Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
2c94c689
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
2c94c689
编写于
1月 05, 2010
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6913636: kvno check in JSSE
Reviewed-by: valeriep
上级
f8ec7c8a
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
79 addition
and
15 deletion
+79
-15
src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
.../sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
+46
-10
test/sun/security/krb5/auto/SSL.java
test/sun/security/krb5/auto/SSL.java
+33
-5
未找到文件。
src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
浏览文件 @
2c94c689
/*
/*
* Copyright 2003-20
09
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-20
10
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -50,11 +50,12 @@ import sun.security.krb5.internal.EncTicketPart;
...
@@ -50,11 +50,12 @@ import sun.security.krb5.internal.EncTicketPart;
import
sun.security.krb5.internal.crypto.KeyUsage
;
import
sun.security.krb5.internal.crypto.KeyUsage
;
import
sun.security.jgss.krb5.Krb5Util
;
import
sun.security.jgss.krb5.Krb5Util
;
import
sun.security.krb5.KrbException
;
import
sun.security.krb5.internal.Krb5
;
import
sun.security.ssl.Debug
;
import
sun.security.ssl.Debug
;
import
sun.security.ssl.HandshakeInStream
;
import
sun.security.ssl.HandshakeInStream
;
import
sun.security.ssl.HandshakeOutStream
;
import
sun.security.ssl.HandshakeOutStream
;
import
sun.security.ssl.KerberosClientKeyExchange
;
import
sun.security.ssl.ProtocolVersion
;
import
sun.security.ssl.ProtocolVersion
;
/**
/**
...
@@ -188,7 +189,14 @@ public final class KerberosClientKeyExchangeImpl
...
@@ -188,7 +189,14 @@ public final class KerberosClientKeyExchangeImpl
// See if we have the right key to decrypt the ticket to get
// See if we have the right key to decrypt the ticket to get
// the session key.
// the session key.
int
encPartKeyType
=
encPart
.
getEType
();
int
encPartKeyType
=
encPart
.
getEType
();
KerberosKey
dkey
=
findKey
(
encPartKeyType
,
serverKeys
);
Integer
encPartKeyVersion
=
encPart
.
getKeyVersionNumber
();
KerberosKey
dkey
=
null
;
try
{
dkey
=
findKey
(
encPartKeyType
,
encPartKeyVersion
,
serverKeys
);
}
catch
(
KrbException
ke
)
{
// a kvno mismatch
throw
new
IOException
(
"Cannot find key matching version number"
,
ke
);
}
if
(
dkey
==
null
)
{
if
(
dkey
==
null
)
{
// %%% Should print string repr of etype
// %%% Should print string repr of etype
throw
new
IOException
(
throw
new
IOException
(
...
@@ -355,12 +363,34 @@ public final class KerberosClientKeyExchangeImpl
...
@@ -355,12 +363,34 @@ public final class KerberosClientKeyExchangeImpl
return
localPrincipal
;
return
localPrincipal
;
}
}
private
static
KerberosKey
findKey
(
int
etype
,
KerberosKey
[]
keys
)
{
/**
* Determines if a kvno matches another kvno. Used in the method
* findKey(etype, version, keys). Always returns true if either input
* is null or zero, in case any side does not have kvno info available.
*
* Note: zero is included because N/A is not a legal value for kvno
* in javax.security.auth.kerberos.KerberosKey. Therefore, the info
* that the kvno is N/A might be lost when converting between
* EncryptionKey and KerberosKey.
*/
private
static
boolean
versionMatches
(
Integer
v1
,
int
v2
)
{
if
(
v1
==
null
||
v1
==
0
||
v2
==
0
)
{
return
true
;
}
return
v1
.
equals
(
v2
);
}
private
static
KerberosKey
findKey
(
int
etype
,
Integer
version
,
KerberosKey
[]
keys
)
throws
KrbException
{
int
ktype
;
int
ktype
;
boolean
etypeFound
=
false
;
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
ktype
=
keys
[
i
].
getKeyType
();
ktype
=
keys
[
i
].
getKeyType
();
if
(
etype
==
ktype
)
{
if
(
etype
==
ktype
)
{
return
keys
[
i
];
etypeFound
=
true
;
if
(
versionMatches
(
version
,
keys
[
i
].
getVersionNumber
()))
{
return
keys
[
i
];
}
}
}
}
}
// Key not found.
// Key not found.
...
@@ -370,14 +400,20 @@ public final class KerberosClientKeyExchangeImpl
...
@@ -370,14 +400,20 @@ public final class KerberosClientKeyExchangeImpl
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
ktype
=
keys
[
i
].
getKeyType
();
ktype
=
keys
[
i
].
getKeyType
();
if
(
ktype
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
if
(
ktype
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
ktype
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
ktype
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
return
new
KerberosKey
(
keys
[
i
].
getPrincipal
(),
etypeFound
=
true
;
keys
[
i
].
getEncoded
(),
if
(
versionMatches
(
version
,
keys
[
i
].
getVersionNumber
()))
{
etype
,
return
new
KerberosKey
(
keys
[
i
].
getPrincipal
(),
keys
[
i
].
getVersionNumber
());
keys
[
i
].
getEncoded
(),
etype
,
keys
[
i
].
getVersionNumber
());
}
}
}
}
}
}
}
if
(
etypeFound
)
{
throw
new
KrbException
(
Krb5
.
KRB_AP_ERR_BADKEYVER
);
}
return
null
;
return
null
;
}
}
}
}
test/sun/security/krb5/auto/SSL.java
浏览文件 @
2c94c689
/*
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2009
-2010
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -23,7 +23,7 @@
...
@@ -23,7 +23,7 @@
/*
/*
* @test
* @test
* @bug 6894643
* @bug 6894643
6913636
* @summary Test JSSE Kerberos ciphersuite
* @summary Test JSSE Kerberos ciphersuite
*/
*/
import
java.io.*
;
import
java.io.*
;
...
@@ -32,12 +32,13 @@ import javax.net.ssl.*;
...
@@ -32,12 +32,13 @@ import javax.net.ssl.*;
import
java.security.Principal
;
import
java.security.Principal
;
import
java.util.Date
;
import
java.util.Date
;
import
sun.security.jgss.GSSUtil
;
import
sun.security.jgss.GSSUtil
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.krb5.internal.ktab.KeyTab
;
public
class
SSL
{
public
class
SSL
{
private
static
final
String
KRB5_CIPHER
=
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA"
;
private
static
final
String
KRB5_CIPHER
=
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA"
;
private
static
final
int
LOOP_LIMIT
=
1
;
private
static
final
int
LOOP_LIMIT
=
1
;
private
static
final
char
[]
PASS
=
"secret"
.
toCharArray
();
private
static
int
loopCount
=
0
;
private
static
int
loopCount
=
0
;
private
static
volatile
String
server
;
private
static
volatile
String
server
;
private
static
volatile
int
port
;
private
static
volatile
int
port
;
...
@@ -54,12 +55,39 @@ public class SSL {
...
@@ -54,12 +55,39 @@ public class SSL {
kdc
.
addPrincipal
(
OneKDC
.
USER
,
OneKDC
.
PASS
);
kdc
.
addPrincipal
(
OneKDC
.
USER
,
OneKDC
.
PASS
);
kdc
.
addPrincipalRandKey
(
"krbtgt/"
+
OneKDC
.
REALM
);
kdc
.
addPrincipalRandKey
(
"krbtgt/"
+
OneKDC
.
REALM
);
kdc
.
addPrincipal
(
"host/"
+
server
,
PASS
);
KDC
.
saveConfig
(
OneKDC
.
KRB5_CONF
,
kdc
);
KDC
.
saveConfig
(
OneKDC
.
KRB5_CONF
,
kdc
);
System
.
setProperty
(
"java.security.krb5.conf"
,
OneKDC
.
KRB5_CONF
);
System
.
setProperty
(
"java.security.krb5.conf"
,
OneKDC
.
KRB5_CONF
);
// Add 3 versions of keys into keytab
KeyTab
ktab
=
KeyTab
.
create
(
OneKDC
.
KTAB
);
PrincipalName
service
=
new
PrincipalName
(
"host/"
+
server
,
PrincipalName
.
KRB_NT_SRV_HST
);
ktab
.
addEntry
(
service
,
"pass1"
.
toCharArray
(),
1
);
ktab
.
addEntry
(
service
,
"pass2"
.
toCharArray
(),
2
);
ktab
.
addEntry
(
service
,
"pass3"
.
toCharArray
(),
3
);
ktab
.
save
();
// and use the middle one as the real key
kdc
.
addPrincipal
(
"host/"
+
server
,
"pass2"
.
toCharArray
());
// JAAS config entry name ssl
System
.
setProperty
(
"java.security.auth.login.config"
,
OneKDC
.
JAAS_CONF
);
File
f
=
new
File
(
OneKDC
.
JAAS_CONF
);
FileOutputStream
fos
=
new
FileOutputStream
(
f
);
fos
.
write
((
"ssl {\n"
+
" com.sun.security.auth.module.Krb5LoginModule required\n"
+
" principal=\"host/"
+
server
+
"\"\n"
+
" useKeyTab=true\n"
+
" keyTab="
+
OneKDC
.
KTAB
+
"\n"
+
" isInitiator=false\n"
+
" storeKey=true;\n};\n"
).
getBytes
());
fos
.
close
();
f
.
deleteOnExit
();
final
Context
c
=
Context
.
fromUserPass
(
OneKDC
.
USER
,
OneKDC
.
PASS
,
false
);
final
Context
c
=
Context
.
fromUserPass
(
OneKDC
.
USER
,
OneKDC
.
PASS
,
false
);
final
Context
s
=
Context
.
from
UserPass
(
"host/"
+
server
,
PASS
,
true
);
final
Context
s
=
Context
.
from
JAAS
(
"ssl"
);
c
.
startAsClient
(
"host/"
+
server
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
c
.
startAsClient
(
"host/"
+
server
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_KRB5_MECH_OID
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录