8025124: InitialToken.useNullKey incorrectly applies NULL_KEY in some cases

Reviewed-by: xuelei

src/share/classes/sun/security/jgss/krb5/InitialToken.java

@@ -277,26 +277,19 @@ abstract class InitialToken extends Krb5Token {
                 byte[] credBytes = new byte[credLen];
                 System.arraycopy(checksumBytes, 28, credBytes, 0, credLen);
 
-                CipherHelper cipherHelper = context.getCipherHelper(key);
-                if (useNullKey(cipherHelper)) {
-                    delegCreds =
-                        new KrbCred(credBytes, EncryptionKey.NULL_KEY).
-                        getDelegatedCreds()[0];
-                } else {
                 KrbCred cred;
                 try {
                     cred = new KrbCred(credBytes, key);
-                    } catch (KrbException e) {
+                } catch (KrbException ke) {
                     if (subKey != null) {
                         cred = new KrbCred(credBytes, subKey);
                     } else {
-                            throw e;
+                        throw ke;
                     }
                 }
                 delegCreds = cred.getDelegatedCreds()[0];
             }
         }
-        }
 
         // check if KRB-CRED message should use NULL_KEY for encryption
         private boolean useNullKey(CipherHelper ch) {

src/share/classes/sun/security/krb5/KrbCred.java

@@ -119,7 +119,7 @@ public class KrbCred {
         return credMessg;
     }
 
-         // Used in InitialToken, key always NULL_KEY
+    // Used in InitialToken, NULL_KEY might be used
     public KrbCred(byte[] asn1Message, EncryptionKey key)
         throws KrbException, IOException {
 
@@ -127,6 +127,9 @@ public class KrbCred {
 
         ticket = credMessg.tickets[0];
 
+        if (credMessg.encPart.getEType() == 0) {
+            key = EncryptionKey.NULL_KEY;
+        }
         byte[] temp = credMessg.encPart.decrypt(key,
             KeyUsage.KU_ENC_KRB_CRED_PART);
         byte[] plainText = credMessg.encPart.reset(temp);