Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
cd1f3995
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cd1f3995
编写于
10月 28, 2009
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6893158: AP_REQ check should use key version number
Reviewed-by: valeriep, xuelei
上级
5a304f4e
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
125 addition
and
6 deletion
+125
-6
src/share/classes/sun/security/krb5/EncryptionKey.java
src/share/classes/sun/security/krb5/EncryptionKey.java
+20
-4
src/share/classes/sun/security/krb5/KrbApReq.java
src/share/classes/sun/security/krb5/KrbApReq.java
+2
-1
src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
...share/classes/sun/security/krb5/internal/ktab/KeyTab.java
+22
-0
test/sun/security/krb5/auto/KDC.java
test/sun/security/krb5/auto/KDC.java
+11
-1
test/sun/security/krb5/auto/MoreKvno.java
test/sun/security/krb5/auto/MoreKvno.java
+70
-0
未找到文件。
src/share/classes/sun/security/krb5/EncryptionKey.java
浏览文件 @
cd1f3995
/*
* Portions Copyright 2000-200
7
Sun Microsystems, Inc. All Rights Reserved.
* Portions Copyright 2000-200
9
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -503,7 +503,19 @@ public class EncryptionKey
+
'\n'
));
}
/**
* Find a key with given etype
*/
public
static
EncryptionKey
findKey
(
int
etype
,
EncryptionKey
[]
keys
)
throws
KrbException
{
return
findKey
(
etype
,
null
,
keys
);
}
/**
* Find a key with given etype and kvno
* @param kvno if null, return any (first?) key
*/
public
static
EncryptionKey
findKey
(
int
etype
,
Integer
kvno
,
EncryptionKey
[]
keys
)
throws
KrbException
{
// check if encryption type is supported
...
...
@@ -516,7 +528,8 @@ public class EncryptionKey
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
ktype
=
keys
[
i
].
getEType
();
if
(
EType
.
isSupported
(
ktype
))
{
if
(
etype
==
ktype
)
{
Integer
kv
=
keys
[
i
].
getKeyVersionNumber
();
if
(
etype
==
ktype
&&
(
kvno
==
null
||
kvno
.
equals
(
kv
)))
{
return
keys
[
i
];
}
}
...
...
@@ -528,8 +541,11 @@ public class EncryptionKey
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
ktype
=
keys
[
i
].
getEType
();
if
(
ktype
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
ktype
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
return
new
EncryptionKey
(
etype
,
keys
[
i
].
getBytes
());
ktype
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
Integer
kv
=
keys
[
i
].
getKeyVersionNumber
();
if
(
kvno
==
null
||
kvno
.
equals
(
kv
))
{
return
new
EncryptionKey
(
etype
,
keys
[
i
].
getBytes
());
}
}
}
}
...
...
src/share/classes/sun/security/krb5/KrbApReq.java
浏览文件 @
cd1f3995
...
...
@@ -268,7 +268,8 @@ public class KrbApReq {
private
void
authenticate
(
EncryptionKey
[]
keys
,
InetAddress
initiator
)
throws
KrbException
,
IOException
{
int
encPartKeyType
=
apReqMessg
.
ticket
.
encPart
.
getEType
();
EncryptionKey
dkey
=
EncryptionKey
.
findKey
(
encPartKeyType
,
keys
);
Integer
kvno
=
apReqMessg
.
ticket
.
encPart
.
getKeyVersionNumber
();
EncryptionKey
dkey
=
EncryptionKey
.
findKey
(
encPartKeyType
,
kvno
,
keys
);
if
(
dkey
==
null
)
{
throw
new
KrbException
(
Krb5
.
API_INVALID_ARG
,
...
...
src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
浏览文件 @
cd1f3995
...
...
@@ -395,6 +395,28 @@ public class KeyTab implements KeyTabConstants {
}
}
/**
* Only used by KDC test. This method can specify kvno and does not
* remove any old keys.
*/
public
void
addEntry
(
PrincipalName
service
,
char
[]
psswd
,
int
kvno
)
throws
KrbException
{
EncryptionKey
[]
encKeys
=
EncryptionKey
.
acquireSecretKeys
(
psswd
,
service
.
getSalt
());
for
(
int
i
=
0
;
encKeys
!=
null
&&
i
<
encKeys
.
length
;
i
++)
{
int
keyType
=
encKeys
[
i
].
getEType
();
byte
[]
keyValue
=
encKeys
[
i
].
getBytes
();
KeyTabEntry
newEntry
=
new
KeyTabEntry
(
service
,
service
.
getRealm
(),
new
KerberosTime
(
System
.
currentTimeMillis
()),
kvno
,
keyType
,
keyValue
);
if
(
entries
==
null
)
entries
=
new
Vector
<
KeyTabEntry
>
();
entries
.
addElement
(
newEntry
);
}
}
/**
* Retrieves the key table entry with the specified service name.
...
...
test/sun/security/krb5/auto/KDC.java
浏览文件 @
cd1f3995
...
...
@@ -466,7 +466,17 @@ public class KDC {
// the krb5.conf config file would be loaded.
Method
stringToKey
=
EncryptionKey
.
class
.
getDeclaredMethod
(
"stringToKey"
,
char
[].
class
,
String
.
class
,
byte
[].
class
,
Integer
.
TYPE
);
stringToKey
.
setAccessible
(
true
);
return
new
EncryptionKey
((
byte
[])
stringToKey
.
invoke
(
null
,
getPassword
(
p
),
getSalt
(
p
),
null
,
etype
),
etype
,
null
);
Integer
kvno
=
null
;
// For service whose password ending with a number, use it as kvno
if
(
p
.
toString
().
indexOf
(
'/'
)
>=
0
)
{
char
[]
pass
=
getPassword
(
p
);
if
(
Character
.
isDigit
(
pass
[
pass
.
length
-
1
]))
{
kvno
=
pass
[
pass
.
length
-
1
]
-
'0'
;
}
}
return
new
EncryptionKey
((
byte
[])
stringToKey
.
invoke
(
null
,
getPassword
(
p
),
getSalt
(
p
),
null
,
etype
),
etype
,
kvno
);
}
catch
(
InvocationTargetException
ex
)
{
KrbException
ke
=
(
KrbException
)
ex
.
getCause
();
throw
ke
;
...
...
test/sun/security/krb5/auto/MoreKvno.java
0 → 100644
浏览文件 @
cd1f3995
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6893158
* @summary AP_REQ check should use key version number
*/
import
sun.security.jgss.GSSUtil
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.krb5.internal.ktab.KeyTab
;
public
class
MoreKvno
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
OneKDC
kdc
=
new
OneKDC
(
null
);
kdc
.
writeJAASConf
();
// Rewrite keytab, 3 set of keys with different kvno
KeyTab
ktab
=
KeyTab
.
create
(
OneKDC
.
KTAB
);
PrincipalName
p
=
new
PrincipalName
(
OneKDC
.
SERVER
+
"@"
+
OneKDC
.
REALM
,
PrincipalName
.
KRB_NT_SRV_HST
);
ktab
.
addEntry
(
p
,
"pass0"
.
toCharArray
(),
0
);
ktab
.
addEntry
(
p
,
"pass2"
.
toCharArray
(),
2
);
ktab
.
addEntry
(
p
,
"pass1"
.
toCharArray
(),
1
);
ktab
.
save
();
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
"pass1"
.
toCharArray
());
go
(
OneKDC
.
SERVER
,
"com.sun.security.jgss.krb5.accept"
);
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
"pass2"
.
toCharArray
());
// "server" initiate also, check pass2 is used at authentication
go
(
OneKDC
.
SERVER
,
"server"
);
}
static
void
go
(
String
server
,
String
entry
)
throws
Exception
{
Context
c
,
s
;
c
=
Context
.
fromUserPass
(
"dummy"
,
"bogus"
.
toCharArray
(),
false
);
s
=
Context
.
fromJAAS
(
entry
);
c
.
startAsClient
(
server
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_KRB5_MECH_OID
);
Context
.
handshake
(
c
,
s
);
s
.
dispose
();
c
.
dispose
();
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录