Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
b226215c
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
b226215c
编写于
1月 12, 2020
作者:
A
andrew
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8229951: Better Ticket Granting Services
Reviewed-by: mbalao
上级
4bb32bc1
变更
15
显示空白变更内容
内联
并排
Showing
15 changed file
with
119 addition
and
250 deletion
+119
-250
src/share/classes/sun/security/krb5/Checksum.java
src/share/classes/sun/security/krb5/Checksum.java
+64
-87
src/share/classes/sun/security/krb5/KrbTgsReq.java
src/share/classes/sun/security/krb5/KrbTgsReq.java
+1
-19
src/share/classes/sun/security/krb5/internal/PAForUserEnc.java
...hare/classes/sun/security/krb5/internal/PAForUserEnc.java
+2
-1
src/share/classes/sun/security/krb5/internal/crypto/CksumType.java
.../classes/sun/security/krb5/internal/crypto/CksumType.java
+7
-36
src/share/classes/sun/security/krb5/internal/crypto/Crc32CksumType.java
...ses/sun/security/krb5/internal/crypto/Crc32CksumType.java
+7
-11
src/share/classes/sun/security/krb5/internal/crypto/DesCbcCrcEType.java
...ses/sun/security/krb5/internal/crypto/DesCbcCrcEType.java
+1
-1
src/share/classes/sun/security/krb5/internal/crypto/DesMacCksumType.java
...es/sun/security/krb5/internal/crypto/DesMacCksumType.java
+3
-7
src/share/classes/sun/security/krb5/internal/crypto/DesMacKCksumType.java
...s/sun/security/krb5/internal/crypto/DesMacKCksumType.java
+4
-8
src/share/classes/sun/security/krb5/internal/crypto/HmacMd5ArcFourCksumType.java
...ecurity/krb5/internal/crypto/HmacMd5ArcFourCksumType.java
+4
-10
src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes128CksumType.java
...ecurity/krb5/internal/crypto/HmacSha1Aes128CksumType.java
+4
-10
src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes256CksumType.java
...ecurity/krb5/internal/crypto/HmacSha1Aes256CksumType.java
+4
-10
src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Des3KdCksumType.java
...ecurity/krb5/internal/crypto/HmacSha1Des3KdCksumType.java
+4
-10
src/share/classes/sun/security/krb5/internal/crypto/RsaMd5CksumType.java
...es/sun/security/krb5/internal/crypto/RsaMd5CksumType.java
+5
-15
src/share/classes/sun/security/krb5/internal/crypto/RsaMd5DesCksumType.java
...sun/security/krb5/internal/crypto/RsaMd5DesCksumType.java
+6
-11
test/sun/security/krb5/auto/KDC.java
test/sun/security/krb5/auto/KDC.java
+3
-14
未找到文件。
src/share/classes/sun/security/krb5/Checksum.java
浏览文件 @
b226215c
...
...
@@ -69,6 +69,7 @@ public class Checksum {
// draft-brezak-win2k-krb-rc4-hmac-04.txt
public
static
final
int
CKSUMTYPE_HMAC_MD5_ARCFOUR
=
-
138
;
// default checksum type, -1 if not set
static
int
CKSUMTYPE_DEFAULT
;
static
int
SAFECKSUMTYPE_DEFAULT
;
...
...
@@ -83,26 +84,19 @@ public class Checksum {
try
{
cfg
=
Config
.
getInstance
();
temp
=
cfg
.
get
(
"libdefaults"
,
"default_checksum"
);
if
(
temp
!=
null
)
{
if
(
temp
!=
null
)
{
CKSUMTYPE_DEFAULT
=
Config
.
getType
(
temp
);
}
else
{
/*
* If the default checksum is not
* specified in the configuration we
* set it to RSA_MD5. We follow the MIT and
* SEAM implementation.
*/
CKSUMTYPE_DEFAULT
=
CKSUMTYPE_RSA_MD5
;
CKSUMTYPE_DEFAULT
=
-
1
;
}
}
catch
(
Exception
exc
)
{
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception in getting default checksum "
+
"value from the configuration "
+
"
Setting default checksum to be RSA-MD5
"
);
"value from the configuration
.
"
+
"
No default checksum set.
"
);
exc
.
printStackTrace
();
}
CKSUMTYPE_DEFAULT
=
CKSUMTYPE_RSA_MD5
;
CKSUMTYPE_DEFAULT
=
-
1
;
}
...
...
@@ -112,117 +106,100 @@ public class Checksum {
{
SAFECKSUMTYPE_DEFAULT
=
Config
.
getType
(
temp
);
}
else
{
SAFECKSUMTYPE_DEFAULT
=
CKSUMTYPE_RSA_MD5_DES
;
SAFECKSUMTYPE_DEFAULT
=
-
1
;
}
}
catch
(
Exception
exc
)
{
if
(
DEBUG
)
{
System
.
out
.
println
(
"Exception in getting safe default "
+
"checksum value "
+
"from the configuration Setting "
+
"
safe default checksum to be RSA-MD5
"
);
"from the configuration Setting
.
"
+
"
No safe default checksum set.
"
);
exc
.
printStackTrace
();
}
SAFECKSUMTYPE_DEFAULT
=
CKSUMTYPE_RSA_MD5_DES
;
SAFECKSUMTYPE_DEFAULT
=
-
1
;
}
}
/**
* Constructs a new Checksum using the raw data and type.
*
* This constructor is only used by Authenticator Checksum
* {@link sun.security.jgss.krb5.InitialToken.OverloadedChecksum}
* where the checksum type must be 0x8003
* (see https://tools.ietf.org/html/rfc4121#section-4.1.1)
* and checksum field/value is used to convey service flags,
* channel bindings, and optional delegation information.
* This special type does NOT have a {@link CksumType} and has its
* own calculating and verification rules. It does has the same
* ASN.1 encoding though.
*
* @data the byte array of checksum.
* @new_cksumType the type of checksum.
*
*/
// used in InitialToken
public
Checksum
(
byte
[]
data
,
int
new_cksumType
)
{
cksumType
=
new_cksumType
;
checksum
=
data
;
}
/**
* Constructs a new Checksum by calculating the checksum over the data
* using specified checksum type.
* @new_cksumType the type of checksum.
* @data the data that needs to be performed a checksum calculation on.
*/
public
Checksum
(
int
new_cksumType
,
byte
[]
data
)
throws
KdcErrException
,
KrbCryptoException
{
cksumType
=
new_cksumType
;
CksumType
cksumEngine
=
CksumType
.
getInstance
(
cksumType
);
if
(!
cksumEngine
.
isSafe
())
{
checksum
=
cksumEngine
.
calculateChecksum
(
data
,
data
.
length
);
}
else
{
throw
new
KdcErrException
(
Krb5
.
KRB_AP_ERR_INAPP_CKSUM
);
}
}
/**
* Constructs a new Checksum by calculating the keyed checksum
* over the data using specified checksum type.
* @new_cksumType the type of checksum.
* @data the data that needs to be performed a checksum calculation on.
* Constructs a new Checksum by calculating over the data using
* the specified checksum type. If the checksum is unkeyed, key
* and usage are ignored.
*
* @param new_cksumType the type of checksum. If set to -1, the
* {@linkplain EType#checksumType() mandatory checksum type}
* for the encryption type of {@code key} will be used
* @param data the data that needs to be performed a checksum calculation on
* @param key the key used by a keyed checksum
* @param usage the usage used by a keyed checksum
*/
// KrbSafe, KrbTgsReq
public
Checksum
(
int
new_cksumType
,
byte
[]
data
,
EncryptionKey
key
,
int
usage
)
throws
KdcErrException
,
KrbApErrException
,
KrbCryptoException
{
if
(
new_cksumType
==
-
1
)
{
cksumType
=
EType
.
getInstance
(
key
.
getEType
()).
checksumType
();
}
else
{
cksumType
=
new_cksumType
;
CksumType
cksumEngine
=
CksumType
.
getInstance
(
cksumType
);
if
(!
cksumEngine
.
isSafe
())
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_INAPP_CKSUM
);
checksum
=
cksumEngine
.
calculateKeyedChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
usage
);
}
checksum
=
CksumType
.
getInstance
(
cksumType
).
calculateChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
usage
);
}
/**
* Verifies the keyed checksum over the data passed in.
*/
public
boolean
verifyKeyedChecksum
(
byte
[]
data
,
EncryptionKey
key
,
int
usage
)
public
boolean
verifyKeyedChecksum
(
byte
[]
data
,
EncryptionKey
key
,
int
usage
)
throws
KdcErrException
,
KrbApErrException
,
KrbCryptoException
{
CksumType
cksumEngine
=
CksumType
.
getInstance
(
cksumType
);
if
(!
cksumEngine
.
is
Safe
())
if
(!
cksumEngine
.
is
Keyed
())
{
throw
new
KrbApErrException
(
Krb5
.
KRB_AP_ERR_INAPP_CKSUM
);
return
cksumEngine
.
verifyKeyedChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
checksum
,
usage
);
}
// =============== ATTENTION! Use with care ==================
// According to https://tools.ietf.org/html/rfc3961#section-6.1,
// An unkeyed checksum should only be used "in limited circumstances
// where the lack of a key does not provide a window for an attack,
// preferably as part of an encrypted message".
public
boolean
verifyAnyChecksum
(
byte
[]
data
,
EncryptionKey
key
,
int
usage
)
throws
KdcErrException
,
KrbCryptoException
{
CksumType
cksumEngine
=
CksumType
.
getInstance
(
cksumType
);
if
(!
cksumEngine
.
isSafe
())
{
return
cksumEngine
.
verifyChecksum
(
data
,
checksum
);
}
else
{
return
cksumEngine
.
verifyKeyedChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
checksum
,
usage
);
return
cksumEngine
.
verifyChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
checksum
,
usage
);
}
}
/*
public Checksum(byte[] data) throws KdcErrException, KrbCryptoException {
this(Checksum.CKSUMTYPE_DEFAULT, data);
}
/**
* Verifies the checksum over the data passed in. The checksum might
* be a keyed or not.
*
* =============== ATTENTION! Use with care ==================
* According to https://tools.ietf.org/html/rfc3961#section-6.1,
* An unkeyed checksum should only be used "in limited circumstances
* where the lack of a key does not provide a window for an attack,
* preferably as part of an encrypted message".
*/
public
boolean
verifyAnyChecksum
(
byte
[]
data
,
EncryptionKey
key
,
int
usage
)
throws
KdcErrException
,
KrbCryptoException
{
return
CksumType
.
getInstance
(
cksumType
).
verifyChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
checksum
,
usage
);
}
boolean
isEqual
(
Checksum
cksum
)
throws
KdcErrException
{
if
(
cksumType
!=
cksum
.
cksumType
)
if
(
cksumType
!=
cksum
.
cksumType
)
{
return
false
;
CksumType
cksumEngine
=
CksumType
.
getInstance
(
cksumType
);
}
return
CksumType
.
isChecksumEqual
(
checksum
,
cksum
.
checksum
);
}
...
...
src/share/classes/sun/security/krb5/KrbTgsReq.java
浏览文件 @
b226215c
...
...
@@ -320,26 +320,8 @@ public class KrbTgsReq {
byte
[]
temp
=
reqBody
.
asn1Encode
(
Krb5
.
KRB_TGS_REQ
);
// if the checksum type is one of the keyed checksum types,
// use session key.
Checksum
cksum
;
switch
(
Checksum
.
CKSUMTYPE_DEFAULT
)
{
case
Checksum
.
CKSUMTYPE_RSA_MD4_DES
:
case
Checksum
.
CKSUMTYPE_DES_MAC
:
case
Checksum
.
CKSUMTYPE_DES_MAC_K
:
case
Checksum
.
CKSUMTYPE_RSA_MD4_DES_K
:
case
Checksum
.
CKSUMTYPE_RSA_MD5_DES
:
case
Checksum
.
CKSUMTYPE_HMAC_SHA1_DES3_KD
:
case
Checksum
.
CKSUMTYPE_HMAC_MD5_ARCFOUR
:
case
Checksum
.
CKSUMTYPE_HMAC_SHA1_96_AES128
:
case
Checksum
.
CKSUMTYPE_HMAC_SHA1_96_AES256
:
cksum
=
new
Checksum
(
Checksum
.
CKSUMTYPE_DEFAULT
,
temp
,
key
,
Checksum
cksum
=
new
Checksum
(
Checksum
.
CKSUMTYPE_DEFAULT
,
temp
,
key
,
KeyUsage
.
KU_PA_TGS_REQ_CKSUM
);
break
;
case
Checksum
.
CKSUMTYPE_CRC32
:
case
Checksum
.
CKSUMTYPE_RSA_MD4
:
case
Checksum
.
CKSUMTYPE_RSA_MD5
:
default
:
cksum
=
new
Checksum
(
Checksum
.
CKSUMTYPE_DEFAULT
,
temp
);
}
// Usage will be KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR
...
...
src/share/classes/sun/security/krb5/internal/PAForUserEnc.java
浏览文件 @
b226215c
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012,
2019,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -133,6 +133,7 @@ public class PAForUserEnc {
bytes
.
write
(
DerValue
.
createTag
(
DerValue
.
TAG_CONTEXT
,
true
,
(
byte
)
0x01
),
name
.
getRealm
().
asn1Encode
());
try
{
// MS-SFU 2.2.1: use hmac-md5 checksum regardless of key type
Checksum
cks
=
new
Checksum
(
Checksum
.
CKSUMTYPE_HMAC_MD5_ARCFOUR
,
getS4UByteArray
(),
...
...
src/share/classes/sun/security/krb5/internal/crypto/CksumType.java
浏览文件 @
b226215c
/*
* Copyright (c) 2000, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 201
9
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -31,10 +31,7 @@
package
sun.security.krb5.internal.crypto
;
import
sun.security.krb5.Config
;
import
sun.security.krb5.Checksum
;
import
sun.security.krb5.EncryptedData
;
import
sun.security.krb5.KrbException
;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
...
...
@@ -81,6 +78,7 @@ public abstract class CksumType {
cksumTypeName
=
"sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType"
;
break
;
case
Checksum
.
CKSUMTYPE_HMAC_SHA1_96_AES256
:
cksumType
=
new
HmacSha1Aes256CksumType
();
cksumTypeName
=
...
...
@@ -117,32 +115,11 @@ public abstract class CksumType {
return
cksumType
;
}
/**
* Returns default checksum type.
*/
public
static
CksumType
getInstance
()
throws
KdcErrException
{
// this method provided for Kerberos applications.
int
cksumType
=
Checksum
.
CKSUMTYPE_RSA_MD5
;
// default
try
{
Config
c
=
Config
.
getInstance
();
if
((
cksumType
=
(
Config
.
getType
(
c
.
get
(
"libdefaults"
,
"ap_req_checksum_type"
))))
==
-
1
)
{
if
((
cksumType
=
Config
.
getType
(
c
.
get
(
"libdefaults"
,
"checksum_type"
)))
==
-
1
)
{
cksumType
=
Checksum
.
CKSUMTYPE_RSA_MD5
;
// default
}
}
}
catch
(
KrbException
e
)
{
}
return
getInstance
(
cksumType
);
}
public
abstract
int
confounderSize
();
public
abstract
int
cksumType
();
public
abstract
boolean
is
Safe
();
public
abstract
boolean
is
Keyed
();
public
abstract
int
cksumSize
();
...
...
@@ -150,18 +127,12 @@ public abstract class CksumType {
public
abstract
int
keySize
();
public
abstract
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
throws
KrbCryptoException
;
public
abstract
byte
[]
calculateKeyedChecksum
(
byte
[]
data
,
int
size
,
// Note: key and usage will be ignored for an unkeyed checksum.
public
abstract
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
;
public
boolean
verifyChecksum
(
byte
[]
data
,
byte
[]
checksum
)
throws
KrbCryptoException
{
throw
new
UnsupportedOperationException
(
"Not supported"
);
}
public
abstract
boolean
verifyKeyedChecksum
(
byte
[]
data
,
int
size
,
// Note: key and usage will be ignored for an unkeyed checksum.
public
abstract
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
;
public
static
boolean
isChecksumEqual
(
byte
[]
cksum1
,
byte
[]
cksum2
)
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/Crc32CksumType.java
浏览文件 @
b226215c
...
...
@@ -32,7 +32,6 @@ package sun.security.krb5.internal.crypto;
import
sun.security.krb5.*
;
import
sun.security.krb5.internal.*
;
import
java.util.zip.CRC32
;
public
class
Crc32CksumType
extends
CksumType
{
...
...
@@ -47,7 +46,7 @@ public class Crc32CksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_CRC32
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
false
;
}
...
...
@@ -63,18 +62,15 @@ public class Crc32CksumType extends CksumType {
return
0
;
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
crc32
.
byte2crc32sum_bytes
(
data
,
size
);
}
public
byte
[]
calculateKeyedChecksum
(
byte
[]
data
,
int
size
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
{
return
null
;
return
crc32
.
byte2crc32sum_bytes
(
data
,
size
)
;
}
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
{
return
false
;
return
CksumType
.
isChecksumEqual
(
checksum
,
crc32
.
byte2crc32sum_bytes
(
data
));
}
public
static
byte
[]
int2quad
(
long
input
)
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/DesCbcCrcEType.java
浏览文件 @
b226215c
...
...
@@ -53,7 +53,7 @@ public class DesCbcCrcEType extends DesCbcEType {
}
public
int
checksumType
()
{
return
Checksum
.
CKSUMTYPE_
CRC32
;
return
Checksum
.
CKSUMTYPE_
RSA_MD5
;
}
public
int
checksumSize
()
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/DesMacCksumType.java
浏览文件 @
b226215c
...
...
@@ -49,7 +49,7 @@ public class DesMacCksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_DES_MAC
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -65,10 +65,6 @@ public class DesMacCksumType extends CksumType {
return
8
;
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
null
;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
...
...
@@ -78,7 +74,7 @@ public class DesMacCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
byte
[]
new_data
=
new
byte
[
size
+
confounderSize
()];
byte
[]
conf
=
Confounder
.
bytes
(
confounderSize
());
...
...
@@ -130,7 +126,7 @@ public class DesMacCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
byte
[]
cksum
=
decryptKeyedChecksum
(
checksum
,
key
);
...
...
src/share/classes/sun/security/krb5/internal/crypto/DesMacKCksumType.java
浏览文件 @
b226215c
...
...
@@ -48,7 +48,7 @@ public class DesMacKCksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_DES_MAC_K
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -64,10 +64,6 @@ public class DesMacKCksumType extends CksumType {
return
8
;
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
null
;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
...
...
@@ -77,7 +73,7 @@ public class DesMacKCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
//check for weak keys
try
{
...
...
@@ -93,9 +89,9 @@ public class DesMacKCksumType extends CksumType {
return
cksum
;
}
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
byte
[]
new_cksum
=
calculate
Keyed
Checksum
(
data
,
data
.
length
,
key
,
usage
);
byte
[]
new_cksum
=
calculateChecksum
(
data
,
data
.
length
,
key
,
usage
);
return
isChecksumEqual
(
checksum
,
new_cksum
);
}
...
...
src/share/classes/sun/security/krb5/internal/crypto/HmacMd5ArcFourCksumType.java
浏览文件 @
b226215c
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005,
2019,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import
sun.security.krb5.Checksum
;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
import
javax.crypto.spec.DESKeySpec
;
import
java.security.InvalidKeyException
;
import
java.security.GeneralSecurityException
;
/**
...
...
@@ -51,7 +49,7 @@ public class HmacMd5ArcFourCksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_HMAC_MD5_ARCFOUR
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -67,10 +65,6 @@ public class HmacMd5ArcFourCksumType extends CksumType {
return
16
;
// bytes
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
null
;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
...
...
@@ -78,7 +72,7 @@ public class HmacMd5ArcFourCksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
@@ -98,7 +92,7 @@ public class HmacMd5ArcFourCksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes128CksumType.java
浏览文件 @
b226215c
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004,
2019,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import
sun.security.krb5.Checksum
;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
import
javax.crypto.spec.DESKeySpec
;
import
java.security.InvalidKeyException
;
import
java.security.GeneralSecurityException
;
/*
...
...
@@ -51,7 +49,7 @@ public class HmacSha1Aes128CksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_HMAC_SHA1_96_AES128
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -67,10 +65,6 @@ public class HmacSha1Aes128CksumType extends CksumType {
return
16
;
// bytes
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
null
;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
...
...
@@ -78,7 +72,7 @@ public class HmacSha1Aes128CksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
@@ -98,7 +92,7 @@ public class HmacSha1Aes128CksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes256CksumType.java
浏览文件 @
b226215c
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004,
2019,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import
sun.security.krb5.Checksum
;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
import
javax.crypto.spec.DESKeySpec
;
import
java.security.InvalidKeyException
;
import
java.security.GeneralSecurityException
;
/*
...
...
@@ -51,7 +49,7 @@ public class HmacSha1Aes256CksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_HMAC_SHA1_96_AES256
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -67,10 +65,6 @@ public class HmacSha1Aes256CksumType extends CksumType {
return
32
;
// bytes
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
null
;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
...
...
@@ -78,7 +72,7 @@ public class HmacSha1Aes256CksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
@@ -98,7 +92,7 @@ public class HmacSha1Aes256CksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Des3KdCksumType.java
浏览文件 @
b226215c
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004,
2019,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import
sun.security.krb5.Checksum
;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
import
javax.crypto.spec.DESKeySpec
;
import
java.security.InvalidKeyException
;
import
java.security.GeneralSecurityException
;
public
class
HmacSha1Des3KdCksumType
extends
CksumType
{
...
...
@@ -45,7 +43,7 @@ public class HmacSha1Des3KdCksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_HMAC_SHA1_DES3_KD
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -61,10 +59,6 @@ public class HmacSha1Des3KdCksumType extends CksumType {
return
24
;
// bytes
}
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
{
return
null
;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
...
...
@@ -72,7 +66,7 @@ public class HmacSha1Des3KdCksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
@@ -92,7 +86,7 @@ public class HmacSha1Des3KdCksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
try
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/RsaMd5CksumType.java
浏览文件 @
b226215c
...
...
@@ -33,8 +33,6 @@ import sun.security.krb5.Checksum;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
import
java.security.MessageDigest
;
import
java.security.Provider
;
import
java.security.Security
;
public
final
class
RsaMd5CksumType
extends
CksumType
{
...
...
@@ -49,7 +47,7 @@ public final class RsaMd5CksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_RSA_MD5
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
false
;
}
...
...
@@ -74,7 +72,8 @@ public final class RsaMd5CksumType extends CksumType {
* @modified by Yanni Zhang, 12/08/99.
*/
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
)
throws
KrbCryptoException
{
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
MessageDigest
md5
;
byte
[]
result
=
null
;
try
{
...
...
@@ -91,18 +90,9 @@ public final class RsaMd5CksumType extends CksumType {
return
result
;
}
public
byte
[]
calculateKeyedChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
return
null
;
}
public
boolean
verifyKeyedChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
return
false
;
}
@Override
public
boolean
verifyChecksum
(
byte
[]
data
,
byte
[]
checksum
)
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
try
{
byte
[]
calculated
=
MessageDigest
.
getInstance
(
"MD5"
).
digest
(
data
);
...
...
src/share/classes/sun/security/krb5/internal/crypto/RsaMd5DesCksumType.java
浏览文件 @
b226215c
...
...
@@ -33,12 +33,8 @@ import sun.security.krb5.Checksum;
import
sun.security.krb5.Confounder
;
import
sun.security.krb5.KrbCryptoException
;
import
sun.security.krb5.internal.*
;
import
javax.crypto.Cipher
;
import
javax.crypto.SecretKey
;
import
javax.crypto.spec.DESKeySpec
;
import
java.security.MessageDigest
;
import
java.security.Provider
;
import
java.security.Security
;
import
java.security.InvalidKeyException
;
public
final
class
RsaMd5DesCksumType
extends
CksumType
{
...
...
@@ -54,7 +50,7 @@ public final class RsaMd5DesCksumType extends CksumType {
return
Checksum
.
CKSUMTYPE_RSA_MD5_DES
;
}
public
boolean
is
Safe
()
{
public
boolean
is
Keyed
()
{
return
true
;
}
...
...
@@ -79,7 +75,7 @@ public final class RsaMd5DesCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public
byte
[]
calculate
Keyed
Checksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
public
byte
[]
calculateChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
{
//prepend confounder
byte
[]
new_data
=
new
byte
[
size
+
confounderSize
()];
...
...
@@ -88,7 +84,7 @@ public final class RsaMd5DesCksumType extends CksumType {
System
.
arraycopy
(
data
,
0
,
new_data
,
confounderSize
(),
size
);
//calculate md5 cksum
byte
[]
mdc_cksum
=
calculateChecksum
(
new_data
,
new_data
.
length
);
byte
[]
mdc_cksum
=
calculate
Raw
Checksum
(
new_data
,
new_data
.
length
);
byte
[]
cksum
=
new
byte
[
cksumSize
()];
System
.
arraycopy
(
conf
,
0
,
cksum
,
0
,
confounderSize
());
System
.
arraycopy
(
mdc_cksum
,
0
,
cksum
,
confounderSize
(),
...
...
@@ -125,7 +121,7 @@ public final class RsaMd5DesCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public
boolean
verify
Keyed
Checksum
(
byte
[]
data
,
int
size
,
public
boolean
verifyChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
{
//decrypt checksum
byte
[]
cksum
=
decryptKeyedChecksum
(
checksum
,
key
);
...
...
@@ -135,7 +131,7 @@ public final class RsaMd5DesCksumType extends CksumType {
System
.
arraycopy
(
cksum
,
0
,
new_data
,
0
,
confounderSize
());
System
.
arraycopy
(
data
,
0
,
new_data
,
confounderSize
(),
size
);
byte
[]
new_cksum
=
calculateChecksum
(
new_data
,
new_data
.
length
);
byte
[]
new_cksum
=
calculate
Raw
Checksum
(
new_data
,
new_data
.
length
);
//extract original cksum value
byte
[]
orig_cksum
=
new
byte
[
cksumSize
()
-
confounderSize
()];
System
.
arraycopy
(
cksum
,
confounderSize
(),
orig_cksum
,
0
,
...
...
@@ -181,7 +177,7 @@ public final class RsaMd5DesCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
p
ublic
byte
[]
calculate
Checksum
(
byte
[]
data
,
int
size
)
throws
KrbCryptoException
{
p
rivate
byte
[]
calculateRaw
Checksum
(
byte
[]
data
,
int
size
)
throws
KrbCryptoException
{
MessageDigest
md5
;
byte
[]
result
=
null
;
try
{
...
...
@@ -197,5 +193,4 @@ public final class RsaMd5DesCksumType extends CksumType {
}
return
result
;
}
}
test/sun/security/krb5/auto/KDC.java
浏览文件 @
b226215c
...
...
@@ -726,7 +726,7 @@ public class KDC {
* @return the key
* @throws sun.security.krb5.KrbException for unknown/unsupported etype
*/
private
EncryptionKey
keyForUser
(
PrincipalName
p
,
int
etype
,
boolean
server
)
EncryptionKey
keyForUser
(
PrincipalName
p
,
int
etype
,
boolean
server
)
throws
KrbException
{
try
{
// Do not call EncryptionKey.acquireSecretKeys(), otherwise
...
...
@@ -797,7 +797,7 @@ public class KDC {
int
e2
=
eTypes
[
0
];
// etype for outgoing session key
int
e3
=
eTypes
[
0
];
// etype for outgoing ticket
PAData
[]
pas
=
KDCReqDotPAData
(
tgsReq
)
;
PAData
[]
pas
=
tgsReq
.
pAData
;
Ticket
tkt
=
null
;
EncTicketPart
etp
=
null
;
...
...
@@ -828,7 +828,6 @@ public class KDC {
for
(
PAData
pa:
pas
)
{
if
(
pa
.
getType
()
==
Krb5
.
PA_TGS_REQ
)
{
APReq
apReq
=
new
APReq
(
pa
.
getValue
());
EncryptedData
ed
=
apReq
.
authenticator
;
tkt
=
apReq
.
ticket
;
int
te
=
tkt
.
encPart
.
getEType
();
EncryptionKey
kkey
=
keyForUser
(
tkt
.
sname
,
te
,
true
);
...
...
@@ -1282,7 +1281,7 @@ public class KDC {
outPAs
.
add
(
new
PAData
(
Krb5
.
PA_ETYPE_INFO
,
eid
.
toByteArray
()));
}
PAData
[]
inPAs
=
KDCReqDotPAData
(
asReq
)
;
PAData
[]
inPAs
=
asReq
.
pAData
;
List
<
PAData
>
enc_outPAs
=
new
ArrayList
<>();
byte
[]
paEncTimestamp
=
null
;
...
...
@@ -2100,7 +2099,6 @@ public class KDC {
}
// Calling private methods thru reflections
private
static
final
Field
getPADataField
;
private
static
final
Field
getEType
;
private
static
final
Constructor
<
EncryptedData
>
ctorEncryptedData
;
private
static
final
Method
stringToKey
;
...
...
@@ -2110,8 +2108,6 @@ public class KDC {
try
{
ctorEncryptedData
=
EncryptedData
.
class
.
getDeclaredConstructor
(
DerValue
.
class
);
ctorEncryptedData
.
setAccessible
(
true
);
getPADataField
=
KDCReq
.
class
.
getDeclaredField
(
"pAData"
);
getPADataField
.
setAccessible
(
true
);
getEType
=
KDCReqBody
.
class
.
getDeclaredField
(
"eType"
);
getEType
.
setAccessible
(
true
);
stringToKey
=
EncryptionKey
.
class
.
getDeclaredMethod
(
...
...
@@ -2133,13 +2129,6 @@ public class KDC {
throw
new
AssertionError
(
e
);
}
}
private
static
PAData
[]
KDCReqDotPAData
(
KDCReq
req
)
{
try
{
return
(
PAData
[])
getPADataField
.
get
(
req
);
}
catch
(
Exception
e
)
{
throw
new
AssertionError
(
e
);
}
}
private
static
int
[]
KDCReqBodyDotEType
(
KDCReqBody
body
)
{
try
{
return
(
int
[])
getEType
.
get
(
body
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录