diff --git a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java index afb9b3e94a559cfeee86fd5e8f3d58bcc84af791..ee5ed5a9229797b3f93e470dde01d3a8dbed7d69 100644 --- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java +++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java @@ -34,6 +34,7 @@ import java.security.KeyRep; import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.security.spec.InvalidKeySpecException; import javax.crypto.Mac; import javax.crypto.SecretKey; @@ -107,12 +108,17 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey { throw new InvalidKeySpecException("Key length is negative"); } try { - this.prf = Mac.getInstance(prfAlgo, new SunJCE()); + this.prf = Mac.getInstance(prfAlgo, "SunJCE"); } catch (NoSuchAlgorithmException nsae) { // not gonna happen; re-throw just in case InvalidKeySpecException ike = new InvalidKeySpecException(); ike.initCause(nsae); throw ike; + } catch (NoSuchProviderException nspe) { + // Again, not gonna happen; re-throw just in case + InvalidKeySpecException ike = new InvalidKeySpecException(); + ike.initCause(nspe); + throw ike; } this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength); } diff --git a/src/share/classes/java/net/AbstractPlainSocketImpl.java b/src/share/classes/java/net/AbstractPlainSocketImpl.java index ffc23824b61f10c4263ae057e2208109290b5c90..41c39f0e15f403693f83ef9fa3ab5fcd690bfc48 100644 --- a/src/share/classes/java/net/AbstractPlainSocketImpl.java +++ b/src/share/classes/java/net/AbstractPlainSocketImpl.java @@ -664,7 +664,6 @@ abstract class AbstractPlainSocketImpl extends SocketImpl abstract void socketSetOption(int cmd, boolean on, Object value) throws SocketException; abstract int socketGetOption(int opt, Object iaContainerObj) throws SocketException; - abstract int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd) throws SocketException; abstract void socketSendUrgentData(int data) throws IOException; diff --git a/src/share/classes/java/net/InterfaceAddress.java b/src/share/classes/java/net/InterfaceAddress.java index e352c35f80b6d3dfe18f04f5d1e278570c252f8f..66a65358cbcc5929ab3412b8243a37cd87ef66fc 100644 --- a/src/share/classes/java/net/InterfaceAddress.java +++ b/src/share/classes/java/net/InterfaceAddress.java @@ -103,11 +103,9 @@ public class InterfaceAddress { return false; } InterfaceAddress cmp = (InterfaceAddress) obj; - if ((address != null & cmp.address == null) || - (!address.equals(cmp.address))) + if ( !(address == null ? cmp.address == null : address.equals(cmp.address)) ) return false; - if ((broadcast != null & cmp.broadcast == null) || - (!broadcast.equals(cmp.broadcast))) + if ( !(broadcast == null ? cmp.broadcast == null : broadcast.equals(cmp.broadcast)) ) return false; if (maskLength != cmp.maskLength) return false; diff --git a/src/share/classes/java/net/NetworkInterface.java b/src/share/classes/java/net/NetworkInterface.java index 8b2899c48d950df8cf5bd4602b92a6f47771b694..0ce3a8d580bb934d54c94d03f73202d9dacf08f7 100644 --- a/src/share/classes/java/net/NetworkInterface.java +++ b/src/share/classes/java/net/NetworkInterface.java @@ -425,8 +425,6 @@ public final class NetworkInterface { return virtual; } - private native static long getSubnet0(String name, int ind) throws SocketException; - private native static Inet4Address getBroadcast0(String name, int ind) throws SocketException; private native static boolean isUp0(String name, int ind) throws SocketException; private native static boolean isLoopback0(String name, int ind) throws SocketException; private native static boolean supportsMulticast0(String name, int ind) throws SocketException; diff --git a/src/share/classes/java/net/Socket.java b/src/share/classes/java/net/Socket.java index 48442541689011cd8baa2cdb05bf686e0bb395d9..5dd5f7f2e4151567edff467d2055bca5c085792e 100644 --- a/src/share/classes/java/net/Socket.java +++ b/src/share/classes/java/net/Socket.java @@ -731,7 +731,8 @@ class Socket implements java.io.Closeable { * then this method will continue to return the connected address * after the socket is closed. * - * @return a SocketAddress reprensenting the remote endpoint of this + + * @return a SocketAddress representing the remote endpoint of this * socket, or null if it is not connected yet. * @see #getInetAddress() * @see #getPort() diff --git a/src/share/classes/java/net/URLConnection.java b/src/share/classes/java/net/URLConnection.java index c1236bd3a63df882dc1dc17bf76943bda07437e9..a78032a2fcc91d510a5fa0a5f26a1aa6243b6660 100644 --- a/src/share/classes/java/net/URLConnection.java +++ b/src/share/classes/java/net/URLConnection.java @@ -1072,7 +1072,7 @@ public abstract class URLConnection { * properties to be appended into a single property. * * @param key the keyword by which the request is known - * (e.g., "accept"). + * (e.g., "Accept"). * @param value the value associated with it. * @throws IllegalStateException if already connected * @throws NullPointerException if key is null @@ -1096,7 +1096,7 @@ public abstract class URLConnection { * existing values associated with the same key. * * @param key the keyword by which the request is known - * (e.g., "accept"). + * (e.g., "Accept"). * @param value the value associated with it. * @throws IllegalStateException if already connected * @throws NullPointerException if key is null @@ -1120,7 +1120,7 @@ public abstract class URLConnection { * Returns the value of the named general request property for this * connection. * - * @param key the keyword by which the request is known (e.g., "accept"). + * @param key the keyword by which the request is known (e.g., "Accept"). * @return the value of the named general request property for this * connection. If key is null, then null is returned. * @throws IllegalStateException if already connected @@ -1164,7 +1164,7 @@ public abstract class URLConnection { * these properties. * * @param key the keyword by which the request is known - * (e.g., "accept"). + * (e.g., "Accept"). * @param value the value associated with the key. * * @see java.net.URLConnection#setRequestProperty(java.lang.String,java.lang.String) @@ -1183,7 +1183,7 @@ public abstract class URLConnection { * Returns the value of the default request property. Default request * properties are set for every connection. * - * @param key the keyword by which the request is known (e.g., "accept"). + * @param key the keyword by which the request is known (e.g., "Accept"). * @return the value of the default request property * for the specified key. * diff --git a/src/share/classes/java/security/AccessControlContext.java b/src/share/classes/java/security/AccessControlContext.java index 601bc40ba56551756d95ae4f369eb5b6f9ba9c2e..0a9cfb85b5e408b8857c577544bde0417e38c364 100644 --- a/src/share/classes/java/security/AccessControlContext.java +++ b/src/share/classes/java/security/AccessControlContext.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -322,7 +322,7 @@ public final class AccessControlContext { debug.println("access denied " + perm); } - if (Debug.isOn("failure")) { + if (Debug.isOn("failure") && debug != null) { // Want to make sure this is always displayed for failure, // but do not want to display again if already displayed // above. diff --git a/src/share/classes/java/security/KeyStore.java b/src/share/classes/java/security/KeyStore.java index f19a231bfbdc81a4f1bbaaeb3f5902585ef740db..ced20e274463073bbfe3c859a236b68d617e501b 100644 --- a/src/share/classes/java/security/KeyStore.java +++ b/src/share/classes/java/security/KeyStore.java @@ -789,7 +789,7 @@ public class KeyStore { * @param alias the alias name * * @return the certificate chain (ordered with the user's certificate first - * and the root certificate authority last), or null if the given alias + * followed by zero or more certificate authorities), or null if the given alias * does not exist or does not contain a certificate chain * * @exception KeyStoreException if the keystore has not been initialized diff --git a/src/share/classes/javax/security/cert/X509Certificate.java b/src/share/classes/javax/security/cert/X509Certificate.java index e5849e5c5206ab53d732abf959c9a5a1f4318d13..14ccaffaffd2ee42ad97af29b89204ca3ea3c8f5 100644 --- a/src/share/classes/javax/security/cert/X509Certificate.java +++ b/src/share/classes/javax/security/cert/X509Certificate.java @@ -363,7 +363,7 @@ public abstract class X509Certificate extends Certificate { * subject Name * * - *

See getIssuerDN for Name + *

See {@link #getIssuerDN() getIssuerDN} for Name * and other relevant definitions. * * @return a Principal whose name is the subject name. @@ -393,7 +393,7 @@ public abstract class X509Certificate extends Certificate { /** * Gets the notAfter date from the validity period of - * the certificate. See getNotBefore + * the certificate. See {@link #getNotBefore() getNotBefore} * for relevant ASN.1 definitions. * * @return the end date of the validity period. @@ -429,7 +429,7 @@ public abstract class X509Certificate extends Certificate { * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 * with DSA signature algorithm, as per the PKIX part I. * - *

See getSigAlgName for + *

See {@link #getSigAlgName() getSigAlgName} for * relevant ASN.1 definitions. * * @return the signature algorithm OID string. @@ -442,7 +442,7 @@ public abstract class X509Certificate extends Certificate { * algorithm parameters are null; the parameters are usually * supplied with the certificate's public key. * - *

See getSigAlgName for + *

See {@link #getSigAlgName() getSigAlgName} for * relevant ASN.1 definitions. * * @return the DER-encoded signature algorithm parameters, or diff --git a/src/share/classes/sun/net/www/http/ChunkedOutputStream.java b/src/share/classes/sun/net/www/http/ChunkedOutputStream.java index a06b5afe22867fc2f7c7f883a667014ec3b489e7..5f4a7902f622b51fa7747cfac62bac70318a6d6c 100644 --- a/src/share/classes/sun/net/www/http/ChunkedOutputStream.java +++ b/src/share/classes/sun/net/www/http/ChunkedOutputStream.java @@ -177,14 +177,23 @@ public class ChunkedOutputStream extends PrintStream { return; } - if (len > MAX_BUF_SIZE) { + int l = preferredChunkSize - count; + + if ((len > MAX_BUF_SIZE) && (len > l)) { + /* current chunk is empty just write the data */ + if (count == 0) { + count = len; + flush (b, false, off); + return; + } + /* first finish the current chunk */ - int l = preferredChunkSize - count; if (l > 0) { System.arraycopy(b, off, buf, count, l); count = preferredChunkSize; flush(buf, false); } + count = len - l; /* Now write the rest of the data */ flush (b, false, l+off); diff --git a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index af0bd046f4c81b225609fcd2afe993f792ac5546..ef439005318a8152e9a447124dda5c8d2ad23811 100644 --- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -64,11 +64,6 @@ import java.text.SimpleDateFormat; import java.util.TimeZone; import java.net.MalformedURLException; import java.nio.ByteBuffer; -import java.nio.channels.ReadableByteChannel; -import java.nio.channels.WritableByteChannel; -import java.nio.channels.Selector; -import java.nio.channels.SelectionKey; -import java.nio.channels.SelectableChannel; import java.lang.reflect.*; /** @@ -823,6 +818,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * - get input, [read input,] get output, [write output] */ + @Override public synchronized OutputStream getOutputStream() throws IOException { try { @@ -924,11 +920,11 @@ public class HttpURLConnection extends java.net.HttpURLConnection { if (l != null && !l.isEmpty()) { StringBuilder cookieValue = new StringBuilder(); for (String value : l) { - cookieValue.append(value).append(';'); + cookieValue.append(value).append("; "); } - // strip off the ending ;-sign + // strip off the trailing '; ' try { - requests.add(key, cookieValue.substring(0, cookieValue.length() - 1)); + requests.add(key, cookieValue.substring(0, cookieValue.length() - 2)); } catch (StringIndexOutOfBoundsException ignored) { // no-op } @@ -947,6 +943,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } // end of getting cookies } + @Override + @SuppressWarnings("empty-statement") public synchronized InputStream getInputStream() throws IOException { if (!doInput) { @@ -1380,6 +1378,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } } + @Override public InputStream getErrorStream() { if (connected && responseCode >= 400) { // Client Error 4xx and Server Error 5xx @@ -2047,6 +2046,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { */ private void disconnectInternal() { responseCode = -1; + inputStream = null; if (pi != null) { pi.finishTracking(); pi = null; @@ -2145,6 +2145,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * Gets a header field by name. Returns null if not known. * @param name the name of the header field */ + @Override public String getHeaderField(String name) { try { getInputStream(); @@ -2167,6 +2168,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @return a Map of header fields * @since 1.4 */ + @Override public Map> getHeaderFields() { try { getInputStream(); @@ -2183,6 +2185,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * Gets a header field by index. Returns null if not known. * @param n the index of the header field */ + @Override public String getHeaderField(int n) { try { getInputStream(); @@ -2198,6 +2201,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * Gets a header field by index. Returns null if not known. * @param n the index of the header field */ + @Override public String getHeaderFieldKey(int n) { try { getInputStream(); @@ -2215,6 +2219,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * exists, overwrite its value with the new value. * @param value the value to be set */ + @Override public void setRequestProperty(String key, String value) { if (connected) throw new IllegalStateException("Already connected"); @@ -2236,6 +2241,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @see #getRequestProperties(java.lang.String) * @since 1.4 */ + @Override public void addRequestProperty(String key, String value) { if (connected) throw new IllegalStateException("Already connected"); @@ -2255,6 +2261,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { requests.set(key, value); } + @Override public String getRequestProperty (String key) { // don't return headers containing security sensitive information if (key != null) { @@ -2279,6 +2286,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @throws IllegalStateException if already connected * @since 1.4 */ + @Override public Map> getRequestProperties() { if (connected) throw new IllegalStateException("Already connected"); @@ -2287,6 +2295,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { return requests.getHeaders(EXCLUDE_HEADERS); } + @Override public void setConnectTimeout(int timeout) { if (timeout < 0) throw new IllegalArgumentException("timeouts can't be negative"); @@ -2306,6 +2315,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @see java.net.URLConnection#connect() * @since 1.5 */ + @Override public int getConnectTimeout() { return (connectTimeout < 0 ? 0 : connectTimeout); } @@ -2330,6 +2340,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @see java.io.InputStream#read() * @since 1.5 */ + @Override public void setReadTimeout(int timeout) { if (timeout < 0) throw new IllegalArgumentException("timeouts can't be negative"); @@ -2347,10 +2358,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @see java.io.InputStream#read() * @since 1.5 */ + @Override public int getReadTimeout() { return readTimeout < 0 ? 0 : readTimeout; } + @Override protected void finalize() { // this should do nothing. The stream finalizer will close // the fd @@ -2425,6 +2438,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @see java.io.FilterInputStream#in * @see java.io.FilterInputStream#reset() */ + @Override public synchronized void mark(int readlimit) { super.mark(readlimit); if (cacheRequest != null) { @@ -2454,6 +2468,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * @see java.io.FilterInputStream#in * @see java.io.FilterInputStream#mark(int) */ + @Override public synchronized void reset() throws IOException { super.reset(); if (cacheRequest != null) { @@ -2462,6 +2477,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } } + @Override public int read() throws IOException { try { byte[] b = new byte[1]; @@ -2475,10 +2491,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } } + @Override public int read(byte[] b) throws IOException { return read(b, 0, b.length); } + @Override public int read(byte[] b, int off, int len) throws IOException { try { int newLen = super.read(b, off, len); @@ -2509,6 +2527,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } } + @Override public void close () throws IOException { try { if (outputStream != null) { @@ -2553,6 +2572,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { error = false; } + @Override public void write (int b) throws IOException { checkError(); written ++; @@ -2562,10 +2582,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection { out.write (b); } + @Override public void write (byte[] b) throws IOException { write (b, 0, b.length); } + @Override public void write (byte[] b, int off, int len) throws IOException { checkError(); written += len; @@ -2596,6 +2618,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { return closed && ! error; } + @Override public void close () throws IOException { if (closed) { return; @@ -2714,6 +2737,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } } + @Override public int available() throws IOException { if (is == null) { return buffer.remaining(); @@ -2728,10 +2752,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection { return (ret == -1? ret : (b[0] & 0x00FF)); } + @Override public int read(byte[] b) throws IOException { return read(b, 0, b.length); } + @Override public int read(byte[] b, int off, int len) throws IOException { int rem = buffer.remaining(); if (rem > 0) { @@ -2747,6 +2773,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } } + @Override public void close() throws IOException { buffer = null; if (is != null) { @@ -2763,6 +2790,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { class EmptyInputStream extends InputStream { + @Override public int available() { return 0; } diff --git a/src/share/classes/sun/net/www/protocol/https/HttpsClient.java b/src/share/classes/sun/net/www/protocol/https/HttpsClient.java index 7f82e993161999189b40b1f600d236e351086494..d21425680c810a14b4b210b6cc46212fcf3401b6 100644 --- a/src/share/classes/sun/net/www/protocol/https/HttpsClient.java +++ b/src/share/classes/sun/net/www/protocol/https/HttpsClient.java @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -518,6 +518,16 @@ final class HttpsClient extends HttpClient kac.put(url, sslSocketFactory, this); } + /* + * Close an idle connection to this URL (if it exists in the cache). + */ + public void closeIdleConnection() { + HttpClient http = (HttpClient) kac.get(url, sslSocketFactory); + if (http != null) { + http.closeServer(); + } + } + /** * Returns the cipher suite in use on this connection. */ diff --git a/src/share/classes/sun/net/www/protocol/mailto/MailToURLConnection.java b/src/share/classes/sun/net/www/protocol/mailto/MailToURLConnection.java index d939ce5515b9425f8cc05fb2ab1c31cbf360d592..53367aead964b056baebb18560f63c88e14ac3f5 100644 --- a/src/share/classes/sun/net/www/protocol/mailto/MailToURLConnection.java +++ b/src/share/classes/sun/net/www/protocol/mailto/MailToURLConnection.java @@ -29,9 +29,6 @@ import java.net.URL; import java.net.InetAddress; import java.net.SocketPermission; import java.io.*; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.StringTokenizer; import java.security.Permission; import sun.net.www.*; import sun.net.smtp.SmtpClient; @@ -86,11 +83,11 @@ public class MailToURLConnection extends URLConnection { } public void connect() throws IOException { - System.err.println("connect. Timeout = " + connectTimeout); client = new SmtpClient(connectTimeout); client.setReadTimeout(readTimeout); } + @Override public synchronized OutputStream getOutputStream() throws IOException { if (os != null) { return os; @@ -107,6 +104,7 @@ public class MailToURLConnection extends URLConnection { return os; } + @Override public Permission getPermission() throws IOException { if (permission == null) { connect(); @@ -116,22 +114,26 @@ public class MailToURLConnection extends URLConnection { return permission; } + @Override public void setConnectTimeout(int timeout) { if (timeout < 0) throw new IllegalArgumentException("timeouts can't be negative"); connectTimeout = timeout; } + @Override public int getConnectTimeout() { return (connectTimeout < 0 ? 0 : connectTimeout); } + @Override public void setReadTimeout(int timeout) { if (timeout < 0) throw new IllegalArgumentException("timeouts can't be negative"); readTimeout = timeout; } + @Override public int getReadTimeout() { return readTimeout < 0 ? 0 : readTimeout; } diff --git a/src/share/classes/sun/security/krb5/Config.java b/src/share/classes/sun/security/krb5/Config.java index 013fd1da1365c4f092e54417ac4fe367f1e607ab..a65ec8687497622681cbd304d55db431274812e6 100644 --- a/src/share/classes/sun/security/krb5/Config.java +++ b/src/share/classes/sun/security/krb5/Config.java @@ -1040,11 +1040,12 @@ public class Config { * Check if need to use DNS to locate Kerberos services */ public boolean useDNS(String name) { - boolean value = getDefaultBooleanValue(name, "libdefaults"); - if (value == false) { - value = getDefaultBooleanValue("dns_fallback", "libdefaults"); + String value = getDefault(name, "libdefaults"); + if (value == null) { + return getDefaultBooleanValue("dns_fallback", "libdefaults"); + } else { + return value.equalsIgnoreCase("true"); } - return value; } /** diff --git a/src/share/classes/sun/security/krb5/KrbTgsReq.java b/src/share/classes/sun/security/krb5/KrbTgsReq.java index 328e255e0d64ec25d566b86583bc722c25d13136..0cc54e17c454ffdc77ba4ab7f9ba2ae1639fb24c 100644 --- a/src/share/classes/sun/security/krb5/KrbTgsReq.java +++ b/src/share/classes/sun/security/krb5/KrbTgsReq.java @@ -75,108 +75,108 @@ public class KrbTgsReq extends KrbKdcReq { null); // EncryptionKey subSessionKey } - // Called by Credentials, KrbCred - KrbTgsReq( - KDCOptions options, - Credentials asCreds, - PrincipalName sname, - KerberosTime from, - KerberosTime till, - KerberosTime rtime, - int[] eTypes, - HostAddresses addresses, - AuthorizationData authorizationData, - Ticket[] additionalTickets, - EncryptionKey subKey) throws KrbException, IOException { - - princName = asCreds.client; - servName = sname; - ctime = new KerberosTime(KerberosTime.NOW); - - - // check if they are valid arguments. The optional fields - // should be consistent with settings in KDCOptions. - if (options.get(KDCOptions.FORWARDABLE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.FORWARDED)) { - if (!(asCreds.flags.get(KDCOptions.FORWARDABLE))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.PROXIABLE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_PROXIABLE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.PROXY)) { - if (!(asCreds.flags.get(KDCOptions.PROXIABLE))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.ALLOW_POSTDATE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_MAY_POSTDATE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.RENEWABLE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_RENEWABLE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - - if (options.get(KDCOptions.POSTDATED)) { - if (!(asCreds.flags.get(KDCOptions.POSTDATED))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } else { - if (from != null) from = null; - } - if (options.get(KDCOptions.RENEWABLE)) { - if (!(asCreds.flags.get(KDCOptions.RENEWABLE))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } else { - if (rtime != null) rtime = null; - } - if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) { - if (additionalTickets == null) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - // in TGS_REQ there could be more than one additional - // tickets, but in file-based credential cache, - // there is only one additional ticket field. - secondTicket = additionalTickets[0]; - } else { - if (additionalTickets != null) - additionalTickets = null; - } - - tgsReqMessg = createRequest( - options, - asCreds.ticket, - asCreds.key, - ctime, - princName, - princName.getRealm(), - servName, - from, - till, - rtime, - eTypes, - addresses, - authorizationData, - additionalTickets, - subKey); - obuf = tgsReqMessg.asn1Encode(); - - // XXX We need to revisit this to see if can't move it - // up such that FORWARDED flag set in the options - // is included in the marshaled request. - /* - * If this is based on a forwarded ticket, record that in the - * options, because the returned TgsRep will contain the - * FORWARDED flag set. - */ - if (asCreds.flags.get(KDCOptions.FORWARDED)) - options.set(KDCOptions.FORWARDED, true); - + // Called by Credentials, KrbCred + KrbTgsReq( + KDCOptions options, + Credentials asCreds, + PrincipalName sname, + KerberosTime from, + KerberosTime till, + KerberosTime rtime, + int[] eTypes, + HostAddresses addresses, + AuthorizationData authorizationData, + Ticket[] additionalTickets, + EncryptionKey subKey) throws KrbException, IOException { + + princName = asCreds.client; + servName = sname; + ctime = new KerberosTime(KerberosTime.NOW); + + + // check if they are valid arguments. The optional fields + // should be consistent with settings in KDCOptions. + if (options.get(KDCOptions.FORWARDABLE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.FORWARDED)) { + if (!(asCreds.flags.get(KDCOptions.FORWARDABLE))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.PROXIABLE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_PROXIABLE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.PROXY)) { + if (!(asCreds.flags.get(KDCOptions.PROXIABLE))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.ALLOW_POSTDATE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_MAY_POSTDATE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.RENEWABLE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_RENEWABLE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.POSTDATED)) { + if (!(asCreds.flags.get(KDCOptions.POSTDATED))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } else { + if (from != null) from = null; + } + if (options.get(KDCOptions.RENEWABLE)) { + if (!(asCreds.flags.get(KDCOptions.RENEWABLE))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } else { + if (rtime != null) rtime = null; + } + if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) { + if (additionalTickets == null) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + // in TGS_REQ there could be more than one additional + // tickets, but in file-based credential cache, + // there is only one additional ticket field. + secondTicket = additionalTickets[0]; + } else { + if (additionalTickets != null) + additionalTickets = null; } + tgsReqMessg = createRequest( + options, + asCreds.ticket, + asCreds.key, + ctime, + princName, + princName.getRealm(), + servName, + from, + till, + rtime, + eTypes, + addresses, + authorizationData, + additionalTickets, + subKey); + obuf = tgsReqMessg.asn1Encode(); + + // XXX We need to revisit this to see if can't move it + // up such that FORWARDED flag set in the options + // is included in the marshaled request. + /* + * If this is based on a forwarded ticket, record that in the + * options, because the returned TgsRep will contain the + * FORWARDED flag set. + */ + if (asCreds.flags.get(KDCOptions.FORWARDED)) + options.set(KDCOptions.FORWARDED, true); + + + } + /** * Sends a TGS request to the realm of the target. * @throws KrbException diff --git a/src/share/classes/sun/security/krb5/internal/APRep.java b/src/share/classes/sun/security/krb5/internal/APRep.java index 17aeb89797c9ff57636bc6c6b7f26ec1c19bd890..53c3b58eaac2c419d7a45dc5b11b1914d39f1f48 100644 --- a/src/share/classes/sun/security/krb5/internal/APRep.java +++ b/src/share/classes/sun/security/krb5/internal/APRep.java @@ -54,81 +54,88 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class APRep { - public int pvno; - public int msgType; - public EncryptedData encPart; - public APRep(EncryptedData new_encPart) { - pvno = Krb5.PVNO; - msgType = Krb5.KRB_AP_REP; - encPart = new_encPart; - } + public int pvno; + public int msgType; + public EncryptedData encPart; - public APRep(byte[] data) throws Asn1Exception, - KrbApErrException, IOException { - init(new DerValue(data)); - } + public APRep(EncryptedData new_encPart) { + pvno = Krb5.PVNO; + msgType = Krb5.KRB_AP_REP; + encPart = new_encPart; + } + + public APRep(byte[] data) throws Asn1Exception, + KrbApErrException, IOException { + init(new DerValue(data)); + } public APRep(DerValue encoding) throws Asn1Exception, - KrbApErrException, IOException { - init(encoding); - } + KrbApErrException, IOException { + init(encoding); + } - /** - * Initializes an APRep object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data - * stream does not match the pre-defined value. - */ + /** + * Initializes an APRep object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data + * stream does not match the pre-defined value. + */ private void init(DerValue encoding) throws Asn1Exception, - KrbApErrException, IOException { + KrbApErrException, IOException { - if (((encoding.getTag() & (byte)(0x1F)) != Krb5.KRB_AP_REP) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - DerValue der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - DerValue subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x00) + } + DerValue der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + DerValue subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x01) + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != Krb5.KRB_AP_REP) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - encPart = EncryptedData.parse(der.getData(), (byte)0x02, false); - if (der.getData().available() > 0) + } + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != Krb5.KRB_AP_REP) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false); + if (der.getData().available() > 0) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + } - /** - * Encodes an APRep object. - * @return byte array of encoded APRep object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an APRep object. + * @return byte array of encoded APRep object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), encPart.asn1Encode()); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - DerOutputStream aprep = new DerOutputStream(); - aprep.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x0F), temp); - return aprep.toByteArray(); - } - + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), encPart.asn1Encode()); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + DerOutputStream aprep = new DerOutputStream(); + aprep.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x0F), temp); + return aprep.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/APReq.java b/src/share/classes/sun/security/krb5/internal/APReq.java index 328f833df6291b390ce57e427712494b2b565b21..3a1dc7c2222eeb9a69d9e2bbc7576fe63a2cee11 100644 --- a/src/share/classes/sun/security/krb5/internal/APReq.java +++ b/src/share/classes/sun/security/krb5/internal/APReq.java @@ -54,94 +54,98 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class APReq { - public int pvno; - public int msgType; - public APOptions apOptions; - public Ticket ticket; - public EncryptedData authenticator; - public APReq( - APOptions new_apOptions, - Ticket new_ticket, - EncryptedData new_authenticator - ) { - pvno = Krb5.PVNO; - msgType = Krb5.KRB_AP_REQ; - apOptions = new_apOptions; - ticket = new_ticket; - authenticator = new_authenticator; - } + public int pvno; + public int msgType; + public APOptions apOptions; + public Ticket ticket; + public EncryptedData authenticator; + + public APReq( + APOptions new_apOptions, + Ticket new_ticket, + EncryptedData new_authenticator) { + pvno = Krb5.PVNO; + msgType = Krb5.KRB_AP_REQ; + apOptions = new_apOptions; + ticket = new_ticket; + authenticator = new_authenticator; + } - public APReq(byte[] data) throws Asn1Exception,IOException, KrbApErrException, RealmException { + public APReq(byte[] data) throws Asn1Exception, IOException, KrbApErrException, RealmException { init(new DerValue(data)); - } + } public APReq(DerValue encoding) throws Asn1Exception, IOException, KrbApErrException, RealmException { - init(encoding); - } + init(encoding); + } - /** - * Initializes an APReq object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) throws Asn1Exception, - IOException, KrbApErrException, RealmException { - DerValue der, subDer; - if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_AP_REQ) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x00) + /** + * Initializes an APReq object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) throws Asn1Exception, + IOException, KrbApErrException, RealmException { + DerValue der, subDer; + if (((encoding.getTag() & (byte) 0x1F) != Krb5.KRB_AP_REQ) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x01) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != Krb5.KRB_AP_REQ) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - apOptions = APOptions.parse(der.getData(), (byte)0x02, false); - ticket = Ticket.parse(der.getData(), (byte)0x03, false); - authenticator = EncryptedData.parse(der.getData(), (byte)0x04, false); - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); } - - /** - * Encodes an APReq object. - * @return byte array of encoded APReq object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), apOptions.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), ticket.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authenticator.asn1Encode()); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - DerOutputStream apreq = new DerOutputStream(); - apreq.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x0E), temp); - return apreq.toByteArray(); - + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != Krb5.KRB_AP_REQ) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + apOptions = APOptions.parse(der.getData(), (byte) 0x02, false); + ticket = Ticket.parse(der.getData(), (byte) 0x03, false); + authenticator = EncryptedData.parse(der.getData(), (byte) 0x04, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } + /** + * Encodes an APReq object. + * @return byte array of encoded APReq object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + DerOutputStream bytes = new DerOutputStream(); + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), apOptions.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), ticket.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), authenticator.asn1Encode()); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + DerOutputStream apreq = new DerOutputStream(); + apreq.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x0E), temp); + return apreq.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/ASRep.java b/src/share/classes/sun/security/krb5/internal/ASRep.java index df0ebac655062ee4828eeae58880de2a7bb0fa92..a59811d97f9a88467fe736bc4ae03758ca77805a 100644 --- a/src/share/classes/sun/security/krb5/internal/ASRep.java +++ b/src/share/classes/sun/security/krb5/internal/ASRep.java @@ -40,30 +40,28 @@ import java.io.IOException; public class ASRep extends KDCRep { - public ASRep( - PAData[] new_pAData, - Realm new_crealm, - PrincipalName new_cname, - Ticket new_ticket, - EncryptedData new_encPart - ) throws IOException { - super(new_pAData, new_crealm, new_cname, new_ticket, - new_encPart, Krb5.KRB_AS_REP); - } + public ASRep( + PAData[] new_pAData, + Realm new_crealm, + PrincipalName new_cname, + Ticket new_ticket, + EncryptedData new_encPart) throws IOException { + super(new_pAData, new_crealm, new_cname, new_ticket, + new_encPart, Krb5.KRB_AS_REP); + } - public ASRep(byte[] data) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(new DerValue(data)); - } + public ASRep(byte[] data) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(new DerValue(data)); + } - public ASRep(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding); - } - - private void init(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding, Krb5.KRB_AS_REP); - } + public ASRep(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding); + } + private void init(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding, Krb5.KRB_AS_REP); + } } diff --git a/src/share/classes/sun/security/krb5/internal/ASReq.java b/src/share/classes/sun/security/krb5/internal/ASReq.java index 743316c6c0c9109d794165952944a0b69bb028d6..b5907398bf71a2e6804ac998ca8a6cb96080bbe5 100644 --- a/src/share/classes/sun/security/krb5/internal/ASReq.java +++ b/src/share/classes/sun/security/krb5/internal/ASReq.java @@ -36,20 +36,19 @@ import java.io.IOException; public class ASReq extends KDCReq { - public ASReq(PAData[] new_pAData, KDCReqBody new_reqBody) throws IOException { - super(new_pAData, new_reqBody, Krb5.KRB_AS_REQ); - } + public ASReq(PAData[] new_pAData, KDCReqBody new_reqBody) throws IOException { + super(new_pAData, new_reqBody, Krb5.KRB_AS_REQ); + } - public ASReq(byte[] data) throws Asn1Exception, KrbException, IOException { - init(new DerValue(data)); - } + public ASReq(byte[] data) throws Asn1Exception, KrbException, IOException { + init(new DerValue(data)); + } public ASReq(DerValue encoding) throws Asn1Exception, KrbException, IOException { - init(encoding); - } - - private void init(DerValue encoding) throws Asn1Exception, IOException, KrbException { - super.init(encoding, Krb5.KRB_AS_REQ); - } + init(encoding); + } + private void init(DerValue encoding) throws Asn1Exception, IOException, KrbException { + super.init(encoding, Krb5.KRB_AS_REQ); + } } diff --git a/src/share/classes/sun/security/krb5/internal/Authenticator.java b/src/share/classes/sun/security/krb5/internal/Authenticator.java index 57b6156c0e5e2342d09eee273dcc6baa94c7ed3e..49cf1709ee2c3bca33acc9c7a81d0c63a9a1236d 100644 --- a/src/share/classes/sun/security/krb5/internal/Authenticator.java +++ b/src/share/classes/sun/security/krb5/internal/Authenticator.java @@ -34,6 +34,7 @@ import sun.security.util.*; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 Authenticator type. * @@ -58,6 +59,7 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class Authenticator { + public int authenticator_vno; public Realm crealm; public PrincipalName cname; @@ -68,137 +70,145 @@ public class Authenticator { Integer seqNumber; //optional public AuthorizationData authorizationData; //optional - public Authenticator ( - Realm new_crealm, - PrincipalName new_cname, - Checksum new_cksum, - int new_cusec, - KerberosTime new_ctime, - EncryptionKey new_subKey, - Integer new_seqNumber, - AuthorizationData new_authorizationData - ) { - authenticator_vno = Krb5.AUTHNETICATOR_VNO; - crealm = new_crealm; - cname = new_cname; - cksum = new_cksum; - cusec = new_cusec; - ctime = new_ctime; - subKey = new_subKey; - seqNumber = new_seqNumber; - authorizationData = new_authorizationData; - } + public Authenticator( + Realm new_crealm, + PrincipalName new_cname, + Checksum new_cksum, + int new_cusec, + KerberosTime new_ctime, + EncryptionKey new_subKey, + Integer new_seqNumber, + AuthorizationData new_authorizationData) { + authenticator_vno = Krb5.AUTHNETICATOR_VNO; + crealm = new_crealm; + cname = new_cname; + cksum = new_cksum; + cusec = new_cusec; + ctime = new_ctime; + subKey = new_subKey; + seqNumber = new_seqNumber; + authorizationData = new_authorizationData; + } - public Authenticator(byte[] data) - throws Asn1Exception, IOException, KrbApErrException, RealmException { - init(new DerValue(data)); - } + public Authenticator(byte[] data) + throws Asn1Exception, IOException, KrbApErrException, RealmException { + init(new DerValue(data)); + } - public Authenticator(DerValue encoding) - throws Asn1Exception,IOException, KrbApErrException, RealmException { - init(encoding); - } + public Authenticator(DerValue encoding) + throws Asn1Exception, IOException, KrbApErrException, RealmException { + init(encoding); + } - /** - * Initializes an Authenticator object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data - * stream does not match the pre-defined value. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) - throws Asn1Exception, IOException, KrbApErrException, RealmException { - DerValue der, subDer; - //may not be the correct error code for a tag - //mismatch on an encrypted structure - if (((encoding.getTag() & (byte)0x1F) != (byte)0x02) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + /** + * Initializes an Authenticator object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data + * stream does not match the pre-defined value. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) + throws Asn1Exception, IOException, KrbApErrException, RealmException { + DerValue der, subDer; + //may not be the correct error code for a tag + //mismatch on an encrypted structure + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x02) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x00) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } authenticator_vno = subDer.getData().getBigInteger().intValue(); - if (authenticator_vno != 5) + if (authenticator_vno != 5) { throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - crealm = Realm.parse(der.getData(), (byte)0x01, false); - cname = PrincipalName.parse(der.getData(), (byte)0x02, false); - cksum = Checksum.parse(der.getData(), (byte)0x03, true); + } + crealm = Realm.parse(der.getData(), (byte) 0x01, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x02, false); + cksum = Checksum.parse(der.getData(), (byte) 0x03, true); + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == 0x04) { + cusec = subDer.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + ctime = KerberosTime.parse(der.getData(), (byte) 0x05, false); + if (der.getData().available() > 0) { + subKey = EncryptionKey.parse(der.getData(), (byte) 0x06, true); + } else { + subKey = null; + seqNumber = null; + authorizationData = null; + } + if (der.getData().available() > 0) { + if ((der.getData().peekByte() & 0x1F) == 0x07) { subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == 0x04) { - cusec = subDer.getData().getBigInteger().intValue(); - } - else throw new Asn1Exception(Krb5.ASN1_BAD_ID); - ctime = KerberosTime.parse(der.getData(), (byte)0x05, false); - if (der.getData().available() > 0) { - subKey = EncryptionKey.parse(der.getData(), (byte)0x06, true); - } - else { - subKey = null; - seqNumber = null; - authorizationData = null; - } - if (der.getData().available() > 0) { - if ((der.getData().peekByte() & 0x1F) == 0x07) { - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x07) - seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); - } + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x07) { + seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); } - else { - seqNumber = null; - authorizationData = null; - } - if (der.getData().available() > 0) { - authorizationData = AuthorizationData.parse(der.getData(), (byte)0x08, true); - } - else authorizationData = null; - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } else { + seqNumber = null; + authorizationData = null; + } + if (der.getData().available() > 0) { + authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x08, true); + } else { + authorizationData = null; + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + } - /** - * Encodes an Authenticator object. - * @return byte array of encoded Authenticator object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - Vector v = new Vector (); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(authenticator_vno)); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp.toByteArray())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), crealm.asn1Encode())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.asn1Encode())); - if (cksum != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), cksum.asn1Encode())); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(cusec)); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), temp.toByteArray())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), ctime.asn1Encode())); - if (subKey != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), subKey.asn1Encode())); - if (seqNumber != null) { - temp = new DerOutputStream(); - // encode as an unsigned integer (UInt32) - temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), temp.toByteArray())); - } - if (authorizationData != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), authorizationData.asn1Encode())); - DerValue der[] = new DerValue[v.size()]; - v.copyInto(der); - temp = new DerOutputStream(); - temp.putSequence(der); - DerOutputStream out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x02), temp); - return out.toByteArray(); + /** + * Encodes an Authenticator object. + * @return byte array of encoded Authenticator object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + Vector v = new Vector(); + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(authenticator_vno)); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode())); + if (cksum != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode())); + } + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(cusec)); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), temp.toByteArray())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), ctime.asn1Encode())); + if (subKey != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), subKey.asn1Encode())); } + if (seqNumber != null) { + temp = new DerOutputStream(); + // encode as an unsigned integer (UInt32) + temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), temp.toByteArray())); + } + if (authorizationData != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), authorizationData.asn1Encode())); + } + DerValue der[] = new DerValue[v.size()]; + v.copyInto(der); + temp = new DerOutputStream(); + temp.putSequence(der); + DerOutputStream out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x02), temp); + return out.toByteArray(); + } public final Checksum getChecksum() { return cksum; @@ -211,5 +221,4 @@ public class Authenticator { public final EncryptionKey getSubKey() { return subKey; } - } diff --git a/src/share/classes/sun/security/krb5/internal/AuthorizationData.java b/src/share/classes/sun/security/krb5/internal/AuthorizationData.java index d6f04d748b521c1a3e0ca14cd5fb7830721eec28..269edec71a1500d9843a2f3186253227fd404312 100644 --- a/src/share/classes/sun/security/krb5/internal/AuthorizationData.java +++ b/src/share/classes/sun/security/krb5/internal/AuthorizationData.java @@ -53,82 +53,81 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream; * } */ public class AuthorizationData implements Cloneable { - private AuthorizationDataEntry[] entry = null; - private AuthorizationData() { - } + private AuthorizationDataEntry[] entry = null; + + private AuthorizationData() { + } - public AuthorizationData( - AuthorizationDataEntry[] new_entries - ) throws IOException { - if (new_entries != null) { - entry = new AuthorizationDataEntry[new_entries.length]; - for (int i = 0; i < new_entries.length; i++) { - if (new_entries[i] == null) { - throw new IOException("Cannot create an AuthorizationData"); - } else { - entry[i] = (AuthorizationDataEntry)new_entries[i].clone(); - } - } + public AuthorizationData(AuthorizationDataEntry[] new_entries) + throws IOException { + if (new_entries != null) { + entry = new AuthorizationDataEntry[new_entries.length]; + for (int i = 0; i < new_entries.length; i++) { + if (new_entries[i] == null) { + throw new IOException("Cannot create an AuthorizationData"); + } else { + entry[i] = (AuthorizationDataEntry) new_entries[i].clone(); } + } } + } - public AuthorizationData( - AuthorizationDataEntry new_entry - ) { - entry = new AuthorizationDataEntry[1]; - entry[0] = new_entry; - } + public AuthorizationData(AuthorizationDataEntry new_entry) { + entry = new AuthorizationDataEntry[1]; + entry[0] = new_entry; + } - public Object clone() { - AuthorizationData new_authorizationData = - new AuthorizationData(); - if (entry != null) { - new_authorizationData.entry = - new AuthorizationDataEntry[entry.length]; - for (int i = 0; i < entry.length; i++) - new_authorizationData.entry[i] = - (AuthorizationDataEntry)entry[i].clone(); - } - return new_authorizationData; + public Object clone() { + AuthorizationData new_authorizationData = + new AuthorizationData(); + if (entry != null) { + new_authorizationData.entry = + new AuthorizationDataEntry[entry.length]; + for (int i = 0; i < entry.length; i++) { + new_authorizationData.entry[i] = + (AuthorizationDataEntry) entry[i].clone(); + } } + return new_authorizationData; + } - /** - * Constructs a new AuthorizationData, instance. - * @param der a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public AuthorizationData(DerValue der) throws Asn1Exception, IOException { - Vector v = - new Vector (); - if (der.getTag() != DerValue.tag_Sequence) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - while (der.getData().available() > 0) { - v.addElement(new AuthorizationDataEntry(der.getData().getDerValue())); - } - if (v.size() > 0) { - entry = new AuthorizationDataEntry[v.size()]; - v.copyInto(entry); - } + /** + * Constructs a new AuthorizationData, instance. + * @param der a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public AuthorizationData(DerValue der) throws Asn1Exception, IOException { + Vector v = + new Vector(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + while (der.getData().available() > 0) { + v.addElement(new AuthorizationDataEntry(der.getData().getDerValue())); } + if (v.size() > 0) { + entry = new AuthorizationDataEntry[v.size()]; + v.copyInto(entry); + } + } - /** - * Encodes an AuthorizationData object. - * @return byte array of encoded AuthorizationData object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - DerOutputStream bytes = new DerOutputStream(); - DerValue der[] = new DerValue[entry.length]; - for (int i = 0; i < entry.length; i++) { - der[i] = new DerValue(entry[i].asn1Encode()); - } - bytes.putSequence(der); - return bytes.toByteArray(); + /** + * Encodes an AuthorizationData object. + * @return byte array of encoded AuthorizationData object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + DerOutputStream bytes = new DerOutputStream(); + DerValue der[] = new DerValue[entry.length]; + for (int i = 0; i < entry.length; i++) { + der[i] = new DerValue(entry[i].asn1Encode()); } + bytes.putSequence(der); + return bytes.toByteArray(); + } /** * Parse (unmarshal) an AuthorizationData object from a DER input stream. @@ -143,31 +142,30 @@ public class AuthorizationData implements Cloneable { * @return an instance of AuthorizationData. * */ - public static AuthorizationData parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException{ - if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) { - return null; - } - DerValue der = data.getDerValue(); - if (explicitTag != (der.getTag() & (byte)0x1F)) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - else { - DerValue subDer = der.getData().getDerValue(); - return new AuthorizationData(subDer); - } + public static AuthorizationData parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException { + if ((optional) && (((byte) data.peekByte() & (byte) 0x1F) != explicitTag)) { + return null; + } + DerValue der = data.getDerValue(); + if (explicitTag != (der.getTag() & (byte) 0x1F)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } else { + DerValue subDer = der.getData().getDerValue(); + return new AuthorizationData(subDer); } + } - /** - * Writes AuthorizationData data fields to a output stream. - * - * @param cos a CCacheOutputStream to be written to. - * @exception IOException if an I/O exception occurs. - */ - public void writeAuth(CCacheOutputStream cos) throws IOException { - for (int i = 0; i < entry.length; i++) { - entry[i].writeEntry(cos); - } + /** + * Writes AuthorizationData data fields to a output stream. + * + * @param cos a CCacheOutputStream to be written to. + * @exception IOException if an I/O exception occurs. + */ + public void writeAuth(CCacheOutputStream cos) throws IOException { + for (int i = 0; i < entry.length; i++) { + entry[i].writeEntry(cos); } + } public String toString() { String retVal = "AuthorizationData:\n"; diff --git a/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java b/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java index 3ad64576175750ed08dbb0ca8f6b94bbdd6e4465..e159c85fc00947bec63608e1b5aaaa3bcccf6a30 100644 --- a/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java +++ b/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java @@ -35,90 +35,90 @@ import sun.security.krb5.Asn1Exception; import sun.security.krb5.internal.ccache.CCacheOutputStream; public class AuthorizationDataEntry implements Cloneable { - public int adType; - public byte[] adData; - private AuthorizationDataEntry() { - } + public int adType; + public byte[] adData; - public AuthorizationDataEntry( - int new_adType, - byte[] new_adData - ) { - adType = new_adType; - adData = new_adData; - } + private AuthorizationDataEntry() { + } + + public AuthorizationDataEntry( + int new_adType, + byte[] new_adData) { + adType = new_adType; + adData = new_adData; + } - public Object clone() { - AuthorizationDataEntry new_authorizationDataEntry = - new AuthorizationDataEntry(); - new_authorizationDataEntry.adType = adType; - if (adData != null) { - new_authorizationDataEntry.adData = new byte[adData.length]; - System.arraycopy(adData, 0, - new_authorizationDataEntry.adData, 0, adData.length); - } - return new_authorizationDataEntry; + public Object clone() { + AuthorizationDataEntry new_authorizationDataEntry = + new AuthorizationDataEntry(); + new_authorizationDataEntry.adType = adType; + if (adData != null) { + new_authorizationDataEntry.adData = new byte[adData.length]; + System.arraycopy(adData, 0, + new_authorizationDataEntry.adData, 0, adData.length); } + return new_authorizationDataEntry; + } - /** - * Constructs an instance of AuthorizationDataEntry. - * @param encoding a single DER-encoded value. - */ - public AuthorizationDataEntry(DerValue encoding) throws Asn1Exception, IOException { - DerValue der; + /** + * Constructs an instance of AuthorizationDataEntry. + * @param encoding a single DER-encoded value. + */ + public AuthorizationDataEntry(DerValue encoding) throws Asn1Exception, IOException { + DerValue der; if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - der = encoding.getData().getDerValue(); - if ((der.getTag() & (byte)0x1F) == (byte)0x00) { - adType = der.getData().getBigInteger().intValue(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } der = encoding.getData().getDerValue(); - if ((der.getTag() & (byte)0x1F) == (byte)0x01) { - adData = der.getData().getOctetString(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - if (encoding.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + if ((der.getTag() & (byte) 0x1F) == (byte) 0x00) { + adType = der.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if ((der.getTag() & (byte) 0x1F) == (byte) 0x01) { + adData = der.getData().getOctetString(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if (encoding.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an AuthorizationDataEntry object. - * @return byte array of encoded AuthorizationDataEntry object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an AuthorizationDataEntry object. + * @return byte array of encoded AuthorizationDataEntry object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(adType); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putOctetString(adData); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - return temp.toByteArray(); - } + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(adType); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putOctetString(adData); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + return temp.toByteArray(); + } - /** - * Writes the entry's data fields in FCC format to an output stream. - * - * @param cos a CCacheOutputStream. - * @exception IOException if an I/O exception occurs. - */ - public void writeEntry(CCacheOutputStream cos) throws IOException { - cos.write16(adType); - cos.write32(adData.length); - cos.write(adData, 0, adData.length); - } + /** + * Writes the entry's data fields in FCC format to an output stream. + * + * @param cos a CCacheOutputStream. + * @exception IOException if an I/O exception occurs. + */ + public void writeEntry(CCacheOutputStream cos) throws IOException { + cos.write16(adType); + cos.write32(adData.length); + cos.write(adData, 0, adData.length); + } public String toString() { return ("adType=" + adType + " adData.length=" + adData.length); } - } diff --git a/src/share/classes/sun/security/krb5/internal/ETypeInfo2.java b/src/share/classes/sun/security/krb5/internal/ETypeInfo2.java index 110e38b080667545709f475ec453f6a331eb6d8d..30bf4dfb3c9ee49a9853408a555e64e301944280 100644 --- a/src/share/classes/sun/security/krb5/internal/ETypeInfo2.java +++ b/src/share/classes/sun/security/krb5/internal/ETypeInfo2.java @@ -100,16 +100,16 @@ public class ETypeInfo2 { // salt if (encoding.getData().available() > 0) { - der = encoding.getData().getDerValue(); - if ((der.getTag() & 0x1F) == 0x01) { + if ((encoding.getData().peekByte() & 0x1F) == 0x01) { + der = encoding.getData().getDerValue(); this.saltStr = der.getData().getGeneralString(); } } // s2kparams if (encoding.getData().available() > 0) { - der = encoding.getData().getDerValue(); - if ((der.getTag() & 0x1F) == 0x02) { + if ((encoding.getData().peekByte() & 0x1F) == 0x02) { + der = encoding.getData().getDerValue(); this.s2kparams = der.getData().getOctetString(); } } diff --git a/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java b/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java index 1d3381797e04bbaf89fe93690ceb182dc5463e77..b3dcf144159854736fa264c9aad8036f46c45758 100644 --- a/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java @@ -55,102 +55,111 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncAPRepPart { - public KerberosTime ctime; - public int cusec; + + public KerberosTime ctime; + public int cusec; EncryptionKey subKey; //optional Integer seqNumber; //optional - public EncAPRepPart( - KerberosTime new_ctime, - int new_cusec, - EncryptionKey new_subKey, - Integer new_seqNumber - ) { - ctime = new_ctime; - cusec = new_cusec; - subKey = new_subKey; - seqNumber = new_seqNumber; - } + public EncAPRepPart( + KerberosTime new_ctime, + int new_cusec, + EncryptionKey new_subKey, + Integer new_seqNumber) { + ctime = new_ctime; + cusec = new_cusec; + subKey = new_subKey; + seqNumber = new_seqNumber; + } - public EncAPRepPart(byte[] data) - throws Asn1Exception, IOException { - init(new DerValue(data)); - } + public EncAPRepPart(byte[] data) + throws Asn1Exception, IOException { + init(new DerValue(data)); + } - public EncAPRepPart(DerValue encoding) - throws Asn1Exception, IOException { - init(encoding); - } + public EncAPRepPart(DerValue encoding) + throws Asn1Exception, IOException { + init(encoding); + } - /** - * Initializes an EncaPRepPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - private void init(DerValue encoding) throws Asn1Exception, IOException { - DerValue der, subDer; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x1B) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + /** + * Initializes an EncaPRepPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + private void init(DerValue encoding) throws Asn1Exception, IOException { + DerValue der, subDer; + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1B) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + ctime = KerberosTime.parse(der.getData(), (byte) 0x00, true); + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x01) { + cusec = subDer.getData().getBigInteger().intValue(); + } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - ctime = KerberosTime.parse(der.getData(), (byte)0x00, true); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x01) { - cusec = subDer.getData().getBigInteger().intValue(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - if (der.getData().available() > 0) { - subKey = EncryptionKey.parse(der.getData(), (byte)0x02, true); - } - else { - subKey = null; - seqNumber = null; - } - if (der.getData().available() > 0) { - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) != 0x03) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); - } - else seqNumber = null; - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + if (der.getData().available() > 0) { + subKey = EncryptionKey.parse(der.getData(), (byte) 0x02, true); + } else { + subKey = null; + seqNumber = null; + } + if (der.getData().available() > 0) { + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) != 0x03) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); + } else { + seqNumber = null; + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an EncAPRepPart object. - * @return byte array of encoded EncAPRepPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException{ - Vector v = new Vector (); + /** + * Encodes an EncAPRepPart object. + * @return byte array of encoded EncAPRepPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + Vector v = new Vector(); DerOutputStream temp = new DerOutputStream(); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), ctime.asn1Encode())); - temp.putInteger(BigInteger.valueOf(cusec)); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp.toByteArray())); - if (subKey != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), subKey.asn1Encode())); - if (seqNumber != null) { - temp = new DerOutputStream(); - // encode as an unsigned integer (UInt32) - temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp.toByteArray())); - } - DerValue der[] = new DerValue[v.size()]; - v.copyInto(der); - temp = new DerOutputStream(); - temp.putSequence(der); - DerOutputStream out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1B), temp); - return out.toByteArray(); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), ctime.asn1Encode())); + temp.putInteger(BigInteger.valueOf(cusec)); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp.toByteArray())); + if (subKey != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), subKey.asn1Encode())); + } + if (seqNumber != null) { + temp = new DerOutputStream(); + // encode as an unsigned integer (UInt32) + temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), temp.toByteArray())); } + DerValue der[] = new DerValue[v.size()]; + v.copyInto(der); + temp = new DerOutputStream(); + temp.putSequence(der); + DerOutputStream out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x1B), temp); + return out.toByteArray(); + } public final EncryptionKey getSubKey() { return subKey; @@ -159,5 +168,4 @@ public class EncAPRepPart { public final Integer getSeqNumber() { return seqNumber; } - } diff --git a/src/share/classes/sun/security/krb5/internal/EncASRepPart.java b/src/share/classes/sun/security/krb5/internal/EncASRepPart.java index b5526e8014d5260c55c8a4ca69626cd9b919b25e..b71238fef5110bd30e5a19eb328a3f4cf23aa042 100644 --- a/src/share/classes/sun/security/krb5/internal/EncASRepPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncASRepPart.java @@ -36,57 +36,55 @@ import java.io.IOException; public class EncASRepPart extends EncKDCRepPart { - public EncASRepPart( - EncryptionKey new_key, - LastReq new_lastReq, - int new_nonce, - KerberosTime new_keyExpiration, - TicketFlags new_flags, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - Realm new_srealm, - PrincipalName new_sname, - HostAddresses new_caddr - ) { - super( - new_key, - new_lastReq, - new_nonce, - new_keyExpiration, - new_flags, - new_authtime, - new_starttime, - new_endtime, - new_renewTill, - new_srealm, - new_sname, - new_caddr, - Krb5.KRB_ENC_AS_REP_PART - //may need to use Krb5.KRB_ENC_TGS_REP_PART to mimic - //behavior of other implementaions, instead of above + public EncASRepPart( + EncryptionKey new_key, + LastReq new_lastReq, + int new_nonce, + KerberosTime new_keyExpiration, + TicketFlags new_flags, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + Realm new_srealm, + PrincipalName new_sname, + HostAddresses new_caddr) { + super( + new_key, + new_lastReq, + new_nonce, + new_keyExpiration, + new_flags, + new_authtime, + new_starttime, + new_endtime, + new_renewTill, + new_srealm, + new_sname, + new_caddr, + Krb5.KRB_ENC_AS_REP_PART ); - } + //may need to use Krb5.KRB_ENC_TGS_REP_PART to mimic + //behavior of other implementaions, instead of above + } - public EncASRepPart(byte[] data) throws Asn1Exception, - IOException, KrbException { - init(new DerValue(data)); - } + public EncASRepPart(byte[] data) throws Asn1Exception, + IOException, KrbException { + init(new DerValue(data)); + } - public EncASRepPart(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding); - } + public EncASRepPart(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding); + } - private void init(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding, Krb5.KRB_ENC_AS_REP_PART); - } - - public byte[] asn1Encode() throws Asn1Exception, - IOException { - return asn1Encode(Krb5.KRB_ENC_AS_REP_PART); - } + private void init(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding, Krb5.KRB_ENC_AS_REP_PART); + } + public byte[] asn1Encode() throws Asn1Exception, + IOException { + return asn1Encode(Krb5.KRB_ENC_AS_REP_PART); + } } diff --git a/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java b/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java index 35081a0051cd8459bffec558fdf9a8922001b359..e7723a41c4236dce939871a8b41ab5a0bdae739e 100644 --- a/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java @@ -36,6 +36,7 @@ import sun.security.util.*; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 EncKDCRepPart type. * @@ -63,143 +64,163 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncKDCRepPart { - public EncryptionKey key; - public LastReq lastReq; - public int nonce; - public KerberosTime keyExpiration; //optional - public TicketFlags flags; - public KerberosTime authtime; - public KerberosTime starttime; //optional - public KerberosTime endtime; - public KerberosTime renewTill; //optional - public Realm srealm; - public PrincipalName sname; - public HostAddresses caddr; //optional - public int msgType; //not included in sequence - public EncKDCRepPart( - EncryptionKey new_key, - LastReq new_lastReq, - int new_nonce, - KerberosTime new_keyExpiration, - TicketFlags new_flags, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - Realm new_srealm, - PrincipalName new_sname, - HostAddresses new_caddr, - int new_msgType - ) { - key = new_key; - lastReq = new_lastReq; - nonce = new_nonce; - keyExpiration = new_keyExpiration; - flags = new_flags; - authtime = new_authtime; - starttime = new_starttime; - endtime = new_endtime; - renewTill = new_renewTill; - srealm = new_srealm; - sname = new_sname; - caddr = new_caddr; - msgType = new_msgType; - } + public EncryptionKey key; + public LastReq lastReq; + public int nonce; + public KerberosTime keyExpiration; //optional + public TicketFlags flags; + public KerberosTime authtime; + public KerberosTime starttime; //optional + public KerberosTime endtime; + public KerberosTime renewTill; //optional + public Realm srealm; + public PrincipalName sname; + public HostAddresses caddr; //optional + public int msgType; //not included in sequence - public EncKDCRepPart() { - } + public EncKDCRepPart( + EncryptionKey new_key, + LastReq new_lastReq, + int new_nonce, + KerberosTime new_keyExpiration, + TicketFlags new_flags, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + Realm new_srealm, + PrincipalName new_sname, + HostAddresses new_caddr, + int new_msgType) { + key = new_key; + lastReq = new_lastReq; + nonce = new_nonce; + keyExpiration = new_keyExpiration; + flags = new_flags; + authtime = new_authtime; + starttime = new_starttime; + endtime = new_endtime; + renewTill = new_renewTill; + srealm = new_srealm; + sname = new_sname; + caddr = new_caddr; + msgType = new_msgType; + } - public EncKDCRepPart(byte[] data, int rep_type) - throws Asn1Exception, IOException, RealmException{ - init(new DerValue(data), rep_type); - } + public EncKDCRepPart() { + } - public EncKDCRepPart(DerValue encoding, int rep_type) - throws Asn1Exception, IOException, RealmException - { - init(encoding, rep_type); - } + public EncKDCRepPart(byte[] data, int rep_type) + throws Asn1Exception, IOException, RealmException { + init(new DerValue(data), rep_type); + } + + public EncKDCRepPart(DerValue encoding, int rep_type) + throws Asn1Exception, IOException, RealmException { + init(encoding, rep_type); + } - /** - * Initializes an EncKDCRepPart object. - * - * @param encoding a single DER-encoded value. - * @param rep_type type of the encrypted reply message. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while decoding an Realm object. - */ - protected void init(DerValue encoding, int rep_type) - throws Asn1Exception, IOException, RealmException - { - DerValue der, subDer; - //implementations return the incorrect tag value, so - //we don't use the above line; instead we use the following - msgType = (encoding.getTag() & (byte)0x1F); + /** + * Initializes an EncKDCRepPart object. + * + * @param encoding a single DER-encoded value. + * @param rep_type type of the encrypted reply message. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while decoding an Realm object. + */ + protected void init(DerValue encoding, int rep_type) + throws Asn1Exception, IOException, RealmException { + DerValue der, subDer; + //implementations return the incorrect tag value, so + //we don't use the above line; instead we use the following + msgType = (encoding.getTag() & (byte) 0x1F); if (msgType != Krb5.KRB_ENC_AS_REP_PART && - msgType != Krb5.KRB_ENC_TGS_REP_PART) + msgType != Krb5.KRB_ENC_TGS_REP_PART) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + } + key = EncryptionKey.parse(der.getData(), (byte) 0x00, false); + lastReq = LastReq.parse(der.getData(), (byte) 0x01, false); + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) { + nonce = subDer.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true); + flags = TicketFlags.parse(der.getData(), (byte) 0x04, false); + authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); + starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); + endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); + renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); + srealm = Realm.parse(der.getData(), (byte) 0x09, false); + sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false); + if (der.getData().available() > 0) { + caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true); + } + if (der.getData().available() > 0) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - key = EncryptionKey.parse(der.getData(), (byte)0x00, false); - lastReq = LastReq.parse(der.getData(), (byte)0x01, false); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x02) - nonce = subDer.getData().getBigInteger().intValue(); - else throw new Asn1Exception(Krb5.ASN1_BAD_ID); - keyExpiration = KerberosTime.parse(der.getData(), (byte)0x03, true); - flags = TicketFlags.parse(der.getData(), (byte)0x04, false); - authtime = KerberosTime.parse(der.getData(), (byte)0x05, false); - starttime = KerberosTime.parse(der.getData(), (byte)0x06, true); - endtime = KerberosTime.parse(der.getData(), (byte)0x07, false); - renewTill = KerberosTime.parse(der.getData(), (byte)0x08, true); - srealm = Realm.parse(der.getData(), (byte)0x09, false); - sname = PrincipalName.parse(der.getData(), (byte)0x0A, false); - if (der.getData().available() > 0) - caddr = HostAddresses.parse(der.getData(), (byte)0x0B, true); - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + } - /** - * Encodes an EncKDCRepPart object. - * @param rep_type type of encrypted reply message. - * @return byte array of encoded EncKDCRepPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode(int rep_type) throws Asn1Exception, - IOException { + /** + * Encodes an EncKDCRepPart object. + * @param rep_type type of encrypted reply message. + * @return byte array of encoded EncKDCRepPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode(int rep_type) throws Asn1Exception, + IOException { DerOutputStream temp = new DerOutputStream(); DerOutputStream bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), lastReq.asn1Encode()); - temp.putInteger(BigInteger.valueOf(nonce)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), key.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), lastReq.asn1Encode()); + temp.putInteger(BigInteger.valueOf(nonce)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), temp); - if (keyExpiration != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), keyExpiration.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), flags.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), authtime.asn1Encode()); - if (starttime != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), starttime.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), endtime.asn1Encode()); - if (renewTill != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), renewTill.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), srealm.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode()); - if (caddr != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0B), caddr.asn1Encode()); - //should use the rep_type to build the encoding - //but other implementations do not; it is ignored and - //the cached msgType is used instead - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)msgType), temp); - return bytes.toByteArray(); + if (keyExpiration != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), keyExpiration.asn1Encode()); } - + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), flags.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), authtime.asn1Encode()); + if (starttime != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x06), starttime.asn1Encode()); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x07), endtime.asn1Encode()); + if (renewTill != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x08), renewTill.asn1Encode()); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x09), srealm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x0A), sname.asn1Encode()); + if (caddr != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x0B), caddr.asn1Encode()); + } + //should use the rep_type to build the encoding + //but other implementations do not; it is ignored and + //the cached msgType is used instead + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) msgType), temp); + return bytes.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java b/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java index f37f252bbaa1d3ac8556b484ebb67795a8a3a3bd..c5acf6d2b1c8ef02c538a1b39301521f37745efe 100644 --- a/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java @@ -36,6 +36,7 @@ import sun.security.krb5.RealmException; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 EncKrbCredPart type. * @@ -57,148 +58,158 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncKrbCredPart { - public KrbCredInfo[] ticketInfo = null; - public KerberosTime timeStamp; //optional - private Integer nonce; //optional - private Integer usec; //optional - private HostAddress sAddress; //optional - private HostAddresses rAddress; //optional + public KrbCredInfo[] ticketInfo = null; + public KerberosTime timeStamp; //optional + private Integer nonce; //optional + private Integer usec; //optional + private HostAddress sAddress; //optional + private HostAddresses rAddress; //optional - public EncKrbCredPart( - KrbCredInfo[] new_ticketInfo, - KerberosTime new_timeStamp, - Integer new_usec, - Integer new_nonce, - HostAddress new_sAddress, - HostAddresses new_rAddress - ) throws IOException { - if (new_ticketInfo != null) { - ticketInfo = new KrbCredInfo[new_ticketInfo.length]; - for (int i = 0; i < new_ticketInfo.length; i++) { - if (new_ticketInfo[i] == null) { - throw new IOException("Cannot create a EncKrbCredPart"); - } else { - ticketInfo[i] = (KrbCredInfo)new_ticketInfo[i].clone(); - } - } + public EncKrbCredPart( + KrbCredInfo[] new_ticketInfo, + KerberosTime new_timeStamp, + Integer new_usec, + Integer new_nonce, + HostAddress new_sAddress, + HostAddresses new_rAddress) throws IOException { + if (new_ticketInfo != null) { + ticketInfo = new KrbCredInfo[new_ticketInfo.length]; + for (int i = 0; i < new_ticketInfo.length; i++) { + if (new_ticketInfo[i] == null) { + throw new IOException("Cannot create a EncKrbCredPart"); + } else { + ticketInfo[i] = (KrbCredInfo) new_ticketInfo[i].clone(); } - timeStamp = new_timeStamp; - usec = new_usec; - nonce = new_nonce; - sAddress = new_sAddress; - rAddress = new_rAddress; + } } + timeStamp = new_timeStamp; + usec = new_usec; + nonce = new_nonce; + sAddress = new_sAddress; + rAddress = new_rAddress; + } - public EncKrbCredPart(byte[] data) throws Asn1Exception, - IOException, RealmException { - init(new DerValue(data)); - } + public EncKrbCredPart(byte[] data) throws Asn1Exception, + IOException, RealmException { + init(new DerValue(data)); + } - public EncKrbCredPart(DerValue encoding) throws Asn1Exception, - IOException, RealmException { - init(encoding); - } + public EncKrbCredPart(DerValue encoding) throws Asn1Exception, + IOException, RealmException { + init(encoding); + } - /** - * Initializes an EncKrbCredPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) throws Asn1Exception, - IOException, RealmException { - DerValue der, subDer; - //may not be the correct error code for a tag - //mismatch on an encrypted structure - nonce = null; - timeStamp = null; - usec= null; + /** + * Initializes an EncKrbCredPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) throws Asn1Exception, + IOException, RealmException { + DerValue der, subDer; + //may not be the correct error code for a tag + //mismatch on an encrypted structure + nonce = null; + timeStamp = null; + usec = null; sAddress = null; rAddress = null; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x1D) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1D) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (der.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x00) { + DerValue derValues[] = subDer.getData().getSequence(1); + ticketInfo = new KrbCredInfo[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + ticketInfo[i] = new KrbCredInfo(derValues[i]); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if (der.getData().available() > 0) { + if (((byte) (der.getData().peekByte()) & (byte) 0x1F) == (byte) 0x01) { subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x00) { - DerValue derValues[] = subDer.getData().getSequence(1); - ticketInfo = new KrbCredInfo[derValues.length]; - for (int i = 0; i < derValues.length; i++) { - ticketInfo[i] = new KrbCredInfo(derValues[i]); - } - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - if (der.getData().available() > 0) { - if (((byte)(der.getData().peekByte()) & (byte)0x1F) == (byte)0x01) { - subDer = der.getData().getDerValue(); - nonce = new Integer(subDer.getData().getBigInteger().intValue()); - } - } - if (der.getData().available() >0) { - timeStamp = KerberosTime.parse(der.getData(), (byte)0x02, true); - } - if (der.getData().available() >0) { - if (((byte)(der.getData().peekByte()) & (byte)0x1F) == (byte)0x03) { - subDer = der.getData().getDerValue(); - usec = new Integer(subDer.getData().getBigInteger().intValue()); - } - } - if (der.getData().available() >0) { - sAddress = HostAddress.parse(der.getData(), (byte)0x04, true); - } - if (der.getData().available() >0) { - rAddress = HostAddresses.parse(der.getData(), (byte)0x05, true); - } - if (der.getData().available() >0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + nonce = new Integer(subDer.getData().getBigInteger().intValue()); + } + } + if (der.getData().available() > 0) { + timeStamp = KerberosTime.parse(der.getData(), (byte) 0x02, true); + } + if (der.getData().available() > 0) { + if (((byte) (der.getData().peekByte()) & (byte) 0x1F) == (byte) 0x03) { + subDer = der.getData().getDerValue(); + usec = new Integer(subDer.getData().getBigInteger().intValue()); + } + } + if (der.getData().available() > 0) { + sAddress = HostAddress.parse(der.getData(), (byte) 0x04, true); + } + if (der.getData().available() > 0) { + rAddress = HostAddresses.parse(der.getData(), (byte) 0x05, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + } - /** - * Encodes an EncKrbCredPart object. - * @return byte array of encoded EncKrbCredPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * - */ - public byte[] asn1Encode() throws Asn1Exception, IOException{ + /** + * Encodes an EncKrbCredPart object. + * @return byte array of encoded EncKrbCredPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - DerValue[] tickets = new DerValue[ticketInfo.length]; - for (int i = 0; i < ticketInfo.length; i++) - tickets[i] = new DerValue(ticketInfo[i].asn1Encode()); - temp.putSequence(tickets); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); + DerOutputStream temp = new DerOutputStream(); + DerValue[] tickets = new DerValue[ticketInfo.length]; + for (int i = 0; i < ticketInfo.length; i++) { + tickets[i] = new DerValue(ticketInfo[i].asn1Encode()); + } + temp.putSequence(tickets); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), temp); - if (nonce != null) { + if (nonce != null) { temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(nonce.intValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - } + temp.putInteger(BigInteger.valueOf(nonce.intValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + } if (timeStamp != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), timeStamp.asn1Encode()); - } - if (usec != null) { - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(usec.intValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp); - } - if (sAddress != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), sAddress.asn1Encode()); - } - if (rAddress != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), rAddress.asn1Encode()); - } - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1D), temp); - return bytes.toByteArray(); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), timeStamp.asn1Encode()); + } + if (usec != null) { + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(usec.intValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), temp); + } + if (sAddress != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), sAddress.asn1Encode()); + } + if (rAddress != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), rAddress.asn1Encode()); } + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x1D), temp); + return bytes.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java b/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java index e4ed50b4ba1cf382d960f2f64f06c173ea098a0f..292dd58be3b442acbf177c5192365cf42adb254c 100644 --- a/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java @@ -55,114 +55,119 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class EncKrbPrivPart { - public byte[] userData = null; - public KerberosTime timestamp; //optional - public Integer usec; //optional - public Integer seqNumber; //optional - public HostAddress sAddress; //optional - public HostAddress rAddress; //optional - public EncKrbPrivPart( - byte[] new_userData, - KerberosTime new_timestamp, - Integer new_usec, - Integer new_seqNumber, - HostAddress new_sAddress, - HostAddress new_rAddress - ) { - if (new_userData != null) { - userData = new_userData.clone(); - } - timestamp = new_timestamp; - usec = new_usec; - seqNumber = new_seqNumber; - sAddress = new_sAddress; - rAddress = new_rAddress; - } + public byte[] userData = null; + public KerberosTime timestamp; //optional + public Integer usec; //optional + public Integer seqNumber; //optional + public HostAddress sAddress; //optional + public HostAddress rAddress; //optional - public EncKrbPrivPart(byte[] data) throws Asn1Exception, IOException { - init(new DerValue(data)); + public EncKrbPrivPart( + byte[] new_userData, + KerberosTime new_timestamp, + Integer new_usec, + Integer new_seqNumber, + HostAddress new_sAddress, + HostAddress new_rAddress) { + if (new_userData != null) { + userData = new_userData.clone(); } + timestamp = new_timestamp; + usec = new_usec; + seqNumber = new_seqNumber; + sAddress = new_sAddress; + rAddress = new_rAddress; + } - public EncKrbPrivPart(DerValue encoding) throws Asn1Exception, IOException { - init(encoding); - } + public EncKrbPrivPart(byte[] data) throws Asn1Exception, IOException { + init(new DerValue(data)); + } + + public EncKrbPrivPart(DerValue encoding) throws Asn1Exception, IOException { + init(encoding); + } - /** - * Initializes an EncKrbPrivPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - private void init(DerValue encoding) throws Asn1Exception, IOException { + /** + * Initializes an EncKrbPrivPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + private void init(DerValue encoding) throws Asn1Exception, IOException { DerValue der, subDer; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x1C) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1C) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x00) { + userData = subDer.getData().getOctetString(); + } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x00) { - userData = subDer.getData().getOctetString(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - timestamp = KerberosTime.parse(der.getData(), (byte)0x01, true); - if ((der.getData().peekByte() & 0x1F) == 0x02) { - subDer = der.getData().getDerValue(); - usec = new Integer(subDer.getData().getBigInteger().intValue()); - } - else usec = null; - if ((der.getData().peekByte() & 0x1F) == 0x03 ) { - subDer = der.getData().getDerValue(); - seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); - } - else seqNumber = null; - sAddress = HostAddress.parse(der.getData(), (byte)0x04, false); - if (der.getData().available() > 0) { - rAddress = HostAddress.parse(der.getData(), (byte)0x05, true); - } - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + timestamp = KerberosTime.parse(der.getData(), (byte) 0x01, true); + if ((der.getData().peekByte() & 0x1F) == 0x02) { + subDer = der.getData().getDerValue(); + usec = new Integer(subDer.getData().getBigInteger().intValue()); + } else { + usec = null; + } + if ((der.getData().peekByte() & 0x1F) == 0x03) { + subDer = der.getData().getDerValue(); + seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); + } else { + seqNumber = null; + } + sAddress = HostAddress.parse(der.getData(), (byte) 0x04, false); + if (der.getData().available() > 0) { + rAddress = HostAddress.parse(der.getData(), (byte) 0x05, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an EncKrbPrivPart object. - * @return byte array of encoded EncKrbPrivPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an EncKrbPrivPart object. + * @return byte array of encoded EncKrbPrivPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream temp = new DerOutputStream(); DerOutputStream bytes = new DerOutputStream(); - temp.putOctetString(userData); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - if (timestamp != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), timestamp.asn1Encode()); - if (usec != null) { - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(usec.intValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); - } - if (seqNumber != null) { - temp = new DerOutputStream(); - // encode as an unsigned integer (UInt32) - temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp); - } - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), sAddress.asn1Encode()); - if (rAddress != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), rAddress.asn1Encode()); - } - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1C), temp); - return bytes.toByteArray(); + temp.putOctetString(userData); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + if (timestamp != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), timestamp.asn1Encode()); + } + if (usec != null) { + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(usec.intValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), temp); + } + if (seqNumber != null) { + temp = new DerOutputStream(); + // encode as an unsigned integer (UInt32) + temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), temp); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), sAddress.asn1Encode()); + if (rAddress != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), rAddress.asn1Encode()); } + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x1C), temp); + return bytes.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java b/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java index 95c100a020aca76197012d16966dc295e7b8172d..864115e52e98fc51cb06bc2a2f15d12e8155550d 100644 --- a/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java @@ -35,55 +35,52 @@ import java.io.IOException; public class EncTGSRepPart extends EncKDCRepPart { - public EncTGSRepPart( - EncryptionKey new_key, - LastReq new_lastReq, - int new_nonce, - KerberosTime new_keyExpiration, - TicketFlags new_flags, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - Realm new_srealm, - PrincipalName new_sname, - HostAddresses new_caddr - ) { - super( - new_key, - new_lastReq, - new_nonce, - new_keyExpiration, - new_flags, - new_authtime, - new_starttime, - new_endtime, - new_renewTill, - new_srealm, - new_sname, - new_caddr, - Krb5.KRB_ENC_TGS_REP_PART - ); - } + public EncTGSRepPart( + EncryptionKey new_key, + LastReq new_lastReq, + int new_nonce, + KerberosTime new_keyExpiration, + TicketFlags new_flags, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + Realm new_srealm, + PrincipalName new_sname, + HostAddresses new_caddr) { + super( + new_key, + new_lastReq, + new_nonce, + new_keyExpiration, + new_flags, + new_authtime, + new_starttime, + new_endtime, + new_renewTill, + new_srealm, + new_sname, + new_caddr, + Krb5.KRB_ENC_TGS_REP_PART); + } - public EncTGSRepPart(byte[] data) throws Asn1Exception, - IOException, KrbException { - init(new DerValue(data)); - } + public EncTGSRepPart(byte[] data) throws Asn1Exception, + IOException, KrbException { + init(new DerValue(data)); + } - public EncTGSRepPart(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding); - } + public EncTGSRepPart(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding); + } - private void init(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding, Krb5.KRB_ENC_TGS_REP_PART); - } - - public byte[] asn1Encode() throws Asn1Exception, - IOException { - return asn1Encode(Krb5.KRB_ENC_TGS_REP_PART); - } + private void init(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding, Krb5.KRB_ENC_TGS_REP_PART); + } + public byte[] asn1Encode() throws Asn1Exception, + IOException { + return asn1Encode(Krb5.KRB_ENC_TGS_REP_PART); + } } diff --git a/src/share/classes/sun/security/krb5/internal/EncTicketPart.java b/src/share/classes/sun/security/krb5/internal/EncTicketPart.java index 5f315095825832d0759518f877403558e3556ed1..73eb814445baff9933da195a84aa99aab0225ab7 100644 --- a/src/share/classes/sun/security/krb5/internal/EncTicketPart.java +++ b/src/share/classes/sun/security/krb5/internal/EncTicketPart.java @@ -62,69 +62,68 @@ import java.io.*; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncTicketPart { - public TicketFlags flags; - public EncryptionKey key; - public Realm crealm; - public PrincipalName cname; - public TransitedEncoding transited; - public KerberosTime authtime; - public KerberosTime starttime; //optional - public KerberosTime endtime; - public KerberosTime renewTill; //optional - public HostAddresses caddr; //optional - public AuthorizationData authorizationData; //optional - - public EncTicketPart( - TicketFlags new_flags, - EncryptionKey new_key, - Realm new_crealm, - PrincipalName new_cname, - TransitedEncoding new_transited, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - HostAddresses new_caddr, - AuthorizationData new_authorizationData - ) { - flags = new_flags; - key = new_key; - crealm = new_crealm; - cname = new_cname; - transited = new_transited; - authtime = new_authtime; - starttime = new_starttime; - endtime = new_endtime; - renewTill = new_renewTill; - caddr = new_caddr; - authorizationData = new_authorizationData; - } - public EncTicketPart(byte[] data) - throws Asn1Exception, KrbException, IOException { - init(new DerValue(data)); - } + public TicketFlags flags; + public EncryptionKey key; + public Realm crealm; + public PrincipalName cname; + public TransitedEncoding transited; + public KerberosTime authtime; + public KerberosTime starttime; //optional + public KerberosTime endtime; + public KerberosTime renewTill; //optional + public HostAddresses caddr; //optional + public AuthorizationData authorizationData; //optional + + public EncTicketPart( + TicketFlags new_flags, + EncryptionKey new_key, + Realm new_crealm, + PrincipalName new_cname, + TransitedEncoding new_transited, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + HostAddresses new_caddr, + AuthorizationData new_authorizationData) { + flags = new_flags; + key = new_key; + crealm = new_crealm; + cname = new_cname; + transited = new_transited; + authtime = new_authtime; + starttime = new_starttime; + endtime = new_endtime; + renewTill = new_renewTill; + caddr = new_caddr; + authorizationData = new_authorizationData; + } - public EncTicketPart(DerValue encoding) - throws Asn1Exception, KrbException, IOException { - init(encoding); - } + public EncTicketPart(byte[] data) + throws Asn1Exception, KrbException, IOException { + init(new DerValue(data)); + } - /** - * Initializes an EncTicketPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while parsing a Realm object. - */ + public EncTicketPart(DerValue encoding) + throws Asn1Exception, KrbException, IOException { + init(encoding); + } + /** + * Initializes an EncTicketPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while parsing a Realm object. + */ private static String getHexBytes(byte[] bytes, int len) - throws IOException { + throws IOException { StringBuffer sb = new StringBuffer(); for (int i = 0; i < len; i++) { - int b1 = (bytes[i]>>4) & 0x0f; + int b1 = (bytes[i] >> 4) & 0x0f; int b2 = bytes[i] & 0x0f; sb.append(Integer.toHexString(b1)); @@ -134,73 +133,91 @@ public class EncTicketPart { return sb.toString(); } - private void init(DerValue encoding) - throws Asn1Exception, IOException, RealmException { - DerValue der, subDer; + private void init(DerValue encoding) + throws Asn1Exception, IOException, RealmException { + DerValue der, subDer; - renewTill = null; - caddr = null; - authorizationData = null; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x03) + renewTill = null; + caddr = null; + authorizationData = null; + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x03) || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - flags = TicketFlags.parse(der.getData(), (byte)0x00, false); - key = EncryptionKey.parse(der.getData(), (byte)0x01, false); - crealm = Realm.parse(der.getData(), (byte)0x02, false); - cname = PrincipalName.parse(der.getData(), (byte)0x03, false); - transited = TransitedEncoding.parse(der.getData(), (byte)0x04, false); - authtime = KerberosTime.parse(der.getData(), (byte)0x05, false); - starttime = KerberosTime.parse(der.getData(), (byte)0x06, true); - endtime = KerberosTime.parse(der.getData(), (byte)0x07, false); - if (der.getData().available() > 0) { - renewTill = KerberosTime.parse(der.getData(), (byte)0x08, true); - } - if (der.getData().available() > 0) { - caddr = HostAddresses.parse(der.getData(), (byte)0x09, true); - } - if (der.getData().available() > 0) { - authorizationData = AuthorizationData.parse(der.getData(), (byte)0x0A, true); - } - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + flags = TicketFlags.parse(der.getData(), (byte) 0x00, false); + key = EncryptionKey.parse(der.getData(), (byte) 0x01, false); + crealm = Realm.parse(der.getData(), (byte) 0x02, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x03, false); + transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false); + authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); + starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); + endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); + if (der.getData().available() > 0) { + renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); + } + if (der.getData().available() > 0) { + caddr = HostAddresses.parse(der.getData(), (byte) 0x09, true); + } + if (der.getData().available() > 0) { + authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x0A, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } - /** - * Encodes an EncTicketPart object. - * @return byte array of encoded EncTicketPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ + } - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an EncTicketPart object. + * @return byte array of encoded EncTicketPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), flags.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), key.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), cname.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), transited.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), authtime.asn1Encode()); - if (starttime != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), starttime.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), endtime.asn1Encode()); - - if (renewTill != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), renewTill.asn1Encode()); - - if (caddr != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), caddr.asn1Encode()); - - if (authorizationData != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), authorizationData.asn1Encode()); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x03), temp); - return bytes.toByteArray(); + DerOutputStream temp = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), flags.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), key.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), crealm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), cname.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), transited.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), authtime.asn1Encode()); + if (starttime != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x06), starttime.asn1Encode()); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x07), endtime.asn1Encode()); + + if (renewTill != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x08), renewTill.asn1Encode()); } + + if (caddr != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x09), caddr.asn1Encode()); + } + + if (authorizationData != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x0A), authorizationData.asn1Encode()); + } + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x03), temp); + return bytes.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/KDCRep.java b/src/share/classes/sun/security/krb5/internal/KDCRep.java index ca1d777ed231ee9c84f128dd03bb236ab8f89f7f..f7cc7180082be06e1d78b249b0cfbcc4e6d4b74d 100644 --- a/src/share/classes/sun/security/krb5/internal/KDCRep.java +++ b/src/share/classes/sun/security/krb5/internal/KDCRep.java @@ -35,6 +35,7 @@ import sun.security.util.*; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 KDC-REP type. * @@ -59,163 +60,168 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class KDCRep { - public Realm crealm; - public PrincipalName cname; - public Ticket ticket; - public EncryptedData encPart; - public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding - private int pvno; - private int msgType; - private PAData[] pAData = null; //optional - private boolean DEBUG = Krb5.DEBUG; + public Realm crealm; + public PrincipalName cname; + public Ticket ticket; + public EncryptedData encPart; + public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding + private int pvno; + private int msgType; + private PAData[] pAData = null; //optional + private boolean DEBUG = Krb5.DEBUG; - public KDCRep( - PAData[] new_pAData, - Realm new_crealm, - PrincipalName new_cname, - Ticket new_ticket, - EncryptedData new_encPart, - int req_type - ) throws IOException { - pvno = Krb5.PVNO; - msgType = req_type; - if (new_pAData != null) { - pAData = new PAData[new_pAData.length]; - for (int i = 0; i < new_pAData.length; i++) { - if (new_pAData[i] == null) { - throw new IOException("Cannot create a KDCRep"); - } else { - pAData[i] = (PAData)new_pAData[i].clone(); - } - } + public KDCRep( + PAData[] new_pAData, + Realm new_crealm, + PrincipalName new_cname, + Ticket new_ticket, + EncryptedData new_encPart, + int req_type) throws IOException { + pvno = Krb5.PVNO; + msgType = req_type; + if (new_pAData != null) { + pAData = new PAData[new_pAData.length]; + for (int i = 0; i < new_pAData.length; i++) { + if (new_pAData[i] == null) { + throw new IOException("Cannot create a KDCRep"); + } else { + pAData[i] = (PAData) new_pAData[i].clone(); } - crealm = new_crealm; - cname = new_cname; - ticket = new_ticket; - encPart = new_encPart; + } } + crealm = new_crealm; + cname = new_cname; + ticket = new_ticket; + encPart = new_encPart; + } - public KDCRep() { - } + public KDCRep() { + } - public KDCRep(byte[] data, int req_type) throws Asn1Exception, KrbApErrException, RealmException, IOException { - init(new DerValue(data), req_type); - } + public KDCRep(byte[] data, int req_type) throws Asn1Exception, + KrbApErrException, RealmException, IOException { + init(new DerValue(data), req_type); + } - public KDCRep(DerValue encoding, int req_type) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding, req_type); - } + public KDCRep(DerValue encoding, int req_type) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding, req_type); + } /* // Not used? Don't know what keyusage to use here %%% - - public void decrypt(EncryptionKey key) throws Asn1Exception, - IOException, KrbException, RealmException { - encKDCRepPart = new EncKDCRepPart(encPart.decrypt(key), - msgType); - } -*/ - - /** - * Initializes an KDCRep object. - * - * @param encoding a single DER-encoded value. - * @param req_type reply message type. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while constructing a Realm object from DER-encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value. - * - */ - protected void init(DerValue encoding, int req_type) + public void decrypt(EncryptionKey key) throws Asn1Exception, + IOException, KrbException, RealmException { + encKDCRepPart = new EncKDCRepPart(encPart.decrypt(key), msgType); + } + */ + /** + * Initializes an KDCRep object. + * + * @param encoding a single DER-encoded value. + * @param req_type reply message type. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while constructing + * a Realm object from DER-encoded data. + * @exception KrbApErrException if the value read from the DER-encoded + * data stream does not match the pre-defined value. + * + */ + protected void init(DerValue encoding, int req_type) throws Asn1Exception, RealmException, IOException, - KrbApErrException { - DerValue der, subDer; - if ((encoding.getTag() & 0x1F) != req_type) { - if (DEBUG) { - System.out.println(">>> KDCRep: init() " + - "encoding tag is " + - encoding.getTag() + - " req type is " + req_type); - } - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + KrbApErrException { + DerValue der, subDer; + if ((encoding.getTag() & 0x1F) != req_type) { + if (DEBUG) { + System.out.println(">>> KDCRep: init() " + + "encoding tag is " + + encoding.getTag() + + " req type is " + req_type); } - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x00) { + pvno = subDer.getData().getBigInteger().intValue(); + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); } - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x00) { - pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - } else { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x01) { + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != req_type) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if ((der.getData().peekByte() & 0x1F) == 0x02) { subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x01) { - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != req_type) { - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - } - } else { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - if ((der.getData().peekByte() & 0x1F) == 0x02) { - subDer = der.getData().getDerValue(); - DerValue[] padata = subDer.getData().getSequence(1); - pAData = new PAData[padata.length]; - for (int i = 0; i < padata.length; i++) { - pAData[i] = new PAData(padata[i]); - } - } else { - pAData = null; - } - crealm = Realm.parse(der.getData(), (byte)0x03, false); - cname = PrincipalName.parse(der.getData(), (byte)0x04, false); - ticket = Ticket.parse(der.getData(), (byte)0x05, false); - encPart = EncryptedData.parse(der.getData(), (byte)0x06, false); - if (der.getData().available() > 0) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + DerValue[] padata = subDer.getData().getSequence(1); + pAData = new PAData[padata.length]; + for (int i = 0; i < padata.length; i++) { + pAData[i] = new PAData(padata[i]); } + } else { + pAData = null; } + crealm = Realm.parse(der.getData(), (byte) 0x03, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x04, false); + ticket = Ticket.parse(der.getData(), (byte) 0x05, false); + encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } + /** + * Encodes this object to a byte array. + * @return byte array of encoded APReq object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { - /** - * Encodes this object to a byte array. - * @return byte array of encoded APReq object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - - DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - if (pAData != null && pAData.length > 0) { - DerOutputStream padata_stream = new DerOutputStream(); - for (int i = 0; i < pAData.length; i++) { - padata_stream.write(pAData[i].asn1Encode()); - } - temp = new DerOutputStream(); - temp.write(DerValue.tag_SequenceOf, padata_stream); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); + DerOutputStream bytes = new DerOutputStream(); + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + if (pAData != null && pAData.length > 0) { + DerOutputStream padata_stream = new DerOutputStream(); + for (int i = 0; i < pAData.length; i++) { + padata_stream.write(pAData[i].asn1Encode()); } - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), crealm.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), cname.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), ticket.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), encPart.asn1Encode()); temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - return temp.toByteArray(); + temp.write(DerValue.tag_SequenceOf, padata_stream); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), temp); } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), crealm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), cname.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), ticket.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x06), encPart.asn1Encode()); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + return temp.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/KDCReq.java b/src/share/classes/sun/security/krb5/internal/KDCReq.java index 2f0498956958977aab6d1dbf1788b84a83469657..a46f6436cd82d450df53c573e37c4f69f4bda321 100644 --- a/src/share/classes/sun/security/krb5/internal/KDCReq.java +++ b/src/share/classes/sun/security/krb5/internal/KDCReq.java @@ -56,155 +56,160 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class KDCReq { - public KDCReqBody reqBody; - private int pvno; - private int msgType; - private PAData[] pAData = null; //optional + public KDCReqBody reqBody; + private int pvno; + private int msgType; + private PAData[] pAData = null; //optional - public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody, - int req_type) throws IOException { - pvno = Krb5.PVNO; - msgType = req_type; - if (new_pAData != null) { - pAData = new PAData[new_pAData.length]; - for (int i = 0; i < new_pAData.length; i++) { - if (new_pAData[i] == null) { - throw new IOException("Cannot create a KDCRep"); - } else { - pAData[i] = (PAData)new_pAData[i].clone(); - } - } + public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody, + int req_type) throws IOException { + pvno = Krb5.PVNO; + msgType = req_type; + if (new_pAData != null) { + pAData = new PAData[new_pAData.length]; + for (int i = 0; i < new_pAData.length; i++) { + if (new_pAData[i] == null) { + throw new IOException("Cannot create a KDCRep"); + } else { + pAData[i] = (PAData) new_pAData[i].clone(); } - reqBody = new_reqBody; + } } + reqBody = new_reqBody; + } - public KDCReq() { - } + public KDCReq() { + } - public KDCReq(byte[] data, int req_type) throws Asn1Exception, - IOException, KrbException { + public KDCReq(byte[] data, int req_type) throws Asn1Exception, + IOException, KrbException { init(new DerValue(data), req_type); - } + } /** - * Creates an KDCReq object from a DerValue object and asn1 type. - * - * @param der a DER value of an KDCReq object. - * @param req_type a encoded asn1 type value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exceptoin KrbErrException - */ + * Creates an KDCReq object from a DerValue object and asn1 type. + * + * @param der a DER value of an KDCReq object. + * @param req_type a encoded asn1 type value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exceptoin KrbErrException + */ public KDCReq(DerValue der, int req_type) throws Asn1Exception, - IOException, KrbException { - init(der, req_type); - } + IOException, KrbException { + init(der, req_type); + } - /** - * Initializes a KDCReq object from a DerValue. The DER encoding - * must be in the format specified by the KRB_KDC_REQ ASN.1 notation. - * - * @param encoding a DER-encoded KDCReq object. - * @param req_type an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbException if an error occurs while constructing a Realm object, - * or a Krb object from DER-encoded data. - */ + /** + * Initializes a KDCReq object from a DerValue. The DER encoding + * must be in the format specified by the KRB_KDC_REQ ASN.1 notation. + * + * @param encoding a DER-encoded KDCReq object. + * @param req_type an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbException if an error occurs while constructing a Realm object, + * or a Krb object from DER-encoded data. + */ protected void init(DerValue encoding, int req_type) throws Asn1Exception, - IOException, KrbException { - DerValue der, subDer; - BigInteger bint; - if ((encoding.getTag() & 0x1F) != req_type) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) { + IOException, KrbException { + DerValue der, subDer; + BigInteger bint; + if ((encoding.getTag() & 0x1F) != req_type) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x01) { - bint = subDer.getData().getBigInteger(); - this.pvno = bint.intValue(); - if (this.pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x02) { - bint = subDer.getData().getBigInteger(); - this.msgType = bint.intValue(); - if (this.msgType != req_type) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x03) { - DerValue subsubDer = subDer.getData().getDerValue(); - if (subsubDer.getTag() != DerValue.tag_SequenceOf) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - Vector v = new Vector (); - while (subsubDer.getData().available() > 0) { - v.addElement(new PAData(subsubDer.getData().getDerValue())); - } - if (v.size() > 0) { - pAData = new PAData[v.size()]; - v.copyInto(pAData); - } - } - else pAData = null; - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x04) { - DerValue subsubDer = subDer.getData().getDerValue(); - reqBody = new KDCReqBody(subsubDer, msgType); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x01) { + bint = subDer.getData().getBigInteger(); + this.pvno = bint.intValue(); + if (this.pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x02) { + bint = subDer.getData().getBigInteger(); + this.msgType = bint.intValue(); + if (this.msgType != req_type) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if ((der.getData().peekByte() & 0x1F) == 0x03) { + subDer = der.getData().getDerValue(); + DerValue subsubDer = subDer.getData().getDerValue(); + if (subsubDer.getTag() != DerValue.tag_SequenceOf) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + Vector v = new Vector(); + while (subsubDer.getData().available() > 0) { + v.addElement(new PAData(subsubDer.getData().getDerValue())); + } + if (v.size() > 0) { + pAData = new PAData[v.size()]; + v.copyInto(pAData); + } + } else { + pAData = null; + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x04) { + DerValue subsubDer = subDer.getData().getDerValue(); + reqBody = new KDCReqBody(subsubDer, msgType); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes this object to a byte array. - * - * @return an byte array of encoded data. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * - */ + /** + * Encodes this object to a byte array. + * + * @return an byte array of encoded data. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * + */ public byte[] asn1Encode() throws Asn1Exception, IOException { - DerOutputStream temp, bytes, out; - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); + DerOutputStream temp, bytes, out; + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), temp); if (pAData != null && pAData.length > 0) { - temp = new DerOutputStream(); - for (int i = 0; i < pAData.length; i++) { - temp.write(pAData[i].asn1Encode()); - } - bytes = new DerOutputStream(); - bytes.write(DerValue.tag_SequenceOf, temp); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), bytes); - } - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), reqBody.asn1Encode(msgType)); - bytes = new DerOutputStream(); - bytes.write(DerValue.tag_Sequence, out); - out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)msgType), bytes); - return out.toByteArray(); - } - - public byte[] asn1EncodeReqBody() throws Asn1Exception, IOException - { - return reqBody.asn1Encode(msgType); + temp = new DerOutputStream(); + for (int i = 0; i < pAData.length; i++) { + temp.write(pAData[i].asn1Encode()); + } + bytes = new DerOutputStream(); + bytes.write(DerValue.tag_SequenceOf, temp); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), bytes); } + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), reqBody.asn1Encode(msgType)); + bytes = new DerOutputStream(); + bytes.write(DerValue.tag_Sequence, out); + out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) msgType), bytes); + return out.toByteArray(); + } + public byte[] asn1EncodeReqBody() throws Asn1Exception, IOException { + return reqBody.asn1Encode(msgType); + } } diff --git a/src/share/classes/sun/security/krb5/internal/KRBCred.java b/src/share/classes/sun/security/krb5/internal/KRBCred.java index 2c364e834b01ba5ac268fe9b672783885bf7c9f7..a30ca6d2929379acb29b8c1fced208eb0b7095fc 100644 --- a/src/share/classes/sun/security/krb5/internal/KRBCred.java +++ b/src/share/classes/sun/security/krb5/internal/KRBCred.java @@ -56,128 +56,134 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class KRBCred { - public Ticket[] tickets = null; - public EncryptedData encPart; - private int pvno; - private int msgType; + public Ticket[] tickets = null; + public EncryptedData encPart; + private int pvno; + private int msgType; - public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException { - pvno = Krb5.PVNO; - msgType = Krb5.KRB_CRED; - if (new_tickets != null) { - tickets = new Ticket[new_tickets.length]; - for (int i = 0; i < new_tickets.length; i++) { - if (new_tickets[i] == null) { - throw new IOException("Cannot create a KRBCred"); - } else { - tickets[i] = (Ticket)new_tickets[i].clone(); - } - } + public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException { + pvno = Krb5.PVNO; + msgType = Krb5.KRB_CRED; + if (new_tickets != null) { + tickets = new Ticket[new_tickets.length]; + for (int i = 0; i < new_tickets.length; i++) { + if (new_tickets[i] == null) { + throw new IOException("Cannot create a KRBCred"); + } else { + tickets[i] = (Ticket) new_tickets[i].clone(); } - encPart = new_encPart; + } } + encPart = new_encPart; + } - public KRBCred(byte[] data) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(new DerValue(data)); - } + public KRBCred(byte[] data) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(new DerValue(data)); + } - public KRBCred(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding); - } + public KRBCred(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding); + } - /** - * Initializes an KRBCred object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data - * stream does not match the pre-defined value. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - if (((encoding.getTag() & (byte)0x1F) != (byte)0x16) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + /** + * Initializes an KRBCred object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data + * stream does not match the pre-defined value. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x16) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } DerValue der, subDer; - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x00) { - pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) { + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x00) { + pvno = subDer.getData().getBigInteger().intValue(); + if (pvno != Krb5.PVNO) { throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - } - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x01) { - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != Krb5.KRB_CRED) + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x01) { + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != Krb5.KRB_CRED) { throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x02) { - DerValue subsubDer = subDer.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x02) { + DerValue subsubDer = subDer.getData().getDerValue(); if (subsubDer.getTag() != DerValue.tag_SequenceOf) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - Vector v = new Vector (); + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + Vector v = new Vector(); while (subsubDer.getData().available() > 0) { - v.addElement(new Ticket(subsubDer.getData().getDerValue())); - } + v.addElement(new Ticket(subsubDer.getData().getDerValue())); + } if (v.size() > 0) { - tickets = new Ticket[v.size()]; - v.copyInto(tickets); - } - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - encPart = EncryptedData.parse(der.getData(), (byte)0x03, false); - - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + tickets = new Ticket[v.size()]; + v.copyInto(tickets); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + encPart = EncryptedData.parse(der.getData(), (byte) 0x03, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an KRBCred object. - * @return the data of encoded EncAPRepPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an KRBCred object. + * @return the data of encoded EncAPRepPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream temp, bytes, out; temp = new DerOutputStream(); temp.putInteger(BigInteger.valueOf(pvno)); out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), temp); temp = new DerOutputStream(); - for (int i = 0; i < tickets.length; i++) { - temp.write(tickets[i].asn1Encode()); - } + temp.putInteger(BigInteger.valueOf(msgType)); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + temp = new DerOutputStream(); + for (int i = 0; i < tickets.length; i++) { + temp.write(tickets[i].asn1Encode()); + } bytes = new DerOutputStream(); bytes.write(DerValue.tag_SequenceOf, temp); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), bytes); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode()); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), bytes); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), encPart.asn1Encode()); bytes = new DerOutputStream(); bytes.write(DerValue.tag_Sequence, out); - out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x16), bytes); - return out.toByteArray(); - } - + out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x16), bytes); + return out.toByteArray(); + } } diff --git a/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java b/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java index 3853ab579cce0d195743b2fe3a5d9a872956b7cc..08a21b6658993d19ed6a7d700e5ed43c53ffe954 100644 --- a/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java +++ b/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java @@ -111,7 +111,7 @@ public class KrbCredInfo { * @exception RealmException if an error occurs while parsing a Realm object. */ public KrbCredInfo(DerValue encoding) - throws Asn1Exception, IOException, RealmException{ + throws Asn1Exception, IOException, RealmException{ if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } @@ -160,25 +160,25 @@ public class KrbCredInfo { Vector v = new Vector (); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode())); if (prealm != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); if (pname != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); if (flags != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); if (authtime != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authtime.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authtime.asn1Encode())); if (starttime != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), starttime.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), starttime.asn1Encode())); if (endtime != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); if (renewTill != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); if (srealm != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); if (sname != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); if (caddr != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); DerValue der[] = new DerValue[v.size()]; v.copyInto(der); DerOutputStream out = new DerOutputStream(); diff --git a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java index 5a62d6d2508fed4cf281066e0f6d72d965398735..64c3f8cd85bae7029baa796ea58a3d1462a1db86 100644 --- a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java +++ b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java @@ -215,7 +215,9 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC addrType = read(2); addrLength = read(4); if (!(addrLength == 4 || addrLength == 16)) { - System.out.println("Incorrect address format."); + if (DEBUG) { + System.out.println("Incorrect address format."); + } return null; } byte[] result = new byte[addrLength]; @@ -338,15 +340,19 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC System.out.println(">>>DEBUG key type: " + key.getEType()); long times[] = readTimes(); KerberosTime authtime = new KerberosTime(times[0]); - KerberosTime starttime = new KerberosTime(times[1]); + KerberosTime starttime = + (times[1]==0) ? null : new KerberosTime(times[1]); KerberosTime endtime = new KerberosTime(times[2]); - KerberosTime renewTill = new KerberosTime(times[3]); + KerberosTime renewTill = + (times[3]==0) ? null : new KerberosTime(times[3]); if (DEBUG) { System.out.println(">>>DEBUG auth time: " + authtime.toDate().toString()); - System.out.println(">>>DEBUG start time: " + starttime.toDate().toString()); + System.out.println(">>>DEBUG start time: " + + ((starttime==null)?"null":starttime.toDate().toString())); System.out.println(">>>DEBUG end time: " + endtime.toDate().toString()); - System.out.println(">>>DEBUG renew_till time: " + renewTill.toDate().toString()); + System.out.println(">>>DEBUG renew_till time: " + + ((renewTill==null)?"null":renewTill.toDate().toString())); } boolean skey = readskey(); boolean flags[] = readFlags(); diff --git a/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java b/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java index 4665d9f63dcc32ca5efa413e7336dec123975d9b..ff45cb73d37de7cbcce98169677440ca95185743 100644 --- a/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java +++ b/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java @@ -34,169 +34,185 @@ import sun.security.krb5.*; import sun.security.krb5.internal.*; public class Credentials { - PrincipalName cname; - Realm crealm; + + PrincipalName cname; + Realm crealm; PrincipalName sname; - Realm srealm; - EncryptionKey key; - KerberosTime authtime; - KerberosTime starttime;//optional - KerberosTime endtime; - KerberosTime renewTill; //optional - HostAddresses caddr; //optional; for proxied tickets only + Realm srealm; + EncryptionKey key; + KerberosTime authtime; + KerberosTime starttime;//optional + KerberosTime endtime; + KerberosTime renewTill; //optional + HostAddresses caddr; //optional; for proxied tickets only AuthorizationData authorizationData; //optional, not being actually used public boolean isEncInSKey; // true if ticket is encrypted in another ticket's skey - TicketFlags flags; + TicketFlags flags; Ticket ticket; - Ticket secondTicket; //optional - private boolean DEBUG = Krb5.DEBUG; - - public Credentials( - PrincipalName new_cname, - PrincipalName new_sname, - EncryptionKey new_key, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - boolean new_isEncInSKey, - TicketFlags new_flags, - HostAddresses new_caddr, - AuthorizationData new_authData, - Ticket new_ticket, - Ticket new_secondTicket) { - cname = (PrincipalName)new_cname.clone(); - if (new_cname.getRealm() != null) - crealm = (Realm)new_cname.getRealm().clone(); - - sname = (PrincipalName)new_sname.clone(); - if (new_sname.getRealm() != null) - srealm = (Realm)new_sname.getRealm().clone(); - - key = (EncryptionKey)new_key.clone(); - - authtime = (KerberosTime)new_authtime.clone(); - starttime = (KerberosTime)new_starttime.clone(); - endtime = (KerberosTime)new_endtime.clone(); - renewTill = (KerberosTime)new_renewTill.clone(); - if (new_caddr != null) - caddr = (HostAddresses)new_caddr.clone(); - if (new_authData != null) { - authorizationData - = (AuthorizationData)new_authData.clone(); - } - - isEncInSKey = new_isEncInSKey; - flags = (TicketFlags)new_flags.clone(); - ticket = (Ticket)(new_ticket.clone()); - if (new_secondTicket != null) - secondTicket = (Ticket)new_secondTicket.clone(); - } - - - - public Credentials( - KDCRep kdcRep, - Ticket new_secondTicket, - AuthorizationData new_authorizationData, - boolean new_isEncInSKey - ) { - if (kdcRep.encKDCRepPart == null) //can't store while encrypted - return; - crealm = (Realm)kdcRep.crealm.clone(); - cname = (PrincipalName)kdcRep.cname.clone(); - ticket = (Ticket)kdcRep.ticket.clone(); - key = (EncryptionKey)kdcRep.encKDCRepPart.key.clone(); - flags = (TicketFlags)kdcRep.encKDCRepPart.flags.clone(); - authtime = (KerberosTime)kdcRep.encKDCRepPart.authtime.clone(); - starttime = (KerberosTime)kdcRep.encKDCRepPart.starttime.clone(); - endtime = (KerberosTime)kdcRep.encKDCRepPart.endtime.clone(); - renewTill = (KerberosTime)kdcRep.encKDCRepPart.renewTill.clone(); - srealm = (Realm)kdcRep.encKDCRepPart.srealm.clone(); - sname = (PrincipalName)kdcRep.encKDCRepPart.sname.clone(); - caddr = (HostAddresses)kdcRep.encKDCRepPart.caddr.clone(); - secondTicket = (Ticket)new_secondTicket.clone(); - authorizationData = - (AuthorizationData)new_authorizationData.clone(); - isEncInSKey = new_isEncInSKey; - } - - public Credentials(KDCRep kdcRep) { - this(kdcRep, null); - } - - public Credentials(KDCRep kdcRep, Ticket new_ticket) { - sname = (PrincipalName)kdcRep.encKDCRepPart.sname.clone(); - srealm = (Realm)kdcRep.encKDCRepPart.srealm.clone(); - try { - sname.setRealm(srealm); - } - catch (RealmException e) { - } - cname = (PrincipalName)kdcRep.cname.clone(); - crealm = (Realm)kdcRep.crealm.clone(); - try { - cname.setRealm(crealm); - } - catch (RealmException e) { - } - key = (EncryptionKey)kdcRep.encKDCRepPart.key.clone(); - authtime = (KerberosTime)kdcRep.encKDCRepPart.authtime.clone(); - if (kdcRep.encKDCRepPart.starttime != null) { - starttime = (KerberosTime)kdcRep.encKDCRepPart.starttime.clone(); - } - else starttime = null; - endtime = (KerberosTime)kdcRep.encKDCRepPart.endtime.clone(); - if (kdcRep.encKDCRepPart.renewTill != null) { - renewTill = (KerberosTime)kdcRep.encKDCRepPart.renewTill.clone(); - } - else renewTill = null; - // if (kdcRep.msgType == Krb5.KRB_AS_REP) { - // isEncInSKey = false; - // secondTicket = null; - // } - flags = kdcRep.encKDCRepPart.flags; - if (kdcRep.encKDCRepPart.caddr != null) - caddr = (HostAddresses)kdcRep.encKDCRepPart.caddr.clone(); - else caddr = null; - ticket = (Ticket)kdcRep.ticket.clone(); - if (new_ticket != null) { - secondTicket = (Ticket)new_ticket.clone(); - isEncInSKey = true; - } else { - secondTicket = null; - isEncInSKey = false; - } - } - - /** - * Checks if this credential is expired - */ - public boolean isValid() { - boolean valid = true; - if (endtime.getTime() < System.currentTimeMillis()) { - valid = false; - } - else if ((starttime.getTime() > System.currentTimeMillis()) - || ((starttime == null) && (authtime.getTime() > System.currentTimeMillis()))) - { - valid = false; - } - return valid; - } - - public PrincipalName getServicePrincipal() throws RealmException{ - if (sname.getRealm() == null) { - sname.setRealm(srealm); - } - return sname; - } - - public sun.security.krb5.Credentials setKrbCreds() { - return new sun.security.krb5.Credentials(ticket, - cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr); + Ticket secondTicket; //optional + private boolean DEBUG = Krb5.DEBUG; + + public Credentials( + PrincipalName new_cname, + PrincipalName new_sname, + EncryptionKey new_key, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + boolean new_isEncInSKey, + TicketFlags new_flags, + HostAddresses new_caddr, + AuthorizationData new_authData, + Ticket new_ticket, + Ticket new_secondTicket) { + cname = (PrincipalName) new_cname.clone(); + if (new_cname.getRealm() != null) { + crealm = (Realm) new_cname.getRealm().clone(); + } + + sname = (PrincipalName) new_sname.clone(); + if (new_sname.getRealm() != null) { + srealm = (Realm) new_sname.getRealm().clone(); + } + + key = (EncryptionKey) new_key.clone(); + + authtime = (KerberosTime) new_authtime.clone(); + if (new_starttime != null) { + starttime = (KerberosTime) new_starttime.clone(); + } + endtime = (KerberosTime) new_endtime.clone(); + if (new_renewTill != null) { + renewTill = (KerberosTime) new_renewTill.clone(); + } + if (new_caddr != null) { + caddr = (HostAddresses) new_caddr.clone(); + } + if (new_authData != null) { + authorizationData = (AuthorizationData) new_authData.clone(); } + isEncInSKey = new_isEncInSKey; + flags = (TicketFlags) new_flags.clone(); + ticket = (Ticket) (new_ticket.clone()); + if (new_secondTicket != null) { + secondTicket = (Ticket) new_secondTicket.clone(); + } + } + + public Credentials( + KDCRep kdcRep, + Ticket new_secondTicket, + AuthorizationData new_authorizationData, + boolean new_isEncInSKey) { + if (kdcRep.encKDCRepPart == null) //can't store while encrypted + { + return; + } + crealm = (Realm) kdcRep.crealm.clone(); + cname = (PrincipalName) kdcRep.cname.clone(); + ticket = (Ticket) kdcRep.ticket.clone(); + key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); + flags = (TicketFlags) kdcRep.encKDCRepPart.flags.clone(); + authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); + if (kdcRep.encKDCRepPart.starttime != null) { + starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone(); + } + endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone(); + if (kdcRep.encKDCRepPart.renewTill != null) { + renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); + } + srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone(); + sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); + caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); + secondTicket = (Ticket) new_secondTicket.clone(); + authorizationData = + (AuthorizationData) new_authorizationData.clone(); + isEncInSKey = new_isEncInSKey; + } + + public Credentials(KDCRep kdcRep) { + this(kdcRep, null); + } + + public Credentials(KDCRep kdcRep, Ticket new_ticket) { + sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); + srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone(); + try { + sname.setRealm(srealm); + } catch (RealmException e) { + } + cname = (PrincipalName) kdcRep.cname.clone(); + crealm = (Realm) kdcRep.crealm.clone(); + try { + cname.setRealm(crealm); + } catch (RealmException e) { + } + key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); + authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); + if (kdcRep.encKDCRepPart.starttime != null) { + starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone(); + } else { + starttime = null; + } + endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone(); + if (kdcRep.encKDCRepPart.renewTill != null) { + renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); + } else { + renewTill = null; + } + // if (kdcRep.msgType == Krb5.KRB_AS_REP) { + // isEncInSKey = false; + // secondTicket = null; + // } + flags = kdcRep.encKDCRepPart.flags; + if (kdcRep.encKDCRepPart.caddr != null) { + caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); + } else { + caddr = null; + } + ticket = (Ticket) kdcRep.ticket.clone(); + if (new_ticket != null) { + secondTicket = (Ticket) new_ticket.clone(); + isEncInSKey = true; + } else { + secondTicket = null; + isEncInSKey = false; + } + } + + /** + * Checks if this credential is expired + */ + public boolean isValid() { + boolean valid = true; + if (endtime.getTime() < System.currentTimeMillis()) { + valid = false; + } else if (starttime != null) { + if (starttime.getTime() > System.currentTimeMillis()) { + valid = false; + } + } else { + if (authtime.getTime() > System.currentTimeMillis()) { + valid = false; + } + } + return valid; + } + + public PrincipalName getServicePrincipal() throws RealmException { + if (sname.getRealm() == null) { + sname.setRealm(srealm); + } + return sname; + } + + public sun.security.krb5.Credentials setKrbCreds() { + return new sun.security.krb5.Credentials(ticket, + cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr); + } + public KerberosTime getAuthTime() { return authtime; } diff --git a/src/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java b/src/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java index 31919fc51f5b6e83d2181fd41b942ba6ce95b169..ea6e2d3eb241722543106fc7c155eecd0922b07d 100644 --- a/src/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java +++ b/src/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java @@ -440,7 +440,9 @@ public class AesDkCrypto extends DkCrypto { for (int i = 0; i < hashSize; i++) { if (calculatedHmac[i] != ciphertext[hmacOffset+i]) { cksumFailed = true; - System.err.println("Checksum failed !"); + if (debug) { + System.err.println("Checksum failed !"); + } break; } } diff --git a/src/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java b/src/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java index 57a0c091721199eb5718eeb0fc8050442b2eed2c..8d4c89d60b3e956c6cf7a6bd08a18743c863ae54 100644 --- a/src/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java +++ b/src/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java @@ -397,7 +397,9 @@ public class ArcFourCrypto extends DkCrypto { for (int i = 0; i < hashSize; i++) { if (calculatedHmac[i] != ciphertext[i]) { cksumFailed = true; - System.err.println("Checksum failed !"); + if (debug) { + System.err.println("Checksum failed !"); + } break; } } diff --git a/src/share/classes/sun/security/ssl/Handshaker.java b/src/share/classes/sun/security/ssl/Handshaker.java index b8395665d5a3373bb7f16de9f8d08f7533b2b9ac..5b9dae6c59084f5dc9a3ce97cd7cd18f3e34f2f4 100644 --- a/src/share/classes/sun/security/ssl/Handshaker.java +++ b/src/share/classes/sun/security/ssl/Handshaker.java @@ -617,7 +617,8 @@ abstract class Handshaker { r.write(1); // single byte of data if (conn != null) { - synchronized (conn.writeLock) { + conn.writeLock.lock(); + try { conn.writeRecord(r); conn.changeWriteCiphers(); if (debug != null && Debug.isOn("handshake")) { @@ -625,6 +626,8 @@ abstract class Handshaker { } mesg.write(output); output.flush(); + } finally { + conn.writeLock.unlock(); } } else { synchronized (engine.writeLock) { diff --git a/src/share/classes/sun/security/ssl/InputRecord.java b/src/share/classes/sun/security/ssl/InputRecord.java index 56ea2b0483e4fea9c15e0e34fc72aefab7096201..c0e3e4aa526ab29a58eda28573ff5371daa03947 100644 --- a/src/share/classes/sun/security/ssl/InputRecord.java +++ b/src/share/classes/sun/security/ssl/InputRecord.java @@ -426,12 +426,12 @@ class InputRecord extends ByteArrayInputStream implements Record { if (really < 0) { throw new SSLException("SSL peer shut down incorrectly"); } - - // now we've got a complete record. - count = contentLen + headerSize; - exlen = 0; } + // now we've got a complete record. + count = contentLen + headerSize; + exlen = 0; + if (debug != null && Debug.isOn("record")) { if (count < 0 || count > (maxRecordSize - headerSize)) { System.out.println(Thread.currentThread().getName() @@ -502,10 +502,11 @@ class InputRecord extends ByteArrayInputStream implements Record { if (really < 0) { throw new EOFException("SSL peer shut down incorrectly"); } - - // now we've got a complete record. - exlen = 0; } + + // now we've got a complete record. + exlen = 0; + hashInternal(buf, 2, 3); hashInternal(v2Buf, 0, len); V2toV3ClientHello(v2Buf); diff --git a/src/share/classes/sun/security/ssl/OutputRecord.java b/src/share/classes/sun/security/ssl/OutputRecord.java index 3153b07f1acced0d51b3d8470ce07dda81897fe3..3d580e5cd5b6cde93b3f73192f2d8e353b52ce51 100644 --- a/src/share/classes/sun/security/ssl/OutputRecord.java +++ b/src/share/classes/sun/security/ssl/OutputRecord.java @@ -174,6 +174,18 @@ class OutputRecord extends ByteArrayOutputStream implements Record { return count == headerSize; } + /* + * Return true if the record is of a given alert. + */ + boolean isAlert(byte description) { + // An alert is defined with a two bytes struct, + // {byte level, byte description}, following after the header bytes. + if (count > (headerSize + 1) && contentType == ct_alert) { + return buf[headerSize + 1] == description; + } + + return false; + } /* * Compute the MAC and append it to this record. In case we diff --git a/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/src/share/classes/sun/security/ssl/SSLSocketImpl.java index 0b8a16c0958954b0f8df80bc29ff1c30465ce272..66b6e6d112c0b7cf5856457bb37d17a951cbcc37 100644 --- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1996-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,8 @@ import java.security.AccessController; import java.security.AccessControlContext; import java.security.PrivilegedAction; import java.util.*; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.locks.ReentrantLock; import javax.crypto.BadPaddingException; @@ -274,7 +276,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { * from the peer are handled properly. */ private Object handshakeLock; - Object writeLock; + ReentrantLock writeLock; private Object readLock; private InputRecord inrec; @@ -314,7 +316,6 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { private HashMap handshakeListeners; - /* * Reuse the same internal input/output streams. */ @@ -526,7 +527,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { enabledCipherSuites = CipherSuiteList.getDefault(); enabledProtocols = ProtocolList.getDefault(); handshakeLock = new Object(); - writeLock = new Object(); + writeLock = new ReentrantLock(); readLock = new Object(); inrec = null; @@ -677,16 +678,81 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { // implementations are fragile and don't like to see empty // records, so this also increases robustness. // - synchronized (writeLock) { - if (!r.isEmpty()) { - // r.compress(c); - r.addMAC(writeMAC); - r.encrypt(writeCipher); - r.write(sockOutput); + if (!r.isEmpty()) { + + // If the record is a close notify alert, we need to honor + // socket option SO_LINGER. Note that we will try to send + // the close notify even if the SO_LINGER set to zero. + if (r.isAlert(Alerts.alert_close_notify) && getSoLinger() >= 0) { + + // keep and clear the current thread interruption status. + boolean interrupted = Thread.interrupted(); + try { + if (writeLock.tryLock(getSoLinger(), TimeUnit.SECONDS)) { + try { + writeRecordInternal(r); + } finally { + writeLock.unlock(); + } + } else { + SSLException ssle = new SSLException( + "SO_LINGER timeout," + + " close_notify message cannot be sent."); + + + // For layered, non-autoclose sockets, we are not + // able to bring them into a usable state, so we + // treat it as fatal error. + if (self != this && !autoClose) { + // Note that the alert description is + // specified as -1, so no message will be send + // to peer anymore. + fatal((byte)(-1), ssle); + } else if ((debug != null) && Debug.isOn("ssl")) { + System.out.println(threadName() + + ", received Exception: " + ssle); + } + + // RFC2246 requires that the session becomes + // unresumable if any connection is terminated + // without proper close_notify messages with + // level equal to warning. + // + // RFC4346 no longer requires that a session not be + // resumed if failure to properly close a connection. + // + // We choose to make the session unresumable if + // failed to send the close_notify message. + // + sess.invalidate(); + } + } catch (InterruptedException ie) { + // keep interrupted status + interrupted = true; + } + + // restore the interrupted status + if (interrupted) { + Thread.currentThread().interrupt(); + } + } else { + writeLock.lock(); + try { + writeRecordInternal(r); + } finally { + writeLock.unlock(); + } } } } + private void writeRecordInternal(OutputRecord r) throws IOException { + // r.compress(c); + r.addMAC(writeMAC); + r.encrypt(writeCipher); + r.write(sockOutput); + } + /* * Read an application data record. Alerts and handshake @@ -1533,7 +1599,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { if (oldState == cs_HANDSHAKE) { sockInput.skip(sockInput.available()); } - sendAlert(Alerts.alert_fatal, description); + + // If the description equals -1, the alert won't be sent to peer. + if (description != -1) { + sendAlert(Alerts.alert_fatal, description); + } if (cause instanceof SSLException) { // only true if != null closeReason = (SSLException)cause; } else { @@ -1614,7 +1684,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { * Emit alerts. Caller must have synchronized with "this". */ private void sendAlert(byte level, byte description) { - if (connectionState >= cs_CLOSED) { + if (connectionState >= cs_SENT_CLOSE) { return; } diff --git a/src/share/classes/sun/security/x509/AVA.java b/src/share/classes/sun/security/x509/AVA.java index 9a6b7a59d1a41c58d958e0e6bf0fc00dd08ff6ae..43d914cba13ea7b58734b7ac25732bc8665972ac 100644 --- a/src/share/classes/sun/security/x509/AVA.java +++ b/src/share/classes/sun/security/x509/AVA.java @@ -780,7 +780,8 @@ public class AVA implements DerEncoder { * Implementations MAY escape other characters. * * NOTE: this implementation also recognizes "=" and "#" as - * characters which need escaping. + * characters which need escaping, and null which is escaped as + * '\00' (see RFC 4514). * * If a character to be escaped is one of the list shown above, then * it is prefixed by a backslash ('\' ASCII 92). @@ -805,6 +806,10 @@ public class AVA implements DerEncoder { // append printable/escaped char sbuffer.append(c); + } else if (c == '\u0000') { + // escape null character + sbuffer.append("\\00"); + } else if (debug != null && Debug.isOn("ava")) { // embed non-printable/non-escaped char diff --git a/src/solaris/classes/java/net/PlainSocketImpl.java b/src/solaris/classes/java/net/PlainSocketImpl.java index 113bcb0183e9177f9ef65b49f04528b4f8271816..25e2bab81f597fb2aac0acd68707e4dcd327a10f 100644 --- a/src/solaris/classes/java/net/PlainSocketImpl.java +++ b/src/solaris/classes/java/net/PlainSocketImpl.java @@ -76,9 +76,6 @@ class PlainSocketImpl extends AbstractPlainSocketImpl native int socketGetOption(int opt, Object iaContainerObj) throws SocketException; - native int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd) - throws SocketException; - native void socketSendUrgentData(int data) throws IOException; } diff --git a/src/windows/classes/java/net/DualStackPlainSocketImpl.java b/src/windows/classes/java/net/DualStackPlainSocketImpl.java index 116046603f8592cdb676615b6e78a4d94c6293fd..4e92df7f687d7c6121fec182dd56e1d571c42961 100644 --- a/src/windows/classes/java/net/DualStackPlainSocketImpl.java +++ b/src/windows/classes/java/net/DualStackPlainSocketImpl.java @@ -218,9 +218,6 @@ class DualStackPlainSocketImpl extends AbstractPlainSocketImpl return value; } - int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd) - throws SocketException {return 0;} // un-implemented REMOVE - void socketSendUrgentData(int data) throws IOException { int nativefd = checkAndReturnNativeFD(); sendOOB(nativefd, data); diff --git a/src/windows/classes/java/net/PlainSocketImpl.java b/src/windows/classes/java/net/PlainSocketImpl.java index c65c71c670f9a192a4c9bac8dd2b8a89aab8b6e3..cde60b530878050fa00c99bca7ef6523a566271c 100644 --- a/src/windows/classes/java/net/PlainSocketImpl.java +++ b/src/windows/classes/java/net/PlainSocketImpl.java @@ -304,11 +304,6 @@ class PlainSocketImpl extends AbstractPlainSocketImpl return impl.socketGetOption(opt, iaContainerObj); } - int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd) - throws SocketException { - return impl.socketGetOption1(opt, iaContainerObj, fd); - } - void socketSendUrgentData(int data) throws IOException { impl.socketSendUrgentData(data); } diff --git a/src/windows/classes/java/net/TwoStacksPlainSocketImpl.java b/src/windows/classes/java/net/TwoStacksPlainSocketImpl.java index 9475bd3f7a10e17ed845d2b7df49599e04344c35..13851124b32ce7723bc12a4f43d30a67d2c21961 100644 --- a/src/windows/classes/java/net/TwoStacksPlainSocketImpl.java +++ b/src/windows/classes/java/net/TwoStacksPlainSocketImpl.java @@ -199,8 +199,5 @@ class TwoStacksPlainSocketImpl extends AbstractPlainSocketImpl native int socketGetOption(int opt, Object iaContainerObj) throws SocketException; - native int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd) - throws SocketException; - native void socketSendUrgentData(int data) throws IOException; } diff --git a/src/windows/native/sun/net/www/protocol/http/NTLMAuthSequence.c b/src/windows/native/sun/net/www/protocol/http/NTLMAuthSequence.c index 29c0a2b3b70e31e0cf8c937df6f3a5d473efd778..580e2fabadb6a5c000069b46cf114245b24e924c 100644 --- a/src/windows/native/sun/net/www/protocol/http/NTLMAuthSequence.c +++ b/src/windows/native/sun/net/www/protocol/http/NTLMAuthSequence.c @@ -36,6 +36,8 @@ #include #include +#include "jni_util.h" + #define SECURITY_WIN32 #include "sspi.h" #include "issperr.h" @@ -52,7 +54,7 @@ static INITIALIZE_SECURITY_CONTEXT_FN pInitializeSecurityContext; static COMPLETE_AUTH_TOKEN_FN pCompleteAuthToken; static DELETE_SECURITY_CONTEXT_FN pDeleteSecurityContext; -static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle, SecBufferDesc OutBuffDesc); +static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle); static jfieldID ntlm_ctxHandleID; static jfieldID ntlm_crdHandleID; @@ -117,22 +119,36 @@ JNIEXPORT jlong JNICALL Java_sun_net_www_protocol_http_NTLMAuthSequence_getCrede { SEC_WINNT_AUTH_IDENTITY AuthId; SEC_WINNT_AUTH_IDENTITY * pAuthId; - CHAR *pUser = 0; - CHAR *pDomain = 0; - CHAR *pPassword = 0; + const CHAR *pUser = 0; + const CHAR *pDomain = 0; + const CHAR *pPassword = 0; CredHandle *pCred; TimeStamp ltime; jboolean isCopy; SECURITY_STATUS ss; if (user != 0) { - pUser = (CHAR *)(*env)->GetStringUTFChars(env, user, &isCopy); + pUser = JNU_GetStringPlatformChars(env, user, &isCopy); + if (pUser == NULL) + return 0; // pending Exception } if (domain != 0) { - pDomain = (CHAR *)(*env)->GetStringUTFChars(env, domain, &isCopy); + pDomain = JNU_GetStringPlatformChars(env, domain, &isCopy); + if (pDomain == NULL) { + if (pUser != NULL) + JNU_ReleaseStringPlatformChars(env, user, pUser); + return 0; // pending Exception + } } if (password != 0) { - pPassword = (CHAR *)(*env)->GetStringUTFChars(env, password, &isCopy); + pPassword = JNU_GetStringPlatformChars(env, password, &isCopy); + if (pPassword == NULL) { + if(pUser != NULL) + JNU_ReleaseStringPlatformChars(env, user, pUser); + if(pDomain != NULL) + JNU_ReleaseStringPlatformChars(env, domain, pDomain); + return 0; // pending Exception + } } pCred = (CredHandle *)malloc(sizeof (CredHandle)); @@ -167,6 +183,14 @@ JNIEXPORT jlong JNICALL Java_sun_net_www_protocol_http_NTLMAuthSequence_getCrede pCred, <ime ); + /* Release resources held by JNU_GetStringPlatformChars */ + if (pUser != NULL) + JNU_ReleaseStringPlatformChars(env, user, pUser); + if (pPassword != NULL) + JNU_ReleaseStringPlatformChars(env, password, pPassword); + if (pDomain != NULL) + JNU_ReleaseStringPlatformChars(env, domain, pDomain); + if (ss == 0) { return (jlong) pCred; } else { @@ -181,7 +205,6 @@ JNIEXPORT jbyteArray JNICALL Java_sun_net_www_protocol_http_NTLMAuthSequence_get VOID *pInput = 0; DWORD inputLen; CHAR buffOut[512]; - DWORD pcbBuffOut; jboolean isCopy; SECURITY_STATUS ss; SecBufferDesc OutBuffDesc; @@ -247,7 +270,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_net_www_protocol_http_NTLMAuthSequence_get } if (ss < 0) { - endSequence (pCred, pCtx, OutBuffDesc); + endSequence (pCred, pCtx); return 0; } @@ -255,7 +278,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_net_www_protocol_http_NTLMAuthSequence_get ss = pCompleteAuthToken( pCtx, &OutBuffDesc ); if (ss < 0) { - endSequence (pCred, pCtx, OutBuffDesc); + endSequence (pCred, pCtx); return 0; } } @@ -265,25 +288,23 @@ JNIEXPORT jbyteArray JNICALL Java_sun_net_www_protocol_http_NTLMAuthSequence_get (*env)->SetByteArrayRegion(env, ret, 0, OutSecBuff.cbBuffer, OutSecBuff.pvBuffer); if (lastToken != 0) // 2nd stage - endSequence (pCred, pCtx, OutBuffDesc); + endSequence (pCred, pCtx); result = ret; } if ((ss != SEC_I_CONTINUE_NEEDED) && (ss == SEC_I_COMPLETE_AND_CONTINUE)) { - endSequence (pCred, pCtx, OutBuffDesc); + endSequence (pCred, pCtx); } return result; } -static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle, SecBufferDesc OutBuffDesc) { +static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle) { if (credHand != 0) { pFreeCredentialsHandle (credHand); free (credHand); } - pFreeContextBuffer (&OutBuffDesc); - if (ctxHandle != 0) { pDeleteSecurityContext(ctxHandle); free (ctxHandle); diff --git a/src/windows/native/sun/security/krb5/NativeCreds.c b/src/windows/native/sun/security/krb5/NativeCreds.c index 879dab473880822c42438554c7a2df65bbc548bf..5d2365a415a92040471b617eb3882eab1529a2bd 100644 --- a/src/windows/native/sun/security/krb5/NativeCreds.c +++ b/src/windows/native/sun/security/krb5/NativeCreds.c @@ -88,9 +88,9 @@ VOID ShowNTError(LPSTR,NTSTATUS); VOID InitUnicodeString( - PUNICODE_STRING DestinationString, + PUNICODE_STRING DestinationString, PCWSTR SourceString OPTIONAL - ); +); jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize); @@ -108,215 +108,215 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); */ JNIEXPORT jint JNICALL JNI_OnLoad( - JavaVM *jvm, - void *reserved) { - - jclass cls; - JNIEnv *env; - - if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { - return JNI_EVERSION; /* JNI version not supported */ - } - - cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); - - if (cls == NULL) { - printf("Couldn't find Ticket\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found Ticket\n"); - #endif /* DEBUG */ + JavaVM *jvm, + void *reserved) { - ticketClass = (*env)->NewWeakGlobalRef(env,cls); - if (ticketClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ - - cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); + jclass cls; + JNIEnv *env; - if (cls == NULL) { - printf("Couldn't find PrincipalName\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found PrincipalName\n"); - #endif /* DEBUG */ - - principalNameClass = (*env)->NewWeakGlobalRef(env,cls); - if (principalNameClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ - - cls = (*env)->FindClass(env,"sun/security/util/DerValue"); + if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { + return JNI_EVERSION; /* JNI version not supported */ + } - if (cls == NULL) { - printf("Couldn't find DerValue\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found DerValue\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); - derValueClass = (*env)->NewWeakGlobalRef(env,cls); - if (derValueClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find Ticket\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found Ticket\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); + ticketClass = (*env)->NewWeakGlobalRef(env,cls); + if (ticketClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - if (cls == NULL) { - printf("Couldn't find EncryptionKey\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found EncryptionKey\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); - encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); - if (encryptionKeyClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find PrincipalName\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found PrincipalName\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); + principalNameClass = (*env)->NewWeakGlobalRef(env,cls); + if (principalNameClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - if (cls == NULL) { - printf("Couldn't find TicketFlags\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found TicketFlags\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env,"sun/security/util/DerValue"); - ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); - if (ticketFlagsClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find DerValue\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found DerValue\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); + derValueClass = (*env)->NewWeakGlobalRef(env,cls); + if (derValueClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - if (cls == NULL) { - printf("Couldn't find KerberosTime\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found KerberosTime\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); - kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); - if (kerberosTimeClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find EncryptionKey\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found EncryptionKey\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"java/lang/String"); + encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); + if (encryptionKeyClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - if (cls == NULL) { - printf("Couldn't find String\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found String\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); - javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); - if (javaLangStringClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find TicketFlags\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found TicketFlags\n"); + #endif /* DEBUG */ - derValueConstructor = (*env)->GetMethodID(env, derValueClass, - "", "([B)V"); - if (derValueConstructor == 0) { - printf("Couldn't find DerValue constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found DerValue constructor\n"); - #endif /* DEBUG */ + ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); + if (ticketFlagsClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - ticketConstructor = (*env)->GetMethodID(env, ticketClass, - "", "(Lsun/security/util/DerValue;)V"); - if (ticketConstructor == 0) { - printf("Couldn't find Ticket constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found Ticket constructor\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); - principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, - "", "([Ljava/lang/String;)V"); - if (principalNameConstructor == 0) { - printf("Couldn't find PrincipalName constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found PrincipalName constructor\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find KerberosTime\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found KerberosTime\n"); + #endif /* DEBUG */ - encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, - "", "(I[B)V"); - if (encryptionKeyConstructor == 0) { - printf("Couldn't find EncryptionKey constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found EncryptionKey constructor\n"); - #endif /* DEBUG */ + kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); + if (kerberosTimeClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, - "", "(I[B)V"); - if (ticketFlagsConstructor == 0) { - printf("Couldn't find TicketFlags constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found TicketFlags constructor\n"); - #endif /* DEBUG */ + cls = (*env)->FindClass(env,"java/lang/String"); - kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, - "", "(Ljava/lang/String;)V"); - if (kerberosTimeConstructor == 0) { - printf("Couldn't find KerberosTime constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found KerberosTime constructor\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find String\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found String\n"); + #endif /* DEBUG */ - // load the setRealm method in PrincipalName - setRealmMethod = (*env)->GetMethodID(env, principalNameClass, - "setRealm", "(Ljava/lang/String;)V"); - if (setRealmMethod == 0) { - printf("Couldn't find setRealm in PrincipalName\n"); - return JNI_ERR; - } + javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); + if (javaLangStringClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ + + derValueConstructor = (*env)->GetMethodID(env, derValueClass, + "", "([B)V"); + if (derValueConstructor == 0) { + printf("Couldn't find DerValue constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found DerValue constructor\n"); + #endif /* DEBUG */ + + ticketConstructor = (*env)->GetMethodID(env, ticketClass, + "", "(Lsun/security/util/DerValue;)V"); + if (ticketConstructor == 0) { + printf("Couldn't find Ticket constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found Ticket constructor\n"); + #endif /* DEBUG */ + + principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, + "", "([Ljava/lang/String;)V"); + if (principalNameConstructor == 0) { + printf("Couldn't find PrincipalName constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found PrincipalName constructor\n"); + #endif /* DEBUG */ + + encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, + "", "(I[B)V"); + if (encryptionKeyConstructor == 0) { + printf("Couldn't find EncryptionKey constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found EncryptionKey constructor\n"); + #endif /* DEBUG */ + + ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, + "", "(I[B)V"); + if (ticketFlagsConstructor == 0) { + printf("Couldn't find TicketFlags constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found TicketFlags constructor\n"); + #endif /* DEBUG */ + + kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, + "", "(Ljava/lang/String;)V"); + if (kerberosTimeConstructor == 0) { + printf("Couldn't find KerberosTime constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found KerberosTime constructor\n"); + #endif /* DEBUG */ + + // load the setRealm method in PrincipalName + setRealmMethod = (*env)->GetMethodID(env, principalNameClass, + "setRealm", "(Ljava/lang/String;)V"); + if (setRealmMethod == 0) { + printf("Couldn't find setRealm in PrincipalName\n"); + return JNI_ERR; + } - #ifdef DEBUG - printf("Finished OnLoad processing\n"); - #endif /* DEBUG */ + #ifdef DEBUG + printf("Finished OnLoad processing\n"); + #endif /* DEBUG */ - return JNI_VERSION_1_2; + return JNI_VERSION_1_2; } /* @@ -325,38 +325,38 @@ JNIEXPORT jint JNICALL JNI_OnLoad( */ JNIEXPORT void JNICALL JNI_OnUnload( - JavaVM *jvm, - void *reserved) { + JavaVM *jvm, + void *reserved) { - JNIEnv *env; + JNIEnv *env; - if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { - return; /* Nothing else we can do */ - } + if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { + return; /* Nothing else we can do */ + } - if (ticketClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,ticketClass); - } - if (derValueClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,derValueClass); - } - if (principalNameClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,principalNameClass); - } - if (encryptionKeyClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); - } - if (ticketFlagsClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); - } - if (kerberosTimeClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); - } - if (javaLangStringClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,javaLangStringClass); - } + if (ticketClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,ticketClass); + } + if (derValueClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,derValueClass); + } + if (principalNameClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,principalNameClass); + } + if (encryptionKeyClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); + } + if (ticketFlagsClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); + } + if (kerberosTimeClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); + } + if (javaLangStringClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,javaLangStringClass); + } - return; + return; } /* @@ -365,31 +365,31 @@ JNIEXPORT void JNICALL JNI_OnUnload( * Signature: ()Lsun/security/krb5/Credentials; */ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds( - JNIEnv *env, - jclass krbcredsClass) { - - KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; - PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; - PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; - NTSTATUS Status, SubStatus; - ULONG requestSize = 0; - ULONG responseSize = 0; - ULONG rspSize = 0; - HANDLE LogonHandle = NULL; - ULONG PackageId; - jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; - jobject ticketFlags, startTime, endTime, krbCreds = NULL; - jobject authTime, renewTillTime, hostAddresses = NULL; - KERB_EXTERNAL_TICKET *msticket; - int ignore_cache = 0; - FILETIME Now, EndTime, LocalEndTime; - - while (TRUE) { + JNIEnv *env, + jclass krbcredsClass) { + + KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; + PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL; + PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; + PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; + NTSTATUS Status, SubStatus; + ULONG requestSize = 0; + ULONG responseSize = 0; + ULONG rspSize = 0; + HANDLE LogonHandle = NULL; + ULONG PackageId; + jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; + jobject ticketFlags, startTime, endTime, krbCreds = NULL; + jobject authTime, renewTillTime, hostAddresses = NULL; + KERB_EXTERNAL_TICKET *msticket; + int ignore_cache = 0; + FILETIME Now, EndTime, LocalEndTime; + + while (TRUE) { if (krbcredsConstructor == 0) { - krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "", - "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); + krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "", + "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); if (krbcredsConstructor == 0) { printf("Couldn't find sun.security.krb5.Credentials constructor\n"); break; @@ -510,88 +510,88 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ msticket = &(pTicketResponse->Ticket); } -/* - -typedef struct _KERB_RETRIEVE_TKT_RESPONSE { - KERB_EXTERNAL_TICKET Ticket; -} KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; - -typedef struct _KERB_EXTERNAL_TICKET { - PKERB_EXTERNAL_NAME ServiceName; - PKERB_EXTERNAL_NAME TargetName; - PKERB_EXTERNAL_NAME ClientName; - UNICODE_STRING DomainName; - UNICODE_STRING TargetDomainName; - UNICODE_STRING AltTargetDomainName; - KERB_CRYPTO_KEY SessionKey; - ULONG TicketFlags; - ULONG Flags; - LARGE_INTEGER KeyExpirationTime; - LARGE_INTEGER StartTime; - LARGE_INTEGER EndTime; - LARGE_INTEGER RenewUntil; - LARGE_INTEGER TimeSkew; - ULONG EncodedTicketSize; - PUCHAR EncodedTicket; <========== Here's the good stuff -} KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; - -typedef struct _KERB_EXTERNAL_NAME { - SHORT NameType; - USHORT NameCount; - UNICODE_STRING Names[ANYSIZE_ARRAY]; -} KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; - -typedef struct _LSA_UNICODE_STRING { - USHORT Length; - USHORT MaximumLength; - PWSTR Buffer; -} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; - -typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; - -typedef struct KERB_CRYPTO_KEY { - LONG KeyType; - ULONG Length; - PUCHAR Value; -} KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; + /* -*/ + typedef struct _KERB_RETRIEVE_TKT_RESPONSE { + KERB_EXTERNAL_TICKET Ticket; + } KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; + + typedef struct _KERB_EXTERNAL_TICKET { + PKERB_EXTERNAL_NAME ServiceName; + PKERB_EXTERNAL_NAME TargetName; + PKERB_EXTERNAL_NAME ClientName; + UNICODE_STRING DomainName; + UNICODE_STRING TargetDomainName; + UNICODE_STRING AltTargetDomainName; + KERB_CRYPTO_KEY SessionKey; + ULONG TicketFlags; + ULONG Flags; + LARGE_INTEGER KeyExpirationTime; + LARGE_INTEGER StartTime; + LARGE_INTEGER EndTime; + LARGE_INTEGER RenewUntil; + LARGE_INTEGER TimeSkew; + ULONG EncodedTicketSize; + PUCHAR EncodedTicket; <========== Here's the good stuff + } KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; + + typedef struct _KERB_EXTERNAL_NAME { + SHORT NameType; + USHORT NameCount; + UNICODE_STRING Names[ANYSIZE_ARRAY]; + } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; + + typedef struct _LSA_UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; + } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; + + typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; + + typedef struct KERB_CRYPTO_KEY { + LONG KeyType; + ULONG Length; + PUCHAR Value; + } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; + + */ // Build a com.sun.security.krb5.Ticket ticket = BuildTicket(env, msticket->EncodedTicket, msticket->EncodedTicketSize); if (ticket == NULL) { - break; + break; } // OK, have a Ticket, now need to get the client name clientPrincipal = BuildPrincipal(env, msticket->ClientName, msticket->TargetDomainName); // mdu if (clientPrincipal == NULL) { - break; + break; } // and the "name" of tgt targetPrincipal = BuildPrincipal(env, msticket->ServiceName, msticket->DomainName); if (targetPrincipal == NULL) { - break; + break; } // Get the encryption key encryptionKey = BuildEncryptionKey(env, &(msticket->SessionKey)); if (encryptionKey == NULL) { - break; + break; } // and the ticket flags ticketFlags = BuildTicketFlags(env, &(msticket->TicketFlags)); if (ticketFlags == NULL) { - break; + break; } // Get the start time startTime = BuildKerberosTime(env, &(msticket->StartTime)); if (startTime == NULL) { - break; + break; } /* @@ -604,13 +604,13 @@ typedef struct KERB_CRYPTO_KEY { // and the end time endTime = BuildKerberosTime(env, &(msticket->EndTime)); if (endTime == NULL) { - break; + break; } // Get the renew till time renewTillTime = BuildKerberosTime(env, &(msticket->RenewUntil)); if (renewTillTime == NULL) { - break; + break; } // and now go build a KrbCreds object @@ -630,87 +630,87 @@ typedef struct KERB_CRYPTO_KEY { hostAddresses); break; - } // end of WHILE + } // end of WHILE - // clean up resources - if (TktCacheResponse != NULL) { - LsaFreeReturnBuffer(TktCacheResponse); - } - if (pTicketRequest) { - LocalFree(pTicketRequest); - } - if (pTicketResponse != NULL) { - LsaFreeReturnBuffer(pTicketResponse); - } + // clean up resources + if (TktCacheResponse != NULL) { + LsaFreeReturnBuffer(TktCacheResponse); + } + if (pTicketRequest) { + LocalFree(pTicketRequest); + } + if (pTicketResponse != NULL) { + LsaFreeReturnBuffer(pTicketResponse); + } - return krbCreds; + return krbCreds; } static NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) { - NTSTATUS Status; - UNICODE_STRING TargetPrefix; - USHORT TargetSize; - ULONG RequestSize; - ULONG Length; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; + NTSTATUS Status; + UNICODE_STRING TargetPrefix; + USHORT TargetSize; + ULONG RequestSize; + ULONG Length; + PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; - *outRequest = NULL; - *outSize = 0; + *outRequest = NULL; + *outSize = 0; - // - // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we - // can easily concatenate it later. - // + // + // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we + // can easily concatenate it later. + // - TargetPrefix.Buffer = L"krbtgt/"; - Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR); - TargetPrefix.Length = (USHORT)Length; - TargetPrefix.MaximumLength = TargetPrefix.Length; + TargetPrefix.Buffer = L"krbtgt/"; + Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR); + TargetPrefix.Length = (USHORT)Length; + TargetPrefix.MaximumLength = TargetPrefix.Length; - // - // We will need to concatenate the "krbtgt/" prefix and the - // Logon Session's DnsDomainName into our request's target name. - // - // Therefore, first compute the necessary buffer size for that. - // - // Note that we might theoretically have integer overflow. - // + // + // We will need to concatenate the "krbtgt/" prefix and the + // Logon Session's DnsDomainName into our request's target name. + // + // Therefore, first compute the necessary buffer size for that. + // + // Note that we might theoretically have integer overflow. + // - TargetSize = TargetPrefix.Length + DomainName.Length; + TargetSize = TargetPrefix.Length + DomainName.Length; - // - // The ticket request buffer needs to be a single buffer. That buffer - // needs to include the buffer for the target name. - // + // + // The ticket request buffer needs to be a single buffer. That buffer + // needs to include the buffer for the target name. + // - RequestSize = sizeof (*pTicketRequest) + TargetSize; + RequestSize = sizeof (*pTicketRequest) + TargetSize; - // - // Allocate the request buffer and make sure it's zero-filled. - // + // + // Allocate the request buffer and make sure it's zero-filled. + // - pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) - LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pTicketRequest) - return GetLastError(); + pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) + LocalAlloc(LMEM_ZEROINIT, RequestSize); + if (!pTicketRequest) + return GetLastError(); - // - // Concatenate the target prefix with the previous reponse's - // target domain. - // + // + // Concatenate the target prefix with the previous reponse's + // target domain. + // - pTicketRequest->TargetName.Length = 0; - pTicketRequest->TargetName.MaximumLength = TargetSize; - pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); - Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), - TargetPrefix, - DomainName); - *outRequest = pTicketRequest; - *outSize = RequestSize; - return Status; + pTicketRequest->TargetName.Length = 0; + pTicketRequest->TargetName.MaximumLength = TargetSize; + pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); + Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), + TargetPrefix, + DomainName); + *outRequest = pTicketRequest; + *outSize = RequestSize; + return Status; } DWORD @@ -720,22 +720,22 @@ ConcatenateUnicodeStrings( UNICODE_STRING Source2 ) { - // - // The buffers for Source1 and Source2 cannot overlap pTarget's - // buffer. Source1.Length + Source2.Length must be <= 0xFFFF, - // otherwise we overflow... - // + // + // The buffers for Source1 and Source2 cannot overlap pTarget's + // buffer. Source1.Length + Source2.Length must be <= 0xFFFF, + // otherwise we overflow... + // - USHORT TotalSize = Source1.Length + Source2.Length; - PBYTE buffer = (PBYTE) pTarget->Buffer; + USHORT TotalSize = Source1.Length + Source2.Length; + PBYTE buffer = (PBYTE) pTarget->Buffer; - if (TotalSize > pTarget->MaximumLength) - return ERROR_INSUFFICIENT_BUFFER; + if (TotalSize > pTarget->MaximumLength) + return ERROR_INSUFFICIENT_BUFFER; - pTarget->Length = TotalSize; - memcpy(buffer, Source1.Buffer, Source1.Length); - memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length); - return ERROR_SUCCESS; + pTarget->Length = TotalSize; + memcpy(buffer, Source1.Buffer, Source1.Length); + memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length); + return ERROR_SUCCESS; } BOOL @@ -783,27 +783,27 @@ ShowLastError( DWORD dwError ) { - #define MAX_MSG_SIZE 256 - - static WCHAR szMsgBuf[MAX_MSG_SIZE]; - DWORD dwRes; - - printf("Error calling function %s: %lu\n", szAPI, dwError); - - dwRes = FormatMessage ( - FORMAT_MESSAGE_FROM_SYSTEM, - NULL, - dwError, - 0, - szMsgBuf, - MAX_MSG_SIZE, - NULL); - if (0 == dwRes) { - printf("FormatMessage failed with %d\n", GetLastError()); - // ExitProcess(EXIT_FAILURE); - } else { - printf("%S",szMsgBuf); - } + #define MAX_MSG_SIZE 256 + + static WCHAR szMsgBuf[MAX_MSG_SIZE]; + DWORD dwRes; + + printf("Error calling function %s: %lu\n", szAPI, dwError); + + dwRes = FormatMessage ( + FORMAT_MESSAGE_FROM_SYSTEM, + NULL, + dwError, + 0, + szMsgBuf, + MAX_MSG_SIZE, + NULL); + if (0 == dwRes) { + printf("FormatMessage failed with %d\n", GetLastError()); + // ExitProcess(EXIT_FAILURE); + } else { + printf("%S",szMsgBuf); + } } VOID @@ -831,189 +831,189 @@ InitUnicodeString( Length = (ULONG)wcslen( SourceString ) * sizeof( WCHAR ); DestinationString->Length = (USHORT)Length; DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL)); - } + } else { DestinationString->MaximumLength = 0; DestinationString->Length = 0; - } + } } jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) { - /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. - * But before we can do that, we need to make a byte array out of the ET. - */ - - jobject derValue, ticket; - jbyteArray ary; + /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. + * But before we can do that, we need to make a byte array out of the ET. + */ - ary = (*env)->NewByteArray(env,encodedTicketSize); - if ((*env)->ExceptionOccurred(env)) { - return (jobject) NULL; - } + jobject derValue, ticket; + jbyteArray ary; - (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize, - (jbyte *)encodedTicket); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - return (jobject) NULL; - } + ary = (*env)->NewByteArray(env,encodedTicketSize); + if ((*env)->ExceptionOccurred(env)) { + return (jobject) NULL; + } - derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - return (jobject) NULL; - } + (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize, + (jbyte *)encodedTicket); + if ((*env)->ExceptionOccurred(env)) { + (*env)->DeleteLocalRef(env, ary); + return (jobject) NULL; + } + derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); + if ((*env)->ExceptionOccurred(env)) { (*env)->DeleteLocalRef(env, ary); - ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, derValue); - return (jobject) NULL; - } + return (jobject) NULL; + } + + (*env)->DeleteLocalRef(env, ary); + ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); + if ((*env)->ExceptionOccurred(env)) { (*env)->DeleteLocalRef(env, derValue); - return ticket; + return (jobject) NULL; + } + (*env)->DeleteLocalRef(env, derValue); + return ticket; } // mdu jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, UNICODE_STRING domainName) { - /* - * To build the Principal, we need to get the names out of - * this goofy MS structure - */ - jobject principal = NULL; - jobject realmStr = NULL; - jobjectArray stringArray; - jstring tempString; - int nameCount,i; - PUNICODE_STRING scanner; - WCHAR *realm; - ULONG realmLen; - - realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, - ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); - wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); - - #ifdef DEBUG - printf("Principal domain is %S\n", realm); - printf("Name type is %x\n", principalName->NameType); - printf("Name count is %x\n", principalName->NameCount); - #endif - - nameCount = principalName->NameCount; - stringArray = (*env)->NewObjectArray(env, nameCount, - javaLangStringClass, NULL); - if (stringArray == NULL) { - printf("Can't allocate String array for Principal\n"); - LocalFree(realm); - return principal; - } + /* + * To build the Principal, we need to get the names out of + * this goofy MS structure + */ + jobject principal = NULL; + jobject realmStr = NULL; + jobjectArray stringArray; + jstring tempString; + int nameCount,i; + PUNICODE_STRING scanner; + WCHAR *realm; + ULONG realmLen; + + realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, + ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); + wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); + + #ifdef DEBUG + printf("Principal domain is %S\n", realm); + printf("Name type is %x\n", principalName->NameType); + printf("Name count is %x\n", principalName->NameCount); + #endif + + nameCount = principalName->NameCount; + stringArray = (*env)->NewObjectArray(env, nameCount, + javaLangStringClass, NULL); + if (stringArray == NULL) { + printf("Can't allocate String array for Principal\n"); + LocalFree(realm); + return principal; + } - for (i=0; iNames[i]); + for (i=0; iNames[i]); - // OK, got a Char array, so construct a String - tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer, - scanner->Length/sizeof(WCHAR)); - // Set the String into the StringArray - (*env)->SetObjectArrayElement(env, stringArray, i, tempString); + // OK, got a Char array, so construct a String + tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer, + scanner->Length/sizeof(WCHAR)); + // Set the String into the StringArray + (*env)->SetObjectArrayElement(env, stringArray, i, tempString); - // Do I have to worry about storage reclamation here? - } - principal = (*env)->NewObject(env, principalNameClass, - principalNameConstructor, stringArray); + // Do I have to worry about storage reclamation here? + } + principal = (*env)->NewObject(env, principalNameClass, + principalNameConstructor, stringArray); - // now set the realm in the principal - realmLen = (ULONG)wcslen((PWCHAR)realm); - realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); - (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr); + // now set the realm in the principal + realmLen = (ULONG)wcslen((PWCHAR)realm); + realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); + (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr); - // free local resources - LocalFree(realm); + // free local resources + LocalFree(realm); - return principal; + return principal; } jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) { - // First, need to build a byte array - jbyteArray ary; - jobject encryptionKey = NULL; - - ary = (*env)->NewByteArray(env,cryptoKey->Length); - (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, - (jbyte *)cryptoKey->Value); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - } else { - encryptionKey = (*env)->NewObject(env, encryptionKeyClass, - encryptionKeyConstructor, cryptoKey->KeyType, ary); - } + // First, need to build a byte array + jbyteArray ary; + jobject encryptionKey = NULL; + + ary = (*env)->NewByteArray(env,cryptoKey->Length); + (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, + (jbyte *)cryptoKey->Value); + if ((*env)->ExceptionOccurred(env)) { + (*env)->DeleteLocalRef(env, ary); + } else { + encryptionKey = (*env)->NewObject(env, encryptionKeyClass, + encryptionKeyConstructor, cryptoKey->KeyType, ary); + } - return encryptionKey; + return encryptionKey; } jobject BuildTicketFlags(JNIEnv *env, PULONG flags) { - jobject ticketFlags = NULL; - jbyteArray ary; - /* - * mdu: Convert the bytes to nework byte order before copying - * them to a Java byte array. - */ - ULONG nlflags = htonl(*flags); - - ary = (*env)->NewByteArray(env, sizeof(*flags)); - (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), - (jbyte *)&nlflags); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - } else { - ticketFlags = (*env)->NewObject(env, ticketFlagsClass, - ticketFlagsConstructor, sizeof(*flags)*8, ary); - } + jobject ticketFlags = NULL; + jbyteArray ary; + /* + * mdu: Convert the bytes to nework byte order before copying + * them to a Java byte array. + */ + ULONG nlflags = htonl(*flags); + + ary = (*env)->NewByteArray(env, sizeof(*flags)); + (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), + (jbyte *)&nlflags); + if ((*env)->ExceptionOccurred(env)) { + (*env)->DeleteLocalRef(env, ary); + } else { + ticketFlags = (*env)->NewObject(env, ticketFlagsClass, + ticketFlagsConstructor, sizeof(*flags)*8, ary); + } - return ticketFlags; + return ticketFlags; } jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) { - jobject kerberosTime = NULL; - jstring stringTime = NULL; - SYSTEMTIME systemTime; - WCHAR timeString[16]; - WCHAR month[3]; - WCHAR day[3]; - WCHAR hour[3]; - WCHAR minute[3]; - WCHAR second[3]; - - if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) { -// XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. -// So, print them to strings, and then print them to the master string with a -// format pattern that makes it two digits and prefix with a 0 if necessary. - swprintf( (wchar_t *)month, L"%2.2d", systemTime.wMonth); - swprintf( (wchar_t *)day, L"%2.2d", systemTime.wDay); - swprintf( (wchar_t *)hour, L"%2.2d", systemTime.wHour); - swprintf( (wchar_t *)minute, L"%2.2d", systemTime.wMinute); - swprintf( (wchar_t *)second, L"%2.2d", systemTime.wSecond); - swprintf( (wchar_t *)timeString, - L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ", + jobject kerberosTime = NULL; + jstring stringTime = NULL; + SYSTEMTIME systemTime; + WCHAR timeString[16]; + WCHAR month[3]; + WCHAR day[3]; + WCHAR hour[3]; + WCHAR minute[3]; + WCHAR second[3]; + + if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) { + // XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. + // So, print them to strings, and then print them to the master string with a + // format pattern that makes it two digits and prefix with a 0 if necessary. + swprintf( (wchar_t *)month, L"%2.2d", systemTime.wMonth); + swprintf( (wchar_t *)day, L"%2.2d", systemTime.wDay); + swprintf( (wchar_t *)hour, L"%2.2d", systemTime.wHour); + swprintf( (wchar_t *)minute, L"%2.2d", systemTime.wMinute); + swprintf( (wchar_t *)second, L"%2.2d", systemTime.wSecond); + swprintf( (wchar_t *)timeString, + L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ", systemTime.wYear, month, day, hour, minute, second ); - #ifdef DEBUG - printf("%S\n", (wchar_t *)timeString); - #endif /* DEBUG */ - stringTime = (*env)->NewString(env, timeString, - (sizeof(timeString)/sizeof(WCHAR))-1); - if (stringTime != NULL) { // everything's OK so far - kerberosTime = (*env)->NewObject(env, kerberosTimeClass, - kerberosTimeConstructor, stringTime); - } + #ifdef DEBUG + printf("%S\n", (wchar_t *)timeString); + #endif /* DEBUG */ + stringTime = (*env)->NewString(env, timeString, + (sizeof(timeString)/sizeof(WCHAR))-1); + if (stringTime != NULL) { // everything's OK so far + kerberosTime = (*env)->NewObject(env, kerberosTimeClass, + kerberosTimeConstructor, stringTime); } - return kerberosTime; + } + return kerberosTime; } diff --git a/test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java b/test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java new file mode 100644 index 0000000000000000000000000000000000000000..6fe480cb6e08cd03c6db4574f3a64cba85d78c6f --- /dev/null +++ b/test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java @@ -0,0 +1,72 @@ +/* + * Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6578538 + * @summary com.sun.crypto.provider.SunJCE instance leak using KRB5 and + * LoginContext + * @author Brad Wetmore + * + * @run main/othervm -Xmx2m TestProviderLeak + */ + +/* + * We force the leak to become a problem by specifying the minimum + * size heap we can (above). In current runs on a server and client + * machine, it took roughly 220-240 iterations to have the memory leak + * shut down other operations. It complained about "Unable to verify + * the SunJCE provider." + */ + +import javax.crypto.*; +import javax.crypto.spec.*; + +public class TestProviderLeak { + private static void dumpMemoryStats(String s) throws Exception { + Runtime rt = Runtime.getRuntime(); + System.out.println(s + ":\t" + + rt.freeMemory() + " bytes free"); + } + + public static void main(String [] args) throws Exception { + SecretKeyFactory skf = + SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE"); + PBEKeySpec pbeKS = new PBEKeySpec( + "passPhrase".toCharArray(), new byte [] { 0 }, 5, 512); + for (int i = 0; i <= 1000; i++) { + try { + skf.generateSecret(pbeKS); + if ((i % 20) == 0) { + // Calling gc() isn't dependable, but doesn't hurt. + // Gives better output in leak cases. + System.gc(); + dumpMemoryStats("Iteration " + i); + } + } catch (Exception e) { + dumpMemoryStats("\nException seen at iteration " + i); + throw e; + } + } + } +} diff --git a/test/java/net/CookieHandler/CookieManagerTest.java b/test/java/net/CookieHandler/CookieManagerTest.java index a2c9db3b411ea7ac4083ebbf82567630d1e78b54..b83c27fcefc7527825bedf72808b48a0d7ac22b4 100644 --- a/test/java/net/CookieHandler/CookieManagerTest.java +++ b/test/java/net/CookieHandler/CookieManagerTest.java @@ -132,17 +132,17 @@ class CookieHttpTransaction implements HttpCallback { ), new CookieTestCase("Set-Cookie", "PART_NUMBER=ROCKET_LAUNCHER_0001; path=/;" + "domain=." + localHostAddr, - "CUSTOMER=WILE:BOB;PART_NUMBER=ROCKET_LAUNCHER_0001", + "CUSTOMER=WILE:BOB; PART_NUMBER=ROCKET_LAUNCHER_0001", "/" ), new CookieTestCase("Set-Cookie", "SHIPPING=FEDEX; path=/foo;" + "domain=." + localHostAddr, - "CUSTOMER=WILE:BOB;PART_NUMBER=ROCKET_LAUNCHER_0001", + "CUSTOMER=WILE:BOB; PART_NUMBER=ROCKET_LAUNCHER_0001", "/" ), new CookieTestCase("Set-Cookie", "SHIPPING=FEDEX; path=/foo;" + "domain=." + localHostAddr, - "CUSTOMER=WILE:BOB;PART_NUMBER=ROCKET_LAUNCHER_0001;SHIPPING=FEDEX", + "CUSTOMER=WILE:BOB; PART_NUMBER=ROCKET_LAUNCHER_0001; SHIPPING=FEDEX", "/foo" ) }; @@ -157,7 +157,7 @@ class CookieHttpTransaction implements HttpCallback { ), new CookieTestCase("Set-Cookie", "PART_NUMBER=RIDING_ROCKET_0023; path=/ammo;" + "domain=." + localHostAddr, - "PART_NUMBER=RIDING_ROCKET_0023;PART_NUMBER=ROCKET_LAUNCHER_0001", + "PART_NUMBER=RIDING_ROCKET_0023; PART_NUMBER=ROCKET_LAUNCHER_0001", "/ammo" ) }; @@ -167,17 +167,17 @@ class CookieHttpTransaction implements HttpCallback { testCases[count++] = new CookieTestCase[]{ new CookieTestCase("Set-Cookie2", "Customer=\"WILE_E_COYOTE\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr, - "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", "/acme/login" ), new CookieTestCase("Set-Cookie2", "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\";Path=\"/acme\";" + "domain=." + localHostAddr, - "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", "/acme/pickitem" ), new CookieTestCase("Set-Cookie2", "Shipping=\"FedEx\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr, - "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"" + ";Shipping=\"FedEx\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"" + "; Shipping=\"FedEx\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", "/acme/shipping" ) }; @@ -187,17 +187,17 @@ class CookieHttpTransaction implements HttpCallback { testCases[count++] = new CookieTestCase[]{ new CookieTestCase("Set-Cookie2", "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr, - "$Version=\"1\";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", "/acme/ammo" ), new CookieTestCase("Set-Cookie2", "Part_Number=\"Riding_Rocket_0023\"; Version=\"1\"; Path=\"/acme/ammo\";" + "domain=." + localHostAddr, - "$Version=\"1\";Part_Number=\"Riding_Rocket_0023\";$Path=\"/acme/ammo\";$Domain=\"." + localHostAddr + "\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Part_Number=\"Riding_Rocket_0023\";$Path=\"/acme/ammo\";$Domain=\"." + localHostAddr + "\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", "/acme/ammo" ), new CookieTestCase("", "", - "$Version=\"1\";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"", "/acme/parts" ) }; @@ -207,12 +207,12 @@ class CookieHttpTransaction implements HttpCallback { testCases[count++] = new CookieTestCase[]{ new CookieTestCase("Set-Cookie2", "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr, - "$Version=\"1\";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", "/acme" ), new CookieTestCase("Set-Cookie2", "Part_Number=\"Rocket_Launcher_2000\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr, - "$Version=\"1\";Part_Number=\"Rocket_Launcher_2000\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", + "$Version=\"1\"; Part_Number=\"Rocket_Launcher_2000\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"", "/acme" ) }; @@ -222,17 +222,17 @@ class CookieHttpTransaction implements HttpCallback { testCases[count++] = new CookieTestCase[]{ new CookieTestCase("Set-Cookie2", "Customer=\"WILE_E_COYOTE\"; Version=\"1\"; Path=\"/acme\"", - "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"", "/acme/login" ), new CookieTestCase("Set-Cookie2", "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\";Path=\"/acme\"", - "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"", "/acme/pickitem" ), new CookieTestCase("Set-Cookie2", "Shipping=\"FedEx\"; Version=\"1\"; Path=\"/acme\"", - "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"" + ";Shipping=\"FedEx\";$Path=\"/acme\"", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"" + "; Shipping=\"FedEx\";$Path=\"/acme\"", "/acme/shipping" ) }; diff --git a/test/java/net/InterfaceAddress/Equals.java b/test/java/net/InterfaceAddress/Equals.java new file mode 100644 index 0000000000000000000000000000000000000000..5403bebe04c8866fd04f7fa6dba1c8c1a1cdc625 --- /dev/null +++ b/test/java/net/InterfaceAddress/Equals.java @@ -0,0 +1,119 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* @test + * @bug 6628576 + * @summary InterfaceAddress.equals() NPE when broadcast field == null + */ + +import java.net.InterfaceAddress; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.lang.reflect.Constructor; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; + +public class Equals +{ + public static void main(String[] args) { + InterfaceAddress ia1; + InterfaceAddress ia2; + InetAddress loopbackAddr = InetAddress.getLoopbackAddress(); + InetAddress broadcast1 = null; + InetAddress broadcast2 = null; + + try { + broadcast1 = InetAddress.getByName("255.255.255.0"); + broadcast2 = InetAddress.getByName("255.255.0.0"); + } catch (UnknownHostException e) { + e.printStackTrace(); + } + + ia1 = createInterfaceAddress(loopbackAddr, (InetAddress) null, (short)45); + ia2 = createInterfaceAddress(loopbackAddr, (InetAddress) null, (short)45); + + compare(ia1, ia2, true); + + ia2 = createInterfaceAddress(loopbackAddr, broadcast1, (short)45); + compare(ia1, ia2, false); + + ia2 = createInterfaceAddress((InetAddress)null, broadcast1, (short)45); + compare(ia1, ia2, false); + + ia1 = createInterfaceAddress(loopbackAddr, broadcast2, (short)45); + ia2 = createInterfaceAddress(loopbackAddr, broadcast2, (short)45); + compare(ia1, ia2, true); + + ia1.equals(null); + } + + static void compare(InterfaceAddress ia1, InterfaceAddress ia2, boolean equal) { + if (ia1.equals(ia2) != equal) + throw new RuntimeException("Failed: " + ia1 + " not equals to " + ia2); + + if (ia2.equals(ia1) != equal) + throw new RuntimeException("Failed: " + ia2 + " not equals to " + ia1); + } + + /** + * Returns an InterfaceAddress instance with its fields set the the values + * specificed. + */ + static InterfaceAddress createInterfaceAddress( + InetAddress address, InetAddress broadcast, short prefixlength) { + try { + Class IAClass = InterfaceAddress.class; + InterfaceAddress ia; + Constructor ctr = IAClass.getDeclaredConstructor(); + ctr.setAccessible(true); + + Field addressField = IAClass.getDeclaredField("address"); + addressField.setAccessible(true); + + Field broadcastField = IAClass.getDeclaredField("broadcast"); + broadcastField.setAccessible(true); + + Field maskLengthField = IAClass.getDeclaredField("maskLength"); + maskLengthField.setAccessible(true); + + ia = ctr.newInstance(); + addressField.set(ia, address); + broadcastField.set(ia, broadcast); + maskLengthField.setShort(ia, prefixlength); + + return ia; + } catch (NoSuchFieldException nsfe) { + nsfe.printStackTrace(); + } catch (NoSuchMethodException e) { + e.printStackTrace(); + } catch (InstantiationException ie) { + ie.printStackTrace(); + } catch (IllegalAccessException iae) { + iae.printStackTrace(); + } catch (InvocationTargetException ite) { + ite.printStackTrace(); + } + + return null; + } +} diff --git a/test/java/net/ResponseCache/file2.1 b/test/java/net/ResponseCache/file2.1 index 428de11adaa6bbf21e59db4908df028e401bb87f..1878bc2fe8824d743ea73c9d0fa986d15f14d440 100644 --- a/test/java/net/ResponseCache/file2.1 +++ b/test/java/net/ResponseCache/file2.1 @@ -1,4 +1,4 @@ -/* @test +/* @test @(#)file2.1 1.1 03/08/09 * @summary Unit test for java.net.ResponseCacheHandler * @bug 4837267 * @author Yingxian Wang diff --git a/test/java/security/AccessControlContext/FailureDebugOption.java b/test/java/security/AccessControlContext/FailureDebugOption.java new file mode 100644 index 0000000000000000000000000000000000000000..df48203ecb918c7a622ea7e3d31094d8e566b1fb --- /dev/null +++ b/test/java/security/AccessControlContext/FailureDebugOption.java @@ -0,0 +1,50 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6648816 + * @summary REGRESSION: setting -Djava.security.debug=failure result in NPE + * in ACC + * @run main/othervm -Djava.security.debug=failure FailureDebugOption + */ + +import java.security.ProtectionDomain; +import java.security.AccessController; +import java.security.AccessControlException; +import java.security.BasicPermission; + +public class FailureDebugOption { + + public static void main (String argv[]) throws Exception { + try { + AccessController.checkPermission( + new BasicPermission("no such permission"){}); + } catch (NullPointerException npe) { + throw new Exception("Unexpected NullPointerException for security" + + " debug option, -Djava.security.debug=failure"); + } catch (AccessControlException ace) { + } + } +} + diff --git a/test/javax/security/auth/x500/X500Principal/RFC4514.java b/test/javax/security/auth/x500/X500Principal/RFC4514.java new file mode 100644 index 0000000000000000000000000000000000000000..6169314abf047d14fa24dcc709ed1359b15a6e4a --- /dev/null +++ b/test/javax/security/auth/x500/X500Principal/RFC4514.java @@ -0,0 +1,92 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +import javax.security.auth.x500.X500Principal; + +/** + * @test + * @bug 6611991 + * @summary Add support for parsing RFC 4514 DNs to X500Principal + * + * Ensure RFC 4514 Distinguished Name Strings can be parsed by X500Principal. + * RFC 4514 obsoleted RFC 2253 so we should make sure we can parse DNs of + * that form that contain subtle differences or clarifications in the grammar. + */ +public class RFC4514 { + + private int failed = 0; + + public static void main(String[] args) throws Exception { + new RFC4514().test(); + } + + private void test() throws Exception { + + /** + * RFC 4514 allows space to be escaped as '\ '. + */ + parse("CN=\\ Space\\ ,C=US"); + parse("CN=Sp\\ ace,C=US"); + /** + * RFC 4514 does not require escaping of '=' characters. + */ + parse("CN=Eq=uals,C=US"); + /** + * RFC 4514 requires the null character to be escaped. + */ + parse("CN=\\00,C=US"); + /** + * RFC 4514 does not require escaping of non-leading '#' characters. + */ + parse("CN=Num#ber,C=US"); + /** + * XMLDSig (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/) + * allows implementations to escape trailing whitespace as '\20'. + */ + parse("CN=Trailing \\20,C=US"); + /** + * XMLDSig allows implementations to escape ASCII control characters + * (Unicode range \x00 - \x1f) by replacing them with "\" followed by + * a two digit hex number showing its Unicode number. + */ + parse("CN=Con\\09trol,C=US"); + + if (failed != 0) { + throw new Exception("Some RFC4514 tests FAILED"); + } + } + + public void parse(String dnString) throws Exception { + + System.out.println("Parsing " + dnString); + X500Principal dn = new X500Principal(dnString); + String dnString2 = dn.getName(); + X500Principal dn2 = new X500Principal(dnString2); + if (dn.equals(dn2)) { + System.out.println("PASSED"); + } else { + System.out.println("FAILED"); + failed++; + } + } +} diff --git a/test/sun/net/www/http/ChunkedOutputStream/Test.java b/test/sun/net/www/http/ChunkedOutputStream/Test.java index 89bc8b3bf854f7987da6517c2b6512c5567dccfc..3866761ade6e7203efc6283dfd2d44b4d4db4a13 100644 --- a/test/sun/net/www/http/ChunkedOutputStream/Test.java +++ b/test/sun/net/www/http/ChunkedOutputStream/Test.java @@ -23,7 +23,7 @@ /** * @test - * @bug 5026745 + * @bug 5026745 6631048 * @run main/othervm/timeout=500 Test * @summary Cannot flush output stream when writing to an HttpUrlConnection */ @@ -158,6 +158,50 @@ public class Test implements HttpHandler { exchange.sendResponseHeaders(200, 0); } break; + case 10: /* test11 */ + printRequestURI(exchange); + is = exchange.getRequestBody(); + s = read (is, str1.length()); + + error = false; + for (int i=10; i< 30 * 1024; i++) { + byte c = (byte)is.read(); + + if (c != (byte)i) { + error = true; + System.out.println ("error at position " + i); + } + } + if (!s.equals(str1) ) { + System.out.println ("received string : " + s); + exchange.sendResponseHeaders(500, 0); + } else if (error) { + System.out.println ("error"); + exchange.sendResponseHeaders(500, 0); + } else { + exchange.sendResponseHeaders(200, 0); + } + break; + case 11: /* test12 */ + printRequestURI(exchange); + is = exchange.getRequestBody(); + + error = false; + for (int i=10; i< 30 * 1024; i++) { + byte c = (byte)is.read(); + + if (c != (byte)i) { + error = true; + System.out.println ("error at position " + i); + } + } + if (error) { + System.out.println ("error"); + exchange.sendResponseHeaders(500, 0); + } else { + exchange.sendResponseHeaders(200, 0); + } + break; } exchange.close(); count ++; @@ -390,6 +434,56 @@ public class Test implements HttpHandler { } } + static void test11 (String u) throws Exception { + URL url = new URL (u); + System.out.println ("client opening connection to: " + u); + HttpURLConnection urlc = (HttpURLConnection)url.openConnection (); + urlc.setChunkedStreamingMode (36 * 1024); + urlc.setDoOutput(true); + urlc.setRequestMethod ("POST"); + OutputStream os = urlc.getOutputStream (); + byte[] buf = new byte [30 * 1024]; + for (int i=0; i< 30 * 1024; i++) { + buf[i] = (byte) i; + } + /* write a small bit first, and then the large buffer */ + os.write (str1.getBytes()); + //os.write (buf, 10, buf.length - 10); /* skip 10 bytes to test offset */ + os.write (buf, 10, (10 * 1024) - 10); + os.write (buf, (10 * 1024), (10 * 1024)); + os.write (buf, (20 * 1024), (10 * 1024)); + os.close(); + InputStream is = urlc.getInputStream(); + is.close(); + int ret = urlc.getResponseCode(); + if (ret != 200) { + throw new Exception ("Expected 200: got " + ret); + } + } + + static void test12 (String u) throws Exception { + URL url = new URL (u); + System.out.println ("client opening connection to: " + u); + HttpURLConnection urlc = (HttpURLConnection)url.openConnection (); + urlc.setChunkedStreamingMode (36 * 1024); + urlc.setDoOutput(true); + urlc.setRequestMethod ("POST"); + OutputStream os = urlc.getOutputStream (); + byte[] buf = new byte [30 * 1024]; + for (int i=0; i< 30 * 1024; i++) { + buf[i] = (byte) i; + } + os.write (buf, 10, buf.length - 10); /* skip 10 bytes to test offset */ + os.close(); + InputStream is = urlc.getInputStream(); + is.close(); + int ret = urlc.getResponseCode(); + if (ret != 200) { + throw new Exception ("Expected 200: got " + ret); + } + } + + static com.sun.net.httpserver.HttpServer httpserver; public static void main (String[] args) throws Exception { @@ -411,6 +505,8 @@ public class Test implements HttpHandler { test8("http://localhost:"+ port + "/test/test8"); test9("http://localhost:"+ port + "/test/test9"); test10("http://localhost:"+ port + "/test/test10"); + test11("http://localhost:"+ port + "/test/test11"); + test12("http://localhost:"+ port + "/test/test12"); } finally { if (httpserver != null) httpserver.stop(0); diff --git a/test/sun/net/www/protocol/http/B6641309.java b/test/sun/net/www/protocol/http/B6641309.java new file mode 100644 index 0000000000000000000000000000000000000000..15e8fdc31bc602e349ae6f2f337bf61c4dbbd011 --- /dev/null +++ b/test/sun/net/www/protocol/http/B6641309.java @@ -0,0 +1,129 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6641309 + * @summary Wrong Cookie separator used in HttpURLConnection + */ + +import java.net.*; +import java.util.*; +import java.io.*; +import com.sun.net.httpserver.*; +import java.util.concurrent.Executors; +import java.util.concurrent.ExecutorService; + +public class B6641309 +{ + com.sun.net.httpserver.HttpServer httpServer; + ExecutorService executorService; + + public static void main(String[] args) + { + new B6641309(); + } + + public B6641309() + { + try { + startHttpServer(); + doClient(); + } catch (IOException ioe) { + System.err.println(ioe); + } + } + + void doClient() { + CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL)); + try { + InetSocketAddress address = httpServer.getAddress(); + + // GET Request + URL url = new URL("http://localhost:" + address.getPort() + "/test/"); + CookieHandler ch = CookieHandler.getDefault(); + Map> header = new HashMap>(); + List values = new LinkedList(); + values.add("Test1Cookie=TEST1; path=/test/"); + values.add("Test2Cookie=TEST2; path=/test/"); + header.put("Set-Cookie", values); + + // preload the CookieHandler with a cookie for our URL + // so that it will be sent during the first request + ch.put(url.toURI(), header); + HttpURLConnection uc = (HttpURLConnection)url.openConnection(); + int resp = uc.getResponseCode(); + if (resp != 200) + throw new RuntimeException("Failed: Response code from GET is not 200"); + + System.out.println("Response code from GET = 200 OK"); + + } catch (IOException e) { + e.printStackTrace(); + } catch (URISyntaxException e) { + e.printStackTrace(); + } finally { + httpServer.stop(1); + executorService.shutdown(); + } + } + + /** + * Http Server + */ + public void startHttpServer() throws IOException { + httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0); + + // create HttpServer context + HttpContext ctx = httpServer.createContext("/test/", new MyHandler()); + + executorService = Executors.newCachedThreadPool(); + httpServer.setExecutor(executorService); + httpServer.start(); + } + + class MyHandler implements HttpHandler { + public void handle(HttpExchange t) throws IOException { + InputStream is = t.getRequestBody(); + Headers reqHeaders = t.getRequestHeaders(); + int i = 0; + // Read till end of stream + do { + i = is.read(); + } while (i != -1); + is.close(); + + List cookies = reqHeaders.get("Cookie"); + if (cookies != null) { + for (String str : cookies) { + // The separator between the 2 cookies should be + // a semi-colon AND a space + if (str.equals("Test1Cookie=TEST1; Test2Cookie=TEST2")) + t.sendResponseHeaders(200, -1); + } + } + t.sendResponseHeaders(400, -1); + t.close(); + } + } +} diff --git a/test/sun/net/www/protocol/http/B6660405.java b/test/sun/net/www/protocol/http/B6660405.java new file mode 100644 index 0000000000000000000000000000000000000000..2309497c2fb7c575b09ad32385710aeca3b48d1c --- /dev/null +++ b/test/sun/net/www/protocol/http/B6660405.java @@ -0,0 +1,163 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6660405 + * @summary HttpURLConnection returns the wrong InputStream + */ + +import java.net.*; +import java.util.*; +import java.io.*; +import com.sun.net.httpserver.*; +import java.util.concurrent.Executors; +import java.util.concurrent.ExecutorService; + +public class B6660405 +{ + com.sun.net.httpserver.HttpServer httpServer; + ExecutorService executorService; + + static class MyCacheResponse extends CacheResponse { + private byte[] buf = new byte[1024]; + + public MyCacheResponse() { + } + + @Override + public Map> getHeaders() throws IOException + { + Map> h = new HashMap>(); + ArrayList l = new ArrayList(); + l.add("HTTP/1.1 200 OK"); + h.put(null, l); + l = new ArrayList(); + l.add("1024"); + h.put("Content-Length", l); + return h; + } + + @Override + public InputStream getBody() throws IOException + { + return new ByteArrayInputStream(buf); + } + + } + static class MyResponseCache extends ResponseCache { + + public MyResponseCache() { + } + + @Override + public CacheResponse get(URI uri, String rqstMethod, Map> rqstHeaders) throws IOException + { + if (uri.getPath().equals("/redirect/index.html")) { + return new MyCacheResponse(); + } + return null; + } + + @Override + public CacheRequest put(URI uri, URLConnection conn) throws IOException + { + return null; + } + + } + + public static void main(String[] args) + { + new B6660405(); + } + + public B6660405() + { + try { + startHttpServer(); + doClient(); + } catch (IOException ioe) { + System.err.println(ioe); + } + } + + void doClient() { + ResponseCache.setDefault(new MyResponseCache()); + try { + InetSocketAddress address = httpServer.getAddress(); + + // GET Request + URL url = new URL("http://localhost:" + address.getPort() + "/test/index.html"); + HttpURLConnection uc = (HttpURLConnection)url.openConnection(); + int code = uc.getResponseCode(); + System.err.println("response code = " + code); + int l = uc.getContentLength(); + System.err.println("content-length = " + l); + InputStream in = uc.getInputStream(); + int i = 0; + // Read till end of stream + do { + i = in.read(); + } while (i != -1); + in.close(); + } catch (IOException e) { + throw new RuntimeException("Got the wrong InputStream after checking headers"); + } finally { + httpServer.stop(1); + executorService.shutdown(); + } + } + + /** + * Http Server + */ + public void startHttpServer() throws IOException { + httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0); + + // create HttpServer context + HttpContext ctx = httpServer.createContext("/test/", new MyHandler()); + + executorService = Executors.newCachedThreadPool(); + httpServer.setExecutor(executorService); + httpServer.start(); + } + + class MyHandler implements HttpHandler { + public void handle(HttpExchange t) throws IOException { + InputStream is = t.getRequestBody(); + Headers reqHeaders = t.getRequestHeaders(); + Headers resHeaders = t.getResponseHeaders(); + + int i = 0; + // Read till end of stream + do { + i = is.read(); + } while (i != -1); + is.close(); + resHeaders.add("Location", "http://foo.bar/redirect/index.html"); + t.sendResponseHeaders(302, -1); + t.close(); + } + } +} diff --git a/test/sun/security/krb5/DnsFallback.java b/test/sun/security/krb5/DnsFallback.java new file mode 100644 index 0000000000000000000000000000000000000000..95fbf3b165b513d73e940c75115644a883299aa7 --- /dev/null +++ b/test/sun/security/krb5/DnsFallback.java @@ -0,0 +1,64 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +/* + * @test + * @bug 6673164 + * @summary dns_fallback parse error + */ + +import sun.security.krb5.*; +import java.io.*; + +public class DnsFallback { + public static void main(String[] args) throws Exception { + check("true", "true", true); + check("false", "true", false); + check("true", "false", true); + check("false", "false", false); + check("true", null, true); + check("false", null, false); + check(null, "true", true); + check(null, "false", false); + } + + static void check(String realm, String fallback, boolean output) throws Exception { + FileOutputStream fo = new FileOutputStream("dnsfallback.conf"); + StringBuffer sb = new StringBuffer(); + sb.append("[libdefaults]\n"); + if (realm != null) { + sb.append("dns_lookup_realm=" + realm + "\n"); + } + if (fallback != null) { + sb.append("dns_fallback=" + fallback + "\n"); + } + fo.write(sb.toString().getBytes()); + fo.close(); + System.setProperty("java.security.krb5.conf", "dnsfallback.conf"); + Config.refresh(); + System.out.println("Testing " + realm + ", " + fallback + ", " + output); + if (Config.getInstance().useDNS_Realm() != output) { + throw new Exception("Fail"); + } + } +} + diff --git a/test/sun/security/krb5/OptionPADataInKDCReq.java b/test/sun/security/krb5/OptionPADataInKDCReq.java new file mode 100644 index 0000000000000000000000000000000000000000..2229b541e890668f1b2b6e29ec7a4794ab36e1b5 --- /dev/null +++ b/test/sun/security/krb5/OptionPADataInKDCReq.java @@ -0,0 +1,123 @@ +/* + * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +/* + * @test + * @bug 6648972 + * @summary KDCReq.init always read padata + */ +import sun.security.krb5.internal.ETypeInfo2; +import sun.security.krb5.internal.KDCReq; +import sun.security.util.DerValue; + +public class OptionPADataInKDCReq { + public static void main(String[] args) throws Exception { + /* + * This is a AS-REQ block without padata. The content is -- + [APPLICATION 10] SEQUENCE { + [1] INTEGER 5 + [2] INTEGER 10 + [4] SEQUENCE { + [0] BIT STRING 01000000 10000001 00000000 00010000 + [1] SEQUENCE { + [0] INTEGER 1 + [1] SEQUENCE { + STRING administrator + } + } + [2] STRING N3 + [3] SEQUENCE { + [0] INTEGER 2 + [1] SEQUENCE { + STRING krbtgt + STRING N3 + } + } + [5] TIME Sun Sep 13 10:48:05 CST 2037 + [6] TIME Sun Sep 13 10:48:05 CST 2037 + [7] INTEGER 2101281516 + [8] SEQUENCE { + INTEGER 23 + INTEGER -133 + INTEGER -128 + INTEGER 3 + INTEGER 1 + INTEGER 24 + INTEGER -135 + } + [9] SEQUENCE { + SEQUENCE { + [0] INTEGER 20 + [1] OCTET STRING + 0000: 58 50 20 20 20 20 20 20 20 20 20 20 20 20 20 20 XP + } + } + } + } + */ + byte[] b = { + (byte)0x6a, (byte)0x81, (byte)0xbf, (byte)0x30, (byte)0x81, (byte)0xbc, (byte)0xa1, (byte)0x03, + (byte)0x02, (byte)0x01, (byte)0x05, (byte)0xa2, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x0a, + (byte)0xa4, (byte)0x81, (byte)0xaf, (byte)0x30, (byte)0x81, (byte)0xac, (byte)0xa0, (byte)0x07, + (byte)0x03, (byte)0x05, (byte)0x00, (byte)0x40, (byte)0x81, (byte)0x00, (byte)0x10, (byte)0xa1, + (byte)0x1a, (byte)0x30, (byte)0x18, (byte)0xa0, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x01, + (byte)0xa1, (byte)0x11, (byte)0x30, (byte)0x0f, (byte)0x1b, (byte)0x0d, (byte)0x61, (byte)0x64, + (byte)0x6d, (byte)0x69, (byte)0x6e, (byte)0x69, (byte)0x73, (byte)0x74, (byte)0x72, (byte)0x61, + (byte)0x74, (byte)0x6f, (byte)0x72, (byte)0xa2, (byte)0x04, (byte)0x1b, (byte)0x02, (byte)0x4e, + (byte)0x33, (byte)0xa3, (byte)0x17, (byte)0x30, (byte)0x15, (byte)0xa0, (byte)0x03, (byte)0x02, + (byte)0x01, (byte)0x02, (byte)0xa1, (byte)0x0e, (byte)0x30, (byte)0x0c, (byte)0x1b, (byte)0x06, + (byte)0x6b, (byte)0x72, (byte)0x62, (byte)0x74, (byte)0x67, (byte)0x74, (byte)0x1b, (byte)0x02, + (byte)0x4e, (byte)0x33, (byte)0xa5, (byte)0x11, (byte)0x18, (byte)0x0f, (byte)0x32, (byte)0x30, + (byte)0x33, (byte)0x37, (byte)0x30, (byte)0x39, (byte)0x31, (byte)0x33, (byte)0x30, (byte)0x32, + (byte)0x34, (byte)0x38, (byte)0x30, (byte)0x35, (byte)0x5a, (byte)0xa6, (byte)0x11, (byte)0x18, + (byte)0x0f, (byte)0x32, (byte)0x30, (byte)0x33, (byte)0x37, (byte)0x30, (byte)0x39, (byte)0x31, + (byte)0x33, (byte)0x30, (byte)0x32, (byte)0x34, (byte)0x38, (byte)0x30, (byte)0x35, (byte)0x5a, + (byte)0xa7, (byte)0x06, (byte)0x02, (byte)0x04, (byte)0x7d, (byte)0x3f, (byte)0x02, (byte)0xec, + (byte)0xa8, (byte)0x19, (byte)0x30, (byte)0x17, (byte)0x02, (byte)0x01, (byte)0x17, (byte)0x02, + (byte)0x02, (byte)0xff, (byte)0x7b, (byte)0x02, (byte)0x01, (byte)0x80, (byte)0x02, (byte)0x01, + (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x01, (byte)0x02, (byte)0x01, (byte)0x18, (byte)0x02, + (byte)0x02, (byte)0xff, (byte)0x79, (byte)0xa9, (byte)0x1d, (byte)0x30, (byte)0x1b, (byte)0x30, + (byte)0x19, (byte)0xa0, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x14, (byte)0xa1, (byte)0x12, + (byte)0x04, (byte)0x10, (byte)0x58, (byte)0x50, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, + (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, + (byte)0x20, (byte)0x20, + }; + new KDCReq(b, 0x0a); + + /* + * This is a fake ETYPEINFO2 block with no salt + SEQUENCE { + [0] INTEGER 0 + [2] OCTET STRING 0000: 00 . + } + */ + byte[] b2 = { + (byte)0x30, (byte)0x0a, (byte)0xa0, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0xa2, + (byte)0x03, (byte)0x04, (byte)0x01, (byte)0x00, + }; + + ETypeInfo2 e2 = new ETypeInfo2(new DerValue(b2)); + if (e2.getSalt() != null || e2.getParams() == null) { + throw new Exception("ETypeInfo2 decoding error"); + } + } +} diff --git a/test/sun/security/krb5/TimeInCCache.java b/test/sun/security/krb5/TimeInCCache.java new file mode 100644 index 0000000000000000000000000000000000000000..5ef8b5370df426633f886c1f981296b229b891e4 --- /dev/null +++ b/test/sun/security/krb5/TimeInCCache.java @@ -0,0 +1,93 @@ +/* + * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +/* + * @test + * @bug 6590930 + * @summary read/write does not match for ccache + */ + +import java.io.ByteArrayInputStream; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import sun.security.krb5.internal.ccache.CCacheInputStream; +import sun.security.krb5.internal.ccache.Credentials; + +public class TimeInCCache { + public static void main(String[] args) throws Exception { + // A trivial cache file, with startdate and renewTill being zero. + // The endtime is set to sometime in year 2022, so that isValid() + // will always check starttime. + byte[] ccache = new byte[]{ + 5, 4, 0, 12, 0, 1, 0, 8, -1, -1, -1, 19, -1, -2, 89, 51, + 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73, + 46, 76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0, + 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73, 46, + 76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0, 0, + 0, 0, 0, 0, 0, 2, 0, 0, 0, 10, 77, 65, 88, 73, 46, 76, + 79, 67, 65, 76, 0, 0, 0, 6, 107, 114, 98, 116, 103, 116, 0, 0, + 0, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, 0, 17, 0, 0, + 0, 16, -78, -85, -90, -50, -68, 115, 68, 8, -39, -109, 91, 61, -17, -27, + -122, -120, 71, 69, 16, -121, 0, 0, 0, 0, 98, 69, 16, -121, 0, 0, + 0, 0, 0, 64, -32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 97, -127, -3, 48, -127, -6, -96, 3, 2, 1, 5, -95, 12, + 27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -94, 31, 48, 29, + -96, 3, 2, 1, 0, -95, 22, 48, 20, 27, 6, 107, 114, 98, 116, 103, + 116, 27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -93, -127, -61, + 48, -127, -64, -96, 3, 2, 1, 17, -95, 3, 2, 1, 1, -94, -127, -77, + 4, -127, -80, 43, 65, -66, 34, 21, -34, 37, 35, 32, 50, -14, 122, 77, + -3, -29, 37, 99, 50, 125, -43, -96, -78, 85, 23, 41, -80, 68, 2, -109, + -27, 38, -41, -72, -32, 127, 63, -76, -22, 81, 33, -114, -30, 104, 125, -81, + -29, 70, -25, 23, 100, -75, -25, 62, -120, -78, -61, -100, -74, 50, -117, -127, + -16, 79, -106, 62, -39, 91, 100, -10, 23, -88, -18, -47, 51, -19, 113, 18, + 98, -101, 31, 98, 22, -81, 11, -41, -42, 67, 87, 92, -2, 42, -54, 79, + 49, -90, 43, -37, 90, -102, 125, 62, -88, -77, 100, 102, 23, -57, -51, 38, + 68, -44, -57, -102, 103, -6, 85, -58, 74, -117, -87, 67, -103, -36, 110, -122, + 115, 12, 118, -106, -114, -51, 79, 68, 32, -91, -53, -5, -51, 89, 72, 70, + 123, -12, -95, 9, 40, -30, -117, 74, 77, 38, 91, 126, -82, 17, 98, 98, + -49, 78, 36, 36, 103, -76, -100, -23, 118, -92, -8, 80, 103, -23, -98, 56, + 21, 65, -77, 0, 0, 0, 0 + }; + System.setProperty("sun.security.krb5.debug", "true"); // test code changes in DEBUG + CCacheInputStream cis = new CCacheInputStream(new ByteArrayInputStream(ccache)); + cis.readVersion(); + cis.readTag(); + cis.readPrincipal(0x504); + Method m = CCacheInputStream.class.getDeclaredMethod("readCred", Integer.TYPE); + m.setAccessible(true); + Credentials c = (Credentials) m.invoke(cis, new Integer(0x504)); + sun.security.krb5.Credentials cc = c.setKrbCreds(); + + // 1. Make sure starttime is still null + if (cc.getStartTime() != null) { + throw new Exception("Fail, starttime should be zero here"); + } + + // 2. Make sure renewTill is still null + if (cc.getRenewTill() != null) { + throw new Exception("Fail, renewTill should be zero here"); + } + + // 3. Make sure isValid works + c.isValid(); + } +} diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java new file mode 100644 index 0000000000000000000000000000000000000000..21fe5303a6ec4eb404e58b71a097fa490d339d91 --- /dev/null +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java @@ -0,0 +1,116 @@ +/* + * Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6447412 + * @summary Issue with socket.close() for ssl sockets when poweroff on + * other system + */ + +import javax.net.ssl.*; +import java.io.*; + +public class AsyncSSLSocketClose implements Runnable +{ + SSLSocket socket; + SSLServerSocket ss; + + // Where do we find the keystores? + static String pathToStores = "../../../../../../../etc"; + static String keyStoreFile = "keystore"; + static String trustStoreFile = "truststore"; + static String passwd = "passphrase"; + + public static void main(String[] args) { + String keyFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + keyStoreFile; + String trustFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + trustStoreFile; + + System.setProperty("javax.net.ssl.keyStore", keyFilename); + System.setProperty("javax.net.ssl.keyStorePassword", passwd); + System.setProperty("javax.net.ssl.trustStore", trustFilename); + System.setProperty("javax.net.ssl.trustStorePassword", passwd); + + new AsyncSSLSocketClose(); + } + + public AsyncSSLSocketClose() { + try { + SSLServerSocketFactory sslssf = + (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); + ss = (SSLServerSocket) sslssf.createServerSocket(0); + + SSLSocketFactory sslsf = + (SSLSocketFactory)SSLSocketFactory.getDefault(); + socket = (SSLSocket)sslsf.createSocket("localhost", + ss.getLocalPort()); + SSLSocket serverSoc = (SSLSocket) ss.accept(); + ss.close(); + + (new Thread(this)).start(); + serverSoc.startHandshake(); + + try { + Thread.sleep(5000); + } catch (Exception e) { + e.printStackTrace(); + } + + socket.setSoLinger(true, 10); + System.out.println("Calling Socket.close"); + socket.close(); + System.out.println("ssl socket get closed"); + System.out.flush(); + + } catch (IOException e) { + e.printStackTrace(); + } + + } + + // block in write + public void run() { + try { + byte[] ba = new byte[1024]; + for (int i=0; i