Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
764edc37
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
764edc37
编写于
5月 08, 2013
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8012679: Let allow_weak_crypto default to false
Reviewed-by: valeriep
上级
49886064
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
29 addition
and
8 deletion
+29
-8
src/share/classes/sun/security/krb5/internal/crypto/EType.java
...hare/classes/sun/security/krb5/internal/crypto/EType.java
+2
-2
test/sun/security/krb5/auto/DupEtypes.java
test/sun/security/krb5/auto/DupEtypes.java
+9
-0
test/sun/security/krb5/etype/WeakCrypto.java
test/sun/security/krb5/etype/WeakCrypto.java
+18
-6
未找到文件。
src/share/classes/sun/security/krb5/internal/crypto/EType.java
浏览文件 @
764edc37
...
@@ -55,11 +55,11 @@ public abstract class EType {
...
@@ -55,11 +55,11 @@ public abstract class EType {
}
}
public
static
void
initStatic
()
{
public
static
void
initStatic
()
{
boolean
allowed
=
tru
e
;
boolean
allowed
=
fals
e
;
try
{
try
{
Config
cfg
=
Config
.
getInstance
();
Config
cfg
=
Config
.
getInstance
();
String
temp
=
cfg
.
get
(
"libdefaults"
,
"allow_weak_crypto"
);
String
temp
=
cfg
.
get
(
"libdefaults"
,
"allow_weak_crypto"
);
if
(
temp
!=
null
&&
temp
.
equals
(
"
false"
))
allowed
=
fals
e
;
if
(
temp
!=
null
&&
temp
.
equals
(
"
true"
))
allowed
=
tru
e
;
}
catch
(
Exception
exc
)
{
}
catch
(
Exception
exc
)
{
if
(
DEBUG
)
{
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception in getting allow_weak_crypto, "
+
System
.
out
.
println
(
"Exception in getting allow_weak_crypto, "
+
...
...
test/sun/security/krb5/auto/DupEtypes.java
浏览文件 @
764edc37
...
@@ -34,6 +34,7 @@
...
@@ -34,6 +34,7 @@
*/
*/
import
sun.security.jgss.GSSUtil
;
import
sun.security.jgss.GSSUtil
;
import
sun.security.krb5.Config
;
public
class
DupEtypes
{
public
class
DupEtypes
{
...
@@ -42,6 +43,14 @@ public class DupEtypes {
...
@@ -42,6 +43,14 @@ public class DupEtypes {
OneKDC
kdc
=
new
OneKDC
(
null
);
OneKDC
kdc
=
new
OneKDC
(
null
);
kdc
.
writeJAASConf
();
kdc
.
writeJAASConf
();
KDC
.
saveConfig
(
OneKDC
.
KRB5_CONF
,
kdc
,
"default_keytab_name = "
+
OneKDC
.
KTAB
,
"allow_weak_crypto = true"
);
Config
.
refresh
();
// Rewrite to include DES keys
kdc
.
writeKtab
(
OneKDC
.
KTAB
);
// Different test cases, read KDC.processAsReq for details
// Different test cases, read KDC.processAsReq for details
kdc
.
setOption
(
KDC
.
Option
.
DUP_ETYPE
,
Integer
.
parseInt
(
args
[
0
]));
kdc
.
setOption
(
KDC
.
Option
.
DUP_ETYPE
,
Integer
.
parseInt
(
args
[
0
]));
...
...
test/sun/security/krb5/etype/WeakCrypto.java
浏览文件 @
764edc37
...
@@ -22,29 +22,41 @@
...
@@ -22,29 +22,41 @@
*/
*/
/*
/*
* @test
* @test
* @bug 6844909
* @bug 6844909
8012679
* @run main/othervm WeakCrypto
* @run main/othervm WeakCrypto
* @run main/othervm WeakCrypto true
* @run main/othervm WeakCrypto false
* @summary support allow_weak_crypto in krb5.conf
* @summary support allow_weak_crypto in krb5.conf
*/
*/
import
java.io.File
;
import
java.io.File
;
import
java.lang.Exception
;
import
java.nio.file.Files
;
import
java.nio.file.Paths
;
import
sun.security.krb5.internal.crypto.EType
;
import
sun.security.krb5.internal.crypto.EType
;
import
sun.security.krb5.EncryptedData
;
import
sun.security.krb5.EncryptedData
;
public
class
WeakCrypto
{
public
class
WeakCrypto
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
System
.
setProperty
(
"java.security.krb5.conf"
,
String
conf
=
"[libdefaults]\n"
+
System
.
getProperty
(
"test.src"
,
"."
)
+
(
args
.
length
>
0
?
(
"allow_weak_crypto = "
+
args
[
0
])
:
""
);
File
.
separator
+
Files
.
write
(
Paths
.
get
(
"krb5.conf"
),
conf
.
getBytes
());
"weakcrypto.conf"
);
System
.
setProperty
(
"java.security.krb5.conf"
,
"krb5.conf"
);
boolean
expected
=
args
.
length
!=
0
&&
args
[
0
].
equals
(
"true"
);
int
[]
etypes
=
EType
.
getBuiltInDefaults
();
int
[]
etypes
=
EType
.
getBuiltInDefaults
();
boolean
found
=
false
;
for
(
int
i
=
0
,
length
=
etypes
.
length
;
i
<
length
;
i
++)
{
for
(
int
i
=
0
,
length
=
etypes
.
length
;
i
<
length
;
i
++)
{
if
(
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
if
(
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_MD4
||
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_MD4
||
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
etypes
[
i
]
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
throw
new
Exception
(
"DES should not appear"
)
;
found
=
true
;
}
}
}
}
if
(
expected
!=
found
)
{
throw
new
Exception
();
}
}
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录