archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-23 04:24:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

6966259: Make PrincipalName and Realm immutable

Browse source 
Reviewed-by: xuelei
This commit is contained in:
Weijun Wang 2012-07-11 17:10:34 +08:00
parent 95af7bf142
commit 3e4ca7604b
48 changed files with 481 additions and 646 deletions
Download patch file Download diff file Expand all files Collapse all files

33
jdk/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
View file

@ -26,7 +26,6 @@
package javax.security.auth.kerberos; package javax.security.auth.kerberos;
import java.io.*; import java.io.*;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.KrbException; import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName; import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm; import sun.security.krb5.Realm;
@ -81,14 +80,12 @@ public final class KerberosPrincipal
public static final int KRB_NT_UID = 5; public static final int KRB_NT_UID = 5;
private transient String fullName; private transient String fullName;
private transient String realm; private transient String realm;
private transient int nameType; private transient int nameType;
private static final char NAME_REALM_SEPARATOR = '@';
/** /**
* Constructs a KerberosPrincipal from the provided string input. The * Constructs a KerberosPrincipal from the provided string input. The
@ -233,41 +230,35 @@ public final class KerberosPrincipal
* realm in their DER-encoded form as specified in Section 5.2.2 of * realm in their DER-encoded form as specified in Section 5.2.2 of
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>. * <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
*/ */
private void writeObject(ObjectOutputStream oos) private void writeObject(ObjectOutputStream oos)
throws IOException { throws IOException {
PrincipalName krb5Principal = null; PrincipalName krb5Principal;
try { try {
krb5Principal = new PrincipalName(fullName,nameType); krb5Principal = new PrincipalName(fullName, nameType);
oos.writeObject(krb5Principal.asn1Encode()); oos.writeObject(krb5Principal.asn1Encode());
oos.writeObject(krb5Principal.getRealm().asn1Encode()); oos.writeObject(krb5Principal.getRealm().asn1Encode());
} catch (Exception e) { } catch (Exception e) {
IOException ioe = new IOException(e.getMessage()); throw new IOException(e);
ioe.initCause(e);
throw ioe;
} }
} }
/** /**
* Reads this object from a stream (i.e., deserializes it) * Reads this object from a stream (i.e., deserializes it)
*/ */
private void readObject(ObjectInputStream ois) private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException { throws IOException, ClassNotFoundException {
byte[] asn1EncPrincipal = (byte [])ois.readObject(); byte[] asn1EncPrincipal = (byte [])ois.readObject();
byte[] encRealm = (byte [])ois.readObject(); byte[] encRealm = (byte [])ois.readObject();
try { try {
PrincipalName krb5Principal = new PrincipalName(new Realm realmObject = new Realm(new DerValue(encRealm));
DerValue(asn1EncPrincipal)); PrincipalName krb5Principal = new PrincipalName(
realm = (new Realm(new DerValue(encRealm))).toString(); new DerValue(asn1EncPrincipal), realmObject);
fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR + realm = realmObject.toString();
realm.toString(); fullName = krb5Principal.toString();
nameType = krb5Principal.getNameType(); nameType = krb5Principal.getNameType();
} catch (Exception e) { } catch (Exception e) {
IOException ioe = new IOException(e.getMessage()); throw new IOException(e);
ioe.initCause(e);
throw ioe;
} }
} }
@ -288,9 +279,7 @@ public final class KerberosPrincipal
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>. * <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
* *
* @return the name type. * @return the name type.
*
*/ */
public int getNameType() { public int getNameType() {
return nameType; return nameType;
} }

6
jdk/src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
View file

@ -27,10 +27,8 @@ package sun.security.jgss.krb5;
import org.ietf.jgss.*; import org.ietf.jgss.*;
import sun.security.jgss.spi.*; import sun.security.jgss.spi.*;
import javax.security.auth.kerberos.*;
import sun.security.krb5.PrincipalName; import sun.security.krb5.PrincipalName;
import sun.security.krb5.KrbException; import sun.security.krb5.KrbException;
import sun.security.krb5.ServiceName;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
@ -119,8 +117,8 @@ public class Krb5NameElement
hostName = components[1]; hostName = components[1];
String principal = getHostBasedInstance(service, hostName); String principal = getHostBasedInstance(service, hostName);
principalName = new ServiceName(principal, principalName = new PrincipalName(principal,
PrincipalName.KRB_NT_SRV_HST); PrincipalName.KRB_NT_SRV_HST);
} }
} }

3
jdk/src/share/classes/sun/security/krb5/Credentials.java
View file

@ -464,8 +464,7 @@ public class Credentials {
System.out.println(">>> DEBUG: ----Credentials----"); System.out.println(">>> DEBUG: ----Credentials----");
System.out.println("\tclient: " + c.client.toString()); System.out.println("\tclient: " + c.client.toString());
System.out.println("\tserver: " + c.server.toString()); System.out.println("\tserver: " + c.server.toString());
System.out.println("\tticket: realm: " + c.ticket.realm.toString()); System.out.println("\tticket: sname: " + c.ticket.sname.toString());
System.out.println("\t sname: " + c.ticket.sname.toString());
if (c.startTime != null) { if (c.startTime != null) {
System.out.println("\tstartTime: " + c.startTime.getTime()); System.out.println("\tstartTime: " + c.startTime.getTime());
} }

14
jdk/src/share/classes/sun/security/krb5/KrbApReq.java
View file

@ -179,7 +179,6 @@ public class KrbApReq {
KrbApReq(APOptions apOptions, KrbApReq(APOptions apOptions,
Ticket ticket, Ticket ticket,
EncryptionKey key, EncryptionKey key,
Realm crealm,
PrincipalName cname, PrincipalName cname,
Checksum cksum, Checksum cksum,
KerberosTime ctime, KerberosTime ctime,
@ -189,7 +188,7 @@ public class KrbApReq {
throws Asn1Exception, IOException, throws Asn1Exception, IOException,
KdcErrException, KrbCryptoException { KdcErrException, KrbCryptoException {
init(apOptions, ticket, key, crealm, cname, init(apOptions, ticket, key, cname,
cksum, ctime, subKey, seqNumber, authorizationData, cksum, ctime, subKey, seqNumber, authorizationData,
KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR); KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR);
@ -208,7 +207,6 @@ public class KrbApReq {
init(options, init(options,
tgs_creds.ticket, tgs_creds.ticket,
tgs_creds.key, tgs_creds.key,
tgs_creds.client.getRealm(),
tgs_creds.client, tgs_creds.client,
cksum, cksum,
ctime, ctime,
@ -221,7 +219,6 @@ public class KrbApReq {
private void init(APOptions apOptions, private void init(APOptions apOptions,
Ticket ticket, Ticket ticket,
EncryptionKey key, EncryptionKey key,
Realm crealm,
PrincipalName cname, PrincipalName cname,
Checksum cksum, Checksum cksum,
KerberosTime ctime, KerberosTime ctime,
@ -232,7 +229,7 @@ public class KrbApReq {
throws Asn1Exception, IOException, throws Asn1Exception, IOException,
KdcErrException, KrbCryptoException { KdcErrException, KrbCryptoException {
createMessage(apOptions, ticket, key, crealm, cname, createMessage(apOptions, ticket, key, cname,
cksum, ctime, subKey, seqNumber, authorizationData, cksum, ctime, subKey, seqNumber, authorizationData,
usage); usage);
obuf = apReqMessg.asn1Encode(); obuf = apReqMessg.asn1Encode();
@ -289,9 +286,6 @@ public class KrbApReq {
ctime = authenticator.ctime; ctime = authenticator.ctime;
cusec = authenticator.cusec; cusec = authenticator.cusec;
authenticator.ctime.setMicroSeconds(authenticator.cusec); authenticator.ctime.setMicroSeconds(authenticator.cusec);
authenticator.cname.setRealm(authenticator.crealm);
apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
if (!authenticator.cname.equals(enc_ticketPart.cname)) if (!authenticator.cname.equals(enc_ticketPart.cname))
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH); throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
@ -457,7 +451,6 @@ public class KrbApReq {
private void createMessage(APOptions apOptions, private void createMessage(APOptions apOptions,
Ticket ticket, Ticket ticket,
EncryptionKey key, EncryptionKey key,
Realm crealm,
PrincipalName cname, PrincipalName cname,
Checksum cksum, Checksum cksum,
KerberosTime ctime, KerberosTime ctime,
@ -474,8 +467,7 @@ public class KrbApReq {
seqno = new Integer(seqNumber.current()); seqno = new Integer(seqNumber.current());
authenticator = authenticator =
new Authenticator(crealm, new Authenticator(cname,
cname,
cksum, cksum,
ctime.getMicroSeconds(), ctime.getMicroSeconds(),
ctime, ctime,

3
jdk/src/share/classes/sun/security/krb5/KrbAppMessage.java
View file

@ -48,8 +48,7 @@ abstract class KrbAppMessage {
HostAddress rAddress, HostAddress rAddress,
boolean timestampRequired, boolean timestampRequired,
boolean seqNumberRequired, boolean seqNumberRequired,
PrincipalName packetPrincipal, PrincipalName packetPrincipal)
Realm packetRealm)
throws KrbApErrException { throws KrbApErrException {
if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) { if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) {

3
jdk/src/share/classes/sun/security/krb5/KrbAsRep.java
View file

@ -152,11 +152,10 @@ class KrbAsRep extends KrbKdcRep {
DerValue encoding = new DerValue(enc_as_rep_part); DerValue encoding = new DerValue(enc_as_rep_part);
EncASRepPart enc_part = new EncASRepPart(encoding); EncASRepPart enc_part = new EncASRepPart(encoding);
rep.ticket.sname.setRealm(rep.ticket.realm);
rep.encKDCRepPart = enc_part; rep.encKDCRepPart = enc_part;
ASReq req = asReq.getMessage(); ASReq req = asReq.getMessage();
check(req, rep); check(true, req, rep);
creds = new Credentials( creds = new Credentials(
rep.ticket, rep.ticket,

7
jdk/src/share/classes/sun/security/krb5/KrbAsReq.java
View file

@ -115,10 +115,8 @@ public class KrbAsReq {
} }
if (sname == null) { if (sname == null) {
sname = new PrincipalName("krbtgt" + String realm = cname.getRealmAsString();
PrincipalName.NAME_COMPONENT_SEPARATOR + sname = PrincipalName.tgsService(realm, realm);
cname.getRealmAsString(),
PrincipalName.KRB_NT_SRV_INST);
} }
if (till == null) { if (till == null) {
@ -128,7 +126,6 @@ public class KrbAsReq {
// enc-authorization-data and additional-tickets never in AS-REQ // enc-authorization-data and additional-tickets never in AS-REQ
KDCReqBody kdc_req_body = new KDCReqBody(options, KDCReqBody kdc_req_body = new KDCReqBody(options,
cname, cname,
cname.getRealm(),
sname, sname,
from, from,
till, till,

3
jdk/src/share/classes/sun/security/krb5/KrbAsReqBuilder.java
View file

@ -99,9 +99,6 @@ public final class KrbAsReqBuilder {
// Called by other constructors // Called by other constructors
private void init(PrincipalName cname) private void init(PrincipalName cname)
throws KrbException { throws KrbException {
if (cname.getRealm() == null) {
cname.setRealm(Config.getInstance().getDefaultRealm());
}
this.cname = cname; this.cname = cname;
state = State.INIT; state = State.INIT;
} }

11
jdk/src/share/classes/sun/security/krb5/KrbCred.java
View file

@ -96,12 +96,11 @@ public class KrbCred {
PrincipalName princ = delegatedCreds.getClient(); PrincipalName princ = delegatedCreds.getClient();
Realm realm = princ.getRealm(); Realm realm = princ.getRealm();
PrincipalName tgService = delegatedCreds.getServer(); PrincipalName tgService = delegatedCreds.getServer();
Realm tgsRealm = tgService.getRealm();
KrbCredInfo credInfo = new KrbCredInfo(sessionKey, realm, KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
princ, delegatedCreds.flags, delegatedCreds.authTime, princ, delegatedCreds.flags, delegatedCreds.authTime,
delegatedCreds.startTime, delegatedCreds.endTime, delegatedCreds.startTime, delegatedCreds.endTime,
delegatedCreds.renewTill, tgsRealm, tgService, delegatedCreds.renewTill, tgService,
delegatedCreds.cAddr); delegatedCreds.cAddr);
timeStamp = new KerberosTime(KerberosTime.NOW); timeStamp = new KerberosTime(KerberosTime.NOW);
@ -138,19 +137,13 @@ public class KrbCred {
KrbCredInfo credInfo = encPart.ticketInfo[0]; KrbCredInfo credInfo = encPart.ticketInfo[0];
EncryptionKey credInfoKey = credInfo.key; EncryptionKey credInfoKey = credInfo.key;
Realm prealm = credInfo.prealm;
// XXX PrincipalName can store realm + principalname or
// just principal name.
PrincipalName pname = credInfo.pname; PrincipalName pname = credInfo.pname;
pname.setRealm(prealm);
TicketFlags flags = credInfo.flags; TicketFlags flags = credInfo.flags;
KerberosTime authtime = credInfo.authtime; KerberosTime authtime = credInfo.authtime;
KerberosTime starttime = credInfo.starttime; KerberosTime starttime = credInfo.starttime;
KerberosTime endtime = credInfo.endtime; KerberosTime endtime = credInfo.endtime;
KerberosTime renewTill = credInfo.renewTill; KerberosTime renewTill = credInfo.renewTill;
Realm srealm = credInfo.srealm;
PrincipalName sname = credInfo.sname; PrincipalName sname = credInfo.sname;
sname.setRealm(srealm);
HostAddresses caddr = credInfo.caddr; HostAddresses caddr = credInfo.caddr;
if (DEBUG) { if (DEBUG) {

4
jdk/src/share/classes/sun/security/krb5/KrbException.java
View file

@ -45,6 +45,10 @@ public class KrbException extends Exception {
super(s); super(s);
} }
public KrbException(Throwable cause) {
super(cause);
}
public KrbException(int i) { public KrbException(int i) {
returnCode = i; returnCode = i;
} }

18
jdk/src/share/classes/sun/security/krb5/KrbKdcRep.java
View file

@ -35,28 +35,17 @@ import sun.security.krb5.internal.*;
abstract class KrbKdcRep { abstract class KrbKdcRep {
static void check( static void check(
boolean isAsReq,
KDCReq req, KDCReq req,
KDCRep rep KDCRep rep
) throws KrbApErrException { ) throws KrbApErrException {
if (!req.reqBody.cname.equalsWithoutRealm(rep.cname)) { if (isAsReq && !req.reqBody.cname.equals(rep.cname)) {
rep.encKDCRepPart.key.destroy(); rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
} }
/**** XXX if (!req.reqBody.sname.equals(rep.encKDCRepPart.sname)) {
if (!req.reqBody.crealm.equals(rep.crealm)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
*****/
if (!req.reqBody.sname.equalsWithoutRealm(rep.encKDCRepPart.sname)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
if (!req.reqBody.crealm.equals(rep.encKDCRepPart.srealm)) {
rep.encKDCRepPart.key.destroy(); rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
} }
@ -73,7 +62,6 @@ abstract class KrbKdcRep {
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED); throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
} }
for (int i = 1; i < 6; i++) { for (int i = 1; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) != if (req.reqBody.kdcOptions.get(i) !=
rep.encKDCRepPart.flags.get(i)) { rep.encKDCRepPart.flags.get(i)) {

9
jdk/src/share/classes/sun/security/krb5/KrbPriv.java
View file

@ -89,8 +89,7 @@ class KrbPriv extends KrbAppMessage {
raddr, raddr,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
creds.client, creds.client
creds.client.getRealm()
); );
} }
@ -151,8 +150,7 @@ class KrbPriv extends KrbAppMessage {
HostAddress rAddress, HostAddress rAddress,
boolean timestampRequired, boolean timestampRequired,
boolean seqNumberRequired, boolean seqNumberRequired,
PrincipalName cname, PrincipalName cname
Realm crealm
) throws Asn1Exception, KdcErrException, ) throws Asn1Exception, KdcErrException,
KrbApErrException, IOException, KrbCryptoException { KrbApErrException, IOException, KrbCryptoException {
@ -172,8 +170,7 @@ class KrbPriv extends KrbAppMessage {
rAddress, rAddress,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
cname, cname
crealm
); );
return enc_part.userData; return enc_part.userData;

9
jdk/src/share/classes/sun/security/krb5/KrbSafe.java
View file

@ -90,8 +90,7 @@ class KrbSafe extends KrbAppMessage {
raddr, raddr,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
creds.client, creds.client
creds.client.getRealm()
); );
} }
@ -154,8 +153,7 @@ class KrbSafe extends KrbAppMessage {
HostAddress rAddress, HostAddress rAddress,
boolean timestampRequired, boolean timestampRequired,
boolean seqNumberRequired, boolean seqNumberRequired,
PrincipalName cname, PrincipalName cname
Realm crealm
) throws Asn1Exception, KdcErrException, ) throws Asn1Exception, KdcErrException,
KrbApErrException, IOException, KrbCryptoException { KrbApErrException, IOException, KrbCryptoException {
@ -177,8 +175,7 @@ class KrbSafe extends KrbAppMessage {
rAddress, rAddress,
timestampRequired, timestampRequired,
seqNumberRequired, seqNumberRequired,
cname, cname
crealm
); );
return krb_safe.safeBody.userData; return krb_safe.safeBody.userData;

6
jdk/src/share/classes/sun/security/krb5/KrbTgsRep.java
View file

@ -82,12 +82,11 @@ public class KrbTgsRep extends KrbKdcRep {
byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes); byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes);
ref = new DerValue(enc_tgs_rep_part); ref = new DerValue(enc_tgs_rep_part);
EncTGSRepPart enc_part = new EncTGSRepPart(ref); EncTGSRepPart enc_part = new EncTGSRepPart(ref);
rep.ticket.sname.setRealm(rep.ticket.realm);
rep.encKDCRepPart = enc_part; rep.encKDCRepPart = enc_part;
check(req, rep); check(false, req, rep);
creds = new Credentials(rep.ticket, this.creds = new Credentials(rep.ticket,
req.reqBody.cname, req.reqBody.cname,
rep.ticket.sname, rep.ticket.sname,
enc_part.key, enc_part.key,
@ -99,7 +98,6 @@ public class KrbTgsRep extends KrbKdcRep {
enc_part.caddr enc_part.caddr
); );
this.rep = rep; this.rep = rep;
this.creds = creds;
this.secondTicket = tgsReq.getSecondTicket(); this.secondTicket = tgsReq.getSecondTicket();
} }

5
jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java
View file

@ -148,7 +148,6 @@ public class KrbTgsReq {
asCreds.key, asCreds.key,
ctime, ctime,
princName, princName,
princName.getRealm(),
servName, servName,
from, from,
till, till,
@ -214,7 +213,6 @@ public class KrbTgsReq {
EncryptionKey key, EncryptionKey key,
KerberosTime ctime, KerberosTime ctime,
PrincipalName cname, PrincipalName cname,
Realm crealm,
PrincipalName sname, PrincipalName sname,
KerberosTime from, KerberosTime from,
KerberosTime till, KerberosTime till,
@ -273,8 +271,6 @@ public class KrbTgsReq {
KDCReqBody reqBody = new KDCReqBody( KDCReqBody reqBody = new KDCReqBody(
kdc_options, kdc_options,
cname, cname,
// crealm,
sname.getRealm(), // TO
sname, sname,
from, from,
req_till, req_till,
@ -315,7 +311,6 @@ public class KrbTgsReq {
new APOptions(), new APOptions(),
ticket, ticket,
key, key,
crealm,
cname, cname,
cksum, cksum,
ctime, ctime,

356
jdk/src/share/classes/sun/security/krb5/PrincipalName.java
View file

@ -38,15 +38,25 @@ import java.util.Vector;
import java.util.Locale; import java.util.Locale;
import java.io.IOException; import java.io.IOException;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Arrays;
import sun.security.krb5.internal.ccache.CCacheOutputStream; import sun.security.krb5.internal.ccache.CCacheOutputStream;
import sun.security.krb5.internal.util.KerberosString; import sun.security.krb5.internal.util.KerberosString;
/** /**
* This class encapsulates a Kerberos principal. * Implements the ASN.1 PrincipalName type and its realm in a single class.
* <xmp>
* Realm ::= KerberosString
*
* PrincipalName ::= SEQUENCE {
* name-type [0] Int32,
* name-string [1] SEQUENCE OF KerberosString
* }
* </xmp>
* This class is immutable.
* @see Realm
*/ */
public class PrincipalName public class PrincipalName implements Cloneable {
implements Cloneable {
//name types //name types
@ -80,8 +90,6 @@ public class PrincipalName
*/ */
public static final int KRB_NT_UID = 5; public static final int KRB_NT_UID = 5;
/** /**
* TGS Name * TGS Name
*/ */
@ -96,98 +104,109 @@ public class PrincipalName
public static final String NAME_REALM_SEPARATOR_STR = "@"; public static final String NAME_REALM_SEPARATOR_STR = "@";
public static final String REALM_COMPONENT_SEPARATOR_STR = "."; public static final String REALM_COMPONENT_SEPARATOR_STR = ".";
private int nameType; // Instance fields.
private String[] nameStrings; // Principal names don't mutate often
private Realm nameRealm; // optional; a null realm means use default /**
// Note: the nameRealm is not included in the default ASN.1 encoding * The name type, from PrincipalName's name-type field.
*/
private final int nameType;
// cached salt, might be changed by KDC info, not used in clone /**
private String salt = null; * The name strings, from PrincipalName's name-strings field. This field
* must be neither null nor empty. Each entry of it must also be neither
* null nor empty. Make sure to clone the field when it's passed in or out.
*/
private final String[] nameStrings;
protected PrincipalName() { /**
* The realm this principal belongs to.
*/
private final Realm nameRealm; // not null
// cached default salt, not used in clone
private transient String salt = null;
// There are 3 basic constructors. All other constructors must call them.
// All basic constructors must call validateNameStrings.
// 1. From name components
// 2. From name
// 3. From DER encoding
/**
* Creates a PrincipalName.
*/
public PrincipalName(int nameType, String[] nameStrings, Realm nameRealm) {
if (nameRealm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
validateNameStrings(nameStrings);
this.nameType = nameType;
this.nameStrings = nameStrings.clone();
this.nameRealm = nameRealm;
}
// This method is called by Windows NativeCred.c
public PrincipalName(String[] nameParts, String realm) throws RealmException {
this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
} }
public PrincipalName(String[] nameParts, int type) public PrincipalName(String[] nameParts, int type)
throws IllegalArgumentException, IOException { throws IllegalArgumentException, RealmException {
if (nameParts == null) { this(type, nameParts, Realm.getDefault());
throw new IllegalArgumentException("Null input not allowed");
}
nameStrings = new String[nameParts.length];
System.arraycopy(nameParts, 0, nameStrings, 0, nameParts.length);
nameType = type;
nameRealm = null;
} }
public PrincipalName(String[] nameParts) throws IOException { // Validate a nameStrings argument
this(nameParts, KRB_NT_UNKNOWN); private static void validateNameStrings(String[] ns) {
if (ns == null) {
throw new IllegalArgumentException("Null nameStrings not allowed");
}
if (ns.length == 0) {
throw new IllegalArgumentException("Empty nameStrings not allowed");
}
for (String s: ns) {
if (s == null) {
throw new IllegalArgumentException("Null nameString not allowed");
}
if (s.isEmpty()) {
throw new IllegalArgumentException("Empty nameString not allowed");
}
}
} }
public Object clone() { public Object clone() {
try { try {
PrincipalName pName = (PrincipalName) super.clone(); PrincipalName pName = (PrincipalName) super.clone();
// Re-assign mutable fields UNSAFE.putObject(this, NAME_STRINGS_OFFSET, nameStrings.clone());
if (nameStrings != null) {
pName.nameStrings = nameStrings.clone();
}
if (nameRealm != null) {
pName.nameRealm = (Realm)nameRealm.clone();
}
return pName; return pName;
} catch (CloneNotSupportedException ex) { } catch (CloneNotSupportedException ex) {
throw new AssertionError("Should never happen"); throw new AssertionError("Should never happen");
} }
} }
/* private static final long NAME_STRINGS_OFFSET;
* Added to workaround a bug where the equals method that takes a private static final sun.misc.Unsafe UNSAFE;
* PrincipalName is not being called but Object.equals(Object) is static {
* being called. try {
*/ sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe();
NAME_STRINGS_OFFSET = unsafe.objectFieldOffset(
PrincipalName.class.getDeclaredField("nameStrings"));
UNSAFE = unsafe;
} catch (ReflectiveOperationException e) {
throw new Error(e);
}
}
@Override
public boolean equals(Object o) { public boolean equals(Object o) {
if (o instanceof PrincipalName) if (this == o) {
return equals((PrincipalName)o); return true;
else
return false;
}
public boolean equals(PrincipalName other) {
if (!equalsWithoutRealm(other)) {
return false;
} }
if (o instanceof PrincipalName) {
if ((nameRealm != null && other.nameRealm == null) || PrincipalName other = (PrincipalName)o;
(nameRealm == null && other.nameRealm != null)) { return nameRealm.equals(other.nameRealm) &&
return false; Arrays.equals(nameStrings, other.nameStrings);
} }
return false;
if (nameRealm != null && other.nameRealm != null) {
if (!nameRealm.equals(other.nameRealm)) {
return false;
}
}
return true;
}
boolean equalsWithoutRealm(PrincipalName other) {
if ((nameStrings != null && other.nameStrings == null) ||
(nameStrings == null && other.nameStrings != null))
return false;
if (nameStrings != null && other.nameStrings != null) {
if (nameStrings.length != other.nameStrings.length)
return false;
for (int i = 0; i < nameStrings.length; i++)
if (!nameStrings[i].equals(other.nameStrings[i]))
return false;
}
return true;
} }
/** /**
@ -208,20 +227,23 @@ public class PrincipalName
* http://www.ietf.org/rfc/rfc4120.txt</a>. * http://www.ietf.org/rfc/rfc4120.txt</a>.
* *
* @param encoding a Der-encoded data. * @param encoding a Der-encoded data.
* @param realm the realm for this name
* @exception Asn1Exception if an error occurs while decoding * @exception Asn1Exception if an error occurs while decoding
* an ASN1 encoded data. * an ASN1 encoded data.
* @exception Asn1Exception if there is an ASN1 encoding error * @exception Asn1Exception if there is an ASN1 encoding error
* @exception IOException if an I/O error occurs * @exception IOException if an I/O error occurs
* @exception IllegalArgumentException if encoding is null * @exception IllegalArgumentException if encoding is null
* reading encoded data. * reading encoded data.
*
*/ */
public PrincipalName(DerValue encoding) public PrincipalName(DerValue encoding, Realm realm)
throws Asn1Exception, IOException { throws Asn1Exception, IOException {
nameRealm = null; if (realm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
nameRealm = realm;
DerValue der; DerValue der;
if (encoding == null) { if (encoding == null) {
throw new IllegalArgumentException("Null input not allowed"); throw new IllegalArgumentException("Null encoding not allowed");
} }
if (encoding.getTag() != DerValue.tag_Sequence) { if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
@ -243,14 +265,12 @@ public class PrincipalName
DerValue subSubDer; DerValue subSubDer;
while(subDer.getData().available() > 0) { while(subDer.getData().available() > 0) {
subSubDer = subDer.getData().getDerValue(); subSubDer = subDer.getData().getDerValue();
v.addElement(new KerberosString(subSubDer).toString()); String namePart = new KerberosString(subSubDer).toString();
} v.addElement(namePart);
if (v.size() > 0) {
nameStrings = new String[v.size()];
v.copyInto(nameStrings);
} else {
nameStrings = new String[] {""};
} }
nameStrings = new String[v.size()];
v.copyInto(nameStrings);
validateNameStrings(nameStrings);
} else { } else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
@ -267,32 +287,35 @@ public class PrincipalName
* more marshaled value. * more marshaled value.
* @param explicitTag tag number. * @param explicitTag tag number.
* @param optional indicate if this data field is optional * @param optional indicate if this data field is optional
* @return an instance of <code>PrincipalName</code>. * @param realm the realm for the name
* * @return an instance of <code>PrincipalName</code>, or null if the
* field is optional and missing.
*/ */
public static PrincipalName parse(DerInputStream data, public static PrincipalName parse(DerInputStream data,
byte explicitTag, boolean byte explicitTag, boolean
optional) optional,
throws Asn1Exception, IOException { Realm realm)
throws Asn1Exception, IOException, RealmException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != if ((optional) && (((byte)data.peekByte() & (byte)0x1F) !=
explicitTag)) explicitTag))
return null; return null;
DerValue der = data.getDerValue(); DerValue der = data.getDerValue();
if (explicitTag != (der.getTag() & (byte)0x1F)) if (explicitTag != (der.getTag() & (byte)0x1F)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
else { } else {
DerValue subDer = der.getData().getDerValue(); DerValue subDer = der.getData().getDerValue();
return new PrincipalName(subDer); if (realm == null) {
realm = Realm.getDefault();
}
return new PrincipalName(subDer, realm);
} }
} }
// This is protected because the definition of a principal
// string is fixed
// XXX Error checkin consistent with MIT krb5_parse_name // XXX Error checkin consistent with MIT krb5_parse_name
// Code repetition, realm parsed again by class Realm // Code repetition, realm parsed again by class Realm
protected static String[] parseName(String name) { private static String[] parseName(String name) {
Vector<String> tempStrings = new Vector<>(); Vector<String> tempStrings = new Vector<>();
String temp = name; String temp = name;
@ -312,13 +335,13 @@ public class PrincipalName
continue; continue;
} }
else { else {
if (componentStart < i) { if (componentStart <= i) {
component = temp.substring(componentStart, i); component = temp.substring(componentStart, i);
tempStrings.addElement(component); tempStrings.addElement(component);
} }
componentStart = i + 1; componentStart = i + 1;
} }
} else } else {
if (temp.charAt(i) == NAME_REALM_SEPARATOR) { if (temp.charAt(i) == NAME_REALM_SEPARATOR) {
/* /*
* If this separator is escaped then don't treat it * If this separator is escaped then don't treat it
@ -337,11 +360,11 @@ public class PrincipalName
break; break;
} }
} }
}
i++; i++;
} }
if (i == temp.length()) if (i == temp.length()) {
if (componentStart < i) {
component = temp.substring(componentStart, i); component = temp.substring(componentStart, i);
tempStrings.addElement(component); tempStrings.addElement(component);
} }
@ -351,30 +374,26 @@ public class PrincipalName
return result; return result;
} }
public PrincipalName(String name, int type) /**
throws RealmException { * Constructs a PrincipalName from a string.
* @param name the name
* @param type the type
* @param realm the realm, null if not known. Note that when realm is not
* null, it will be always used even if there is a realm part in name. When
* realm is null, will read realm part from name, or try to map a realm
* (for KRB_NT_SRV_HST), or use the default realm, or fail
* @throws RealmException
*/
public PrincipalName(String name, int type, String realm)
throws RealmException {
if (name == null) { if (name == null) {
throw new IllegalArgumentException("Null name not allowed"); throw new IllegalArgumentException("Null name not allowed");
} }
String[] nameParts = parseName(name); String[] nameParts = parseName(name);
Realm tempRealm = null; validateNameStrings(nameParts);
String realmString = Realm.parseRealmAtSeparator(name); if (realm == null) {
realm = Realm.parseRealmAtSeparator(name);
if (realmString == null) {
try {
Config config = Config.getInstance();
realmString = config.getDefaultRealm();
} catch (KrbException e) {
RealmException re =
new RealmException(e.getMessage());
re.initCause(e);
throw re;
}
} }
if (realmString != null)
tempRealm = new Realm(realmString);
switch (type) { switch (type) {
case KRB_NT_SRV_HST: case KRB_NT_SRV_HST:
if (nameParts.length >= 2) { if (nameParts.length >= 2) {
@ -401,18 +420,22 @@ public class PrincipalName
} }
nameStrings = nameParts; nameStrings = nameParts;
nameType = type; nameType = type;
if (realm != null) {
nameRealm = new Realm(realm);
} else {
// We will try to get realm name from the mapping in // We will try to get realm name from the mapping in
// the configuration. If it is not specified // the configuration. If it is not specified
// we will use the default realm. This nametype does // we will use the default realm. This nametype does
// not allow a realm to be specified. The name string must of // not allow a realm to be specified. The name string must of
// the form service@host and this is internally changed into // the form service@host and this is internally changed into
// service/host by Kerberos // service/host by Kerberos
String mapRealm = mapHostToRealm(nameParts[1]);
String mapRealm = mapHostToRealm(nameParts[1]); if (mapRealm != null) {
if (mapRealm != null) { nameRealm = new Realm(mapRealm);
nameRealm = new Realm(mapRealm); } else {
} else { nameRealm = Realm.getDefault();
nameRealm = tempRealm; }
} }
break; break;
case KRB_NT_UNKNOWN: case KRB_NT_UNKNOWN:
@ -422,20 +445,34 @@ public class PrincipalName
case KRB_NT_UID: case KRB_NT_UID:
nameStrings = nameParts; nameStrings = nameParts;
nameType = type; nameType = type;
nameRealm = tempRealm; if (realm != null) {
nameRealm = new Realm(realm);
} else {
nameRealm = Realm.getDefault();
}
break; break;
default: default:
throw new IllegalArgumentException("Illegal name type"); throw new IllegalArgumentException("Illegal name type");
} }
} }
public PrincipalName(String name, int type) throws RealmException {
this(name, type, (String)null);
}
public PrincipalName(String name) throws RealmException { public PrincipalName(String name) throws RealmException {
this(name, KRB_NT_UNKNOWN); this(name, KRB_NT_UNKNOWN);
} }
public PrincipalName(String name, String realm) throws RealmException { public PrincipalName(String name, String realm) throws RealmException {
this(name, KRB_NT_UNKNOWN); this(name, KRB_NT_UNKNOWN, realm);
nameRealm = new Realm(realm); }
public static PrincipalName tgsService(String r1, String r2)
throws KrbException {
return new PrincipalName(PrincipalName.KRB_NT_SRV_INST,
new String[] {PrincipalName.TGS_DEFAULT_SRV_NAME, r1},
new Realm(r2));
} }
public String getRealmAsString() { public String getRealmAsString() {
@ -475,29 +512,17 @@ public class PrincipalName
} }
public String getRealmString() { public String getRealmString() {
if (nameRealm != null) return nameRealm.toString();
return nameRealm.toString();
return null;
} }
public Realm getRealm() { public Realm getRealm() {
return nameRealm; return nameRealm;
} }
public void setRealm(Realm new_nameRealm) throws RealmException {
nameRealm = new_nameRealm;
}
public void setRealm(String realmsString) throws RealmException {
nameRealm = new Realm(realmsString);
}
public String getSalt() { public String getSalt() {
if (salt == null) { if (salt == null) {
StringBuffer salt = new StringBuffer(); StringBuffer salt = new StringBuffer();
if (nameRealm != null) { salt.append(nameRealm.toString());
salt.append(nameRealm.toString());
}
for (int i = 0; i < nameStrings.length; i++) { for (int i = 0; i < nameStrings.length; i++) {
salt.append(nameStrings[i]); salt.append(nameStrings[i]);
} }
@ -513,11 +538,8 @@ public class PrincipalName
str.append("/"); str.append("/");
str.append(nameStrings[i]); str.append(nameStrings[i]);
} }
if (nameRealm != null) { str.append("@");
str.append("@"); str.append(nameRealm.toString());
str.append(nameRealm.toString());
}
return str.toString(); return str.toString();
} }
@ -532,7 +554,8 @@ public class PrincipalName
} }
/** /**
* Encodes a <code>PrincipalName</code> object. * Encodes a <code>PrincipalName</code> object. Note that only the type and
* names are encoded. To encode the realm, call getRealm().asn1Encode().
* @return the byte array of the encoded PrncipalName object. * @return the byte array of the encoded PrncipalName object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data. * @exception IOException if an I/O error occurs while reading encoded data.
@ -597,12 +620,10 @@ public class PrincipalName
public void writePrincipal(CCacheOutputStream cos) throws IOException { public void writePrincipal(CCacheOutputStream cos) throws IOException {
cos.write32(nameType); cos.write32(nameType);
cos.write32(nameStrings.length); cos.write32(nameStrings.length);
if (nameRealm != null) { byte[] realmBytes = null;
byte[] realmBytes = null; realmBytes = nameRealm.toString().getBytes();
realmBytes = nameRealm.toString().getBytes(); cos.write32(realmBytes.length);
cos.write32(realmBytes.length); cos.write(realmBytes, 0, realmBytes.length);
cos.write(realmBytes, 0, realmBytes.length);
}
byte[] bytes = null; byte[] bytes = null;
for (int i = 0; i < nameStrings.length; i++) { for (int i = 0; i < nameStrings.length; i++) {
bytes = nameStrings[i].getBytes(); bytes = nameStrings[i].getBytes();
@ -611,31 +632,6 @@ public class PrincipalName
} }
} }
/**
* Creates a KRB_NT_SRV_INST name from the supplied
* name components and realm.
* @param primary the primary component of the name
* @param instance the instance component of the name
* @param realm the realm
* @throws KrbException
*/
protected PrincipalName(String primary, String instance, String realm,
int type)
throws KrbException {
if (type != KRB_NT_SRV_INST) {
throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name type");
}
String[] nParts = new String[2];
nParts[0] = primary;
nParts[1] = instance;
this.nameStrings = nParts;
this.nameRealm = new Realm(realm);
this.nameType = type;
}
/** /**
* Returns the instance component of a name. * Returns the instance component of a name.
* In a multi-component name such as a KRB_NT_SRV_INST * In a multi-component name such as a KRB_NT_SRV_INST

47
jdk/src/share/classes/sun/security/krb5/Realm.java
View file

@ -46,24 +46,29 @@ import sun.security.krb5.internal.util.KerberosString;
* <xmp> * <xmp>
* Realm ::= GeneralString * Realm ::= GeneralString
* </xmp> * </xmp>
* This class is immutable.
*/ */
public class Realm implements Cloneable { public class Realm implements Cloneable {
private String realm; private final String realm; // not null nor empty
private static boolean DEBUG = Krb5.DEBUG; private static boolean DEBUG = Krb5.DEBUG;
private Realm() {
}
public Realm(String name) throws RealmException { public Realm(String name) throws RealmException {
realm = parseRealm(name); realm = parseRealm(name);
} }
public Object clone() { public static Realm getDefault() throws RealmException {
Realm new_realm = new Realm(); try {
if (realm != null) { return new Realm(Config.getInstance().getDefaultRealm());
new_realm.realm = new String(realm); } catch (RealmException re) {
throw re;
} catch (KrbException ke) {
throw new RealmException(ke);
} }
return new_realm; }
// Immutable class, no need to clone
public Object clone() {
return this;
} }
public boolean equals(Object obj) { public boolean equals(Object obj) {
@ -76,21 +81,11 @@ public class Realm implements Cloneable {
} }
Realm that = (Realm)obj; Realm that = (Realm)obj;
if (this.realm != null && that.realm != null ) { return this.realm.equals(that.realm);
return this.realm.equals(that.realm);
} else {
return (this.realm == null && that.realm == null);
}
} }
public int hashCode() { public int hashCode() {
int result = 17 ; return realm.hashCode();
if( realm != null ) {
result = 37 * result + realm.hashCode();
}
return result;
} }
/** /**
@ -116,6 +111,7 @@ public class Realm implements Cloneable {
return realm; return realm;
} }
// Extract realm from a string like dummy@REALM
public static String parseRealmAtSeparator(String name) public static String parseRealmAtSeparator(String name)
throws RealmException { throws RealmException {
if (name == null) { if (name == null) {
@ -128,8 +124,12 @@ public class Realm implements Cloneable {
while (i < temp.length()) { while (i < temp.length()) {
if (temp.charAt(i) == PrincipalName.NAME_REALM_SEPARATOR) { if (temp.charAt(i) == PrincipalName.NAME_REALM_SEPARATOR) {
if (i == 0 || temp.charAt(i - 1) != '\\') { if (i == 0 || temp.charAt(i - 1) != '\\') {
if (i + 1 < temp.length()) if (i + 1 < temp.length()) {
result = temp.substring(i + 1, temp.length()); result = temp.substring(i + 1, temp.length());
} else {
throw new IllegalArgumentException
("empty realm part not allowed");
}
break; break;
} }
} }
@ -219,7 +219,8 @@ public class Realm implements Cloneable {
* @return an instance of Realm. * @return an instance of Realm.
* *
*/ */
public static Realm parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException, RealmException { public static Realm parse(DerInputStream data, byte explicitTag, boolean optional)
throws Asn1Exception, IOException, RealmException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) { if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) {
return null; return null;
} }

3
jdk/src/share/classes/sun/security/krb5/RealmException.java
View file

@ -47,4 +47,7 @@ public class RealmException extends KrbException {
super(i,s); super(i,s);
} }
public RealmException(Throwable cause) {
super(cause);
}
} }

57
jdk/src/share/classes/sun/security/krb5/ServiceName.java
View file

@ -1,57 +0,0 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
*
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
* Copyright 1997 The Open Group Research Institute. All rights reserved.
*/
package sun.security.krb5;
import java.net.InetAddress;
import java.net.UnknownHostException;
public class ServiceName extends PrincipalName {
public ServiceName(String name, int type) throws RealmException {
super(name, type);
}
public ServiceName(String name) throws RealmException {
this(name, PrincipalName.KRB_NT_UNKNOWN);
}
public ServiceName(String name, String realm) throws RealmException {
this(name, PrincipalName.KRB_NT_UNKNOWN);
setRealm(realm);
}
public ServiceName (String service, String instance, String realm)
throws KrbException
{
super(service, instance, realm, PrincipalName.KRB_NT_SRV_INST);
}
}

3
jdk/src/share/classes/sun/security/krb5/internal/ASRep.java
View file

@ -42,11 +42,10 @@ public class ASRep extends KDCRep {
public ASRep( public ASRep(
PAData[] new_pAData, PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Ticket new_ticket, Ticket new_ticket,
EncryptedData new_encPart) throws IOException { EncryptedData new_encPart) throws IOException {
super(new_pAData, new_crealm, new_cname, new_ticket, super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_AS_REP); new_encPart, Krb5.KRB_AS_REP);
} }

9
jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java
View file

@ -61,7 +61,6 @@ import java.math.BigInteger;
public class Authenticator { public class Authenticator {
public int authenticator_vno; public int authenticator_vno;
public Realm crealm;
public PrincipalName cname; public PrincipalName cname;
Checksum cksum; //optional Checksum cksum; //optional
public int cusec; public int cusec;
@ -71,7 +70,6 @@ public class Authenticator {
public AuthorizationData authorizationData; //optional public AuthorizationData authorizationData; //optional
public Authenticator( public Authenticator(
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Checksum new_cksum, Checksum new_cksum,
int new_cusec, int new_cusec,
@ -80,7 +78,6 @@ public class Authenticator {
Integer new_seqNumber, Integer new_seqNumber,
AuthorizationData new_authorizationData) { AuthorizationData new_authorizationData) {
authenticator_vno = Krb5.AUTHNETICATOR_VNO; authenticator_vno = Krb5.AUTHNETICATOR_VNO;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
cksum = new_cksum; cksum = new_cksum;
cusec = new_cusec; cusec = new_cusec;
@ -131,8 +128,8 @@ public class Authenticator {
if (authenticator_vno != 5) { if (authenticator_vno != 5) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
} }
crealm = Realm.parse(der.getData(), (byte) 0x01, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x01, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x02, false); cname = PrincipalName.parse(der.getData(), (byte) 0x02, false, crealm);
cksum = Checksum.parse(der.getData(), (byte) 0x03, true); cksum = Checksum.parse(der.getData(), (byte) 0x03, true);
subDer = der.getData().getDerValue(); subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) == 0x04) { if ((subDer.getTag() & (byte) 0x1F) == 0x04) {
@ -180,7 +177,7 @@ public class Authenticator {
DerOutputStream temp = new DerOutputStream(); DerOutputStream temp = new DerOutputStream();
temp.putInteger(BigInteger.valueOf(authenticator_vno)); temp.putInteger(BigInteger.valueOf(authenticator_vno));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), cname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode()));
if (cksum != null) { if (cksum != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode()));

27
jdk/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
View file

@ -72,23 +72,9 @@ rs.
public static Credentials acquireServiceCreds( public static Credentials acquireServiceCreds(
String service, Credentials ccreds) String service, Credentials ccreds)
throws KrbException, IOException { throws KrbException, IOException {
ServiceName sname = new ServiceName(service); PrincipalName sname = new PrincipalName(service);
String serviceRealm = sname.getRealmString(); String serviceRealm = sname.getRealmString();
String localRealm = ccreds.getClient().getRealmString(); String localRealm = ccreds.getClient().getRealmString();
String defaultRealm = Config.getInstance().getDefaultRealm();
if (localRealm == null) {
PrincipalName temp = null;
if ((temp = ccreds.getServer()) != null)
localRealm = temp.getRealmString();
}
if (localRealm == null) {
localRealm = defaultRealm;
}
if (serviceRealm == null) {
serviceRealm = localRealm;
sname.setRealm(serviceRealm);
}
/* /*
if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
@ -128,13 +114,12 @@ rs.
int i = 0, k = 0; int i = 0, k = 0;
Credentials cTgt = null, newTgt = null, theTgt = null; Credentials cTgt = null, newTgt = null, theTgt = null;
ServiceName tempService = null; PrincipalName tempService = null;
String realm = null, newTgtRealm = null, theTgtRealm = null; String realm = null, newTgtRealm = null, theTgtRealm = null;
for (cTgt = ccreds, i = 0; i < realms.length;) for (cTgt = ccreds, i = 0; i < realms.length;)
{ {
tempService = new ServiceName(PrincipalName.TGS_DEFAULT_SRV_NAME, tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
serviceRealm, realms[i]);
if (DEBUG) if (DEBUG)
{ {
@ -164,9 +149,7 @@ rs.
newTgt == null && k > i; k--) newTgt == null && k > i; k--)
{ {
tempService = new ServiceName( tempService = PrincipalName.tgsService(realms[k], realms[i]);
PrincipalName.TGS_DEFAULT_SRV_NAME,
realms[k], realms[i]);
if (DEBUG) if (DEBUG)
{ {
System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService); System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
@ -306,7 +289,7 @@ rs.
* This method does the real job to request the service credential. * This method does the real job to request the service credential.
*/ */
private static Credentials serviceCreds( private static Credentials serviceCreds(
ServiceName service, Credentials ccreds) PrincipalName service, Credentials ccreds)
throws KrbException, IOException { throws KrbException, IOException {
return new KrbTgsReq(ccreds, service).sendAndGetCreds(); return new KrbTgsReq(ccreds, service).sendAndGetCreds();
} }

2
jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java
View file

@ -46,7 +46,6 @@ public class EncASRepPart extends EncKDCRepPart {
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr) { HostAddresses new_caddr) {
super( super(
@ -59,7 +58,6 @@ public class EncASRepPart extends EncKDCRepPart {
new_starttime, new_starttime,
new_endtime, new_endtime,
new_renewTill, new_renewTill,
new_srealm,
new_sname, new_sname,
new_caddr, new_caddr,
Krb5.KRB_ENC_AS_REP_PART Krb5.KRB_ENC_AS_REP_PART

9
jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
View file

@ -74,7 +74,6 @@ public class EncKDCRepPart {
public KerberosTime starttime; //optional public KerberosTime starttime; //optional
public KerberosTime endtime; public KerberosTime endtime;
public KerberosTime renewTill; //optional public KerberosTime renewTill; //optional
public Realm srealm;
public PrincipalName sname; public PrincipalName sname;
public HostAddresses caddr; //optional public HostAddresses caddr; //optional
public int msgType; //not included in sequence public int msgType; //not included in sequence
@ -89,7 +88,6 @@ public class EncKDCRepPart {
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr, HostAddresses new_caddr,
int new_msgType) { int new_msgType) {
@ -102,7 +100,6 @@ public class EncKDCRepPart {
starttime = new_starttime; starttime = new_starttime;
endtime = new_endtime; endtime = new_endtime;
renewTill = new_renewTill; renewTill = new_renewTill;
srealm = new_srealm;
sname = new_sname; sname = new_sname;
caddr = new_caddr; caddr = new_caddr;
msgType = new_msgType; msgType = new_msgType;
@ -158,8 +155,8 @@ public class EncKDCRepPart {
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
srealm = Realm.parse(der.getData(), (byte) 0x09, false); Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false);
sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false); sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm);
if (der.getData().available() > 0) { if (der.getData().available() > 0) {
caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true); caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
} }
@ -206,7 +203,7 @@ public class EncKDCRepPart {
true, (byte) 0x08), renewTill.asn1Encode()); true, (byte) 0x08), renewTill.asn1Encode());
} }
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x09), srealm.asn1Encode()); true, (byte) 0x09), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x0A), sname.asn1Encode()); true, (byte) 0x0A), sname.asn1Encode());
if (caddr != null) { if (caddr != null) {

2
jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java
View file

@ -45,7 +45,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr) { HostAddresses new_caddr) {
super( super(
@ -58,7 +57,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
new_starttime, new_starttime,
new_endtime, new_endtime,
new_renewTill, new_renewTill,
new_srealm,
new_sname, new_sname,
new_caddr, new_caddr,
Krb5.KRB_ENC_TGS_REP_PART); Krb5.KRB_ENC_TGS_REP_PART);

9
jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java
View file

@ -65,7 +65,6 @@ public class EncTicketPart {
public TicketFlags flags; public TicketFlags flags;
public EncryptionKey key; public EncryptionKey key;
public Realm crealm;
public PrincipalName cname; public PrincipalName cname;
public TransitedEncoding transited; public TransitedEncoding transited;
public KerberosTime authtime; public KerberosTime authtime;
@ -78,7 +77,6 @@ public class EncTicketPart {
public EncTicketPart( public EncTicketPart(
TicketFlags new_flags, TicketFlags new_flags,
EncryptionKey new_key, EncryptionKey new_key,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
TransitedEncoding new_transited, TransitedEncoding new_transited,
KerberosTime new_authtime, KerberosTime new_authtime,
@ -89,7 +87,6 @@ public class EncTicketPart {
AuthorizationData new_authorizationData) { AuthorizationData new_authorizationData) {
flags = new_flags; flags = new_flags;
key = new_key; key = new_key;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
transited = new_transited; transited = new_transited;
authtime = new_authtime; authtime = new_authtime;
@ -151,8 +148,8 @@ public class EncTicketPart {
} }
flags = TicketFlags.parse(der.getData(), (byte) 0x00, false); flags = TicketFlags.parse(der.getData(), (byte) 0x00, false);
key = EncryptionKey.parse(der.getData(), (byte) 0x01, false); key = EncryptionKey.parse(der.getData(), (byte) 0x01, false);
crealm = Realm.parse(der.getData(), (byte) 0x02, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x03, false); cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm);
transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false); transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false);
authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
@ -186,7 +183,7 @@ public class EncTicketPart {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x01), key.asn1Encode()); true, (byte) 0x01), key.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x02), crealm.asn1Encode()); true, (byte) 0x02), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x03), cname.asn1Encode()); true, (byte) 0x03), cname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,

9
jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java
View file

@ -61,7 +61,6 @@ import java.math.BigInteger;
*/ */
public class KDCRep { public class KDCRep {
public Realm crealm;
public PrincipalName cname; public PrincipalName cname;
public Ticket ticket; public Ticket ticket;
public EncryptedData encPart; public EncryptedData encPart;
@ -73,7 +72,6 @@ public class KDCRep {
public KDCRep( public KDCRep(
PAData[] new_pAData, PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Ticket new_ticket, Ticket new_ticket,
EncryptedData new_encPart, EncryptedData new_encPart,
@ -90,7 +88,6 @@ public class KDCRep {
} }
} }
} }
crealm = new_crealm;
cname = new_cname; cname = new_cname;
ticket = new_ticket; ticket = new_ticket;
encPart = new_encPart; encPart = new_encPart;
@ -174,8 +171,8 @@ public class KDCRep {
} else { } else {
pAData = null; pAData = null;
} }
crealm = Realm.parse(der.getData(), (byte) 0x03, false); Realm crealm = Realm.parse(der.getData(), (byte) 0x03, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x04, false); cname = PrincipalName.parse(der.getData(), (byte) 0x04, false, crealm);
ticket = Ticket.parse(der.getData(), (byte) 0x05, false); ticket = Ticket.parse(der.getData(), (byte) 0x05, false);
encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false); encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false);
if (der.getData().available() > 0) { if (der.getData().available() > 0) {
@ -212,7 +209,7 @@ public class KDCRep {
true, (byte) 0x02), temp); true, (byte) 0x02), temp);
} }
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x03), crealm.asn1Encode()); true, (byte) 0x03), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x04), cname.asn1Encode()); true, (byte) 0x04), cname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,

23
jdk/src/share/classes/sun/security/krb5/internal/KDCReqBody.java
View file

@ -72,7 +72,6 @@ import java.math.BigInteger;
public class KDCReqBody { public class KDCReqBody {
public KDCOptions kdcOptions; public KDCOptions kdcOptions;
public PrincipalName cname; //optional in ASReq only public PrincipalName cname; //optional in ASReq only
public Realm crealm;
public PrincipalName sname; //optional public PrincipalName sname; //optional
public KerberosTime from; //optional public KerberosTime from; //optional
public KerberosTime till; public KerberosTime till;
@ -87,7 +86,6 @@ public class KDCReqBody {
public KDCReqBody( public KDCReqBody(
KDCOptions new_kdcOptions, KDCOptions new_kdcOptions,
PrincipalName new_cname, //optional in ASReq only PrincipalName new_cname, //optional in ASReq only
Realm new_crealm,
PrincipalName new_sname, //optional PrincipalName new_sname, //optional
KerberosTime new_from, //optional KerberosTime new_from, //optional
KerberosTime new_till, KerberosTime new_till,
@ -100,7 +98,6 @@ public class KDCReqBody {
) throws IOException { ) throws IOException {
kdcOptions = new_kdcOptions; kdcOptions = new_kdcOptions;
cname = new_cname; cname = new_cname;
crealm = new_crealm;
sname = new_sname; sname = new_sname;
from = new_from; from = new_from;
till = new_till; till = new_till;
@ -142,12 +139,22 @@ public class KDCReqBody {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false); kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false);
cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true);
// cname only appears in AS-REQ and it shares the realm field with
// sname. This is the only place where realm comes after the name.
// We first give cname a fake realm and reassign it the correct
// realm after the realm field is read.
cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true,
new Realm("PLACEHOLDER"));
if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) { if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
crealm = Realm.parse(encoding.getData(), (byte)0x02, false); Realm realm = Realm.parse(encoding.getData(), (byte)0x02, false);
sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true); if (cname != null) {
cname = new PrincipalName(
cname.getNameType(), cname.getNameStrings(), realm);
}
sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true, realm);
from = KerberosTime.parse(encoding.getData(), (byte)0x04, true); from = KerberosTime.parse(encoding.getData(), (byte)0x04, true);
till = KerberosTime.parse(encoding.getData(), (byte)0x05, false); till = KerberosTime.parse(encoding.getData(), (byte)0x05, false);
rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true); rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true);
@ -223,9 +230,11 @@ public class KDCReqBody {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode()));
} }
} }
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode()));
if (sname != null) { if (sname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode()));
} else if (cname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.getRealm().asn1Encode()));
} }
if (from != null) { if (from != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode()));

34
jdk/src/share/classes/sun/security/krb5/internal/KRBError.java
View file

@ -90,9 +90,7 @@ public class KRBError implements java.io.Serializable {
private KerberosTime sTime; private KerberosTime sTime;
private Integer suSec; private Integer suSec;
private int errorCode; private int errorCode;
private Realm crealm; //optional
private PrincipalName cname; //optional private PrincipalName cname; //optional
private Realm realm;
private PrincipalName sname; private PrincipalName sname;
private String eText; //optional private String eText; //optional
private byte[] eData; //optional private byte[] eData; //optional
@ -128,9 +126,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime new_sTime, KerberosTime new_sTime,
Integer new_suSec, Integer new_suSec,
int new_errorCode, int new_errorCode,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Realm new_realm,
PrincipalName new_sname, PrincipalName new_sname,
String new_eText, String new_eText,
byte[] new_eData byte[] new_eData
@ -142,9 +138,7 @@ public class KRBError implements java.io.Serializable {
sTime = new_sTime; sTime = new_sTime;
suSec = new_suSec; suSec = new_suSec;
errorCode = new_errorCode; errorCode = new_errorCode;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
realm = new_realm;
sname = new_sname; sname = new_sname;
eText = new_eText; eText = new_eText;
eData = new_eData; eData = new_eData;
@ -159,9 +153,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime new_sTime, KerberosTime new_sTime,
Integer new_suSec, Integer new_suSec,
int new_errorCode, int new_errorCode,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Realm new_realm,
PrincipalName new_sname, PrincipalName new_sname,
String new_eText, String new_eText,
byte[] new_eData, byte[] new_eData,
@ -174,9 +166,7 @@ public class KRBError implements java.io.Serializable {
sTime = new_sTime; sTime = new_sTime;
suSec = new_suSec; suSec = new_suSec;
errorCode = new_errorCode; errorCode = new_errorCode;
crealm = new_crealm;
cname = new_cname; cname = new_cname;
realm = new_realm;
sname = new_sname; sname = new_sname;
eText = new_eText; eText = new_eText;
eData = new_eData; eData = new_eData;
@ -359,10 +349,10 @@ public class KRBError implements java.io.Serializable {
errorCode = subDer.getData().getBigInteger().intValue(); errorCode = subDer.getData().getBigInteger().intValue();
} }
else throw new Asn1Exception(Krb5.ASN1_BAD_ID); else throw new Asn1Exception(Krb5.ASN1_BAD_ID);
crealm = Realm.parse(der.getData(), (byte)0x07, true); Realm crealm = Realm.parse(der.getData(), (byte)0x07, true);
cname = PrincipalName.parse(der.getData(), (byte)0x08, true); cname = PrincipalName.parse(der.getData(), (byte)0x08, true, crealm);
realm = Realm.parse(der.getData(), (byte)0x09, false); Realm realm = Realm.parse(der.getData(), (byte)0x09, false);
sname = PrincipalName.parse(der.getData(), (byte)0x0A, false); sname = PrincipalName.parse(der.getData(), (byte)0x0A, false, realm);
eText = null; eText = null;
eData = null; eData = null;
eCksum = null; eCksum = null;
@ -403,15 +393,9 @@ public class KRBError implements java.io.Serializable {
System.out.println("\t suSec is " + suSec); System.out.println("\t suSec is " + suSec);
System.out.println("\t error code is " + errorCode); System.out.println("\t error code is " + errorCode);
System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode)); System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
if (crealm != null) {
System.out.println("\t crealm is " + crealm.toString());
}
if (cname != null) { if (cname != null) {
System.out.println("\t cname is " + cname.toString()); System.out.println("\t cname is " + cname.toString());
} }
if (realm != null) {
System.out.println("\t realm is " + realm.toString());
}
if (sname != null) { if (sname != null) {
System.out.println("\t sname is " + sname.toString()); System.out.println("\t sname is " + sname.toString());
} }
@ -458,14 +442,12 @@ public class KRBError implements java.io.Serializable {
temp.putInteger(BigInteger.valueOf(errorCode)); temp.putInteger(BigInteger.valueOf(errorCode));
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), temp); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), temp);
if (crealm != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), crealm.asn1Encode());
}
if (cname != null) { if (cname != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), cname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), cname.asn1Encode());
} }
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), realm.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode());
if (eText != null) { if (eText != null) {
@ -506,9 +488,7 @@ public class KRBError implements java.io.Serializable {
isEqual(sTime, other.sTime) && isEqual(sTime, other.sTime) &&
isEqual(suSec, other.suSec) && isEqual(suSec, other.suSec) &&
errorCode == other.errorCode && errorCode == other.errorCode &&
isEqual(crealm, other.crealm) &&
isEqual(cname, other.cname) && isEqual(cname, other.cname) &&
isEqual(realm, other.realm) &&
isEqual(sname, other.sname) && isEqual(sname, other.sname) &&
isEqual(eText, other.eText) && isEqual(eText, other.eText) &&
java.util.Arrays.equals(eData, other.eData) && java.util.Arrays.equals(eData, other.eData) &&
@ -528,9 +508,7 @@ public class KRBError implements java.io.Serializable {
if (sTime != null) result = 37 * result + sTime.hashCode(); if (sTime != null) result = 37 * result + sTime.hashCode();
if (suSec != null) result = 37 * result + suSec.hashCode(); if (suSec != null) result = 37 * result + suSec.hashCode();
result = 37 * result + errorCode; result = 37 * result + errorCode;
if (crealm != null) result = 37 * result + crealm.hashCode();
if (cname != null) result = 37 * result + cname.hashCode(); if (cname != null) result = 37 * result + cname.hashCode();
if (realm != null) result = 37 * result + realm.hashCode();
if (sname != null) result = 37 * result + sname.hashCode(); if (sname != null) result = 37 * result + sname.hashCode();
if (eText != null) result = 37 * result + eText.hashCode(); if (eText != null) result = 37 * result + eText.hashCode();
result = 37 * result + Arrays.hashCode(eData); result = 37 * result + Arrays.hashCode(eData);

29
jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java
View file

@ -63,14 +63,12 @@ import java.io.IOException;
public class KrbCredInfo { public class KrbCredInfo {
public EncryptionKey key; public EncryptionKey key;
public Realm prealm; //optional
public PrincipalName pname; //optional public PrincipalName pname; //optional
public TicketFlags flags; //optional public TicketFlags flags; //optional
public KerberosTime authtime; //optional public KerberosTime authtime; //optional
public KerberosTime starttime; //optional public KerberosTime starttime; //optional
public KerberosTime endtime; //optional public KerberosTime endtime; //optional
public KerberosTime renewTill; //optional public KerberosTime renewTill; //optional
public Realm srealm; //optional
public PrincipalName sname; //optional public PrincipalName sname; //optional
public HostAddresses caddr; //optional public HostAddresses caddr; //optional
@ -79,26 +77,22 @@ public class KrbCredInfo {
public KrbCredInfo( public KrbCredInfo(
EncryptionKey new_key, EncryptionKey new_key,
Realm new_prealm,
PrincipalName new_pname, PrincipalName new_pname,
TicketFlags new_flags, TicketFlags new_flags,
KerberosTime new_authtime, KerberosTime new_authtime,
KerberosTime new_starttime, KerberosTime new_starttime,
KerberosTime new_endtime, KerberosTime new_endtime,
KerberosTime new_renewTill, KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname, PrincipalName new_sname,
HostAddresses new_caddr HostAddresses new_caddr
) { ) {
key = new_key; key = new_key;
prealm = new_prealm;
pname = new_pname; pname = new_pname;
flags = new_flags; flags = new_flags;
authtime = new_authtime; authtime = new_authtime;
starttime = new_starttime; starttime = new_starttime;
endtime = new_endtime; endtime = new_endtime;
renewTill = new_renewTill; renewTill = new_renewTill;
srealm = new_srealm;
sname = new_sname; sname = new_sname;
caddr = new_caddr; caddr = new_caddr;
} }
@ -115,21 +109,20 @@ public class KrbCredInfo {
if (encoding.getTag() != DerValue.tag_Sequence) { if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} }
prealm = null;
pname = null; pname = null;
flags = null; flags = null;
authtime = null; authtime = null;
starttime = null; starttime = null;
endtime = null; endtime = null;
renewTill = null; renewTill = null;
srealm = null;
sname = null; sname = null;
caddr = null; caddr = null;
key = EncryptionKey.parse(encoding.getData(), (byte)0x00, false); key = EncryptionKey.parse(encoding.getData(), (byte)0x00, false);
Realm prealm = null, srealm = null;
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
prealm = Realm.parse(encoding.getData(), (byte)0x01, true); prealm = Realm.parse(encoding.getData(), (byte)0x01, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true); pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true, prealm);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
flags = TicketFlags.parse(encoding.getData(), (byte)0x03, true); flags = TicketFlags.parse(encoding.getData(), (byte)0x03, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
@ -143,7 +136,7 @@ public class KrbCredInfo {
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
srealm = Realm.parse(encoding.getData(), (byte)0x08, true); srealm = Realm.parse(encoding.getData(), (byte)0x08, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true); sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true, srealm);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
caddr = HostAddresses.parse(encoding.getData(), (byte)0x0A, true); caddr = HostAddresses.parse(encoding.getData(), (byte)0x0A, true);
if (encoding.getData().available() > 0) if (encoding.getData().available() > 0)
@ -159,10 +152,10 @@ public class KrbCredInfo {
public byte[] asn1Encode() throws Asn1Exception, IOException { public byte[] asn1Encode() throws Asn1Exception, IOException {
Vector<DerValue> v = new Vector<>(); Vector<DerValue> v = new Vector<>();
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode()));
if (prealm != null) if (pname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), pname.getRealm().asn1Encode()));
if (pname != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode()));
}
if (flags != null) if (flags != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode()));
if (authtime != null) if (authtime != null)
@ -173,10 +166,10 @@ public class KrbCredInfo {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode()));
if (renewTill != null) if (renewTill != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode()));
if (srealm != null) if (sname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), sname.getRealm().asn1Encode()));
if (sname != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode()));
}
if (caddr != null) if (caddr != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode()));
DerValue der[] = new DerValue[v.size()]; DerValue der[] = new DerValue[v.size()];
@ -190,8 +183,6 @@ public class KrbCredInfo {
KrbCredInfo kcred = new KrbCredInfo(); KrbCredInfo kcred = new KrbCredInfo();
kcred.key = (EncryptionKey)key.clone(); kcred.key = (EncryptionKey)key.clone();
// optional fields // optional fields
if (prealm != null)
kcred.prealm = (Realm)prealm.clone();
if (pname != null) if (pname != null)
kcred.pname = (PrincipalName)pname.clone(); kcred.pname = (PrincipalName)pname.clone();
if (flags != null) if (flags != null)
@ -204,8 +195,6 @@ public class KrbCredInfo {
kcred.endtime = (KerberosTime)endtime.clone(); kcred.endtime = (KerberosTime)endtime.clone();
if (renewTill != null) if (renewTill != null)
kcred.renewTill = (KerberosTime)renewTill.clone(); kcred.renewTill = (KerberosTime)renewTill.clone();
if (srealm != null)
kcred.srealm = (Realm)srealm.clone();
if (sname != null) if (sname != null)
kcred.sname = (PrincipalName)sname.clone(); kcred.sname = (PrincipalName)sname.clone();
if (caddr != null) if (caddr != null)

3
jdk/src/share/classes/sun/security/krb5/internal/TGSRep.java
View file

@ -42,12 +42,11 @@ public class TGSRep extends KDCRep {
public TGSRep( public TGSRep(
PAData[] new_pAData, PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname, PrincipalName new_cname,
Ticket new_ticket, Ticket new_ticket,
EncryptedData new_encPart EncryptedData new_encPart
) throws IOException { ) throws IOException {
super(new_pAData, new_crealm, new_cname, new_ticket, super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_TGS_REP); new_encPart, Krb5.KRB_TGS_REP);
} }

10
jdk/src/share/classes/sun/security/krb5/internal/Ticket.java
View file

@ -60,7 +60,6 @@ import java.math.BigInteger;
public class Ticket implements Cloneable { public class Ticket implements Cloneable {
public int tkt_vno; public int tkt_vno;
public Realm realm;
public PrincipalName sname; public PrincipalName sname;
public EncryptedData encPart; public EncryptedData encPart;
@ -69,7 +68,6 @@ public class Ticket implements Cloneable {
public Object clone() { public Object clone() {
Ticket new_ticket = new Ticket(); Ticket new_ticket = new Ticket();
new_ticket.realm = (Realm)realm.clone();
new_ticket.sname = (PrincipalName)sname.clone(); new_ticket.sname = (PrincipalName)sname.clone();
new_ticket.encPart = (EncryptedData)encPart.clone(); new_ticket.encPart = (EncryptedData)encPart.clone();
new_ticket.tkt_vno = tkt_vno; new_ticket.tkt_vno = tkt_vno;
@ -77,12 +75,10 @@ public class Ticket implements Cloneable {
} }
public Ticket( public Ticket(
Realm new_realm,
PrincipalName new_sname, PrincipalName new_sname,
EncryptedData new_encPart EncryptedData new_encPart
) { ) {
tkt_vno = Krb5.TICKET_VNO; tkt_vno = Krb5.TICKET_VNO;
realm = new_realm;
sname = new_sname; sname = new_sname;
encPart = new_encPart; encPart = new_encPart;
} }
@ -123,8 +119,8 @@ public class Ticket implements Cloneable {
tkt_vno = subDer.getData().getBigInteger().intValue(); tkt_vno = subDer.getData().getBigInteger().intValue();
if (tkt_vno != Krb5.TICKET_VNO) if (tkt_vno != Krb5.TICKET_VNO)
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
realm = Realm.parse(der.getData(), (byte)0x01, false); Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
sname = PrincipalName.parse(der.getData(), (byte)0x02, false); sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false); encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() > 0) if (der.getData().available() > 0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID); throw new Asn1Exception(Krb5.ASN1_BAD_ID);
@ -142,7 +138,7 @@ public class Ticket implements Cloneable {
DerValue der[] = new DerValue[4]; DerValue der[] = new DerValue[4];
temp.putInteger(BigInteger.valueOf(tkt_vno)); temp.putInteger(BigInteger.valueOf(tkt_vno));
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), realm.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode());
temp = new DerOutputStream(); temp = new DerOutputStream();

15
jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
View file

@ -114,7 +114,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
// made public for KinitOptions to call directly // made public for KinitOptions to call directly
public PrincipalName readPrincipal(int version) throws IOException, RealmException { public PrincipalName readPrincipal(int version) throws IOException, RealmException {
int type, length, namelength, kret; int type, length, namelength, kret;
PrincipalName p;
String[] pname = null; String[] pname = null;
String realm; String realm;
/* Read principal type */ /* Read principal type */
@ -144,11 +143,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
realm = result[0]; realm = result[0];
pname = new String[length]; pname = new String[length];
System.arraycopy(result, 1, pname, 0, length); System.arraycopy(result, 1, pname, 0, length);
p = new PrincipalName(pname, type); return new PrincipalName(type, pname, new Realm(realm));
p.setRealm(realm); }
try {
return new PrincipalName(result, type);
} catch (RealmException re) {
return null;
} }
else p = new PrincipalName(result, type);
return p;
} }
/* /*
@ -342,10 +343,10 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception { Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
PrincipalName cpname = readPrincipal(version); PrincipalName cpname = readPrincipal(version);
if (DEBUG) if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname.toString()); System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
PrincipalName spname = readPrincipal(version); PrincipalName spname = readPrincipal(version);
if (DEBUG) if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname.toString()); System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
EncryptionKey key = readKey(version); EncryptionKey key = readKey(version);
if (DEBUG) if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType()); System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());

25
jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java
View file

@ -36,9 +36,7 @@ import sun.security.krb5.internal.*;
public class Credentials { public class Credentials {
PrincipalName cname; PrincipalName cname;
Realm crealm;
PrincipalName sname; PrincipalName sname;
Realm srealm;
EncryptionKey key; EncryptionKey key;
KerberosTime authtime; KerberosTime authtime;
KerberosTime starttime;//optional KerberosTime starttime;//optional
@ -67,15 +65,7 @@ public class Credentials {
Ticket new_ticket, Ticket new_ticket,
Ticket new_secondTicket) { Ticket new_secondTicket) {
cname = (PrincipalName) new_cname.clone(); cname = (PrincipalName) new_cname.clone();
if (new_cname.getRealm() != null) {
crealm = (Realm) new_cname.getRealm().clone();
}
sname = (PrincipalName) new_sname.clone(); sname = (PrincipalName) new_sname.clone();
if (new_sname.getRealm() != null) {
srealm = (Realm) new_sname.getRealm().clone();
}
key = (EncryptionKey) new_key.clone(); key = (EncryptionKey) new_key.clone();
authtime = (KerberosTime) new_authtime.clone(); authtime = (KerberosTime) new_authtime.clone();
@ -110,7 +100,6 @@ public class Credentials {
{ {
return; return;
} }
crealm = (Realm) kdcRep.crealm.clone();
cname = (PrincipalName) kdcRep.cname.clone(); cname = (PrincipalName) kdcRep.cname.clone();
ticket = (Ticket) kdcRep.ticket.clone(); ticket = (Ticket) kdcRep.ticket.clone();
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
@ -123,7 +112,6 @@ public class Credentials {
if (kdcRep.encKDCRepPart.renewTill != null) { if (kdcRep.encKDCRepPart.renewTill != null) {
renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
} }
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
secondTicket = (Ticket) new_secondTicket.clone(); secondTicket = (Ticket) new_secondTicket.clone();
@ -138,17 +126,7 @@ public class Credentials {
public Credentials(KDCRep kdcRep, Ticket new_ticket) { public Credentials(KDCRep kdcRep, Ticket new_ticket) {
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
try {
sname.setRealm(srealm);
} catch (RealmException e) {
}
cname = (PrincipalName) kdcRep.cname.clone(); cname = (PrincipalName) kdcRep.cname.clone();
crealm = (Realm) kdcRep.crealm.clone();
try {
cname.setRealm(crealm);
} catch (RealmException e) {
}
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
if (kdcRep.encKDCRepPart.starttime != null) { if (kdcRep.encKDCRepPart.starttime != null) {
@ -202,9 +180,6 @@ public class Credentials {
} }
public PrincipalName getServicePrincipal() throws RealmException { public PrincipalName getServicePrincipal() throws RealmException {
if (sname.getRealm() == null) {
sname.setRealm(srealm);
}
return sname; return sname;
} }

4
jdk/src/share/classes/sun/security/krb5/internal/ccache/CredentialsCache.java
View file

@ -120,6 +120,6 @@ public abstract class CredentialsCache {
public abstract void save() throws IOException, KrbException; public abstract void save() throws IOException, KrbException;
public abstract Credentials[] getCredsList(); public abstract Credentials[] getCredsList();
public abstract Credentials getDefaultCreds(); public abstract Credentials getDefaultCreds();
public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ; public abstract Credentials getCreds(PrincipalName sname);
public abstract Credentials getCreds(LoginOptions options, PrincipalName sname, Realm srealm) ; public abstract Credentials getCreds(LoginOptions options, PrincipalName sname);
} }

20
jdk/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
View file

@ -59,7 +59,6 @@ public class FileCredentialsCache extends CredentialsCache
public int version; public int version;
public Tag tag; // optional public Tag tag; // optional
public PrincipalName primaryPrincipal; public PrincipalName primaryPrincipal;
public Realm primaryRealm;
private Vector<Credentials> credentialsList; private Vector<Credentials> credentialsList;
private static String dir; private static String dir;
private static boolean DEBUG = Krb5.DEBUG; private static boolean DEBUG = Krb5.DEBUG;
@ -79,7 +78,6 @@ public class FileCredentialsCache extends CredentialsCache
} }
if (principal != null) { if (principal != null) {
fcc.primaryPrincipal = principal; fcc.primaryPrincipal = principal;
fcc.primaryRealm = principal.getRealm();
} }
fcc.load(cacheName); fcc.load(cacheName);
return fcc; return fcc;
@ -153,7 +151,6 @@ public class FileCredentialsCache extends CredentialsCache
synchronized void init(PrincipalName principal, String name) synchronized void init(PrincipalName principal, String name)
throws IOException, KrbException { throws IOException, KrbException {
primaryPrincipal = principal; primaryPrincipal = principal;
primaryRealm = principal.getRealm();
CCacheOutputStream cos = CCacheOutputStream cos =
new CCacheOutputStream(new FileOutputStream(name)); new CCacheOutputStream(new FileOutputStream(name));
version = KRB5_FCC_FVNO_3; version = KRB5_FCC_FVNO_3;
@ -183,7 +180,6 @@ public class FileCredentialsCache extends CredentialsCache
} }
} else } else
primaryPrincipal = p; primaryPrincipal = p;
primaryRealm = primaryPrincipal.getRealm();
credentialsList = new Vector<Credentials> (); credentialsList = new Vector<Credentials> ();
while (cis.available() > 0) { while (cis.available() > 0) {
Credentials cred = cis.readCred(version); Credentials cred = cis.readCred(version);
@ -291,18 +287,16 @@ public class FileCredentialsCache extends CredentialsCache
} }
public Credentials getCreds(LoginOptions options, public Credentials getCreds(LoginOptions options, PrincipalName sname) {
PrincipalName sname, Realm srealm) {
if (options == null) { if (options == null) {
return getCreds(sname, srealm); return getCreds(sname);
} else { } else {
Credentials[] list = getCredsList(); Credentials[] list = getCredsList();
if (list == null) { if (list == null) {
return null; return null;
} else { } else {
for (int i = 0; i < list.length; i++) { for (int i = 0; i < list.length; i++) {
if (sname.match(list[i].sname) && if (sname.match(list[i].sname)) {
(srealm.toString().equals(list[i].srealm.toString()))) {
if (list[i].flags.match(options)) { if (list[i].flags.match(options)) {
return list[i]; return list[i];
} }
@ -317,16 +311,14 @@ public class FileCredentialsCache extends CredentialsCache
/** /**
* Gets a credentials for a specified service. * Gets a credentials for a specified service.
* @param sname service principal name. * @param sname service principal name.
* @param srealm the realm that the service belongs to.
*/ */
public Credentials getCreds(PrincipalName sname, Realm srealm) { public Credentials getCreds(PrincipalName sname) {
Credentials[] list = getCredsList(); Credentials[] list = getCredsList();
if (list == null) { if (list == null) {
return null; return null;
} else { } else {
for (int i = 0; i < list.length; i++) { for (int i = 0; i < list.length; i++) {
if (sname.match(list[i].sname) && if (sname.match(list[i].sname)) {
(srealm.toString().equals(list[i].srealm.toString()))) {
return list[i]; return list[i];
} }
} }
@ -343,7 +335,7 @@ public class FileCredentialsCache extends CredentialsCache
if (list[i].sname.toString().startsWith("krbtgt")) { if (list[i].sname.toString().startsWith("krbtgt")) {
String[] nameStrings = list[i].sname.getNameStrings(); String[] nameStrings = list[i].sname.getNameStrings();
// find the TGT for the current realm krbtgt/realm@realm // find the TGT for the current realm krbtgt/realm@realm
if (nameStrings[1].equals(list[i].srealm.toString())) { if (nameStrings[1].equals(list[i].sname.getRealm().toString())) {
return list[i]; return list[i];
} }
} }

2
jdk/src/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java
View file

@ -64,7 +64,7 @@ public abstract class MemoryCredentialsCache extends CredentialsCache {
public abstract Credentials[] getCredsList(); public abstract Credentials[] getCredsList();
public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ; public abstract Credentials getCreds(PrincipalName sname) ;
public abstract PrincipalName getPrimaryPrincipal(); public abstract PrincipalName getPrimaryPrincipal();

3
jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
View file

@ -83,8 +83,7 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
} }
int nameType = read(4); int nameType = read(4);
index -= 4; index -= 4;
PrincipalName service = new PrincipalName(nameParts, nameType); PrincipalName service = new PrincipalName(nameType, nameParts, realm);
service.setRealm(realm);
KerberosTime timeStamp = readTimeStamp(); KerberosTime timeStamp = readTimeStamp();
int keyVersion = read() & 0xff; int keyVersion = read() & 0xff;

6
jdk/src/share/classes/sun/security/ssl/krb5/KerberosClientKeyExchangeImpl.java
View file

@ -163,7 +163,7 @@ public final class KerberosClientKeyExchangeImpl
EncryptedData encPart = t.encPart; EncryptedData encPart = t.encPart;
PrincipalName ticketSname = t.sname; PrincipalName ticketSname = t.sname;
Realm ticketRealm = t.realm; Realm ticketRealm = t.sname.getRealm();
String serverPrincipal = serverKeys[0].getPrincipal().getName(); String serverPrincipal = serverKeys[0].getPrincipal().getName();
@ -175,8 +175,7 @@ public final class KerberosClientKeyExchangeImpl
*/ */
// Check that ticket Sname matches serverPrincipal // Check that ticket Sname matches serverPrincipal
String ticketPrinc = ticketSname.toString().concat("@" + String ticketPrinc = ticketSname.toString();
ticketRealm.toString());
if (!ticketPrinc.equals(serverPrincipal)) { if (!ticketPrinc.equals(serverPrincipal)) {
if (debug != null && Debug.isOn("handshake")) if (debug != null && Debug.isOn("handshake"))
System.out.println("Service principal in Ticket does not" System.out.println("Service principal in Ticket does not"
@ -224,7 +223,6 @@ public final class KerberosClientKeyExchangeImpl
if (debug != null && Debug.isOn("handshake")) { if (debug != null && Debug.isOn("handshake")) {
System.out.println("server principal: " + serverPrincipal); System.out.println("server principal: " + serverPrincipal);
System.out.println("realm: " + encTicketPart.crealm.toString());
System.out.println("cname: " + encTicketPart.cname.toString()); System.out.println("cname: " + encTicketPart.cname.toString());
} }
} catch (IOException e) { } catch (IOException e) {

4
jdk/src/windows/classes/sun/security/krb5/internal/tools/Kinit.java
View file

@ -206,9 +206,7 @@ public class Kinit {
System.out.println(">>> Kinit realm name is " + realm); System.out.println(">>> Kinit realm name is " + realm);
} }
PrincipalName sname = new PrincipalName("krbtgt" + "/" + realm, PrincipalName sname = PrincipalName.tgsService(realm, realm);
PrincipalName.KRB_NT_SRV_INST);
sname.setRealm(realm);
builder.setTarget(sname); builder.setTarget(sname);
if (DEBUG) { if (DEBUG) {

45
jdk/src/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
View file

@ -146,15 +146,6 @@ class KinitOptions {
"Principal name: " + p + "Principal name: " + p +
e.getMessage()); e.getMessage());
} }
if (principal.getRealm() == null) {
String realm =
Config.getInstance().getDefault("default_realm",
"libdefaults");
if (realm != null) {
principal.setRealm(realm);
} else throw new IllegalArgumentException("invalid " +
"Realm name");
}
} else if (this.password == null) { } else if (this.password == null) {
// Have already processed a Principal, this must be a password // Have already processed a Principal, this must be a password
password = args[i].toCharArray(); password = args[i].toCharArray();
@ -175,16 +166,6 @@ class KinitOptions {
} }
PrincipalName getDefaultPrincipal() { PrincipalName getDefaultPrincipal() {
String cname;
String realm = null;
try {
realm = Config.getInstance().getDefaultRealm();
} catch (KrbException e) {
System.out.println ("Can not get default realm " +
e.getMessage());
e.printStackTrace();
return null;
}
// get default principal name from the cachename if it is // get default principal name from the cachename if it is
// available. // available.
@ -204,10 +185,6 @@ class KinitOptions {
} }
PrincipalName p = cis.readPrincipal(version); PrincipalName p = cis.readPrincipal(version);
cis.close(); cis.close();
String temp = p.getRealmString();
if (temp == null) {
p.setRealm(realm);
}
if (DEBUG) { if (DEBUG) {
System.out.println(">>>KinitOptions principal name from "+ System.out.println(">>>KinitOptions principal name from "+
"the cache is :" + p); "the cache is :" + p);
@ -230,19 +207,15 @@ class KinitOptions {
System.out.println(">>>KinitOptions default username is :" System.out.println(">>>KinitOptions default username is :"
+ username); + username);
} }
if (realm != null) { try {
try { PrincipalName p = new PrincipalName(username);
PrincipalName p = new PrincipalName(username); return p;
if (p.getRealm() == null) } catch (RealmException e) {
p.setRealm(realm); // ignore exception , return null
return p; if (DEBUG) {
} catch (RealmException e) { System.out.println ("Exception in getting principal " +
// ignore exception , return null "name " + e.getMessage());
if (DEBUG) { e.printStackTrace();
System.out.println ("Exception in getting principal " +
"name " + e.getMessage());
e.printStackTrace();
}
} }
} }
return null; return null;

6
jdk/src/windows/classes/sun/security/krb5/internal/tools/Ktab.java
View file

@ -273,9 +273,6 @@ public class Ktab {
PrincipalName pname = null; PrincipalName pname = null;
try { try {
pname = new PrincipalName(principal); pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
} catch (KrbException e) { } catch (KrbException e) {
System.err.println("Failed to add " + principal + System.err.println("Failed to add " + principal +
" to keytab."); " to keytab.");
@ -382,9 +379,6 @@ public class Ktab {
PrincipalName pname = null; PrincipalName pname = null;
try { try {
pname = new PrincipalName(principal); pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
if (!forced) { if (!forced) {
String answer; String answer;
BufferedReader cis = BufferedReader cis =

18
jdk/src/windows/native/sun/security/krb5/NativeCreds.c
View file

@ -67,7 +67,6 @@ jmethodID encryptionKeyConstructor = 0;
jmethodID ticketFlagsConstructor = 0; jmethodID ticketFlagsConstructor = 0;
jmethodID kerberosTimeConstructor = 0; jmethodID kerberosTimeConstructor = 0;
jmethodID krbcredsConstructor = 0; jmethodID krbcredsConstructor = 0;
jmethodID setRealmMethod = 0;
/* /*
* Function prototypes for internal routines * Function prototypes for internal routines
@ -279,7 +278,7 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
} }
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"<init>", "([Ljava/lang/String;)V"); "<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
if (principalNameConstructor == 0) { if (principalNameConstructor == 0) {
printf("LSA: Couldn't find PrincipalName constructor\n"); printf("LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR; return JNI_ERR;
@ -318,14 +317,6 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
printf("LSA: Found KerberosTime constructor\n"); printf("LSA: Found KerberosTime constructor\n");
} }
// load the setRealm method in PrincipalName
setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
"setRealm", "(Ljava/lang/String;)V");
if (setRealmMethod == 0) {
printf("LSA: Couldn't find setRealm in PrincipalName\n");
return JNI_ERR;
}
if (native_debug) { if (native_debug) {
printf("LSA: Finished OnLoad processing\n"); printf("LSA: Finished OnLoad processing\n");
} }
@ -952,13 +943,12 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
// Do I have to worry about storage reclamation here? // Do I have to worry about storage reclamation here?
} }
principal = (*env)->NewObject(env, principalNameClass,
principalNameConstructor, stringArray);
// now set the realm in the principal // now set the realm in the principal
realmLen = (ULONG)wcslen((PWCHAR)realm); realmLen = (ULONG)wcslen((PWCHAR)realm);
realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen);
(*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr);
principal = (*env)->NewObject(env, principalNameClass,
principalNameConstructor, stringArray, realmStr);
// free local resources // free local resources
LocalFree(realm); LocalFree(realm);

41
jdk/test/sun/security/krb5/ServiceNameClone.java
View file

@ -1,41 +0,0 @@
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6856069
* @summary PrincipalName.clone() does not invoke super.clone()
*/
import sun.security.krb5.ServiceName;
public class ServiceNameClone {
public static void main(String[] args) throws Exception {
ServiceName sn = new ServiceName("me@HERE");
if (sn.clone().getClass() != ServiceName.class) {
throw new Exception("ServiceName's clone is not a ServiceName");
}
if (!sn.clone().equals(sn)) {
throw new Exception("ServiceName's clone changed");
}
}
}

25
jdk/test/sun/security/krb5/auto/KDC.java
View file

@ -606,9 +606,8 @@ public class KDC {
TGSReq tgsReq = new TGSReq(in); TGSReq tgsReq = new TGSReq(in);
PrincipalName service = tgsReq.reqBody.sname; PrincipalName service = tgsReq.reqBody.sname;
if (options.containsKey(KDC.Option.RESP_NT)) { if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(), service = new PrincipalName((int)options.get(KDC.Option.RESP_NT),
(int)options.get(KDC.Option.RESP_NT)); service.getNameStrings(), service.getRealm());
service.setRealm(service.getRealm());
} }
try { try {
System.out.println(realm + "> " + tgsReq.reqBody.cname + System.out.println(realm + "> " + tgsReq.reqBody.cname +
@ -632,7 +631,6 @@ public class KDC {
EncryptedData ed = apReq.authenticator; EncryptedData ed = apReq.authenticator;
tkt = apReq.ticket; tkt = apReq.ticket;
int te = tkt.encPart.getEType(); int te = tkt.encPart.getEType();
tkt.sname.setRealm(tkt.realm);
EncryptionKey kkey = keyForUser(tkt.sname, te, true); EncryptionKey kkey = keyForUser(tkt.sname, te, true);
byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET); byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
DerInputStream derIn = new DerInputStream(bb); DerInputStream derIn = new DerInputStream(bb);
@ -693,7 +691,6 @@ public class KDC {
EncTicketPart enc = new EncTicketPart( EncTicketPart enc = new EncTicketPart(
tFlags, tFlags,
key, key,
etp.crealm,
etp.cname, etp.cname,
new TransitedEncoding(1, new byte[0]), // TODO new TransitedEncoding(1, new byte[0]), // TODO
new KerberosTime(new Date()), new KerberosTime(new Date()),
@ -709,7 +706,6 @@ public class KDC {
throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
} }
Ticket t = new Ticket( Ticket t = new Ticket(
body.crealm,
service, service,
new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET) new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
); );
@ -725,7 +721,6 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
body.from, body.from,
till, body.rtime, till, body.rtime,
body.crealm,
service, service,
body.addresses != null // always set caddr body.addresses != null // always set caddr
? body.addresses ? body.addresses
@ -734,7 +729,6 @@ public class KDC {
); );
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY); EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
TGSRep tgsRep = new TGSRep(null, TGSRep tgsRep = new TGSRep(null,
etp.crealm,
etp.cname, etp.cname,
t, t,
edata); edata);
@ -756,8 +750,8 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
0, 0,
ke.returnCode(), ke.returnCode(),
body.crealm, body.cname, body.cname,
new Realm(getRealm()), service, service,
KrbException.errorMessage(ke.returnCode()), KrbException.errorMessage(ke.returnCode()),
null); null);
} }
@ -780,7 +774,6 @@ public class KDC {
if (options.containsKey(KDC.Option.RESP_NT)) { if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(), service = new PrincipalName(service.getNameStrings(),
(int)options.get(KDC.Option.RESP_NT)); (int)options.get(KDC.Option.RESP_NT));
service.setRealm(service.getRealm());
} }
try { try {
System.out.println(realm + "> " + asReq.reqBody.cname + System.out.println(realm + "> " + asReq.reqBody.cname +
@ -788,7 +781,6 @@ public class KDC {
service); service);
KDCReqBody body = asReq.reqBody; KDCReqBody body = asReq.reqBody;
body.cname.setRealm(getRealm());
eTypes = KDCReqBodyDotEType(body); eTypes = KDCReqBodyDotEType(body);
int eType = eTypes[0]; int eType = eTypes[0];
@ -971,7 +963,6 @@ public class KDC {
EncTicketPart enc = new EncTicketPart( EncTicketPart enc = new EncTicketPart(
tFlags, tFlags,
key, key,
body.crealm,
body.cname, body.cname,
new TransitedEncoding(1, new byte[0]), new TransitedEncoding(1, new byte[0]),
new KerberosTime(new Date()), new KerberosTime(new Date()),
@ -980,7 +971,6 @@ public class KDC {
body.addresses, body.addresses,
null); null);
Ticket t = new Ticket( Ticket t = new Ticket(
body.crealm,
service, service,
new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET) new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
); );
@ -996,14 +986,12 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
body.from, body.from,
till, body.rtime, till, body.rtime,
body.crealm,
service, service,
body.addresses body.addresses
); );
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART); EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART);
ASRep asRep = new ASRep( ASRep asRep = new ASRep(
outPAs.toArray(new PAData[outPAs.size()]), outPAs.toArray(new PAData[outPAs.size()]),
body.crealm,
body.cname, body.cname,
t, t,
edata); edata);
@ -1024,7 +1012,6 @@ public class KDC {
asRep.encKDCRepPart = enc_part; asRep.encKDCRepPart = enc_part;
sun.security.krb5.internal.ccache.Credentials credentials = sun.security.krb5.internal.ccache.Credentials credentials =
new sun.security.krb5.internal.ccache.Credentials(asRep); new sun.security.krb5.internal.ccache.Credentials(asRep);
asReq.reqBody.cname.setRealm(getRealm());
CredentialsCache cache = CredentialsCache cache =
CredentialsCache.create(asReq.reqBody.cname, ccache); CredentialsCache.create(asReq.reqBody.cname, ccache);
if (cache == null) { if (cache == null) {
@ -1059,8 +1046,8 @@ public class KDC {
new KerberosTime(new Date()), new KerberosTime(new Date()),
0, 0,
ke.returnCode(), ke.returnCode(),
body.crealm, body.cname, body.cname,
new Realm(getRealm()), service, service,
KrbException.errorMessage(ke.returnCode()), KrbException.errorMessage(ke.returnCode()),
eData); eData);
} }

135
jdk/test/sun/security/krb5/name/Constructors.java Normal file
View file

@ -0,0 +1,135 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6966259
* @summary Make PrincipalName and Realm immutable
* @run main/othervm Constructors
*/
import java.util.Arrays;
import sun.security.krb5.*;
public class Constructors {
public static void main(String[] args) throws Exception {
int type;
boolean testNoDefaultDomain;
// Part 1: on format
// Good ones
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R", "R", "a");
checkName("a@R2", type, "R", "R", "a");
checkName("a/b", type, "R", "R", "a", "b");
checkName("a/b@R2", type, "R", "R", "a", "b");
checkName("a/b/c", type, "R", "R", "a", "b", "c");
checkName("a/b/c@R2", type, "R", "R", "a", "b", "c");
// Weird ones
checkName("a\\/b", type, "R", "R", "a/b");
checkName("a\\/b\\/c", type, "R", "R", "a/b/c");
checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2");
// Bad ones
checkName("a", type, "", null);
checkName("a/", type, "R", null);
checkName("/a", type, "R", null);
checkName("a//b", type, "R", null);
checkName("a@", type, null, null);
type = PrincipalName.KRB_NT_SRV_HST;
// Part 2: on realm choices
// When there is no default realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") + "/empty.conf");
Config.refresh();
// A Windows client login to AD always has a default realm
try {
Realm r = Realm.getDefault();
System.out.println("testNoDefaultDomain = false. Realm is " + r);
testNoDefaultDomain = false;
} catch (RealmException re) {
// Great. This is what we expected
testNoDefaultDomain = true;
}
if (testNoDefaultDomain) {
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, null); // fail if none
checkName("a/b@R1", type, null, "R1", "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
// Let's pray "b.h" won't be canonicalized
checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r
checkName("a/b.h", type, null, null); // fail if none
}
// When there is default realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") + "/krb5.conf");
Config.refresh();
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, "R", "a"); // default
checkName("a/b", type, null, "R", "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r
checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map
checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map
checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map
checkName("a/b.h", type, null, "R", "a", "b.h"); // default
}
// Check if the creation matches the expected output.
// Note: realm == null means creation failure
static void checkName(String n, int t, String s,
String realm, String... parts)
throws Exception {
PrincipalName pn = null;
try {
pn = new PrincipalName(n, t, s);
} catch (Exception e) {
if (realm == null) {
return; // This is expected
} else {
throw e;
}
}
if (!pn.getRealmAsString().equals(realm)
|| !Arrays.equals(pn.getNameStrings(), parts)) {
throw new Exception(pn.toString() + " vs "
+ Arrays.toString(parts) + "@" + realm);
}
}
}

2
jdk/test/sun/security/krb5/name/empty.conf Normal file
View file

@ -0,0 +1,2 @@
[libdefaults]
dns_fallback = false

10
jdk/test/sun/security/krb5/name/krb5.conf Normal file
View file

@ -0,0 +1,10 @@
[libdefaults]
default_realm = R
[realms]
R = {
kdc = kdc
}
[domain_realm]
.h2 = R2