Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
4944c346
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
4944c346
编写于
1月 08, 2013
作者:
V
valeriep
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
092dce14
7869cf82
变更
34
隐藏空白更改
内联
并排
Showing
34 changed file
with
1012 addition
and
300 deletion
+1012
-300
src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
...e/classes/sun/security/jgss/krb5/InitSecContextToken.java
+2
-2
src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
.../classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
+11
-12
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
+13
-6
src/share/classes/sun/security/jgss/krb5/Krb5MechFactory.java
...share/classes/sun/security/jgss/krb5/Krb5MechFactory.java
+1
-1
src/share/classes/sun/security/jgss/krb5/Krb5Util.java
src/share/classes/sun/security/jgss/krb5/Krb5Util.java
+0
-109
src/share/classes/sun/security/jgss/krb5/ServiceCreds.java
src/share/classes/sun/security/jgss/krb5/ServiceCreds.java
+229
-0
src/share/classes/sun/security/jgss/krb5/SubjectComber.java
src/share/classes/sun/security/jgss/krb5/SubjectComber.java
+31
-17
src/share/classes/sun/security/krb5/KrbApReq.java
src/share/classes/sun/security/krb5/KrbApReq.java
+5
-3
src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
...share/classes/sun/security/krb5/internal/ktab/KeyTab.java
+7
-1
src/share/classes/sun/security/ssl/krb5/Krb5ProxyImpl.java
src/share/classes/sun/security/ssl/krb5/Krb5ProxyImpl.java
+2
-1
src/windows/classes/sun/nio/ch/PipeImpl.java
src/windows/classes/sun/nio/ch/PipeImpl.java
+80
-51
test/ProblemList.txt
test/ProblemList.txt
+1
-4
test/java/nio/channels/Pipe/PipeInterrupt.java
test/java/nio/channels/Pipe/PipeInterrupt.java
+83
-0
test/java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
...on/Activatable/shutdownGracefully/ShutdownGracefully.java
+4
-4
test/java/rmi/activation/checkusage/CheckUsage.java
test/java/rmi/activation/checkusage/CheckUsage.java
+7
-17
test/java/rmi/registry/altSecurityManager/AltSecurityManager.java
...a/rmi/registry/altSecurityManager/AltSecurityManager.java
+2
-3
test/java/rmi/registry/checkusage/CheckUsage.java
test/java/rmi/registry/checkusage/CheckUsage.java
+6
-22
test/java/rmi/registry/reexport/Reexport.java
test/java/rmi/registry/reexport/Reexport.java
+4
-4
test/java/rmi/testlibrary/JavaVM.java
test/java/rmi/testlibrary/JavaVM.java
+25
-6
test/java/rmi/testlibrary/RMID.java
test/java/rmi/testlibrary/RMID.java
+1
-3
test/java/rmi/transport/checkFQDN/CheckFQDN.java
test/java/rmi/transport/checkFQDN/CheckFQDN.java
+3
-5
test/java/rmi/transport/checkLeaseInfoLeak/CheckLeaseLeak.java
...java/rmi/transport/checkLeaseInfoLeak/CheckLeaseLeak.java
+2
-3
test/sun/rmi/runtime/Log/4504153/Test4504153.java
test/sun/rmi/runtime/Log/4504153/Test4504153.java
+2
-3
test/sun/rmi/runtime/Log/6409194/NoConsoleOutput.java
test/sun/rmi/runtime/Log/6409194/NoConsoleOutput.java
+2
-3
test/sun/rmi/transport/tcp/DeadCachedConnection.java
test/sun/rmi/transport/tcp/DeadCachedConnection.java
+3
-3
test/sun/security/krb5/ServiceCredsCombination.java
test/sun/security/krb5/ServiceCredsCombination.java
+133
-0
test/sun/security/krb5/auto/AcceptPermissions.java
test/sun/security/krb5/auto/AcceptPermissions.java
+147
-0
test/sun/security/krb5/auto/CleanState.java
test/sun/security/krb5/auto/CleanState.java
+1
-0
test/sun/security/krb5/auto/Context.java
test/sun/security/krb5/auto/Context.java
+22
-10
test/sun/security/krb5/auto/DiffNameSameKey.java
test/sun/security/krb5/auto/DiffNameSameKey.java
+91
-0
test/sun/security/krb5/auto/DynamicKeytab.java
test/sun/security/krb5/auto/DynamicKeytab.java
+1
-0
test/sun/security/krb5/auto/KDC.java
test/sun/security/krb5/auto/KDC.java
+8
-6
test/sun/security/krb5/auto/KeyTabCompat.java
test/sun/security/krb5/auto/KeyTabCompat.java
+1
-1
test/sun/security/krb5/auto/TwoOrThree.java
test/sun/security/krb5/auto/TwoOrThree.java
+82
-0
未找到文件。
src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
浏览文件 @
4944c346
...
@@ -86,7 +86,7 @@ class InitSecContextToken extends InitialToken {
...
@@ -86,7 +86,7 @@ class InitSecContextToken extends InitialToken {
* For the context acceptor to call. It reads the bytes out of an
* For the context acceptor to call. It reads the bytes out of an
* InputStream and constructs an InitSecContextToken with them.
* InputStream and constructs an InitSecContextToken with them.
*/
*/
InitSecContextToken
(
Krb5Context
context
,
EncryptionKey
[]
keys
,
InitSecContextToken
(
Krb5Context
context
,
Krb5AcceptCredential
cred
,
InputStream
is
)
InputStream
is
)
throws
IOException
,
GSSException
,
KrbException
{
throws
IOException
,
GSSException
,
KrbException
{
...
@@ -105,7 +105,7 @@ class InitSecContextToken extends InitialToken {
...
@@ -105,7 +105,7 @@ class InitSecContextToken extends InitialToken {
if
(
context
.
getChannelBinding
()
!=
null
)
{
if
(
context
.
getChannelBinding
()
!=
null
)
{
addr
=
context
.
getChannelBinding
().
getInitiatorAddress
();
addr
=
context
.
getChannelBinding
().
getInitiatorAddress
();
}
}
apReq
=
new
KrbApReq
(
apReqBytes
,
keys
,
addr
);
apReq
=
new
KrbApReq
(
apReqBytes
,
cred
,
addr
);
//debug("\nReceived AP-REQ and authenticated it.\n");
//debug("\nReceived AP-REQ and authenticated it.\n");
EncryptionKey
sessionKey
=
apReq
.
getCreds
().
getSessionKey
();
EncryptionKey
sessionKey
=
apReq
.
getCreds
().
getSessionKey
();
...
...
src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
浏览文件 @
4944c346
...
@@ -45,13 +45,10 @@ import javax.security.auth.DestroyFailedException;
...
@@ -45,13 +45,10 @@ import javax.security.auth.DestroyFailedException;
public
class
Krb5AcceptCredential
public
class
Krb5AcceptCredential
implements
Krb5CredElement
{
implements
Krb5CredElement
{
private
static
final
long
serialVersionUID
=
7714332137352567952L
;
private
final
Krb5NameElement
name
;
private
final
ServiceCreds
screds
;
private
Krb5NameElement
name
;
private
Krb5AcceptCredential
(
Krb5NameElement
name
,
ServiceCreds
creds
)
{
private
Krb5Util
.
ServiceCreds
screds
;
private
Krb5AcceptCredential
(
Krb5NameElement
name
,
Krb5Util
.
ServiceCreds
creds
)
{
/*
/*
* Initialize this instance with the data from the acquired
* Initialize this instance with the data from the acquired
* KerberosKey. This class needs to be a KerberosKey too
* KerberosKey. This class needs to be a KerberosKey too
...
@@ -69,11 +66,11 @@ public class Krb5AcceptCredential
...
@@ -69,11 +66,11 @@ public class Krb5AcceptCredential
name
.
getKrb5PrincipalName
().
getName
());
name
.
getKrb5PrincipalName
().
getName
());
final
AccessControlContext
acc
=
AccessController
.
getContext
();
final
AccessControlContext
acc
=
AccessController
.
getContext
();
Krb5Util
.
ServiceCreds
creds
=
null
;
ServiceCreds
creds
=
null
;
try
{
try
{
creds
=
AccessController
.
doPrivileged
(
creds
=
AccessController
.
doPrivileged
(
new
PrivilegedExceptionAction
<
Krb5Util
.
ServiceCreds
>()
{
new
PrivilegedExceptionAction
<
ServiceCreds
>()
{
public
Krb5Util
.
ServiceCreds
run
()
throws
Exception
{
public
ServiceCreds
run
()
throws
Exception
{
return
Krb5Util
.
getServiceCreds
(
return
Krb5Util
.
getServiceCreds
(
caller
==
GSSCaller
.
CALLER_UNKNOWN
?
GSSCaller
.
CALLER_ACCEPT
:
caller
,
caller
==
GSSCaller
.
CALLER_UNKNOWN
?
GSSCaller
.
CALLER_ACCEPT
:
caller
,
serverPrinc
,
acc
);
serverPrinc
,
acc
);
...
@@ -92,8 +89,10 @@ public class Krb5AcceptCredential
...
@@ -92,8 +89,10 @@ public class Krb5AcceptCredential
if
(
name
==
null
)
{
if
(
name
==
null
)
{
String
fullName
=
creds
.
getName
();
String
fullName
=
creds
.
getName
();
name
=
Krb5NameElement
.
getInstance
(
fullName
,
if
(
fullName
!=
null
)
{
name
=
Krb5NameElement
.
getInstance
(
fullName
,
Krb5MechFactory
.
NT_GSS_KRB5_PRINCIPAL
);
Krb5MechFactory
.
NT_GSS_KRB5_PRINCIPAL
);
}
}
}
return
new
Krb5AcceptCredential
(
name
,
creds
);
return
new
Krb5AcceptCredential
(
name
,
creds
);
...
@@ -153,8 +152,8 @@ public class Krb5AcceptCredential
...
@@ -153,8 +152,8 @@ public class Krb5AcceptCredential
return
Krb5MechFactory
.
PROVIDER
;
return
Krb5MechFactory
.
PROVIDER
;
}
}
EncryptionKey
[]
getKrb5EncryptionKeys
(
)
{
public
EncryptionKey
[]
getKrb5EncryptionKeys
(
PrincipalName
princ
)
{
return
screds
.
getEKeys
();
return
screds
.
getEKeys
(
princ
);
}
}
/**
/**
...
...
src/share/classes/sun/security/jgss/krb5/Krb5Context.java
浏览文件 @
4944c346
...
@@ -818,16 +818,23 @@ class Krb5Context implements GSSContextSpi {
...
@@ -818,16 +818,23 @@ class Krb5Context implements GSSContextSpi {
}
}
myName
=
(
Krb5NameElement
)
myCred
.
getName
();
myName
=
(
Krb5NameElement
)
myCred
.
getName
();
checkPermission
(
myName
.
getKrb5PrincipalName
().
getName
(),
// If there is already a bound name, check now
"accept"
);
if
(
myName
!=
null
)
{
Krb5MechFactory
.
checkAcceptCredPermission
(
myName
,
myName
);
EncryptionKey
[]
secretKeys
=
}
((
Krb5AcceptCredential
)
myCred
).
getKrb5EncryptionKeys
();
InitSecContextToken
token
=
new
InitSecContextToken
(
this
,
InitSecContextToken
token
=
new
InitSecContextToken
(
this
,
secretKeys
,
is
);
(
Krb5AcceptCredential
)
myCred
,
is
);
PrincipalName
clientName
=
token
.
getKrbApReq
().
getClient
();
PrincipalName
clientName
=
token
.
getKrbApReq
().
getClient
();
peerName
=
Krb5NameElement
.
getInstance
(
clientName
);
peerName
=
Krb5NameElement
.
getInstance
(
clientName
);
// If unbound, check after the bound name is found
if
(
myName
==
null
)
{
myName
=
Krb5NameElement
.
getInstance
(
token
.
getKrbApReq
().
getCreds
().
getServer
());
Krb5MechFactory
.
checkAcceptCredPermission
(
myName
,
myName
);
}
if
(
getMutualAuthState
())
{
if
(
getMutualAuthState
())
{
retVal
=
new
AcceptSecContextToken
(
this
,
retVal
=
new
AcceptSecContextToken
(
this
,
token
.
getKrbApReq
()).
encode
();
token
.
getKrbApReq
()).
encode
();
...
...
src/share/classes/sun/security/jgss/krb5/Krb5MechFactory.java
浏览文件 @
4944c346
...
@@ -158,7 +158,7 @@ public final class Krb5MechFactory implements MechanismFactory {
...
@@ -158,7 +158,7 @@ public final class Krb5MechFactory implements MechanismFactory {
public
static
void
checkAcceptCredPermission
(
Krb5NameElement
name
,
public
static
void
checkAcceptCredPermission
(
Krb5NameElement
name
,
GSSNameSpi
originalName
)
{
GSSNameSpi
originalName
)
{
SecurityManager
sm
=
System
.
getSecurityManager
();
SecurityManager
sm
=
System
.
getSecurityManager
();
if
(
sm
!=
null
)
{
if
(
sm
!=
null
&&
name
!=
null
)
{
ServicePermission
perm
=
new
ServicePermission
ServicePermission
perm
=
new
ServicePermission
(
name
.
getKrb5PrincipalName
().
getName
(),
"accept"
);
(
name
.
getKrb5PrincipalName
().
getName
(),
"accept"
);
try
{
try
{
...
...
src/share/classes/sun/security/jgss/krb5/Krb5Util.java
浏览文件 @
4944c346
...
@@ -186,114 +186,6 @@ public class Krb5Util {
...
@@ -186,114 +186,6 @@ public class Krb5Util {
return
subject
;
return
subject
;
}
}
/**
* Credentials of a service, the private secret to authenticate its
* identity, which can be:
* 1. Some KerberosKeys (generated from password)
* 2. A KeyTab (for a typical service)
* 3. A TGT (for S4U2proxy extension)
*
* Note that some creds can coexist. For example, a user2user service
* can use its keytab (or keys) if the client can successfully obtain a
* normal service ticket, otherwise, it can uses the TGT (actually, the
* session key of the TGT) if the client can only acquire a service ticket
* of ENC-TKT-IN-SKEY style.
*/
public
static
class
ServiceCreds
{
private
KerberosPrincipal
kp
;
private
List
<
KeyTab
>
ktabs
;
private
List
<
KerberosKey
>
kk
;
private
Subject
subj
;
private
KerberosTicket
tgt
;
private
static
ServiceCreds
getInstance
(
Subject
subj
,
String
serverPrincipal
)
{
ServiceCreds
sc
=
new
ServiceCreds
();
sc
.
subj
=
subj
;
for
(
KerberosPrincipal
p:
subj
.
getPrincipals
(
KerberosPrincipal
.
class
))
{
if
(
serverPrincipal
==
null
||
p
.
getName
().
equals
(
serverPrincipal
))
{
sc
.
kp
=
p
;
serverPrincipal
=
p
.
getName
();
break
;
}
}
if
(
sc
.
kp
==
null
)
{
// Compatibility with old behavior: even when there is no
// KerberosPrincipal, we can find one from KerberosKeys
List
<
KerberosKey
>
keys
=
SubjectComber
.
findMany
(
subj
,
serverPrincipal
,
null
,
KerberosKey
.
class
);
if
(!
keys
.
isEmpty
())
{
sc
.
kp
=
keys
.
get
(
0
).
getPrincipal
();
serverPrincipal
=
sc
.
kp
.
getName
();
if
(
DEBUG
)
{
System
.
out
.
println
(
">>> ServiceCreds: no kp?"
+
" find one from kk: "
+
serverPrincipal
);
}
}
else
{
return
null
;
}
}
sc
.
ktabs
=
SubjectComber
.
findMany
(
subj
,
null
,
null
,
KeyTab
.
class
);
sc
.
kk
=
SubjectComber
.
findMany
(
subj
,
serverPrincipal
,
null
,
KerberosKey
.
class
);
sc
.
tgt
=
SubjectComber
.
find
(
subj
,
null
,
serverPrincipal
,
KerberosTicket
.
class
);
if
(
sc
.
ktabs
.
isEmpty
()
&&
sc
.
kk
.
isEmpty
()
&&
sc
.
tgt
==
null
)
{
return
null
;
}
return
sc
;
}
public
String
getName
()
{
return
kp
.
getName
();
}
public
KerberosKey
[]
getKKeys
()
{
List
<
KerberosKey
>
keys
=
new
ArrayList
<>();
for
(
KerberosKey
k:
kk
)
{
keys
.
add
(
k
);
}
for
(
KeyTab
ktab:
ktabs
)
{
for
(
KerberosKey
k:
ktab
.
getKeys
(
kp
))
{
keys
.
add
(
k
);
}
}
return
keys
.
toArray
(
new
KerberosKey
[
keys
.
size
()]);
}
public
EncryptionKey
[]
getEKeys
()
{
KerberosKey
[]
kkeys
=
getKKeys
();
EncryptionKey
[]
ekeys
=
new
EncryptionKey
[
kkeys
.
length
];
for
(
int
i
=
0
;
i
<
ekeys
.
length
;
i
++)
{
ekeys
[
i
]
=
new
EncryptionKey
(
kkeys
[
i
].
getEncoded
(),
kkeys
[
i
].
getKeyType
(),
new
Integer
(
kkeys
[
i
].
getVersionNumber
()));
}
return
ekeys
;
}
public
Credentials
getInitCred
()
{
if
(
tgt
==
null
)
{
return
null
;
}
try
{
return
ticketToCreds
(
tgt
);
}
catch
(
KrbException
|
IOException
e
)
{
return
null
;
}
}
public
void
destroy
()
{
kp
=
null
;
ktabs
=
null
;
kk
=
null
;
tgt
=
null
;
}
}
/**
/**
* Retrieves the ServiceCreds for the specified server principal from
* Retrieves the ServiceCreds for the specified server principal from
* the Subject in the specified AccessControlContext. If not found, and if
* the Subject in the specified AccessControlContext. If not found, and if
...
@@ -361,5 +253,4 @@ public class Krb5Util {
...
@@ -361,5 +253,4 @@ public class Krb5Util {
return
KerberosSecrets
.
getJavaxSecurityAuthKerberosAccess
().
return
KerberosSecrets
.
getJavaxSecurityAuthKerberosAccess
().
keyTabGetEncryptionKeys
(
ktab
,
cname
);
keyTabGetEncryptionKeys
(
ktab
,
cname
);
}
}
}
}
src/share/classes/sun/security/jgss/krb5/ServiceCreds.java
0 → 100644
浏览文件 @
4944c346
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.security.jgss.krb5
;
import
javax.security.auth.kerberos.KerberosTicket
;
import
javax.security.auth.kerberos.KerberosKey
;
import
javax.security.auth.kerberos.KerberosPrincipal
;
import
javax.security.auth.kerberos.KeyTab
;
import
javax.security.auth.Subject
;
import
sun.security.krb5.Credentials
;
import
sun.security.krb5.EncryptionKey
;
import
sun.security.krb5.KrbException
;
import
java.io.IOException
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Set
;
import
sun.security.krb5.*
;
import
sun.security.krb5.internal.Krb5
;
/**
* Credentials of a kerberos acceptor. A KerberosPrincipal object (kp) is
* the principal. It can be specified as the serverPrincipal argument
* in the getInstance() method, or uses only KerberosPrincipal in the subject.
* Otherwise, the creds object is unbound and kp is null.
*
* The class also encapsulates various secrets, which can be:
*
* 1. Some KerberosKeys (generated from password)
* 2. Some KeyTabs (for a typical service based on keytabs)
* 3. A TGT (for S4U2proxy extension or user2user)
*
* Note that some secrets can coexist. For example, a user2user service
* can use its keytab (or keys) if the client can successfully obtain a
* normal service ticket, or it can use the TGT (actually, the session key
* of the TGT) if the client can only acquire a service ticket
* of ENC-TKT-IN-SKEY style.
*
* @since 1.8
*/
public
final
class
ServiceCreds
{
// The principal, or null if unbound
private
KerberosPrincipal
kp
;
// All principals in the subject's princ set
private
Set
<
KerberosPrincipal
>
allPrincs
;
// All private credentials that can be used
private
List
<
KeyTab
>
ktabs
;
private
List
<
KerberosKey
>
kk
;
private
KerberosTicket
tgt
;
private
boolean
destroyed
;
private
ServiceCreds
()
{
// Make sure this class cannot be instantiated externally.
}
/**
* Creates a ServiceCreds object based on info in a Subject for
* a given principal name (if specified).
* @return the object, or null if there is no private creds for it
*/
public
static
ServiceCreds
getInstance
(
Subject
subj
,
String
serverPrincipal
)
{
ServiceCreds
sc
=
new
ServiceCreds
();
sc
.
allPrincs
=
subj
.
getPrincipals
(
KerberosPrincipal
.
class
);
// Compatibility. A key implies its own principal
for
(
KerberosKey
key:
SubjectComber
.
findMany
(
subj
,
serverPrincipal
,
null
,
KerberosKey
.
class
))
{
sc
.
allPrincs
.
add
(
key
.
getPrincipal
());
}
if
(
serverPrincipal
!=
null
)
{
// A named principal
sc
.
kp
=
new
KerberosPrincipal
(
serverPrincipal
);
}
else
{
if
(
sc
.
allPrincs
.
size
()
==
1
)
{
// choose the only one
sc
.
kp
=
sc
.
allPrincs
.
iterator
().
next
();
serverPrincipal
=
sc
.
kp
.
getName
();
}
}
sc
.
ktabs
=
SubjectComber
.
findMany
(
subj
,
serverPrincipal
,
null
,
KeyTab
.
class
);
sc
.
kk
=
SubjectComber
.
findMany
(
subj
,
serverPrincipal
,
null
,
KerberosKey
.
class
);
sc
.
tgt
=
SubjectComber
.
find
(
subj
,
null
,
serverPrincipal
,
KerberosTicket
.
class
);
if
(
sc
.
ktabs
.
isEmpty
()
&&
sc
.
kk
.
isEmpty
()
&&
sc
.
tgt
==
null
)
{
return
null
;
}
sc
.
destroyed
=
false
;
return
sc
;
}
// can be null
public
String
getName
()
{
if
(
destroyed
)
{
throw
new
IllegalStateException
(
"This object is destroyed"
);
}
return
kp
==
null
?
null
:
kp
.
getName
();
}
/**
* Gets keys for someone unknown.
* Used by TLS or as a fallback in getEKeys(). Can still return an
* empty array.
*/
public
KerberosKey
[]
getKKeys
()
{
if
(
destroyed
)
{
throw
new
IllegalStateException
(
"This object is destroyed"
);
}
if
(
kp
!=
null
)
{
return
getKKeys
(
kp
);
}
else
if
(!
allPrincs
.
isEmpty
())
{
return
getKKeys
(
allPrincs
.
iterator
().
next
());
}
return
new
KerberosKey
[
0
];
}
/**
* Get kkeys for a principal,
* @param princ the target name initiator requests. Not null.
* @return keys for the princ, never null, might be empty
*/
private
KerberosKey
[]
getKKeys
(
KerberosPrincipal
princ
)
{
ArrayList
<
KerberosKey
>
keys
=
new
ArrayList
<>();
if
(
kp
!=
null
&&
!
princ
.
equals
(
kp
))
{
return
new
KerberosKey
[
0
];
// Not me
}
if
(!
allPrincs
.
contains
(
princ
))
{
return
new
KerberosKey
[
0
];
// Not someone I know, This check
// is necessary but a KeyTab has
// no principal name recorded.
}
for
(
KerberosKey
k:
kk
)
{
if
(
k
.
getPrincipal
().
equals
(
princ
))
{
keys
.
add
(
k
);
}
}
for
(
KeyTab
ktab:
ktabs
)
{
for
(
KerberosKey
k:
ktab
.
getKeys
(
princ
))
{
keys
.
add
(
k
);
}
}
return
keys
.
toArray
(
new
KerberosKey
[
keys
.
size
()]);
}
/**
* Gets EKeys for a principal.
* @param princ the target name initiator requests. Not null.
* @return keys for the princ, never null, might be empty
*/
public
EncryptionKey
[]
getEKeys
(
PrincipalName
princ
)
{
if
(
destroyed
)
{
throw
new
IllegalStateException
(
"This object is destroyed"
);
}
KerberosKey
[]
kkeys
=
getKKeys
(
new
KerberosPrincipal
(
princ
.
getName
()));
if
(
kkeys
.
length
==
0
)
{
// Note: old JDK does not perform real name checking. If the
// acceptor starts by name A but initiator requests for B,
// as long as their keys match (i.e. A's keys can decrypt B's
// service ticket), the authentication is OK. There are real
// customers depending on this to use different names for a
// single service.
kkeys
=
getKKeys
();
}
EncryptionKey
[]
ekeys
=
new
EncryptionKey
[
kkeys
.
length
];
for
(
int
i
=
0
;
i
<
ekeys
.
length
;
i
++)
{
ekeys
[
i
]
=
new
EncryptionKey
(
kkeys
[
i
].
getEncoded
(),
kkeys
[
i
].
getKeyType
(),
new
Integer
(
kkeys
[
i
].
getVersionNumber
()));
}
return
ekeys
;
}
public
Credentials
getInitCred
()
{
if
(
destroyed
)
{
throw
new
IllegalStateException
(
"This object is destroyed"
);
}
if
(
tgt
==
null
)
{
return
null
;
}
try
{
return
Krb5Util
.
ticketToCreds
(
tgt
);
}
catch
(
KrbException
|
IOException
e
)
{
return
null
;
}
}
public
void
destroy
()
{
// Do not wipe out real keys because they are references to the
// priv creds in subject. Just make it useless.
destroyed
=
true
;
kp
=
null
;
ktabs
.
clear
();
kk
.
clear
();
tgt
=
null
;
}
}
src/share/classes/sun/security/jgss/krb5/SubjectComber.java
浏览文件 @
4944c346
...
@@ -33,6 +33,7 @@ import java.util.Iterator;
...
@@ -33,6 +33,7 @@ import java.util.Iterator;
import
java.util.ArrayList
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.Set
;
import
javax.security.auth.kerberos.KerberosPrincipal
;
import
javax.security.auth.kerberos.KeyTab
;
import
javax.security.auth.kerberos.KeyTab
;
/**
/**
...
@@ -84,19 +85,37 @@ class SubjectComber {
...
@@ -84,19 +85,37 @@ class SubjectComber {
}
else
{
}
else
{
List
<
T
>
answer
=
(
oneOnly
?
null
:
new
ArrayList
<
T
>());
List
<
T
>
answer
=
(
oneOnly
?
null
:
new
ArrayList
<
T
>());
if
(
credClass
==
KeyTab
.
class
)
{
// Principal un-related
if
(
credClass
==
KeyTab
.
class
)
{
// We are looking for credentials unrelated to serverPrincipal
// TODO: There is currently no good way to filter out keytabs
Iterator
<
T
>
iterator
=
// not for serverPrincipal. We can only check the principal
subject
.
getPrivateCredentials
(
credClass
).
iterator
();
// set. If the server is not there, we can be sure none of the
while
(
iterator
.
hasNext
())
{
// keytabs should be used, otherwise, use all for safety.
T
t
=
iterator
.
next
();
boolean
useAll
=
false
;
if
(
DEBUG
)
{
if
(
serverPrincipal
!=
null
)
{
System
.
out
.
println
(
"Found "
+
credClass
.
getSimpleName
());
for
(
KerberosPrincipal
princ:
subject
.
getPrincipals
(
KerberosPrincipal
.
class
))
{
if
(
princ
.
getName
().
equals
(
serverPrincipal
))
{
useAll
=
true
;
break
;
}
}
}
if
(
oneOnly
)
{
}
else
{
return
t
;
useAll
=
true
;
}
else
{
}
answer
.
add
(
t
);
if
(
useAll
)
{
Iterator
<
KeyTab
>
iterator
=
subject
.
getPrivateCredentials
(
KeyTab
.
class
).
iterator
();
while
(
iterator
.
hasNext
())
{
KeyTab
t
=
iterator
.
next
();
if
(
DEBUG
)
{
System
.
out
.
println
(
"Found "
+
credClass
.
getSimpleName
()
+
" "
+
t
);
}
if
(
oneOnly
)
{
return
t
;
}
else
{
answer
.
add
(
credClass
.
cast
(
t
));
}
}
}
}
}
}
else
if
(
credClass
==
KerberosKey
.
class
)
{
}
else
if
(
credClass
==
KerberosKey
.
class
)
{
...
@@ -114,11 +133,6 @@ class SubjectComber {
...
@@ -114,11 +133,6 @@ class SubjectComber {
if
(
oneOnly
)
{
if
(
oneOnly
)
{
return
t
;
return
t
;
}
else
{
}
else
{
if
(
serverPrincipal
==
null
)
{
// Record name so that keys returned will all
// belong to the same principal
serverPrincipal
=
name
;
}
answer
.
add
(
credClass
.
cast
(
t
));
answer
.
add
(
credClass
.
cast
(
t
));
}
}
}
}
...
...
src/share/classes/sun/security/krb5/KrbApReq.java
浏览文件 @
4944c346
...
@@ -34,6 +34,7 @@ package sun.security.krb5;
...
@@ -34,6 +34,7 @@ package sun.security.krb5;
import
sun.security.krb5.internal.*
;
import
sun.security.krb5.internal.*
;
import
sun.security.krb5.internal.crypto.*
;
import
sun.security.krb5.internal.crypto.*
;
import
sun.security.krb5.internal.rcache.*
;
import
sun.security.krb5.internal.rcache.*
;
import
sun.security.jgss.krb5.Krb5AcceptCredential
;
import
java.net.InetAddress
;
import
java.net.InetAddress
;
import
sun.security.util.*
;
import
sun.security.util.*
;
import
java.io.IOException
;
import
java.io.IOException
;
...
@@ -135,13 +136,13 @@ public class KrbApReq {
...
@@ -135,13 +136,13 @@ public class KrbApReq {
*/
*/
// Used in InitSecContextToken (for AP_REQ and not TGS REQ)
// Used in InitSecContextToken (for AP_REQ and not TGS REQ)
public
KrbApReq
(
byte
[]
message
,
public
KrbApReq
(
byte
[]
message
,
EncryptionKey
[]
keys
,
Krb5AcceptCredential
cred
,
InetAddress
initiator
)
InetAddress
initiator
)
throws
KrbException
,
IOException
{
throws
KrbException
,
IOException
{
obuf
=
message
;
obuf
=
message
;
if
(
apReqMessg
==
null
)
if
(
apReqMessg
==
null
)
decode
();
decode
();
authenticate
(
keys
,
initiator
);
authenticate
(
cred
,
initiator
);
}
}
/**
/**
...
@@ -260,10 +261,11 @@ public class KrbApReq {
...
@@ -260,10 +261,11 @@ public class KrbApReq {
}
}
}
}
private
void
authenticate
(
EncryptionKey
[]
keys
,
InetAddress
initiator
)
private
void
authenticate
(
Krb5AcceptCredential
cred
,
InetAddress
initiator
)
throws
KrbException
,
IOException
{
throws
KrbException
,
IOException
{
int
encPartKeyType
=
apReqMessg
.
ticket
.
encPart
.
getEType
();
int
encPartKeyType
=
apReqMessg
.
ticket
.
encPart
.
getEType
();
Integer
kvno
=
apReqMessg
.
ticket
.
encPart
.
getKeyVersionNumber
();
Integer
kvno
=
apReqMessg
.
ticket
.
encPart
.
getKeyVersionNumber
();
EncryptionKey
[]
keys
=
cred
.
getKrb5EncryptionKeys
(
apReqMessg
.
ticket
.
sname
);
EncryptionKey
dkey
=
EncryptionKey
.
findKey
(
encPartKeyType
,
kvno
,
keys
);
EncryptionKey
dkey
=
EncryptionKey
.
findKey
(
encPartKeyType
,
kvno
,
keys
);
if
(
dkey
==
null
)
{
if
(
dkey
==
null
)
{
...
...
src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
浏览文件 @
4944c346
...
@@ -382,9 +382,15 @@ public class KeyTab implements KeyTabConstants {
...
@@ -382,9 +382,15 @@ public class KeyTab implements KeyTabConstants {
*/
*/
public
void
addEntry
(
PrincipalName
service
,
char
[]
psswd
,
public
void
addEntry
(
PrincipalName
service
,
char
[]
psswd
,
int
kvno
,
boolean
append
)
throws
KrbException
{
int
kvno
,
boolean
append
)
throws
KrbException
{
addEntry
(
service
,
service
.
getSalt
(),
psswd
,
kvno
,
append
);
}
// Called by KDC test
public
void
addEntry
(
PrincipalName
service
,
String
salt
,
char
[]
psswd
,
int
kvno
,
boolean
append
)
throws
KrbException
{
EncryptionKey
[]
encKeys
=
EncryptionKey
.
acquireSecretKeys
(
EncryptionKey
[]
encKeys
=
EncryptionKey
.
acquireSecretKeys
(
psswd
,
s
ervice
.
getSalt
()
);
psswd
,
s
alt
);
// There should be only one maximum KVNO value for all etypes, so that
// There should be only one maximum KVNO value for all etypes, so that
// all added keys can have the same KVNO.
// all added keys can have the same KVNO.
...
...
src/share/classes/sun/security/ssl/krb5/Krb5ProxyImpl.java
浏览文件 @
4944c346
...
@@ -36,6 +36,7 @@ import javax.security.auth.login.LoginException;
...
@@ -36,6 +36,7 @@ import javax.security.auth.login.LoginException;
import
sun.security.jgss.GSSCaller
;
import
sun.security.jgss.GSSCaller
;
import
sun.security.jgss.krb5.Krb5Util
;
import
sun.security.jgss.krb5.Krb5Util
;
import
sun.security.jgss.krb5.ServiceCreds
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.ssl.Krb5Proxy
;
import
sun.security.ssl.Krb5Proxy
;
...
@@ -62,7 +63,7 @@ public class Krb5ProxyImpl implements Krb5Proxy {
...
@@ -62,7 +63,7 @@ public class Krb5ProxyImpl implements Krb5Proxy {
@Override
@Override
public
SecretKey
[]
getServerKeys
(
AccessControlContext
acc
)
public
SecretKey
[]
getServerKeys
(
AccessControlContext
acc
)
throws
LoginException
{
throws
LoginException
{
Krb5Util
.
ServiceCreds
serviceCreds
=
ServiceCreds
serviceCreds
=
Krb5Util
.
getServiceCreds
(
GSSCaller
.
CALLER_SSL_SERVER
,
null
,
acc
);
Krb5Util
.
getServiceCreds
(
GSSCaller
.
CALLER_SSL_SERVER
,
null
,
acc
);
return
serviceCreds
!=
null
?
serviceCreds
.
getKKeys
()
:
return
serviceCreds
!=
null
?
serviceCreds
.
getKKeys
()
:
new
KerberosKey
[
0
];
new
KerberosKey
[
0
];
...
...
src/windows/classes/sun/nio/ch/PipeImpl.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 2002, 20
08
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 20
12
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -72,67 +72,97 @@ class PipeImpl
...
@@ -72,67 +72,97 @@ class PipeImpl
private
final
SelectorProvider
sp
;
private
final
SelectorProvider
sp
;
private
IOException
ioe
=
null
;
private
Initializer
(
SelectorProvider
sp
)
{
private
Initializer
(
SelectorProvider
sp
)
{
this
.
sp
=
sp
;
this
.
sp
=
sp
;
}
}
@Override
public
Void
run
()
throws
IOException
{
public
Void
run
()
throws
IOException
{
ServerSocketChannel
ssc
=
null
;
LoopbackConnector
connector
=
new
LoopbackConnector
();
SocketChannel
sc1
=
null
;
connector
.
run
();
SocketChannel
sc2
=
null
;
if
(
ioe
instanceof
ClosedByInterruptException
)
{
ioe
=
null
;
try
{
Thread
connThread
=
new
Thread
(
connector
)
{
// loopback address
@Override
InetAddress
lb
=
InetAddress
.
getByName
(
"127.0.0.1"
);
public
void
interrupt
()
{}
assert
(
lb
.
isLoopbackAddress
());
};
connThread
.
start
();
// bind ServerSocketChannel to a port on the loopback address
ssc
=
ServerSocketChannel
.
open
();
ssc
.
socket
().
bind
(
new
InetSocketAddress
(
lb
,
0
));
// Establish connection (assumes connections are eagerly
// accepted)
InetSocketAddress
sa
=
new
InetSocketAddress
(
lb
,
ssc
.
socket
().
getLocalPort
());
sc1
=
SocketChannel
.
open
(
sa
);
ByteBuffer
bb
=
ByteBuffer
.
allocate
(
8
);
long
secret
=
rnd
.
nextLong
();
bb
.
putLong
(
secret
).
flip
();
sc1
.
write
(
bb
);
// Get a connection and verify it is legitimate
for
(;;)
{
for
(;;)
{
sc2
=
ssc
.
accept
();
try
{
bb
.
clear
();
connThread
.
join
();
sc2
.
read
(
bb
);
bb
.
rewind
();
if
(
bb
.
getLong
()
==
secret
)
break
;
break
;
sc2
.
close
();
}
catch
(
InterruptedException
ex
)
{}
}
}
Thread
.
currentThread
().
interrupt
();
}
if
(
ioe
!=
null
)
throw
new
IOException
(
"Unable to establish loopback connection"
,
ioe
);
return
null
;
}
private
class
LoopbackConnector
implements
Runnable
{
@Override
public
void
run
()
{
ServerSocketChannel
ssc
=
null
;
SocketChannel
sc1
=
null
;
SocketChannel
sc2
=
null
;
// Create source and sink channels
source
=
new
SourceChannelImpl
(
sp
,
sc1
);
sink
=
new
SinkChannelImpl
(
sp
,
sc2
);
}
catch
(
IOException
e
)
{
try
{
try
{
if
(
sc1
!=
null
)
// Loopback address
sc1
.
close
();
InetAddress
lb
=
InetAddress
.
getByName
(
"127.0.0.1"
);
if
(
sc2
!=
null
)
assert
(
lb
.
isLoopbackAddress
());
InetSocketAddress
sa
=
null
;
for
(;;)
{
// Bind ServerSocketChannel to a port on the loopback
// address
if
(
ssc
==
null
||
!
ssc
.
isOpen
())
{
ssc
=
ServerSocketChannel
.
open
();
ssc
.
socket
().
bind
(
new
InetSocketAddress
(
lb
,
0
));
sa
=
new
InetSocketAddress
(
lb
,
ssc
.
socket
().
getLocalPort
());
}
// Establish connection (assume connections are eagerly
// accepted)
sc1
=
SocketChannel
.
open
(
sa
);
ByteBuffer
bb
=
ByteBuffer
.
allocate
(
8
);
long
secret
=
rnd
.
nextLong
();
bb
.
putLong
(
secret
).
flip
();
sc1
.
write
(
bb
);
// Get a connection and verify it is legitimate
sc2
=
ssc
.
accept
();
bb
.
clear
();
sc2
.
read
(
bb
);
bb
.
rewind
();
if
(
bb
.
getLong
()
==
secret
)
break
;
sc2
.
close
();
sc2
.
close
();
}
catch
(
IOException
e2
)
{
}
sc1
.
close
();
IOException
x
=
new
IOException
(
"Unable to establish"
}
+
" loopback connection"
);
x
.
initCause
(
e
);
// Create source and sink channels
throw
x
;
source
=
new
SourceChannelImpl
(
sp
,
sc1
);
}
finally
{
sink
=
new
SinkChannelImpl
(
sp
,
sc2
);
try
{
}
catch
(
IOException
e
)
{
if
(
ssc
!=
null
)
try
{
ssc
.
close
();
if
(
sc1
!=
null
)
}
catch
(
IOException
e2
)
{
}
sc1
.
close
();
if
(
sc2
!=
null
)
sc2
.
close
();
}
catch
(
IOException
e2
)
{}
ioe
=
e
;
}
finally
{
try
{
if
(
ssc
!=
null
)
ssc
.
close
();
}
catch
(
IOException
e2
)
{}
}
}
}
return
null
;
}
}
}
}
...
@@ -144,7 +174,6 @@ class PipeImpl
...
@@ -144,7 +174,6 @@ class PipeImpl
}
}
}
}
public
SourceChannel
source
()
{
public
SourceChannel
source
()
{
return
source
;
return
source
;
}
}
...
...
test/ProblemList.txt
浏览文件 @
4944c346
###########################################################################
###########################################################################
#
#
# Copyright (c) 2009, 201
2
, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2009, 201
3
, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
#
# This code is free software; you can redistribute it and/or modify it
# This code is free software; you can redistribute it and/or modify it
...
@@ -238,9 +238,6 @@ java/nio/channels/AsynchronousChannelGroup/Unbounded.java windows-amd64
...
@@ -238,9 +238,6 @@ java/nio/channels/AsynchronousChannelGroup/Unbounded.java windows-amd64
# 7146541
# 7146541
java/rmi/transport/rapidExportUnexport/RapidExportUnexport.java linux-all
java/rmi/transport/rapidExportUnexport/RapidExportUnexport.java linux-all
# 7187882
java/rmi/activation/checkusage/CheckUsage.java generic-all
# 7190106
# 7190106
java/rmi/reliability/benchmark/runRmiBench.sh generic-all
java/rmi/reliability/benchmark/runRmiBench.sh generic-all
...
...
test/java/nio/channels/Pipe/PipeInterrupt.java
0 → 100644
浏览文件 @
4944c346
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8002306
* @summary Ensure that a Pipe can open even if its thread has already
* been interrupted.
* @author Dan Xu
*/
import
java.io.IOException
;
import
java.nio.channels.Pipe
;
public
class
PipeInterrupt
{
private
Exception
exc
=
null
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
PipeInterrupt
instance
=
new
PipeInterrupt
();
instance
.
test
();
}
public
void
test
()
throws
Exception
{
Thread
tester
=
new
Thread
(
"PipeTester"
)
{
private
Pipe
testPipe
=
null
;
@Override
public
void
run
()
{
for
(;;)
{
boolean
interrupted
=
this
.
isInterrupted
();
try
{
testPipe
=
Pipe
.
open
();
close
();
if
(
interrupted
)
{
if
(!
this
.
isInterrupted
())
exc
=
new
RuntimeException
(
"interrupt status reset"
);
break
;
}
}
catch
(
IOException
ioe
)
{
exc
=
ioe
;
}
}
}
private
void
close
()
throws
IOException
{
if
(
testPipe
!=
null
)
{
testPipe
.
sink
().
close
();
testPipe
.
source
().
close
();
}
}
};
tester
.
start
();
Thread
.
sleep
(
200
);
tester
.
interrupt
();
tester
.
join
();
if
(
exc
!=
null
)
throw
exc
;
}
}
test/java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999,
2013,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -168,7 +168,7 @@ public class ShutdownGracefully
...
@@ -168,7 +168,7 @@ public class ShutdownGracefully
registering
=
null
;
registering
=
null
;
// Need to make sure that rmid goes away by itself
// Need to make sure that rmid goes away by itself
Process
rmidProcess
=
rmid
.
getVM
()
;
JavaVM
rmidProcess
=
rmid
;
if
(
rmidProcess
!=
null
)
{
if
(
rmidProcess
!=
null
)
{
try
{
try
{
Runnable
waitThread
=
Runnable
waitThread
=
...
@@ -205,9 +205,9 @@ public class ShutdownGracefully
...
@@ -205,9 +205,9 @@ public class ShutdownGracefully
* class that waits for rmid to exit
* class that waits for rmid to exit
*/
*/
private
static
class
ShutdownDetectThread
implements
Runnable
{
private
static
class
ShutdownDetectThread
implements
Runnable
{
private
Process
rmidProcess
=
null
;
private
JavaVM
rmidProcess
=
null
;
ShutdownDetectThread
(
Process
rmidProcess
)
{
ShutdownDetectThread
(
JavaVM
rmidProcess
)
{
this
.
rmidProcess
=
rmidProcess
;
this
.
rmidProcess
=
rmidProcess
;
}
}
public
void
run
()
{
public
void
run
()
{
...
...
test/java/rmi/activation/checkusage/CheckUsage.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1999, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -23,6 +23,7 @@
...
@@ -23,6 +23,7 @@
/* @test
/* @test
* @bug 4259564
* @bug 4259564
* @summary RMID's usage message is incomplete and inconsistent with other tools
*
*
* @library ../../testlibrary
* @library ../../testlibrary
* @build TestLibrary JavaVM
* @build TestLibrary JavaVM
...
@@ -37,23 +38,16 @@ import java.io.ByteArrayOutputStream;
...
@@ -37,23 +38,16 @@ import java.io.ByteArrayOutputStream;
*/
*/
public
class
CheckUsage
{
public
class
CheckUsage
{
public
static
void
main
(
String
[]
args
)
{
public
static
void
main
(
String
[]
args
)
{
System
.
err
.
println
(
"\nregression test for 4259564\n"
);
JavaVM
rmidVM
=
null
;
try
{
try
{
// make sure the registry exits with a proper usage statement
ByteArrayOutputStream
berr
=
new
ByteArrayOutputStream
();
ByteArrayOutputStream
berr
=
new
ByteArrayOutputStream
();
//
run a VM to start the registry
//
create rmid with incorrect command line args
rmidVM
=
new
JavaVM
(
"sun.rmi.server.Activation"
,
""
,
"foo"
,
JavaVM
rmidVM
=
new
JavaVM
(
"sun.rmi.server.Activation"
,
""
,
"foo"
,
System
.
out
,
berr
);
System
.
out
,
berr
);
System
.
err
.
println
(
"starting rmid"
);
System
.
err
.
println
(
"starting rmid"
);
rmidVM
.
start
();
//
wait for registry
exit
//
run the subprocess and wait for it to
exit
int
rmidVMExitStatus
=
rmidVM
.
getVM
().
waitFor
();
int
rmidVMExitStatus
=
rmidVM
.
execute
();
System
.
err
.
println
(
"rmid exited with status: "
+
System
.
err
.
println
(
"rmid exited with status: "
+
rmidVMExitStatus
);
rmidVMExitStatus
);
...
@@ -66,12 +60,8 @@ public class CheckUsage {
...
@@ -66,12 +60,8 @@ public class CheckUsage {
}
else
{
}
else
{
System
.
err
.
println
(
"test passed"
);
System
.
err
.
println
(
"test passed"
);
}
}
}
catch
(
Exception
e
)
{
}
catch
(
Exception
e
)
{
TestLibrary
.
bomb
(
e
);
TestLibrary
.
bomb
(
e
);
}
finally
{
rmidVM
.
destroy
();
rmidVM
=
null
;
}
}
}
}
}
}
test/java/rmi/registry/altSecurityManager/AltSecurityManager.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1999, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -76,8 +76,7 @@ public class AltSecurityManager implements Runnable {
...
@@ -76,8 +76,7 @@ public class AltSecurityManager implements Runnable {
}
}
System
.
err
.
println
(
"starting "
+
utilityToStart
);
System
.
err
.
println
(
"starting "
+
utilityToStart
);
vm
.
start
();
vm
.
execute
();
vm
.
getVM
().
waitFor
();
}
catch
(
Exception
e
)
{
}
catch
(
Exception
e
)
{
TestLibrary
.
bomb
(
e
);
TestLibrary
.
bomb
(
e
);
...
...
test/java/rmi/registry/checkusage/CheckUsage.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1999, 20
08
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 20
13
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -35,34 +35,21 @@ import java.io.ByteArrayOutputStream;
...
@@ -35,34 +35,21 @@ import java.io.ByteArrayOutputStream;
/**
/**
* Make sure that the rmiregistry prints out a correct usage statement
* Make sure that the rmiregistry prints out a correct usage statement
* when run with an incorrect command line; test written to conform to
* when run with an incorrect command line.
* new tighter bug fix/regression test guidelines.
*/
*/
public
class
CheckUsage
{
public
class
CheckUsage
{
public
static
void
main
(
String
[]
args
)
{
public
static
void
main
(
String
[]
args
)
{
System
.
err
.
println
(
"\nregression test for 4151966\n"
);
JavaVM
registryVM
=
null
;
try
{
try
{
// make sure the registry exits with a proper usage statement
ByteArrayOutputStream
berr
=
new
ByteArrayOutputStream
();
ByteArrayOutputStream
berr
=
new
ByteArrayOutputStream
();
// run a VM to start the registry
// run a VM to start the registry
registryVM
=
new
JavaVM
(
"sun.rmi.registry.RegistryImpl"
,
JavaVM
registryVM
=
new
JavaVM
(
"sun.rmi.registry.RegistryImpl"
,
""
,
"foo"
,
""
,
"foo"
,
System
.
out
,
berr
);
System
.
out
,
berr
);
System
.
err
.
println
(
"starting registry"
);
System
.
err
.
println
(
"starting registry"
);
registryVM
.
start
();
// wait for registry exit
System
.
err
.
println
(
" registry exited with status: "
+
System
.
err
.
println
(
" registry exited with status: "
+
registryVM
.
getVM
().
waitFor
());
registryVM
.
execute
());
try
{
Thread
.
sleep
(
7000
);
}
catch
(
InterruptedException
ie
)
{
}
String
usage
=
new
String
(
berr
.
toByteArray
());
String
usage
=
new
String
(
berr
.
toByteArray
());
...
@@ -75,9 +62,6 @@ public class CheckUsage {
...
@@ -75,9 +62,6 @@ public class CheckUsage {
}
}
}
catch
(
Exception
e
)
{
}
catch
(
Exception
e
)
{
TestLibrary
.
bomb
(
e
);
TestLibrary
.
bomb
(
e
);
}
finally
{
registryVM
.
destroy
();
registryVM
=
null
;
}
}
}
}
}
}
test/java/rmi/registry/reexport/Reexport.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1999, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -122,8 +122,7 @@ public class Reexport {
...
@@ -122,8 +122,7 @@ public class Reexport {
try
{
try
{
JavaVM
jvm
=
new
JavaVM
(
"RegistryRunner"
,
""
,
Integer
.
toString
(
p
));
JavaVM
jvm
=
new
JavaVM
(
"RegistryRunner"
,
""
,
Integer
.
toString
(
p
));
jvm
.
start
();
jvm
.
start
();
Reexport
.
subreg
=
jvm
.
getVM
();
Reexport
.
subreg
=
jvm
;
}
catch
(
IOException
e
)
{
}
catch
(
IOException
e
)
{
// one of these is summarily dropped, can't remember which one
// one of these is summarily dropped, can't remember which one
System
.
out
.
println
(
"Test setup failed - cannot run rmiregistry"
);
System
.
out
.
println
(
"Test setup failed - cannot run rmiregistry"
);
...
@@ -135,7 +134,8 @@ public class Reexport {
...
@@ -135,7 +134,8 @@ public class Reexport {
}
catch
(
Exception
whatever
)
{
}
catch
(
Exception
whatever
)
{
}
}
}
}
private
static
Process
subreg
=
null
;
private
static
JavaVM
subreg
=
null
;
public
static
void
killRegistry
(
int
port
)
{
public
static
void
killRegistry
(
int
port
)
{
if
(
Reexport
.
subreg
!=
null
)
{
if
(
Reexport
.
subreg
!=
null
)
{
...
...
test/java/rmi/testlibrary/JavaVM.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1998, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -41,6 +41,8 @@ public class JavaVM {
...
@@ -41,6 +41,8 @@ public class JavaVM {
private
OutputStream
outputStream
=
System
.
out
;
private
OutputStream
outputStream
=
System
.
out
;
private
OutputStream
errorStream
=
System
.
err
;
private
OutputStream
errorStream
=
System
.
err
;
private
String
policyFileName
=
null
;
private
String
policyFileName
=
null
;
private
StreamPipe
outPipe
;
private
StreamPipe
errPipe
;
private
static
void
mesg
(
Object
mesg
)
{
private
static
void
mesg
(
Object
mesg
)
{
System
.
err
.
println
(
"JAVAVM: "
+
mesg
.
toString
());
System
.
err
.
println
(
"JAVAVM: "
+
mesg
.
toString
());
...
@@ -145,13 +147,12 @@ public class JavaVM {
...
@@ -145,13 +147,12 @@ public class JavaVM {
}
}
mesg
(
"command = "
+
Arrays
.
asList
(
javaCommand
).
toString
());
mesg
(
"command = "
+
Arrays
.
asList
(
javaCommand
).
toString
());
System
.
err
.
println
(
""
);
vm
=
Runtime
.
getRuntime
().
exec
(
javaCommand
);
vm
=
Runtime
.
getRuntime
().
exec
(
javaCommand
);
/* output from the execed process may optionally be captured. */
/* output from the execed process may optionally be captured. */
StreamPipe
.
plugTogether
(
vm
.
getInputStream
(),
this
.
outputStream
);
outPipe
=
StreamPipe
.
plugTogether
(
vm
.
getInputStream
(),
this
.
outputStream
);
StreamPipe
.
plugTogether
(
vm
.
getErrorStream
(),
this
.
errorStream
);
errPipe
=
StreamPipe
.
plugTogether
(
vm
.
getErrorStream
(),
this
.
errorStream
);
}
}
public
void
destroy
()
{
public
void
destroy
()
{
...
@@ -161,7 +162,25 @@ public class JavaVM {
...
@@ -161,7 +162,25 @@ public class JavaVM {
vm
=
null
;
vm
=
null
;
}
}
protected
Process
getVM
()
{
/**
return
vm
;
* Waits for the subprocess to exit, joins the pipe threads to ensure that
* all output is collected, and returns its exit status.
*/
public
int
waitFor
()
throws
InterruptedException
{
if
(
vm
==
null
)
throw
new
IllegalStateException
(
"can't wait for JavaVM that hasn't started"
);
int
status
=
vm
.
waitFor
();
outPipe
.
join
();
errPipe
.
join
();
return
status
;
}
/**
* Starts the subprocess, waits for it to exit, and returns its exit status.
*/
public
int
execute
()
throws
IOException
,
InterruptedException
{
start
();
return
waitFor
();
}
}
}
}
test/java/rmi/testlibrary/RMID.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1998, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -202,8 +202,6 @@ public class RMID extends JavaVM {
...
@@ -202,8 +202,6 @@ public class RMID extends JavaVM {
public
void
start
(
long
waitTime
)
throws
IOException
{
public
void
start
(
long
waitTime
)
throws
IOException
{
if
(
getVM
()
!=
null
)
return
;
// if rmid is already running, then the test will fail with
// if rmid is already running, then the test will fail with
// a well recognized exception (port already in use...).
// a well recognized exception (port already in use...).
...
...
test/java/rmi/transport/checkFQDN/CheckFQDN.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1998, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -114,6 +114,7 @@ public class CheckFQDN extends UnicastRemoteObject
...
@@ -114,6 +114,7 @@ public class CheckFQDN extends UnicastRemoteObject
equal
=
"="
;
equal
=
"="
;
}
}
// create a client to tell checkFQDN what its rmi name is.
JavaVM
jvm
=
new
JavaVM
(
"CheckFQDNClient"
,
JavaVM
jvm
=
new
JavaVM
(
"CheckFQDNClient"
,
propOption
+
property
+
propOption
+
property
+
equal
+
equal
+
...
@@ -125,10 +126,7 @@ public class CheckFQDN extends UnicastRemoteObject
...
@@ -125,10 +126,7 @@ public class CheckFQDN extends UnicastRemoteObject
propertyBeingTested
=
property
;
propertyBeingTested
=
property
;
propertyBeingTestedValue
=
propertyValue
;
propertyBeingTestedValue
=
propertyValue
;
// create a client to tell checkFQDN what its rmi name is. */
if
(
jvm
.
execute
()
!=
0
)
{
jvm
.
start
();
if
(
jvm
.
getVM
().
waitFor
()
!=
0
)
{
TestLibrary
.
bomb
(
"Test failed, error in client."
);
TestLibrary
.
bomb
(
"Test failed, error in client."
);
}
}
...
...
test/java/rmi/transport/checkLeaseInfoLeak/CheckLeaseLeak.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1998, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -102,9 +102,8 @@ public class CheckLeaseLeak extends UnicastRemoteObject implements LeaseLeak {
...
@@ -102,9 +102,8 @@ public class CheckLeaseLeak extends UnicastRemoteObject implements LeaseLeak {
" -Drmi.registry.port="
+
" -Drmi.registry.port="
+
registryPort
,
registryPort
,
""
);
""
);
jvm
.
start
();
if
(
jvm
.
getVM
().
waitFor
()
==
1
)
{
if
(
jvm
.
execute
()
!=
0
)
{
TestLibrary
.
bomb
(
"Client process failed"
);
TestLibrary
.
bomb
(
"Client process failed"
);
}
}
}
}
...
...
test/sun/rmi/runtime/Log/4504153/Test4504153.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002,
2013,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -48,8 +48,7 @@ public class Test4504153 {
...
@@ -48,8 +48,7 @@ public class Test4504153 {
ByteArrayOutputStream
err
=
new
ByteArrayOutputStream
();
ByteArrayOutputStream
err
=
new
ByteArrayOutputStream
();
JavaVM
vm
=
new
JavaVM
(
StartRegistry
.
class
.
getName
(),
JavaVM
vm
=
new
JavaVM
(
StartRegistry
.
class
.
getName
(),
"-Dsun.rmi.transport.logLevel=v"
,
""
,
out
,
err
);
"-Dsun.rmi.transport.logLevel=v"
,
""
,
out
,
err
);
vm
.
start
();
vm
.
execute
();
vm
.
getVM
().
waitFor
();
String
errString
=
err
.
toString
();
String
errString
=
err
.
toString
();
...
...
test/sun/rmi/runtime/Log/6409194/NoConsoleOutput.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 2006, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -65,8 +65,7 @@ public class NoConsoleOutput {
...
@@ -65,8 +65,7 @@ public class NoConsoleOutput {
JavaVM
vm
=
new
JavaVM
(
DoRMIStuff
.
class
.
getName
(),
JavaVM
vm
=
new
JavaVM
(
DoRMIStuff
.
class
.
getName
(),
"-Djava.util.logging.config.file="
+
loggingPropertiesFile
,
"-Djava.util.logging.config.file="
+
loggingPropertiesFile
,
""
,
out
,
err
);
""
,
out
,
err
);
vm
.
start
();
vm
.
execute
();
vm
.
getVM
().
waitFor
();
/*
/*
* Verify that the subprocess had no System.out or System.err
* Verify that the subprocess had no System.out or System.err
...
...
test/sun/rmi/transport/tcp/DeadCachedConnection.java
浏览文件 @
4944c346
/*
/*
* Copyright (c) 1998, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -104,7 +104,7 @@ public class DeadCachedConnection {
...
@@ -104,7 +104,7 @@ public class DeadCachedConnection {
JavaVM
jvm
=
JavaVM
jvm
=
new
JavaVM
(
"sun.rmi.registry.RegistryImpl"
,
""
,
Integer
.
toString
(
p
));
new
JavaVM
(
"sun.rmi.registry.RegistryImpl"
,
""
,
Integer
.
toString
(
p
));
jvm
.
start
();
jvm
.
start
();
DeadCachedConnection
.
subreg
=
jvm
.
getVM
()
;
DeadCachedConnection
.
subreg
=
jvm
;
}
catch
(
IOException
e
)
{
}
catch
(
IOException
e
)
{
// one of these is summarily dropped, can't remember which one
// one of these is summarily dropped, can't remember which one
...
@@ -117,7 +117,7 @@ public class DeadCachedConnection {
...
@@ -117,7 +117,7 @@ public class DeadCachedConnection {
}
catch
(
Exception
whatever
)
{
}
catch
(
Exception
whatever
)
{
}
}
}
}
private
static
Process
subreg
=
null
;
private
static
JavaVM
subreg
=
null
;
public
static
void
killRegistry
()
{
public
static
void
killRegistry
()
{
if
(
DeadCachedConnection
.
subreg
!=
null
)
{
if
(
DeadCachedConnection
.
subreg
!=
null
)
{
...
...
test/sun/security/krb5/ServiceCredsCombination.java
0 → 100644
浏览文件 @
4944c346
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8005447
* @compile -XDignore.symbol.file ServiceCredsCombination.java
* @run main ServiceCredsCombination
* @summary default principal can act as anyone
*/
import
java.security.PrivilegedActionException
;
import
java.security.PrivilegedExceptionAction
;
import
java.util.Objects
;
import
javax.security.auth.Subject
;
import
javax.security.auth.kerberos.KerberosKey
;
import
javax.security.auth.kerberos.KerberosPrincipal
;
import
javax.security.auth.kerberos.KeyTab
;
import
org.ietf.jgss.GSSCredential
;
import
org.ietf.jgss.GSSException
;
import
org.ietf.jgss.GSSManager
;
import
org.ietf.jgss.GSSName
;
import
sun.security.jgss.GSSUtil
;
public
class
ServiceCredsCombination
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// pass
check
(
"a"
,
"a"
,
princ
(
"a"
),
key
(
"a"
));
check
(
null
,
"a"
,
princ
(
"a"
),
key
(
"a"
));
check
(
"x"
,
"NOCRED"
,
princ
(
"a"
),
key
(
"a"
));
// two pass
check
(
"a"
,
"a"
,
princ
(
"a"
),
key
(
"a"
),
princ
(
"b"
),
key
(
"b"
));
check
(
"b"
,
"b"
,
princ
(
"a"
),
key
(
"a"
),
princ
(
"b"
),
key
(
"b"
));
check
(
null
,
null
,
princ
(
"a"
),
key
(
"a"
),
princ
(
"b"
),
key
(
"b"
));
check
(
"x"
,
"NOCRED"
,
princ
(
"a"
),
key
(
"a"
),
princ
(
"b"
),
key
(
"b"
));
// old ktab
check
(
"b"
,
"b"
,
princ
(
"b"
),
oldktab
());
check
(
"x"
,
"NOCRED"
,
princ
(
"b"
),
oldktab
());
check
(
null
,
"b"
,
princ
(
"b"
),
oldktab
());
// Two old ktab
check
(
"a"
,
"a"
,
princ
(
"a"
),
princ
(
"b"
),
oldktab
(),
oldktab
());
check
(
"b"
,
"b"
,
princ
(
"a"
),
princ
(
"b"
),
oldktab
(),
oldktab
());
check
(
null
,
null
,
princ
(
"a"
),
princ
(
"b"
),
oldktab
(),
oldktab
());
check
(
"x"
,
"NOCRED"
,
princ
(
"a"
),
princ
(
"b"
),
oldktab
(),
oldktab
());
// pass + old ktab
check
(
"a"
,
"a"
,
princ
(
"a"
),
princ
(
"b"
),
key
(
"a"
),
oldktab
());
check
(
"b"
,
"b"
,
princ
(
"a"
),
princ
(
"b"
),
key
(
"a"
),
oldktab
());
check
(
null
,
null
,
princ
(
"a"
),
princ
(
"b"
),
key
(
"a"
),
oldktab
());
check
(
"x"
,
"NOCRED"
,
princ
(
"a"
),
princ
(
"b"
),
key
(
"a"
),
oldktab
());
// Compatibility, automatically add princ for keys
check
(
null
,
"a"
,
key
(
"a"
));
check
(
"x"
,
"NOCRED"
,
key
(
"a"
));
check
(
null
,
"a"
,
key
(
"a"
),
oldktab
());
check
(
"x"
,
"NOCRED"
,
key
(
"a"
),
oldktab
());
// Limitation, "a" has no key, but we don't know oldktab() is for "b"
check
(
"a"
,
"a"
,
princ
(
"a"
),
princ
(
"b"
),
oldktab
());
}
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private
static
void
check
(
final
String
a
,
String
b
,
Object
...
objs
)
throws
Exception
{
Subject
subj
=
new
Subject
();
for
(
Object
obj:
objs
)
{
if
(
obj
instanceof
KerberosPrincipal
)
{
subj
.
getPrincipals
().
add
((
KerberosPrincipal
)
obj
);
}
else
if
(
obj
instanceof
KerberosKey
||
obj
instanceof
KeyTab
)
{
subj
.
getPrivateCredentials
().
add
(
obj
);
}
}
final
GSSManager
man
=
GSSManager
.
getInstance
();
try
{
String
result
=
Subject
.
doAs
(
subj
,
new
PrivilegedExceptionAction
<
String
>()
{
@Override
public
String
run
()
throws
GSSException
{
GSSCredential
cred
=
man
.
createCredential
(
a
==
null
?
null
:
man
.
createName
(
r
(
a
),
null
),
GSSCredential
.
INDEFINITE_LIFETIME
,
GSSUtil
.
GSS_KRB5_MECH_OID
,
GSSCredential
.
ACCEPT_ONLY
);
GSSName
name
=
cred
.
getName
();
return
name
==
null
?
null
:
name
.
toString
();
}
});
if
(!
Objects
.
equals
(
result
,
r
(
b
)))
{
throw
new
Exception
(
"Check failed: getInstance("
+
a
+
") has name "
+
result
+
", not "
+
b
);
}
}
catch
(
PrivilegedActionException
e
)
{
if
(!
"NOCRED"
.
equals
(
b
))
{
throw
new
Exception
(
"Check failed: getInstance("
+
a
+
") is null "
+
", but not one with name "
+
b
);
}
}
}
private
static
String
r
(
String
s
)
{
return
s
==
null
?
null
:
(
s
+
"@REALM"
);
}
private
static
KerberosPrincipal
princ
(
String
s
)
{
return
new
KerberosPrincipal
(
r
(
s
));
}
private
static
KerberosKey
key
(
String
s
)
{
return
new
KerberosKey
(
princ
(
s
),
new
byte
[
0
],
0
,
0
);
}
private
static
KeyTab
oldktab
()
{
return
KeyTab
.
getInstance
();
}
}
test/sun/security/krb5/auto/AcceptPermissions.java
0 → 100644
浏览文件 @
4944c346
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 9999999
* @summary default principal can act as anyone
* @compile -XDignore.symbol.file AcceptPermissions.java
* @run main/othervm AcceptPermissions
*/
import
java.nio.file.Files
;
import
java.nio.file.Paths
;
import
java.nio.file.StandardOpenOption
;
import
java.security.Permission
;
import
javax.security.auth.kerberos.ServicePermission
;
import
sun.security.jgss.GSSUtil
;
import
java.util.*
;
public
class
AcceptPermissions
extends
SecurityManager
{
private
static
Map
<
Permission
,
String
>
perms
=
new
HashMap
<>();
@Override
public
void
checkPermission
(
Permission
perm
)
{
if
(!(
perm
instanceof
ServicePermission
))
{
return
;
}
ServicePermission
sp
=
(
ServicePermission
)
perm
;
if
(!
sp
.
getActions
().
equals
(
"accept"
))
{
return
;
}
// We only care about accept ServicePermission in this test
try
{
super
.
checkPermission
(
sp
);
}
catch
(
SecurityException
se
)
{
if
(
perms
.
containsKey
(
sp
))
{
perms
.
put
(
sp
,
"checked"
);
}
else
{
throw
se
;
// We didn't expect this is needed
}
}
}
// Fills in permissions we are expecting
private
static
void
initPerms
(
String
...
names
)
{
perms
.
clear
();
for
(
String
name:
names
)
{
perms
.
put
(
new
ServicePermission
(
name
+
"@"
+
OneKDC
.
REALM
,
"accept"
),
"expected"
);
}
}
// Checks if they are all checked
private
static
void
checkPerms
()
{
for
(
Map
.
Entry
<
Permission
,
String
>
entry:
perms
.
entrySet
())
{
if
(
entry
.
getValue
().
equals
(
"expected"
))
{
throw
new
RuntimeException
(
"Expected but not used: "
+
entry
.
getKey
());
}
}
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
System
.
setSecurityManager
(
new
AcceptPermissions
());
new
OneKDC
(
null
).
writeJAASConf
();
String
two
=
"two {\n"
+
" com.sun.security.auth.module.Krb5LoginModule required"
+
" principal=\""
+
OneKDC
.
SERVER
+
"\" useKeyTab=true"
+
" isInitiator=false storeKey=true;\n"
+
" com.sun.security.auth.module.Krb5LoginModule required"
+
" principal=\""
+
OneKDC
.
BACKEND
+
"\" useKeyTab=true"
+
" isInitiator=false storeKey=true;\n"
+
"};\n"
;
Files
.
write
(
Paths
.
get
(
OneKDC
.
JAAS_CONF
),
two
.
getBytes
(),
StandardOpenOption
.
APPEND
);
Context
c
,
s
;
// In all cases, a ServicePermission on the acceptor name is needed
// for a handshake. For default principal with no predictable name,
// permission not needed (yet) for credentials creation.
// Named principal
initPerms
(
OneKDC
.
SERVER
);
c
=
Context
.
fromJAAS
(
"client"
);
s
=
Context
.
fromJAAS
(
"server"
);
c
.
startAsClient
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
checkPerms
();
initPerms
(
OneKDC
.
SERVER
);
Context
.
handshake
(
c
,
s
);
checkPerms
();
// Named principal (even if there are 2 JAAS modules)
initPerms
(
OneKDC
.
SERVER
);
c
=
Context
.
fromJAAS
(
"client"
);
s
=
Context
.
fromJAAS
(
"two"
);
c
.
startAsClient
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
checkPerms
();
initPerms
(
OneKDC
.
SERVER
);
Context
.
handshake
(
c
,
s
);
checkPerms
();
// Default principal with a predictable name
initPerms
(
OneKDC
.
SERVER
);
c
=
Context
.
fromJAAS
(
"client"
);
s
=
Context
.
fromJAAS
(
"server"
);
c
.
startAsClient
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_KRB5_MECH_OID
);
checkPerms
();
initPerms
(
OneKDC
.
SERVER
);
Context
.
handshake
(
c
,
s
);
checkPerms
();
// Default principal with no predictable name
initPerms
();
// permission not needed for cred !!!
c
=
Context
.
fromJAAS
(
"client"
);
s
=
Context
.
fromJAAS
(
"two"
);
c
.
startAsClient
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_KRB5_MECH_OID
);
checkPerms
();
initPerms
(
OneKDC
.
SERVER
);
// still needed for handshake !!!
Context
.
handshake
(
c
,
s
);
checkPerms
();
}
}
test/sun/security/krb5/auto/CleanState.java
浏览文件 @
4944c346
...
@@ -24,6 +24,7 @@
...
@@ -24,6 +24,7 @@
/*
/*
* @test
* @test
* @bug 6716534
* @bug 6716534
* @compile -XDignore.symbol.file CleanState.java
* @run main/othervm CleanState
* @run main/othervm CleanState
* @summary Krb5LoginModule has not cleaned temp info between authentication attempts
* @summary Krb5LoginModule has not cleaned temp info between authentication attempts
*/
*/
...
...
test/sun/security/krb5/auto/Context.java
浏览文件 @
4944c346
...
@@ -131,21 +131,24 @@ public class Context {
...
@@ -131,21 +131,24 @@ public class Context {
return
out
;
return
out
;
}
}
/**
* Logins with username/password as a new Subject
*/
public
static
Context
fromUserPass
(
public
static
Context
fromUserPass
(
String
user
,
char
[]
pass
,
boolean
storeKey
)
throws
Exception
{
String
user
,
char
[]
pass
,
boolean
storeKey
)
throws
Exception
{
return
fromUserPass
(
n
ull
,
user
,
pass
,
storeKey
);
return
fromUserPass
(
n
ew
Subject
()
,
user
,
pass
,
storeKey
);
}
}
/**
/**
* Logins with
a username and a password, using Krb5LoginModule directly
* Logins with
username/password as an existing Subject. The
*
@param s existing subject, test multiple princ & creds for single subj
*
same subject can be used multiple times to simulate multiple logins.
* @param s
toreKey true if key should be saved, used on acceptor side
* @param s
existing subject
*/
*/
public
static
Context
fromUserPass
(
Subject
s
,
public
static
Context
fromUserPass
(
Subject
s
,
String
user
,
char
[]
pass
,
boolean
storeKey
)
throws
Exception
{
String
user
,
char
[]
pass
,
boolean
storeKey
)
throws
Exception
{
Context
out
=
new
Context
();
Context
out
=
new
Context
();
out
.
name
=
user
;
out
.
name
=
user
;
out
.
s
=
s
==
null
?
new
Subject
()
:
s
;
out
.
s
=
s
;
Krb5LoginModule
krb5
=
new
Krb5LoginModule
();
Krb5LoginModule
krb5
=
new
Krb5LoginModule
();
Map
<
String
,
String
>
map
=
new
HashMap
<>();
Map
<
String
,
String
>
map
=
new
HashMap
<>();
Map
<
String
,
Object
>
shared
=
new
HashMap
<>();
Map
<
String
,
Object
>
shared
=
new
HashMap
<>();
...
@@ -172,14 +175,23 @@ public class Context {
...
@@ -172,14 +175,23 @@ public class Context {
}
}
/**
/**
* Logins with a username and a keytab, using Krb5LoginModule directly
* Logins with username/keytab as an existing Subject. The
* @param storeKey true if key should be saved, used on acceptor side
* same subject can be used multiple times to simulate multiple logins.
* @param s existing subject
*/
*/
public
static
Context
fromUserKtab
(
String
user
,
String
ktab
,
boolean
storeKey
)
public
static
Context
fromUserKtab
(
throws
Exception
{
String
user
,
String
ktab
,
boolean
storeKey
)
throws
Exception
{
return
fromUserKtab
(
new
Subject
(),
user
,
ktab
,
storeKey
);
}
/**
* Logins with username/keytab as a new subject,
*/
public
static
Context
fromUserKtab
(
Subject
s
,
String
user
,
String
ktab
,
boolean
storeKey
)
throws
Exception
{
Context
out
=
new
Context
();
Context
out
=
new
Context
();
out
.
name
=
user
;
out
.
name
=
user
;
out
.
s
=
new
Subject
()
;
out
.
s
=
s
;
Krb5LoginModule
krb5
=
new
Krb5LoginModule
();
Krb5LoginModule
krb5
=
new
Krb5LoginModule
();
Map
<
String
,
String
>
map
=
new
HashMap
<>();
Map
<
String
,
String
>
map
=
new
HashMap
<>();
...
...
test/sun/security/krb5/auto/DiffNameSameKey.java
0 → 100644
浏览文件 @
4944c346
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8005447
* @summary default principal can act as anyone
* @compile -XDignore.symbol.file DiffNameSameKey.java
* @run main/othervm/fail DiffNameSameKey a
* @run main/othervm DiffNameSameKey b
*/
import
sun.security.jgss.GSSUtil
;
import
sun.security.krb5.PrincipalName
;
/**
* This test confirms the compatibility codes described in
* ServiceCreds.getEKeys(). If the acceptor starts as x.us.oracle.com
* but client requests for x.us, as long as the KDC supports both names
* and the keys are the same, the auth should succeed.
*/
public
class
DiffNameSameKey
{
static
final
String
SERVER2
=
"x"
+
OneKDC
.
SERVER
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
OneKDC
kdc
=
new
KDC2
();
kdc
.
addPrincipal
(
SERVER2
,
"samepass"
.
toCharArray
());
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
"samepass"
.
toCharArray
());
kdc
.
writeJAASConf
();
kdc
.
writeKtab
(
OneKDC
.
KTAB
);
Context
c
,
s
;
c
=
Context
.
fromJAAS
(
"client"
);
s
=
Context
.
fromJAAS
(
"server"
);
switch
(
args
[
0
])
{
case
"a"
:
// If server starts as another service, should fail
c
.
startAsClient
(
OneKDC
.
SERVER
,
GSSUtil
.
GSS_SPNEGO_MECH_OID
);
s
.
startAsServer
(
SERVER2
.
replace
(
'/'
,
'@'
),
GSSUtil
.
GSS_SPNEGO_MECH_OID
);
break
;
case
"b"
:
// If client requests another server with the same keys,
// succeed to be compatible
c
.
startAsClient
(
SERVER2
,
GSSUtil
.
GSS_SPNEGO_MECH_OID
);
s
.
startAsServer
(
OneKDC
.
SERVER
.
replace
(
'/'
,
'@'
),
GSSUtil
.
GSS_SPNEGO_MECH_OID
);
break
;
}
Context
.
handshake
(
c
,
s
);
s
.
dispose
();
c
.
dispose
();
}
/**
* This KDC returns the same salt for all principals. This means same
* passwords generate same keys.
*/
static
class
KDC2
extends
OneKDC
{
KDC2
()
throws
Exception
{
super
(
null
);
}
@Override
public
String
getSalt
(
PrincipalName
pn
)
{
return
"SAME"
;
}
}
}
test/sun/security/krb5/auto/DynamicKeytab.java
浏览文件 @
4944c346
...
@@ -24,6 +24,7 @@
...
@@ -24,6 +24,7 @@
/*
/*
* @test
* @test
* @bug 6894072
* @bug 6894072
* @compile -XDignore.symbol.file DynamicKeytab.java
* @run main/othervm DynamicKeytab
* @run main/othervm DynamicKeytab
* @summary always refresh keytab
* @summary always refresh keytab
*/
*/
...
...
test/sun/security/krb5/auto/KDC.java
浏览文件 @
4944c346
...
@@ -285,10 +285,12 @@ public class KDC {
...
@@ -285,10 +285,12 @@ public class KDC {
if
(
Character
.
isDigit
(
pass
[
pass
.
length
-
1
]))
{
if
(
Character
.
isDigit
(
pass
[
pass
.
length
-
1
]))
{
kvno
=
pass
[
pass
.
length
-
1
]
-
'0'
;
kvno
=
pass
[
pass
.
length
-
1
]
-
'0'
;
}
}
ktab
.
addEntry
(
new
PrincipalName
(
name
,
PrincipalName
pn
=
new
PrincipalName
(
name
,
name
.
indexOf
(
'/'
)
<
0
?
name
.
indexOf
(
'/'
)
<
0
?
PrincipalName
.
KRB_NT_UNKNOWN
:
PrincipalName
.
KRB_NT_UNKNOWN
:
PrincipalName
.
KRB_NT_SRV_HST
),
PrincipalName
.
KRB_NT_SRV_HST
);
ktab
.
addEntry
(
pn
,
getSalt
(
pn
),
pass
,
pass
,
kvno
,
kvno
,
true
);
true
);
...
@@ -534,7 +536,7 @@ public class KDC {
...
@@ -534,7 +536,7 @@ public class KDC {
if
(
pass
==
null
)
{
if
(
pass
==
null
)
{
throw
new
KrbException
(
server
?
throw
new
KrbException
(
server
?
Krb5
.
KDC_ERR_S_PRINCIPAL_UNKNOWN
:
Krb5
.
KDC_ERR_S_PRINCIPAL_UNKNOWN
:
Krb5
.
KDC_ERR_C_PRINCIPAL_UNKNOWN
);
Krb5
.
KDC_ERR_C_PRINCIPAL_UNKNOWN
,
pn
.
toString
()
);
}
}
return
pass
;
return
pass
;
}
}
...
@@ -544,7 +546,7 @@ public class KDC {
...
@@ -544,7 +546,7 @@ public class KDC {
* @param p principal
* @param p principal
* @return the salt
* @return the salt
*/
*/
pr
ivate
String
getSalt
(
PrincipalName
p
)
{
pr
otected
String
getSalt
(
PrincipalName
p
)
{
String
pn
=
p
.
toString
();
String
pn
=
p
.
toString
();
if
(
p
.
getRealmString
()
==
null
)
{
if
(
p
.
getRealmString
()
==
null
)
{
pn
=
pn
+
"@"
+
getRealm
();
pn
=
pn
+
"@"
+
getRealm
();
...
...
test/sun/security/krb5/auto/KeyTabCompat.java
浏览文件 @
4944c346
...
@@ -38,7 +38,7 @@ import sun.security.jgss.GSSUtil;
...
@@ -38,7 +38,7 @@ import sun.security.jgss.GSSUtil;
*
*
* 1. If there is only KerberosKeys in private credential set and no
* 1. If there is only KerberosKeys in private credential set and no
* KerberosPrincipal. JAAS login should go on.
* KerberosPrincipal. JAAS login should go on.
* 2.
Even if KeyTab is used, user can still
get KerberosKeys from
* 2.
If KeyTab is used, user won't
get KerberosKeys from
* private credentials set.
* private credentials set.
*/
*/
public
class
KeyTabCompat
{
public
class
KeyTabCompat
{
...
...
test/sun/security/krb5/auto/TwoOrThree.java
0 → 100644
浏览文件 @
4944c346
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8005447
* @summary default principal can act as anyone
* @compile -XDignore.symbol.file TwoOrThree.java
* @run main/othervm TwoOrThree first first
* @run main/othervm/fail TwoOrThree first second
* @run main/othervm TwoOrThree - first
* @run main/othervm TwoOrThree - second
* @run main/othervm/fail TwoOrThree - third
*/
import
java.nio.file.Files
;
import
java.nio.file.Paths
;
import
java.nio.file.StandardOpenOption
;
import
javax.security.auth.Subject
;
import
sun.security.jgss.GSSUtil
;
/*
* The JAAS login has two krb5 modules
* 1. principal is A
* 2. principal is B
* A named principal can only accept itself. The default principal can accept
* either, but not any other service even if the keytab also include its keys.
*/
public
class
TwoOrThree
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
String
server
=
args
[
0
].
equals
(
"-"
)
?
null
:
args
[
0
];
String
target
=
args
[
1
];
OneKDC
kdc
=
new
OneKDC
(
null
);
kdc
.
addPrincipal
(
"first"
,
"first"
.
toCharArray
());
kdc
.
addPrincipal
(
"second"
,
"second"
.
toCharArray
());
kdc
.
addPrincipal
(
"third"
,
"third"
.
toCharArray
());
kdc
.
writeKtab
(
OneKDC
.
KTAB
);
Context
c
=
Context
.
fromUserPass
(
OneKDC
.
USER
,
OneKDC
.
PASS
,
false
);
// Using keytabs
Subject
sub4s
=
new
Subject
();
Context
.
fromUserKtab
(
sub4s
,
"first"
,
OneKDC
.
KTAB
,
true
);
Context
s
=
Context
.
fromUserKtab
(
sub4s
,
"second"
,
OneKDC
.
KTAB
,
true
);
c
.
startAsClient
(
target
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
server
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
Context
.
handshake
(
c
,
s
);
// Using keys
sub4s
=
new
Subject
();
Context
.
fromUserPass
(
sub4s
,
"first"
,
"first"
.
toCharArray
(),
true
);
s
=
Context
.
fromUserPass
(
sub4s
,
"second"
,
"second"
.
toCharArray
(),
true
);
c
.
startAsClient
(
target
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
server
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
Context
.
handshake
(
c
,
s
);
s
.
dispose
();
c
.
dispose
();
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录