Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell11
提交
ad46fa81
D
dragonwell11
项目概览
openanolis
/
dragonwell11
通知
7
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell11
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ad46fa81
编写于
3月 04, 2010
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6844909: support allow_weak_crypto in krb5.conf
Reviewed-by: valeriep
上级
df3a96a0
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
85 addition
and
7 deletion
+85
-7
jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java
...hare/classes/sun/security/krb5/internal/crypto/EType.java
+33
-7
jdk/test/sun/security/krb5/etype/WeakCrypto.java
jdk/test/sun/security/krb5/etype/WeakCrypto.java
+50
-0
jdk/test/sun/security/krb5/etype/weakcrypto.conf
jdk/test/sun/security/krb5/etype/weakcrypto.conf
+2
-0
未找到文件。
jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java
浏览文件 @
ad46fa81
/*
* Portions Copyright 2000-20
06
Sun Microsystems, Inc. All Rights Reserved.
* Portions Copyright 2000-20
10
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -36,9 +36,9 @@ import sun.security.krb5.Config;
import
sun.security.krb5.EncryptedData
;
import
sun.security.krb5.EncryptionKey
;
import
sun.security.krb5.KrbException
;
import
sun.security.krb5.Asn1Exception
;
import
sun.security.krb5.KrbCryptoException
;
import
javax.crypto.*
;
import
java.util.Arrays
;
import
java.util.List
;
import
java.util.ArrayList
;
...
...
@@ -48,6 +48,23 @@ import java.util.ArrayList;
public
abstract
class
EType
{
private
static
final
boolean
DEBUG
=
Krb5
.
DEBUG
;
private
static
final
boolean
ALLOW_WEAK_CRYPTO
;
static
{
boolean
allowed
=
true
;
try
{
Config
cfg
=
Config
.
getInstance
();
String
temp
=
cfg
.
getDefault
(
"allow_weak_crypto"
,
"libdefaults"
);
if
(
temp
!=
null
&&
temp
.
equals
(
"false"
))
allowed
=
false
;
}
catch
(
Exception
exc
)
{
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception in getting allow_weak_crypto, "
+
"using default value "
+
exc
.
getMessage
());
}
}
ALLOW_WEAK_CRYPTO
=
allowed
;
}
public
static
EType
getInstance
(
int
eTypeConst
)
throws
KdcErrException
{
...
...
@@ -163,6 +180,10 @@ public abstract class EType {
return
result
;
}
// Note: the first 2 entries of BUILTIN_ETYPES and BUILTIN_ETYPES_NOAES256
// should be kept DES-related. They will be removed when allow_weak_crypto
// is set to false.
private
static
final
int
[]
BUILTIN_ETYPES
=
new
int
[]
{
EncryptedData
.
ETYPE_DES_CBC_MD5
,
EncryptedData
.
ETYPE_DES_CBC_CRC
,
...
...
@@ -189,10 +210,17 @@ public abstract class EType {
}
catch
(
Exception
e
)
{
// should not happen
}
int
[]
result
;
if
(
allowed
<
256
)
{
return
BUILTIN_ETYPES_NOAES256
;
result
=
BUILTIN_ETYPES_NOAES256
;
}
else
{
result
=
BUILTIN_ETYPES
;
}
return
BUILTIN_ETYPES
;
if
(!
ALLOW_WEAK_CRYPTO
)
{
// The first 2 etypes are now weak ones
return
Arrays
.
copyOfRange
(
result
,
2
,
result
.
length
);
}
return
result
;
}
/**
...
...
@@ -207,9 +235,7 @@ public abstract class EType {
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception while getting "
+
configName
+
exc
.
getMessage
());
System
.
out
.
println
(
"Using defaults "
+
"des-cbc-md5, des-cbc-crc, des3-cbc-sha1,"
+
" aes128cts, aes256cts, rc4-hmac"
);
System
.
out
.
println
(
"Using default builtin etypes"
);
}
return
getBuiltInDefaults
();
}
...
...
jdk/test/sun/security/krb5/etype/WeakCrypto.java
0 → 100644
浏览文件 @
ad46fa81
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6844909
* @run main/othervm WeakCrypto
* @summary support allow_weak_crypto in krb5.conf
*/
import
java.io.File
;
import
sun.security.krb5.internal.crypto.EType
;
import
sun.security.krb5.EncryptedData
;
public
class
WeakCrypto
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
System
.
setProperty
(
"java.security.krb5.conf"
,
System
.
getProperty
(
"test.src"
,
"."
)
+
File
.
separator
+
"weakcrypto.conf"
);
int
[]
etypes
=
EType
.
getBuiltInDefaults
();
for
(
int
i
=
0
,
length
=
etypes
.
length
;
i
<
length
;
i
++)
{
if
(
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_MD4
||
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
throw
new
Exception
(
"DES should not appear"
);
}
}
}
}
jdk/test/sun/security/krb5/etype/weakcrypto.conf
0 → 100644
浏览文件 @
ad46fa81
[
libdefaults
]
allow_weak_crypto
=
false
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录