Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
11688187
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
11688187
编写于
9月 28, 2011
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7077646: gssapi wrap for CFX per-message tokens always set FLAG_ACCEPTOR_SUBKEY
Reviewed-by: valeriep
上级
a7010730
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
84 addition
and
10 deletion
+84
-10
src/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java
...classes/sun/security/jgss/krb5/AcceptSecContextToken.java
+1
-1
src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
...e/classes/sun/security/jgss/krb5/InitSecContextToken.java
+4
-4
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
+11
-1
src/share/classes/sun/security/jgss/krb5/MessageToken_v2.java
...share/classes/sun/security/jgss/krb5/MessageToken_v2.java
+5
-4
test/sun/security/krb5/auto/AcceptorSubKey.java
test/sun/security/krb5/auto/AcceptorSubKey.java
+63
-0
未找到文件。
src/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java
浏览文件 @
11688187
...
@@ -94,7 +94,7 @@ class AcceptSecContextToken extends InitialToken {
...
@@ -94,7 +94,7 @@ class AcceptSecContextToken extends InitialToken {
*/
*/
EncryptionKey
subKey
=
apRep
.
getSubKey
();
EncryptionKey
subKey
=
apRep
.
getSubKey
();
if
(
subKey
!=
null
)
{
if
(
subKey
!=
null
)
{
context
.
setKey
(
subKey
);
context
.
setKey
(
Krb5Context
.
ACCEPTOR_SUBKEY
,
subKey
);
/*
/*
System.out.println("\n\nSub-Session key from AP-REP is: " +
System.out.println("\n\nSub-Session key from AP-REP is: " +
getHexBytes(subKey.getBytes()) + "\n");
getHexBytes(subKey.getBytes()) + "\n");
...
...
src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
浏览文件 @
11688187
...
@@ -74,9 +74,9 @@ class InitSecContextToken extends InitialToken {
...
@@ -74,9 +74,9 @@ class InitSecContextToken extends InitialToken {
EncryptionKey
subKey
=
apReq
.
getSubKey
();
EncryptionKey
subKey
=
apReq
.
getSubKey
();
if
(
subKey
!=
null
)
if
(
subKey
!=
null
)
context
.
setKey
(
subKey
);
context
.
setKey
(
Krb5Context
.
INITIATOR_SUBKEY
,
subKey
);
else
else
context
.
setKey
(
serviceTicket
.
getSessionKey
());
context
.
setKey
(
Krb5Context
.
SESSION_KEY
,
serviceTicket
.
getSessionKey
());
if
(!
mutualRequired
)
if
(!
mutualRequired
)
context
.
resetPeerSequenceNumber
(
0
);
context
.
resetPeerSequenceNumber
(
0
);
...
@@ -117,13 +117,13 @@ class InitSecContextToken extends InitialToken {
...
@@ -117,13 +117,13 @@ class InitSecContextToken extends InitialToken {
EncryptionKey
subKey
=
apReq
.
getSubKey
();
EncryptionKey
subKey
=
apReq
.
getSubKey
();
if
(
subKey
!=
null
)
{
if
(
subKey
!=
null
)
{
context
.
setKey
(
subKey
);
context
.
setKey
(
Krb5Context
.
INITIATOR_SUBKEY
,
subKey
);
/*
/*
System.out.println("Sub-Session key from authenticator is: " +
System.out.println("Sub-Session key from authenticator is: " +
getHexBytes(subKey.getBytes()) + "\n");
getHexBytes(subKey.getBytes()) + "\n");
*/
*/
}
else
{
}
else
{
context
.
setKey
(
sessionKey
);
context
.
setKey
(
Krb5Context
.
SESSION_KEY
,
sessionKey
);
//System.out.println("Sub-Session Key Missing in Authenticator.\n");
//System.out.println("Sub-Session Key Missing in Authenticator.\n");
}
}
...
...
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
浏览文件 @
11688187
...
@@ -67,6 +67,10 @@ class Krb5Context implements GSSContextSpi {
...
@@ -67,6 +67,10 @@ class Krb5Context implements GSSContextSpi {
private
int
state
=
STATE_NEW
;
private
int
state
=
STATE_NEW
;
public
static
final
int
SESSION_KEY
=
0
;
public
static
final
int
INITIATOR_SUBKEY
=
1
;
public
static
final
int
ACCEPTOR_SUBKEY
=
2
;
/*
/*
* Optional features that the application can set and their default
* Optional features that the application can set and their default
* values.
* values.
...
@@ -82,6 +86,7 @@ class Krb5Context implements GSSContextSpi {
...
@@ -82,6 +86,7 @@ class Krb5Context implements GSSContextSpi {
private
int
mySeqNumber
;
private
int
mySeqNumber
;
private
int
peerSeqNumber
;
private
int
peerSeqNumber
;
private
int
keySrc
;
private
TokenTracker
peerTokenTracker
;
private
TokenTracker
peerTokenTracker
;
private
CipherHelper
cipherHelper
=
null
;
private
CipherHelper
cipherHelper
=
null
;
...
@@ -384,12 +389,17 @@ class Krb5Context implements GSSContextSpi {
...
@@ -384,12 +389,17 @@ class Krb5Context implements GSSContextSpi {
}
}
}
}
final
void
setKey
(
EncryptionKey
key
)
throws
GSSException
{
final
void
setKey
(
int
keySrc
,
EncryptionKey
key
)
throws
GSSException
{
this
.
key
=
key
;
this
.
key
=
key
;
this
.
keySrc
=
keySrc
;
// %%% to do: should clear old cipherHelper first
// %%% to do: should clear old cipherHelper first
cipherHelper
=
new
CipherHelper
(
key
);
// Need to use new key
cipherHelper
=
new
CipherHelper
(
key
);
// Need to use new key
}
}
public
final
int
getKeySrc
()
{
return
keySrc
;
}
private
final
EncryptionKey
getKey
()
{
private
final
EncryptionKey
getKey
()
{
return
key
;
return
key
;
}
}
...
...
src/share/classes/sun/security/jgss/krb5/MessageToken_v2.java
浏览文件 @
11688187
...
@@ -141,6 +141,7 @@ abstract class MessageToken_v2 extends Krb5Token {
...
@@ -141,6 +141,7 @@ abstract class MessageToken_v2 extends Krb5Token {
// Context properties
// Context properties
private
boolean
confState
=
true
;
private
boolean
confState
=
true
;
private
boolean
initiator
=
true
;
private
boolean
initiator
=
true
;
private
boolean
have_acceptor_subkey
=
false
;
/* cipher instance used by the corresponding GSSContext */
/* cipher instance used by the corresponding GSSContext */
CipherHelper
cipherHelper
=
null
;
CipherHelper
cipherHelper
=
null
;
...
@@ -311,8 +312,7 @@ abstract class MessageToken_v2 extends Krb5Token {
...
@@ -311,8 +312,7 @@ abstract class MessageToken_v2 extends Krb5Token {
}
}
// Create a new gss token header as defined in RFC 4121
// Create a new gss token header as defined in RFC 4121
tokenHeader
=
new
MessageTokenHeader
(
tokenId
,
tokenHeader
=
new
MessageTokenHeader
(
tokenId
,
prop
.
getPrivacy
());
prop
.
getPrivacy
(),
true
);
// debug("\n\t Message Header = " +
// debug("\n\t Message Header = " +
// getHexBytes(tokenHeader.getBytes(), tokenHeader.getBytes().length));
// getHexBytes(tokenHeader.getBytes(), tokenHeader.getBytes().length));
...
@@ -461,6 +461,8 @@ abstract class MessageToken_v2 extends Krb5Token {
...
@@ -461,6 +461,8 @@ abstract class MessageToken_v2 extends Krb5Token {
this
.
initiator
=
context
.
isInitiator
();
this
.
initiator
=
context
.
isInitiator
();
this
.
have_acceptor_subkey
=
context
.
getKeySrc
()
==
Krb5Context
.
ACCEPTOR_SUBKEY
;
this
.
cipherHelper
=
context
.
getCipherHelper
(
null
);
this
.
cipherHelper
=
context
.
getCipherHelper
(
null
);
// debug("In MessageToken.Cons");
// debug("In MessageToken.Cons");
}
}
...
@@ -501,8 +503,7 @@ abstract class MessageToken_v2 extends Krb5Token {
...
@@ -501,8 +503,7 @@ abstract class MessageToken_v2 extends Krb5Token {
private
byte
[]
bytes
=
new
byte
[
TOKEN_HEADER_SIZE
];
private
byte
[]
bytes
=
new
byte
[
TOKEN_HEADER_SIZE
];
// Writes a new token header
// Writes a new token header
public
MessageTokenHeader
(
int
tokenId
,
boolean
conf
,
public
MessageTokenHeader
(
int
tokenId
,
boolean
conf
)
throws
GSSException
{
boolean
have_acceptor_subkey
)
throws
GSSException
{
this
.
tokenId
=
tokenId
;
this
.
tokenId
=
tokenId
;
...
...
test/sun/security/krb5/auto/AcceptorSubKey.java
0 → 100644
浏览文件 @
11688187
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7077646
* @summary gssapi wrap for CFX per-message tokens always set FLAG_ACCEPTOR_SUBKEY
* @compile -XDignore.symbol.file AcceptorSubKey.java
* @run main/othervm AcceptorSubKey
*/
import
java.util.Arrays
;
import
sun.security.jgss.GSSUtil
;
// The basic krb5 test skeleton you can copy from
public
class
AcceptorSubKey
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
new
OneKDC
(
null
).
writeJAASConf
();
Context
c
,
s
;
c
=
Context
.
fromJAAS
(
"client"
);
s
=
Context
.
fromJAAS
(
"server"
);
c
.
startAsClient
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_SPNEGO_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_SPNEGO_MECH_OID
);
Context
.
handshake
(
c
,
s
);
byte
[]
msg
=
"i say high --"
.
getBytes
();
byte
[]
wrapped
=
s
.
wrap
(
msg
,
false
);
// FLAG_ACCEPTOR_SUBKEY is 4
int
flagOn
=
wrapped
[
2
]
&
4
;
if
(
flagOn
!=
0
)
{
throw
new
Exception
(
"Java GSS should not have set acceptor subkey"
);
}
s
.
dispose
();
c
.
dispose
();
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录