Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
dfe395b0
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
dfe395b0
编写于
12月 24, 2009
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6907425: JCK Kerberos tests fail since b77
Reviewed-by: valeriep
上级
7737ea18
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
76 addition
and
13 deletion
+76
-13
src/share/classes/sun/security/krb5/EncryptionKey.java
src/share/classes/sun/security/krb5/EncryptionKey.java
+29
-3
test/sun/security/krb5/auto/KDC.java
test/sun/security/krb5/auto/KDC.java
+3
-2
test/sun/security/krb5/auto/MoreKvno.java
test/sun/security/krb5/auto/MoreKvno.java
+44
-8
未找到文件。
src/share/classes/sun/security/krb5/EncryptionKey.java
浏览文件 @
dfe395b0
...
...
@@ -511,6 +511,23 @@ public class EncryptionKey
return
findKey
(
etype
,
null
,
keys
);
}
/**
* Determines if a kvno matches another kvno. Used in the method
* findKey(type, kvno, keys). Always returns true if either input
* is null or zero, in case any side does not have kvno info available.
*
* Note: zero is included because N/A is not a legal value for kvno
* in javax.security.auth.kerberos.KerberosKey. Therefore, the info
* that the kvno is N/A might be lost when converting between this
* class and KerberosKey.
*/
private
static
boolean
versionMatches
(
Integer
v1
,
Integer
v2
)
{
if
(
v1
==
null
||
v1
==
0
||
v2
==
null
||
v2
==
0
)
{
return
true
;
}
return
v1
.
equals
(
v2
);
}
/**
* Find a key with given etype and kvno
* @param kvno if null, return any (first?) key
...
...
@@ -525,15 +542,20 @@ public class EncryptionKey
}
int
ktype
;
boolean
etypeFound
=
false
;
for
(
int
i
=
0
;
i
<
keys
.
length
;
i
++)
{
ktype
=
keys
[
i
].
getEType
();
if
(
EType
.
isSupported
(
ktype
))
{
Integer
kv
=
keys
[
i
].
getKeyVersionNumber
();
if
(
etype
==
ktype
&&
(
kvno
==
null
||
kvno
.
equals
(
kv
)))
{
return
keys
[
i
];
if
(
etype
==
ktype
)
{
etypeFound
=
true
;
if
(
versionMatches
(
kvno
,
kv
))
{
return
keys
[
i
];
}
}
}
}
// Key not found.
// allow DES key to be used for the DES etypes
if
((
etype
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
...
...
@@ -543,12 +565,16 @@ public class EncryptionKey
if
(
ktype
==
EncryptedData
.
ETYPE_DES_CBC_CRC
||
ktype
==
EncryptedData
.
ETYPE_DES_CBC_MD5
)
{
Integer
kv
=
keys
[
i
].
getKeyVersionNumber
();
if
(
kvno
==
null
||
kvno
.
equals
(
kv
))
{
etypeFound
=
true
;
if
(
versionMatches
(
kvno
,
kv
))
{
return
new
EncryptionKey
(
etype
,
keys
[
i
].
getBytes
());
}
}
}
}
if
(
etypeFound
)
{
throw
new
KrbException
(
Krb5
.
KRB_AP_ERR_BADKEYVER
);
}
return
null
;
}
}
test/sun/security/krb5/auto/KDC.java
浏览文件 @
dfe395b0
...
...
@@ -484,8 +484,9 @@ public class KDC {
Method
stringToKey
=
EncryptionKey
.
class
.
getDeclaredMethod
(
"stringToKey"
,
char
[].
class
,
String
.
class
,
byte
[].
class
,
Integer
.
TYPE
);
stringToKey
.
setAccessible
(
true
);
Integer
kvno
=
null
;
// For service whose password ending with a number, use it as kvno
if
(
p
.
toString
().
indexOf
(
'/'
)
>=
0
)
{
// For service whose password ending with a number, use it as kvno.
// Kvno must be postive.
if
(
p
.
toString
().
indexOf
(
'/'
)
>
0
)
{
char
[]
pass
=
getPassword
(
p
,
server
);
if
(
Character
.
isDigit
(
pass
[
pass
.
length
-
1
]))
{
kvno
=
pass
[
pass
.
length
-
1
]
-
'0'
;
...
...
test/sun/security/krb5/auto/MoreKvno.java
浏览文件 @
dfe395b0
...
...
@@ -24,15 +24,20 @@
/*
* @test
* @bug 6893158
* @bug 6907425
* @summary AP_REQ check should use key version number
*/
import
org.ietf.jgss.GSSException
;
import
sun.security.jgss.GSSUtil
;
import
sun.security.krb5.KrbException
;
import
sun.security.krb5.PrincipalName
;
import
sun.security.krb5.internal.ktab.KeyTab
;
import
sun.security.krb5.internal.Krb5
;
public
class
MoreKvno
{
static
PrincipalName
p
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
...
...
@@ -41,21 +46,40 @@ public class MoreKvno {
// Rewrite keytab, 3 set of keys with different kvno
KeyTab
ktab
=
KeyTab
.
create
(
OneKDC
.
KTAB
);
PrincipalName
p
=
new
PrincipalName
(
OneKDC
.
SERVER
+
"@"
+
OneKDC
.
REALM
,
PrincipalName
.
KRB_NT_SRV_HST
);
ktab
.
addEntry
(
p
,
"pass0"
.
toCharArray
(),
0
);
ktab
.
addEntry
(
p
,
"pass2"
.
toCharArray
(),
2
);
p
=
new
PrincipalName
(
OneKDC
.
SERVER
+
"@"
+
OneKDC
.
REALM
,
PrincipalName
.
KRB_NT_SRV_HST
);
ktab
.
addEntry
(
p
,
"pass1"
.
toCharArray
(),
1
);
ktab
.
addEntry
(
p
,
"pass3"
.
toCharArray
(),
3
);
ktab
.
addEntry
(
p
,
"pass2"
.
toCharArray
(),
2
);
ktab
.
save
();
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
"pass1"
.
toCharArray
());
go
(
OneKDC
.
SERVER
,
"com.sun.security.jgss.krb5.accept"
);
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
"pass2"
.
toCharArray
());
char
[]
pass
=
"pass2"
.
toCharArray
();
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
pass
);
go
(
OneKDC
.
SERVER
,
"com.sun.security.jgss.krb5.accept"
,
pass
);
pass
=
"pass3"
.
toCharArray
();
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
pass
);
// "server" initiate also, check pass2 is used at authentication
go
(
OneKDC
.
SERVER
,
"server"
);
go
(
OneKDC
.
SERVER
,
"server"
,
pass
);
try
{
pass
=
"pass4"
.
toCharArray
();
kdc
.
addPrincipal
(
OneKDC
.
SERVER
,
pass
);
go
(
OneKDC
.
SERVER
,
"com.sun.security.jgss.krb5.accept"
,
pass
);
throw
new
Exception
(
"This test should fail"
);
}
catch
(
GSSException
gsse
)
{
KrbException
ke
=
(
KrbException
)
gsse
.
getCause
();
if
(
ke
.
returnCode
()
!=
Krb5
.
KRB_AP_ERR_BADKEYVER
)
{
throw
new
Exception
(
"Not expected failure code: "
+
ke
.
returnCode
());
}
}
}
static
void
go
(
String
server
,
String
entry
)
throws
Exception
{
static
void
go
(
String
server
,
String
entry
,
char
[]
pass
)
throws
Exception
{
Context
c
,
s
;
// Part 1: Test keytab
c
=
Context
.
fromUserPass
(
"dummy"
,
"bogus"
.
toCharArray
(),
false
);
s
=
Context
.
fromJAAS
(
entry
);
...
...
@@ -66,5 +90,17 @@ public class MoreKvno {
s
.
dispose
();
c
.
dispose
();
// Part 2: Test username/password pair
c
=
Context
.
fromUserPass
(
"dummy"
,
"bogus"
.
toCharArray
(),
false
);
s
=
Context
.
fromUserPass
(
p
.
getNameString
(),
pass
,
true
);
c
.
startAsClient
(
server
,
GSSUtil
.
GSS_KRB5_MECH_OID
);
s
.
startAsServer
(
GSSUtil
.
GSS_KRB5_MECH_OID
);
Context
.
handshake
(
c
,
s
);
s
.
dispose
();
c
.
dispose
();
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录