥和私钥封装到Map中，方便之后使用
    Map<String, Object> keyMap = new HashMap<String, Object>();
    keyMap.put(PUBLIC_KEY, publicKey);
    keyMap.put(PRIVATE_KEY, peivateKey);
    return keyMap;
}

void checkConstraints(AlgorithmConstraints constraints,
        BigInteger peerPublicValue) throws SSLHandshakeException {

    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec);

        // check constraints of DHPublicKey
        if (!constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
            throw new SSLHandshakeException(
                "DHPublicKey does not comply to algorithm constraints");
        }
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
                "Could not generate DHPublicKey").initCause(gse);
    }
}

void checkConstraints(AlgorithmConstraints constraints,
        BigInteger peerPublicValue) throws SSLHandshakeException {

    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec);

        // check constraints of DHPublicKey
        if (!constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
            throw new SSLHandshakeException(
                "DHPublicKey does not comply to algorithm constraints");
        }
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
                "Could not generate DHPublicKey").initCause(gse);
    }
}

@Override
public void main(Provider provider) throws Exception {
    if (provider.getService("KeyPairGenerator", "DiffieHellman") == null) {
        System.out.println("No support of DH KeyPairGenerator, skipping");
        return;
    }

    for (SupportedKeySize keySize : SupportedKeySize.values()) {
        System.out.println("Checking " + keySize.primeSize + " ...");
        KeyPairGenerator kpg =
                KeyPairGenerator.getInstance("DiffieHellman", provider);
        kpg.initialize(keySize.primeSize);
        KeyPair kp = kpg.generateKeyPair();
        checkKeyPair(kp, keySize.primeSize, provider);

        DHPublicKey publicKey = (DHPublicKey)kp.getPublic();
        BigInteger p = publicKey.getParams().getP();
        BigInteger g = publicKey.getParams().getG();
        kpg.initialize(new DHParameterSpec(p, g));
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, keySize.primeSize, provider);
    }
}

void checkConstraints(AlgorithmConstraints constraints,
        BigInteger peerPublicValue) throws SSLHandshakeException {

    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec);

        // check constraints of DHPublicKey
        if (!constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
            throw new SSLHandshakeException(
                "DHPublicKey does not comply to algorithm constraints");
        }
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
                "Could not generate DHPublicKey").initCause(gse);
    }
}

void checkConstraints(AlgorithmConstraints constraints,
        BigInteger peerPublicValue) throws SSLHandshakeException {

    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec);

        // check constraints of DHPublicKey
        if (!constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
            throw new SSLHandshakeException(
                "DHPublicKey does not comply to algorithm constraints");
        }
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
                "Could not generate DHPublicKey").initCause(gse);
    }
}

void checkConstraints(AlgorithmConstraints constraints,
        BigInteger peerPublicValue) throws SSLHandshakeException {

    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec);

        // check constraints of DHPublicKey
        if (!constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
            throw new SSLHandshakeException(
                "DHPublicKey does not comply to algorithm constraints");
        }
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
                "Could not generate DHPublicKey").initCause(gse);
    }
}

public void loadServerKey() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeySpecException {
        char[] password = KEYSTORE_PASSWORD.toCharArray();

        FileInputStream fIn = new FileInputStream(KEYSTORE_FILENAME);
        KeyStore keystore = KeyStore.getInstance("JKS");

        keystore.load(fIn, password);
        serverCertificate = (X509Certificate) keystore.getCertificate("server");
        serverPrivateKey  = (PrivateKey) keystore.getKey("server", password);

        // Generate DH keys for this session
        // Use hardcoded DH parameters
        DHParameterSpec dhParams = new DHParameterSpec(new BigInteger(new byte[] {(byte)0x00, (byte)0xad, (byte)0x77, (byte)0xcd, (byte)0xb7, (byte)0x14, (byte)0x6f, (byte)0xfe, (byte)0x08, (byte)0x1a, (byte)0xee, (byte)0xd2, (byte)0x2c, (byte)0x18, (byte)0x29, (byte)0x62, (byte)0x5a, (byte)0xff, (byte)0x03, (byte)0x5d, (byte)0xde, (byte)0xba, (byte)0x0d, (byte)0xd4, (byte)0x36, (byte)0x15, (byte)0x03, (byte)0x11, (byte)0x21, (byte)0x48, (byte)0xd9, (byte)0x77, (byte)0xfb, (byte)0x67, (byte)0xb0, (byte)0x74, (byte)0x2e, (byte)0x68, (byte)0xed, (byte)0x5a, (byte)0x3f, (byte)0x8a, (byte)0x3e, (byte)0xdb, (byte)0x81, (byte)0xa3, (byte)0x3b, (byte)0xaf, (byte)0x26, (byte)0xe4, (byte)0x54, (byte)0x00, (byte)0x85, (byte)0x0d, (byte)0xfd, (byte)0x23, (byte)0x21, (byte)0xc1, (byte)0xfe, (byte)0x69, (byte)0xe4, (byte)0xf3, (byte)0x57, (byte)0xe6, (byte)0x0a, (byte)0x7c, (byte)0x62, (byte)0xc0, (byte)0xd6, (byte)0x40, (byte)0x3e, (byte)0x94, (byte)0x9e, (byte)0x49, (byte)0x72, (byte)0x5a, (byte)0x21, (byte)0x53, (byte)0xb0, (byte)0x83, (byte)0x05, (byte)0x81, (byte)0x5a, (byte)0xde, (byte)0x17, (byte)0x31, (byte)0xbf, (byte)0xa8, (byte)0xa9, (byte)0xe5, (byte)0x28, (byte)0x1a, (byte)0xfc, (byte)0x06, (byte)0x1e, (byte)0x49, (byte)0xfe, (byte)0xdc, (byte)0x08, (byte)0xe3, (byte)0x29, (byte)0xfe, (byte)0x5b, (byte)0x88, (byte)0x66, (byte)0x39, (byte)0xa8, (byte)0x69, (byte)0x62, (byte)0x88, (byte)0x47, (byte)0x36, (byte)0xf5, (byte)0xdd, (byte)0x92, (byte)0x8f, (byte)0xca, (byte)0x32, (byte)0x4b, (byte)0x87, (byte)0xad, (byte)0xbf, (byte)0xab, (byte)0x4a, (byte)0x9d, (byte)0xd5, (byte)0xb8, (byte)0x2c, (byte)0xc4, (byte)0x43, (byte)0xb2, (byte)0x21, (byte)0xb4, (byte)0x2a, (byte)0x9b, (byte)0x42, (byte)0x17, (byte)0x6d, (byte)0xb6, (byte)0x86, (byte)0x42, (byte)0x41, (byte)0xb1, (byte)0xc7, (byte)0x37, (byte)0x37, (byte)0x95, (byte)0x6d, (byte)0x62, (byte)0xca, (byte)0xa6, (byte)0x57, (byte)0x33, (byte)0x88, (byte)0xe2, (byte)0x31, (byte)0xfe, (byte)0xd1, (byte)0x51, (byte)0xe7, (byte)0x73, (byte)0xae, (byte)0x3c, (byte)0xa7, (byte)0x4b, (byte)0xbc, (byte)0x8a, (byte)0x3d, (byte)0xc5, (byte)0x9a, (byte)0x28, (byte)0x9a, (byte)0xf9, (byte)0x57, (byte)0xb6, (byte)0xec, (byte)0xf6, (byte)0x75, (byte)0xaa, (byte)0x56, (byte)0xc1, (byte)0x42, (byte)0x9f, (byte)0x6a, (byte)0x7c, (byte)0x91, (byte)0x8b, (byte)0x5e, (byte)0xea, (byte)0x54, (byte)0x32, (byte)0x90, (byte)0x8a, (byte)0x9d, (byte)0x76, (byte)0x2a, (byte)0x29, (byte)0x1b, (byte)0x84, (byte)0x35, (byte)0xe6, (byte)0x21, (byte)0x07, (byte)0xb2, (byte)0xcb, (byte)0x5c, (byte)0xf9, (byte)0x5b, (byte)0xe9, (byte)0x5e, (byte)0x1b, (byte)0x80, (byte)0xd5, (byte)0x53, (byte)0xd7, (byte)0xa4, (byte)0x26, (byte)0x58, (byte)0xe4, (byte)0xe9, (byte)0x3f, (byte)0xfd, (byte)0xeb, (byte)0x78, (byte)0xf2, (byte)0x25, (byte)0x02, (byte)0x42, (byte)0xf8, (byte)0x50, (byte)0x13, (byte)0xbb, (byte)0x01, (byte)0x39, (byte)0xf3, (byte)0xcf, (byte)0x5c, (byte)0x51, (byte)0xdf, (byte)0xed, (byte)0xc5, (byte)0xfa, (byte)0xd8, (byte)0x4f, (byte)0xae, (byte)0x76, (byte)0xe8, (byte)0x30, (byte)0xfc, (byte)0x85, (byte)0xaa, (byte)0x8c, (byte)0x91, (byte)0x02, (byte)0x2b, (byte)0x61, (byte)0x87
}), new BigInteger(new byte[] { 0x05 }));

        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
        keyPairGenerator.initialize(dhParams);

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        dhPubKey = (DHPublicKey)keyPair.getPublic();
        dhPrivateKey = (DHPrivateKey)keyPair.getPrivate();
    }

public void loadClientKey() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidAlgorithmParameterException {
        char[] password = KEYSTORE_PASSWORD.toCharArray();

        FileInputStream fIn = new FileInputStream(KEYSTORE_FILENAME);
        KeyStore keystore = KeyStore.getInstance("JKS");

        keystore.load(fIn, password);
        clientCertificate = (X509Certificate) keystore.getCertificate("client");
        clientPrivateKey  = (PrivateKey) keystore.getKey("client", password);

        // Generate DH keys for this session
        // Use hardcoded DH parameters
        DHParameterSpec dhParams = new DHParameterSpec(new BigInteger(new byte[] {(byte)0x00, (byte)0xad, (byte)0x77, (byte)0xcd, (byte)0xb7, (byte)0x14, (byte)0x6f, (byte)0xfe, (byte)0x08, (byte)0x1a, (byte)0xee, (byte)0xd2, (byte)0x2c, (byte)0x18, (byte)0x29, (byte)0x62, (byte)0x5a, (byte)0xff, (byte)0x03, (byte)0x5d, (byte)0xde, (byte)0xba, (byte)0x0d, (byte)0xd4, (byte)0x36, (byte)0x15, (byte)0x03, (byte)0x11, (byte)0x21, (byte)0x48, (byte)0xd9, (byte)0x77, (byte)0xfb, (byte)0x67, (byte)0xb0, (byte)0x74, (byte)0x2e, (byte)0x68, (byte)0xed, (byte)0x5a, (byte)0x3f, (byte)0x8a, (byte)0x3e, (byte)0xdb, (byte)0x81, (byte)0xa3, (byte)0x3b, (byte)0xaf, (byte)0x26, (byte)0xe4, (byte)0x54, (byte)0x00, (byte)0x85, (byte)0x0d, (byte)0xfd, (byte)0x23, (byte)0x21, (byte)0xc1, (byte)0xfe, (byte)0x69, (byte)0xe4, (byte)0xf3, (byte)0x57, (byte)0xe6, (byte)0x0a, (byte)0x7c, (byte)0x62, (byte)0xc0, (byte)0xd6, (byte)0x40, (byte)0x3e, (byte)0x94, (byte)0x9e, (byte)0x49, (byte)0x72, (byte)0x5a, (byte)0x21, (byte)0x53, (byte)0xb0, (byte)0x83, (byte)0x05, (byte)0x81, (byte)0x5a, (byte)0xde, (byte)0x17, (byte)0x31, (byte)0xbf, (byte)0xa8, (byte)0xa9, (byte)0xe5, (byte)0x28, (byte)0x1a, (byte)0xfc, (byte)0x06, (byte)0x1e, (byte)0x49, (byte)0xfe, (byte)0xdc, (byte)0x08, (byte)0xe3, (byte)0x29, (byte)0xfe, (byte)0x5b, (byte)0x88, (byte)0x66, (byte)0x39, (byte)0xa8, (byte)0x69, (byte)0x62, (byte)0x88, (byte)0x47, (byte)0x36, (byte)0xf5, (byte)0xdd, (byte)0x92, (byte)0x8f, (byte)0xca, (byte)0x32, (byte)0x4b, (byte)0x87, (byte)0xad, (byte)0xbf, (byte)0xab, (byte)0x4a, (byte)0x9d, (byte)0xd5, (byte)0xb8, (byte)0x2c, (byte)0xc4, (byte)0x43, (byte)0xb2, (byte)0x21, (byte)0xb4, (byte)0x2a, (byte)0x9b, (byte)0x42, (byte)0x17, (byte)0x6d, (byte)0xb6, (byte)0x86, (byte)0x42, (byte)0x41, (byte)0xb1, (byte)0xc7, (byte)0x37, (byte)0x37, (byte)0x95, (byte)0x6d, (byte)0x62, (byte)0xca, (byte)0xa6, (byte)0x57, (byte)0x33, (byte)0x88, (byte)0xe2, (byte)0x31, (byte)0xfe, (byte)0xd1, (byte)0x51, (byte)0xe7, (byte)0x73, (byte)0xae, (byte)0x3c, (byte)0xa7, (byte)0x4b, (byte)0xbc, (byte)0x8a, (byte)0x3d, (byte)0xc5, (byte)0x9a, (byte)0x28, (byte)0x9a, (byte)0xf9, (byte)0x57, (byte)0xb6, (byte)0xec, (byte)0xf6, (byte)0x75, (byte)0xaa, (byte)0x56, (byte)0xc1, (byte)0x42, (byte)0x9f, (byte)0x6a, (byte)0x7c, (byte)0x91, (byte)0x8b, (byte)0x5e, (byte)0xea, (byte)0x54, (byte)0x32, (byte)0x90, (byte)0x8a, (byte)0x9d, (byte)0x76, (byte)0x2a, (byte)0x29, (byte)0x1b, (byte)0x84, (byte)0x35, (byte)0xe6, (byte)0x21, (byte)0x07, (byte)0xb2, (byte)0xcb, (byte)0x5c, (byte)0xf9, (byte)0x5b, (byte)0xe9, (byte)0x5e, (byte)0x1b, (byte)0x80, (byte)0xd5, (byte)0x53, (byte)0xd7, (byte)0xa4, (byte)0x26, (byte)0x58, (byte)0xe4, (byte)0xe9, (byte)0x3f, (byte)0xfd, (byte)0xeb, (byte)0x78, (byte)0xf2, (byte)0x25, (byte)0x02, (byte)0x42, (byte)0xf8, (byte)0x50, (byte)0x13, (byte)0xbb, (byte)0x01, (byte)0x39, (byte)0xf3, (byte)0xcf, (byte)0x5c, (byte)0x51, (byte)0xdf, (byte)0xed, (byte)0xc5, (byte)0xfa, (byte)0xd8, (byte)0x4f, (byte)0xae, (byte)0x76, (byte)0xe8, (byte)0x30, (byte)0xfc, (byte)0x85, (byte)0xaa, (byte)0x8c, (byte)0x91, (byte)0x02, (byte)0x2b, (byte)0x61, (byte)0x87
}), new BigInteger(new byte[] { 0x05 }));

        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
        keyPairGenerator.initialize(dhParams);

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        dhPubKey = (DHPublicKey)keyPair.getPublic();
        dhPrivateKey = (DHPrivateKey)keyPair.getPrivate();
    }

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        return new BCElGamalPublicKey((DHPublicKey)key);
    }
    else if (key instanceof DHPrivateKey)
    {
        return new BCElGamalPrivateKey((DHPrivateKey)key);
    }
    else if (key instanceof ElGamalPublicKey)
    {
        return new BCElGamalPublicKey((ElGamalPublicKey)key);
    }
    else if (key instanceof ElGamalPrivateKey)
    {
        return new BCElGamalPrivateKey((ElGamalPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}

/**
 * 初始化甲方密钥
 * @return Map 甲方密钥Map
 * @throws Exception
 */
public static Map<String,Object> initKey()throws Exception{
    // 实例化密钥对生成器
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
    keyPairGenerator.initialize(KEY_SIZE);
    // 生成密钥对
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    //甲方公钥
    DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
    //甲方私钥
    DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
    //将密钥对存储在Map中
    Map<String,Object> keyMap = new HashMap<String,Object>();
    keyMap.put(PUBLIC_KEY, publicKey);
    keyMap.put(PRIVATE_KEY, privateKey);
    return keyMap;
}

/**
 * 初始化乙方密钥
 * @param key 甲方公钥
 * @return Map 乙方密钥Map
 * @throws Exception
 */
public static Map<String,Object> initKey(byte[] key)throws Exception{
    //解析甲方公钥，转换公钥材料
    X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(key);
    //实例化密钥工厂
    KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
    //产生公钥
    PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
    //由甲方公钥构建乙方密钥
    DHParameterSpec dhParamSpec = ( (DHPublicKey) pubKey).getParams();
    //实例化密钥对生成器
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyFactory.getAlgorithm());
    //初始化密钥对生成器
    keyPairGenerator.initialize(dhParamSpec);
    //产生密钥对
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    //乙方公钥
    DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
    //乙方私钥
    DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
    //将密钥对存储在Map中
    Map<String,Object> keyMap = new HashMap<String,Object>();
    keyMap.put(PUBLIC_KEY, publicKey);
    keyMap.put(PRIVATE_KEY, privateKey);
    return keyMap;
}

protected DHPublicKey stringToPublicKey(String publicKeyBase64)
{
    try
    {
        byte[] yBinary = Base64.decodeBase64(publicKeyBase64.getBytes());
        BigInteger y = new BigInteger(yBinary);

        DHPublicKeySpec dhPublicKeySpec = new DHPublicKeySpec(
                y, _dhParameterSpec.getP(), _dhParameterSpec.getG() );

        KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);

        return (DHPublicKey) keyFactory.generatePublic(dhPublicKeySpec);
    }
    catch (GeneralSecurityException e)
    {
        _log.error("Cannot create PublicKey object from: " + publicKeyBase64, e);

        return null;
    }
}

public void testPublicKey() throws AssociationException
{
    DHParameterSpec dhParameterSpec = DiffieHellmanSession.getDefaultParameter();

    DiffieHellmanSession diffieHellmanSession = DiffieHellmanSession.create(AssociationSessionType.DH_SHA1, dhParameterSpec);

    String dhPublicKeyBase64 = diffieHellmanSession.getPublicKey();

    DHPublicKey dhPublicKey = diffieHellmanSession.stringToPublicKey(dhPublicKeyBase64);

    BigInteger two = new BigInteger("2");
    BigInteger y = dhPublicKey.getY();
    BigInteger p = dhParameterSpec.getP();

    assertTrue(y.compareTo(two) != -1);
    assertTrue(y.compareTo(p) == -1);
}

/** Builds a KEY record from a PublicKey */
public static KEYRecord
buildRecord(Name name, int dclass, long ttl, int flags, int proto,
        PublicKey key)
{
    byte alg;

    if (key instanceof RSAPublicKey) {
        alg = DNSSEC.RSAMD5;
    }
    else if (key instanceof DHPublicKey) {
        alg = DNSSEC.DH;
    }
    else if (key instanceof DSAPublicKey) {
        alg = DNSSEC.DSA;
    }
    else
        return null;

    return (KEYRecord) buildRecord(name, Type.KEY, dclass, ttl, flags,
                       proto, alg, key);
}

private void rotateRemoteSessionKeys(DHPublicKey pubKey) throws OtrException {

        if (DEBUG_ENABLED) Log.d(LOG_TAG,"Rotating remote keys.");
        SessionKeys sess1 = getSessionKeysByIndex(SessionKeys.Current, SessionKeys.Previous);
        if (sess1.getIsUsedReceivingMACKey()) {
            if (DEBUG_ENABLED) Log.d(LOG_TAG,"Detected used Receiving MAC key. Adding to old MAC keys to reveal it.");
            getOldMacKeys().add(sess1.getReceivingMACKey());
        }

        SessionKeys sess2 = getSessionKeysByIndex(SessionKeys.Previous, SessionKeys.Previous);
        if (sess2.getIsUsedReceivingMACKey()) {
            if (DEBUG_ENABLED) Log.d(LOG_TAG,"Detected used Receiving MAC key. Adding to old MAC keys to reveal it.");
            getOldMacKeys().add(sess2.getReceivingMACKey());
        }

        SessionKeys sess3 = getSessionKeysByIndex(SessionKeys.Current, SessionKeys.Current);
        sess1.setRemoteDHPublicKey(sess3.getRemoteKey(), sess3.getRemoteKeyID());

        SessionKeys sess4 = getSessionKeysByIndex(SessionKeys.Previous, SessionKeys.Current);
        sess2.setRemoteDHPublicKey(sess4.getRemoteKey(), sess4.getRemoteKeyID());

        sess3.setRemoteDHPublicKey(pubKey, sess3.getRemoteKeyID() + 1);
        sess4.setRemoteDHPublicKey(pubKey, sess4.getRemoteKeyID() + 1);
    }

private RevealSignatureMessage getRevealSignatureMessage() throws OtrException {
    try {
        SignatureM m = new SignatureM((DHPublicKey) getLocalDHKeyPair().getPublic(),
                getRemoteDHPublicKey(), getLocalLongTermKeyPair().getPublic(),
                getLocalDHKeyPairID());

        OtrCryptoEngine otrCryptoEngine = new OtrCryptoEngineImpl();
        byte[] mhash = otrCryptoEngine.sha256Hmac(SerializationUtils.toByteArray(m),
                getM1());
        byte[] signature = otrCryptoEngine.sign(mhash, getLocalLongTermKeyPair()
                .getPrivate());

        SignatureX mysteriousX = new SignatureX(getLocalLongTermKeyPair().getPublic(),
                getLocalDHKeyPairID(), signature);
        byte[] xEncrypted = otrCryptoEngine.aesEncrypt(getC(), null,
                SerializationUtils.toByteArray(mysteriousX));

        byte[] tmp = SerializationUtils.writeData(xEncrypted);

        byte[] xEncryptedHash = otrCryptoEngine.sha256Hmac160(tmp, getM2());
        return new RevealSignatureMessage(getProtocolVersion(), xEncrypted, xEncryptedHash,
                getR());
    } catch (IOException e) {
        throw new OtrException(e);
    }
}

private void reset() {
    if (DEBUG_ENABLED) Log.d(LOG_TAG,"Resetting " + keyDescription + " session keys.");
    Arrays.fill(this.sendingCtr, (byte) 0x00);
    Arrays.fill(this.receivingCtr, (byte) 0x00);
    this.sendingAESKey = null;
    this.receivingAESKey = null;
    this.sendingMACKey = null;
    this.receivingMACKey = null;
    this.setIsUsedReceivingMACKey(false);
    this.s = null;
    if (getLocalPair() != null && getRemoteKey() != null) {
        this.isHigh = ((DHPublicKey) getLocalPair().getPublic()).getY().abs()
                .compareTo(getRemoteKey().getY().abs()) == 1;
    }

}

public void testIOBigInt() throws Exception {

        KeyPair pair = new OtrCryptoEngineImpl().generateDHKeyPair();
        BigInteger source = ((DHPublicKey) pair.getPublic()).getY();

        ByteArrayOutputStream out = new ByteArrayOutputStream();
        OtrOutputStream oos = new OtrOutputStream(out);
        oos.writeBigInt(source);
        oos.close();

        byte[] converted = out.toByteArray();

        ByteArrayInputStream bin = new ByteArrayInputStream(converted);
        OtrInputStream ois = new OtrInputStream(bin);
        BigInteger result = ois.readBigInt();
        ois.close();

        assertTrue(source.compareTo(result) == 0);
    }

public void testIODHPublicKey() throws Exception {
    KeyPair pair = new OtrCryptoEngineImpl().generateDHKeyPair();

    DHPublicKey source = (DHPublicKey) pair.getPublic();

    ByteArrayOutputStream out = new ByteArrayOutputStream();
    OtrOutputStream oos = new OtrOutputStream(out);
    oos.writeDHPublicKey(source);
    oos.close();

    byte[] converted = out.toByteArray();

    ByteArrayInputStream bin = new ByteArrayInputStream(converted);
    OtrInputStream ois = new OtrInputStream(bin);
    DHPublicKey result = ois.readDHPublicKey();
    ois.close();

    assertTrue(source.getY().compareTo(result.getY()) == 0);
}

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        return new BCElGamalPublicKey((DHPublicKey)key);
    }
    else if (key instanceof DHPrivateKey)
    {
        return new BCElGamalPrivateKey((DHPrivateKey)key);
    }
    else if (key instanceof ElGamalPublicKey)
    {
        return new BCElGamalPublicKey((ElGamalPublicKey)key);
    }
    else if (key instanceof ElGamalPrivateKey)
    {
        return new BCElGamalPrivateKey((ElGamalPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        return new BCElGamalPublicKey((DHPublicKey)key);
    }
    else if (key instanceof DHPrivateKey)
    {
        return new BCElGamalPrivateKey((DHPrivateKey)key);
    }
    else if (key instanceof ElGamalPublicKey)
    {
        return new BCElGamalPublicKey((ElGamalPublicKey)key);
    }
    else if (key instanceof ElGamalPrivateKey)
    {
        return new BCElGamalPrivateKey((ElGamalPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}

/**
 * 初始化甲方密钥
 * 
 * @return
 * @throws Exception
 */
public static Map<String, Object> initKey() throws Exception {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator
            .getInstance(ALGORITHM);
    keyPairGenerator.initialize(KEY_SIZE);

    KeyPair keyPair = keyPairGenerator.generateKeyPair();

    // 甲方公钥
    DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();

    // 甲方私钥
    DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();

    Map<String, Object> keyMap = new HashMap<String, Object>(2);

    keyMap.put(PUBLIC_KEY, publicKey);
    keyMap.put(PRIVATE_KEY, privateKey);
    return keyMap;
}

public byte[] generateDHPublicKey() throws NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, InvalidKeyException {

    // generate key pair
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
    DHParameterSpec param = new DHParameterSpec(sP, sG);
    kpg.initialize(param);
    KeyPair kp = kpg.generateKeyPair();
    DHPrivateKey privateKey = (DHPrivateKey) kp.getPrivate();
    DHPublicKey publicKey = (DHPublicKey) kp.getPublic();

    // initialize key agreement with our private key
    mKA = KeyAgreement.getInstance("DH");
    mKA.init(privateKey);

    // return our public 1/2 key to share
    return getBytes(publicKey.getY());
}

/**
 * 初始化甲方密钥
 * 
 * @return
 * @throws Exception
 */
public static Map<String, Object> initKey() throws Exception {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator
            .getInstance(ALGORITHM);
    keyPairGenerator.initialize(KEY_SIZE);

    KeyPair keyPair = keyPairGenerator.generateKeyPair();

    // 甲方公钥
    DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();

    // 甲方私钥
    DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();

    Map<String, Object> keyMap = new HashMap<String, Object>(2);

    keyMap.put(PUBLIC_KEY, publicKey);
    keyMap.put(PRIVATE_KEY, privateKey);
    return keyMap;
}

@Test(
                description = "https://issues.apache.org/jira/browse/SSHD-330; https://bugzilla.wikimedia.org/show_bug.cgi?id=53895#c28",
                invocationCount = 500, dataProvider = "keyPairGenerator")
public void testDH(int a, KeyPairGenerator kpg) throws Exception {

    KeyPair kp = kpg.generateKeyPair();

    BigInteger Y = ((DHPublicKey) kp.getPublic()).getY();
    DHParameterSpec params = ((DHPublicKey) kp.getPublic()).getParams();
    BigInteger P = params.getP();
    BigInteger G = params.getG();

    DH dh = new DH();
    dh.setF(Y);
    dh.setP(P);
    dh.setG(G);
    dh.getE();
    byte[] actual = dh.getK();

    if (actual[0] == 0) {
        Assert.fail("Found leading 0");
    }
}

/**
 * Returns the public key for a given key pair.
 * 
 * @param keyPair
 * @return public key
 */
protected static byte[] getPublicKey(KeyPair keyPair) {
     DHPublicKey incomingPublicKey = (DHPublicKey) keyPair.getPublic();
     BigInteger dhY = incomingPublicKey.getY();
     log.debug("Public key: {}", dhY);
     byte[] result = dhY.toByteArray();
     log.debug("Public key as bytes - length [{}]: {}", result.length, Hex.encodeHexString(result));
     byte[] temp = new byte[KEY_LENGTH];
     if (result.length < KEY_LENGTH) {
         System.arraycopy(result, 0, temp, KEY_LENGTH - result.length, result.length);
         result = temp;
         log.debug("Padded public key length to 128");
     } else if(result.length > KEY_LENGTH){
         System.arraycopy(result, result.length - KEY_LENGTH, temp, 0, KEY_LENGTH);
         result = temp;
         log.debug("Truncated public key length to 128");
     }
     return result;
}

public final void testDoPhase009() {

        try {
            Key key = keyPair.getPublic();
            kf = KeyFactory.getInstance("DH");
            DHPublicKey publicKey = (DHPublicKey) key;
            ka.init(keyPair.getPrivate());
            lastPhase = true;
            if (ka.doPhase(publicKey, lastPhase) == null)
                assertTrue(true);
            else {
                assertTrue(false);
            }
        } catch (Throwable e) {
            fail("Failed with:" + e);
        }
    }

@Before
public void setUp() throws Exception {
    manager_a = new OtrKeyManagerImpl(new MemoryPropertiesStore());
    manager_b = new OtrKeyManagerImpl(new MemoryPropertiesStore());
    session_a = createMock(Session.class);
    session_b = createMock(Session.class);
    AuthContextImpl ca = new AuthContextImpl(session_a);
    AuthContextImpl cb = new AuthContextImpl(session_b);
    ca.setRemoteDHPublicKey((DHPublicKey) cb.getLocalDHKeyPair().getPublic());
    cb.setRemoteDHPublicKey((DHPublicKey) ca.getLocalDHKeyPair().getPublic());
    EasyMock.expect(session_a.getS()).andStubReturn(ca.getS());
    EasyMock.expect(session_b.getS()).andStubReturn(cb.getS());
    sessionId_a = new SessionID("a1", "ua", "xmpp");
    sessionId_b = new SessionID("a1", "ub", "xmpp");
    manager_a.generateLocalKeyPair(sessionId_a);
    manager_b.generateLocalKeyPair(sessionId_b);
    manager_a.savePublicKey(sessionId_a, manager_b.loadLocalKeyPair(sessionId_b).getPublic());
    manager_b.savePublicKey(sessionId_b, manager_a.loadLocalKeyPair(sessionId_a).getPublic());
    host_a = createNiceMock(OtrSmEngineHost.class);
    host_b = createNiceMock(OtrSmEngineHost.class);
    sm_a = new OtrSm(session_a, manager_a, sessionId_a, host_a);
    sm_b = new OtrSm(session_b, manager_b, sessionId_b, host_b);
}

private void rotateRemoteSessionKeys(DHPublicKey pubKey) throws OtrException {

        logger.finest("Rotating remote keys.");
        SessionKeys sess1 = getSessionKeysByIndex(SessionKeys.Current, SessionKeys.Previous);
        if (sess1.getIsUsedReceivingMACKey()) {
            logger.finest("Detected used Receiving MAC key. Adding to old MAC keys to reveal it.");
            getOldMacKeys().add(sess1.getReceivingMACKey());
        }

        SessionKeys sess2 = getSessionKeysByIndex(SessionKeys.Previous, SessionKeys.Previous);
        if (sess2.getIsUsedReceivingMACKey()) {
            logger.finest("Detected used Receiving MAC key. Adding to old MAC keys to reveal it.");
            getOldMacKeys().add(sess2.getReceivingMACKey());
        }

        SessionKeys sess3 = getSessionKeysByIndex(SessionKeys.Current, SessionKeys.Current);
        sess1.setRemoteDHPublicKey(sess3.getRemoteKey(), sess3.getRemoteKeyID());

        SessionKeys sess4 = getSessionKeysByIndex(SessionKeys.Previous, SessionKeys.Current);
        sess2.setRemoteDHPublicKey(sess4.getRemoteKey(), sess4.getRemoteKeyID());

        sess3.setRemoteDHPublicKey(pubKey, sess3.getRemoteKeyID() + 1);
        sess4.setRemoteDHPublicKey(pubKey, sess4.getRemoteKeyID() + 1);
    }

private RevealSignatureMessage getRevealSignatureMessage() throws OtrException {
    try {
        SignatureM m = new SignatureM((DHPublicKey) getLocalDHKeyPair().getPublic(),
                getRemoteDHPublicKey(), getLocalLongTermKeyPair().getPublic(),
                getLocalDHKeyPairID());

        OtrCryptoEngine otrCryptoEngine = new OtrCryptoEngineImpl();
        byte[] mhash = otrCryptoEngine.sha256Hmac(SerializationUtils.toByteArray(m),
                getM1());
        byte[] signature = otrCryptoEngine.sign(mhash, getLocalLongTermKeyPair()
                .getPrivate());

        SignatureX mysteriousX = new SignatureX(getLocalLongTermKeyPair().getPublic(),
                getLocalDHKeyPairID(), signature);
        byte[] xEncrypted = otrCryptoEngine.aesEncrypt(getC(), null,
                SerializationUtils.toByteArray(mysteriousX));

        byte[] tmp = SerializationUtils.writeData(xEncrypted);

        byte[] xEncryptedHash = otrCryptoEngine.sha256Hmac160(tmp, getM2());
        return new RevealSignatureMessage(getProtocolVersion(), xEncrypted, xEncryptedHash,
                getR());
    } catch (IOException e) {
        throw new OtrException(e);
    }
}

private void reset() {
    logger.finest("Resetting " + keyDescription + " session keys.");
    Arrays.fill(this.sendingCtr, (byte) 0x00);
    Arrays.fill(this.receivingCtr, (byte) 0x00);
    this.sendingAESKey = null;
    this.receivingAESKey = null;
    this.sendingMACKey = null;
    this.receivingMACKey = null;
    this.setIsUsedReceivingMACKey(false);
    this.s = null;
    if (getLocalPair() != null && getRemoteKey() != null) {
        this.isHigh = ((DHPublicKey) getLocalPair().getPublic()).getY().abs()
                .compareTo(getRemoteKey().getY().abs()) == 1;
    }

}

public void testIOBigInt() throws Exception {

        KeyPair pair = new OtrCryptoEngineImpl().generateDHKeyPair();
        BigInteger source = ((DHPublicKey) pair.getPublic()).getY();

        ByteArrayOutputStream out = new ByteArrayOutputStream();
        OtrOutputStream oos = new OtrOutputStream(out);
        oos.writeBigInt(source);

        byte[] converted = out.toByteArray();

        ByteArrayInputStream bin = new ByteArrayInputStream(converted);
        OtrInputStream ois = new OtrInputStream(bin);
        BigInteger result = ois.readBigInt();

        assertTrue(source.compareTo(result) == 0);
    }

private void reset() {
    logger.finest("Resetting " + keyDescription + " session keys.");
    Arrays.fill(this.sendingCtr, (byte) 0x00);
    Arrays.fill(this.receivingCtr, (byte) 0x00);
    this.sendingAESKey = null;
    this.receivingAESKey = null;
    this.sendingMACKey = null;
    this.receivingMACKey = null;
    this.setIsUsedReceivingMACKey(false);
    this.s = null;
    if (getLocalPair() != null && getRemoteKey() != null) {
        this.isHigh = ((DHPublicKey) getLocalPair().getPublic()).getY()
                .abs().compareTo(getRemoteKey().getY().abs()) == 1;
    }

}

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        return new BCElGamalPublicKey((DHPublicKey)key);
    }
    else if (key instanceof DHPrivateKey)
    {
        return new BCElGamalPrivateKey((DHPrivateKey)key);
    }
    else if (key instanceof ElGamalPublicKey)
    {
        return new BCElGamalPublicKey((ElGamalPublicKey)key);
    }
    else if (key instanceof ElGamalPrivateKey)
    {
        return new BCElGamalPrivateKey((ElGamalPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        return new BCElGamalPublicKey((DHPublicKey)key);
    }
    else if (key instanceof DHPrivateKey)
    {
        return new BCElGamalPrivateKey((DHPrivateKey)key);
    }
    else if (key instanceof ElGamalPublicKey)
    {
        return new BCElGamalPublicKey((ElGamalPublicKey)key);
    }
    else if (key instanceof ElGamalPrivateKey)
    {
        return new BCElGamalPrivateKey((ElGamalPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}

private DhSession ( final DhAlgorithm algorithm )
{
  Preconditions.checkNotNull(algorithm, "algorithm required");

  try {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    keyGen.initialize(DEFAULT_DH_SPEC);

    keyPair = keyGen.generateKeyPair();
    base64PublicKey =
        new String(
            Base64.encode(((DHPublicKey) keyPair.getPublic()).getY().toByteArray()));

    this.algorithm = algorithm;
  } catch ( GeneralSecurityException e ) {
    throw new RuntimeException(e);
  }
}

static public AsymmetricKeyParameter generatePublicKeyParameter(
    PublicKey    key)
    throws InvalidKeyException
{
    if (key instanceof DHPublicKey)
    {
        DHPublicKey    k = (DHPublicKey)key;

        return new DHPublicKeyParameters(k.getY(),
            new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL()));
    }

    throw new InvalidKeyException("can't identify DH public key.");
}

public boolean equals(
    Object o)
{
    if (!(o instanceof DHPublicKey))
    {
        return false;
    }

    DHPublicKey other = (DHPublicKey)o;

    return this.getY().equals(other.getY())
        && this.getParams().getG().equals(other.getParams().getG())
        && this.getParams().getP().equals(other.getParams().getP())
        && this.getParams().getL() == other.getParams().getL();
}