Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
b0b89f8f
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
b0b89f8f
编写于
7月 11, 2012
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6966259: Make PrincipalName and Realm immutable
Reviewed-by: xuelei
上级
89d4b110
变更
48
隐藏空白更改
内联
并排
Showing
48 changed file
with
480 addition
and
645 deletion
+480
-645
src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
...asses/javax/security/auth/kerberos/KerberosPrincipal.java
+11
-22
src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
...share/classes/sun/security/jgss/krb5/Krb5NameElement.java
+2
-4
src/share/classes/sun/security/krb5/Credentials.java
src/share/classes/sun/security/krb5/Credentials.java
+1
-2
src/share/classes/sun/security/krb5/KrbApReq.java
src/share/classes/sun/security/krb5/KrbApReq.java
+3
-11
src/share/classes/sun/security/krb5/KrbAppMessage.java
src/share/classes/sun/security/krb5/KrbAppMessage.java
+1
-2
src/share/classes/sun/security/krb5/KrbAsRep.java
src/share/classes/sun/security/krb5/KrbAsRep.java
+1
-2
src/share/classes/sun/security/krb5/KrbAsReq.java
src/share/classes/sun/security/krb5/KrbAsReq.java
+2
-5
src/share/classes/sun/security/krb5/KrbAsReqBuilder.java
src/share/classes/sun/security/krb5/KrbAsReqBuilder.java
+0
-3
src/share/classes/sun/security/krb5/KrbCred.java
src/share/classes/sun/security/krb5/KrbCred.java
+2
-9
src/share/classes/sun/security/krb5/KrbException.java
src/share/classes/sun/security/krb5/KrbException.java
+4
-0
src/share/classes/sun/security/krb5/KrbKdcRep.java
src/share/classes/sun/security/krb5/KrbKdcRep.java
+3
-15
src/share/classes/sun/security/krb5/KrbPriv.java
src/share/classes/sun/security/krb5/KrbPriv.java
+3
-6
src/share/classes/sun/security/krb5/KrbSafe.java
src/share/classes/sun/security/krb5/KrbSafe.java
+3
-6
src/share/classes/sun/security/krb5/KrbTgsRep.java
src/share/classes/sun/security/krb5/KrbTgsRep.java
+2
-4
src/share/classes/sun/security/krb5/KrbTgsReq.java
src/share/classes/sun/security/krb5/KrbTgsReq.java
+0
-5
src/share/classes/sun/security/krb5/PrincipalName.java
src/share/classes/sun/security/krb5/PrincipalName.java
+175
-179
src/share/classes/sun/security/krb5/Realm.java
src/share/classes/sun/security/krb5/Realm.java
+24
-23
src/share/classes/sun/security/krb5/RealmException.java
src/share/classes/sun/security/krb5/RealmException.java
+3
-0
src/share/classes/sun/security/krb5/ServiceName.java
src/share/classes/sun/security/krb5/ServiceName.java
+0
-57
src/share/classes/sun/security/krb5/internal/ASRep.java
src/share/classes/sun/security/krb5/internal/ASRep.java
+1
-2
src/share/classes/sun/security/krb5/internal/Authenticator.java
...are/classes/sun/security/krb5/internal/Authenticator.java
+3
-6
src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
...e/classes/sun/security/krb5/internal/CredentialsUtil.java
+5
-22
src/share/classes/sun/security/krb5/internal/EncASRepPart.java
...hare/classes/sun/security/krb5/internal/EncASRepPart.java
+0
-2
src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
...are/classes/sun/security/krb5/internal/EncKDCRepPart.java
+3
-6
src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java
...are/classes/sun/security/krb5/internal/EncTGSRepPart.java
+0
-2
src/share/classes/sun/security/krb5/internal/EncTicketPart.java
...are/classes/sun/security/krb5/internal/EncTicketPart.java
+3
-6
src/share/classes/sun/security/krb5/internal/KDCRep.java
src/share/classes/sun/security/krb5/internal/KDCRep.java
+3
-6
src/share/classes/sun/security/krb5/internal/KDCReqBody.java
src/share/classes/sun/security/krb5/internal/KDCReqBody.java
+16
-7
src/share/classes/sun/security/krb5/internal/KRBError.java
src/share/classes/sun/security/krb5/internal/KRBError.java
+6
-28
src/share/classes/sun/security/krb5/internal/KrbCredInfo.java
...share/classes/sun/security/krb5/internal/KrbCredInfo.java
+9
-20
src/share/classes/sun/security/krb5/internal/TGSRep.java
src/share/classes/sun/security/krb5/internal/TGSRep.java
+1
-2
src/share/classes/sun/security/krb5/internal/Ticket.java
src/share/classes/sun/security/krb5/internal/Ticket.java
+3
-7
src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
.../sun/security/krb5/internal/ccache/CCacheInputStream.java
+8
-7
src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
...lasses/sun/security/krb5/internal/ccache/Credentials.java
+0
-25
src/share/classes/sun/security/krb5/internal/ccache/CredentialsCache.java
...s/sun/security/krb5/internal/ccache/CredentialsCache.java
+2
-2
src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
...n/security/krb5/internal/ccache/FileCredentialsCache.java
+6
-14
src/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java
...security/krb5/internal/ccache/MemoryCredentialsCache.java
+1
-1
src/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
...es/sun/security/krb5/internal/ktab/KeyTabInputStream.java
+1
-2
src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
.../sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
+2
-4
src/windows/classes/sun/security/krb5/internal/tools/Kinit.java
...ndows/classes/sun/security/krb5/internal/tools/Kinit.java
+1
-3
src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
...lasses/sun/security/krb5/internal/tools/KinitOptions.java
+9
-36
src/windows/classes/sun/security/krb5/internal/tools/Ktab.java
...indows/classes/sun/security/krb5/internal/tools/Ktab.java
+0
-6
src/windows/native/sun/security/krb5/NativeCreds.c
src/windows/native/sun/security/krb5/NativeCreds.c
+4
-14
test/sun/security/krb5/ServiceNameClone.java
test/sun/security/krb5/ServiceNameClone.java
+0
-41
test/sun/security/krb5/auto/KDC.java
test/sun/security/krb5/auto/KDC.java
+6
-19
test/sun/security/krb5/name/Constructors.java
test/sun/security/krb5/name/Constructors.java
+135
-0
test/sun/security/krb5/name/empty.conf
test/sun/security/krb5/name/empty.conf
+2
-0
test/sun/security/krb5/name/krb5.conf
test/sun/security/krb5/name/krb5.conf
+10
-0
未找到文件。
src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
浏览文件 @
b0b89f8f
...
...
@@ -26,7 +26,6 @@
package
javax.security.auth.kerberos
;
import
java.io.*
;
import
sun.security.krb5.Asn1Exception
;
import
sun.security.krb5.KrbException
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.krb5.Realm
;
...
...
@@ -81,14 +80,12 @@ public final class KerberosPrincipal
public
static
final
int
KRB_NT_UID
=
5
;
private
transient
String
fullName
;
private
transient
String
realm
;
private
transient
int
nameType
;
private
static
final
char
NAME_REALM_SEPARATOR
=
'@'
;
/**
* Constructs a KerberosPrincipal from the provided string input. The
...
...
@@ -233,41 +230,35 @@ public final class KerberosPrincipal
* realm in their DER-encoded form as specified in Section 5.2.2 of
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
*/
private
void
writeObject
(
ObjectOutputStream
oos
)
throws
IOException
{
throws
IOException
{
PrincipalName
krb5Principal
=
null
;
PrincipalName
krb5Principal
;
try
{
krb5Principal
=
new
PrincipalName
(
fullName
,
nameType
);
krb5Principal
=
new
PrincipalName
(
fullName
,
nameType
);
oos
.
writeObject
(
krb5Principal
.
asn1Encode
());
oos
.
writeObject
(
krb5Principal
.
getRealm
().
asn1Encode
());
}
catch
(
Exception
e
)
{
IOException
ioe
=
new
IOException
(
e
.
getMessage
());
ioe
.
initCause
(
e
);
throw
ioe
;
throw
new
IOException
(
e
);
}
}
/**
* Reads this object from a stream (i.e., deserializes it)
*/
private
void
readObject
(
ObjectInputStream
ois
)
throws
IOException
,
ClassNotFoundException
{
throws
IOException
,
ClassNotFoundException
{
byte
[]
asn1EncPrincipal
=
(
byte
[])
ois
.
readObject
();
byte
[]
encRealm
=
(
byte
[])
ois
.
readObject
();
try
{
PrincipalName
krb5Principal
=
new
PrincipalName
(
new
DerValue
(
asn1EncPrincipal
));
realm
=
(
new
Realm
(
new
DerValue
(
encRealm
))).
toString
(
);
fullName
=
krb5Principal
.
toString
()
+
NAME_REALM_SEPARATOR
+
realm
.
toString
();
Realm
realmObject
=
new
Realm
(
new
DerValue
(
encRealm
));
PrincipalName
krb5Principal
=
new
PrincipalName
(
new
DerValue
(
asn1EncPrincipal
),
realmObject
);
realm
=
realmObject
.
toString
();
fullName
=
krb5Principal
.
toString
();
nameType
=
krb5Principal
.
getNameType
();
}
catch
(
Exception
e
)
{
IOException
ioe
=
new
IOException
(
e
.
getMessage
());
ioe
.
initCause
(
e
);
throw
ioe
;
throw
new
IOException
(
e
);
}
}
...
...
@@ -288,9 +279,7 @@ public final class KerberosPrincipal
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
*
* @return the name type.
*
*/
public
int
getNameType
()
{
return
nameType
;
}
...
...
src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
浏览文件 @
b0b89f8f
...
...
@@ -27,10 +27,8 @@ package sun.security.jgss.krb5;
import
org.ietf.jgss.*
;
import
sun.security.jgss.spi.*
;
import
javax.security.auth.kerberos.*
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.krb5.KrbException
;
import
sun.security.krb5.ServiceName
;
import
java.io.UnsupportedEncodingException
;
import
java.net.InetAddress
;
import
java.net.UnknownHostException
;
...
...
@@ -119,8 +117,8 @@ public class Krb5NameElement
hostName
=
components
[
1
];
String
principal
=
getHostBasedInstance
(
service
,
hostName
);
principalName
=
new
Service
Name
(
principal
,
PrincipalName
.
KRB_NT_SRV_HST
);
principalName
=
new
Principal
Name
(
principal
,
PrincipalName
.
KRB_NT_SRV_HST
);
}
}
...
...
src/share/classes/sun/security/krb5/Credentials.java
浏览文件 @
b0b89f8f
...
...
@@ -464,8 +464,7 @@ public class Credentials {
System
.
out
.
println
(
">>> DEBUG: ----Credentials----"
);
System
.
out
.
println
(
"\tclient: "
+
c
.
client
.
toString
());
System
.
out
.
println
(
"\tserver: "
+
c
.
server
.
toString
());
System
.
out
.
println
(
"\tticket: realm: "
+
c
.
ticket
.
realm
.
toString
());
System
.
out
.
println
(
"\t sname: "
+
c
.
ticket
.
sname
.
toString
());
System
.
out
.
println
(
"\tticket: sname: "
+
c
.
ticket
.
sname
.
toString
());
if
(
c
.
startTime
!=
null
)
{
System
.
out
.
println
(
"\tstartTime: "
+
c
.
startTime
.
getTime
());
}
...
...
src/share/classes/sun/security/krb5/KrbApReq.java
浏览文件 @
b0b89f8f
...
...
@@ -179,7 +179,6 @@ public class KrbApReq {
KrbApReq
(
APOptions
apOptions
,
Ticket
ticket
,
EncryptionKey
key
,
Realm
crealm
,
PrincipalName
cname
,
Checksum
cksum
,
KerberosTime
ctime
,
...
...
@@ -189,7 +188,7 @@ public class KrbApReq {
throws
Asn1Exception
,
IOException
,
KdcErrException
,
KrbCryptoException
{
init
(
apOptions
,
ticket
,
key
,
c
realm
,
c
name
,
init
(
apOptions
,
ticket
,
key
,
cname
,
cksum
,
ctime
,
subKey
,
seqNumber
,
authorizationData
,
KeyUsage
.
KU_PA_TGS_REQ_AUTHENTICATOR
);
...
...
@@ -208,7 +207,6 @@ public class KrbApReq {
init
(
options
,
tgs_creds
.
ticket
,
tgs_creds
.
key
,
tgs_creds
.
client
.
getRealm
(),
tgs_creds
.
client
,
cksum
,
ctime
,
...
...
@@ -221,7 +219,6 @@ public class KrbApReq {
private
void
init
(
APOptions
apOptions
,
Ticket
ticket
,
EncryptionKey
key
,
Realm
crealm
,
PrincipalName
cname
,
Checksum
cksum
,
KerberosTime
ctime
,
...
...
@@ -232,7 +229,7 @@ public class KrbApReq {
throws
Asn1Exception
,
IOException
,
KdcErrException
,
KrbCryptoException
{
createMessage
(
apOptions
,
ticket
,
key
,
c
realm
,
c
name
,
createMessage
(
apOptions
,
ticket
,
key
,
cname
,
cksum
,
ctime
,
subKey
,
seqNumber
,
authorizationData
,
usage
);
obuf
=
apReqMessg
.
asn1Encode
();
...
...
@@ -289,9 +286,6 @@ public class KrbApReq {
ctime
=
authenticator
.
ctime
;
cusec
=
authenticator
.
cusec
;
authenticator
.
ctime
.
setMicroSeconds
(
authenticator
.
cusec
);
authenticator
.
cname
.
setRealm
(
authenticator
.
crealm
);
apReqMessg
.
ticket
.
sname
.
setRealm
(
apReqMessg
.
ticket
.
realm
);
enc_ticketPart
.
cname
.
setRealm
(
enc_ticketPart
.
crealm
);
if
(!
authenticator
.
cname
.
equals
(
enc_ticketPart
.
cname
))
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_BADMATCH
);
...
...
@@ -457,7 +451,6 @@ public class KrbApReq {
private
void
createMessage
(
APOptions
apOptions
,
Ticket
ticket
,
EncryptionKey
key
,
Realm
crealm
,
PrincipalName
cname
,
Checksum
cksum
,
KerberosTime
ctime
,
...
...
@@ -474,8 +467,7 @@ public class KrbApReq {
seqno
=
new
Integer
(
seqNumber
.
current
());
authenticator
=
new
Authenticator
(
crealm
,
cname
,
new
Authenticator
(
cname
,
cksum
,
ctime
.
getMicroSeconds
(),
ctime
,
...
...
src/share/classes/sun/security/krb5/KrbAppMessage.java
浏览文件 @
b0b89f8f
...
...
@@ -48,8 +48,7 @@ abstract class KrbAppMessage {
HostAddress
rAddress
,
boolean
timestampRequired
,
boolean
seqNumberRequired
,
PrincipalName
packetPrincipal
,
Realm
packetRealm
)
PrincipalName
packetPrincipal
)
throws
KrbApErrException
{
if
(!
Krb5
.
AP_EMPTY_ADDRESSES_ALLOWED
||
sAddress
!=
null
)
{
...
...
src/share/classes/sun/security/krb5/KrbAsRep.java
浏览文件 @
b0b89f8f
...
...
@@ -152,11 +152,10 @@ class KrbAsRep extends KrbKdcRep {
DerValue
encoding
=
new
DerValue
(
enc_as_rep_part
);
EncASRepPart
enc_part
=
new
EncASRepPart
(
encoding
);
rep
.
ticket
.
sname
.
setRealm
(
rep
.
ticket
.
realm
);
rep
.
encKDCRepPart
=
enc_part
;
ASReq
req
=
asReq
.
getMessage
();
check
(
req
,
rep
);
check
(
true
,
req
,
rep
);
creds
=
new
Credentials
(
rep
.
ticket
,
...
...
src/share/classes/sun/security/krb5/KrbAsReq.java
浏览文件 @
b0b89f8f
...
...
@@ -115,10 +115,8 @@ public class KrbAsReq {
}
if
(
sname
==
null
)
{
sname
=
new
PrincipalName
(
"krbtgt"
+
PrincipalName
.
NAME_COMPONENT_SEPARATOR
+
cname
.
getRealmAsString
(),
PrincipalName
.
KRB_NT_SRV_INST
);
String
realm
=
cname
.
getRealmAsString
();
sname
=
PrincipalName
.
tgsService
(
realm
,
realm
);
}
if
(
till
==
null
)
{
...
...
@@ -128,7 +126,6 @@ public class KrbAsReq {
// enc-authorization-data and additional-tickets never in AS-REQ
KDCReqBody
kdc_req_body
=
new
KDCReqBody
(
options
,
cname
,
cname
.
getRealm
(),
sname
,
from
,
till
,
...
...
src/share/classes/sun/security/krb5/KrbAsReqBuilder.java
浏览文件 @
b0b89f8f
...
...
@@ -99,9 +99,6 @@ public final class KrbAsReqBuilder {
// Called by other constructors
private
void
init
(
PrincipalName
cname
)
throws
KrbException
{
if
(
cname
.
getRealm
()
==
null
)
{
cname
.
setRealm
(
Config
.
getInstance
().
getDefaultRealm
());
}
this
.
cname
=
cname
;
state
=
State
.
INIT
;
}
...
...
src/share/classes/sun/security/krb5/KrbCred.java
浏览文件 @
b0b89f8f
...
...
@@ -96,12 +96,11 @@ public class KrbCred {
PrincipalName
princ
=
delegatedCreds
.
getClient
();
Realm
realm
=
princ
.
getRealm
();
PrincipalName
tgService
=
delegatedCreds
.
getServer
();
Realm
tgsRealm
=
tgService
.
getRealm
();
KrbCredInfo
credInfo
=
new
KrbCredInfo
(
sessionKey
,
realm
,
KrbCredInfo
credInfo
=
new
KrbCredInfo
(
sessionKey
,
princ
,
delegatedCreds
.
flags
,
delegatedCreds
.
authTime
,
delegatedCreds
.
startTime
,
delegatedCreds
.
endTime
,
delegatedCreds
.
renewTill
,
tg
sRealm
,
tg
Service
,
delegatedCreds
.
renewTill
,
tgService
,
delegatedCreds
.
cAddr
);
timeStamp
=
new
KerberosTime
(
KerberosTime
.
NOW
);
...
...
@@ -138,19 +137,13 @@ public class KrbCred {
KrbCredInfo
credInfo
=
encPart
.
ticketInfo
[
0
];
EncryptionKey
credInfoKey
=
credInfo
.
key
;
Realm
prealm
=
credInfo
.
prealm
;
// XXX PrincipalName can store realm + principalname or
// just principal name.
PrincipalName
pname
=
credInfo
.
pname
;
pname
.
setRealm
(
prealm
);
TicketFlags
flags
=
credInfo
.
flags
;
KerberosTime
authtime
=
credInfo
.
authtime
;
KerberosTime
starttime
=
credInfo
.
starttime
;
KerberosTime
endtime
=
credInfo
.
endtime
;
KerberosTime
renewTill
=
credInfo
.
renewTill
;
Realm
srealm
=
credInfo
.
srealm
;
PrincipalName
sname
=
credInfo
.
sname
;
sname
.
setRealm
(
srealm
);
HostAddresses
caddr
=
credInfo
.
caddr
;
if
(
DEBUG
)
{
...
...
src/share/classes/sun/security/krb5/KrbException.java
浏览文件 @
b0b89f8f
...
...
@@ -45,6 +45,10 @@ public class KrbException extends Exception {
super
(
s
);
}
public
KrbException
(
Throwable
cause
)
{
super
(
cause
);
}
public
KrbException
(
int
i
)
{
returnCode
=
i
;
}
...
...
src/share/classes/sun/security/krb5/KrbKdcRep.java
浏览文件 @
b0b89f8f
...
...
@@ -35,28 +35,17 @@ import sun.security.krb5.internal.*;
abstract
class
KrbKdcRep
{
static
void
check
(
boolean
isAsReq
,
KDCReq
req
,
KDCRep
rep
)
throws
KrbApErrException
{
if
(
!
req
.
reqBody
.
cname
.
equalsWithoutRealm
(
rep
.
cname
))
{
if
(
isAsReq
&&
!
req
.
reqBody
.
cname
.
equals
(
rep
.
cname
))
{
rep
.
encKDCRepPart
.
key
.
destroy
();
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_MODIFIED
);
}
/**** XXX
if (!req.reqBody.crealm.equals(rep.crealm)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
*****/
if
(!
req
.
reqBody
.
sname
.
equalsWithoutRealm
(
rep
.
encKDCRepPart
.
sname
))
{
rep
.
encKDCRepPart
.
key
.
destroy
();
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_MODIFIED
);
}
if
(!
req
.
reqBody
.
crealm
.
equals
(
rep
.
encKDCRepPart
.
srealm
))
{
if
(!
req
.
reqBody
.
sname
.
equals
(
rep
.
encKDCRepPart
.
sname
))
{
rep
.
encKDCRepPart
.
key
.
destroy
();
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_MODIFIED
);
}
...
...
@@ -73,7 +62,6 @@ abstract class KrbKdcRep {
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_MODIFIED
);
}
for
(
int
i
=
1
;
i
<
6
;
i
++)
{
if
(
req
.
reqBody
.
kdcOptions
.
get
(
i
)
!=
rep
.
encKDCRepPart
.
flags
.
get
(
i
))
{
...
...
src/share/classes/sun/security/krb5/KrbPriv.java
浏览文件 @
b0b89f8f
...
...
@@ -89,8 +89,7 @@ class KrbPriv extends KrbAppMessage {
raddr
,
timestampRequired
,
seqNumberRequired
,
creds
.
client
,
creds
.
client
.
getRealm
()
creds
.
client
);
}
...
...
@@ -151,8 +150,7 @@ class KrbPriv extends KrbAppMessage {
HostAddress
rAddress
,
boolean
timestampRequired
,
boolean
seqNumberRequired
,
PrincipalName
cname
,
Realm
crealm
PrincipalName
cname
)
throws
Asn1Exception
,
KdcErrException
,
KrbApErrException
,
IOException
,
KrbCryptoException
{
...
...
@@ -172,8 +170,7 @@ class KrbPriv extends KrbAppMessage {
rAddress
,
timestampRequired
,
seqNumberRequired
,
cname
,
crealm
cname
);
return
enc_part
.
userData
;
...
...
src/share/classes/sun/security/krb5/KrbSafe.java
浏览文件 @
b0b89f8f
...
...
@@ -90,8 +90,7 @@ class KrbSafe extends KrbAppMessage {
raddr
,
timestampRequired
,
seqNumberRequired
,
creds
.
client
,
creds
.
client
.
getRealm
()
creds
.
client
);
}
...
...
@@ -154,8 +153,7 @@ class KrbSafe extends KrbAppMessage {
HostAddress
rAddress
,
boolean
timestampRequired
,
boolean
seqNumberRequired
,
PrincipalName
cname
,
Realm
crealm
PrincipalName
cname
)
throws
Asn1Exception
,
KdcErrException
,
KrbApErrException
,
IOException
,
KrbCryptoException
{
...
...
@@ -177,8 +175,7 @@ class KrbSafe extends KrbAppMessage {
rAddress
,
timestampRequired
,
seqNumberRequired
,
cname
,
crealm
cname
);
return
krb_safe
.
safeBody
.
userData
;
...
...
src/share/classes/sun/security/krb5/KrbTgsRep.java
浏览文件 @
b0b89f8f
...
...
@@ -82,12 +82,11 @@ public class KrbTgsRep extends KrbKdcRep {
byte
[]
enc_tgs_rep_part
=
rep
.
encPart
.
reset
(
enc_tgs_rep_bytes
);
ref
=
new
DerValue
(
enc_tgs_rep_part
);
EncTGSRepPart
enc_part
=
new
EncTGSRepPart
(
ref
);
rep
.
ticket
.
sname
.
setRealm
(
rep
.
ticket
.
realm
);
rep
.
encKDCRepPart
=
enc_part
;
check
(
req
,
rep
);
check
(
false
,
req
,
rep
);
creds
=
new
Credentials
(
rep
.
ticket
,
this
.
creds
=
new
Credentials
(
rep
.
ticket
,
req
.
reqBody
.
cname
,
rep
.
ticket
.
sname
,
enc_part
.
key
,
...
...
@@ -99,7 +98,6 @@ public class KrbTgsRep extends KrbKdcRep {
enc_part
.
caddr
);
this
.
rep
=
rep
;
this
.
creds
=
creds
;
this
.
secondTicket
=
tgsReq
.
getSecondTicket
();
}
...
...
src/share/classes/sun/security/krb5/KrbTgsReq.java
浏览文件 @
b0b89f8f
...
...
@@ -148,7 +148,6 @@ public class KrbTgsReq {
asCreds
.
key
,
ctime
,
princName
,
princName
.
getRealm
(),
servName
,
from
,
till
,
...
...
@@ -214,7 +213,6 @@ public class KrbTgsReq {
EncryptionKey
key
,
KerberosTime
ctime
,
PrincipalName
cname
,
Realm
crealm
,
PrincipalName
sname
,
KerberosTime
from
,
KerberosTime
till
,
...
...
@@ -273,8 +271,6 @@ public class KrbTgsReq {
KDCReqBody
reqBody
=
new
KDCReqBody
(
kdc_options
,
cname
,
// crealm,
sname
.
getRealm
(),
// TO
sname
,
from
,
req_till
,
...
...
@@ -315,7 +311,6 @@ public class KrbTgsReq {
new
APOptions
(),
ticket
,
key
,
crealm
,
cname
,
cksum
,
ctime
,
...
...
src/share/classes/sun/security/krb5/PrincipalName.java
浏览文件 @
b0b89f8f
...
...
@@ -38,15 +38,25 @@ import java.util.Vector;
import
java.util.Locale
;
import
java.io.IOException
;
import
java.math.BigInteger
;
import
java.util.Arrays
;
import
sun.security.krb5.internal.ccache.CCacheOutputStream
;
import
sun.security.krb5.internal.util.KerberosString
;
/**
* This class encapsulates a Kerberos principal.
* Implements the ASN.1 PrincipalName type and its realm in a single class.
* <xmp>
* Realm ::= KerberosString
*
* PrincipalName ::= SEQUENCE {
* name-type [0] Int32,
* name-string [1] SEQUENCE OF KerberosString
* }
* </xmp>
* This class is immutable.
* @see Realm
*/
public
class
PrincipalName
implements
Cloneable
{
public
class
PrincipalName
implements
Cloneable
{
//name types
...
...
@@ -80,8 +90,6 @@ public class PrincipalName
*/
public
static
final
int
KRB_NT_UID
=
5
;
/**
* TGS Name
*/
...
...
@@ -96,98 +104,109 @@ public class PrincipalName
public
static
final
String
NAME_REALM_SEPARATOR_STR
=
"@"
;
public
static
final
String
REALM_COMPONENT_SEPARATOR_STR
=
"."
;
private
int
nameType
;
private
String
[]
nameStrings
;
// Principal names don't mutate often
// Instance fields.
/**
* The name type, from PrincipalName's name-type field.
*/
private
final
int
nameType
;
/**
* The name strings, from PrincipalName's name-strings field. This field
* must be neither null nor empty. Each entry of it must also be neither
* null nor empty. Make sure to clone the field when it's passed in or out.
*/
private
final
String
[]
nameStrings
;
/**
* The realm this principal belongs to.
*/
private
final
Realm
nameRealm
;
// not null
// cached default salt, not used in clone
private
transient
String
salt
=
null
;
private
Realm
nameRealm
;
// optional; a null realm means use default
// Note: the nameRealm is not included in the default ASN.1 encoding
// There are 3 basic constructors. All other constructors must call them.
// All basic constructors must call validateNameStrings.
// 1. From name components
// 2. From name
// 3. From DER encoding
// cached salt, might be changed by KDC info, not used in clone
private
String
salt
=
null
;
/**
* Creates a PrincipalName.
*/
public
PrincipalName
(
int
nameType
,
String
[]
nameStrings
,
Realm
nameRealm
)
{
if
(
nameRealm
==
null
)
{
throw
new
IllegalArgumentException
(
"Null realm not allowed"
);
}
validateNameStrings
(
nameStrings
);
this
.
nameType
=
nameType
;
this
.
nameStrings
=
nameStrings
.
clone
();
this
.
nameRealm
=
nameRealm
;
}
protected
PrincipalName
()
{
// This method is called by Windows NativeCred.c
public
PrincipalName
(
String
[]
nameParts
,
String
realm
)
throws
RealmException
{
this
(
KRB_NT_UNKNOWN
,
nameParts
,
new
Realm
(
realm
));
}
public
PrincipalName
(
String
[]
nameParts
,
int
type
)
throws
IllegalArgumentException
,
IOException
{
if
(
nameParts
==
null
)
{
throw
new
IllegalArgumentException
(
"Null input not allowed"
);
}
nameStrings
=
new
String
[
nameParts
.
length
];
System
.
arraycopy
(
nameParts
,
0
,
nameStrings
,
0
,
nameParts
.
length
);
nameType
=
type
;
nameRealm
=
null
;
throws
IllegalArgumentException
,
RealmException
{
this
(
type
,
nameParts
,
Realm
.
getDefault
());
}
public
PrincipalName
(
String
[]
nameParts
)
throws
IOException
{
this
(
nameParts
,
KRB_NT_UNKNOWN
);
// Validate a nameStrings argument
private
static
void
validateNameStrings
(
String
[]
ns
)
{
if
(
ns
==
null
)
{
throw
new
IllegalArgumentException
(
"Null nameStrings not allowed"
);
}
if
(
ns
.
length
==
0
)
{
throw
new
IllegalArgumentException
(
"Empty nameStrings not allowed"
);
}
for
(
String
s:
ns
)
{
if
(
s
==
null
)
{
throw
new
IllegalArgumentException
(
"Null nameString not allowed"
);
}
if
(
s
.
isEmpty
())
{
throw
new
IllegalArgumentException
(
"Empty nameString not allowed"
);
}
}
}
public
Object
clone
()
{
try
{
PrincipalName
pName
=
(
PrincipalName
)
super
.
clone
();
// Re-assign mutable fields
if
(
nameStrings
!=
null
)
{
pName
.
nameStrings
=
nameStrings
.
clone
();
}
if
(
nameRealm
!=
null
)
{
pName
.
nameRealm
=
(
Realm
)
nameRealm
.
clone
();
}
UNSAFE
.
putObject
(
this
,
NAME_STRINGS_OFFSET
,
nameStrings
.
clone
());
return
pName
;
}
catch
(
CloneNotSupportedException
ex
)
{
throw
new
AssertionError
(
"Should never happen"
);
}
}
/*
* Added to workaround a bug where the equals method that takes a
* PrincipalName is not being called but Object.equals(Object) is
* being called.
*/
public
boolean
equals
(
Object
o
)
{
if
(
o
instanceof
PrincipalName
)
return
equals
((
PrincipalName
)
o
);
else
return
false
;
}
public
boolean
equals
(
PrincipalName
other
)
{
if
(!
equalsWithoutRealm
(
other
))
{
return
false
;
}
if
((
nameRealm
!=
null
&&
other
.
nameRealm
==
null
)
||
(
nameRealm
==
null
&&
other
.
nameRealm
!=
null
))
{
return
false
;
}
if
(
nameRealm
!=
null
&&
other
.
nameRealm
!=
null
)
{
if
(!
nameRealm
.
equals
(
other
.
nameRealm
))
{
return
false
;
}
private
static
final
long
NAME_STRINGS_OFFSET
;
private
static
final
sun
.
misc
.
Unsafe
UNSAFE
;
static
{
try
{
sun
.
misc
.
Unsafe
unsafe
=
sun
.
misc
.
Unsafe
.
getUnsafe
();
NAME_STRINGS_OFFSET
=
unsafe
.
objectFieldOffset
(
PrincipalName
.
class
.
getDeclaredField
(
"nameStrings"
));
UNSAFE
=
unsafe
;
}
catch
(
ReflectiveOperationException
e
)
{
throw
new
Error
(
e
);
}
return
true
;
}
boolean
equalsWithoutRealm
(
PrincipalName
other
)
{
if
((
nameStrings
!=
null
&&
other
.
nameStrings
==
null
)
||
(
nameStrings
==
null
&&
other
.
nameStrings
!=
null
))
return
false
;
if
(
nameStrings
!=
null
&&
other
.
nameStrings
!=
null
)
{
if
(
nameStrings
.
length
!=
other
.
nameStrings
.
length
)
return
false
;
for
(
int
i
=
0
;
i
<
nameStrings
.
length
;
i
++)
if
(!
nameStrings
[
i
].
equals
(
other
.
nameStrings
[
i
]))
return
false
;
@Override
public
boolean
equals
(
Object
o
)
{
if
(
this
==
o
)
{
return
true
;
}
return
true
;
if
(
o
instanceof
PrincipalName
)
{
PrincipalName
other
=
(
PrincipalName
)
o
;
return
nameRealm
.
equals
(
other
.
nameRealm
)
&&
Arrays
.
equals
(
nameStrings
,
other
.
nameStrings
);
}
return
false
;
}
/**
...
...
@@ -208,20 +227,23 @@ public class PrincipalName
* http://www.ietf.org/rfc/rfc4120.txt</a>.
*
* @param encoding a Der-encoded data.
* @param realm the realm for this name
* @exception Asn1Exception if an error occurs while decoding
* an ASN1 encoded data.
* @exception Asn1Exception if there is an ASN1 encoding error
* @exception IOException if an I/O error occurs
* @exception IllegalArgumentException if encoding is null
* reading encoded data.
*
*/
public
PrincipalName
(
DerValue
encoding
)
throws
Asn1Exception
,
IOException
{
nameRealm
=
null
;
public
PrincipalName
(
DerValue
encoding
,
Realm
realm
)
throws
Asn1Exception
,
IOException
{
if
(
realm
==
null
)
{
throw
new
IllegalArgumentException
(
"Null realm not allowed"
);
}
nameRealm
=
realm
;
DerValue
der
;
if
(
encoding
==
null
)
{
throw
new
IllegalArgumentException
(
"Null
input
not allowed"
);
throw
new
IllegalArgumentException
(
"Null
encoding
not allowed"
);
}
if
(
encoding
.
getTag
()
!=
DerValue
.
tag_Sequence
)
{
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
...
...
@@ -243,14 +265,12 @@ public class PrincipalName
DerValue
subSubDer
;
while
(
subDer
.
getData
().
available
()
>
0
)
{
subSubDer
=
subDer
.
getData
().
getDerValue
();
v
.
addElement
(
new
KerberosString
(
subSubDer
).
toString
());
}
if
(
v
.
size
()
>
0
)
{
nameStrings
=
new
String
[
v
.
size
()];
v
.
copyInto
(
nameStrings
);
}
else
{
nameStrings
=
new
String
[]
{
""
};
String
namePart
=
new
KerberosString
(
subSubDer
).
toString
();
v
.
addElement
(
namePart
);
}
nameStrings
=
new
String
[
v
.
size
()];
v
.
copyInto
(
nameStrings
);
validateNameStrings
(
nameStrings
);
}
else
{
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
}
...
...
@@ -267,32 +287,35 @@ public class PrincipalName
* more marshaled value.
* @param explicitTag tag number.
* @param optional indicate if this data field is optional
* @return an instance of <code>PrincipalName</code>.
*
* @param realm the realm for the name
* @return an instance of <code>PrincipalName</code>, or null if the
* field is optional and missing.
*/
public
static
PrincipalName
parse
(
DerInputStream
data
,
byte
explicitTag
,
boolean
optional
)
throws
Asn1Exception
,
IOException
{
optional
,
Realm
realm
)
throws
Asn1Exception
,
IOException
,
RealmException
{
if
((
optional
)
&&
(((
byte
)
data
.
peekByte
()
&
(
byte
)
0x1F
)
!=
explicitTag
))
return
null
;
DerValue
der
=
data
.
getDerValue
();
if
(
explicitTag
!=
(
der
.
getTag
()
&
(
byte
)
0x1F
))
if
(
explicitTag
!=
(
der
.
getTag
()
&
(
byte
)
0x1F
))
{
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
else
{
}
else
{
DerValue
subDer
=
der
.
getData
().
getDerValue
();
return
new
PrincipalName
(
subDer
);
if
(
realm
==
null
)
{
realm
=
Realm
.
getDefault
();
}
return
new
PrincipalName
(
subDer
,
realm
);
}
}
// This is protected because the definition of a principal
// string is fixed
// XXX Error checkin consistent with MIT krb5_parse_name
// Code repetition, realm parsed again by class Realm
pr
otected
static
String
[]
parseName
(
String
name
)
{
pr
ivate
static
String
[]
parseName
(
String
name
)
{
Vector
<
String
>
tempStrings
=
new
Vector
<>();
String
temp
=
name
;
...
...
@@ -312,13 +335,13 @@ public class PrincipalName
continue
;
}
else
{
if
(
componentStart
<
i
)
{
if
(
componentStart
<
=
i
)
{
component
=
temp
.
substring
(
componentStart
,
i
);
tempStrings
.
addElement
(
component
);
}
componentStart
=
i
+
1
;
}
}
else
}
else
{
if
(
temp
.
charAt
(
i
)
==
NAME_REALM_SEPARATOR
)
{
/*
* If this separator is escaped then don't treat it
...
...
@@ -337,11 +360,11 @@ public class PrincipalName
break
;
}
}
}
i
++;
}
if
(
i
==
temp
.
length
())
if
(
componentStart
<
i
)
{
if
(
i
==
temp
.
length
())
{
component
=
temp
.
substring
(
componentStart
,
i
);
tempStrings
.
addElement
(
component
);
}
...
...
@@ -351,30 +374,26 @@ public class PrincipalName
return
result
;
}
public
PrincipalName
(
String
name
,
int
type
)
throws
RealmException
{
/**
* Constructs a PrincipalName from a string.
* @param name the name
* @param type the type
* @param realm the realm, null if not known. Note that when realm is not
* null, it will be always used even if there is a realm part in name. When
* realm is null, will read realm part from name, or try to map a realm
* (for KRB_NT_SRV_HST), or use the default realm, or fail
* @throws RealmException
*/
public
PrincipalName
(
String
name
,
int
type
,
String
realm
)
throws
RealmException
{
if
(
name
==
null
)
{
throw
new
IllegalArgumentException
(
"Null name not allowed"
);
}
String
[]
nameParts
=
parseName
(
name
);
Realm
tempRealm
=
null
;
String
realmString
=
Realm
.
parseRealmAtSeparator
(
name
);
if
(
realmString
==
null
)
{
try
{
Config
config
=
Config
.
getInstance
();
realmString
=
config
.
getDefaultRealm
();
}
catch
(
KrbException
e
)
{
RealmException
re
=
new
RealmException
(
e
.
getMessage
());
re
.
initCause
(
e
);
throw
re
;
}
validateNameStrings
(
nameParts
);
if
(
realm
==
null
)
{
realm
=
Realm
.
parseRealmAtSeparator
(
name
);
}
if
(
realmString
!=
null
)
tempRealm
=
new
Realm
(
realmString
);
switch
(
type
)
{
case
KRB_NT_SRV_HST:
if
(
nameParts
.
length
>=
2
)
{
...
...
@@ -401,18 +420,22 @@ public class PrincipalName
}
nameStrings
=
nameParts
;
nameType
=
type
;
if
(
realm
!=
null
)
{
nameRealm
=
new
Realm
(
realm
);
}
else
{
// We will try to get realm name from the mapping in
// the configuration. If it is not specified
// we will use the default realm. This nametype does
// not allow a realm to be specified. The name string must of
// the form service@host and this is internally changed into
// service/host by Kerberos
String
mapRealm
=
mapHostToRealm
(
nameParts
[
1
]);
if
(
mapRealm
!=
null
)
{
nameRealm
=
new
Realm
(
mapRealm
);
}
else
{
nameRealm
=
tempRealm
;
String
mapRealm
=
mapHostToRealm
(
nameParts
[
1
]);
if
(
mapRealm
!=
null
)
{
nameRealm
=
new
Realm
(
mapRealm
);
}
else
{
nameRealm
=
Realm
.
getDefault
();
}
}
break
;
case
KRB_NT_UNKNOWN:
...
...
@@ -422,20 +445,34 @@ public class PrincipalName
case
KRB_NT_UID:
nameStrings
=
nameParts
;
nameType
=
type
;
nameRealm
=
tempRealm
;
if
(
realm
!=
null
)
{
nameRealm
=
new
Realm
(
realm
);
}
else
{
nameRealm
=
Realm
.
getDefault
();
}
break
;
default
:
throw
new
IllegalArgumentException
(
"Illegal name type"
);
}
}
public
PrincipalName
(
String
name
,
int
type
)
throws
RealmException
{
this
(
name
,
type
,
(
String
)
null
);
}
public
PrincipalName
(
String
name
)
throws
RealmException
{
this
(
name
,
KRB_NT_UNKNOWN
);
}
public
PrincipalName
(
String
name
,
String
realm
)
throws
RealmException
{
this
(
name
,
KRB_NT_UNKNOWN
);
nameRealm
=
new
Realm
(
realm
);
this
(
name
,
KRB_NT_UNKNOWN
,
realm
);
}
public
static
PrincipalName
tgsService
(
String
r1
,
String
r2
)
throws
KrbException
{
return
new
PrincipalName
(
PrincipalName
.
KRB_NT_SRV_INST
,
new
String
[]
{
PrincipalName
.
TGS_DEFAULT_SRV_NAME
,
r1
},
new
Realm
(
r2
));
}
public
String
getRealmAsString
()
{
...
...
@@ -475,29 +512,17 @@ public class PrincipalName
}
public
String
getRealmString
()
{
if
(
nameRealm
!=
null
)
return
nameRealm
.
toString
();
return
null
;
return
nameRealm
.
toString
();
}
public
Realm
getRealm
()
{
return
nameRealm
;
}
public
void
setRealm
(
Realm
new_nameRealm
)
throws
RealmException
{
nameRealm
=
new_nameRealm
;
}
public
void
setRealm
(
String
realmsString
)
throws
RealmException
{
nameRealm
=
new
Realm
(
realmsString
);
}
public
String
getSalt
()
{
if
(
salt
==
null
)
{
StringBuffer
salt
=
new
StringBuffer
();
if
(
nameRealm
!=
null
)
{
salt
.
append
(
nameRealm
.
toString
());
}
salt
.
append
(
nameRealm
.
toString
());
for
(
int
i
=
0
;
i
<
nameStrings
.
length
;
i
++)
{
salt
.
append
(
nameStrings
[
i
]);
}
...
...
@@ -513,11 +538,8 @@ public class PrincipalName
str
.
append
(
"/"
);
str
.
append
(
nameStrings
[
i
]);
}
if
(
nameRealm
!=
null
)
{
str
.
append
(
"@"
);
str
.
append
(
nameRealm
.
toString
());
}
str
.
append
(
"@"
);
str
.
append
(
nameRealm
.
toString
());
return
str
.
toString
();
}
...
...
@@ -532,7 +554,8 @@ public class PrincipalName
}
/**
* Encodes a <code>PrincipalName</code> object.
* Encodes a <code>PrincipalName</code> object. Note that only the type and
* names are encoded. To encode the realm, call getRealm().asn1Encode().
* @return the byte array of the encoded PrncipalName object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
...
...
@@ -597,12 +620,10 @@ public class PrincipalName
public
void
writePrincipal
(
CCacheOutputStream
cos
)
throws
IOException
{
cos
.
write32
(
nameType
);
cos
.
write32
(
nameStrings
.
length
);
if
(
nameRealm
!=
null
)
{
byte
[]
realmBytes
=
null
;
realmBytes
=
nameRealm
.
toString
().
getBytes
();
cos
.
write32
(
realmBytes
.
length
);
cos
.
write
(
realmBytes
,
0
,
realmBytes
.
length
);
}
byte
[]
realmBytes
=
null
;
realmBytes
=
nameRealm
.
toString
().
getBytes
();
cos
.
write32
(
realmBytes
.
length
);
cos
.
write
(
realmBytes
,
0
,
realmBytes
.
length
);
byte
[]
bytes
=
null
;
for
(
int
i
=
0
;
i
<
nameStrings
.
length
;
i
++)
{
bytes
=
nameStrings
[
i
].
getBytes
();
...
...
@@ -611,31 +632,6 @@ public class PrincipalName
}
}
/**
* Creates a KRB_NT_SRV_INST name from the supplied
* name components and realm.
* @param primary the primary component of the name
* @param instance the instance component of the name
* @param realm the realm
* @throws KrbException
*/
protected
PrincipalName
(
String
primary
,
String
instance
,
String
realm
,
int
type
)
throws
KrbException
{
if
(
type
!=
KRB_NT_SRV_INST
)
{
throw
new
KrbException
(
Krb5
.
KRB_ERR_GENERIC
,
"Bad name type"
);
}
String
[]
nParts
=
new
String
[
2
];
nParts
[
0
]
=
primary
;
nParts
[
1
]
=
instance
;
this
.
nameStrings
=
nParts
;
this
.
nameRealm
=
new
Realm
(
realm
);
this
.
nameType
=
type
;
}
/**
* Returns the instance component of a name.
* In a multi-component name such as a KRB_NT_SRV_INST
...
...
src/share/classes/sun/security/krb5/Realm.java
浏览文件 @
b0b89f8f
...
...
@@ -46,24 +46,29 @@ import sun.security.krb5.internal.util.KerberosString;
* <xmp>
* Realm ::= GeneralString
* </xmp>
* This class is immutable.
*/
public
class
Realm
implements
Cloneable
{
private
String
realm
;
private
final
String
realm
;
// not null nor empty
private
static
boolean
DEBUG
=
Krb5
.
DEBUG
;
private
Realm
()
{
}
public
Realm
(
String
name
)
throws
RealmException
{
realm
=
parseRealm
(
name
);
}
public
Object
clone
()
{
Realm
new_realm
=
new
Realm
();
if
(
realm
!=
null
)
{
new_realm
.
realm
=
new
String
(
realm
);
public
static
Realm
getDefault
()
throws
RealmException
{
try
{
return
new
Realm
(
Config
.
getInstance
().
getDefaultRealm
());
}
catch
(
RealmException
re
)
{
throw
re
;
}
catch
(
KrbException
ke
)
{
throw
new
RealmException
(
ke
);
}
return
new_realm
;
}
// Immutable class, no need to clone
public
Object
clone
()
{
return
this
;
}
public
boolean
equals
(
Object
obj
)
{
...
...
@@ -76,21 +81,11 @@ public class Realm implements Cloneable {
}
Realm
that
=
(
Realm
)
obj
;
if
(
this
.
realm
!=
null
&&
that
.
realm
!=
null
)
{
return
this
.
realm
.
equals
(
that
.
realm
);
}
else
{
return
(
this
.
realm
==
null
&&
that
.
realm
==
null
);
}
return
this
.
realm
.
equals
(
that
.
realm
);
}
public
int
hashCode
()
{
int
result
=
17
;
if
(
realm
!=
null
)
{
result
=
37
*
result
+
realm
.
hashCode
();
}
return
result
;
return
realm
.
hashCode
();
}
/**
...
...
@@ -116,6 +111,7 @@ public class Realm implements Cloneable {
return
realm
;
}
// Extract realm from a string like dummy@REALM
public
static
String
parseRealmAtSeparator
(
String
name
)
throws
RealmException
{
if
(
name
==
null
)
{
...
...
@@ -128,8 +124,12 @@ public class Realm implements Cloneable {
while
(
i
<
temp
.
length
())
{
if
(
temp
.
charAt
(
i
)
==
PrincipalName
.
NAME_REALM_SEPARATOR
)
{
if
(
i
==
0
||
temp
.
charAt
(
i
-
1
)
!=
'\\'
)
{
if
(
i
+
1
<
temp
.
length
())
if
(
i
+
1
<
temp
.
length
())
{
result
=
temp
.
substring
(
i
+
1
,
temp
.
length
());
}
else
{
throw
new
IllegalArgumentException
(
"empty realm part not allowed"
);
}
break
;
}
}
...
...
@@ -219,7 +219,8 @@ public class Realm implements Cloneable {
* @return an instance of Realm.
*
*/
public
static
Realm
parse
(
DerInputStream
data
,
byte
explicitTag
,
boolean
optional
)
throws
Asn1Exception
,
IOException
,
RealmException
{
public
static
Realm
parse
(
DerInputStream
data
,
byte
explicitTag
,
boolean
optional
)
throws
Asn1Exception
,
IOException
,
RealmException
{
if
((
optional
)
&&
(((
byte
)
data
.
peekByte
()
&
(
byte
)
0x1F
)
!=
explicitTag
))
{
return
null
;
}
...
...
src/share/classes/sun/security/krb5/RealmException.java
浏览文件 @
b0b89f8f
...
...
@@ -47,4 +47,7 @@ public class RealmException extends KrbException {
super
(
i
,
s
);
}
public
RealmException
(
Throwable
cause
)
{
super
(
cause
);
}
}
src/share/classes/sun/security/krb5/ServiceName.java
已删除
100644 → 0
浏览文件 @
89d4b110
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
*
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
* Copyright 1997 The Open Group Research Institute. All rights reserved.
*/
package
sun.security.krb5
;
import
java.net.InetAddress
;
import
java.net.UnknownHostException
;
public
class
ServiceName
extends
PrincipalName
{
public
ServiceName
(
String
name
,
int
type
)
throws
RealmException
{
super
(
name
,
type
);
}
public
ServiceName
(
String
name
)
throws
RealmException
{
this
(
name
,
PrincipalName
.
KRB_NT_UNKNOWN
);
}
public
ServiceName
(
String
name
,
String
realm
)
throws
RealmException
{
this
(
name
,
PrincipalName
.
KRB_NT_UNKNOWN
);
setRealm
(
realm
);
}
public
ServiceName
(
String
service
,
String
instance
,
String
realm
)
throws
KrbException
{
super
(
service
,
instance
,
realm
,
PrincipalName
.
KRB_NT_SRV_INST
);
}
}
src/share/classes/sun/security/krb5/internal/ASRep.java
浏览文件 @
b0b89f8f
...
...
@@ -42,11 +42,10 @@ public class ASRep extends KDCRep {
public
ASRep
(
PAData
[]
new_pAData
,
Realm
new_crealm
,
PrincipalName
new_cname
,
Ticket
new_ticket
,
EncryptedData
new_encPart
)
throws
IOException
{
super
(
new_pAData
,
new_c
realm
,
new_c
name
,
new_ticket
,
super
(
new_pAData
,
new_cname
,
new_ticket
,
new_encPart
,
Krb5
.
KRB_AS_REP
);
}
...
...
src/share/classes/sun/security/krb5/internal/Authenticator.java
浏览文件 @
b0b89f8f
...
...
@@ -61,7 +61,6 @@ import java.math.BigInteger;
public
class
Authenticator
{
public
int
authenticator_vno
;
public
Realm
crealm
;
public
PrincipalName
cname
;
Checksum
cksum
;
//optional
public
int
cusec
;
...
...
@@ -71,7 +70,6 @@ public class Authenticator {
public
AuthorizationData
authorizationData
;
//optional
public
Authenticator
(
Realm
new_crealm
,
PrincipalName
new_cname
,
Checksum
new_cksum
,
int
new_cusec
,
...
...
@@ -80,7 +78,6 @@ public class Authenticator {
Integer
new_seqNumber
,
AuthorizationData
new_authorizationData
)
{
authenticator_vno
=
Krb5
.
AUTHNETICATOR_VNO
;
crealm
=
new_crealm
;
cname
=
new_cname
;
cksum
=
new_cksum
;
cusec
=
new_cusec
;
...
...
@@ -131,8 +128,8 @@ public class Authenticator {
if
(
authenticator_vno
!=
5
)
{
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_BADVERSION
);
}
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x01
,
false
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x02
,
false
);
Realm
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x01
,
false
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x02
,
false
,
crealm
);
cksum
=
Checksum
.
parse
(
der
.
getData
(),
(
byte
)
0x03
,
true
);
subDer
=
der
.
getData
().
getDerValue
();
if
((
subDer
.
getTag
()
&
(
byte
)
0x1F
)
==
0x04
)
{
...
...
@@ -180,7 +177,7 @@ public class Authenticator {
DerOutputStream
temp
=
new
DerOutputStream
();
temp
.
putInteger
(
BigInteger
.
valueOf
(
authenticator_vno
));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x00
),
temp
.
toByteArray
()));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
c
realm
.
asn1Encode
()));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
c
name
.
getRealm
()
.
asn1Encode
()));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
cname
.
asn1Encode
()));
if
(
cksum
!=
null
)
{
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x03
),
cksum
.
asn1Encode
()));
...
...
src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
浏览文件 @
b0b89f8f
...
...
@@ -72,23 +72,9 @@ rs.
public
static
Credentials
acquireServiceCreds
(
String
service
,
Credentials
ccreds
)
throws
KrbException
,
IOException
{
ServiceName
sname
=
new
Service
Name
(
service
);
PrincipalName
sname
=
new
Principal
Name
(
service
);
String
serviceRealm
=
sname
.
getRealmString
();
String
localRealm
=
ccreds
.
getClient
().
getRealmString
();
String
defaultRealm
=
Config
.
getInstance
().
getDefaultRealm
();
if
(
localRealm
==
null
)
{
PrincipalName
temp
=
null
;
if
((
temp
=
ccreds
.
getServer
())
!=
null
)
localRealm
=
temp
.
getRealmString
();
}
if
(
localRealm
==
null
)
{
localRealm
=
defaultRealm
;
}
if
(
serviceRealm
==
null
)
{
serviceRealm
=
localRealm
;
sname
.
setRealm
(
serviceRealm
);
}
/*
if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
...
...
@@ -128,13 +114,12 @@ rs.
int
i
=
0
,
k
=
0
;
Credentials
cTgt
=
null
,
newTgt
=
null
,
theTgt
=
null
;
Service
Name
tempService
=
null
;
Principal
Name
tempService
=
null
;
String
realm
=
null
,
newTgtRealm
=
null
,
theTgtRealm
=
null
;
for
(
cTgt
=
ccreds
,
i
=
0
;
i
<
realms
.
length
;)
{
tempService
=
new
ServiceName
(
PrincipalName
.
TGS_DEFAULT_SRV_NAME
,
serviceRealm
,
realms
[
i
]);
tempService
=
PrincipalName
.
tgsService
(
serviceRealm
,
realms
[
i
]);
if
(
DEBUG
)
{
...
...
@@ -164,9 +149,7 @@ rs.
newTgt
==
null
&&
k
>
i
;
k
--)
{
tempService
=
new
ServiceName
(
PrincipalName
.
TGS_DEFAULT_SRV_NAME
,
realms
[
k
],
realms
[
i
]);
tempService
=
PrincipalName
.
tgsService
(
realms
[
k
],
realms
[
i
]);
if
(
DEBUG
)
{
System
.
out
.
println
(
">>> Credentials acquireServiceCreds: inner loop: ["
+
k
+
"] tempService="
+
tempService
);
...
...
@@ -306,7 +289,7 @@ rs.
* This method does the real job to request the service credential.
*/
private
static
Credentials
serviceCreds
(
Service
Name
service
,
Credentials
ccreds
)
Principal
Name
service
,
Credentials
ccreds
)
throws
KrbException
,
IOException
{
return
new
KrbTgsReq
(
ccreds
,
service
).
sendAndGetCreds
();
}
...
...
src/share/classes/sun/security/krb5/internal/EncASRepPart.java
浏览文件 @
b0b89f8f
...
...
@@ -46,7 +46,6 @@ public class EncASRepPart extends EncKDCRepPart {
KerberosTime
new_starttime
,
KerberosTime
new_endtime
,
KerberosTime
new_renewTill
,
Realm
new_srealm
,
PrincipalName
new_sname
,
HostAddresses
new_caddr
)
{
super
(
...
...
@@ -59,7 +58,6 @@ public class EncASRepPart extends EncKDCRepPart {
new_starttime
,
new_endtime
,
new_renewTill
,
new_srealm
,
new_sname
,
new_caddr
,
Krb5
.
KRB_ENC_AS_REP_PART
...
...
src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
浏览文件 @
b0b89f8f
...
...
@@ -74,7 +74,6 @@ public class EncKDCRepPart {
public
KerberosTime
starttime
;
//optional
public
KerberosTime
endtime
;
public
KerberosTime
renewTill
;
//optional
public
Realm
srealm
;
public
PrincipalName
sname
;
public
HostAddresses
caddr
;
//optional
public
int
msgType
;
//not included in sequence
...
...
@@ -89,7 +88,6 @@ public class EncKDCRepPart {
KerberosTime
new_starttime
,
KerberosTime
new_endtime
,
KerberosTime
new_renewTill
,
Realm
new_srealm
,
PrincipalName
new_sname
,
HostAddresses
new_caddr
,
int
new_msgType
)
{
...
...
@@ -102,7 +100,6 @@ public class EncKDCRepPart {
starttime
=
new_starttime
;
endtime
=
new_endtime
;
renewTill
=
new_renewTill
;
srealm
=
new_srealm
;
sname
=
new_sname
;
caddr
=
new_caddr
;
msgType
=
new_msgType
;
...
...
@@ -158,8 +155,8 @@ public class EncKDCRepPart {
starttime
=
KerberosTime
.
parse
(
der
.
getData
(),
(
byte
)
0x06
,
true
);
endtime
=
KerberosTime
.
parse
(
der
.
getData
(),
(
byte
)
0x07
,
false
);
renewTill
=
KerberosTime
.
parse
(
der
.
getData
(),
(
byte
)
0x08
,
true
);
srealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x09
,
false
);
sname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x0A
,
false
);
Realm
srealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x09
,
false
);
sname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x0A
,
false
,
srealm
);
if
(
der
.
getData
().
available
()
>
0
)
{
caddr
=
HostAddresses
.
parse
(
der
.
getData
(),
(
byte
)
0x0B
,
true
);
}
...
...
@@ -206,7 +203,7 @@ public class EncKDCRepPart {
true
,
(
byte
)
0x08
),
renewTill
.
asn1Encode
());
}
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x09
),
s
realm
.
asn1Encode
());
true
,
(
byte
)
0x09
),
s
name
.
getRealm
()
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x0A
),
sname
.
asn1Encode
());
if
(
caddr
!=
null
)
{
...
...
src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java
浏览文件 @
b0b89f8f
...
...
@@ -45,7 +45,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
KerberosTime
new_starttime
,
KerberosTime
new_endtime
,
KerberosTime
new_renewTill
,
Realm
new_srealm
,
PrincipalName
new_sname
,
HostAddresses
new_caddr
)
{
super
(
...
...
@@ -58,7 +57,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
new_starttime
,
new_endtime
,
new_renewTill
,
new_srealm
,
new_sname
,
new_caddr
,
Krb5
.
KRB_ENC_TGS_REP_PART
);
...
...
src/share/classes/sun/security/krb5/internal/EncTicketPart.java
浏览文件 @
b0b89f8f
...
...
@@ -65,7 +65,6 @@ public class EncTicketPart {
public
TicketFlags
flags
;
public
EncryptionKey
key
;
public
Realm
crealm
;
public
PrincipalName
cname
;
public
TransitedEncoding
transited
;
public
KerberosTime
authtime
;
...
...
@@ -78,7 +77,6 @@ public class EncTicketPart {
public
EncTicketPart
(
TicketFlags
new_flags
,
EncryptionKey
new_key
,
Realm
new_crealm
,
PrincipalName
new_cname
,
TransitedEncoding
new_transited
,
KerberosTime
new_authtime
,
...
...
@@ -89,7 +87,6 @@ public class EncTicketPart {
AuthorizationData
new_authorizationData
)
{
flags
=
new_flags
;
key
=
new_key
;
crealm
=
new_crealm
;
cname
=
new_cname
;
transited
=
new_transited
;
authtime
=
new_authtime
;
...
...
@@ -151,8 +148,8 @@ public class EncTicketPart {
}
flags
=
TicketFlags
.
parse
(
der
.
getData
(),
(
byte
)
0x00
,
false
);
key
=
EncryptionKey
.
parse
(
der
.
getData
(),
(
byte
)
0x01
,
false
);
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x02
,
false
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x03
,
false
);
Realm
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x02
,
false
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x03
,
false
,
crealm
);
transited
=
TransitedEncoding
.
parse
(
der
.
getData
(),
(
byte
)
0x04
,
false
);
authtime
=
KerberosTime
.
parse
(
der
.
getData
(),
(
byte
)
0x05
,
false
);
starttime
=
KerberosTime
.
parse
(
der
.
getData
(),
(
byte
)
0x06
,
true
);
...
...
@@ -186,7 +183,7 @@ public class EncTicketPart {
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
key
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
c
realm
.
asn1Encode
());
true
,
(
byte
)
0x02
),
c
name
.
getRealm
()
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x03
),
cname
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
...
...
src/share/classes/sun/security/krb5/internal/KDCRep.java
浏览文件 @
b0b89f8f
...
...
@@ -61,7 +61,6 @@ import java.math.BigInteger;
*/
public
class
KDCRep
{
public
Realm
crealm
;
public
PrincipalName
cname
;
public
Ticket
ticket
;
public
EncryptedData
encPart
;
...
...
@@ -73,7 +72,6 @@ public class KDCRep {
public
KDCRep
(
PAData
[]
new_pAData
,
Realm
new_crealm
,
PrincipalName
new_cname
,
Ticket
new_ticket
,
EncryptedData
new_encPart
,
...
...
@@ -90,7 +88,6 @@ public class KDCRep {
}
}
}
crealm
=
new_crealm
;
cname
=
new_cname
;
ticket
=
new_ticket
;
encPart
=
new_encPart
;
...
...
@@ -174,8 +171,8 @@ public class KDCRep {
}
else
{
pAData
=
null
;
}
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x03
,
false
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x04
,
false
);
Realm
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x03
,
false
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x04
,
false
,
crealm
);
ticket
=
Ticket
.
parse
(
der
.
getData
(),
(
byte
)
0x05
,
false
);
encPart
=
EncryptedData
.
parse
(
der
.
getData
(),
(
byte
)
0x06
,
false
);
if
(
der
.
getData
().
available
()
>
0
)
{
...
...
@@ -212,7 +209,7 @@ public class KDCRep {
true
,
(
byte
)
0x02
),
temp
);
}
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x03
),
c
realm
.
asn1Encode
());
true
,
(
byte
)
0x03
),
c
name
.
getRealm
()
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x04
),
cname
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
...
...
src/share/classes/sun/security/krb5/internal/KDCReqBody.java
浏览文件 @
b0b89f8f
...
...
@@ -72,7 +72,6 @@ import java.math.BigInteger;
public
class
KDCReqBody
{
public
KDCOptions
kdcOptions
;
public
PrincipalName
cname
;
//optional in ASReq only
public
Realm
crealm
;
public
PrincipalName
sname
;
//optional
public
KerberosTime
from
;
//optional
public
KerberosTime
till
;
...
...
@@ -87,7 +86,6 @@ public class KDCReqBody {
public
KDCReqBody
(
KDCOptions
new_kdcOptions
,
PrincipalName
new_cname
,
//optional in ASReq only
Realm
new_crealm
,
PrincipalName
new_sname
,
//optional
KerberosTime
new_from
,
//optional
KerberosTime
new_till
,
...
...
@@ -100,7 +98,6 @@ public class KDCReqBody {
)
throws
IOException
{
kdcOptions
=
new_kdcOptions
;
cname
=
new_cname
;
crealm
=
new_crealm
;
sname
=
new_sname
;
from
=
new_from
;
till
=
new_till
;
...
...
@@ -142,12 +139,22 @@ public class KDCReqBody {
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
}
kdcOptions
=
KDCOptions
.
parse
(
encoding
.
getData
(),
(
byte
)
0x00
,
false
);
cname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x01
,
true
);
// cname only appears in AS-REQ and it shares the realm field with
// sname. This is the only place where realm comes after the name.
// We first give cname a fake realm and reassign it the correct
// realm after the realm field is read.
cname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x01
,
true
,
new
Realm
(
"PLACEHOLDER"
));
if
((
msgType
!=
Krb5
.
KRB_AS_REQ
)
&&
(
cname
!=
null
))
{
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
}
crealm
=
Realm
.
parse
(
encoding
.
getData
(),
(
byte
)
0x02
,
false
);
sname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x03
,
true
);
Realm
realm
=
Realm
.
parse
(
encoding
.
getData
(),
(
byte
)
0x02
,
false
);
if
(
cname
!=
null
)
{
cname
=
new
PrincipalName
(
cname
.
getNameType
(),
cname
.
getNameStrings
(),
realm
);
}
sname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x03
,
true
,
realm
);
from
=
KerberosTime
.
parse
(
encoding
.
getData
(),
(
byte
)
0x04
,
true
);
till
=
KerberosTime
.
parse
(
encoding
.
getData
(),
(
byte
)
0x05
,
false
);
rtime
=
KerberosTime
.
parse
(
encoding
.
getData
(),
(
byte
)
0x06
,
true
);
...
...
@@ -223,9 +230,11 @@ public class KDCReqBody {
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
cname
.
asn1Encode
()));
}
}
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
crealm
.
asn1Encode
()));
if
(
sname
!=
null
)
{
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
sname
.
getRealm
().
asn1Encode
()));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x03
),
sname
.
asn1Encode
()));
}
else
if
(
cname
!=
null
)
{
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
cname
.
getRealm
().
asn1Encode
()));
}
if
(
from
!=
null
)
{
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x04
),
from
.
asn1Encode
()));
...
...
src/share/classes/sun/security/krb5/internal/KRBError.java
浏览文件 @
b0b89f8f
...
...
@@ -90,9 +90,7 @@ public class KRBError implements java.io.Serializable {
private
KerberosTime
sTime
;
private
Integer
suSec
;
private
int
errorCode
;
private
Realm
crealm
;
//optional
private
PrincipalName
cname
;
//optional
private
Realm
realm
;
private
PrincipalName
sname
;
private
String
eText
;
//optional
private
byte
[]
eData
;
//optional
...
...
@@ -128,9 +126,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime
new_sTime
,
Integer
new_suSec
,
int
new_errorCode
,
Realm
new_crealm
,
PrincipalName
new_cname
,
Realm
new_realm
,
PrincipalName
new_sname
,
String
new_eText
,
byte
[]
new_eData
...
...
@@ -142,9 +138,7 @@ public class KRBError implements java.io.Serializable {
sTime
=
new_sTime
;
suSec
=
new_suSec
;
errorCode
=
new_errorCode
;
crealm
=
new_crealm
;
cname
=
new_cname
;
realm
=
new_realm
;
sname
=
new_sname
;
eText
=
new_eText
;
eData
=
new_eData
;
...
...
@@ -159,9 +153,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime
new_sTime
,
Integer
new_suSec
,
int
new_errorCode
,
Realm
new_crealm
,
PrincipalName
new_cname
,
Realm
new_realm
,
PrincipalName
new_sname
,
String
new_eText
,
byte
[]
new_eData
,
...
...
@@ -174,9 +166,7 @@ public class KRBError implements java.io.Serializable {
sTime
=
new_sTime
;
suSec
=
new_suSec
;
errorCode
=
new_errorCode
;
crealm
=
new_crealm
;
cname
=
new_cname
;
realm
=
new_realm
;
sname
=
new_sname
;
eText
=
new_eText
;
eData
=
new_eData
;
...
...
@@ -359,10 +349,10 @@ public class KRBError implements java.io.Serializable {
errorCode
=
subDer
.
getData
().
getBigInteger
().
intValue
();
}
else
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x07
,
true
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x08
,
true
);
realm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x09
,
false
);
sname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x0A
,
false
);
Realm
crealm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x07
,
true
);
cname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x08
,
true
,
crealm
);
Realm
realm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x09
,
false
);
sname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x0A
,
false
,
realm
);
eText
=
null
;
eData
=
null
;
eCksum
=
null
;
...
...
@@ -403,15 +393,9 @@ public class KRBError implements java.io.Serializable {
System
.
out
.
println
(
"\t suSec is "
+
suSec
);
System
.
out
.
println
(
"\t error code is "
+
errorCode
);
System
.
out
.
println
(
"\t error Message is "
+
Krb5
.
getErrorMessage
(
errorCode
));
if
(
crealm
!=
null
)
{
System
.
out
.
println
(
"\t crealm is "
+
crealm
.
toString
());
}
if
(
cname
!=
null
)
{
System
.
out
.
println
(
"\t cname is "
+
cname
.
toString
());
}
if
(
realm
!=
null
)
{
System
.
out
.
println
(
"\t realm is "
+
realm
.
toString
());
}
if
(
sname
!=
null
)
{
System
.
out
.
println
(
"\t sname is "
+
sname
.
toString
());
}
...
...
@@ -458,14 +442,12 @@ public class KRBError implements java.io.Serializable {
temp
.
putInteger
(
BigInteger
.
valueOf
(
errorCode
));
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x06
),
temp
);
if
(
crealm
!=
null
)
{
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x07
),
crealm
.
asn1Encode
());
}
if
(
cname
!=
null
)
{
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x07
),
cname
.
getRealm
().
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x08
),
cname
.
asn1Encode
());
}
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x09
),
realm
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x09
),
sname
.
getRealm
()
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x0A
),
sname
.
asn1Encode
());
if
(
eText
!=
null
)
{
...
...
@@ -506,9 +488,7 @@ public class KRBError implements java.io.Serializable {
isEqual
(
sTime
,
other
.
sTime
)
&&
isEqual
(
suSec
,
other
.
suSec
)
&&
errorCode
==
other
.
errorCode
&&
isEqual
(
crealm
,
other
.
crealm
)
&&
isEqual
(
cname
,
other
.
cname
)
&&
isEqual
(
realm
,
other
.
realm
)
&&
isEqual
(
sname
,
other
.
sname
)
&&
isEqual
(
eText
,
other
.
eText
)
&&
java
.
util
.
Arrays
.
equals
(
eData
,
other
.
eData
)
&&
...
...
@@ -528,9 +508,7 @@ public class KRBError implements java.io.Serializable {
if
(
sTime
!=
null
)
result
=
37
*
result
+
sTime
.
hashCode
();
if
(
suSec
!=
null
)
result
=
37
*
result
+
suSec
.
hashCode
();
result
=
37
*
result
+
errorCode
;
if
(
crealm
!=
null
)
result
=
37
*
result
+
crealm
.
hashCode
();
if
(
cname
!=
null
)
result
=
37
*
result
+
cname
.
hashCode
();
if
(
realm
!=
null
)
result
=
37
*
result
+
realm
.
hashCode
();
if
(
sname
!=
null
)
result
=
37
*
result
+
sname
.
hashCode
();
if
(
eText
!=
null
)
result
=
37
*
result
+
eText
.
hashCode
();
result
=
37
*
result
+
Arrays
.
hashCode
(
eData
);
...
...
src/share/classes/sun/security/krb5/internal/KrbCredInfo.java
浏览文件 @
b0b89f8f
...
...
@@ -63,14 +63,12 @@ import java.io.IOException;
public
class
KrbCredInfo
{
public
EncryptionKey
key
;
public
Realm
prealm
;
//optional
public
PrincipalName
pname
;
//optional
public
TicketFlags
flags
;
//optional
public
KerberosTime
authtime
;
//optional
public
KerberosTime
starttime
;
//optional
public
KerberosTime
endtime
;
//optional
public
KerberosTime
renewTill
;
//optional
public
Realm
srealm
;
//optional
public
PrincipalName
sname
;
//optional
public
HostAddresses
caddr
;
//optional
...
...
@@ -79,26 +77,22 @@ public class KrbCredInfo {
public
KrbCredInfo
(
EncryptionKey
new_key
,
Realm
new_prealm
,
PrincipalName
new_pname
,
TicketFlags
new_flags
,
KerberosTime
new_authtime
,
KerberosTime
new_starttime
,
KerberosTime
new_endtime
,
KerberosTime
new_renewTill
,
Realm
new_srealm
,
PrincipalName
new_sname
,
HostAddresses
new_caddr
)
{
key
=
new_key
;
prealm
=
new_prealm
;
pname
=
new_pname
;
flags
=
new_flags
;
authtime
=
new_authtime
;
starttime
=
new_starttime
;
endtime
=
new_endtime
;
renewTill
=
new_renewTill
;
srealm
=
new_srealm
;
sname
=
new_sname
;
caddr
=
new_caddr
;
}
...
...
@@ -115,21 +109,20 @@ public class KrbCredInfo {
if
(
encoding
.
getTag
()
!=
DerValue
.
tag_Sequence
)
{
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
}
prealm
=
null
;
pname
=
null
;
flags
=
null
;
authtime
=
null
;
starttime
=
null
;
endtime
=
null
;
renewTill
=
null
;
srealm
=
null
;
sname
=
null
;
caddr
=
null
;
key
=
EncryptionKey
.
parse
(
encoding
.
getData
(),
(
byte
)
0x00
,
false
);
Realm
prealm
=
null
,
srealm
=
null
;
if
(
encoding
.
getData
().
available
()
>
0
)
prealm
=
Realm
.
parse
(
encoding
.
getData
(),
(
byte
)
0x01
,
true
);
if
(
encoding
.
getData
().
available
()
>
0
)
pname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x02
,
true
);
pname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x02
,
true
,
prealm
);
if
(
encoding
.
getData
().
available
()
>
0
)
flags
=
TicketFlags
.
parse
(
encoding
.
getData
(),
(
byte
)
0x03
,
true
);
if
(
encoding
.
getData
().
available
()
>
0
)
...
...
@@ -143,7 +136,7 @@ public class KrbCredInfo {
if
(
encoding
.
getData
().
available
()
>
0
)
srealm
=
Realm
.
parse
(
encoding
.
getData
(),
(
byte
)
0x08
,
true
);
if
(
encoding
.
getData
().
available
()
>
0
)
sname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x09
,
true
);
sname
=
PrincipalName
.
parse
(
encoding
.
getData
(),
(
byte
)
0x09
,
true
,
srealm
);
if
(
encoding
.
getData
().
available
()
>
0
)
caddr
=
HostAddresses
.
parse
(
encoding
.
getData
(),
(
byte
)
0x0A
,
true
);
if
(
encoding
.
getData
().
available
()
>
0
)
...
...
@@ -159,10 +152,10 @@ public class KrbCredInfo {
public
byte
[]
asn1Encode
()
throws
Asn1Exception
,
IOException
{
Vector
<
DerValue
>
v
=
new
Vector
<>();
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x00
),
key
.
asn1Encode
()));
if
(
prealm
!=
null
)
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
prealm
.
asn1Encode
()));
if
(
pname
!=
null
)
if
(
pname
!=
null
)
{
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
pname
.
getRealm
().
asn1Encode
()));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
pname
.
asn1Encode
()));
}
if
(
flags
!=
null
)
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x03
),
flags
.
asn1Encode
()));
if
(
authtime
!=
null
)
...
...
@@ -173,10 +166,10 @@ public class KrbCredInfo {
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x06
),
endtime
.
asn1Encode
()));
if
(
renewTill
!=
null
)
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x07
),
renewTill
.
asn1Encode
()));
if
(
srealm
!=
null
)
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x08
),
srealm
.
asn1Encode
()));
if
(
sname
!=
null
)
if
(
sname
!=
null
)
{
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x08
),
sname
.
getRealm
().
asn1Encode
()));
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x09
),
sname
.
asn1Encode
()));
}
if
(
caddr
!=
null
)
v
.
addElement
(
new
DerValue
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x0A
),
caddr
.
asn1Encode
()));
DerValue
der
[]
=
new
DerValue
[
v
.
size
()];
...
...
@@ -190,8 +183,6 @@ public class KrbCredInfo {
KrbCredInfo
kcred
=
new
KrbCredInfo
();
kcred
.
key
=
(
EncryptionKey
)
key
.
clone
();
// optional fields
if
(
prealm
!=
null
)
kcred
.
prealm
=
(
Realm
)
prealm
.
clone
();
if
(
pname
!=
null
)
kcred
.
pname
=
(
PrincipalName
)
pname
.
clone
();
if
(
flags
!=
null
)
...
...
@@ -204,8 +195,6 @@ public class KrbCredInfo {
kcred
.
endtime
=
(
KerberosTime
)
endtime
.
clone
();
if
(
renewTill
!=
null
)
kcred
.
renewTill
=
(
KerberosTime
)
renewTill
.
clone
();
if
(
srealm
!=
null
)
kcred
.
srealm
=
(
Realm
)
srealm
.
clone
();
if
(
sname
!=
null
)
kcred
.
sname
=
(
PrincipalName
)
sname
.
clone
();
if
(
caddr
!=
null
)
...
...
src/share/classes/sun/security/krb5/internal/TGSRep.java
浏览文件 @
b0b89f8f
...
...
@@ -42,12 +42,11 @@ public class TGSRep extends KDCRep {
public
TGSRep
(
PAData
[]
new_pAData
,
Realm
new_crealm
,
PrincipalName
new_cname
,
Ticket
new_ticket
,
EncryptedData
new_encPart
)
throws
IOException
{
super
(
new_pAData
,
new_c
realm
,
new_c
name
,
new_ticket
,
super
(
new_pAData
,
new_cname
,
new_ticket
,
new_encPart
,
Krb5
.
KRB_TGS_REP
);
}
...
...
src/share/classes/sun/security/krb5/internal/Ticket.java
浏览文件 @
b0b89f8f
...
...
@@ -60,7 +60,6 @@ import java.math.BigInteger;
public
class
Ticket
implements
Cloneable
{
public
int
tkt_vno
;
public
Realm
realm
;
public
PrincipalName
sname
;
public
EncryptedData
encPart
;
...
...
@@ -69,7 +68,6 @@ public class Ticket implements Cloneable {
public
Object
clone
()
{
Ticket
new_ticket
=
new
Ticket
();
new_ticket
.
realm
=
(
Realm
)
realm
.
clone
();
new_ticket
.
sname
=
(
PrincipalName
)
sname
.
clone
();
new_ticket
.
encPart
=
(
EncryptedData
)
encPart
.
clone
();
new_ticket
.
tkt_vno
=
tkt_vno
;
...
...
@@ -77,12 +75,10 @@ public class Ticket implements Cloneable {
}
public
Ticket
(
Realm
new_realm
,
PrincipalName
new_sname
,
EncryptedData
new_encPart
)
{
tkt_vno
=
Krb5
.
TICKET_VNO
;
realm
=
new_realm
;
sname
=
new_sname
;
encPart
=
new_encPart
;
}
...
...
@@ -123,8 +119,8 @@ public class Ticket implements Cloneable {
tkt_vno
=
subDer
.
getData
().
getBigInteger
().
intValue
();
if
(
tkt_vno
!=
Krb5
.
TICKET_VNO
)
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_BADVERSION
);
realm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x01
,
false
);
sname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x02
,
false
);
Realm
s
realm
=
Realm
.
parse
(
der
.
getData
(),
(
byte
)
0x01
,
false
);
sname
=
PrincipalName
.
parse
(
der
.
getData
(),
(
byte
)
0x02
,
false
,
srealm
);
encPart
=
EncryptedData
.
parse
(
der
.
getData
(),
(
byte
)
0x03
,
false
);
if
(
der
.
getData
().
available
()
>
0
)
throw
new
Asn1Exception
(
Krb5
.
ASN1_BAD_ID
);
...
...
@@ -142,7 +138,7 @@ public class Ticket implements Cloneable {
DerValue
der
[]
=
new
DerValue
[
4
];
temp
.
putInteger
(
BigInteger
.
valueOf
(
tkt_vno
));
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x00
),
temp
);
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
realm
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
sname
.
getRealm
()
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x02
),
sname
.
asn1Encode
());
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x03
),
encPart
.
asn1Encode
());
temp
=
new
DerOutputStream
();
...
...
src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
浏览文件 @
b0b89f8f
...
...
@@ -114,7 +114,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
// made public for KinitOptions to call directly
public
PrincipalName
readPrincipal
(
int
version
)
throws
IOException
,
RealmException
{
int
type
,
length
,
namelength
,
kret
;
PrincipalName
p
;
String
[]
pname
=
null
;
String
realm
;
/* Read principal type */
...
...
@@ -144,11 +143,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
realm
=
result
[
0
];
pname
=
new
String
[
length
];
System
.
arraycopy
(
result
,
1
,
pname
,
0
,
length
);
p
=
new
PrincipalName
(
pname
,
type
);
p
.
setRealm
(
realm
);
return
new
PrincipalName
(
type
,
pname
,
new
Realm
(
realm
));
}
try
{
return
new
PrincipalName
(
result
,
type
);
}
catch
(
RealmException
re
)
{
return
null
;
}
else
p
=
new
PrincipalName
(
result
,
type
);
return
p
;
}
/*
...
...
@@ -342,10 +343,10 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
Credentials
readCred
(
int
version
)
throws
IOException
,
RealmException
,
KrbApErrException
,
Asn1Exception
{
PrincipalName
cpname
=
readPrincipal
(
version
);
if
(
DEBUG
)
System
.
out
.
println
(
">>>DEBUG <CCacheInputStream> client principal is "
+
cpname
.
toString
()
);
System
.
out
.
println
(
">>>DEBUG <CCacheInputStream> client principal is "
+
cpname
);
PrincipalName
spname
=
readPrincipal
(
version
);
if
(
DEBUG
)
System
.
out
.
println
(
">>>DEBUG <CCacheInputStream> server principal is "
+
spname
.
toString
()
);
System
.
out
.
println
(
">>>DEBUG <CCacheInputStream> server principal is "
+
spname
);
EncryptionKey
key
=
readKey
(
version
);
if
(
DEBUG
)
System
.
out
.
println
(
">>>DEBUG <CCacheInputStream> key type: "
+
key
.
getEType
());
...
...
src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
浏览文件 @
b0b89f8f
...
...
@@ -36,9 +36,7 @@ import sun.security.krb5.internal.*;
public
class
Credentials
{
PrincipalName
cname
;
Realm
crealm
;
PrincipalName
sname
;
Realm
srealm
;
EncryptionKey
key
;
KerberosTime
authtime
;
KerberosTime
starttime
;
//optional
...
...
@@ -67,15 +65,7 @@ public class Credentials {
Ticket
new_ticket
,
Ticket
new_secondTicket
)
{
cname
=
(
PrincipalName
)
new_cname
.
clone
();
if
(
new_cname
.
getRealm
()
!=
null
)
{
crealm
=
(
Realm
)
new_cname
.
getRealm
().
clone
();
}
sname
=
(
PrincipalName
)
new_sname
.
clone
();
if
(
new_sname
.
getRealm
()
!=
null
)
{
srealm
=
(
Realm
)
new_sname
.
getRealm
().
clone
();
}
key
=
(
EncryptionKey
)
new_key
.
clone
();
authtime
=
(
KerberosTime
)
new_authtime
.
clone
();
...
...
@@ -110,7 +100,6 @@ public class Credentials {
{
return
;
}
crealm
=
(
Realm
)
kdcRep
.
crealm
.
clone
();
cname
=
(
PrincipalName
)
kdcRep
.
cname
.
clone
();
ticket
=
(
Ticket
)
kdcRep
.
ticket
.
clone
();
key
=
(
EncryptionKey
)
kdcRep
.
encKDCRepPart
.
key
.
clone
();
...
...
@@ -123,7 +112,6 @@ public class Credentials {
if
(
kdcRep
.
encKDCRepPart
.
renewTill
!=
null
)
{
renewTill
=
(
KerberosTime
)
kdcRep
.
encKDCRepPart
.
renewTill
.
clone
();
}
srealm
=
(
Realm
)
kdcRep
.
encKDCRepPart
.
srealm
.
clone
();
sname
=
(
PrincipalName
)
kdcRep
.
encKDCRepPart
.
sname
.
clone
();
caddr
=
(
HostAddresses
)
kdcRep
.
encKDCRepPart
.
caddr
.
clone
();
secondTicket
=
(
Ticket
)
new_secondTicket
.
clone
();
...
...
@@ -138,17 +126,7 @@ public class Credentials {
public
Credentials
(
KDCRep
kdcRep
,
Ticket
new_ticket
)
{
sname
=
(
PrincipalName
)
kdcRep
.
encKDCRepPart
.
sname
.
clone
();
srealm
=
(
Realm
)
kdcRep
.
encKDCRepPart
.
srealm
.
clone
();
try
{
sname
.
setRealm
(
srealm
);
}
catch
(
RealmException
e
)
{
}
cname
=
(
PrincipalName
)
kdcRep
.
cname
.
clone
();
crealm
=
(
Realm
)
kdcRep
.
crealm
.
clone
();
try
{
cname
.
setRealm
(
crealm
);
}
catch
(
RealmException
e
)
{
}
key
=
(
EncryptionKey
)
kdcRep
.
encKDCRepPart
.
key
.
clone
();
authtime
=
(
KerberosTime
)
kdcRep
.
encKDCRepPart
.
authtime
.
clone
();
if
(
kdcRep
.
encKDCRepPart
.
starttime
!=
null
)
{
...
...
@@ -202,9 +180,6 @@ public class Credentials {
}
public
PrincipalName
getServicePrincipal
()
throws
RealmException
{
if
(
sname
.
getRealm
()
==
null
)
{
sname
.
setRealm
(
srealm
);
}
return
sname
;
}
...
...
src/share/classes/sun/security/krb5/internal/ccache/CredentialsCache.java
浏览文件 @
b0b89f8f
...
...
@@ -120,6 +120,6 @@ public abstract class CredentialsCache {
public
abstract
void
save
()
throws
IOException
,
KrbException
;
public
abstract
Credentials
[]
getCredsList
();
public
abstract
Credentials
getDefaultCreds
();
public
abstract
Credentials
getCreds
(
PrincipalName
sname
,
Realm
srealm
)
;
public
abstract
Credentials
getCreds
(
LoginOptions
options
,
PrincipalName
sname
,
Realm
srealm
)
;
public
abstract
Credentials
getCreds
(
PrincipalName
sname
)
;
public
abstract
Credentials
getCreds
(
LoginOptions
options
,
PrincipalName
sname
)
;
}
src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
浏览文件 @
b0b89f8f
...
...
@@ -59,7 +59,6 @@ public class FileCredentialsCache extends CredentialsCache
public
int
version
;
public
Tag
tag
;
// optional
public
PrincipalName
primaryPrincipal
;
public
Realm
primaryRealm
;
private
Vector
<
Credentials
>
credentialsList
;
private
static
String
dir
;
private
static
boolean
DEBUG
=
Krb5
.
DEBUG
;
...
...
@@ -79,7 +78,6 @@ public class FileCredentialsCache extends CredentialsCache
}
if
(
principal
!=
null
)
{
fcc
.
primaryPrincipal
=
principal
;
fcc
.
primaryRealm
=
principal
.
getRealm
();
}
fcc
.
load
(
cacheName
);
return
fcc
;
...
...
@@ -153,7 +151,6 @@ public class FileCredentialsCache extends CredentialsCache
synchronized
void
init
(
PrincipalName
principal
,
String
name
)
throws
IOException
,
KrbException
{
primaryPrincipal
=
principal
;
primaryRealm
=
principal
.
getRealm
();
CCacheOutputStream
cos
=
new
CCacheOutputStream
(
new
FileOutputStream
(
name
));
version
=
KRB5_FCC_FVNO_3
;
...
...
@@ -183,7 +180,6 @@ public class FileCredentialsCache extends CredentialsCache
}
}
else
primaryPrincipal
=
p
;
primaryRealm
=
primaryPrincipal
.
getRealm
();
credentialsList
=
new
Vector
<
Credentials
>
();
while
(
cis
.
available
()
>
0
)
{
Credentials
cred
=
cis
.
readCred
(
version
);
...
...
@@ -291,18 +287,16 @@ public class FileCredentialsCache extends CredentialsCache
}
public
Credentials
getCreds
(
LoginOptions
options
,
PrincipalName
sname
,
Realm
srealm
)
{
public
Credentials
getCreds
(
LoginOptions
options
,
PrincipalName
sname
)
{
if
(
options
==
null
)
{
return
getCreds
(
sname
,
srealm
);
return
getCreds
(
sname
);
}
else
{
Credentials
[]
list
=
getCredsList
();
if
(
list
==
null
)
{
return
null
;
}
else
{
for
(
int
i
=
0
;
i
<
list
.
length
;
i
++)
{
if
(
sname
.
match
(
list
[
i
].
sname
)
&&
(
srealm
.
toString
().
equals
(
list
[
i
].
srealm
.
toString
())))
{
if
(
sname
.
match
(
list
[
i
].
sname
))
{
if
(
list
[
i
].
flags
.
match
(
options
))
{
return
list
[
i
];
}
...
...
@@ -317,16 +311,14 @@ public class FileCredentialsCache extends CredentialsCache
/**
* Gets a credentials for a specified service.
* @param sname service principal name.
* @param srealm the realm that the service belongs to.
*/
public
Credentials
getCreds
(
PrincipalName
sname
,
Realm
srealm
)
{
public
Credentials
getCreds
(
PrincipalName
sname
)
{
Credentials
[]
list
=
getCredsList
();
if
(
list
==
null
)
{
return
null
;
}
else
{
for
(
int
i
=
0
;
i
<
list
.
length
;
i
++)
{
if
(
sname
.
match
(
list
[
i
].
sname
)
&&
(
srealm
.
toString
().
equals
(
list
[
i
].
srealm
.
toString
())))
{
if
(
sname
.
match
(
list
[
i
].
sname
))
{
return
list
[
i
];
}
}
...
...
@@ -343,7 +335,7 @@ public class FileCredentialsCache extends CredentialsCache
if
(
list
[
i
].
sname
.
toString
().
startsWith
(
"krbtgt"
))
{
String
[]
nameStrings
=
list
[
i
].
sname
.
getNameStrings
();
// find the TGT for the current realm krbtgt/realm@realm
if
(
nameStrings
[
1
].
equals
(
list
[
i
].
s
realm
.
toString
()))
{
if
(
nameStrings
[
1
].
equals
(
list
[
i
].
s
name
.
getRealm
()
.
toString
()))
{
return
list
[
i
];
}
}
...
...
src/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java
浏览文件 @
b0b89f8f
...
...
@@ -64,7 +64,7 @@ public abstract class MemoryCredentialsCache extends CredentialsCache {
public
abstract
Credentials
[]
getCredsList
();
public
abstract
Credentials
getCreds
(
PrincipalName
sname
,
Realm
srealm
)
;
public
abstract
Credentials
getCreds
(
PrincipalName
sname
)
;
public
abstract
PrincipalName
getPrimaryPrincipal
();
...
...
src/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
浏览文件 @
b0b89f8f
...
...
@@ -83,8 +83,7 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
}
int
nameType
=
read
(
4
);
index
-=
4
;
PrincipalName
service
=
new
PrincipalName
(
nameParts
,
nameType
);
service
.
setRealm
(
realm
);
PrincipalName
service
=
new
PrincipalName
(
nameType
,
nameParts
,
realm
);
KerberosTime
timeStamp
=
readTimeStamp
();
int
keyVersion
=
read
()
&
0xff
;
...
...
src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
浏览文件 @
b0b89f8f
...
...
@@ -163,7 +163,7 @@ public final class KerberosClientKeyExchangeImpl
EncryptedData
encPart
=
t
.
encPart
;
PrincipalName
ticketSname
=
t
.
sname
;
Realm
ticketRealm
=
t
.
realm
;
Realm
ticketRealm
=
t
.
sname
.
getRealm
()
;
String
serverPrincipal
=
serverKeys
[
0
].
getPrincipal
().
getName
();
...
...
@@ -175,8 +175,7 @@ public final class KerberosClientKeyExchangeImpl
*/
// Check that ticket Sname matches serverPrincipal
String
ticketPrinc
=
ticketSname
.
toString
().
concat
(
"@"
+
ticketRealm
.
toString
());
String
ticketPrinc
=
ticketSname
.
toString
();
if
(!
ticketPrinc
.
equals
(
serverPrincipal
))
{
if
(
debug
!=
null
&&
Debug
.
isOn
(
"handshake"
))
System
.
out
.
println
(
"Service principal in Ticket does not"
...
...
@@ -224,7 +223,6 @@ public final class KerberosClientKeyExchangeImpl
if
(
debug
!=
null
&&
Debug
.
isOn
(
"handshake"
))
{
System
.
out
.
println
(
"server principal: "
+
serverPrincipal
);
System
.
out
.
println
(
"realm: "
+
encTicketPart
.
crealm
.
toString
());
System
.
out
.
println
(
"cname: "
+
encTicketPart
.
cname
.
toString
());
}
}
catch
(
IOException
e
)
{
...
...
src/windows/classes/sun/security/krb5/internal/tools/Kinit.java
浏览文件 @
b0b89f8f
...
...
@@ -206,9 +206,7 @@ public class Kinit {
System
.
out
.
println
(
">>> Kinit realm name is "
+
realm
);
}
PrincipalName
sname
=
new
PrincipalName
(
"krbtgt"
+
"/"
+
realm
,
PrincipalName
.
KRB_NT_SRV_INST
);
sname
.
setRealm
(
realm
);
PrincipalName
sname
=
PrincipalName
.
tgsService
(
realm
,
realm
);
builder
.
setTarget
(
sname
);
if
(
DEBUG
)
{
...
...
src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
浏览文件 @
b0b89f8f
...
...
@@ -146,15 +146,6 @@ class KinitOptions {
"Principal name: "
+
p
+
e
.
getMessage
());
}
if
(
principal
.
getRealm
()
==
null
)
{
String
realm
=
Config
.
getInstance
().
getDefault
(
"default_realm"
,
"libdefaults"
);
if
(
realm
!=
null
)
{
principal
.
setRealm
(
realm
);
}
else
throw
new
IllegalArgumentException
(
"invalid "
+
"Realm name"
);
}
}
else
if
(
this
.
password
==
null
)
{
// Have already processed a Principal, this must be a password
password
=
args
[
i
].
toCharArray
();
...
...
@@ -175,16 +166,6 @@ class KinitOptions {
}
PrincipalName
getDefaultPrincipal
()
{
String
cname
;
String
realm
=
null
;
try
{
realm
=
Config
.
getInstance
().
getDefaultRealm
();
}
catch
(
KrbException
e
)
{
System
.
out
.
println
(
"Can not get default realm "
+
e
.
getMessage
());
e
.
printStackTrace
();
return
null
;
}
// get default principal name from the cachename if it is
// available.
...
...
@@ -204,10 +185,6 @@ class KinitOptions {
}
PrincipalName
p
=
cis
.
readPrincipal
(
version
);
cis
.
close
();
String
temp
=
p
.
getRealmString
();
if
(
temp
==
null
)
{
p
.
setRealm
(
realm
);
}
if
(
DEBUG
)
{
System
.
out
.
println
(
">>>KinitOptions principal name from "
+
"the cache is :"
+
p
);
...
...
@@ -230,19 +207,15 @@ class KinitOptions {
System
.
out
.
println
(
">>>KinitOptions default username is :"
+
username
);
}
if
(
realm
!=
null
)
{
try
{
PrincipalName
p
=
new
PrincipalName
(
username
);
if
(
p
.
getRealm
()
==
null
)
p
.
setRealm
(
realm
);
return
p
;
}
catch
(
RealmException
e
)
{
// ignore exception , return null
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception in getting principal "
+
"name "
+
e
.
getMessage
());
e
.
printStackTrace
();
}
try
{
PrincipalName
p
=
new
PrincipalName
(
username
);
return
p
;
}
catch
(
RealmException
e
)
{
// ignore exception , return null
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception in getting principal "
+
"name "
+
e
.
getMessage
());
e
.
printStackTrace
();
}
}
return
null
;
...
...
src/windows/classes/sun/security/krb5/internal/tools/Ktab.java
浏览文件 @
b0b89f8f
...
...
@@ -273,9 +273,6 @@ public class Ktab {
PrincipalName
pname
=
null
;
try
{
pname
=
new
PrincipalName
(
principal
);
if
(
pname
.
getRealm
()
==
null
)
{
pname
.
setRealm
(
Config
.
getInstance
().
getDefaultRealm
());
}
}
catch
(
KrbException
e
)
{
System
.
err
.
println
(
"Failed to add "
+
principal
+
" to keytab."
);
...
...
@@ -382,9 +379,6 @@ public class Ktab {
PrincipalName
pname
=
null
;
try
{
pname
=
new
PrincipalName
(
principal
);
if
(
pname
.
getRealm
()
==
null
)
{
pname
.
setRealm
(
Config
.
getInstance
().
getDefaultRealm
());
}
if
(!
forced
)
{
String
answer
;
BufferedReader
cis
=
...
...
src/windows/native/sun/security/krb5/NativeCreds.c
浏览文件 @
b0b89f8f
...
...
@@ -67,7 +67,6 @@ jmethodID encryptionKeyConstructor = 0;
jmethodID
ticketFlagsConstructor
=
0
;
jmethodID
kerberosTimeConstructor
=
0
;
jmethodID
krbcredsConstructor
=
0
;
jmethodID
setRealmMethod
=
0
;
/*
* Function prototypes for internal routines
...
...
@@ -279,7 +278,7 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
}
principalNameConstructor
=
(
*
env
)
->
GetMethodID
(
env
,
principalNameClass
,
"<init>"
,
"([
Ljava/lang/String;)V"
);
"<init>"
,
"([Ljava/lang/String;
Ljava/lang/String;)V"
);
if
(
principalNameConstructor
==
0
)
{
printf
(
"LSA: Couldn't find PrincipalName constructor
\n
"
);
return
JNI_ERR
;
...
...
@@ -318,14 +317,6 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
printf
(
"LSA: Found KerberosTime constructor
\n
"
);
}
// load the setRealm method in PrincipalName
setRealmMethod
=
(
*
env
)
->
GetMethodID
(
env
,
principalNameClass
,
"setRealm"
,
"(Ljava/lang/String;)V"
);
if
(
setRealmMethod
==
0
)
{
printf
(
"LSA: Couldn't find setRealm in PrincipalName
\n
"
);
return
JNI_ERR
;
}
if
(
native_debug
)
{
printf
(
"LSA: Finished OnLoad processing
\n
"
);
}
...
...
@@ -952,13 +943,12 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
// Do I have to worry about storage reclamation here?
}
principal
=
(
*
env
)
->
NewObject
(
env
,
principalNameClass
,
principalNameConstructor
,
stringArray
);
// now set the realm in the principal
realmLen
=
(
ULONG
)
wcslen
((
PWCHAR
)
realm
);
realmStr
=
(
*
env
)
->
NewString
(
env
,
(
PWCHAR
)
realm
,
(
USHORT
)
realmLen
);
(
*
env
)
->
CallVoidMethod
(
env
,
principal
,
setRealmMethod
,
realmStr
);
principal
=
(
*
env
)
->
NewObject
(
env
,
principalNameClass
,
principalNameConstructor
,
stringArray
,
realmStr
);
// free local resources
LocalFree
(
realm
);
...
...
test/sun/security/krb5/ServiceNameClone.java
已删除
100644 → 0
浏览文件 @
89d4b110
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6856069
* @summary PrincipalName.clone() does not invoke super.clone()
*/
import
sun.security.krb5.ServiceName
;
public
class
ServiceNameClone
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
ServiceName
sn
=
new
ServiceName
(
"me@HERE"
);
if
(
sn
.
clone
().
getClass
()
!=
ServiceName
.
class
)
{
throw
new
Exception
(
"ServiceName's clone is not a ServiceName"
);
}
if
(!
sn
.
clone
().
equals
(
sn
))
{
throw
new
Exception
(
"ServiceName's clone changed"
);
}
}
}
test/sun/security/krb5/auto/KDC.java
浏览文件 @
b0b89f8f
...
...
@@ -606,9 +606,8 @@ public class KDC {
TGSReq
tgsReq
=
new
TGSReq
(
in
);
PrincipalName
service
=
tgsReq
.
reqBody
.
sname
;
if
(
options
.
containsKey
(
KDC
.
Option
.
RESP_NT
))
{
service
=
new
PrincipalName
(
service
.
getNameStrings
(),
(
int
)
options
.
get
(
KDC
.
Option
.
RESP_NT
));
service
.
setRealm
(
service
.
getRealm
());
service
=
new
PrincipalName
((
int
)
options
.
get
(
KDC
.
Option
.
RESP_NT
),
service
.
getNameStrings
(),
service
.
getRealm
());
}
try
{
System
.
out
.
println
(
realm
+
"> "
+
tgsReq
.
reqBody
.
cname
+
...
...
@@ -632,7 +631,6 @@ public class KDC {
EncryptedData
ed
=
apReq
.
authenticator
;
tkt
=
apReq
.
ticket
;
int
te
=
tkt
.
encPart
.
getEType
();
tkt
.
sname
.
setRealm
(
tkt
.
realm
);
EncryptionKey
kkey
=
keyForUser
(
tkt
.
sname
,
te
,
true
);
byte
[]
bb
=
tkt
.
encPart
.
decrypt
(
kkey
,
KeyUsage
.
KU_TICKET
);
DerInputStream
derIn
=
new
DerInputStream
(
bb
);
...
...
@@ -693,7 +691,6 @@ public class KDC {
EncTicketPart
enc
=
new
EncTicketPart
(
tFlags
,
key
,
etp
.
crealm
,
etp
.
cname
,
new
TransitedEncoding
(
1
,
new
byte
[
0
]),
// TODO
new
KerberosTime
(
new
Date
()),
...
...
@@ -709,7 +706,6 @@ public class KDC {
throw
new
KrbException
(
Krb5
.
KDC_ERR_SUMTYPE_NOSUPP
);
// TODO
}
Ticket
t
=
new
Ticket
(
body
.
crealm
,
service
,
new
EncryptedData
(
skey
,
enc
.
asn1Encode
(),
KeyUsage
.
KU_TICKET
)
);
...
...
@@ -725,7 +721,6 @@ public class KDC {
new
KerberosTime
(
new
Date
()),
body
.
from
,
till
,
body
.
rtime
,
body
.
crealm
,
service
,
body
.
addresses
!=
null
// always set caddr
?
body
.
addresses
...
...
@@ -734,7 +729,6 @@ public class KDC {
);
EncryptedData
edata
=
new
EncryptedData
(
ckey
,
enc_part
.
asn1Encode
(),
KeyUsage
.
KU_ENC_TGS_REP_PART_SESSKEY
);
TGSRep
tgsRep
=
new
TGSRep
(
null
,
etp
.
crealm
,
etp
.
cname
,
t
,
edata
);
...
...
@@ -756,8 +750,8 @@ public class KDC {
new
KerberosTime
(
new
Date
()),
0
,
ke
.
returnCode
(),
body
.
c
realm
,
body
.
c
name
,
new
Realm
(
getRealm
()),
service
,
body
.
cname
,
service
,
KrbException
.
errorMessage
(
ke
.
returnCode
()),
null
);
}
...
...
@@ -780,7 +774,6 @@ public class KDC {
if
(
options
.
containsKey
(
KDC
.
Option
.
RESP_NT
))
{
service
=
new
PrincipalName
(
service
.
getNameStrings
(),
(
int
)
options
.
get
(
KDC
.
Option
.
RESP_NT
));
service
.
setRealm
(
service
.
getRealm
());
}
try
{
System
.
out
.
println
(
realm
+
"> "
+
asReq
.
reqBody
.
cname
+
...
...
@@ -788,7 +781,6 @@ public class KDC {
service
);
KDCReqBody
body
=
asReq
.
reqBody
;
body
.
cname
.
setRealm
(
getRealm
());
eTypes
=
KDCReqBodyDotEType
(
body
);
int
eType
=
eTypes
[
0
];
...
...
@@ -971,7 +963,6 @@ public class KDC {
EncTicketPart
enc
=
new
EncTicketPart
(
tFlags
,
key
,
body
.
crealm
,
body
.
cname
,
new
TransitedEncoding
(
1
,
new
byte
[
0
]),
new
KerberosTime
(
new
Date
()),
...
...
@@ -980,7 +971,6 @@ public class KDC {
body
.
addresses
,
null
);
Ticket
t
=
new
Ticket
(
body
.
crealm
,
service
,
new
EncryptedData
(
skey
,
enc
.
asn1Encode
(),
KeyUsage
.
KU_TICKET
)
);
...
...
@@ -996,14 +986,12 @@ public class KDC {
new
KerberosTime
(
new
Date
()),
body
.
from
,
till
,
body
.
rtime
,
body
.
crealm
,
service
,
body
.
addresses
);
EncryptedData
edata
=
new
EncryptedData
(
ckey
,
enc_part
.
asn1Encode
(),
KeyUsage
.
KU_ENC_AS_REP_PART
);
ASRep
asRep
=
new
ASRep
(
outPAs
.
toArray
(
new
PAData
[
outPAs
.
size
()]),
body
.
crealm
,
body
.
cname
,
t
,
edata
);
...
...
@@ -1024,7 +1012,6 @@ public class KDC {
asRep
.
encKDCRepPart
=
enc_part
;
sun
.
security
.
krb5
.
internal
.
ccache
.
Credentials
credentials
=
new
sun
.
security
.
krb5
.
internal
.
ccache
.
Credentials
(
asRep
);
asReq
.
reqBody
.
cname
.
setRealm
(
getRealm
());
CredentialsCache
cache
=
CredentialsCache
.
create
(
asReq
.
reqBody
.
cname
,
ccache
);
if
(
cache
==
null
)
{
...
...
@@ -1059,8 +1046,8 @@ public class KDC {
new
KerberosTime
(
new
Date
()),
0
,
ke
.
returnCode
(),
body
.
c
realm
,
body
.
c
name
,
new
Realm
(
getRealm
()),
service
,
body
.
cname
,
service
,
KrbException
.
errorMessage
(
ke
.
returnCode
()),
eData
);
}
...
...
test/sun/security/krb5/name/Constructors.java
0 → 100644
浏览文件 @
b0b89f8f
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6966259
* @summary Make PrincipalName and Realm immutable
* @run main/othervm Constructors
*/
import
java.util.Arrays
;
import
sun.security.krb5.*
;
public
class
Constructors
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
int
type
;
boolean
testNoDefaultDomain
;
// Part 1: on format
// Good ones
type
=
PrincipalName
.
KRB_NT_UNKNOWN
;
checkName
(
"a"
,
type
,
"R"
,
"R"
,
"a"
);
checkName
(
"a@R2"
,
type
,
"R"
,
"R"
,
"a"
);
checkName
(
"a/b"
,
type
,
"R"
,
"R"
,
"a"
,
"b"
);
checkName
(
"a/b@R2"
,
type
,
"R"
,
"R"
,
"a"
,
"b"
);
checkName
(
"a/b/c"
,
type
,
"R"
,
"R"
,
"a"
,
"b"
,
"c"
);
checkName
(
"a/b/c@R2"
,
type
,
"R"
,
"R"
,
"a"
,
"b"
,
"c"
);
// Weird ones
checkName
(
"a\\/b"
,
type
,
"R"
,
"R"
,
"a/b"
);
checkName
(
"a\\/b\\/c"
,
type
,
"R"
,
"R"
,
"a/b/c"
);
checkName
(
"a\\/b\\@R2"
,
type
,
"R"
,
"R"
,
"a/b@R2"
);
// Bad ones
checkName
(
"a"
,
type
,
""
,
null
);
checkName
(
"a/"
,
type
,
"R"
,
null
);
checkName
(
"/a"
,
type
,
"R"
,
null
);
checkName
(
"a//b"
,
type
,
"R"
,
null
);
checkName
(
"a@"
,
type
,
null
,
null
);
type
=
PrincipalName
.
KRB_NT_SRV_HST
;
// Part 2: on realm choices
// When there is no default realm
System
.
setProperty
(
"java.security.krb5.conf"
,
System
.
getProperty
(
"test.src"
,
"."
)
+
"/empty.conf"
);
Config
.
refresh
();
// A Windows client login to AD always has a default realm
try
{
Realm
r
=
Realm
.
getDefault
();
System
.
out
.
println
(
"testNoDefaultDomain = false. Realm is "
+
r
);
testNoDefaultDomain
=
false
;
}
catch
(
RealmException
re
)
{
// Great. This is what we expected
testNoDefaultDomain
=
true
;
}
if
(
testNoDefaultDomain
)
{
type
=
PrincipalName
.
KRB_NT_UNKNOWN
;
checkName
(
"a"
,
type
,
"R1"
,
"R1"
,
"a"
);
// arg
checkName
(
"a@R1"
,
type
,
null
,
"R1"
,
"a"
);
// or r in name
checkName
(
"a@R2"
,
type
,
"R1"
,
"R1"
,
"a"
);
// arg over r
checkName
(
"a"
,
type
,
null
,
null
);
// fail if none
checkName
(
"a/b@R1"
,
type
,
null
,
"R1"
,
"a"
,
"b"
);
type
=
PrincipalName
.
KRB_NT_SRV_HST
;
// Let's pray "b.h" won't be canonicalized
checkName
(
"a/b.h"
,
type
,
"R1"
,
"R1"
,
"a"
,
"b.h"
);
// arg
checkName
(
"a/b.h@R1"
,
type
,
null
,
"R1"
,
"a"
,
"b.h"
);
// or r in name
checkName
(
"a/b.h@R1"
,
type
,
"R2"
,
"R2"
,
"a"
,
"b.h"
);
// arg over r
checkName
(
"a/b.h"
,
type
,
null
,
null
);
// fail if none
}
// When there is default realm
System
.
setProperty
(
"java.security.krb5.conf"
,
System
.
getProperty
(
"test.src"
,
"."
)
+
"/krb5.conf"
);
Config
.
refresh
();
type
=
PrincipalName
.
KRB_NT_UNKNOWN
;
checkName
(
"a"
,
type
,
"R1"
,
"R1"
,
"a"
);
// arg
checkName
(
"a@R1"
,
type
,
null
,
"R1"
,
"a"
);
// or r in name
checkName
(
"a@R2"
,
type
,
"R1"
,
"R1"
,
"a"
);
// arg over r
checkName
(
"a"
,
type
,
null
,
"R"
,
"a"
);
// default
checkName
(
"a/b"
,
type
,
null
,
"R"
,
"a"
,
"b"
);
type
=
PrincipalName
.
KRB_NT_SRV_HST
;
checkName
(
"a/b.h3"
,
type
,
"R1"
,
"R1"
,
"a"
,
"b.h3"
);
// arg
checkName
(
"a/b.h@R1"
,
type
,
null
,
"R1"
,
"a"
,
"b.h"
);
// or r in name
checkName
(
"a/b.h3@R2"
,
type
,
"R1"
,
"R1"
,
"a"
,
"b.h3"
);
// arg over r
checkName
(
"a/b.h2"
,
type
,
"R1"
,
"R1"
,
"a"
,
"b.h2"
);
// arg over map
checkName
(
"a/b.h2@R1"
,
type
,
null
,
"R1"
,
"a"
,
"b.h2"
);
// r over map
checkName
(
"a/b.h2"
,
type
,
null
,
"R2"
,
"a"
,
"b.h2"
);
// map
checkName
(
"a/b.h"
,
type
,
null
,
"R"
,
"a"
,
"b.h"
);
// default
}
// Check if the creation matches the expected output.
// Note: realm == null means creation failure
static
void
checkName
(
String
n
,
int
t
,
String
s
,
String
realm
,
String
...
parts
)
throws
Exception
{
PrincipalName
pn
=
null
;
try
{
pn
=
new
PrincipalName
(
n
,
t
,
s
);
}
catch
(
Exception
e
)
{
if
(
realm
==
null
)
{
return
;
// This is expected
}
else
{
throw
e
;
}
}
if
(!
pn
.
getRealmAsString
().
equals
(
realm
)
||
!
Arrays
.
equals
(
pn
.
getNameStrings
(),
parts
))
{
throw
new
Exception
(
pn
.
toString
()
+
" vs "
+
Arrays
.
toString
(
parts
)
+
"@"
+
realm
);
}
}
}
test/sun/security/krb5/name/empty.conf
0 → 100644
浏览文件 @
b0b89f8f
[
libdefaults
]
dns_fallback
=
false
test/sun/security/krb5/name/krb5.conf
0 → 100644
浏览文件 @
b0b89f8f
[
libdefaults
]
default_realm
=
R
[
realms
]
R
= {
kdc
=
kdc
}
[
domain_realm
]
.
h2
=
R2
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录