Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk

体验新版 GitCode,发现更多精彩内容 >>

提交 b0b89f8f 编写于 作者: W weijun
浏览文件
操作

6966259: Make PrincipalName and Realm immutable 

Reviewed-by: xuelei
上级 89d4b110
隐藏空白更改
内联 并排
Showing with 480 addition and 645 deletion
src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
浏览文件 @ b0b89f8f
...@@ -26,7 +26,6 @@ ...@@ -26,7 +26,6 @@
package javax.security.auth.kerberos; package javax.security.auth.kerberos;
import java.io.*; import java.io.*;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.KrbException; import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName; import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm; import sun.security.krb5.Realm;
...@@ -81,14 +80,12 @@ public final class KerberosPrincipal ...@@ -81,14 +80,12 @@ public final class KerberosPrincipal
public static final int KRB_NT_UID = 5; public static final int KRB_NT_UID = 5;
private transient String fullName; private transient String fullName;
private transient String realm; private transient String realm;
private transient int nameType; private transient int nameType;
private static final char NAME_REALM_SEPARATOR = '@';
/** /**
* Constructs a KerberosPrincipal from the provided string input. The * Constructs a KerberosPrincipal from the provided string input. The
...@@ -233,41 +230,35 @@ public final class KerberosPrincipal ...@@ -233,41 +230,35 @@ public final class KerberosPrincipal
* realm in their DER-encoded form as specified in Section 5.2.2 of * realm in their DER-encoded form as specified in Section 5.2.2 of
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>. * <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
*/ */
private void writeObject(ObjectOutputStream oos) private void writeObject(ObjectOutputStream oos)
throws IOException { throws IOException {
PrincipalName krb5Principal = null; PrincipalName krb5Principal;
try { try {
krb5Principal = new PrincipalName(fullName,nameType); krb5Principal = new PrincipalName(fullName, nameType);
oos.writeObject(krb5Principal.asn1Encode()); oos.writeObject(krb5Principal.asn1Encode());
oos.writeObject(krb5Principal.getRealm().asn1Encode()); oos.writeObject(krb5Principal.getRealm().asn1Encode());
} catch (Exception e) { } catch (Exception e) {
IOException ioe = new IOException(e.getMessage()); throw new IOException(e);
ioe.initCause(e);
throw ioe;
} }
} }
/** /**
* Reads this object from a stream (i.e., deserializes it) * Reads this object from a stream (i.e., deserializes it)
*/ */
private void readObject(ObjectInputStream ois) private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException { throws IOException, ClassNotFoundException {
byte[] asn1EncPrincipal = (byte [])ois.readObject(); byte[] asn1EncPrincipal = (byte [])ois.readObject();
byte[] encRealm = (byte [])ois.readObject(); byte[] encRealm = (byte [])ois.readObject();
try { try {
PrincipalName krb5Principal = new PrincipalName(new Realm realmObject = new Realm(new DerValue(encRealm));
DerValue(asn1EncPrincipal)); PrincipalName krb5Principal = new PrincipalName(
realm = (new Realm(new DerValue(encRealm))).toString(); new DerValue(asn1EncPrincipal), realmObject);
fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR + realm = realmObject.toString();
realm.toString(); fullName = krb5Principal.toString();
nameType = krb5Principal.getNameType(); nameType = krb5Principal.getNameType();
} catch (Exception e) { } catch (Exception e) {
IOException ioe = new IOException(e.getMessage()); throw new IOException(e);
ioe.initCause(e);
throw ioe;
} }
} }
...@@ -288,9 +279,7 @@ public final class KerberosPrincipal ...@@ -288,9 +279,7 @@ public final class KerberosPrincipal
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>. * <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
* *
* @return the name type. * @return the name type.
*
*/ */
public int getNameType() { public int getNameType() {
return nameType; return nameType;
} }
......
src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
浏览文件 @ b0b89f8f
...@@ -27,10 +27,8 @@ package sun.security.jgss.krb5; ...@@ -27,10 +27,8 @@ package sun.security.jgss.krb5;
import org.ietf.jgss.*; import org.ietf.jgss.*;
import sun.security.jgss.spi.*; import sun.security.jgss.spi.*;
import javax.security.auth.kerberos.*;
import sun.security.krb5.PrincipalName; import sun.security.krb5.PrincipalName;
import sun.security.krb5.KrbException; import sun.security.krb5.KrbException;
import sun.security.krb5.ServiceName;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
...@@ -119,8 +117,8 @@ public class Krb5NameElement ...@@ -119,8 +117,8 @@ public class Krb5NameElement
hostName = components[1]; hostName = components[1];
String principal = getHostBasedInstance(service, hostName); String principal = getHostBasedInstance(service, hostName);
principalName = new ServiceName(principal, principalName = new PrincipalName(principal,
PrincipalName.KRB_NT_SRV_HST); PrincipalName.KRB_NT_SRV_HST);
} }
} }
......
src/share/classes/sun/security/krb5/Credentials.java
浏览文件 @ b0b89f8f
...@@ -464,8 +464,7 @@ public class Credentials { ...@@ -464,8 +464,7 @@ public class Credentials {
System.out.println(">>> DEBUG: ----Credentials----"); System.out.println(">>> DEBUG: ----Credentials----");
System.out.println("\tclient: " + c.client.toString()); System.out.println("\tclient: " + c.client.toString());
System.out.println("\tserver: " + c.server.toString()); System.out.println("\tserver: " + c.server.toString());
System.out.println("\tticket: realm: " + c.ticket.realm.toString()); System.out.println("\tticket: sname: " + c.ticket.sname.toString());
System.out.println("\t sname: " + c.ticket.sname.toString());
if (c.startTime != null) { if (c.startTime != null) {
System.out.println("\tstartTime: " + c.startTime.getTime()); System.out.println("\tstartTime: " + c.startTime.getTime());
} }
......
src/share/classes/sun/security/krb5/KrbApReq.java
浏览文件 @ b0b89f8f
...@@ -179,7 +179,6 @@ public class KrbApReq { ...@@ -179,7 +179,6 @@ public class KrbApReq {
KrbApReq(APOptions apOptions, KrbApReq(APOptions apOptions,
Ticket ticket, Ticket ticket,
EncryptionKey key, EncryptionKey key,
Realm crealm,
PrincipalName cname, PrincipalName cname,
Checksum cksum, Checksum cksum,
KerberosTime ctime, KerberosTime ctime,
...@@ -189,7 +188,7 @@ public class KrbApReq { ...@@ -189,7 +188,7 @@ public class KrbApReq {
throws Asn1Exception, IOException, throws Asn1Exception, IOException,
KdcErrException, KrbCryptoException { KdcErrException, KrbCryptoException {
init(apOptions, ticket, key, crealm, cname, init(apOptions, ticket, key, cname,
cksum, ctime, subKey, seqNumber, authorizationData, cksum, ctime, subKey, seqNumber, authorizationData,
KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR); KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR);
...@@ -208,7 +207,6 @@ public class KrbApReq { ...@@ -208,7 +207,6 @@ public class KrbApReq {
init(options, init(options,
tgs_creds.ticket, tgs_creds.ticket,
tgs_creds.key, tgs_creds.key,
tgs_creds.client.getRealm(),
tgs_creds.client, tgs_creds.client,
cksum, cksum,
ctime, ctime,
...@@ -221,7 +219,6 @@ public class KrbApReq { ...@@ -221,7 +219,6 @@ public class KrbApReq {
private void init(APOptions apOptions, private void init(APOptions apOptions,
Ticket ticket, Ticket ticket,
EncryptionKey key, EncryptionKey key,
Realm crealm,
PrincipalName cname, PrincipalName cname,
Checksum cksum, Checksum cksum,
KerberosTime ctime, KerberosTime ctime,
...@@ -232,7 +229,7 @@ public class KrbApReq { ...@@ -232,7 +229,7 @@ public class KrbApReq {
throws Asn1Exception, IOException, throws Asn1Exception, IOException,
KdcErrException, KrbCryptoException { KdcErrException, KrbCryptoException {
createMessage(apOptions, ticket, key, crealm, cname, createMessage(apOptions, ticket, key, cname,
cksum, ctime, subKey, seqNumber, authorizationData, cksum, ctime, subKey, seqNumber, authorizationData,
usage); usage);
obuf = apReqMessg.asn1Encode(); obuf = apReqMessg.asn1Encode();
...@@ -289,9 +286,6 @@ public class KrbApReq { ...@@ -289,9 +286,6 @@ public class KrbApReq {
ctime = authenticator.ctime; ctime = authenticator.ctime;
cusec = authenticator.cusec; cusec = authenticator.cusec;
authenticator.ctime.setMicroSeconds(authenticator.cusec); authenticator.ctime.setMicroSeconds(authenticator.cusec);
authenticator.cname.setRealm(authenticator.crealm);
apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
if (!authenticator.cname.equals(enc_ticketPart.cname)) if (!authenticator.cname.equals(enc_ticketPart.cname))
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH); throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
...@@ -457,7 +451,6 @@ public class KrbApReq { ...@@ -457,7 +451,6 @@ public class KrbApReq {
private void createMessage(APOptions apOptions, private void createMessage(APOptions apOptions,
Ticket ticket, Ticket ticket,
EncryptionKey key, EncryptionKey key,
Realm crealm,
PrincipalName cname, PrincipalName cname,
Checksum cksum, Checksum cksum,
KerberosTime ctime, KerberosTime ctime,
...@@ -474,8 +467,7 @@ public class KrbApReq { ...@@ -474,8 +467,7 @@ public class KrbApReq {
seqno = new Integer(seqNumber.current()); seqno = new Integer(seqNumber.current());
authenticator = authenticator =
new Authenticator(crealm, new Authenticator(cname,
cname,
cksum, cksum,
ctime.getMicroSeconds(), ctime.getMicroSeconds(),
ctime, ctime,
......
src/share/classes/sun/security/krb5/KrbAppMessage.java
浏览文件 @ b0b89f8f
...@@ -48,8 +48,7 @@ abstract class KrbAppMessage { ...@@ -48,8 +48,7 @@ abstract class KrbAppMessage {
HostAddress rAddress, HostAddress rAddress,
boolean timestampRequired, boolean timestampRequired,
boolean seqNumberRequired, boolean seqNumberRequired,
PrincipalName packetPrincipal, PrincipalName packetPrincipal)
Realm packetRealm)
throws KrbApErrException { throws KrbApErrException {
if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) { if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) {
......
src/share/classes/sun/security/krb5/KrbAsRep.java
浏览文件 @ b0b89f8f
...@@ -152,11 +152,10 @@ class KrbAsRep extends KrbKdcRep { ...@@ -152,11 +152,10 @@ class KrbAsRep extends KrbKdcRep {
DerValue encoding = new DerValue(enc_as_rep_part); DerValue encoding = new DerValue(enc_as_rep_part);
EncASRepPart enc_part = new EncASRepPart(encoding); EncASRepPart enc_part = new EncASRepPart(encoding);
rep.ticket.sname.setRealm(rep.ticket.realm);
rep.encKDCRepPart = enc_part; rep.encKDCRepPart = enc_part;
ASReq req = asReq.getMessage(); ASReq req = asReq.getMessage();
check(req, rep); check(true, req, rep);
creds = new Credentials( creds = new Credentials(
rep.ticket, rep.ticket,
......
src/share/classes/sun/security/krb5/KrbAsReq.java
浏览文件 @ b0b89f8f
...@@ -115,10 +115,8 @@ public class KrbAsReq { ...@@ -115,10 +115,8 @@ public class KrbAsReq {
} }
if (sname == null) { if (sname == null) {
sname = new PrincipalName("krbtgt" + String realm = cname.getRealmAsString();
PrincipalName.NAME_COMPONENT_SEPARATOR + sname = PrincipalName.tgsService(realm, realm);
cname.getRealmAsString(),
PrincipalName.KRB_NT_SRV_INST);
} }
if (till == null) { if (till == null) {
...@@ -128,7 +126,6 @@ public class KrbAsReq { ...@@ -128,7 +126,6 @@ public class KrbAsReq {
// enc-authorization-data and additional-tickets never in AS-REQ // enc-authorization-data and additional-tickets never in AS-REQ
KDCReqBody kdc_req_body = new KDCReqBody(options, KDCReqBody kdc_req_body = new KDCReqBody(options,
cname, cname,
cname.getRealm(),
sname, sname,
from, from,
till, till,
......
src/share/classes/sun/security/krb5/KrbAsReqBuilder.java
浏览文件 @ b0b89f8f
...@@ -99,9 +99,6 @@ public final class KrbAsReqBuilder { ...@@ -99,9 +99,6 @@ public final class KrbAsReqBuilder {
// Called by other constructors // Called by other constructors
private void init(PrincipalName cname) private void init(PrincipalName cname)
throws KrbException { throws KrbException {
if (cname.getRealm() == null) {
cname.setRealm(Config.getInstance().getDefaultRealm());
}
this.cname = cname; this.cname = cname;
state = State.INIT; state = State.INIT;
} }
......
src/share/classes/sun/security/krb5/KrbCred.java
浏览文件 @ b0b89f8f
...@@ -96,12 +96,11 @@ public class KrbCred { ...@@ -96,12 +96,11 @@ public class KrbCred {
PrincipalName princ = delegatedCreds.getClient(); PrincipalName princ = delegatedCreds.getClient();
Realm realm = princ.getRealm(); Realm realm = princ.getRealm();
PrincipalName tgService = delegatedCreds.getServer(); PrincipalName tgService = delegatedCreds.getServer();
Realm tgsRealm = tgService.getRealm();
KrbCredInfo credInfo = new KrbCredInfo(sessionKey, realm, KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
princ, delegatedCreds.flags, delegatedCreds.authTime, princ, delegatedCreds.flags, delegatedCreds.authTime,
delegatedCreds.startTime, delegatedCreds.endTime, delegatedCreds.startTime, delegatedCreds.endTime,
delegatedCreds.renewTill, tgsRealm, tgService, delegatedCreds.renewTill, tgService,
delegatedCreds.cAddr); delegatedCreds.cAddr);
timeStamp = new KerberosTime(KerberosTime.NOW); timeStamp = new KerberosTime(KerberosTime.NOW);
...@@ -138,19 +137,13 @@ public class KrbCred { ...@@ -138,19 +137,13 @@ public class KrbCred {
KrbCredInfo credInfo = encPart.ticketInfo[0]; KrbCredInfo credInfo = encPart.ticketInfo[0];
EncryptionKey credInfoKey = credInfo.key; EncryptionKey credInfoKey = credInfo.key;
Realm prealm = credInfo.prealm;
// XXX PrincipalName can store realm + principalname or
// just principal name.
PrincipalName pname = credInfo.pname; PrincipalName pname = credInfo.pname;
pname.setRealm(prealm);
TicketFlags flags = credInfo.flags; TicketFlags flags = credInfo.flags;
KerberosTime authtime = credInfo.authtime; KerberosTime authtime = credInfo.authtime;
KerberosTime starttime = credInfo.starttime; KerberosTime starttime = credInfo.starttime;
KerberosTime endtime = credInfo.endtime; KerberosTime endtime = credInfo.endtime;
KerberosTime renewTill = credInfo.renewTill; KerberosTime renewTill = credInfo.renewTill;
Realm srealm = credInfo.srealm;
PrincipalName sname = credInfo.sname; PrincipalName sname = credInfo.sname;
sname.setRealm(srealm);
HostAddresses caddr = credInfo.caddr; HostAddresses caddr = credInfo.caddr;
if (DEBUG) { if (DEBUG) {
......
src/share/classes/sun/security/krb5/KrbException.java
浏览文件 @ b0b89f8f
...@@ -45,6 +45,10 @@ public class KrbException extends Exception { ...@@ -45,6 +45,10 @@ public class KrbException extends Exception {
super(s); super(s);
} }
public KrbException(Throwable cause) {
super(cause);
}
public KrbException(int i) { public KrbException(int i) {
returnCode = i; returnCode = i;
} }
......
src/share/classes/sun/security/krb5/KrbKdcRep.java
浏览文件 @ b0b89f8f
...@@ -35,28 +35,17 @@ import sun.security.krb5.internal.*; ...@@ -35,28 +35,17 @@ import sun.security.krb5.internal.*;
abstract class KrbKdcRep { abstract class KrbKdcRep {
static void check( static void check(
boolean isAsReq,
KDCReq req, KDCReq req,
KDCRep rep KDCRep rep
) throws KrbApErrException { ) throws KrbApErrException {
if (!req.reqBody.cname.equalsWithoutRealm(rep.cname)) { if (isAsReq && !req.reqBody.cname.equals(rep.cname)) {
rep.encKDCRepPart.key.destroy(); rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
} }
/**** XXX if (!req.reqBody.sname.equals(rep.encKDCRepPart.sname)) {
if (!req.reqBody.crealm.equals(rep.crealm)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
*****/
if (!req.reqBody.sname.equalsWithoutRealm(rep.encKDCRepPart.sname)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
if (!req.reqBody.crealm.equals(rep.encKDCRepPart.srealm)) {
rep.encKDCRepPart.key.destroy(); rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
} }
...@@ -73,7 +62,6 @@ abstract class KrbKdcRep { ...@@ -73,7 +62,6 @@ abstract class KrbKdcRep {
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
} }
for (int i = 1; i < 6; i++) { for (int i = 1; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) != if (req.reqBody.kdcOptions.get(i) !=
rep.encKDCRepPart.flags.get(i)) { rep.encKDCRepPart.flags.get(i)) {
......
src/share/classes/sun/security/krb5/KrbPriv.java
浏览文件 @ b0b89f8f
...@@ -89,8 +89,7 @@ class KrbPriv extends KrbAppMessage { ...@@ -89,8 +89,7 @@ class KrbPriv extends KrbAppMessage {
raddr, raddr,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
creds.client, creds.client
creds.client.getRealm()
); );
} }
...@@ -151,8 +150,7 @@ class KrbPriv extends KrbAppMessage { ...@@ -151,8 +150,7 @@ class KrbPriv extends KrbAppMessage {
HostAddress rAddress, HostAddress rAddress,
boolean timestampRequired, boolean timestampRequired,
boolean seqNumberRequired, boolean seqNumberRequired,
PrincipalName cname, PrincipalName cname
Realm crealm
) throws Asn1Exception, KdcErrException, ) throws Asn1Exception, KdcErrException,
KrbApErrException, IOException, KrbCryptoException { KrbApErrException, IOException, KrbCryptoException {
...@@ -172,8 +170,7 @@ class KrbPriv extends KrbAppMessage { ...@@ -172,8 +170,7 @@ class KrbPriv extends KrbAppMessage {
rAddress, rAddress,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
cname, cname
crealm
); );
return enc_part.userData; return enc_part.userData;
......
src/share/classes/sun/security/krb5/KrbSafe.java
浏览文件 @ b0b89f8f
...@@ -90,8 +90,7 @@ class KrbSafe extends KrbAppMessage { ...@@ -90,8 +90,7 @@ class KrbSafe extends KrbAppMessage {
raddr, raddr,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
creds.client, creds.client
creds.client.getRealm()
); );
} }
...@@ -154,8 +153,7 @@ class KrbSafe extends KrbAppMessage { ...@@ -154,8 +153,7 @@ class KrbSafe extends KrbAppMessage {
HostAddress rAddress, HostAddress rAddress,
boolean timestampRequired, boolean timestampRequired,
boolean seqNumberRequired, boolean seqNumberRequired,
PrincipalName cname, PrincipalName cname
Realm crealm
) throws Asn1Exception, KdcErrException, ) throws Asn1Exception, KdcErrException,
KrbApErrException, IOException, KrbCryptoException { KrbApErrException, IOException, KrbCryptoException {
...@@ -177,8 +175,7 @@ class KrbSafe extends KrbAppMessage { ...@@ -177,8 +175,7 @@ class KrbSafe extends KrbAppMessage {
rAddress, rAddress,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
cname, cname
crealm
); );
return krb_safe.safeBody.userData; return krb_safe.safeBody.userData;
......
src/share/classes/sun/security/krb5/KrbTgsRep.java
浏览文件 @ b0b89f8f
...@@ -82,12 +82,11 @@ public class KrbTgsRep extends KrbKdcRep { ...@@ -82,12 +82,11 @@ public class KrbTgsRep extends KrbKdcRep {
byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes); byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes);
ref = new DerValue(enc_tgs_rep_part); ref = new DerValue(enc_tgs_rep_part);
EncTGSRepPart enc_part = new EncTGSRepPart(ref); EncTGSRepPart enc_part = new EncTGSRepPart(ref);
rep.ticket.sname.setRealm(rep.ticket.realm);
rep.encKDCRepPart = enc_part; rep.encKDCRepPart = enc_part;
check(req, rep); check(false, req, rep);
creds = new Credentials(rep.ticket, this.creds = new Credentials(rep.ticket,
req.reqBody.cname, req.reqBody.cname,
rep.ticket.sname, rep.ticket.sname,
enc_part.key, enc_part.key,
...@@ -99,7 +98,6 @@ public class KrbTgsRep extends KrbKdcRep { ...@@ -99,7 +98,6 @@ public class KrbTgsRep extends KrbKdcRep {
enc_part.caddr enc_part.caddr
); );
this.rep = rep; this.rep = rep;
this.creds = creds;
this.secondTicket = tgsReq.getSecondTicket(); this.secondTicket = tgsReq.getSecondTicket();
} }
......
src/share/classes/sun/security/krb5/KrbTgsReq.java
浏览文件 @ b0b89f8f
...@@ -148,7 +148,6 @@ public class KrbTgsReq { ...@@ -148,7 +148,6 @@ public class KrbTgsReq {
asCreds.key, asCreds.key,
ctime, ctime,
princName, princName,
princName.getRealm(),
servName, servName,
from, from,
till, till,
...@@ -214,7 +213,6 @@ public class KrbTgsReq { ...@@ -214,7 +213,6 @@ public class KrbTgsReq {
EncryptionKey key, EncryptionKey key,
KerberosTime ctime, KerberosTime ctime,
PrincipalName cname, PrincipalName cname,
Realm crealm,
PrincipalName sname, PrincipalName sname,
KerberosTime from, KerberosTime from,
KerberosTime till, KerberosTime till,
...@@ -273,8 +271,6 @@ public class KrbTgsReq { ...@@ -273,8 +271,6 @@ public class KrbTgsReq {
KDCReqBody reqBody = new KDCReqBody( KDCReqBody reqBody = new KDCReqBody(
kdc_options, kdc_options,
cname, cname,
// crealm,
sname.getRealm(), // TO
sname, sname,
from, from,
req_till, req_till,
...@@ -315,7 +311,6 @@ public class KrbTgsReq { ...@@ -315,7 +311,6 @@ public class KrbTgsReq {
new APOptions(), new APOptions(),
ticket, ticket,
key, key,
crealm,
cname, cname,
cksum, cksum,
ctime, ctime,
......
src/share/classes/sun/security/krb5/PrincipalName.java
浏览文件 @ b0b89f8f
...@@ -38,15 +38,25 @@ import java.util.Vector; ...@@ -38,15 +38,25 @@ import java.util.Vector;
import java.util.Locale; import java.util.Locale;
import java.io.IOException; import java.io.IOException;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Arrays;
import sun.security.krb5.internal.ccache.CCacheOutputStream; import sun.security.krb5.internal.ccache.CCacheOutputStream;
import sun.security.krb5.internal.util.KerberosString; import sun.security.krb5.internal.util.KerberosString;
/** /**
* This class encapsulates a Kerberos principal. * Implements the ASN.1 PrincipalName type and its realm in a single class.
* <xmp>
* Realm ::= KerberosString
*
* PrincipalName ::= SEQUENCE {
* name-type [0] Int32,
* name-string [1] SEQUENCE OF KerberosString
* }
* </xmp>
* This class is immutable.
* @see Realm
*/ */
public class PrincipalName public class PrincipalName implements Cloneable {
implements Cloneable {
//name types //name types
...@@ -80,8 +90,6 @@ public class PrincipalName ...@@ -80,8 +90,6 @@ public class PrincipalName
*/ */
public static final int KRB_NT_UID = 5; public static final int KRB_NT_UID = 5;
/** /**
* TGS Name * TGS Name
*/ */
...@@ -96,98 +104,109 @@ public class PrincipalName ...@@ -96,98 +104,109 @@ public class PrincipalName
public static final String NAME_REALM_SEPARATOR_STR = "@"; public static final String NAME_REALM_SEPARATOR_STR = "@";
public static final String REALM_COMPONENT_SEPARATOR_STR = "."; public static final String REALM_COMPONENT_SEPARATOR_STR = ".";
private int nameType; // Instance fields.
private String[] nameStrings; // Principal names don't mutate often
/**
* The name type, from PrincipalName's name-type field.
*/
private final int nameType;
/**
* The name strings, from PrincipalName's name-strings field. This field
* must be neither null nor empty. Each entry of it must also be neither
* null nor empty. Make sure to clone the field when it's passed in or out.
*/
private final String[] nameStrings;
/**
* The realm this principal belongs to.
*/
private final Realm nameRealm; // not null
// cached default salt, not used in clone
private transient String salt = null;
private Realm nameRealm; // optional; a null realm means use default // There are 3 basic constructors. All other constructors must call them.
// Note: the nameRealm is not included in the default ASN.1 encoding // All basic constructors must call validateNameStrings.
// 1. From name components
// 2. From name
// 3. From DER encoding
// cached salt, might be changed by KDC info, not used in clone /**
private String salt = null; * Creates a PrincipalName.
*/
public PrincipalName(int nameType, String[] nameStrings, Realm nameRealm) {
if (nameRealm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
validateNameStrings(nameStrings);
this.nameType = nameType;
this.nameStrings = nameStrings.clone();
this.nameRealm = nameRealm;
}
protected PrincipalName() { // This method is called by Windows NativeCred.c
public PrincipalName(String[] nameParts, String realm) throws RealmException {
this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
} }
public PrincipalName(String[] nameParts, int type) public PrincipalName(String[] nameParts, int type)
throws IllegalArgumentException, IOException { throws IllegalArgumentException, RealmException {
if (nameParts == null) { this(type, nameParts, Realm.getDefault());
throw new IllegalArgumentException("Null input not allowed");
}
nameStrings = new String[nameParts.length];
System.arraycopy(nameParts, 0, nameStrings, 0, nameParts.length);
nameType = type;
nameRealm = null;
} }
public PrincipalName(String[] nameParts) throws IOException { // Validate a nameStrings argument
this(nameParts, KRB_NT_UNKNOWN); private static void validateNameStrings(String[] ns) {
if (ns == null) {
throw new IllegalArgumentException("Null nameStrings not allowed");
}
if (ns.length == 0) {
throw new IllegalArgumentException("Empty nameStrings not allowed");
}
for (String s: ns) {
if (s == null) {
throw new IllegalArgumentException("Null nameString not allowed");
}
if (s.isEmpty()) {
throw new IllegalArgumentException("Empty nameString not allowed");
}
}
} }
public Object clone() { public Object clone() {
try { try {
PrincipalName pName = (PrincipalName) super.clone(); PrincipalName pName = (PrincipalName) super.clone();
// Re-assign mutable fields UNSAFE.putObject(this, NAME_STRINGS_OFFSET, nameStrings.clone());
if (nameStrings != null) {
pName.nameStrings = nameStrings.clone();
}
if (nameRealm != null) {
pName.nameRealm = (Realm)nameRealm.clone();
}
return pName; return pName;
} catch (CloneNotSupportedException ex) { } catch (CloneNotSupportedException ex) {
throw new AssertionError("Should never happen"); throw new AssertionError("Should never happen");
} }
} }
/* private static final long NAME_STRINGS_OFFSET;
* Added to workaround a bug where the equals method that takes a private static final sun.misc.Unsafe UNSAFE;
* PrincipalName is not being called but Object.equals(Object) is static {
* being called. try {
*/ sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe();
public boolean equals(Object o) { NAME_STRINGS_OFFSET = unsafe.objectFieldOffset(
if (o instanceof PrincipalName) PrincipalName.class.getDeclaredField("nameStrings"));
return equals((PrincipalName)o); UNSAFE = unsafe;
else } catch (ReflectiveOperationException e) {
return false; throw new Error(e);
}
public boolean equals(PrincipalName other) {
if (!equalsWithoutRealm(other)) {
return false;
}
if ((nameRealm != null && other.nameRealm == null) ||
(nameRealm == null && other.nameRealm != null)) {
return false;
}
if (nameRealm != null && other.nameRealm != null) {
if (!nameRealm.equals(other.nameRealm)) {
return false;
}
} }
return true;
} }
boolean equalsWithoutRealm(PrincipalName other) { @Override
public boolean equals(Object o) {
if ((nameStrings != null && other.nameStrings == null) || if (this == o) {
(nameStrings == null && other.nameStrings != null)) return true;
return false;
if (nameStrings != null && other.nameStrings != null) {
if (nameStrings.length != other.nameStrings.length)
return false;
for (int i = 0; i < nameStrings.length; i++)
if (!nameStrings[i].equals(other.nameStrings[i]))
return false;
} }
if (o instanceof PrincipalName) {
return true; PrincipalName other = (PrincipalName)o;
return nameRealm.equals(other.nameRealm) &&
Arrays.equals(nameStrings, other.nameStrings);
}
return false;
} }
/** /**
...@@ -208,20 +227,23 @@ public class PrincipalName ...@@ -208,20 +227,23 @@ public class PrincipalName
* http://www.ietf.org/rfc/rfc4120.txt</a>. * http://www.ietf.org/rfc/rfc4120.txt</a>.
* *
* @param encoding a Der-encoded data. * @param encoding a Der-encoded data.
* @param realm the realm for this name
* @exception Asn1Exception if an error occurs while decoding * @exception Asn1Exception if an error occurs while decoding
* an ASN1 encoded data. * an ASN1 encoded data.
* @exception Asn1Exception if there is an ASN1 encoding error * @exception Asn1Exception if there is an ASN1 encoding error
* @exception IOException if an I/O error occurs * @exception IOException if an I/O error occurs
* @exception IllegalArgumentException if encoding is null * @exception IllegalArgumentException if encoding is null
* reading encoded data. * reading encoded data.
*
*/ */
public PrincipalName(DerValue encoding) public PrincipalName(DerValue encoding, Realm realm)
throws Asn1Exception, IOException { throws Asn1Exception, IOException {
nameRealm = null; if (realm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
nameRealm = realm;
DerValue der; DerValue der;
if (encoding == null) { if (encoding == null) {
throw new IllegalArgumentException("Null input not allowed"); throw new IllegalArgumentException("Null encoding not allowed");
} }
if (encoding.getTag() != DerValue.tag_Sequence) { if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
...@@ -243,14 +265,12 @@ public class PrincipalName ...@@ -243,14 +265,12 @@ public class PrincipalName
DerValue subSubDer; DerValue subSubDer;
while(subDer.getData().available() > 0) { while(subDer.getData().available() > 0) {
subSubDer = subDer.getData().getDerValue(); subSubDer = subDer.getData().getDerValue();
v.addElement(new KerberosString(subSubDer).toString()); String namePart = new KerberosString(subSubDer).toString();
} v.addElement(namePart);
if (v.size() > 0) {
nameStrings = new String[v.size()];
v.copyInto(nameStrings);
} else {
nameStrings = new String[] {""};
} }
nameStrings = new String[v.size()];
v.copyInto(nameStrings);
validateNameStrings(nameStrings);
} else { } else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
...@@ -267,32 +287,35 @@ public class PrincipalName ...@@ -267,32 +287,35 @@ public class PrincipalName
* more marshaled value. * more marshaled value.
* @param explicitTag tag number. * @param explicitTag tag number.
* @param optional indicate if this data field is optional * @param optional indicate if this data field is optional
* @return an instance of <code>PrincipalName</code>. * @param realm the realm for the name
* * @return an instance of <code>PrincipalName</code>, or null if the
* field is optional and missing.
*/ */
public static PrincipalName parse(DerInputStream data, public static PrincipalName parse(DerInputStream data,
byte explicitTag, boolean byte explicitTag, boolean
optional) optional,
throws Asn1Exception, IOException { Realm realm)
throws Asn1Exception, IOException, RealmException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != if ((optional) && (((byte)data.peekByte() & (byte)0x1F) !=
explicitTag)) explicitTag))
return null; return null;
DerValue der = data.getDerValue(); DerValue der = data.getDerValue();
if (explicitTag != (der.getTag() & (byte)0x1F)) if (explicitTag != (der.getTag() & (byte)0x1F)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
else { } else {
DerValue subDer = der.getData().getDerValue(); DerValue subDer = der.getData().getDerValue();
return new PrincipalName(subDer); if (realm == null) {
realm = Realm.getDefault();
}
return new PrincipalName(subDer, realm);
} }
} }
// This is protected because the definition of a principal
// string is fixed
// XXX Error checkin consistent with MIT krb5_parse_name // XXX Error checkin consistent with MIT krb5_parse_name
// Code repetition, realm parsed again by class Realm // Code repetition, realm parsed again by class Realm
protected static String[] parseName(String name) { private static String[] parseName(String name) {
Vector<String> tempStrings = new Vector<>(); Vector<String> tempStrings = new Vector<>();
String temp = name; String temp = name;
...@@ -312,13 +335,13 @@ public class PrincipalName ...@@ -312,13 +335,13 @@ public class PrincipalName
continue; continue;
} }
else { else {
if (componentStart < i) { if (componentStart <= i) {
component = temp.substring(componentStart, i); component = temp.substring(componentStart, i);
tempStrings.addElement(component); tempStrings.addElement(component);
} }
componentStart = i + 1; componentStart = i + 1;
} }
} else } else {
if (temp.charAt(i) == NAME_REALM_SEPARATOR) { if (temp.charAt(i) == NAME_REALM_SEPARATOR) {
/* /*
* If this separator is escaped then don't treat it * If this separator is escaped then don't treat it
...@@ -337,11 +360,11 @@ public class PrincipalName ...@@ -337,11 +360,11 @@ public class PrincipalName
break; break;
} }
} }
}
i++; i++;
} }
if (i == temp.length()) if (i == temp.length()) {
if (componentStart < i) {
component = temp.substring(componentStart, i); component = temp.substring(componentStart, i);
tempStrings.addElement(component); tempStrings.addElement(component);
} }
...@@ -351,30 +374,26 @@ public class PrincipalName ...@@ -351,30 +374,26 @@ public class PrincipalName
return result; return result;
} }
public PrincipalName(String name, int type) /**
throws RealmException { * Constructs a PrincipalName from a string.
* @param name the name
* @param type the type
* @param realm the realm, null if not known. Note that when realm is not
* null, it will be always used even if there is a realm part in name. When
* realm is null, will read realm part from name, or try to map a realm
* (for KRB_NT_SRV_HST), or use the default realm, or fail
* @throws RealmException
*/
public PrincipalName(String name, int type, String realm)
throws RealmException {
if (name == null) { if (name == null) {
throw new IllegalArgumentException("Null name not allowed"); throw new IllegalArgumentException("Null name not allowed");
} }
String[] nameParts = parseName(name); String[] nameParts = parseName(name);
Realm tempRealm = null; validateNameStrings(nameParts);
String realmString = Realm.parseRealmAtSeparator(name); if (realm == null) {
realm = Realm.parseRealmAtSeparator(name);
if (realmString == null) {
try {
Config config = Config.getInstance();
realmString = config.getDefaultRealm();
} catch (KrbException e) {
RealmException re =
new RealmException(e.getMessage());
re.initCause(e);
throw re;
}
} }
if (realmString != null)
tempRealm = new Realm(realmString);
switch (type) { switch (type) {
case KRB_NT_SRV_HST: case KRB_NT_SRV_HST:
if (nameParts.length >= 2) { if (nameParts.length >= 2) {
...@@ -401,18 +420,22 @@ public class PrincipalName ...@@ -401,18 +420,22 @@ public class PrincipalName
} }
nameStrings = nameParts; nameStrings = nameParts;
nameType = type; nameType = type;
if (realm != null) {
nameRealm = new Realm(realm);
} else {
// We will try to get realm name from the mapping in // We will try to get realm name from the mapping in
// the configuration. If it is not specified // the configuration. If it is not specified
// we will use the default realm. This nametype does // we will use the default realm. This nametype does
// not allow a realm to be specified. The name string must of // not allow a realm to be specified. The name string must of
// the form service@host and this is internally changed into // the form service@host and this is internally changed into
// service/host by Kerberos // service/host by Kerberos
String mapRealm = mapHostToRealm(nameParts[1]);
String mapRealm = mapHostToRealm(nameParts[1]); if (mapRealm != null) {
if (mapRealm != null) { nameRealm = new Realm(mapRealm);
nameRealm = new Realm(mapRealm); } else {
} else { nameRealm = Realm.getDefault();
nameRealm = tempRealm; }
} }
break; break;
case KRB_NT_UNKNOWN: case KRB_NT_UNKNOWN:
...@@ -422,20 +445,34 @@ public class PrincipalName ...@@ -422,20 +445,34 @@ public class PrincipalName
case KRB_NT_UID: case KRB_NT_UID:
nameStrings = nameParts; nameStrings = nameParts;
nameType = type; nameType = type;
nameRealm = tempRealm; if (realm != null) {
nameRealm = new Realm(realm);
} else {
nameRealm = Realm.getDefault();
}
break; break;
default: default:
throw new IllegalArgumentException("Illegal name type"); throw new IllegalArgumentException("Illegal name type");
} }
} }
public PrincipalName(String name, int type) throws RealmException {
this(name, type, (String)null);
}
public PrincipalName(String name) throws RealmException { public PrincipalName(String name) throws RealmException {
this(name, KRB_NT_UNKNOWN); this(name, KRB_NT_UNKNOWN);
} }
public PrincipalName(String name, String realm) throws RealmException { public PrincipalName(String name, String realm) throws RealmException {
this(name, KRB_NT_UNKNOWN); this(name, KRB_NT_UNKNOWN, realm);
nameRealm = new Realm(realm); }
public static PrincipalName tgsService(String r1, String r2)
throws KrbException {
return new PrincipalName(PrincipalName.KRB_NT_SRV_INST,
new String[] {PrincipalName.TGS_DEFAULT_SRV_NAME, r1},
new Realm(r2));
} }
public String getRealmAsString() { public String getRealmAsString() {
...@@ -475,29 +512,17 @@ public class PrincipalName ...@@ -475,29 +512,17 @@ public class PrincipalName
} }
public String getRealmString() { public String getRealmString() {
if (nameRealm != null) return nameRealm.toString();
return nameRealm.toString();
return null;
} }
public Realm getRealm() { public Realm getRealm() {
return nameRealm; return nameRealm;
} }
public void setRealm(Realm new_nameRealm) throws RealmException {
nameRealm = new_nameRealm;
}
public void setRealm(String realmsString) throws RealmException {
nameRealm = new Realm(realmsString);
}
public String getSalt() { public String getSalt() {
if (salt == null) { if (salt == null) {
StringBuffer salt = new StringBuffer(); StringBuffer salt = new StringBuffer();
if (nameRealm != null) { salt.append(nameRealm.toString());
salt.append(nameRealm.toString());
}
for (int i = 0; i < nameStrings.length; i++) { for (int i = 0; i < nameStrings.length; i++) {
salt.append(nameStrings[i]); salt.append(nameStrings[i]);
} }
...@@ -513,11 +538,8 @@ public class PrincipalName ...@@ -513,11 +538,8 @@ public class PrincipalName
str.append("/"); str.append("/");
str.append(nameStrings[i]); str.append(nameStrings[i]);
} }
if (nameRealm != null) { str.append("@");
str.append("@"); str.append(nameRealm.toString());
str.append(nameRealm.toString());
}
return str.toString(); return str.toString();
} }
...@@ -532,7 +554,8 @@ public class PrincipalName ...@@ -532,7 +554,8 @@ public class PrincipalName
} }
/** /**
* Encodes a <code>PrincipalName</code> object. * Encodes a <code>PrincipalName</code> object. Note that only the type and
* names are encoded. To encode the realm, call getRealm().asn1Encode().
* @return the byte array of the encoded PrncipalName object. * @return the byte array of the encoded PrncipalName object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data. * @exception IOException if an I/O error occurs while reading encoded data.
...@@ -597,12 +620,10 @@ public class PrincipalName ...@@ -597,12 +620,10 @@ public class PrincipalName
public void writePrincipal(CCacheOutputStream cos) throws IOException { public void writePrincipal(CCacheOutputStream cos) throws IOException {
cos.write32(nameType); cos.write32(nameType);
cos.write32(nameStrings.length); cos.write32(nameStrings.length);
if (nameRealm != null) { byte[] realmBytes = null;
byte[] realmBytes = null; realmBytes = nameRealm.toString().getBytes();
realmBytes = nameRealm.toString().getBytes(); cos.write32(realmBytes.length);
cos.write32(realmBytes.length); cos.write(realmBytes, 0, realmBytes.length);
cos.write(realmBytes, 0, realmBytes.length);
}
byte[] bytes = null; byte[] bytes = null;
for (int i = 0; i < nameStrings.length; i++) { for (int i = 0; i < nameStrings.length; i++) {
bytes = nameStrings[i].getBytes(); bytes = nameStrings[i].getBytes();
...@@ -611,31 +632,6 @@ public class PrincipalName ...@@ -611,31 +632,6 @@ public class PrincipalName
} }
} }
/**
* Creates a KRB_NT_SRV_INST name from the supplied
* name components and realm.
* @param primary the primary component of the name
* @param instance the instance component of the name
* @param realm the realm
* @throws KrbException
*/
protected PrincipalName(String primary, String instance, String realm,
int type)
throws KrbException {
if (type != KRB_NT_SRV_INST) {
throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name type");
}
String[] nParts = new String[2];
nParts[0] = primary;
nParts[1] = instance;
this.nameStrings = nParts;
this.nameRealm = new Realm(realm);
this.nameType = type;
}
/** /**
* Returns the instance component of a name. * Returns the instance component of a name.
* In a multi-component name such as a KRB_NT_SRV_INST * In a multi-component name such as a KRB_NT_SRV_INST
......
src/share/classes/sun/security/krb5/Realm.java
浏览文件 @ b0b89f8f
...@@ -46,24 +46,29 @@ import sun.security.krb5.internal.util.KerberosString; ...@@ -46,24 +46,29 @@ import sun.security.krb5.internal.util.KerberosString;
* <xmp> * <xmp>
* Realm ::= GeneralString * Realm ::= GeneralString
* </xmp> * </xmp>
* This class is immutable.
*/ */
public class Realm implements Cloneable { public class Realm implements Cloneable {
private String realm; private final String realm; // not null nor empty
private static boolean DEBUG = Krb5.DEBUG; private static boolean DEBUG = Krb5.DEBUG;
private Realm() {
}
public Realm(String name) throws RealmException { public Realm(String name) throws RealmException {
realm = parseRealm(name); realm = parseRealm(name);
} }
public Object clone() { public static Realm getDefault() throws RealmException {
Realm new_realm = new Realm(); try {
if (realm != null) { return new Realm(Config.getInstance().getDefaultRealm());
new_realm.realm = new String(realm); } catch (RealmException re) {
throw re;
} catch (KrbException ke) {
throw new RealmException(ke);
} }
return new_realm; }
// Immutable class, no need to clone
public Object clone() {
return this;
} }
public boolean equals(Object obj) { public boolean equals(Object obj) {
...@@ -76,21 +81,11 @@ public class Realm implements Cloneable { ...@@ -76,21 +81,11 @@ public class Realm implements Cloneable {
} }
Realm that = (Realm)obj; Realm that = (Realm)obj;
if (this.realm != null && that.realm != null ) { return this.realm.equals(that.realm);
return this.realm.equals(that.realm);
} else {
return (this.realm == null && that.realm == null);
}
} }
public int hashCode() { public int hashCode() {
int result = 17 ; return realm.hashCode();
if( realm != null ) {
result = 37 * result + realm.hashCode();
}
return result;
} }
/** /**
...@@ -116,6 +111,7 @@ public class Realm implements Cloneable { ...@@ -116,6 +111,7 @@ public class Realm implements Cloneable {
return realm; return realm;
} }
// Extract realm from a string like dummy@REALM
public static String parseRealmAtSeparator(String name) public static String parseRealmAtSeparator(String name)
throws RealmException { throws RealmException {
if (name == null) { if (name == null) {
...@@ -128,8 +124,12 @@ public class Realm implements Cloneable { ...@@ -128,8 +124,12 @@ public class Realm implements Cloneable {
while (i < temp.length()) { while (i < temp.length()) {
if (temp.charAt(i) == PrincipalName.NAME_REALM_SEPARATOR) { if (temp.charAt(i) == PrincipalName.NAME_REALM_SEPARATOR) {
if (i == 0 || temp.charAt(i - 1) != '\\') { if (i == 0 || temp.charAt(i - 1) != '\\') {
if (i + 1 < temp.length()) if (i + 1 < temp.length()) {
result = temp.substring(i + 1, temp.length()); result = temp.substring(i + 1, temp.length());
} else {
throw new IllegalArgumentException
("empty realm part not allowed");
}
break; break;
} }
} }
...@@ -219,7 +219,8 @@ public class Realm implements Cloneable { ...@@ -219,7 +219,8 @@ public class Realm implements Cloneable {
* @return an instance of Realm. * @return an instance of Realm.
* *
*/ */
public static Realm parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException, RealmException { public static Realm parse(DerInputStream data, byte explicitTag, boolean optional)
throws Asn1Exception, IOException, RealmException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) { if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) {
return null; return null;
} }
......
src/share/classes/sun/security/krb5/RealmException.java
浏览文件 @ b0b89f8f
...@@ -47,4 +47,7 @@ public class RealmException extends KrbException { ...@@ -47,4 +47,7 @@ public class RealmException extends KrbException {
super(i,s); super(i,s);
} }
public RealmException(Throwable cause) {
super(cause);
}
} }
src/share/classes/sun/security/krb5/ServiceName.java 已删除 100644 → 0
浏览文件 @ 89d4b110
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
*
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
* Copyright 1997 The Open Group Research Institute. All rights reserved.
*/
package sun.security.krb5;
import java.net.InetAddress;
import java.net.UnknownHostException;
public class ServiceName extends PrincipalName {
public ServiceName(String name, int type) throws RealmException {
super(name, type);
}
public ServiceName(String name) throws RealmException {
this(name, PrincipalName.KRB_NT_UNKNOWN);
}
public ServiceName(String name, String realm) throws RealmException {
this(name, PrincipalName.KRB_NT_UNKNOWN);
setRealm(realm);
}
public ServiceName (String service, String instance, String realm)
throws KrbException
{
super(service, instance, realm, PrincipalName.KRB_NT_SRV_INST);
}
}
src/share/classes/sun/security/krb5/internal/ASRep.java
浏览文件 @ b0b89f8f
...@@ -42,11 +42,10 @@ public class ASRep extends KDCRep { ...@@ -42,11 +42,10 @@ public class ASRep extends KDCRep {
public ASRep( public ASRep(
PAData[] new_pAData, PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Ticket new_ticket, Ticket new_ticket,
EncryptedData new_encPart) throws IOException { EncryptedData new_encPart) throws IOException {
super(new_pAData, new_crealm, new_cname, new_ticket, super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_AS_REP); new_encPart, Krb5.KRB_AS_REP);
} }
......
src/share/classes/sun/security/krb5/internal/Authenticator.java
浏览文件 @ b0b89f8f
...@@ -61,7 +61,6 @@ import java.math.BigInteger; ...@@ -61,7 +61,6 @@ import java.math.BigInteger;
public class Authenticator { public class Authenticator {
public int authenticator_vno; public int authenticator_vno;
public Realm crealm;
public PrincipalName cname; public PrincipalName cname;
Checksum cksum; //optional Checksum cksum; //optional
public int cusec; public int cusec;
...@@ -71,7 +70,6 @@ public class Authenticator { ...@@ -71,7 +70,6 @@ public class Authenticator {
public AuthorizationData authorizationData; //optional public AuthorizationData authorizationData; //optional
public Authenticator( public Authenticator(
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Checksum new_cksum, Checksum new_cksum,
int new_cusec, int new_cusec,
...@@ -80,7 +78,6 @@ public class Authenticator { ...@@ -80,7 +78,6 @@ public class Authenticator {
Integer new_seqNumber, Integer new_seqNumber,
AuthorizationData new_authorizationData) { AuthorizationData new_authorizationData) {
authenticator_vno = Krb5.AUTHNETICATOR_VNO; authenticator_vno = Krb5.AUTHNETICATOR_VNO;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
cksum = new_cksum; cksum = new_cksum;
cusec = new_cusec; cusec = new_cusec;
...@@ -131,8 +128,8 @@ public class Authenticator { ...@@ -131,8 +128,8 @@ public class Authenticator {
if (authenticator_vno != 5) { if (authenticator_vno != 5) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
} }
crealm = Realm.parse(der.getData(), (byte) 0x01, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x01, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x02, false); cname = PrincipalName.parse(der.getData(), (byte) 0x02, false, crealm);
cksum = Checksum.parse(der.getData(), (byte) 0x03, true); cksum = Checksum.parse(der.getData(), (byte) 0x03, true);
subDer = der.getData().getDerValue(); subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) == 0x04) { if ((subDer.getTag() & (byte) 0x1F) == 0x04) {
...@@ -180,7 +177,7 @@ public class Authenticator { ...@@ -180,7 +177,7 @@ public class Authenticator {
DerOutputStream temp = new DerOutputStream(); DerOutputStream temp = new DerOutputStream();
temp.putInteger(BigInteger.valueOf(authenticator_vno)); temp.putInteger(BigInteger.valueOf(authenticator_vno));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), cname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode()));
if (cksum != null) { if (cksum != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode()));
......
src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
浏览文件 @ b0b89f8f
...@@ -72,23 +72,9 @@ rs. ...@@ -72,23 +72,9 @@ rs.
public static Credentials acquireServiceCreds( public static Credentials acquireServiceCreds(
String service, Credentials ccreds) String service, Credentials ccreds)
throws KrbException, IOException { throws KrbException, IOException {
ServiceName sname = new ServiceName(service); PrincipalName sname = new PrincipalName(service);
String serviceRealm = sname.getRealmString(); String serviceRealm = sname.getRealmString();
String localRealm = ccreds.getClient().getRealmString(); String localRealm = ccreds.getClient().getRealmString();
String defaultRealm = Config.getInstance().getDefaultRealm();
if (localRealm == null) {
PrincipalName temp = null;
if ((temp = ccreds.getServer()) != null)
localRealm = temp.getRealmString();
}
if (localRealm == null) {
localRealm = defaultRealm;
}
if (serviceRealm == null) {
serviceRealm = localRealm;
sname.setRealm(serviceRealm);
}
/* /*
if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
...@@ -128,13 +114,12 @@ rs. ...@@ -128,13 +114,12 @@ rs.
int i = 0, k = 0; int i = 0, k = 0;
Credentials cTgt = null, newTgt = null, theTgt = null; Credentials cTgt = null, newTgt = null, theTgt = null;
ServiceName tempService = null; PrincipalName tempService = null;
String realm = null, newTgtRealm = null, theTgtRealm = null; String realm = null, newTgtRealm = null, theTgtRealm = null;
for (cTgt = ccreds, i = 0; i < realms.length;) for (cTgt = ccreds, i = 0; i < realms.length;)
{ {
tempService = new ServiceName(PrincipalName.TGS_DEFAULT_SRV_NAME, tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
serviceRealm, realms[i]);
if (DEBUG) if (DEBUG)
{ {
...@@ -164,9 +149,7 @@ rs. ...@@ -164,9 +149,7 @@ rs.
newTgt == null && k > i; k--) newTgt == null && k > i; k--)
{ {
tempService = new ServiceName( tempService = PrincipalName.tgsService(realms[k], realms[i]);
PrincipalName.TGS_DEFAULT_SRV_NAME,
realms[k], realms[i]);
if (DEBUG) if (DEBUG)
{ {
System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService); System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
...@@ -306,7 +289,7 @@ rs. ...@@ -306,7 +289,7 @@ rs.
* This method does the real job to request the service credential. * This method does the real job to request the service credential.
*/ */
private static Credentials serviceCreds( private static Credentials serviceCreds(
ServiceName service, Credentials ccreds) PrincipalName service, Credentials ccreds)
throws KrbException, IOException { throws KrbException, IOException {
return new KrbTgsReq(ccreds, service).sendAndGetCreds(); return new KrbTgsReq(ccreds, service).sendAndGetCreds();
} }
......
src/share/classes/sun/security/krb5/internal/EncASRepPart.java
浏览文件 @ b0b89f8f
...@@ -46,7 +46,6 @@ public class EncASRepPart extends EncKDCRepPart { ...@@ -46,7 +46,6 @@ public class EncASRepPart extends EncKDCRepPart {
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr) { HostAddresses new_caddr) {
super( super(
...@@ -59,7 +58,6 @@ public class EncASRepPart extends EncKDCRepPart { ...@@ -59,7 +58,6 @@ public class EncASRepPart extends EncKDCRepPart {
new_starttime, new_starttime,
new_endtime, new_endtime,
new_renewTill, new_renewTill,
new_srealm,
new_sname, new_sname,
new_caddr, new_caddr,
Krb5.KRB_ENC_AS_REP_PART Krb5.KRB_ENC_AS_REP_PART
......
src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
浏览文件 @ b0b89f8f
...@@ -74,7 +74,6 @@ public class EncKDCRepPart { ...@@ -74,7 +74,6 @@ public class EncKDCRepPart {
public KerberosTime starttime; //optional public KerberosTime starttime; //optional
public KerberosTime endtime; public KerberosTime endtime;
public KerberosTime renewTill; //optional public KerberosTime renewTill; //optional
public Realm srealm;
public PrincipalName sname; public PrincipalName sname;
public HostAddresses caddr; //optional public HostAddresses caddr; //optional
public int msgType; //not included in sequence public int msgType; //not included in sequence
...@@ -89,7 +88,6 @@ public class EncKDCRepPart { ...@@ -89,7 +88,6 @@ public class EncKDCRepPart {
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr, HostAddresses new_caddr,
int new_msgType) { int new_msgType) {
...@@ -102,7 +100,6 @@ public class EncKDCRepPart { ...@@ -102,7 +100,6 @@ public class EncKDCRepPart {
starttime = new_starttime; starttime = new_starttime;
endtime = new_endtime; endtime = new_endtime;
renewTill = new_renewTill; renewTill = new_renewTill;
srealm = new_srealm;
sname = new_sname; sname = new_sname;
caddr = new_caddr; caddr = new_caddr;
msgType = new_msgType; msgType = new_msgType;
...@@ -158,8 +155,8 @@ public class EncKDCRepPart { ...@@ -158,8 +155,8 @@ public class EncKDCRepPart {
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
srealm = Realm.parse(der.getData(), (byte) 0x09, false); Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false);
sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false); sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm);
if (der.getData().available() > 0) { if (der.getData().available() > 0) {
caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true); caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
} }
...@@ -206,7 +203,7 @@ public class EncKDCRepPart { ...@@ -206,7 +203,7 @@ public class EncKDCRepPart {
true, (byte) 0x08), renewTill.asn1Encode()); true, (byte) 0x08), renewTill.asn1Encode());
} }
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x09), srealm.asn1Encode()); true, (byte) 0x09), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x0A), sname.asn1Encode()); true, (byte) 0x0A), sname.asn1Encode());
if (caddr != null) { if (caddr != null) {
......
src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java
浏览文件 @ b0b89f8f
...@@ -45,7 +45,6 @@ public class EncTGSRepPart extends EncKDCRepPart { ...@@ -45,7 +45,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr) { HostAddresses new_caddr) {
super( super(
...@@ -58,7 +57,6 @@ public class EncTGSRepPart extends EncKDCRepPart { ...@@ -58,7 +57,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
new_starttime, new_starttime,
new_endtime, new_endtime,
new_renewTill, new_renewTill,
new_srealm,
new_sname, new_sname,
new_caddr, new_caddr,
Krb5.KRB_ENC_TGS_REP_PART); Krb5.KRB_ENC_TGS_REP_PART);
......
src/share/classes/sun/security/krb5/internal/EncTicketPart.java
浏览文件 @ b0b89f8f
...@@ -65,7 +65,6 @@ public class EncTicketPart { ...@@ -65,7 +65,6 @@ public class EncTicketPart {
public TicketFlags flags; public TicketFlags flags;
public EncryptionKey key; public EncryptionKey key;
public Realm crealm;
public PrincipalName cname; public PrincipalName cname;
public TransitedEncoding transited; public TransitedEncoding transited;
public KerberosTime authtime; public KerberosTime authtime;
...@@ -78,7 +77,6 @@ public class EncTicketPart { ...@@ -78,7 +77,6 @@ public class EncTicketPart {
public EncTicketPart( public EncTicketPart(
TicketFlags new_flags, TicketFlags new_flags,
EncryptionKey new_key, EncryptionKey new_key,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
TransitedEncoding new_transited, TransitedEncoding new_transited,
KerberosTime new_authtime, KerberosTime new_authtime,
...@@ -89,7 +87,6 @@ public class EncTicketPart { ...@@ -89,7 +87,6 @@ public class EncTicketPart {
AuthorizationData new_authorizationData) { AuthorizationData new_authorizationData) {
flags = new_flags; flags = new_flags;
key = new_key; key = new_key;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
transited = new_transited; transited = new_transited;
authtime = new_authtime; authtime = new_authtime;
...@@ -151,8 +148,8 @@ public class EncTicketPart { ...@@ -151,8 +148,8 @@ public class EncTicketPart {
} }
flags = TicketFlags.parse(der.getData(), (byte) 0x00, false); flags = TicketFlags.parse(der.getData(), (byte) 0x00, false);
key = EncryptionKey.parse(der.getData(), (byte) 0x01, false); key = EncryptionKey.parse(der.getData(), (byte) 0x01, false);
crealm = Realm.parse(der.getData(), (byte) 0x02, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x03, false); cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm);
transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false); transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false);
authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
...@@ -186,7 +183,7 @@ public class EncTicketPart { ...@@ -186,7 +183,7 @@ public class EncTicketPart {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x01), key.asn1Encode()); true, (byte) 0x01), key.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x02), crealm.asn1Encode()); true, (byte) 0x02), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x03), cname.asn1Encode()); true, (byte) 0x03), cname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
......
src/share/classes/sun/security/krb5/internal/KDCRep.java
浏览文件 @ b0b89f8f
...@@ -61,7 +61,6 @@ import java.math.BigInteger; ...@@ -61,7 +61,6 @@ import java.math.BigInteger;
*/ */
public class KDCRep { public class KDCRep {
public Realm crealm;
public PrincipalName cname; public PrincipalName cname;
public Ticket ticket; public Ticket ticket;
public EncryptedData encPart; public EncryptedData encPart;
...@@ -73,7 +72,6 @@ public class KDCRep { ...@@ -73,7 +72,6 @@ public class KDCRep {
public KDCRep( public KDCRep(
PAData[] new_pAData, PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Ticket new_ticket, Ticket new_ticket,
EncryptedData new_encPart, EncryptedData new_encPart,
...@@ -90,7 +88,6 @@ public class KDCRep { ...@@ -90,7 +88,6 @@ public class KDCRep {
} }
} }
} }
crealm = new_crealm;
cname = new_cname; cname = new_cname;
ticket = new_ticket; ticket = new_ticket;
encPart = new_encPart; encPart = new_encPart;
...@@ -174,8 +171,8 @@ public class KDCRep { ...@@ -174,8 +171,8 @@ public class KDCRep {
} else { } else {
pAData = null; pAData = null;
} }
crealm = Realm.parse(der.getData(), (byte) 0x03, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x03, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x04, false); cname = PrincipalName.parse(der.getData(), (byte) 0x04, false, crealm);
ticket = Ticket.parse(der.getData(), (byte) 0x05, false); ticket = Ticket.parse(der.getData(), (byte) 0x05, false);
encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false); encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false);
if (der.getData().available() > 0) { if (der.getData().available() > 0) {
...@@ -212,7 +209,7 @@ public class KDCRep { ...@@ -212,7 +209,7 @@ public class KDCRep {
true, (byte) 0x02), temp); true, (byte) 0x02), temp);
} }
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x03), crealm.asn1Encode()); true, (byte) 0x03), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x04), cname.asn1Encode()); true, (byte) 0x04), cname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
......
src/share/classes/sun/security/krb5/internal/KDCReqBody.java
浏览文件 @ b0b89f8f
...@@ -72,7 +72,6 @@ import java.math.BigInteger; ...@@ -72,7 +72,6 @@ import java.math.BigInteger;
public class KDCReqBody { public class KDCReqBody {
public KDCOptions kdcOptions; public KDCOptions kdcOptions;
public PrincipalName cname; //optional in ASReq only public PrincipalName cname; //optional in ASReq only
public Realm crealm;
public PrincipalName sname; //optional public PrincipalName sname; //optional
public KerberosTime from; //optional public KerberosTime from; //optional
public KerberosTime till; public KerberosTime till;
...@@ -87,7 +86,6 @@ public class KDCReqBody { ...@@ -87,7 +86,6 @@ public class KDCReqBody {
public KDCReqBody( public KDCReqBody(
KDCOptions new_kdcOptions, KDCOptions new_kdcOptions,
PrincipalName new_cname, //optional in ASReq only PrincipalName new_cname, //optional in ASReq only
Realm new_crealm,
PrincipalName new_sname, //optional PrincipalName new_sname, //optional
KerberosTime new_from, //optional KerberosTime new_from, //optional
KerberosTime new_till, KerberosTime new_till,
...@@ -100,7 +98,6 @@ public class KDCReqBody { ...@@ -100,7 +98,6 @@ public class KDCReqBody {
) throws IOException { ) throws IOException {
kdcOptions = new_kdcOptions; kdcOptions = new_kdcOptions;
cname = new_cname; cname = new_cname;
crealm = new_crealm;
sname = new_sname; sname = new_sname;
from = new_from; from = new_from;
till = new_till; till = new_till;
...@@ -142,12 +139,22 @@ public class KDCReqBody { ...@@ -142,12 +139,22 @@ public class KDCReqBody {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false); kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false);
cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true);
// cname only appears in AS-REQ and it shares the realm field with
// sname. This is the only place where realm comes after the name.
// We first give cname a fake realm and reassign it the correct
// realm after the realm field is read.
cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true,
new Realm("PLACEHOLDER"));
if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) { if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
crealm = Realm.parse(encoding.getData(), (byte)0x02, false); Realm realm = Realm.parse(encoding.getData(), (byte)0x02, false);
sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true); if (cname != null) {
cname = new PrincipalName(
cname.getNameType(), cname.getNameStrings(), realm);
}
sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true, realm);
from = KerberosTime.parse(encoding.getData(), (byte)0x04, true); from = KerberosTime.parse(encoding.getData(), (byte)0x04, true);
till = KerberosTime.parse(encoding.getData(), (byte)0x05, false); till = KerberosTime.parse(encoding.getData(), (byte)0x05, false);
rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true); rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true);
...@@ -223,9 +230,11 @@ public class KDCReqBody { ...@@ -223,9 +230,11 @@ public class KDCReqBody {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode()));
} }
} }
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode()));
if (sname != null) { if (sname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode()));
} else if (cname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.getRealm().asn1Encode()));
} }
if (from != null) { if (from != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode()));
......
src/share/classes/sun/security/krb5/internal/KRBError.java
浏览文件 @ b0b89f8f
...@@ -90,9 +90,7 @@ public class KRBError implements java.io.Serializable { ...@@ -90,9 +90,7 @@ public class KRBError implements java.io.Serializable {
private KerberosTime sTime; private KerberosTime sTime;
private Integer suSec; private Integer suSec;
private int errorCode; private int errorCode;
private Realm crealm; //optional
private PrincipalName cname; //optional private PrincipalName cname; //optional
private Realm realm;
private PrincipalName sname; private PrincipalName sname;
private String eText; //optional private String eText; //optional
private byte[] eData; //optional private byte[] eData; //optional
...@@ -128,9 +126,7 @@ public class KRBError implements java.io.Serializable { ...@@ -128,9 +126,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime new_sTime, KerberosTime new_sTime,
Integer new_suSec, Integer new_suSec,
int new_errorCode, int new_errorCode,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Realm new_realm,
PrincipalName new_sname, PrincipalName new_sname,
String new_eText, String new_eText,
byte[] new_eData byte[] new_eData
...@@ -142,9 +138,7 @@ public class KRBError implements java.io.Serializable { ...@@ -142,9 +138,7 @@ public class KRBError implements java.io.Serializable {
sTime = new_sTime; sTime = new_sTime;
suSec = new_suSec; suSec = new_suSec;
errorCode = new_errorCode; errorCode = new_errorCode;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
realm = new_realm;
sname = new_sname; sname = new_sname;
eText = new_eText; eText = new_eText;
eData = new_eData; eData = new_eData;
...@@ -159,9 +153,7 @@ public class KRBError implements java.io.Serializable { ...@@ -159,9 +153,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime new_sTime, KerberosTime new_sTime,
Integer new_suSec, Integer new_suSec,
int new_errorCode, int new_errorCode,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Realm new_realm,
PrincipalName new_sname, PrincipalName new_sname,
String new_eText, String new_eText,
byte[] new_eData, byte[] new_eData,
...@@ -174,9 +166,7 @@ public class KRBError implements java.io.Serializable { ...@@ -174,9 +166,7 @@ public class KRBError implements java.io.Serializable {
sTime = new_sTime; sTime = new_sTime;
suSec = new_suSec; suSec = new_suSec;
errorCode = new_errorCode; errorCode = new_errorCode;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
realm = new_realm;
sname = new_sname; sname = new_sname;
eText = new_eText; eText = new_eText;
eData = new_eData; eData = new_eData;
...@@ -359,10 +349,10 @@ public class KRBError implements java.io.Serializable { ...@@ -359,10 +349,10 @@ public class KRBError implements java.io.Serializable {
errorCode = subDer.getData().getBigInteger().intValue(); errorCode = subDer.getData().getBigInteger().intValue();
} }
else throw new Asn1Exception(Krb5.ASN1_BAD_ID); else throw new Asn1Exception(Krb5.ASN1_BAD_ID);
crealm = Realm.parse(der.getData(), (byte)0x07, true); Realm crealm = Realm.parse(der.getData(), (byte)0x07, true);
cname = PrincipalName.parse(der.getData(), (byte)0x08, true); cname = PrincipalName.parse(der.getData(), (byte)0x08, true, crealm);
realm = Realm.parse(der.getData(), (byte)0x09, false); Realm realm = Realm.parse(der.getData(), (byte)0x09, false);
sname = PrincipalName.parse(der.getData(), (byte)0x0A, false); sname = PrincipalName.parse(der.getData(), (byte)0x0A, false, realm);
eText = null; eText = null;
eData = null; eData = null;
eCksum = null; eCksum = null;
...@@ -403,15 +393,9 @@ public class KRBError implements java.io.Serializable { ...@@ -403,15 +393,9 @@ public class KRBError implements java.io.Serializable {
System.out.println("\t suSec is " + suSec); System.out.println("\t suSec is " + suSec);
System.out.println("\t error code is " + errorCode); System.out.println("\t error code is " + errorCode);
System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode)); System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
if (crealm != null) {
System.out.println("\t crealm is " + crealm.toString());
}
if (cname != null) { if (cname != null) {
System.out.println("\t cname is " + cname.toString()); System.out.println("\t cname is " + cname.toString());
} }
if (realm != null) {
System.out.println("\t realm is " + realm.toString());
}
if (sname != null) { if (sname != null) {
System.out.println("\t sname is " + sname.toString()); System.out.println("\t sname is " + sname.toString());
} }
...@@ -458,14 +442,12 @@ public class KRBError implements java.io.Serializable { ...@@ -458,14 +442,12 @@ public class KRBError implements java.io.Serializable {
temp.putInteger(BigInteger.valueOf(errorCode)); temp.putInteger(BigInteger.valueOf(errorCode));
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), temp); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), temp);
if (crealm != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), crealm.asn1Encode());
}
if (cname != null) { if (cname != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), cname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), cname.asn1Encode());
} }
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), realm.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode());
if (eText != null) { if (eText != null) {
...@@ -506,9 +488,7 @@ public class KRBError implements java.io.Serializable { ...@@ -506,9 +488,7 @@ public class KRBError implements java.io.Serializable {
isEqual(sTime, other.sTime) && isEqual(sTime, other.sTime) &&
isEqual(suSec, other.suSec) && isEqual(suSec, other.suSec) &&
errorCode == other.errorCode && errorCode == other.errorCode &&
isEqual(crealm, other.crealm) &&
isEqual(cname, other.cname) && isEqual(cname, other.cname) &&
isEqual(realm, other.realm) &&
isEqual(sname, other.sname) && isEqual(sname, other.sname) &&
isEqual(eText, other.eText) && isEqual(eText, other.eText) &&
java.util.Arrays.equals(eData, other.eData) && java.util.Arrays.equals(eData, other.eData) &&
...@@ -528,9 +508,7 @@ public class KRBError implements java.io.Serializable { ...@@ -528,9 +508,7 @@ public class KRBError implements java.io.Serializable {
if (sTime != null) result = 37 * result + sTime.hashCode(); if (sTime != null) result = 37 * result + sTime.hashCode();
if (suSec != null) result = 37 * result + suSec.hashCode(); if (suSec != null) result = 37 * result + suSec.hashCode();
result = 37 * result + errorCode; result = 37 * result + errorCode;
if (crealm != null) result = 37 * result + crealm.hashCode();
if (cname != null) result = 37 * result + cname.hashCode(); if (cname != null) result = 37 * result + cname.hashCode();
if (realm != null) result = 37 * result + realm.hashCode();
if (sname != null) result = 37 * result + sname.hashCode(); if (sname != null) result = 37 * result + sname.hashCode();
if (eText != null) result = 37 * result + eText.hashCode(); if (eText != null) result = 37 * result + eText.hashCode();
result = 37 * result + Arrays.hashCode(eData); result = 37 * result + Arrays.hashCode(eData);
......
src/share/classes/sun/security/krb5/internal/KrbCredInfo.java
浏览文件 @ b0b89f8f
...@@ -63,14 +63,12 @@ import java.io.IOException; ...@@ -63,14 +63,12 @@ import java.io.IOException;
public class KrbCredInfo { public class KrbCredInfo {
public EncryptionKey key; public EncryptionKey key;
public Realm prealm; //optional
public PrincipalName pname; //optional public PrincipalName pname; //optional
public TicketFlags flags; //optional public TicketFlags flags; //optional
public KerberosTime authtime; //optional public KerberosTime authtime; //optional
public KerberosTime starttime; //optional public KerberosTime starttime; //optional
public KerberosTime endtime; //optional public KerberosTime endtime; //optional
public KerberosTime renewTill; //optional public KerberosTime renewTill; //optional
public Realm srealm; //optional
public PrincipalName sname; //optional public PrincipalName sname; //optional
public HostAddresses caddr; //optional public HostAddresses caddr; //optional
...@@ -79,26 +77,22 @@ public class KrbCredInfo { ...@@ -79,26 +77,22 @@ public class KrbCredInfo {
public KrbCredInfo( public KrbCredInfo(
EncryptionKey new_key, EncryptionKey new_key,
Realm new_prealm,
PrincipalName new_pname, PrincipalName new_pname,
TicketFlags new_flags, TicketFlags new_flags,
KerberosTime new_authtime, KerberosTime new_authtime,
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr HostAddresses new_caddr
) { ) {
key = new_key; key = new_key;
prealm = new_prealm;
pname = new_pname; pname = new_pname;
flags = new_flags; flags = new_flags;
authtime = new_authtime; authtime = new_authtime;
starttime = new_starttime; starttime = new_starttime;
endtime = new_endtime; endtime = new_endtime;
renewTill = new_renewTill; renewTill = new_renewTill;
srealm = new_srealm;
sname = new_sname; sname = new_sname;
caddr = new_caddr; caddr = new_caddr;
} }
...@@ -115,21 +109,20 @@ public class KrbCredInfo { ...@@ -115,21 +109,20 @@ public class KrbCredInfo {
if (encoding.getTag() != DerValue.tag_Sequence) { if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
prealm = null;
pname = null; pname = null;
flags = null; flags = null;
authtime = null; authtime = null;
starttime = null; starttime = null;
endtime = null; endtime = null;
renewTill = null; renewTill = null;
srealm = null;
sname = null; sname = null;
caddr = null; caddr = null;
key = EncryptionKey.parse(encoding.getData(), (byte)0x00, false); key = EncryptionKey.parse(encoding.getData(), (byte)0x00, false);
Realm prealm = null, srealm = null;
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
prealm = Realm.parse(encoding.getData(), (byte)0x01, true); prealm = Realm.parse(encoding.getData(), (byte)0x01, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true); pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true, prealm);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
flags = TicketFlags.parse(encoding.getData(), (byte)0x03, true); flags = TicketFlags.parse(encoding.getData(), (byte)0x03, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
...@@ -143,7 +136,7 @@ public class KrbCredInfo { ...@@ -143,7 +136,7 @@ public class KrbCredInfo {
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
srealm = Realm.parse(encoding.getData(), (byte)0x08, true); srealm = Realm.parse(encoding.getData(), (byte)0x08, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true); sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true, srealm);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
caddr = HostAddresses.parse(encoding.getData(), (byte)0x0A, true); caddr = HostAddresses.parse(encoding.getData(), (byte)0x0A, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
...@@ -159,10 +152,10 @@ public class KrbCredInfo { ...@@ -159,10 +152,10 @@ public class KrbCredInfo {
public byte[] asn1Encode() throws Asn1Exception, IOException { public byte[] asn1Encode() throws Asn1Exception, IOException {
Vector<DerValue> v = new Vector<>(); Vector<DerValue> v = new Vector<>();
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode()));
if (prealm != null) if (pname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), pname.getRealm().asn1Encode()));
if (pname != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode()));
}
if (flags != null) if (flags != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode()));
if (authtime != null) if (authtime != null)
...@@ -173,10 +166,10 @@ public class KrbCredInfo { ...@@ -173,10 +166,10 @@ public class KrbCredInfo {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode()));
if (renewTill != null) if (renewTill != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode()));
if (srealm != null) if (sname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), sname.getRealm().asn1Encode()));
if (sname != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode()));
}
if (caddr != null) if (caddr != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode()));
DerValue der[] = new DerValue[v.size()]; DerValue der[] = new DerValue[v.size()];
...@@ -190,8 +183,6 @@ public class KrbCredInfo { ...@@ -190,8 +183,6 @@ public class KrbCredInfo {
KrbCredInfo kcred = new KrbCredInfo(); KrbCredInfo kcred = new KrbCredInfo();
kcred.key = (EncryptionKey)key.clone(); kcred.key = (EncryptionKey)key.clone();
// optional fields // optional fields
if (prealm != null)
kcred.prealm = (Realm)prealm.clone();
if (pname != null) if (pname != null)
kcred.pname = (PrincipalName)pname.clone(); kcred.pname = (PrincipalName)pname.clone();
if (flags != null) if (flags != null)
...@@ -204,8 +195,6 @@ public class KrbCredInfo { ...@@ -204,8 +195,6 @@ public class KrbCredInfo {
kcred.endtime = (KerberosTime)endtime.clone(); kcred.endtime = (KerberosTime)endtime.clone();
if (renewTill != null) if (renewTill != null)
kcred.renewTill = (KerberosTime)renewTill.clone(); kcred.renewTill = (KerberosTime)renewTill.clone();
if (srealm != null)
kcred.srealm = (Realm)srealm.clone();
if (sname != null) if (sname != null)
kcred.sname = (PrincipalName)sname.clone(); kcred.sname = (PrincipalName)sname.clone();
if (caddr != null) if (caddr != null)
......
src/share/classes/sun/security/krb5/internal/TGSRep.java
浏览文件 @ b0b89f8f
...@@ -42,12 +42,11 @@ public class TGSRep extends KDCRep { ...@@ -42,12 +42,11 @@ public class TGSRep extends KDCRep {
public TGSRep( public TGSRep(
PAData[] new_pAData, PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Ticket new_ticket, Ticket new_ticket,
EncryptedData new_encPart EncryptedData new_encPart
) throws IOException { ) throws IOException {
super(new_pAData, new_crealm, new_cname, new_ticket, super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_TGS_REP); new_encPart, Krb5.KRB_TGS_REP);
} }
......
src/share/classes/sun/security/krb5/internal/Ticket.java
浏览文件 @ b0b89f8f
...@@ -60,7 +60,6 @@ import java.math.BigInteger; ...@@ -60,7 +60,6 @@ import java.math.BigInteger;
public class Ticket implements Cloneable { public class Ticket implements Cloneable {
public int tkt_vno; public int tkt_vno;
public Realm realm;
public PrincipalName sname; public PrincipalName sname;
public EncryptedData encPart; public EncryptedData encPart;
...@@ -69,7 +68,6 @@ public class Ticket implements Cloneable { ...@@ -69,7 +68,6 @@ public class Ticket implements Cloneable {
public Object clone() { public Object clone() {
Ticket new_ticket = new Ticket(); Ticket new_ticket = new Ticket();
new_ticket.realm = (Realm)realm.clone();
new_ticket.sname = (PrincipalName)sname.clone(); new_ticket.sname = (PrincipalName)sname.clone();
new_ticket.encPart = (EncryptedData)encPart.clone(); new_ticket.encPart = (EncryptedData)encPart.clone();
new_ticket.tkt_vno = tkt_vno; new_ticket.tkt_vno = tkt_vno;
...@@ -77,12 +75,10 @@ public class Ticket implements Cloneable { ...@@ -77,12 +75,10 @@ public class Ticket implements Cloneable {
} }
public Ticket( public Ticket(
Realm new_realm,
PrincipalName new_sname, PrincipalName new_sname,
EncryptedData new_encPart EncryptedData new_encPart
) { ) {
tkt_vno = Krb5.TICKET_VNO; tkt_vno = Krb5.TICKET_VNO;
realm = new_realm;
sname = new_sname; sname = new_sname;
encPart = new_encPart; encPart = new_encPart;
} }
...@@ -123,8 +119,8 @@ public class Ticket implements Cloneable { ...@@ -123,8 +119,8 @@ public class Ticket implements Cloneable {
tkt_vno = subDer.getData().getBigInteger().intValue(); tkt_vno = subDer.getData().getBigInteger().intValue();
if (tkt_vno != Krb5.TICKET_VNO) if (tkt_vno != Krb5.TICKET_VNO)
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
realm = Realm.parse(der.getData(), (byte)0x01, false); Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
sname = PrincipalName.parse(der.getData(), (byte)0x02, false); sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false); encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() > 0) if (der.getData().available() > 0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
...@@ -142,7 +138,7 @@ public class Ticket implements Cloneable { ...@@ -142,7 +138,7 @@ public class Ticket implements Cloneable {
DerValue der[] = new DerValue[4]; DerValue der[] = new DerValue[4];
temp.putInteger(BigInteger.valueOf(tkt_vno)); temp.putInteger(BigInteger.valueOf(tkt_vno));
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), realm.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode());
temp = new DerOutputStream(); temp = new DerOutputStream();
......
src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
浏览文件 @ b0b89f8f
...@@ -114,7 +114,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC ...@@ -114,7 +114,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
// made public for KinitOptions to call directly // made public for KinitOptions to call directly
public PrincipalName readPrincipal(int version) throws IOException, RealmException { public PrincipalName readPrincipal(int version) throws IOException, RealmException {
int type, length, namelength, kret; int type, length, namelength, kret;
PrincipalName p;
String[] pname = null; String[] pname = null;
String realm; String realm;
/* Read principal type */ /* Read principal type */
...@@ -144,11 +143,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC ...@@ -144,11 +143,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
realm = result[0]; realm = result[0];
pname = new String[length]; pname = new String[length];
System.arraycopy(result, 1, pname, 0, length); System.arraycopy(result, 1, pname, 0, length);
p = new PrincipalName(pname, type); return new PrincipalName(type, pname, new Realm(realm));
p.setRealm(realm); }
try {
return new PrincipalName(result, type);
} catch (RealmException re) {
return null;
} }
else p = new PrincipalName(result, type);
return p;
} }
/* /*
...@@ -342,10 +343,10 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC ...@@ -342,10 +343,10 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception { Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
PrincipalName cpname = readPrincipal(version); PrincipalName cpname = readPrincipal(version);
if (DEBUG) if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname.toString()); System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
PrincipalName spname = readPrincipal(version); PrincipalName spname = readPrincipal(version);
if (DEBUG) if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname.toString()); System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
EncryptionKey key = readKey(version); EncryptionKey key = readKey(version);
if (DEBUG) if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType()); System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
......
src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
浏览文件 @ b0b89f8f
...@@ -36,9 +36,7 @@ import sun.security.krb5.internal.*; ...@@ -36,9 +36,7 @@ import sun.security.krb5.internal.*;
public class Credentials { public class Credentials {
PrincipalName cname; PrincipalName cname;
Realm crealm;
PrincipalName sname; PrincipalName sname;
Realm srealm;
EncryptionKey key; EncryptionKey key;
KerberosTime authtime; KerberosTime authtime;
KerberosTime starttime;//optional KerberosTime starttime;//optional
...@@ -67,15 +65,7 @@ public class Credentials { ...@@ -67,15 +65,7 @@ public class Credentials {
Ticket new_ticket, Ticket new_ticket,
Ticket new_secondTicket) { Ticket new_secondTicket) {
cname = (PrincipalName) new_cname.clone(); cname = (PrincipalName) new_cname.clone();
if (new_cname.getRealm() != null) {
crealm = (Realm) new_cname.getRealm().clone();
}
sname = (PrincipalName) new_sname.clone(); sname = (PrincipalName) new_sname.clone();
if (new_sname.getRealm() != null) {
srealm = (Realm) new_sname.getRealm().clone();
}
key = (EncryptionKey) new_key.clone(); key = (EncryptionKey) new_key.clone();
authtime = (KerberosTime) new_authtime.clone(); authtime = (KerberosTime) new_authtime.clone();
...@@ -110,7 +100,6 @@ public class Credentials { ...@@ -110,7 +100,6 @@ public class Credentials {
{ {
return; return;
} }
crealm = (Realm) kdcRep.crealm.clone();
cname = (PrincipalName) kdcRep.cname.clone(); cname = (PrincipalName) kdcRep.cname.clone();
ticket = (Ticket) kdcRep.ticket.clone(); ticket = (Ticket) kdcRep.ticket.clone();
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
...@@ -123,7 +112,6 @@ public class Credentials { ...@@ -123,7 +112,6 @@ public class Credentials {
if (kdcRep.encKDCRepPart.renewTill != null) { if (kdcRep.encKDCRepPart.renewTill != null) {
renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
} }
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
secondTicket = (Ticket) new_secondTicket.clone(); secondTicket = (Ticket) new_secondTicket.clone();
...@@ -138,17 +126,7 @@ public class Credentials { ...@@ -138,17 +126,7 @@ public class Credentials {
public Credentials(KDCRep kdcRep, Ticket new_ticket) { public Credentials(KDCRep kdcRep, Ticket new_ticket) {
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
try {
sname.setRealm(srealm);
} catch (RealmException e) {
}
cname = (PrincipalName) kdcRep.cname.clone(); cname = (PrincipalName) kdcRep.cname.clone();
crealm = (Realm) kdcRep.crealm.clone();
try {
cname.setRealm(crealm);
} catch (RealmException e) {
}
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
if (kdcRep.encKDCRepPart.starttime != null) { if (kdcRep.encKDCRepPart.starttime != null) {
...@@ -202,9 +180,6 @@ public class Credentials { ...@@ -202,9 +180,6 @@ public class Credentials {
} }
public PrincipalName getServicePrincipal() throws RealmException { public PrincipalName getServicePrincipal() throws RealmException {
if (sname.getRealm() == null) {
sname.setRealm(srealm);
}
return sname; return sname;
} }
......
src/share/classes/sun/security/krb5/internal/ccache/CredentialsCache.java
浏览文件 @ b0b89f8f
...@@ -120,6 +120,6 @@ public abstract class CredentialsCache { ...@@ -120,6 +120,6 @@ public abstract class CredentialsCache {
public abstract void save() throws IOException, KrbException; public abstract void save() throws IOException, KrbException;
public abstract Credentials[] getCredsList(); public abstract Credentials[] getCredsList();
public abstract Credentials getDefaultCreds(); public abstract Credentials getDefaultCreds();
public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ; public abstract Credentials getCreds(PrincipalName sname);
public abstract Credentials getCreds(LoginOptions options, PrincipalName sname, Realm srealm) ; public abstract Credentials getCreds(LoginOptions options, PrincipalName sname);
} }
src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
浏览文件 @ b0b89f8f
...@@ -59,7 +59,6 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -59,7 +59,6 @@ public class FileCredentialsCache extends CredentialsCache
public int version; public int version;
public Tag tag; // optional public Tag tag; // optional
public PrincipalName primaryPrincipal; public PrincipalName primaryPrincipal;
public Realm primaryRealm;
private Vector<Credentials> credentialsList; private Vector<Credentials> credentialsList;
private static String dir; private static String dir;
private static boolean DEBUG = Krb5.DEBUG; private static boolean DEBUG = Krb5.DEBUG;
...@@ -79,7 +78,6 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -79,7 +78,6 @@ public class FileCredentialsCache extends CredentialsCache
} }
if (principal != null) { if (principal != null) {
fcc.primaryPrincipal = principal; fcc.primaryPrincipal = principal;
fcc.primaryRealm = principal.getRealm();
} }
fcc.load(cacheName); fcc.load(cacheName);
return fcc; return fcc;
...@@ -153,7 +151,6 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -153,7 +151,6 @@ public class FileCredentialsCache extends CredentialsCache
synchronized void init(PrincipalName principal, String name) synchronized void init(PrincipalName principal, String name)
throws IOException, KrbException { throws IOException, KrbException {
primaryPrincipal = principal; primaryPrincipal = principal;
primaryRealm = principal.getRealm();
CCacheOutputStream cos = CCacheOutputStream cos =
new CCacheOutputStream(new FileOutputStream(name)); new CCacheOutputStream(new FileOutputStream(name));
version = KRB5_FCC_FVNO_3; version = KRB5_FCC_FVNO_3;
...@@ -183,7 +180,6 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -183,7 +180,6 @@ public class FileCredentialsCache extends CredentialsCache
} }
} else } else
primaryPrincipal = p; primaryPrincipal = p;
primaryRealm = primaryPrincipal.getRealm();
credentialsList = new Vector<Credentials> (); credentialsList = new Vector<Credentials> ();
while (cis.available() > 0) { while (cis.available() > 0) {
Credentials cred = cis.readCred(version); Credentials cred = cis.readCred(version);
...@@ -291,18 +287,16 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -291,18 +287,16 @@ public class FileCredentialsCache extends CredentialsCache
} }
public Credentials getCreds(LoginOptions options, public Credentials getCreds(LoginOptions options, PrincipalName sname) {
PrincipalName sname, Realm srealm) {
if (options == null) { if (options == null) {
return getCreds(sname, srealm); return getCreds(sname);
} else { } else {
Credentials[] list = getCredsList(); Credentials[] list = getCredsList();
if (list == null) { if (list == null) {
return null; return null;
} else { } else {
for (int i = 0; i < list.length; i++) { for (int i = 0; i < list.length; i++) {
if (sname.match(list[i].sname) && if (sname.match(list[i].sname)) {
(srealm.toString().equals(list[i].srealm.toString()))) {
if (list[i].flags.match(options)) { if (list[i].flags.match(options)) {
return list[i]; return list[i];
} }
...@@ -317,16 +311,14 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -317,16 +311,14 @@ public class FileCredentialsCache extends CredentialsCache
/** /**
* Gets a credentials for a specified service. * Gets a credentials for a specified service.
* @param sname service principal name. * @param sname service principal name.
* @param srealm the realm that the service belongs to.
*/ */
public Credentials getCreds(PrincipalName sname, Realm srealm) { public Credentials getCreds(PrincipalName sname) {
Credentials[] list = getCredsList(); Credentials[] list = getCredsList();
if (list == null) { if (list == null) {
return null; return null;
} else { } else {
for (int i = 0; i < list.length; i++) { for (int i = 0; i < list.length; i++) {
if (sname.match(list[i].sname) && if (sname.match(list[i].sname)) {
(srealm.toString().equals(list[i].srealm.toString()))) {
return list[i]; return list[i];
} }
} }
...@@ -343,7 +335,7 @@ public class FileCredentialsCache extends CredentialsCache ...@@ -343,7 +335,7 @@ public class FileCredentialsCache extends CredentialsCache
if (list[i].sname.toString().startsWith("krbtgt")) { if (list[i].sname.toString().startsWith("krbtgt")) {
String[] nameStrings = list[i].sname.getNameStrings(); String[] nameStrings = list[i].sname.getNameStrings();
// find the TGT for the current realm krbtgt/realm@realm // find the TGT for the current realm krbtgt/realm@realm
if (nameStrings[1].equals(list[i].srealm.toString())) { if (nameStrings[1].equals(list[i].sname.getRealm().toString())) {
return list[i]; return list[i];
} }
} }
......
src/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java
浏览文件 @ b0b89f8f
...@@ -64,7 +64,7 @@ public abstract class MemoryCredentialsCache extends CredentialsCache { ...@@ -64,7 +64,7 @@ public abstract class MemoryCredentialsCache extends CredentialsCache {
public abstract Credentials[] getCredsList(); public abstract Credentials[] getCredsList();
public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ; public abstract Credentials getCreds(PrincipalName sname) ;
public abstract PrincipalName getPrimaryPrincipal(); public abstract PrincipalName getPrimaryPrincipal();
......
src/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
浏览文件 @ b0b89f8f
...@@ -83,8 +83,7 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst ...@@ -83,8 +83,7 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
} }
int nameType = read(4); int nameType = read(4);
index -= 4; index -= 4;
PrincipalName service = new PrincipalName(nameParts, nameType); PrincipalName service = new PrincipalName(nameType, nameParts, realm);
service.setRealm(realm);
KerberosTime timeStamp = readTimeStamp(); KerberosTime timeStamp = readTimeStamp();
int keyVersion = read() & 0xff; int keyVersion = read() & 0xff;
......
src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
浏览文件 @ b0b89f8f
...@@ -163,7 +163,7 @@ public final class KerberosClientKeyExchangeImpl ...@@ -163,7 +163,7 @@ public final class KerberosClientKeyExchangeImpl
EncryptedData encPart = t.encPart; EncryptedData encPart = t.encPart;
PrincipalName ticketSname = t.sname; PrincipalName ticketSname = t.sname;
Realm ticketRealm = t.realm; Realm ticketRealm = t.sname.getRealm();
String serverPrincipal = serverKeys[0].getPrincipal().getName(); String serverPrincipal = serverKeys[0].getPrincipal().getName();
...@@ -175,8 +175,7 @@ public final class KerberosClientKeyExchangeImpl ...@@ -175,8 +175,7 @@ public final class KerberosClientKeyExchangeImpl
*/ */
// Check that ticket Sname matches serverPrincipal // Check that ticket Sname matches serverPrincipal
String ticketPrinc = ticketSname.toString().concat("@" + String ticketPrinc = ticketSname.toString();
ticketRealm.toString());
if (!ticketPrinc.equals(serverPrincipal)) { if (!ticketPrinc.equals(serverPrincipal)) {
if (debug != null && Debug.isOn("handshake")) if (debug != null && Debug.isOn("handshake"))
System.out.println("Service principal in Ticket does not" System.out.println("Service principal in Ticket does not"
...@@ -224,7 +223,6 @@ public final class KerberosClientKeyExchangeImpl ...@@ -224,7 +223,6 @@ public final class KerberosClientKeyExchangeImpl
if (debug != null && Debug.isOn("handshake")) { if (debug != null && Debug.isOn("handshake")) {
System.out.println("server principal: " + serverPrincipal); System.out.println("server principal: " + serverPrincipal);
System.out.println("realm: " + encTicketPart.crealm.toString());
System.out.println("cname: " + encTicketPart.cname.toString()); System.out.println("cname: " + encTicketPart.cname.toString());
} }
} catch (IOException e) { } catch (IOException e) {
......
src/windows/classes/sun/security/krb5/internal/tools/Kinit.java
浏览文件 @ b0b89f8f
...@@ -206,9 +206,7 @@ public class Kinit { ...@@ -206,9 +206,7 @@ public class Kinit {
System.out.println(">>> Kinit realm name is " + realm); System.out.println(">>> Kinit realm name is " + realm);
} }
PrincipalName sname = new PrincipalName("krbtgt" + "/" + realm, PrincipalName sname = PrincipalName.tgsService(realm, realm);
PrincipalName.KRB_NT_SRV_INST);
sname.setRealm(realm);
builder.setTarget(sname); builder.setTarget(sname);
if (DEBUG) { if (DEBUG) {
......
src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
浏览文件 @ b0b89f8f
...@@ -146,15 +146,6 @@ class KinitOptions { ...@@ -146,15 +146,6 @@ class KinitOptions {
"Principal name: " + p + "Principal name: " + p +
e.getMessage()); e.getMessage());
} }
if (principal.getRealm() == null) {
String realm =
Config.getInstance().getDefault("default_realm",
"libdefaults");
if (realm != null) {
principal.setRealm(realm);
} else throw new IllegalArgumentException("invalid " +
"Realm name");
}
} else if (this.password == null) { } else if (this.password == null) {
// Have already processed a Principal, this must be a password // Have already processed a Principal, this must be a password
password = args[i].toCharArray(); password = args[i].toCharArray();
...@@ -175,16 +166,6 @@ class KinitOptions { ...@@ -175,16 +166,6 @@ class KinitOptions {
} }
PrincipalName getDefaultPrincipal() { PrincipalName getDefaultPrincipal() {
String cname;
String realm = null;
try {
realm = Config.getInstance().getDefaultRealm();
} catch (KrbException e) {
System.out.println ("Can not get default realm " +
e.getMessage());
e.printStackTrace();
return null;
}
// get default principal name from the cachename if it is // get default principal name from the cachename if it is
// available. // available.
...@@ -204,10 +185,6 @@ class KinitOptions { ...@@ -204,10 +185,6 @@ class KinitOptions {
} }
PrincipalName p = cis.readPrincipal(version); PrincipalName p = cis.readPrincipal(version);
cis.close(); cis.close();
String temp = p.getRealmString();
if (temp == null) {
p.setRealm(realm);
}
if (DEBUG) { if (DEBUG) {
System.out.println(">>>KinitOptions principal name from "+ System.out.println(">>>KinitOptions principal name from "+
"the cache is :" + p); "the cache is :" + p);
...@@ -230,19 +207,15 @@ class KinitOptions { ...@@ -230,19 +207,15 @@ class KinitOptions {
System.out.println(">>>KinitOptions default username is :" System.out.println(">>>KinitOptions default username is :"
+ username); + username);
} }
if (realm != null) { try {
try { PrincipalName p = new PrincipalName(username);
PrincipalName p = new PrincipalName(username); return p;
if (p.getRealm() == null) } catch (RealmException e) {
p.setRealm(realm); // ignore exception , return null
return p; if (DEBUG) {
} catch (RealmException e) { System.out.println ("Exception in getting principal " +
// ignore exception , return null "name " + e.getMessage());
if (DEBUG) { e.printStackTrace();
System.out.println ("Exception in getting principal " +
"name " + e.getMessage());
e.printStackTrace();
}
} }
} }
return null; return null;
......
src/windows/classes/sun/security/krb5/internal/tools/Ktab.java
浏览文件 @ b0b89f8f
...@@ -273,9 +273,6 @@ public class Ktab { ...@@ -273,9 +273,6 @@ public class Ktab {
PrincipalName pname = null; PrincipalName pname = null;
try { try {
pname = new PrincipalName(principal); pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
} catch (KrbException e) { } catch (KrbException e) {
System.err.println("Failed to add " + principal + System.err.println("Failed to add " + principal +
" to keytab."); " to keytab.");
...@@ -382,9 +379,6 @@ public class Ktab { ...@@ -382,9 +379,6 @@ public class Ktab {
PrincipalName pname = null; PrincipalName pname = null;
try { try {
pname = new PrincipalName(principal); pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
if (!forced) { if (!forced) {
String answer; String answer;
BufferedReader cis = BufferedReader cis =
......
src/windows/native/sun/security/krb5/NativeCreds.c
浏览文件 @ b0b89f8f
...@@ -67,7 +67,6 @@ jmethodID encryptionKeyConstructor = 0; ...@@ -67,7 +67,6 @@ jmethodID encryptionKeyConstructor = 0;
jmethodID ticketFlagsConstructor = 0; jmethodID ticketFlagsConstructor = 0;
jmethodID kerberosTimeConstructor = 0; jmethodID kerberosTimeConstructor = 0;
jmethodID krbcredsConstructor = 0; jmethodID krbcredsConstructor = 0;
jmethodID setRealmMethod = 0;
/* /*
* Function prototypes for internal routines * Function prototypes for internal routines
...@@ -279,7 +278,7 @@ JNIEXPORT jint JNICALL JNI_OnLoad( ...@@ -279,7 +278,7 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
} }
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"<init>", "([Ljava/lang/String;)V"); "<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
if (principalNameConstructor == 0) { if (principalNameConstructor == 0) {
printf("LSA: Couldn't find PrincipalName constructor\n"); printf("LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR; return JNI_ERR;
...@@ -318,14 +317,6 @@ JNIEXPORT jint JNICALL JNI_OnLoad( ...@@ -318,14 +317,6 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
printf("LSA: Found KerberosTime constructor\n"); printf("LSA: Found KerberosTime constructor\n");
} }
// load the setRealm method in PrincipalName
setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
"setRealm", "(Ljava/lang/String;)V");
if (setRealmMethod == 0) {
printf("LSA: Couldn't find setRealm in PrincipalName\n");
return JNI_ERR;
}
if (native_debug) { if (native_debug) {
printf("LSA: Finished OnLoad processing\n"); printf("LSA: Finished OnLoad processing\n");
} }
...@@ -952,13 +943,12 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, ...@@ -952,13 +943,12 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
// Do I have to worry about storage reclamation here? // Do I have to worry about storage reclamation here?
} }
principal = (*env)->NewObject(env, principalNameClass,
principalNameConstructor, stringArray);
// now set the realm in the principal // now set the realm in the principal
realmLen = (ULONG)wcslen((PWCHAR)realm); realmLen = (ULONG)wcslen((PWCHAR)realm);
realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen);
(*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr);
principal = (*env)->NewObject(env, principalNameClass,
principalNameConstructor, stringArray, realmStr);
// free local resources // free local resources
LocalFree(realm); LocalFree(realm);
......
test/sun/security/krb5/ServiceNameClone.java 已删除 100644 → 0
浏览文件 @ 89d4b110
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6856069
* @summary PrincipalName.clone() does not invoke super.clone()
*/
import sun.security.krb5.ServiceName;
public class ServiceNameClone {
public static void main(String[] args) throws Exception {
ServiceName sn = new ServiceName("me@HERE");
if (sn.clone().getClass() != ServiceName.class) {
throw new Exception("ServiceName's clone is not a ServiceName");
}
if (!sn.clone().equals(sn)) {
throw new Exception("ServiceName's clone changed");
}
}
}
test/sun/security/krb5/auto/KDC.java
浏览文件 @ b0b89f8f
...@@ -606,9 +606,8 @@ public class KDC { ...@@ -606,9 +606,8 @@ public class KDC {
TGSReq tgsReq = new TGSReq(in); TGSReq tgsReq = new TGSReq(in);
PrincipalName service = tgsReq.reqBody.sname; PrincipalName service = tgsReq.reqBody.sname;
if (options.containsKey(KDC.Option.RESP_NT)) { if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(), service = new PrincipalName((int)options.get(KDC.Option.RESP_NT),
(int)options.get(KDC.Option.RESP_NT)); service.getNameStrings(), service.getRealm());
service.setRealm(service.getRealm());
} }
try { try {
System.out.println(realm + "> " + tgsReq.reqBody.cname + System.out.println(realm + "> " + tgsReq.reqBody.cname +
...@@ -632,7 +631,6 @@ public class KDC { ...@@ -632,7 +631,6 @@ public class KDC {
EncryptedData ed = apReq.authenticator; EncryptedData ed = apReq.authenticator;
tkt = apReq.ticket; tkt = apReq.ticket;
int te = tkt.encPart.getEType(); int te = tkt.encPart.getEType();
tkt.sname.setRealm(tkt.realm);
EncryptionKey kkey = keyForUser(tkt.sname, te, true); EncryptionKey kkey = keyForUser(tkt.sname, te, true);
byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET); byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
DerInputStream derIn = new DerInputStream(bb); DerInputStream derIn = new DerInputStream(bb);
...@@ -693,7 +691,6 @@ public class KDC { ...@@ -693,7 +691,6 @@ public class KDC {
EncTicketPart enc = new EncTicketPart( EncTicketPart enc = new EncTicketPart(
tFlags, tFlags,
key, key,
etp.crealm,
etp.cname, etp.cname,
new TransitedEncoding(1, new byte[0]), // TODO new TransitedEncoding(1, new byte[0]), // TODO
new KerberosTime(new Date()), new KerberosTime(new Date()),
...@@ -709,7 +706,6 @@ public class KDC { ...@@ -709,7 +706,6 @@ public class KDC {
throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
} }
Ticket t = new Ticket( Ticket t = new Ticket(
body.crealm,
service, service,
new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET) new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
); );
...@@ -725,7 +721,6 @@ public class KDC { ...@@ -725,7 +721,6 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
body.from, body.from,
till, body.rtime, till, body.rtime,
body.crealm,
service, service,
body.addresses != null // always set caddr body.addresses != null // always set caddr
? body.addresses ? body.addresses
...@@ -734,7 +729,6 @@ public class KDC { ...@@ -734,7 +729,6 @@ public class KDC {
); );
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY); EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
TGSRep tgsRep = new TGSRep(null, TGSRep tgsRep = new TGSRep(null,
etp.crealm,
etp.cname, etp.cname,
t, t,
edata); edata);
...@@ -756,8 +750,8 @@ public class KDC { ...@@ -756,8 +750,8 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
0, 0,
ke.returnCode(), ke.returnCode(),
body.crealm, body.cname, body.cname,
new Realm(getRealm()), service, service,
KrbException.errorMessage(ke.returnCode()), KrbException.errorMessage(ke.returnCode()),
null); null);
} }
...@@ -780,7 +774,6 @@ public class KDC { ...@@ -780,7 +774,6 @@ public class KDC {
if (options.containsKey(KDC.Option.RESP_NT)) { if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(), service = new PrincipalName(service.getNameStrings(),
(int)options.get(KDC.Option.RESP_NT)); (int)options.get(KDC.Option.RESP_NT));
service.setRealm(service.getRealm());
} }
try { try {
System.out.println(realm + "> " + asReq.reqBody.cname + System.out.println(realm + "> " + asReq.reqBody.cname +
...@@ -788,7 +781,6 @@ public class KDC { ...@@ -788,7 +781,6 @@ public class KDC {
service); service);
KDCReqBody body = asReq.reqBody; KDCReqBody body = asReq.reqBody;
body.cname.setRealm(getRealm());
eTypes = KDCReqBodyDotEType(body); eTypes = KDCReqBodyDotEType(body);
int eType = eTypes[0]; int eType = eTypes[0];
...@@ -971,7 +963,6 @@ public class KDC { ...@@ -971,7 +963,6 @@ public class KDC {
EncTicketPart enc = new EncTicketPart( EncTicketPart enc = new EncTicketPart(
tFlags, tFlags,
key, key,
body.crealm,
body.cname, body.cname,
new TransitedEncoding(1, new byte[0]), new TransitedEncoding(1, new byte[0]),
new KerberosTime(new Date()), new KerberosTime(new Date()),
...@@ -980,7 +971,6 @@ public class KDC { ...@@ -980,7 +971,6 @@ public class KDC {
body.addresses, body.addresses,
null); null);
Ticket t = new Ticket( Ticket t = new Ticket(
body.crealm,
service, service,
new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET) new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
); );
...@@ -996,14 +986,12 @@ public class KDC { ...@@ -996,14 +986,12 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
body.from, body.from,
till, body.rtime, till, body.rtime,
body.crealm,
service, service,
body.addresses body.addresses
); );
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART); EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART);
ASRep asRep = new ASRep( ASRep asRep = new ASRep(
outPAs.toArray(new PAData[outPAs.size()]), outPAs.toArray(new PAData[outPAs.size()]),
body.crealm,
body.cname, body.cname,
t, t,
edata); edata);
...@@ -1024,7 +1012,6 @@ public class KDC { ...@@ -1024,7 +1012,6 @@ public class KDC {
asRep.encKDCRepPart = enc_part; asRep.encKDCRepPart = enc_part;
sun.security.krb5.internal.ccache.Credentials credentials = sun.security.krb5.internal.ccache.Credentials credentials =
new sun.security.krb5.internal.ccache.Credentials(asRep); new sun.security.krb5.internal.ccache.Credentials(asRep);
asReq.reqBody.cname.setRealm(getRealm());
CredentialsCache cache = CredentialsCache cache =
CredentialsCache.create(asReq.reqBody.cname, ccache); CredentialsCache.create(asReq.reqBody.cname, ccache);
if (cache == null) { if (cache == null) {
...@@ -1059,8 +1046,8 @@ public class KDC { ...@@ -1059,8 +1046,8 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
0, 0,
ke.returnCode(), ke.returnCode(),
body.crealm, body.cname, body.cname,
new Realm(getRealm()), service, service,
KrbException.errorMessage(ke.returnCode()), KrbException.errorMessage(ke.returnCode()),
eData); eData);
} }
......
test/sun/security/krb5/name/Constructors.java 0 → 100644
浏览文件 @ b0b89f8f
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6966259
* @summary Make PrincipalName and Realm immutable
* @run main/othervm Constructors
*/
import java.util.Arrays;
import sun.security.krb5.*;
public class Constructors {
public static void main(String[] args) throws Exception {
int type;
boolean testNoDefaultDomain;
// Part 1: on format
// Good ones
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R", "R", "a");
checkName("a@R2", type, "R", "R", "a");
checkName("a/b", type, "R", "R", "a", "b");
checkName("a/b@R2", type, "R", "R", "a", "b");
checkName("a/b/c", type, "R", "R", "a", "b", "c");
checkName("a/b/c@R2", type, "R", "R", "a", "b", "c");
// Weird ones
checkName("a\\/b", type, "R", "R", "a/b");
checkName("a\\/b\\/c", type, "R", "R", "a/b/c");
checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2");
// Bad ones
checkName("a", type, "", null);
checkName("a/", type, "R", null);
checkName("/a", type, "R", null);
checkName("a//b", type, "R", null);
checkName("a@", type, null, null);
type = PrincipalName.KRB_NT_SRV_HST;
// Part 2: on realm choices
// When there is no default realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") + "/empty.conf");
Config.refresh();
// A Windows client login to AD always has a default realm
try {
Realm r = Realm.getDefault();
System.out.println("testNoDefaultDomain = false. Realm is " + r);
testNoDefaultDomain = false;
} catch (RealmException re) {
// Great. This is what we expected
testNoDefaultDomain = true;
}
if (testNoDefaultDomain) {
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, null); // fail if none
checkName("a/b@R1", type, null, "R1", "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
// Let's pray "b.h" won't be canonicalized
checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r
checkName("a/b.h", type, null, null); // fail if none
}
// When there is default realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") + "/krb5.conf");
Config.refresh();
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, "R", "a"); // default
checkName("a/b", type, null, "R", "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r
checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map
checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map
checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map
checkName("a/b.h", type, null, "R", "a", "b.h"); // default
}
// Check if the creation matches the expected output.
// Note: realm == null means creation failure
static void checkName(String n, int t, String s,
String realm, String... parts)
throws Exception {
PrincipalName pn = null;
try {
pn = new PrincipalName(n, t, s);
} catch (Exception e) {
if (realm == null) {
return; // This is expected
} else {
throw e;
}
}
if (!pn.getRealmAsString().equals(realm)
|| !Arrays.equals(pn.getNameStrings(), parts)) {
throw new Exception(pn.toString() + " vs "
+ Arrays.toString(parts) + "@" + realm);
}
}
}
test/sun/security/krb5/name/empty.conf 0 → 100644
浏览文件 @ b0b89f8f
[libdefaults]
dns_fallback = false
test/sun/security/krb5/name/krb5.conf 0 → 100644
浏览文件 @ b0b89f8f
[libdefaults]
default_realm = R
[realms]
R = {
kdc = kdc
}
[domain_realm]
.h2 = R2
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册