From 8c93a6d1809e79c45e27ae74d108edacb8f1515b Mon Sep 17 00:00:00 2001
From: weijun <unknown>
Date: Wed, 16 Oct 2013 14:39:00 +0800
Subject: [PATCH] 8025124: InitialToken.useNullKey incorrectly applies NULL_KEY
 in some cases Reviewed-by: xuelei

---
 .../sun/security/jgss/krb5/InitialToken.java  | 25 +++++++------------
 .../classes/sun/security/krb5/KrbCred.java    |  5 +++-
 2 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/src/share/classes/sun/security/jgss/krb5/InitialToken.java b/src/share/classes/sun/security/jgss/krb5/InitialToken.java
index 8e462fdc4..c15ddd235 100644
--- a/src/share/classes/sun/security/jgss/krb5/InitialToken.java
+++ b/src/share/classes/sun/security/jgss/krb5/InitialToken.java
@@ -277,24 +277,17 @@ abstract class InitialToken extends Krb5Token {
                 byte[] credBytes = new byte[credLen];
                 System.arraycopy(checksumBytes, 28, credBytes, 0, credLen);
 
-                CipherHelper cipherHelper = context.getCipherHelper(key);
-                if (useNullKey(cipherHelper)) {
-                    delegCreds =
-                        new KrbCred(credBytes, EncryptionKey.NULL_KEY).
-                        getDelegatedCreds()[0];
-                } else {
-                    KrbCred cred;
-                    try {
-                        cred = new KrbCred(credBytes, key);
-                    } catch (KrbException e) {
-                        if (subKey != null) {
-                            cred = new KrbCred(credBytes, subKey);
-                        } else {
-                            throw e;
-                        }
+                KrbCred cred;
+                try {
+                    cred = new KrbCred(credBytes, key);
+                } catch (KrbException ke) {
+                    if (subKey != null) {
+                        cred = new KrbCred(credBytes, subKey);
+                    } else {
+                        throw ke;
                     }
-                    delegCreds = cred.getDelegatedCreds()[0];
                 }
+                delegCreds = cred.getDelegatedCreds()[0];
             }
         }
 
diff --git a/src/share/classes/sun/security/krb5/KrbCred.java b/src/share/classes/sun/security/krb5/KrbCred.java
index 64dada1d3..586a66609 100644
--- a/src/share/classes/sun/security/krb5/KrbCred.java
+++ b/src/share/classes/sun/security/krb5/KrbCred.java
@@ -119,7 +119,7 @@ public class KrbCred {
         return credMessg;
     }
 
-         // Used in InitialToken, key always NULL_KEY
+    // Used in InitialToken, NULL_KEY might be used
     public KrbCred(byte[] asn1Message, EncryptionKey key)
         throws KrbException, IOException {
 
@@ -127,6 +127,9 @@ public class KrbCred {
 
         ticket = credMessg.tickets[0];
 
+        if (credMessg.encPart.getEType() == 0) {
+            key = EncryptionKey.NULL_KEY;
+        }
         byte[] temp = credMessg.encPart.decrypt(key,
             KeyUsage.KU_ENC_KRB_CRED_PART);
         byte[] plainText = credMessg.encPart.reset(temp);
-- 
GitLab