diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
index 7ed0dae2995..f0b45eb4ce5 100644
--- a/src/java.base/share/classes/sun/security/util/Debug.java
+++ b/src/java.base/share/classes/sun/security/util/Debug.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -159,6 +159,33 @@ public class Debug {
}
}
+ /**
+ * Get a Debug object corresponding to the given option on the given
+ * property value.
+ *
+ * Note: unlike other {@code getInstance} methods, this method does not
+ * use the {@code java.security.debug} system property.
+ *
+ * Usually, this method is used by other individual area-specific debug
+ * settings. For example,
+ * {@snippet lang=java:
+ * Map settings = loadLoginSettings();
+ * String property = settings.get("login");
+ * Debug debug = Debug.of("login", property);
+ * }
+ * @param option the debug option name
+ * @param property debug setting for this option
+ * @return a new Debug object if the property is true
+ */
+ public static Debug of(String option, String property) {
+ if ("true".equalsIgnoreCase(property)) {
+ Debug d = new Debug();
+ d.prefix = option;
+ return d;
+ }
+ return null;
+ }
+
/**
* True if the system property "security.debug" contains the
* string "option".
diff --git a/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c b/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c
index 9b3fda86156..36e7a942ded 100644
--- a/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c
+++ b/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -81,7 +81,7 @@ static jclass FindClass(JNIEnv *env, char *className)
jclass cls = (*env)->FindClass(env, className);
if (cls == NULL) {
- printf("Couldn't find %s\n", className);
+ fprintf(stderr, "Couldn't find %s\n", className);
return NULL;
}
@@ -129,49 +129,49 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved)
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "", "([B)V");
if (ticketConstructor == 0) {
- printf("Couldn't find Ticket constructor\n");
+ fprintf(stderr, "Couldn't find Ticket constructor\n");
return JNI_ERR;
}
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "", "(Ljava/lang/String;I)V");
if (principalNameConstructor == 0) {
- printf("Couldn't find PrincipalName constructor\n");
+ fprintf(stderr, "Couldn't find PrincipalName constructor\n");
return JNI_ERR;
}
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "", "(I[B)V");
if (encryptionKeyConstructor == 0) {
- printf("Couldn't find EncryptionKey constructor\n");
+ fprintf(stderr, "Couldn't find EncryptionKey constructor\n");
return JNI_ERR;
}
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "", "(I[B)V");
if (ticketFlagsConstructor == 0) {
- printf("Couldn't find TicketFlags constructor\n");
+ fprintf(stderr, "Couldn't find TicketFlags constructor\n");
return JNI_ERR;
}
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "", "(J)V");
if (kerberosTimeConstructor == 0) {
- printf("Couldn't find KerberosTime constructor\n");
+ fprintf(stderr, "Couldn't find KerberosTime constructor\n");
return JNI_ERR;
}
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "", "(I)V");
if (integerConstructor == 0) {
- printf("Couldn't find Integer constructor\n");
+ fprintf(stderr, "Couldn't find Integer constructor\n");
return JNI_ERR;
}
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "", "(I[B)V");
if (hostAddressConstructor == 0) {
- printf("Couldn't find HostAddress constructor\n");
+ fprintf(stderr, "Couldn't find HostAddress constructor\n");
return JNI_ERR;
}
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "", "([Lsun/security/krb5/internal/HostAddress;)V");
if (hostAddressesConstructor == 0) {
- printf("Couldn't find HostAddresses constructor\n");
+ fprintf(stderr, "Couldn't find HostAddresses constructor\n");
return JNI_ERR;
}
@@ -376,7 +376,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "",
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
if (krbcredsConstructor == 0) {
- printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
+ fprintf(stderr, "Couldn't find sun.security.krb5.internal.Ticket constructor\n");
break;
}
}
diff --git a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
index 096be775838..d30b6c292f8 100644
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -447,43 +447,6 @@ public final class ServicePermission extends Permission
s.defaultReadObject();
init(getName(),getMask(actions));
}
-
-
- /*
- public static void main(String[] args) throws Exception {
- ServicePermission this_ =
- new ServicePermission(args[0], "accept");
- ServicePermission that_ =
- new ServicePermission(args[1], "accept,initiate");
- System.out.println("-----\n");
- System.out.println("this.implies(that) = " + this_.implies(that_));
- System.out.println("-----\n");
- System.out.println("this = "+this_);
- System.out.println("-----\n");
- System.out.println("that = "+that_);
- System.out.println("-----\n");
-
- KrbServicePermissionCollection nps =
- new KrbServicePermissionCollection();
- nps.add(this_);
- nps.add(new ServicePermission("nfs/example.com@EXAMPLE.COM",
- "accept"));
- nps.add(new ServicePermission("host/example.com@EXAMPLE.COM",
- "initiate"));
- System.out.println("nps.implies(that) = " + nps.implies(that_));
- System.out.println("-----\n");
-
- Enumeration e = nps.elements();
-
- while (e.hasMoreElements()) {
- ServicePermission x =
- (ServicePermission) e.nextElement();
- System.out.println("nps.e = " + x);
- }
-
- }
- */
-
}
diff --git a/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java b/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
index a890dadb293..fe9031e9bd0 100644
--- a/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
+++ b/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,7 +35,6 @@ import org.ietf.jgss.Oid;
import sun.net.www.protocol.http.HttpCallerInfo;
import sun.net.www.protocol.http.Negotiator;
-import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
import sun.security.jgss.GSSManagerImpl;
import sun.security.jgss.GSSContextImpl;
@@ -45,6 +44,8 @@ import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
import sun.security.util.ChannelBindingException;
import sun.security.util.TlsChannelBinding;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates all JAAS and JGSS API calls in a separate class
* outside NegotiateAuthentication.java so that J2SE build can go smoothly
@@ -55,9 +56,6 @@ import sun.security.util.TlsChannelBinding;
*/
public class NegotiatorImpl extends Negotiator {
- private static final boolean DEBUG =
- GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
-
private GSSContext context;
private byte[] oneToken;
@@ -105,8 +103,8 @@ public class NegotiatorImpl extends Negotiator {
((GSSContextImpl)context).requestDelegPolicy(true);
}
if (hci.serverCert != null) {
- if (DEBUG) {
- System.out.println("Negotiate: Setting CBT");
+ if (DEBUG != null) {
+ DEBUG.println("Negotiate: Setting CBT");
}
// set the channel binding token
TlsChannelBinding b = TlsChannelBinding.create(hci.serverCert);
@@ -123,8 +121,8 @@ public class NegotiatorImpl extends Negotiator {
try {
init(hci);
} catch (GSSException | ChannelBindingException e) {
- if (DEBUG) {
- System.out.println("Negotiate support not initiated, will " +
+ if (DEBUG != null) {
+ DEBUG.println("Negotiate support not initiated, will " +
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
@@ -160,9 +158,9 @@ public class NegotiatorImpl extends Negotiator {
}
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
- if (DEBUG) {
- System.out.println("Negotiate support cannot continue. Reason:");
- e.printStackTrace();
+ if (DEBUG != null) {
+ DEBUG.println("Negotiate support cannot continue. Reason:");
+ e.printStackTrace(DEBUG.getPrintStream());
}
throw new IOException("Negotiate support cannot continue", e);
}
@@ -181,9 +179,9 @@ public class NegotiatorImpl extends Negotiator {
context.dispose();
}
} catch (GSSException e) {
- if (DEBUG) {
- System.out.println("Cannot release resources. Reason:");
- e.printStackTrace();
+ if (DEBUG != null) {
+ DEBUG.println("Cannot release resources. Reason:");
+ e.printStackTrace(DEBUG.getPrintStream());
}
throw new IOException("Cannot release resources", e);
};
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/GSSCredentialImpl.java b/src/java.security.jgss/share/classes/sun/security/jgss/GSSCredentialImpl.java
index 925f11905bf..6dccdad843c 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSCredentialImpl.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSCredentialImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -90,7 +90,7 @@ public class GSSCredentialImpl implements GSSCredential {
} catch (GSSException e) {
if (defaultList) {
// Try the next mechanism
- if (GSSUtil.DEBUG) {
+ if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Ignore " + e + " while acquiring cred for "
+ mechs[i]);
// e.printStackTrace();
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/GSSHeader.java b/src/java.security.jgss/share/classes/sun/security/jgss/GSSHeader.java
index dc61b82e4cd..8e7e93dff9a 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSHeader.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSHeader.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -317,25 +317,4 @@ public class GSSHeader {
return retVal;
}
-
- // XXX Call these two in some central class
- private void debug(String str) {
- System.err.print(str);
- }
-
- private String getHexBytes(byte[] bytes, int len)
- throws IOException {
-
- StringBuilder sb = new StringBuilder();
- for (int i = 0; i < len; i++) {
-
- int b1 = (bytes[i] >> 4) & 0x0f;
- int b2 = bytes[i] & 0x0f;
-
- sb.append(Integer.toHexString(b1));
- sb.append(Integer.toHexString(b2));
- sb.append(' ');
- }
- return sb.toString();
- }
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java b/src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java
index 4279abde696..8b40b759085 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSManagerImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@ public class GSSManagerImpl extends GSSManager {
}
} catch (GSSException e) {
// Squelch it and just skip over this mechanism
- if (GSSUtil.DEBUG) {
+ if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Skip " + mech +
": error retrieving supported name types");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java b/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
index 7f585ce3894..f2e7599c1e0 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSUtil.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,8 +45,8 @@ import java.security.PrivilegedActionException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import sun.security.action.GetBooleanAction;
import sun.security.util.ConsoleCallbackHandler;
+import sun.security.util.Debug;
/**
* The GSSUtilImplementation that knows how to work with the internals of
@@ -67,12 +67,12 @@ public class GSSUtil {
public static final Oid NT_GSS_KRB5_PRINCIPAL =
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
- static final boolean DEBUG =
- GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
+ static final Debug DEBUG = Debug.of("jgss", GetPropertyAction
+ .privilegedGetProperty("sun.security.jgss.debug"));
static void debug(String message) {
assert(message != null);
- System.out.println(message);
+ DEBUG.println(message);
}
// NOTE: this method is only for creating Oid objects with
@@ -82,7 +82,7 @@ public class GSSUtil {
try {
return new Oid(oidStr);
} catch (GSSException e) {
- if (DEBUG) {
+ if (DEBUG != null) {
debug("Ignored invalid OID: " + oidStr);
}
return null;
@@ -138,7 +138,7 @@ public class GSSUtil {
KerberosPrincipal krbPrinc = new KerberosPrincipal(krbName);
krb5Principals.add(krbPrinc);
} catch (GSSException ge) {
- if (DEBUG) {
+ if (DEBUG != null) {
debug("Skipped name " + name + " due to " + ge);
}
}
@@ -151,7 +151,7 @@ public class GSSUtil {
} else {
privCredentials = new HashSet<>(); // empty Set
}
- if (DEBUG) {
+ if (DEBUG != null) {
debug("Created Subject with the following");
debug("principals=" + krb5Principals);
debug("public creds=" + pubCredentials);
@@ -216,7 +216,7 @@ public class GSSUtil {
credentials.add(cred);
} else {
// Ignore non-KerberosTicket and non-KerberosKey elements
- if (DEBUG) {
+ if (DEBUG != null) {
debug("Skipped cred element: " + cred);
}
}
@@ -314,7 +314,7 @@ public class GSSUtil {
final Oid mech,
final boolean initiate,
final Class credCls) {
- if (DEBUG) {
+ if (DEBUG != null) {
debug("Search Subject for " + getMechStr(mech) +
(initiate ? " INIT" : " ACCEPT") + " cred (" +
(name == null ? "<>" : name.toString()) + ", " +
@@ -334,13 +334,13 @@ public class GSSUtil {
(GSSCredentialImpl.class).iterator();
while (iterator.hasNext()) {
GSSCredentialImpl cred = iterator.next();
- if (DEBUG) {
+ if (DEBUG != null) {
debug("...Found cred" + cred);
}
try {
GSSCredentialSpi ce =
cred.getElement(mech, initiate);
- if (DEBUG) {
+ if (DEBUG != null) {
debug("......Found element: " + ce);
}
if (ce.getClass().equals(credCls) &&
@@ -348,24 +348,24 @@ public class GSSUtil {
name.equals((Object) ce.getName()))) {
result.add(credCls.cast(ce));
} else {
- if (DEBUG) {
+ if (DEBUG != null) {
debug("......Discard element");
}
}
} catch (GSSException ge) {
- if (DEBUG) {
+ if (DEBUG != null) {
debug("...Discard cred (" + ge + ")");
}
}
}
- } else if (DEBUG) {
+ } else if (DEBUG != null) {
debug("No Subject");
}
return result;
});
return creds;
} catch (PrivilegedActionException pae) {
- if (DEBUG) {
+ if (DEBUG != null) {
debug("Unexpected exception when searching Subject:");
pae.printStackTrace();
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java b/src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java
index c3031779d5e..484f0a7cfa6 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/ProviderList.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -135,7 +135,7 @@ public final class ProviderList {
addProviderAtEnd(prov, null);
} catch (GSSException ge) {
// Move on to the next provider
- if (GSSUtil.DEBUG) {
+ if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Error in adding provider " +
prov.getName() + ": " + ge);
}
@@ -420,7 +420,7 @@ public final class ProviderList {
retVal = true;
} catch (GSSException e) {
// Skip to next property
- if (GSSUtil.DEBUG) {
+ if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Ignore the invalid property " +
prop + " from provider " + p.getName());
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/CipherHelper.java b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/CipherHelper.java
index ae19d4e8af6..20bf6a14753 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/CipherHelper.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/CipherHelper.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -66,9 +66,6 @@ class CipherHelper {
// key usage for MIC tokens used by MS
private static final int KG_USAGE_SIGN_MS = 15;
- // debug flag
- private static final boolean DEBUG = Krb5Util.DEBUG;
-
/**
* A zero initial vector to be used for checksum calculation and for
* DesCbc application data encryption/decryption.
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
index c0d532a040a..fa596fc6a1e 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,8 @@ import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import sun.security.krb5.internal.AuthorizationData;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Implements the mechanism specific context class for the Kerberos v5
* GSS-API mechanism.
@@ -121,7 +123,6 @@ class Krb5Context implements GSSContextSpi {
private Credentials serviceCreds;
private KrbApReq apReq;
private final GSSCaller caller;
- private static final boolean DEBUG = Krb5Util.DEBUG;
/**
* Constructor for Krb5Context to be called on the context initiator's
@@ -379,8 +380,8 @@ class Krb5Context implements GSSContextSpi {
}
final void resetMySequenceNumber(int seqNumber) {
- if (DEBUG) {
- System.out.println("Krb5Context setting mySeqNumber to: "
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context setting mySeqNumber to: "
+ seqNumber);
}
synchronized (mySeqNumberLock) {
@@ -389,8 +390,8 @@ class Krb5Context implements GSSContextSpi {
}
final void resetPeerSequenceNumber(int seqNumber) {
- if (DEBUG) {
- System.out.println("Krb5Context setting peerSeqNumber to: "
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context setting peerSeqNumber to: "
+ seqNumber);
}
synchronized (peerSeqNumberLock) {
@@ -534,8 +535,8 @@ class Krb5Context implements GSSContextSpi {
// We will only try constrained delegation once (if necessary).
if (!isConstrainedDelegationTried) {
if (delegatedCred == null) {
- if (DEBUG) {
- System.out.println(">>> Constrained deleg from " + caller);
+ if (DEBUG != null) {
+ DEBUG.println(">>> Constrained deleg from " + caller);
}
// The constrained delegation part. The acceptor needs to have
// isInitiator=true in order to get a TGT, either earlier at
@@ -593,8 +594,8 @@ class Krb5Context implements GSSContextSpi {
byte[] retVal = null;
InitialToken token = null;
int errorCode = GSSException.FAILURE;
- if (DEBUG) {
- System.out.println("Entered Krb5Context.initSecContext with " +
+ if (DEBUG != null) {
+ DEBUG.println("Entered Krb5Context.initSecContext with " +
"state=" + printState(state));
}
if (!isInitiator()) {
@@ -660,14 +661,14 @@ class Krb5Context implements GSSContextSpi {
}});
kerbTicket = tmp;
} catch (PrivilegedActionException e) {
- if (DEBUG) {
- System.out.println("Attempt to obtain service"
+ if (DEBUG != null) {
+ DEBUG.println("Attempt to obtain service"
+ " ticket from the subject failed!");
}
}
if (kerbTicket != null) {
- if (DEBUG) {
- System.out.println("Found service ticket in " +
+ if (DEBUG != null) {
+ DEBUG.println("Found service ticket in " +
"the subject" +
kerbTicket);
}
@@ -681,8 +682,8 @@ class Krb5Context implements GSSContextSpi {
if (serviceCreds == null) {
// either we did not find the serviceCreds in the
// Subject or useSubjectCreds is false
- if (DEBUG) {
- System.out.println("Service ticket not found in " +
+ if (DEBUG != null) {
+ DEBUG.println("Service ticket not found in " +
"the subject");
}
// Get Service ticket using the Kerberos protocols
@@ -721,8 +722,8 @@ class Krb5Context implements GSSContextSpi {
});
} else {
// log it for debugging purpose
- if (DEBUG) {
- System.out.println("Subject is " +
+ if (DEBUG != null) {
+ DEBUG.println("Subject is " +
"readOnly;Kerberos Service "+
"ticket not stored");
}
@@ -738,8 +739,8 @@ class Krb5Context implements GSSContextSpi {
if (!getMutualAuthState()) {
state = STATE_DONE;
}
- if (DEBUG) {
- System.out.println("Created InitSecContextToken:\n"+
+ if (DEBUG != null) {
+ DEBUG.println("Created InitSecContextToken:\n"+
new HexDumpEncoder().encodeBuffer(retVal));
}
} else if (state == STATE_IN_PROCESS) {
@@ -750,12 +751,12 @@ class Krb5Context implements GSSContextSpi {
state = STATE_DONE;
} else {
// XXX Use logging API?
- if (DEBUG) {
- System.out.println(state);
+ if (DEBUG != null) {
+ DEBUG.println("state is " + state);
}
}
} catch (KrbException e) {
- if (DEBUG) {
+ if (DEBUG != null) {
e.printStackTrace();
}
GSSException gssException =
@@ -792,8 +793,8 @@ class Krb5Context implements GSSContextSpi {
byte[] retVal = null;
- if (DEBUG) {
- System.out.println("Entered Krb5Context.acceptSecContext with " +
+ if (DEBUG != null) {
+ DEBUG.println("Entered Krb5Context.acceptSecContext with " +
"state=" + printState(state));
}
@@ -839,8 +840,8 @@ class Krb5Context implements GSSContextSpi {
state = STATE_DONE;
} else {
// XXX Use logging API?
- if (DEBUG) {
- System.out.println(state);
+ if (DEBUG != null) {
+ DEBUG.println("state is " + state);
}
}
} catch (KrbException e) {
@@ -849,8 +850,8 @@ class Krb5Context implements GSSContextSpi {
gssException.initCause(e);
throw gssException;
} catch (IOException e) {
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
GSSException gssException =
new GSSException(GSSException.FAILURE, -1, e.getMessage());
@@ -898,8 +899,8 @@ class Krb5Context implements GSSContextSpi {
public final byte[] wrap(byte[] inBuf, int offset, int len,
MessageProp msgProp) throws GSSException {
- if (DEBUG) {
- System.out.println("Krb5Context.wrap: data=["
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context.wrap: data=["
+ getHexBytes(inBuf, offset, len)
+ "]");
}
@@ -919,8 +920,8 @@ class Krb5Context implements GSSContextSpi {
new WrapToken_v2(this, msgProp, inBuf, offset, len);
encToken = token.encode();
}
- if (DEBUG) {
- System.out.println("Krb5Context.wrap: token=["
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context.wrap: token=["
+ getHexBytes(encToken, 0, encToken.length)
+ "]");
}
@@ -952,8 +953,8 @@ class Krb5Context implements GSSContextSpi {
new WrapToken_v2(this, msgProp, inBuf, inOffset, len);
retVal = token.encode(outBuf, outOffset);
}
- if (DEBUG) {
- System.out.println("Krb5Context.wrap: token=["
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context.wrap: token=["
+ getHexBytes(outBuf, outOffset, retVal)
+ "]");
}
@@ -980,14 +981,14 @@ class Krb5Context implements GSSContextSpi {
WrapToken token =
new WrapToken(this, msgProp, inBuf, offset, len);
token.encode(os);
- if (DEBUG) {
+ if (DEBUG != null) {
encToken = token.encode();
}
} else if (cipherHelper.getProto() == 1) {
WrapToken_v2 token =
new WrapToken_v2(this, msgProp, inBuf, offset, len);
token.encode(os);
- if (DEBUG) {
+ if (DEBUG != null) {
encToken = token.encode();
}
}
@@ -998,8 +999,8 @@ class Krb5Context implements GSSContextSpi {
throw gssException;
}
- if (DEBUG) {
- System.out.println("Krb5Context.wrap: token=["
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context.wrap: token=["
+ getHexBytes(encToken, 0, encToken.length)
+ "]");
}
@@ -1025,8 +1026,8 @@ class Krb5Context implements GSSContextSpi {
MessageProp msgProp)
throws GSSException {
- if (DEBUG) {
- System.out.println("Krb5Context.unwrap: token=["
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context.unwrap: token=["
+ getHexBytes(inBuf, offset, len)
+ "]");
}
@@ -1049,8 +1050,8 @@ class Krb5Context implements GSSContextSpi {
setSequencingAndReplayProps(token, msgProp);
}
- if (DEBUG) {
- System.out.println("Krb5Context.unwrap: data=["
+ if (DEBUG != null) {
+ DEBUG.println("Krb5Context.unwrap: data=["
+ getHexBytes(data, 0, data.length)
+ "]");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5MechFactory.java b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5MechFactory.java
index ca1a2f81b20..2c49b14d450 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5MechFactory.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5MechFactory.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,8 @@ import javax.security.auth.kerberos.ServicePermission;
import java.security.Provider;
import java.util.Vector;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Krb5 Mechanism plug in for JGSS
* This is the properties object required by the JGSS framework.
@@ -43,8 +45,6 @@ import java.util.Vector;
public final class Krb5MechFactory implements MechanismFactory {
- private static final boolean DEBUG = Krb5Util.DEBUG;
-
static final Provider PROVIDER =
new sun.security.jgss.SunProvider();
@@ -152,8 +152,8 @@ public final class Krb5MechFactory implements MechanismFactory {
try {
sm.checkPermission(perm);
} catch (SecurityException e) {
- if (DEBUG) {
- System.out.println("Permission to initiate " +
+ if (DEBUG != null) {
+ DEBUG.println("Permission to initiate " +
"kerberos init credential" + e.getMessage());
}
throw e;
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
index 70b72f18784..10dea6749e5 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,6 @@ import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
-import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.GSSCaller;
@@ -47,9 +46,6 @@ import sun.security.krb5.PrincipalName;
*/
public class Krb5Util {
- static final boolean DEBUG = GetBooleanAction
- .privilegedGetProperty("sun.security.krb5.debug");
-
/**
* Default constructor
*/
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/SubjectComber.java b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/SubjectComber.java
index 34ae83e021c..f6597bbfeec 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/SubjectComber.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/SubjectComber.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@ import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This utility looks through the current Subject and retrieves private
* credentials for the desired client/server principals.
@@ -49,8 +51,6 @@ import javax.security.auth.kerberos.KeyTab;
class SubjectComber {
- private static final boolean DEBUG = Krb5Util.DEBUG;
-
/**
* Default constructor
*/
@@ -114,8 +114,8 @@ class SubjectComber {
}
}
// Check passed, we can add now
- if (DEBUG) {
- System.out.println("Found " + credClass.getSimpleName()
+ if (DEBUG != null) {
+ DEBUG.println("Found " + credClass.getSimpleName()
+ " " + t);
}
if (oneOnly) {
@@ -132,8 +132,8 @@ class SubjectComber {
KerberosKey t = iterator.next();
String name = t.getPrincipal().getName();
if (serverPrincipal == null || serverPrincipal.equals(name)) {
- if (DEBUG) {
- System.out.println("Found " +
+ if (DEBUG != null) {
+ DEBUG.println("Found " +
credClass.getSimpleName() + " for " + name);
}
if (oneOnly) {
@@ -155,8 +155,8 @@ class SubjectComber {
KerberosTicket ticket)) {
continue;
}
- if (DEBUG) {
- System.out.println("Found ticket for "
+ if (DEBUG != null) {
+ DEBUG.println("Found ticket for "
+ ticket.getClient()
+ " to go to "
+ ticket.getServer()
@@ -171,15 +171,15 @@ class SubjectComber {
iterator.remove();
try {
ticket.destroy();
- if (DEBUG) {
- System.out.println("Removed and destroyed "
+ if (DEBUG != null) {
+ DEBUG.println("Removed and destroyed "
+ "the expired Ticket \n"
+ ticket);
}
} catch (DestroyFailedException dfe) {
- if (DEBUG) {
- System.out.println("Expired ticket not" +
+ if (DEBUG != null) {
+ DEBUG.println("Expired ticket not" +
" destroyed successfully. " + dfe);
}
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenInit.java b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenInit.java
index b7e23a1970a..6ed002a5532 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenInit.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenInit.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,8 @@ import sun.security.util.*;
import java.io.IOException;
+import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
+
/**
* Implements the SPNEGO NegTokenInit token
* as specified in RFC 2478
@@ -116,8 +118,8 @@ public class NegTokenInit extends SpNegoToken {
// mechListMIC with CONTEXT 03
if (mechListMIC != null) {
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenInit: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenInit: " +
"sending MechListMIC");
}
DerOutputStream mic = new DerOutputStream();
@@ -163,8 +165,8 @@ public class NegTokenInit extends SpNegoToken {
ObjectIdentifier mech;
for (int i = 0; i < mList.length; i++) {
mech = mList[i].getOID();
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenInit: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenInit: " +
"reading Mechanism Oid = " + mech);
}
mechTypeList[i] = new Oid(mech.toString());
@@ -174,8 +176,8 @@ public class NegTokenInit extends SpNegoToken {
// received reqFlags, skip it
} else if (tmp2.isContextSpecific((byte)0x02)) {
lastField = checkNextField(lastField, 2);
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenInit: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenInit: " +
"reading Mech Token");
}
mechToken = tmp2.data.getOctetString();
@@ -183,8 +185,8 @@ public class NegTokenInit extends SpNegoToken {
lastField = checkNextField(lastField, 3);
if (!GSSUtil.useMSInterop()) {
mechListMIC = tmp2.data.getOctetString();
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenInit: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenInit: " +
"MechListMIC Token = " +
getHexBytes(mechListMIC));
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenTarg.java b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenTarg.java
index bc6890ca6bf..70187171a3a 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenTarg.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenTarg.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,8 @@ import org.ietf.jgss.*;
import sun.security.jgss.*;
import sun.security.util.*;
+import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
+
/**
* Implements the SPNEGO NegTokenTarg token
* as specified in RFC 2478
@@ -103,8 +105,8 @@ public class NegTokenTarg extends SpNegoToken {
// mechListMIC with CONTEXT 03
if (mechListMIC != null) {
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenTarg: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenTarg: " +
"sending MechListMIC");
}
DerOutputStream mic = new DerOutputStream();
@@ -141,16 +143,16 @@ public class NegTokenTarg extends SpNegoToken {
if (tmp2.isContextSpecific((byte)0x00)) {
lastField = checkNextField(lastField, 0);
negResult = tmp2.data.getEnumerated();
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenTarg: negotiated" +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenTarg: negotiated" +
" result = " + getNegoResultString(negResult));
}
} else if (tmp2.isContextSpecific((byte)0x01)) {
lastField = checkNextField(lastField, 1);
ObjectIdentifier mech = tmp2.data.getOID();
supportedMech = new Oid(mech.toString());
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenTarg: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenTarg: " +
"supported mechanism = " + supportedMech);
}
} else if (tmp2.isContextSpecific((byte)0x02)) {
@@ -160,8 +162,8 @@ public class NegTokenTarg extends SpNegoToken {
lastField = checkNextField(lastField, 3);
if (!GSSUtil.useMSInterop()) {
mechListMIC = tmp2.data.getOctetString();
- if (DEBUG) {
- System.out.println("SpNegoToken NegTokenTarg: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoToken NegTokenTarg: " +
"MechListMIC Token = " +
getHexBytes(mechListMIC));
}
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
index c59c1642449..37e2c0f5a55 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import java.util.Objects;
import org.ietf.jgss.*;
import sun.security.action.GetBooleanAction;
+import sun.security.action.GetPropertyAction;
import sun.security.jgss.*;
import sun.security.jgss.spi.*;
import sun.security.util.*;
@@ -84,8 +85,8 @@ public class SpNegoContext implements GSSContextSpi {
private final SpNegoMechFactory factory;
// debug property
- static final boolean DEBUG = GetBooleanAction
- .privilegedGetProperty("sun.security.spnego.debug");
+ static final Debug DEBUG = Debug.of("spnego", GetPropertyAction
+ .privilegedGetProperty("sun.security.spnego.debug"));
/**
* Constructor for SpNegoContext to be called on the context initiator's
@@ -294,8 +295,8 @@ public class SpNegoContext implements GSSContextSpi {
byte[] mechToken = null;
int errorCode = GSSException.FAILURE;
- if (DEBUG) {
- System.out.println("Entered SpNego.initSecContext with " +
+ if (DEBUG != null) {
+ DEBUG.println("Entered SpNego.initSecContext with " +
"state=" + printState(state));
}
if (!isInitiator()) {
@@ -323,8 +324,8 @@ public class SpNegoContext implements GSSContextSpi {
// generate SPNEGO token
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
mechToken, null);
- if (DEBUG) {
- System.out.println("SpNegoContext.initSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.initSecContext: " +
"sending token of type = " +
SpNegoToken.getTokenName(initToken.getType()));
}
@@ -342,8 +343,8 @@ public class SpNegoContext implements GSSContextSpi {
errorCode = GSSException.DEFECTIVE_TOKEN;
byte[] server_token = new byte[is.available()];
SpNegoToken.readFully(is, server_token);
- if (DEBUG) {
- System.out.println("SpNegoContext.initSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.initSecContext: " +
"process received token = " +
SpNegoToken.getHexBytes(server_token));
}
@@ -352,8 +353,8 @@ public class SpNegoContext implements GSSContextSpi {
// token will be validated when parsing
NegTokenTarg targToken = new NegTokenTarg(server_token);
- if (DEBUG) {
- System.out.println("SpNegoContext.initSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.initSecContext: " +
"received token of type = " +
SpNegoToken.getTokenName(targToken.getType()));
}
@@ -421,8 +422,8 @@ public class SpNegoContext implements GSSContextSpi {
if (isMechContextEstablished()) {
state = STATE_DONE;
retVal = mechToken;
- if (DEBUG) {
- System.out.println("SPNEGO Negotiated Mechanism = "
+ if (DEBUG != null) {
+ DEBUG.println("SPNEGO Negotiated Mechanism = "
+ internal_mech + " " +
GSSUtil.getMechStr(internal_mech));
}
@@ -430,8 +431,8 @@ public class SpNegoContext implements GSSContextSpi {
// generate SPNEGO token
initToken = new NegTokenInit(null, null,
mechToken, null);
- if (DEBUG) {
- System.out.println("SpNegoContext.initSecContext:" +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.initSecContext:" +
" continue sending token of type = " +
SpNegoToken.getTokenName(initToken.getType()));
}
@@ -442,13 +443,13 @@ public class SpNegoContext implements GSSContextSpi {
} else {
// XXX Use logging API
- if (DEBUG) {
- System.out.println(state);
+ if (DEBUG != null) {
+ DEBUG.println("state is " + state);
}
}
- if (DEBUG) {
+ if (DEBUG != null) {
if (retVal != null) {
- System.out.println("SNegoContext.initSecContext: " +
+ DEBUG.println("SNegoContext.initSecContext: " +
"sending token = " + SpNegoToken.getHexBytes(retVal));
}
}
@@ -488,8 +489,8 @@ public class SpNegoContext implements GSSContextSpi {
SpNegoToken.NegoResult negoResult;
boolean valid = true;
- if (DEBUG) {
- System.out.println("Entered SpNegoContext.acceptSecContext with " +
+ if (DEBUG != null) {
+ DEBUG.println("Entered SpNegoContext.acceptSecContext with " +
"state=" + printState(state));
}
@@ -505,8 +506,8 @@ public class SpNegoContext implements GSSContextSpi {
// read data
byte[] token = new byte[is.available()];
SpNegoToken.readFully(is, token);
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"receiving token = " +
SpNegoToken.getHexBytes(token));
}
@@ -515,8 +516,8 @@ public class SpNegoContext implements GSSContextSpi {
// token will be validated when parsing
NegTokenInit initToken = new NegTokenInit(token);
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"received token of type = " +
SpNegoToken.getTokenName(initToken.getType()));
}
@@ -548,8 +549,8 @@ public class SpNegoContext implements GSSContextSpi {
(GSSUtil.isKerberosMech(mechList[0]) &&
GSSUtil.isKerberosMech(mech_wanted))) {
// get the mechanism token
- if (DEBUG && !mech_wanted.equals(mechList[0])) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null && !mech_wanted.equals(mechList[0])) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"negotiated mech adjusted to " + mechList[0]);
}
byte[] mechToken = initToken.getMechToken();
@@ -577,8 +578,8 @@ public class SpNegoContext implements GSSContextSpi {
// now set the context flags for acceptor
setContextFlags();
// print the negotiated mech info
- if (DEBUG) {
- System.out.println("SPNEGO Negotiated Mechanism = "
+ if (DEBUG != null) {
+ DEBUG.println("SPNEGO Negotiated Mechanism = "
+ internal_mech + " " +
GSSUtil.getMechStr(internal_mech));
}
@@ -591,18 +592,18 @@ public class SpNegoContext implements GSSContextSpi {
throw new GSSException(GSSException.FAILURE);
}
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"mechanism wanted = " + mech_wanted);
- System.out.println("SpNegoContext.acceptSecContext: " +
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"negotiated result = " + negoResult);
}
// generate SPNEGO token
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
mech_wanted, accept_token, null);
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"sending token of type = " +
SpNegoToken.getTokenName(targToken.getType()));
}
@@ -613,8 +614,8 @@ public class SpNegoContext implements GSSContextSpi {
// read data
byte[] token = new byte[is.available()];
SpNegoToken.readFully(is, token);
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"receiving token = " +
SpNegoToken.getHexBytes(token));
}
@@ -623,8 +624,8 @@ public class SpNegoContext implements GSSContextSpi {
// token will be validated when parsing
NegTokenTarg inputToken = new NegTokenTarg(token);
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"received token of type = " +
SpNegoToken.getTokenName(inputToken.getType()));
}
@@ -653,8 +654,8 @@ public class SpNegoContext implements GSSContextSpi {
// generate SPNEGO token
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
null, accept_token, null);
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"sending token of type = " +
SpNegoToken.getTokenName(targToken.getType()));
}
@@ -663,12 +664,12 @@ public class SpNegoContext implements GSSContextSpi {
} else {
// XXX Use logging API
- if (DEBUG) {
- System.out.println("AcceptSecContext: state = " + state);
+ if (DEBUG != null) {
+ DEBUG.println("AcceptSecContext: state = " + state);
}
}
- if (DEBUG) {
- System.out.println("SpNegoContext.acceptSecContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext.acceptSecContext: " +
"sending token = " + SpNegoToken.getHexBytes(retVal));
}
} catch (IOException e) {
@@ -768,16 +769,16 @@ public class SpNegoContext implements GSSContextSpi {
// sanity check the required input
if (mechTypes == null) {
- if (DEBUG) {
- System.out.println("SpNegoContext: no MIC token included");
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: no MIC token included");
}
return null;
}
// check if mechanism supports integrity
if (!mechContext.getIntegState()) {
- if (DEBUG) {
- System.out.println("SpNegoContext: no MIC token included" +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: no MIC token included" +
" - mechanism does not support integrity");
}
return null;
@@ -788,14 +789,14 @@ public class SpNegoContext implements GSSContextSpi {
try {
MessageProp prop = new MessageProp(0, true);
mic = getMIC(mechTypes, 0, mechTypes.length, prop);
- if (DEBUG) {
- System.out.println("SpNegoContext: getMIC = " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: getMIC = " +
SpNegoToken.getHexBytes(mic));
}
} catch (GSSException e) {
mic = null;
- if (DEBUG) {
- System.out.println("SpNegoContext: no MIC token included" +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: no MIC token included" +
" - getMIC failed : " + e.getMessage());
}
}
@@ -810,16 +811,16 @@ public class SpNegoContext implements GSSContextSpi {
// sanity check the input
if (token == null) {
- if (DEBUG) {
- System.out.println("SpNegoContext: no MIC token validation");
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: no MIC token validation");
}
return true;
}
// check if mechanism supports integrity
if (!mechContext.getIntegState()) {
- if (DEBUG) {
- System.out.println("SpNegoContext: no MIC token validation" +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: no MIC token validation" +
" - mechanism does not support integrity");
}
return true;
@@ -834,8 +835,8 @@ public class SpNegoContext implements GSSContextSpi {
valid = true;
} catch (GSSException e) {
valid = false;
- if (DEBUG) {
- System.out.println("SpNegoContext: MIC validation failed! " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: MIC validation failed! " +
e.getMessage());
}
}
@@ -921,8 +922,8 @@ public class SpNegoContext implements GSSContextSpi {
for (int i = 0; i < supported_mechSet.length; i++) {
for (int j = 0; j < mechSet.length; j++) {
if (mechSet[j].equals(supported_mechSet[i])) {
- if (DEBUG) {
- System.out.println("SpNegoContext: " +
+ if (DEBUG != null) {
+ DEBUG.println("SpNegoContext: " +
"negotiated mechanism = " + mechSet[j]);
}
return (mechSet[j]);
@@ -940,8 +941,8 @@ public class SpNegoContext implements GSSContextSpi {
if (mechContext != null) {
return mechContext.isEstablished();
} else {
- if (DEBUG) {
- System.out.println("The underlying mechanism context has " +
+ if (DEBUG != null) {
+ DEBUG.println("The underlying mechanism context has " +
"not been initialized");
}
return false;
@@ -1053,8 +1054,8 @@ public class SpNegoContext implements GSSContextSpi {
peerName = targName.getElement(internal_mech);
return peerName;
} else {
- if (DEBUG) {
- System.out.println("The underlying mechanism context has " +
+ if (DEBUG != null) {
+ DEBUG.println("The underlying mechanism context has " +
"not been initialized");
}
return null;
@@ -1069,8 +1070,8 @@ public class SpNegoContext implements GSSContextSpi {
myName = srcName.getElement(internal_mech);
return myName;
} else {
- if (DEBUG) {
- System.out.println("The underlying mechanism context has " +
+ if (DEBUG != null) {
+ DEBUG.println("The underlying mechanism context has " +
"not been initialized");
}
return null;
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java
index 63d3d1973dc..3adba97bb2e 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoToken.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -59,9 +59,6 @@ abstract class SpNegoToken extends GSSToken {
private final int tokenType;
- // property
- static final boolean DEBUG = SpNegoContext.DEBUG;
-
/**
* The object identifier corresponding to the SPNEGO GSS-API
* mechanism.
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
index 6eb61cd8b9e..2099eaf779e 100644
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -65,7 +65,7 @@ public final class SunNativeProvider extends Provider {
if (message == null) {
throw new NullPointerException();
}
- System.out.println(NAME + ": " + message);
+ System.err.println(NAME + ": " + message);
}
@SuppressWarnings("removal")
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Checksum.java b/src/java.security.jgss/share/classes/sun/security/krb5/Checksum.java
index b9553f8b96d..249de9cb224 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Checksum.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Checksum.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -73,8 +73,6 @@ public class Checksum {
// draft-brezak-win2k-krb-rc4-hmac-04.txt
public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138;
- private static boolean DEBUG = Krb5.DEBUG;
-
/**
* Constructs a new Checksum using the raw data and type.
*
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Config.java b/src/java.security.jgss/share/classes/sun/security/krb5/Config.java
index 256e39dd4d9..36b8010a6f2 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Config.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Config.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,8 @@ import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.Krb5;
import sun.security.util.SecurityProperties;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class maintains key-value pairs of Kerberos configurable constants
* from configuration file or from user specified system properties.
@@ -103,8 +105,6 @@ public class Config {
*/
private Hashtable stanzaTable = new Hashtable<>();
- private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
-
// these are used for hexadecimal calculation.
private static final int BASE16_0 = 1;
private static final int BASE16_1 = 16;
@@ -213,16 +213,16 @@ public class Config {
if (fileName != null) {
configFile = loadConfigFile(fileName);
stanzaTable = parseStanzaTable(configFile);
- if (DEBUG) {
- System.out.println("Loaded from Java config");
+ if (DEBUG != null) {
+ DEBUG.println("Loaded from Java config");
}
} else {
boolean found = false;
if (isMacosLionOrBetter()) {
try {
stanzaTable = SCDynamicStoreConfig.getConfig();
- if (DEBUG) {
- System.out.println("Loaded from SCDynamicStoreConfig");
+ if (DEBUG != null) {
+ DEBUG.println("Loaded from SCDynamicStoreConfig");
}
found = true;
} catch (IOException ioe) {
@@ -233,15 +233,15 @@ public class Config {
fileName = getNativeFileName();
configFile = loadConfigFile(fileName);
stanzaTable = parseStanzaTable(configFile);
- if (DEBUG) {
- System.out.println("Loaded from native config");
+ if (DEBUG != null) {
+ DEBUG.println("Loaded from native config");
}
}
}
} catch (IOException ioe) {
- if (DEBUG) {
- System.out.println("Exception thrown in loading config:");
- ioe.printStackTrace(System.out);
+ if (DEBUG != null) {
+ DEBUG.println("Exception thrown in loading config:");
+ ioe.printStackTrace(DEBUG.getPrintStream());
}
throw new KrbException("krb5.conf loading failed");
}
@@ -440,11 +440,11 @@ public class Config {
try {
value = parseIntValue(result);
} catch (NumberFormatException e) {
- if (DEBUG) {
- System.out.println("Exception in getting value of " +
+ if (DEBUG != null) {
+ DEBUG.println("Exception in getting value of " +
Arrays.toString(keys) + ": " +
e.getMessage());
- System.out.println("Setting " + Arrays.toString(keys) +
+ DEBUG.println("Setting " + Arrays.toString(keys) +
" to minimum value");
}
value = Integer.MIN_VALUE;
@@ -584,8 +584,8 @@ public class Config {
Path file, List content, Set dups)
throws IOException {
- if (DEBUG) {
- System.out.println("Loading krb5 profile at " + file);
+ if (DEBUG != null) {
+ DEBUG.println("Loading krb5 profile at " + file);
}
if (!file.isAbsolute()) {
throw new IOException("Profile path not absolute");
@@ -628,8 +628,8 @@ public class Config {
content, dups);
} else {
// Unsupported directives
- if (DEBUG) {
- System.out.println("Unknown directive: " + line);
+ if (DEBUG != null) {
+ DEBUG.println("Unknown directive: " + line);
}
}
} else {
@@ -670,8 +670,8 @@ public class Config {
private List loadConfigFile(final String fileName)
throws IOException, KrbException {
- if (DEBUG) {
- System.out.println("Loading config file from " + fileName);
+ if (DEBUG != null) {
+ DEBUG.println("Loading config file from " + fileName);
}
List result = new ArrayList<>();
List raw = new ArrayList<>();
@@ -783,8 +783,8 @@ public class Config {
throws KrbException {
Hashtable current = stanzaTable;
for (String line: v) {
- if (DEBUG) {
- System.out.println(line);
+ if (DEBUG != null) {
+ DEBUG.println(line);
}
// There are only 3 kinds of lines
// 1. a = b
@@ -872,8 +872,8 @@ public class Config {
name = null;
}
}
- if (DEBUG) {
- System.out.println("Java config name: " + name);
+ if (DEBUG != null) {
+ DEBUG.println("Java config name: " + name);
}
return name;
}
@@ -935,8 +935,8 @@ public class Config {
} else {
name = "/etc/krb5.conf";
}
- if (DEBUG) {
- System.out.println("Native config name: " + name);
+ if (DEBUG != null) {
+ DEBUG.println("Native config name: " + name);
}
return name;
}
@@ -984,21 +984,21 @@ public class Config {
String default_enctypes;
default_enctypes = get("libdefaults", configName);
if (default_enctypes == null && !configName.equals("permitted_enctypes")) {
- if (DEBUG) {
- System.out.println("Getting permitted_enctypes from libdefaults");
+ if (DEBUG != null) {
+ DEBUG.println("Getting permitted_enctypes from libdefaults");
}
default_enctypes = get("libdefaults", "permitted_enctypes");
}
int[] etype;
if (default_enctypes == null) {
- if (DEBUG) {
- System.out.println("default_enctypes were null, using builtin default etypes for configuration " +
+ if (DEBUG != null) {
+ DEBUG.println("default_enctypes were null, using builtin default etypes for configuration " +
configName);
}
etype = EType.getBuiltInDefaults();
} else {
- if (DEBUG) {
- System.out.println("default_enctypes:" + default_enctypes);
+ if (DEBUG != null) {
+ DEBUG.println("default_enctypes:" + default_enctypes);
}
String delim = " ";
StringTokenizer st;
@@ -1032,12 +1032,13 @@ public class Config {
}
}
- if (DEBUG) {
- System.out.print("default etypes for " + configName + ":");
+ if (DEBUG != null) {
+ String s = "default etypes for " + configName + ":";
for (int i = 0; i < etype.length; i++) {
- System.out.print(" " + etype[i]);
+ s += " " + etype[i];
}
- System.out.println(".");
+ s += ".";
+ DEBUG.println(s);
}
return etype;
}
@@ -1135,8 +1136,8 @@ public class Config {
* This method was useless. Kept here in case some class still calls it.
*/
public void resetDefaultRealm(String realm) {
- if (DEBUG) {
- System.out.println(">>> Config try resetting default kdc " + realm);
+ if (DEBUG != null) {
+ DEBUG.println(">>> Config try resetting default kdc " + realm);
}
}
@@ -1319,8 +1320,8 @@ public class Config {
* @return the realm if correct, or null otherwise
*/
private static String checkRealm(String mapRealm) {
- if (DEBUG) {
- System.out.println("getRealmFromDNS: trying " + mapRealm);
+ if (DEBUG != null) {
+ DEBUG.println("getRealmFromDNS: trying " + mapRealm);
}
String[] records = null;
String newRealm = mapRealm;
@@ -1351,14 +1352,14 @@ public class Config {
String kdcs = "";
String[] srvs = null;
// locate DNS SRV record using UDP
- if (DEBUG) {
- System.out.println("getKDCFromDNS using UDP");
+ if (DEBUG != null) {
+ DEBUG.println("getKDCFromDNS using UDP");
}
srvs = KrbServiceLocator.getKerberosService(realm, "_udp");
if (srvs == null) {
// locate DNS SRV record using TCP
- if (DEBUG) {
- System.out.println("getKDCFromDNS using TCP");
+ if (DEBUG != null) {
+ DEBUG.println("getKDCFromDNS using TCP");
}
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
index da6b5e3d674..9ec0b7b7c12 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,8 @@ import java.io.IOException;
import java.util.Date;
import java.net.InetAddress;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates the concept of a Kerberos service
* credential. That includes a Kerberos ticket and an associated
@@ -61,7 +63,6 @@ public class Credentials {
KerberosTime renewTill;
HostAddresses cAddr;
AuthorizationData authzData;
- private static boolean DEBUG = Krb5.DEBUG;
static boolean alreadyLoaded = false;
private static boolean alreadyTried = false;
@@ -240,8 +241,8 @@ public class Credentials {
try {
retVal = ticket.asn1Encode();
} catch (Asn1Exception | IOException e) {
- if (DEBUG) {
- System.out.println(e);
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
return retVal;
@@ -330,21 +331,21 @@ public class Credentials {
OperatingSystem.isMacOS()) {
Credentials creds = acquireDefaultCreds();
if (creds == null) {
- if (DEBUG) {
- System.out.println(">>> Found no TGT's in native ccache");
+ if (DEBUG != null) {
+ DEBUG.println(">>> Found no TGT's in native ccache");
}
return null;
}
if (princ != null) {
if (creds.getClient().equals(princ)) {
- if (DEBUG) {
- System.out.println(">>> Obtained TGT from native ccache: "
+ if (DEBUG != null) {
+ DEBUG.println(">>> Obtained TGT from native ccache: "
+ creds);
}
return creds;
} else {
- if (DEBUG) {
- System.out.println(">>> native ccache contains TGT for "
+ if (DEBUG != null) {
+ DEBUG.println(">>> native ccache contains TGT for "
+ creds.getClient()
+ " not "
+ princ);
@@ -352,8 +353,8 @@ public class Credentials {
return null;
}
} else {
- if (DEBUG) {
- System.out.println(">>> Obtained TGT from native ccache: "
+ if (DEBUG != null) {
+ DEBUG.println(">>> Obtained TGT from native ccache: "
+ creds);
}
return creds;
@@ -381,8 +382,8 @@ public class Credentials {
if (EType.isSupported(tgtCred.key.getEType())) {
return tgtCred;
} else {
- if (DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>> unsupported key type found the default TGT: " +
tgtCred.key.getEType());
}
@@ -420,15 +421,15 @@ public class Credentials {
if (cache != null) {
Credentials temp = cache.getInitialCreds();
if (temp != null) {
- if (DEBUG) {
- System.out.println(">>> KrbCreds found the default ticket"
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbCreds found the default ticket"
+ " granting ticket in credential cache.");
}
if (EType.isSupported(temp.key.getEType())) {
result = temp;
} else {
- if (DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>> unsupported key type found the default TGT: " +
temp.key.getEType());
}
@@ -444,8 +445,8 @@ public class Credentials {
try {
ensureLoaded();
} catch (Exception e) {
- if (DEBUG) {
- System.out.println("Can not load native ccache library");
+ if (DEBUG != null) {
+ DEBUG.println("Can not load native ccache library");
e.printStackTrace();
}
alreadyTried = true;
@@ -453,8 +454,8 @@ public class Credentials {
}
if (alreadyLoaded) {
// There is some native code
- if (DEBUG) {
- System.out.println(">> Acquire default native Credentials");
+ if (DEBUG != null) {
+ DEBUG.println(">> Acquire default native Credentials");
}
try {
result = acquireDefaultNativeCreds(
@@ -507,19 +508,19 @@ public class Credentials {
* Prints out debug info.
*/
public static void printDebug(Credentials c) {
- System.out.println(">>> DEBUG: ----Credentials----");
- System.out.println("\tclient: " + c.client.toString());
+ DEBUG.println(">>> DEBUG: ----Credentials----");
+ DEBUG.println("\tclient: " + c.client.toString());
if (c.clientAlias != null)
- System.out.println("\tclient alias: " + c.clientAlias.toString());
- System.out.println("\tserver: " + c.server.toString());
+ DEBUG.println("\tclient alias: " + c.clientAlias.toString());
+ DEBUG.println("\tserver: " + c.server.toString());
if (c.serverAlias != null)
- System.out.println("\tserver alias: " + c.serverAlias.toString());
- System.out.println("\tticket: sname: " + c.ticket.sname.toString());
+ DEBUG.println("\tserver alias: " + c.serverAlias.toString());
+ DEBUG.println("\tticket: sname: " + c.ticket.sname.toString());
if (c.startTime != null) {
- System.out.println("\tstartTime: " + c.startTime.getTime());
+ DEBUG.println("\tstartTime: " + c.startTime.getTime());
}
- System.out.println("\tendTime: " + c.endTime.getTime());
- System.out.println(" ----Credentials end----");
+ DEBUG.println("\tendTime: " + c.endTime.getTime());
+ DEBUG.println(" ----Credentials end----");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java
index e250e98eb42..f975ba15a67 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,8 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates the concept of an EncryptionKey. An encryption
* key is defined in RFC 4120 as:
@@ -74,8 +76,6 @@ public class EncryptionKey
private byte[] keyValue;
private Integer kvno; // not part of ASN1 encoding;
- private static final boolean DEBUG = Krb5.DEBUG;
-
public synchronized int getEType() {
return keyType;
}
@@ -186,8 +186,8 @@ public class EncryptionKey
stringToKey(password, salt, null, etypes[i]),
etypes[i], null);
} else {
- if (DEBUG) {
- System.out.println("Encryption Type " +
+ if (DEBUG != null) {
+ DEBUG.println("Encryption Type " +
EType.toString(etypes[i]) +
" is not supported/enabled");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java b/src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java
index 5790b06170b..63d99982567 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KdcComm.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,8 @@ import java.util.HashSet;
import java.util.Iterator;
import sun.security.krb5.internal.KRBError;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* KDC-REQ/KDC-REP communication. No more base class for KrbAsReq and
* KrbTgsReq. This class is now communication only.
@@ -72,8 +74,6 @@ public final class KdcComm {
*/
private static int defaultUdpPrefLimit;
- private static final boolean DEBUG = Krb5.DEBUG;
-
/**
* What to do when a KDC is unavailable, specified in the
* java.security file with key krb5.kdc.bad.policy.
@@ -118,8 +118,8 @@ public final class KdcComm {
} catch (NumberFormatException nfe) {
// Ignored. Please note that tryLess is recognized and
// used, parameters using default values
- if (DEBUG) {
- System.out.println("Invalid krb5.kdc.bad.policy" +
+ if (DEBUG != null) {
+ DEBUG.println("Invalid krb5.kdc.bad.policy" +
" parameter for tryLess: " +
value + ", use default");
}
@@ -151,8 +151,8 @@ public final class KdcComm {
udp_pref_limit = parsePositiveIntString(temp);
} catch (Exception exc) {
// ignore any exceptions; use default values
- if (DEBUG) {
- System.out.println ("Exception in getting KDC communication " +
+ if (DEBUG != null) {
+ DEBUG.println ("Exception in getting KDC communication " +
"settings, using default value " +
exc.getMessage());
}
@@ -276,10 +276,10 @@ public final class KdcComm {
KdcAccessibility.removeBad(tempKdc);
return ibuf;
} catch(Exception e) {
- if (DEBUG) {
- System.out.println(">>> KrbKdcReq send: error trying " +
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbKdcReq send: error trying " +
tempKdc);
- e.printStackTrace(System.out);
+ e.printStackTrace(DEBUG.getPrintStream());
}
KdcAccessibility.addBad(tempKdc);
throw e;
@@ -345,8 +345,8 @@ public final class KdcComm {
}
byte[] obuf = req.encoding();
- if (DEBUG) {
- System.out.println(">>> KrbKdcReq send: kdc=" + kdc
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbKdcReq send: kdc=" + kdc
+ (useTCP ? " TCP:":" UDP:")
+ port + ", timeout="
+ timeout
@@ -360,8 +360,8 @@ public final class KdcComm {
try {
@SuppressWarnings("removal")
byte[] ibuf = AccessController.doPrivileged(kdcCommunication);
- if (DEBUG) {
- System.out.println(">>> KrbKdcReq send: #bytes read="
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbKdcReq send: #bytes read="
+ (ibuf != null ? ibuf.length : 0));
}
return ibuf;
@@ -404,8 +404,8 @@ public final class KdcComm {
for (int i=1; i <= retries; i++) {
String proto = useTCP?"TCP":"UDP";
- if (DEBUG) {
- System.out.println(">>> KDCCommunication: kdc=" + kdc
+ if (DEBUG != null) {
+ DEBUG.println(">>> KDCCommunication: kdc=" + kdc
+ " " + proto + ":"
+ port + ", timeout="
+ timeout
@@ -418,8 +418,8 @@ public final class KdcComm {
ibuf = kdcClient.receive();
break;
} catch (SocketTimeoutException se) {
- if (DEBUG) {
- System.out.println ("SocketTimeOutException with " +
+ if (DEBUG != null) {
+ DEBUG.println ("SocketTimeOutException with " +
"attempt: " + i);
}
if (i == retries) {
@@ -518,15 +518,15 @@ public final class KdcComm {
private static Set bads = new HashSet<>();
private static synchronized void addBad(String kdc) {
- if (DEBUG) {
- System.out.println(">>> KdcAccessibility: add " + kdc);
+ if (DEBUG != null) {
+ DEBUG.println(">>> KdcAccessibility: add " + kdc);
}
bads.add(kdc);
}
private static synchronized void removeBad(String kdc) {
- if (DEBUG) {
- System.out.println(">>> KdcAccessibility: remove " + kdc);
+ if (DEBUG != null) {
+ DEBUG.println(">>> KdcAccessibility: remove " + kdc);
}
bads.remove(kdc);
}
@@ -536,8 +536,8 @@ public final class KdcComm {
}
private static synchronized void reset() {
- if (DEBUG) {
- System.out.println(">>> KdcAccessibility: reset");
+ if (DEBUG != null) {
+ DEBUG.println(">>> KdcAccessibility: reset");
}
bads.clear();
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java b/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java
index e3a29f446a3..8682619096d 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,8 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import sun.security.krb5.internal.rcache.AuthTimeWithHash;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates a KRB-AP-REQ that a client sends to a
* server for authentication.
@@ -57,7 +59,6 @@ public class KrbApReq {
// Used by acceptor side
private static ReplayCache rcache = ReplayCache.getInstance();
- private static boolean DEBUG = Krb5.DEBUG;
private static final char[] hexConst = "0123456789ABCDEF".toCharArray();
/**
@@ -109,8 +110,8 @@ public class KrbApReq {
APOptions apOptions = (mutualRequired?
new APOptions(Krb5.AP_OPTS_MUTUAL_REQUIRED):
new APOptions());
- if (DEBUG)
- System.out.println(">>> KrbApReq: APOptions are " + apOptions);
+ if (DEBUG != null)
+ DEBUG.println(">>> KrbApReq: APOptions are " + apOptions);
EncryptionKey subKey = (useSubKey?
new EncryptionKey(tgsCred.getSessionKey()):
@@ -329,8 +330,8 @@ public class KrbApReq {
HostAddress sender = new HostAddress(initiator);
if (enc_ticketPart.caddr != null
&& !enc_ticketPart.caddr.inList(sender)) {
- if (DEBUG) {
- System.out.println(">>> KrbApReq: initiator is "
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbApReq: initiator is "
+ sender.getInetAddress()
+ ", but caddr is "
+ Arrays.toString(
@@ -374,8 +375,8 @@ public class KrbApReq {
enc_ticketPart.renewTill,
enc_ticketPart.caddr,
enc_ticketPart.authorizationData);
- if (DEBUG) {
- System.out.println(">>> KrbApReq: authenticate succeed.");
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbApReq: authenticate succeed.");
}
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java b/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java
index 793b1d4a27f..2b4bd4da266 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsRep.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,6 +40,8 @@ import java.util.Objects;
import javax.security.auth.kerberos.KeyTab;
import sun.security.jgss.krb5.Krb5Util;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates a AS-REP message that the KDC sends to the
* client.
@@ -51,8 +53,6 @@ final class KrbAsRep extends KrbKdcRep {
// message, created by initiator after calling
// the decrypt() method
- private boolean DEBUG = Krb5.DEBUG;
-
KrbAsRep(byte[] ibuf) throws
KrbException, Asn1Exception, IOException {
DerValue encoding = new DerValue(ibuf);
@@ -75,8 +75,8 @@ final class KrbAsRep extends KrbKdcRep {
// no text sent from server
ke = new KrbException(err);
} else {
- if (DEBUG) {
- System.out.println("KRBError received: " + eText);
+ if (DEBUG != null) {
+ DEBUG.println("KRBError received: " + eText);
}
// override default text with server text
ke = new KrbException(err, eText);
@@ -175,8 +175,8 @@ final class KrbAsRep extends KrbKdcRep {
enc_part.endtime,
enc_part.renewTill,
enc_part.caddr);
- if (DEBUG) {
- System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
req.reqBody.cname.getNameString());
}
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java b/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java
index 580beddf21b..c299f8b40e7 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,8 @@ import java.io.IOException;
import java.time.Instant;
import java.util.Arrays;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates the KRB-AS-REQ message that the client
* sends to the KDC.
@@ -45,8 +47,6 @@ import java.util.Arrays;
public class KrbAsReq extends KrbKdcReq {
private ASReq asReqMessg;
- private boolean DEBUG = Krb5.DEBUG;
-
/**
* Constructs an AS-REQ message.
*/
@@ -110,8 +110,8 @@ public class KrbAsReq extends KrbKdcReq {
"default realm not specified ");
}
- if (DEBUG) {
- System.out.println(">>> KrbAsReq creating message");
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbAsReq creating message");
}
Config cfg = Config.getInstance();
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReqBuilder.java b/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReqBuilder.java
index 177f714d1ea..0d137575687 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReqBuilder.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReqBuilder.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@ import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.PAData;
import sun.security.krb5.internal.crypto.EType;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* A manager class for AS-REQ communications.
*
@@ -348,8 +350,8 @@ public final class KrbAsReqBuilder {
if (!preAuthFailedOnce && (
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
- if (Krb5.DEBUG) {
- System.out.println("KrbAsReqBuilder: " +
+ if (DEBUG != null) {
+ DEBUG.println("KrbAsReqBuilder: " +
"PREAUTH FAILED/REQ, re-send AS-REQ");
}
preAuthFailedOnce = true;
@@ -403,8 +405,8 @@ public final class KrbAsReqBuilder {
.getBooleanObject("libdefaults", "canonicalize") ==
Boolean.TRUE;
} catch (KrbException e) {
- if (Krb5.DEBUG) {
- System.out.println("Exception in getting canonicalize," +
+ if (DEBUG != null) {
+ DEBUG.println("Exception in getting canonicalize," +
" using default value " +
Boolean.valueOf(canonicalizeConfig) + ": " +
e.getMessage());
@@ -450,8 +452,8 @@ public final class KrbAsReqBuilder {
}
}
if (count < Config.MAX_REFERRALS && sendCanonicalize) {
- if (Krb5.DEBUG) {
- System.out.println("KrbAsReqBuilder: AS-REQ failed." +
+ if (DEBUG != null) {
+ DEBUG.println("KrbAsReqBuilder: AS-REQ failed." +
" Retrying with CANONICALIZE false.");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java b/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java
index 0ce26efc4a9..a2fbfbf3ddb 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@ import java.io.IOException;
import sun.security.util.DerValue;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class encapsulates the KRB-CRED message that a client uses to
* send its delegated credentials to a server.
@@ -46,8 +48,6 @@ import sun.security.util.DerValue;
*/
public class KrbCred {
- private static boolean DEBUG = Krb5.DEBUG;
-
private byte[] obuf = null;
private KRBCred credMessg = null;
private Ticket ticket = null;
@@ -144,8 +144,8 @@ public class KrbCred {
PrincipalName sname = credInfo.sname;
HostAddresses caddr = credInfo.caddr;
- if (DEBUG) {
- System.out.println(">>>Delegated Creds have pname=" + pname
+ if (DEBUG != null) {
+ DEBUG.println(">>>Delegated Creds have pname=" + pname
+ " sname=" + sname
+ " authtime=" + authtime
+ " starttime=" + starttime
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/KrbKdcRep.java b/src/java.security.jgss/share/classes/sun/security/krb5/KrbKdcRep.java
index fc2dc9a9334..d685d589759 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbKdcRep.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbKdcRep.java
@@ -34,6 +34,8 @@ import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import sun.security.util.DerInputStream;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
abstract class KrbKdcRep {
static void check(
@@ -86,8 +88,8 @@ abstract class KrbKdcRep {
for (int i = 2; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) !=
rep.encKDCRepPart.flags.get(i)) {
- if (Krb5.DEBUG) {
- System.out.println("> KrbKdcRep.check: at #" + i
+ if (DEBUG == null) {
+ DEBUG.println("> KrbKdcRep.check: at #" + i
+ ". request for " + req.reqBody.kdcOptions.get(i)
+ ", received " + rep.encKDCRepPart.flags.get(i));
}
@@ -171,8 +173,8 @@ abstract class KrbKdcRep {
req.asn1Encode(), replyKey,
KeyUsage.KU_AS_REQ);
} catch (Exception e) {
- if (Krb5.DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
break;
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/SCDynamicStoreConfig.java b/src/java.security.jgss/share/classes/sun/security/krb5/SCDynamicStoreConfig.java
index 8fe86aaee8c..41c93afcf40 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/SCDynamicStoreConfig.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/SCDynamicStoreConfig.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Vector;
+import static sun.security.krb5.internal.Krb5.DEBUG;
public class SCDynamicStoreConfig {
private static native void installNotificationCallback();
@@ -42,7 +43,6 @@ public class SCDynamicStoreConfig {
* (realm kdc* null) null (mapping-domain mapping-realm)*
*/
private static native List getKerberosConfig();
- private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
static {
@SuppressWarnings("removal")
@@ -72,7 +72,7 @@ public class SCDynamicStoreConfig {
throw new IOException(
"Could not load configuration from SCDynamicStore");
}
- if (DEBUG) System.out.println("Raw map from JNI: " + list);
+ if (DEBUG != null) DEBUG.println("Raw map from JNI: " + list);
Hashtable v = new Hashtable<>();
Hashtable realms = new Hashtable<>();
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/CredentialsUtil.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/CredentialsUtil.java
index 04c9647e7aa..be5e08f7223 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/CredentialsUtil.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/CredentialsUtil.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@ import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class is a utility that contains much of the TGS-Exchange
* protocol. It is used by ../Credentials.java for service ticket
@@ -44,8 +46,6 @@ import java.util.List;
*/
public class CredentialsUtil {
- private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
-
private static enum S4U2Type {
NONE, SELF, PROXY
}
@@ -193,8 +193,8 @@ public class CredentialsUtil {
for (cTgt = localTGT, i = 0; i < realms.length;) {
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
- if (DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>> Credentials acquireServiceCreds: main loop: ["
+ i +"] tempService=" + tempService);
}
@@ -206,8 +206,8 @@ public class CredentialsUtil {
}
if (newTgt == null) {
- if (DEBUG) {
- System.out.println(">>> Credentials acquireServiceCreds: "
+ if (DEBUG != null) {
+ DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "no tgt; searching thru capath");
}
@@ -217,8 +217,8 @@ public class CredentialsUtil {
for (newTgt = null, k = i+1;
newTgt == null && k < realms.length; k++) {
tempService = PrincipalName.tgsService(realms[k], realms[i]);
- if (DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>> Credentials acquireServiceCreds: "
+ "inner loop: [" + k
+ "] tempService=" + tempService);
@@ -232,8 +232,8 @@ public class CredentialsUtil {
} // Ends 'if (newTgt == null)'
if (newTgt == null) {
- if (DEBUG) {
- System.out.println(">>> Credentials acquireServiceCreds: "
+ if (DEBUG != null) {
+ DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "no tgt; cannot get creds");
}
break;
@@ -245,16 +245,16 @@ public class CredentialsUtil {
*/
newTgtRealm = newTgt.getServer().getInstanceComponent();
if (okAsDelegate[0] && !newTgt.checkDelegate()) {
- if (DEBUG) {
- System.out.println(">>> Credentials acquireServiceCreds: " +
+ if (DEBUG != null) {
+ DEBUG.println(">>> Credentials acquireServiceCreds: " +
"global OK-AS-DELEGATE turned off at " +
newTgt.getServer());
}
okAsDelegate[0] = false;
}
- if (DEBUG) {
- System.out.println(">>> Credentials acquireServiceCreds: "
+ if (DEBUG != null) {
+ DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "got tgt");
}
@@ -283,8 +283,8 @@ public class CredentialsUtil {
i = k;
cTgt = newTgt;
- if (DEBUG) {
- System.out.println(">>> Credentials acquireServiceCreds: "
+ if (DEBUG != null) {
+ DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "continuing with main loop counter reset to " + i);
}
continue;
@@ -453,10 +453,10 @@ public class CredentialsUtil {
String serviceRealm = refSname.getRealmString();
if (!serviceRealm.equals(tgtRealm)) {
// This is a cross-realm service request
- if (DEBUG) {
- System.out.println(">>> serviceCredsSingle:" +
+ if (DEBUG != null) {
+ DEBUG.println(">>> serviceCredsSingle:" +
" cross-realm authentication");
- System.out.println(">>> serviceCredsSingle:" +
+ DEBUG.println(">>> serviceCredsSingle:" +
" obtaining credentials from " + tgtRealm +
" to " + serviceRealm);
}
@@ -465,8 +465,8 @@ public class CredentialsUtil {
if (newTgt == null) {
throw new KrbException("No service creds");
}
- if (DEBUG) {
- System.out.println(">>> Cross-realm TGT Credentials" +
+ if (DEBUG != null) {
+ DEBUG.println(">>> Cross-realm TGT Credentials" +
" serviceCredsSingle: ");
Credentials.printDebug(newTgt);
}
@@ -475,16 +475,16 @@ public class CredentialsUtil {
}
asCreds = newTgt;
cname = asCreds.getClient();
- } else if (DEBUG) {
- System.out.println(">>> Credentials serviceCredsSingle:" +
+ } else if (DEBUG != null) {
+ DEBUG.println(">>> Credentials serviceCredsSingle:" +
" same realm");
}
KrbTgsReq req = new KrbTgsReq(options, asCreds, cname, clientAlias,
refSname, sname, additionalCreds, extraPAs);
theCreds = req.sendAndGetCreds();
if (theCreds != null) {
- if (DEBUG) {
- System.out.println(">>> TGS credentials serviceCredsSingle:");
+ if (DEBUG != null) {
+ DEBUG.println(">>> TGS credentials serviceCredsSingle:");
Credentials.printDebug(theCreds);
}
if (!okAsDelegate[0]) {
@@ -502,8 +502,8 @@ public class CredentialsUtil {
private static void handleS4U2SelfReferral(PAData[] pas,
PrincipalName user, Credentials newCreds)
throws Asn1Exception, KrbException, IOException {
- if (DEBUG) {
- System.out.println(">>> Handling S4U2Self referral");
+ if (DEBUG != null) {
+ DEBUG.println(">>> Handling S4U2Self referral");
}
for (int i = 0; i < pas.length; i++) {
PAData pa = pas[i];
@@ -539,8 +539,8 @@ public class CredentialsUtil {
private static String handleS4U2ProxyReferral(Credentials asCreds,
Credentials[] credsInOut, PrincipalName sname)
throws KrbException, IOException {
- if (DEBUG) {
- System.out.println(">>> Handling S4U2Proxy referral");
+ if (DEBUG != null) {
+ DEBUG.println(">>> Handling S4U2Proxy referral");
}
Credentials refTGT = null;
// Get a credential for the middle service to the backend so we know
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java
index 6f10c005f9f..0332c17e1a8 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,6 @@
package sun.security.krb5.internal;
-import sun.security.krb5.Config;
import sun.security.krb5.Asn1Exception;
import sun.security.util.*;
import java.net.InetAddress;
@@ -41,6 +40,7 @@ import java.net.UnknownHostException;
import java.io.IOException;
import java.util.Arrays;
+import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 HostAddress type.
*
@@ -63,7 +63,6 @@ public class HostAddress implements Cloneable {
byte[] address = null;
private static InetAddress localInetAddress; //caches local inet address
- private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private volatile int hashCode = 0;
private HostAddress(int dummy) {}
@@ -191,10 +190,10 @@ public class HostAddress implements Cloneable {
if (new_address != null) {
address = new_address.clone();
}
- if (DEBUG) {
+ if (DEBUG != null) {
if (addrType == Krb5.ADDRTYPE_INET ||
addrType == Krb5.ADDRTYPE_INET6) {
- System.out.println("Host address is " +
+ DEBUG.println("Host address is " +
InetAddress.getByAddress(address));
}
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java
index 1441624abd2..d5f21d79bbd 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,8 @@ import java.util.*;
import java.io.IOException;
import sun.security.krb5.internal.ccache.CCacheOutputStream;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Implements the ASN.1 HostAddresses type.
*
@@ -64,7 +66,6 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
*/
public class HostAddresses implements Cloneable {
- private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private HostAddress[] addresses = null;
private volatile int hashCode = 0;
@@ -276,25 +277,25 @@ public class HostAddresses implements Cloneable {
{
Set all = new LinkedHashSet<>();
try {
- if (DEBUG) {
- System.out.println(">>> KrbKdcReq local addresses are:");
+ if (DEBUG != null) {
+ DEBUG.println(">>> KrbKdcReq local addresses are:");
}
String extra = Config.getInstance().getAll(
"libdefaults", "extra_addresses");
if (extra != null) {
for (String s: extra.split("\\s+")) {
all.add(InetAddress.getByName(s));
- if (DEBUG) {
- System.out.println(" extra_addresses: "
+ if (DEBUG != null) {
+ DEBUG.println(" extra_addresses: "
+ InetAddress.getByName(s));
}
}
}
for (NetworkInterface ni:
Collections.list(NetworkInterface.getNetworkInterfaces())) {
- if (DEBUG) {
- System.out.println(" NetworkInterface " + ni + ":");
- System.out.println(" "
+ if (DEBUG != null) {
+ DEBUG.println(" NetworkInterface " + ni + ":");
+ DEBUG.println(" "
+ Collections.list(ni.getInetAddresses()));
}
all.addAll(Collections.list(ni.getInetAddresses()));
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCOptions.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCOptions.java
index 76a71cb603c..bda5a2c3f5e 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCOptions.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCOptions.java
@@ -37,6 +37,8 @@ import sun.security.krb5.internal.util.KerberosFlags;
import sun.security.util.*;
import java.io.IOException;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Implements the ASN.1 KDCOptions type.
*
@@ -170,8 +172,6 @@ public class KDCOptions extends KerberosFlags {
"VALIDATE", //31;
};
- private boolean DEBUG = Krb5.DEBUG;
-
public static KDCOptions with(int... flags) {
KDCOptions options = new KDCOptions();
for (int flag: flags) {
@@ -321,8 +321,8 @@ public class KDCOptions extends KerberosFlags {
}
}
} catch (KrbException e) {
- if (DEBUG) {
- System.out.println("Exception in getting default values for " +
+ if (DEBUG != null) {
+ DEBUG.println("Exception in getting default values for " +
"KDC Options from the configuration ");
e.printStackTrace();
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCRep.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCRep.java
index 0548a1aa497..015d5c08cc8 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCRep.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KDCRep.java
@@ -35,6 +35,8 @@ import sun.security.util.*;
import java.io.IOException;
import java.math.BigInteger;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Implements the ASN.1 KDC-REP type.
*
@@ -68,7 +70,6 @@ public class KDCRep {
private int pvno;
private int msgType;
public PAData[] pAData = null; //optional
- private boolean DEBUG = Krb5.DEBUG;
public KDCRep(
PAData[] new_pAData,
@@ -131,8 +132,8 @@ public class KDCRep {
KrbApErrException {
DerValue der, subDer;
if ((encoding.getTag() & 0x1F) != req_type) {
- if (DEBUG) {
- System.out.println(">>> KDCRep: init() " +
+ if (DEBUG != null) {
+ DEBUG.println(">>> KDCRep: init() " +
"encoding tag is " +
encoding.getTag() +
" req type is " + req_type);
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java
index 2b9f69ad536..b93ced00c65 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -47,6 +47,8 @@ import java.util.List;
import java.util.Objects;
import sun.security.krb5.internal.util.KerberosString;
+
+import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 KRBError type.
*
@@ -103,8 +105,6 @@ public class KRBError implements java.io.Serializable {
private PAData[] pa; // PA-DATA in eData
- private static boolean DEBUG = Krb5.DEBUG;
-
private void readObject(ObjectInputStream is)
throws IOException, ClassNotFoundException {
try {
@@ -232,16 +232,16 @@ public class KRBError implements java.io.Serializable {
// may fail.
parsePAData(data);
} catch (Exception e) {
- if (DEBUG) {
- System.out.println("Unable to parse eData field of KRB-ERROR:\n" +
+ if (DEBUG != null) {
+ DEBUG.println("Unable to parse eData field of KRB-ERROR:\n" +
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
}
throw new IOException(
"Unable to parse eData field of KRB-ERROR", e);
}
} else {
- if (DEBUG) {
- System.out.println("Unknown eData field of KRB-ERROR:\n" +
+ if (DEBUG != null) {
+ DEBUG.println("Unknown eData field of KRB-ERROR:\n" +
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
}
}
@@ -260,8 +260,8 @@ public class KRBError implements java.io.Serializable {
DerValue tmp = derPA.data.getDerValue();
PAData pa_data = new PAData(tmp);
paList.add(pa_data);
- if (DEBUG) {
- System.out.println(pa_data);
+ if (DEBUG != null) {
+ DEBUG.println(pa_data.toString());
}
}
pa = paList.toArray(new PAData[paList.size()]);
@@ -389,35 +389,35 @@ public class KRBError implements java.io.Serializable {
* For debug use only
*/
private void showDebug() {
- if (DEBUG) {
- System.out.println(">>>KRBError:");
+ if (DEBUG != null) {
+ DEBUG.println(">>>KRBError:");
if (cTime != null)
- System.out.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
+ DEBUG.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
if (cuSec != null) {
- System.out.println("\t cuSec is " + cuSec.intValue());
+ DEBUG.println("\t cuSec is " + cuSec.intValue());
}
- System.out.println("\t sTime is " + sTime.toDate().toString
+ DEBUG.println("\t sTime is " + sTime.toDate().toString
() + " " + sTime.toDate().getTime());
- System.out.println("\t suSec is " + suSec);
- System.out.println("\t error code is " + errorCode);
- System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
+ DEBUG.println("\t suSec is " + suSec);
+ DEBUG.println("\t error code is " + errorCode);
+ DEBUG.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
if (crealm != null) {
- System.out.println("\t crealm is " + crealm.toString());
+ DEBUG.println("\t crealm is " + crealm.toString());
}
if (cname != null) {
- System.out.println("\t cname is " + cname.toString());
+ DEBUG.println("\t cname is " + cname.toString());
}
if (sname != null) {
- System.out.println("\t sname is " + sname.toString());
+ DEBUG.println("\t sname is " + sname.toString());
}
if (eData != null) {
- System.out.println("\t eData provided.");
+ DEBUG.println("\t eData provided.");
}
if (eCksum != null) {
- System.out.println("\t checksum provided.");
+ DEBUG.println("\t checksum provided.");
}
- System.out.println("\t msgType is " + msgType);
+ DEBUG.println("\t msgType is " + msgType);
}
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java
index 72b7f041e31..e638541ca1f 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/KerberosTime.java
@@ -43,6 +43,8 @@ import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Implements the ASN.1 KerberosTime type. This is an immutable class.
*
@@ -72,8 +74,6 @@ public class KerberosTime {
private static long initMilli = System.currentTimeMillis();
private static long initMicro = System.nanoTime() / 1000;
- private static boolean DEBUG = Krb5.DEBUG;
-
// Do not make this public. It's a little confusing that micro
// is only the last 3 digits of microsecond.
private KerberosTime(long time, int micro) {
@@ -144,8 +144,8 @@ public class KerberosTime {
long microElapsed = newMicro - initMicro;
long calcMilli = initMilli + microElapsed/1000;
if (calcMilli - newMilli > 100 || newMilli - calcMilli > 100) {
- if (DEBUG) {
- System.out.println("System time adjusted");
+ if (DEBUG != null) {
+ DEBUG.println("System time adjusted");
}
initMilli = newMilli;
initMicro = newMicro;
@@ -297,8 +297,8 @@ public class KerberosTime {
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
- if (DEBUG) {
- System.out.println("Exception in getting clockskew from " +
+ if (DEBUG != null) {
+ DEBUG.println("Exception in getting clockskew from " +
"Configuration " +
"using default value: " +
e.getMessage());
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java
index 4b3d3910b28..3cbef7e74d2 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,8 @@
package sun.security.krb5.internal;
-import sun.security.action.GetBooleanAction;
+import sun.security.action.GetPropertyAction;
+import sun.security.util.Debug;
import java.util.Hashtable;
@@ -315,8 +316,8 @@ public class Krb5 {
}
// Warning: used by NativeCreds.c
- public static final boolean DEBUG = GetBooleanAction
- .privilegedGetProperty("sun.security.krb5.debug");
+ public static final Debug DEBUG = Debug.of("krb5", GetPropertyAction
+ .privilegedGetProperty("sun.security.krb5.debug"));
public static final sun.security.util.HexDumpEncoder hexDumper =
new sun.security.util.HexDumpEncoder();
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/NetClient.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/NetClient.java
index 97eba77e148..2c3f564d8d5 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/NetClient.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/NetClient.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,8 @@ import java.io.*;
import java.net.*;
import sun.security.util.IOUtils;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
public abstract class NetClient implements AutoCloseable {
public static NetClient getInstance(String protocol, String hostname, int port,
int timeout) throws IOException {
@@ -81,21 +83,21 @@ class TCPClient extends NetClient {
int count = readFully(lenField, 4);
if (count != 4) {
- if (Krb5.DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>>DEBUG: TCPClient could not read length field");
}
return null;
}
int len = networkByteOrderToInt(lenField, 0, 4);
- if (Krb5.DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>>DEBUG: TCPClient reading " + len + " bytes");
}
if (len <= 0) {
- if (Krb5.DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>>DEBUG: TCPClient zero or negative length field: "+len);
}
return null;
@@ -104,8 +106,8 @@ class TCPClient extends NetClient {
try {
return IOUtils.readExactlyNBytes(in, len);
} catch (IOException ioe) {
- if (Krb5.DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>>DEBUG: TCPClient could not read complete packet (" +
len + "/" + count + ")");
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
index 8695281f893..a6bb5c05119 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,8 @@ import sun.security.krb5.internal.*;
import sun.security.krb5.internal.util.KrbDataInputStream;
import sun.security.util.IOUtils;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class extends KrbDataInputStream. It is used for parsing FCC-format
* data from file to memory.
@@ -67,8 +69,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
*/
/* V4 of the credentials cache format allows for header tags */
- private static final boolean DEBUG = Krb5.DEBUG;
-
public CCacheInputStream(InputStream is){
super(is);
}
@@ -212,8 +212,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
addrType = read(2);
addrLength = readLength4();
if (!(addrLength == 4 || addrLength == 16)) {
- if (DEBUG) {
- System.out.println("Incorrect address format.");
+ if (DEBUG != null) {
+ DEBUG.println("Incorrect address format.");
}
return null;
}
@@ -280,7 +280,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
flags[10] = true;
if ((ticketFlags & 0x00100000) == TKT_FLG_HW_AUTH)
flags[11] = true;
- if (DEBUG) {
+ if (DEBUG != null) {
String msg = ">>> CCacheInputStream: readFlags() ";
if (flags[1] == true) {
msg += " FORWARDABLE;";
@@ -316,7 +316,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
if (flags[11] == true) {
msg += " HW_AUTH;";
}
- System.out.println(msg);
+ DEBUG.println(msg);
}
return flags;
}
@@ -336,8 +336,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
// Do not return here. All data for this cred should be fully
// consumed so that we can read the next one.
}
- if (DEBUG) {
- System.out.println(">>>DEBUG client principal is " + cpname);
+ if (DEBUG != null) {
+ DEBUG.println(">>>DEBUG client principal is " + cpname);
}
PrincipalName spname = null;
try {
@@ -345,12 +345,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
} catch (Exception e) {
// same as above
}
- if (DEBUG) {
- System.out.println(">>>DEBUG server principal is " + spname);
+ if (DEBUG != null) {
+ DEBUG.println(">>>DEBUG server principal is " + spname);
}
EncryptionKey key = readKey(version);
- if (DEBUG) {
- System.out.println(">>>DEBUG key type: " + key.getEType());
+ if (DEBUG != null) {
+ DEBUG.println(">>>DEBUG key type: " + key.getEType());
}
long[] times = readTimes();
KerberosTime authtime = new KerberosTime(times[0]);
@@ -360,12 +360,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
KerberosTime renewTill =
(times[3]==0) ? null : new KerberosTime(times[3]);
- if (DEBUG) {
- System.out.println(">>>DEBUG auth time: " + authtime.toDate().toString());
- System.out.println(">>>DEBUG start time: " +
+ if (DEBUG != null) {
+ DEBUG.println(">>>DEBUG auth time: " + authtime.toDate().toString());
+ DEBUG.println(">>>DEBUG start time: " +
((starttime==null)?"null":starttime.toDate().toString()));
- System.out.println(">>>DEBUG end time: " + endtime.toDate().toString());
- System.out.println(">>>DEBUG renew_till time: " +
+ DEBUG.println(">>>DEBUG end time: " + endtime.toDate().toString());
+ DEBUG.println(">>>DEBUG renew_till time: " +
((renewTill==null)?"null":renewTill.toDate().toString()));
}
boolean skey = readskey();
@@ -404,8 +404,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
ticketData != null ? new Ticket(ticketData) : null,
ticketData2 != null ? new Ticket(ticketData2) : null);
} catch (Exception e) { // If any of new Ticket(*) fails.
- if (DEBUG) {
- e.printStackTrace(System.out);
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
return null;
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
index 0eac815118b..6cefb646297 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,6 +54,7 @@ import java.io.BufferedReader;
import java.io.InputStreamReader;
import static java.nio.charset.StandardCharsets.ISO_8859_1;
+import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* CredentialsCache stores credentials(tickets, session keys, etc.) in a
@@ -70,7 +71,6 @@ public class FileCredentialsCache extends CredentialsCache
public Tag tag; // optional
public PrincipalName primaryPrincipal;
private Vector credentialsList;
- private static final boolean DEBUG = Krb5.DEBUG;
public static synchronized FileCredentialsCache acquireInstance(
PrincipalName principal, String cache) {
@@ -92,8 +92,8 @@ public class FileCredentialsCache extends CredentialsCache
return fcc;
} catch (IOException | KrbException e) {
// we don't handle it now, instead we return a null at the end.
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;
@@ -128,8 +128,8 @@ public class FileCredentialsCache extends CredentialsCache
return fcc;
}
catch (IOException | KrbException e) {
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;
@@ -213,8 +213,8 @@ public class FileCredentialsCache extends CredentialsCache
tmp.sname.getRealmString()))) {
matched = true;
if (c.endtime.getTime() >= tmp.endtime.getTime()) {
- if (DEBUG) {
- System.out.println(" >>> FileCredentialsCache "
+ if (DEBUG != null) {
+ DEBUG.println(" >>> FileCredentialsCache "
+ "Ticket matched, overwrite "
+ "the old one.");
}
@@ -224,8 +224,8 @@ public class FileCredentialsCache extends CredentialsCache
}
}
if (!matched) {
- if (DEBUG) {
- System.out.println(" >>> FileCredentialsCache Ticket "
+ if (DEBUG != null) {
+ DEBUG.println(" >>> FileCredentialsCache Ticket "
+ "not exactly matched, "
+ "add new one into cache.");
}
@@ -349,8 +349,8 @@ public class FileCredentialsCache extends CredentialsCache
CredentialsCache.ConfigEntry entry = getConfigEntry("proxy_impersonator");
if (entry == null) {
- if (DEBUG) {
- System.out.println("get normal credential");
+ if (DEBUG != null) {
+ DEBUG.println("get normal credential");
}
return tgt;
}
@@ -363,8 +363,8 @@ public class FileCredentialsCache extends CredentialsCache
}
switch (prop) {
case "no-impersonate": // never try impersonation
- if (DEBUG) {
- System.out.println("get normal credential");
+ if (DEBUG != null) {
+ DEBUG.println("get normal credential");
}
return tgt;
case "try-impersonate":
@@ -382,8 +382,8 @@ public class FileCredentialsCache extends CredentialsCache
PrincipalName service = new PrincipalName(
new String(entry.getData(), StandardCharsets.UTF_8));
if (!tgt.getClient().equals(service)) {
- if (DEBUG) {
- System.out.println("proxy_impersonator does not match service name");
+ if (DEBUG != null) {
+ DEBUG.println("proxy_impersonator does not match service name");
}
return force ? null : tgt;
}
@@ -397,18 +397,18 @@ public class FileCredentialsCache extends CredentialsCache
}
}
if (proxy == null) {
- if (DEBUG) {
- System.out.println("Cannot find evidence ticket in ccache");
+ if (DEBUG != null) {
+ DEBUG.println("Cannot find evidence ticket in ccache");
}
return force ? null : tgt;
}
- if (DEBUG) {
- System.out.println("Get proxied credential");
+ if (DEBUG != null) {
+ DEBUG.println("Get proxied credential");
}
return tgt.setProxy(proxy.setKrbCreds());
} catch (KrbException e) {
- if (DEBUG) {
- System.out.println("Impersonation with ccache failed");
+ if (DEBUG != null) {
+ DEBUG.println("Impersonation with ccache failed");
}
return force ? null : tgt;
}
@@ -460,8 +460,8 @@ public class FileCredentialsCache extends CredentialsCache
return cache;
});
if (name != null) {
- if (DEBUG) {
- System.out.println(">>>KinitOptions cache name is " + name);
+ if (DEBUG != null) {
+ DEBUG.println(">>>KinitOptions cache name is " + name);
}
return name;
}
@@ -482,14 +482,14 @@ public class FileCredentialsCache extends CredentialsCache
if (uid != -1) {
name = File.separator + "tmp" +
File.separator + stdCacheNameComponent + "_" + uid;
- if (DEBUG) {
- System.out.println(">>>KinitOptions cache name is " +
+ if (DEBUG != null) {
+ DEBUG.println(">>>KinitOptions cache name is " +
name);
}
return name;
} else {
- if (DEBUG) {
- System.out.println("Error in obtaining uid " +
+ if (DEBUG != null) {
+ DEBUG.println("Error in obtaining uid " +
"for Unix platforms " +
"Using user's home directory");
}
@@ -513,8 +513,8 @@ public class FileCredentialsCache extends CredentialsCache
name = user_home + File.separator + stdCacheNameComponent;
}
- if (DEBUG) {
- System.out.println(">>>KinitOptions cache name is " + name);
+ if (DEBUG != null) {
+ DEBUG.println(">>>KinitOptions cache name is " + name);
}
return name;
@@ -562,8 +562,8 @@ public class FileCredentialsCache extends CredentialsCache
try {
return (Runtime.getRuntime().exec(command));
} catch (IOException e) {
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
return null;
}
@@ -592,8 +592,8 @@ public class FileCredentialsCache extends CredentialsCache
commandResult.close();
return s1;
} catch (Exception e) {
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/CksumType.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/CksumType.java
index a437db94c2c..fefb07f9adc 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/CksumType.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/CksumType.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,9 +35,9 @@ import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
-public abstract class CksumType {
+import static sun.security.krb5.internal.Krb5.DEBUG;
- private static boolean DEBUG = Krb5.DEBUG;
+public abstract class CksumType {
public static CksumType getInstance(int cksumTypeConst)
throws KdcErrException {
@@ -121,8 +121,8 @@ public abstract class CksumType {
default:
throw new KdcErrException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
}
- if (DEBUG) {
- System.out.println(">>> CksumType: " + cksumTypeName);
+ if (DEBUG != null) {
+ DEBUG.println(">>> CksumType: " + cksumTypeName);
}
return cksumType;
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java
index 1f8b6d993e8..ee385affb9e 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,13 +42,13 @@ import java.util.Arrays;
import java.util.List;
import java.util.ArrayList;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
//only needed if dataSize() implementation changes back to spec;
//see dataSize() below
public abstract class EType {
- private static final boolean DEBUG = Krb5.DEBUG;
-
// etypes supported by JDK, including weak ones
private static int[] supportedETypes;
// common default etypes if not defined in krb5.conf
@@ -83,8 +83,8 @@ public abstract class EType {
allowWeakCrypto = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
== Boolean.TRUE;
} catch (Exception exc) {
- if (DEBUG) {
- System.out.println ("Exception in getting allow_weak_crypto, " +
+ if (DEBUG != null) {
+ DEBUG.println ("Exception in getting allow_weak_crypto, " +
"using default value: " +
exc.getMessage());
}
@@ -160,8 +160,8 @@ public abstract class EType {
+ " (" + eTypeConst + ")";
throw new KdcErrException(Krb5.KDC_ERR_ETYPE_NOSUPP, msg);
}
- if (DEBUG) {
- System.out.println(">>> EType: " + eTypeName);
+ if (DEBUG != null) {
+ DEBUG.println(">>> EType: " + eTypeName);
}
return eType;
}
@@ -245,10 +245,10 @@ public abstract class EType {
try {
config = Config.getInstance();
} catch (KrbException exc) {
- if (DEBUG) {
- System.out.println("Exception while getting " +
+ if (DEBUG != null) {
+ DEBUG.println("Exception while getting " +
configName + ": " + exc.getMessage());
- System.out.println("Using default builtin etypes");
+ DEBUG.println("Using default builtin etypes");
}
return getBuiltInDefaults();
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/crc32.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/crc32.java
index fc165a64e64..a4b96603f76 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/crc32.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/crc32.java
@@ -33,10 +33,11 @@ package sun.security.krb5.internal.crypto;
import java.security.MessageDigestSpi;
import java.security.DigestException;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
public final class crc32 extends MessageDigestSpi implements Cloneable {
private static final int CRC32_LENGTH = 4; //32-bit
private int seed;
- private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
// buffer;
// private int bufferIndex, bufferLeft;
@@ -259,9 +260,9 @@ public final class crc32 extends MessageDigestSpi implements Cloneable {
public static byte[] byte2crc32sum_bytes(byte[] data, int size) {
int temp = byte2crc32sum(0, data, size);
- if (DEBUG) {
- System.out.println(">>>crc32: " + Integer.toHexString(temp));
- System.out.println(">>>crc32: " + Integer.toBinaryString(temp));
+ if (DEBUG != null) {
+ DEBUG.println(">>>crc32: " + Integer.toHexString(temp));
+ DEBUG.println(">>>crc32: " + Integer.toBinaryString(temp));
}
return int2quad(temp);
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java
index a8bda6008f6..4b587431255 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -140,7 +140,7 @@ public class ArcFourCrypto extends DkCrypto {
int start, int len) throws GeneralSecurityException {
if (debug) {
- System.out.println("ARCFOUR: calculateChecksum with usage = " +
+ System.err.println("ARCFOUR: calculateChecksum with usage = " +
usage);
}
@@ -258,7 +258,7 @@ public class ArcFourCrypto extends DkCrypto {
}
if (debug) {
- System.out.println("ArcFour: ENCRYPT with key usage = " + usage);
+ System.err.println("ArcFour: ENCRYPT with key usage = " + usage);
}
// get the confounder
@@ -313,7 +313,7 @@ public class ArcFourCrypto extends DkCrypto {
}
if (debug) {
- System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
+ System.err.println("\nARCFOUR: encryptRaw with usage = " + usage);
}
// Derive encryption key for data
@@ -352,7 +352,7 @@ public class ArcFourCrypto extends DkCrypto {
+ usage);
}
if (debug) {
- System.out.println("\nARCFOUR: DECRYPT using key usage = " + usage);
+ System.err.println("\nARCFOUR: DECRYPT using key usage = " + usage);
}
// compute K1
@@ -424,7 +424,7 @@ public class ArcFourCrypto extends DkCrypto {
+ usage);
}
if (debug) {
- System.out.println("\nARCFOUR: decryptRaw with usage = " + usage);
+ System.err.println("\nARCFOUR: decryptRaw with usage = " + usage);
}
// Derive encryption key for data
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
index 64d55a1f8c6..ff65cb22247 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,8 @@ import java.util.StringTokenizer;
import java.util.Vector;
import sun.security.jgss.krb5.ServiceCreds;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class represents key table. The key table functions deal with storing
* and retrieving service keys for use in authentication exchanges.
@@ -64,7 +66,6 @@ import sun.security.jgss.krb5.ServiceCreds;
*/
public class KeyTab implements KeyTabConstants {
- private static final boolean DEBUG = Krb5.DEBUG;
private static String defaultTabName = null;
// Attention: Currently there is no way to remove a keytab from this map,
@@ -101,14 +102,14 @@ public class KeyTab implements KeyTabConstants {
} catch (FileNotFoundException e) {
entries.clear();
isMissing = true;
- if (DEBUG) {
- System.out.println("Cannot load keytab " + tabName + ": " + e);
+ if (DEBUG != null) {
+ DEBUG.println("Cannot load keytab " + tabName + ": " + e);
}
} catch (Exception ioe) {
entries.clear();
isValid = false;
- if (DEBUG) {
- System.out.println("Cannot load keytab " + tabName + ": " + ioe);
+ if (DEBUG != null) {
+ DEBUG.println("Cannot load keytab " + tabName + ": " + ioe);
}
}
}
@@ -263,8 +264,8 @@ public class KeyTab implements KeyTabConstants {
while (kis.available() > 0) {
entryLength = kis.readEntryLength();
entry = kis.readEntry(entryLength, kt_vno);
- if (DEBUG) {
- System.out.println(">>> KeyTab: load() entry length: " +
+ if (DEBUG != null) {
+ DEBUG.println(">>> KeyTab: load() entry length: " +
entryLength + "; type: " +
(entry != null? entry.keyType : 0));
}
@@ -293,8 +294,8 @@ public class KeyTab implements KeyTabConstants {
EncryptionKey key;
int size = entries.size();
ArrayList keys = new ArrayList<>(size);
- if (DEBUG) {
- System.out.println("Looking for keys for: " + service);
+ if (DEBUG != null) {
+ DEBUG.println("Looking for keys for: " + service);
}
for (int i = size-1; i >= 0; i--) {
entry = entries.elementAt(i);
@@ -304,12 +305,12 @@ public class KeyTab implements KeyTabConstants {
entry.keyType,
entry.keyVersion);
keys.add(key);
- if (DEBUG) {
- System.out.println("Added key: " + entry.keyType +
+ if (DEBUG != null) {
+ DEBUG.println("Added key: " + entry.keyType +
", version: " + entry.keyVersion);
}
- } else if (DEBUG) {
- System.out.println("Found unsupported keytype (" +
+ } else if (DEBUG != null) {
+ DEBUG.println("Found unsupported keytype (" +
entry.keyType + ") for " + service);
}
}
@@ -347,8 +348,8 @@ public class KeyTab implements KeyTabConstants {
if (entry.service.match(service)) {
if (EType.isSupported(entry.keyType)) {
return true;
- } else if (DEBUG) {
- System.out.println("Found unsupported keytype (" +
+ } else if (DEBUG != null) {
+ DEBUG.println("Found unsupported keytype (" +
entry.keyType + ") for " + service);
}
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java
index 76207991969..8aa7c0b4b48 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import static java.nio.charset.StandardCharsets.ISO_8859_1;
+import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class represents a Key Table entry. Each entry contains the service principal of
@@ -49,7 +50,6 @@ public class KeyTabEntry implements KeyTabConstants {
int keyVersion;
int keyType;
byte[] keyblock = null;
- boolean DEBUG = Krb5.DEBUG;
public KeyTabEntry (PrincipalName new_service, Realm new_realm, KerberosTime new_time,
int new_keyVersion, int new_keyType, byte[] new_keyblock) {
@@ -95,8 +95,8 @@ public class KeyTabEntry implements KeyTabConstants {
+ timestampSize + keyVersionSize
+ keyTypeSize + keySize + keyblock.length;
- if (DEBUG) {
- System.out.println(">>> KeyTabEntry: key tab entry size is " + size);
+ if (DEBUG != null) {
+ DEBUG.println(">>> KeyTabEntry: key tab entry size is " + size);
}
return size;
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
index 83d2b6bb2c8..920e3446b7e 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabInputStream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@ import sun.security.krb5.internal.util.KrbDataInputStream;
import java.io.IOException;
import java.io.InputStream;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class implements a buffered input stream. It is used for parsing key table
* data to memory.
@@ -48,7 +50,6 @@ import java.io.InputStream;
*/
public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConstants {
- boolean DEBUG = Krb5.DEBUG;
int index;
public KeyTabInputStream(InputStream is) {
@@ -151,8 +152,8 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
read(bytes, 0, length);
index -= length;
name = new String(bytes);
- if (DEBUG) {
- System.out.println(">>> KeyTabInputStream, readName(): " + name);
+ if (DEBUG != null) {
+ DEBUG.println(">>> KeyTabInputStream, readName(): " + name);
}
return name;
}
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/MemoryCache.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/MemoryCache.java
index 351f14eca89..164ea25a8ba 100644
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/MemoryCache.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/MemoryCache.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,8 @@ import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.krb5.internal.ReplayCache;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class stores replay caches. AuthTimeWithHash objects are categorized
* into AuthLists keyed by the names of client and server.
@@ -48,7 +50,6 @@ public class MemoryCache extends ReplayCache {
// TODO: One day we'll need to read dynamic krb5.conf.
private static final int lifespan = KerberosTime.getDefaultSkew();
- private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private final Map content = new ConcurrentHashMap<>();
@@ -58,8 +59,8 @@ public class MemoryCache extends ReplayCache {
String key = time.client + "|" + time.server;
content.computeIfAbsent(key, k -> new AuthList(lifespan))
.put(time, currTime);
- if (DEBUG) {
- System.out.println("MemoryCache: add " + time + " to " + key);
+ if (DEBUG != null) {
+ DEBUG.println("MemoryCache: add " + time + " to " + key);
}
// TODO: clean up AuthList entries with only expired AuthTimeWithHash objects.
}
diff --git a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
index 90f5016e647..45f4513416c 100644
--- a/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -99,9 +99,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_init(JNIEnv *env,
MAX_MSG_SIZE,
NULL);
if (0 == dwRes) {
- printf("GSS-API: Unknown failure %d\n", dwError);
+ TRACE1("GSS-API: Unknown failure %d", dwError);
} else {
- printf("GSS-API: %s\n",szMsgBuf);
+ TRACE1("GSS-API: %s",szMsgBuf);
}
#else
char* error = dlerror();
diff --git a/src/java.security.jgss/share/native/libj2gss/NativeUtil.c b/src/java.security.jgss/share/native/libj2gss/NativeUtil.c
index a1801347898..c607653870d 100644
--- a/src/java.security.jgss/share/native/libj2gss/NativeUtil.c
+++ b/src/java.security.jgss/share/native/libj2gss/NativeUtil.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -106,7 +106,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
/* Retrieve and store the classes in global ref */
cls = (*env)->FindClass(env, "java/lang/Object");
if (cls == NULL) {
- printf("Couldn't find Object class\n");
+ fprintf(stderr, "Couldn't find Object class\n");
return JNI_ERR;
}
CLS_Object = (*env)->NewGlobalRef(env, cls);
@@ -115,7 +115,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "java/lang/String");
if (cls == NULL) {
- printf("Couldn't find String class\n");
+ fprintf(stderr, "Couldn't find String class\n");
return JNI_ERR;
}
CLS_String = (*env)->NewGlobalRef(env, cls);
@@ -124,7 +124,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "org/ietf/jgss/Oid");
if (cls == NULL) {
- printf("Couldn't find org.ietf.jgss.Oid class\n");
+ fprintf(stderr, "Couldn't find org.ietf.jgss.Oid class\n");
return JNI_ERR;
}
CLS_Oid = (*env)->NewGlobalRef(env, cls);
@@ -133,7 +133,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "org/ietf/jgss/GSSException");
if (cls == NULL) {
- printf("Couldn't find org.ietf.jgss.GSSException class\n");
+ fprintf(stderr, "Couldn't find org.ietf.jgss.GSSException class\n");
return JNI_ERR;
}
CLS_GSSException = (*env)->NewGlobalRef(env, cls);
@@ -142,7 +142,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSNameElement");
if (cls == NULL) {
- printf("Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
+ fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
return JNI_ERR;
}
CLS_GSSNameElement = (*env)->NewGlobalRef(env, cls);
@@ -151,7 +151,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSCredElement");
if (cls == NULL) {
- printf("Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
+ fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
return JNI_ERR;
}
CLS_GSSCredElement = (*env)->NewGlobalRef(env, cls);
@@ -160,7 +160,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/NativeGSSContext");
if (cls == NULL) {
- printf("Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
+ fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
return JNI_ERR;
}
CLS_NativeGSSContext = (*env)->NewGlobalRef(env, cls);
@@ -169,7 +169,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/SunNativeProvider");
if (cls == NULL) {
- printf("Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
+ fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
return JNI_ERR;
}
CLS_SunNativeProvider = (*env)->NewGlobalRef(env, cls);
@@ -180,115 +180,115 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
MID_String_ctor = (*env)->GetMethodID(env, CLS_String,
"", "([B)V");
if (MID_String_ctor == NULL) {
- printf("Couldn't find String(byte[]) constructor\n");
+ fprintf(stderr, "Couldn't find String(byte[]) constructor\n");
return JNI_ERR;
}
MID_Oid_ctor1 =
(*env)->GetMethodID(env, CLS_Oid, "", "([B)V");
if (MID_Oid_ctor1 == NULL) {
- printf("Couldn't find Oid(byte[]) constructor\n");
+ fprintf(stderr, "Couldn't find Oid(byte[]) constructor\n");
return JNI_ERR;
}
MID_Oid_getDER = (*env)->GetMethodID(env, CLS_Oid, "getDER", "()[B");
if (MID_Oid_getDER == NULL) {
- printf("Couldn't find Oid.getDER() method\n");
+ fprintf(stderr, "Couldn't find Oid.getDER() method\n");
return JNI_ERR;
}
cls = (*env)->FindClass(env, "org/ietf/jgss/MessageProp");
if (cls == NULL) {
- printf("Couldn't find org.ietf.jgss.MessageProp class\n");
+ fprintf(stderr, "Couldn't find org.ietf.jgss.MessageProp class\n");
return JNI_ERR;
}
MID_MessageProp_getPrivacy =
(*env)->GetMethodID(env, cls, "getPrivacy", "()Z");
if (MID_MessageProp_getPrivacy == NULL) {
- printf("Couldn't find MessageProp.getPrivacy() method\n");
+ fprintf(stderr, "Couldn't find MessageProp.getPrivacy() method\n");
return JNI_ERR;
}
MID_MessageProp_getQOP = (*env)->GetMethodID(env, cls, "getQOP", "()I");
if (MID_MessageProp_getQOP == NULL) {
- printf("Couldn't find MessageProp.getQOP() method\n");
+ fprintf(stderr, "Couldn't find MessageProp.getQOP() method\n");
return JNI_ERR;
}
MID_MessageProp_setPrivacy =
(*env)->GetMethodID(env, cls, "setPrivacy", "(Z)V");
if (MID_MessageProp_setPrivacy == NULL) {
- printf("Couldn't find MessageProp.setPrivacy(boolean) method\n");
+ fprintf(stderr, "Couldn't find MessageProp.setPrivacy(boolean) method\n");
return JNI_ERR;
}
MID_MessageProp_setQOP = (*env)->GetMethodID(env, cls, "setQOP", "(I)V");
if (MID_MessageProp_setQOP == NULL) {
- printf("Couldn't find MessageProp.setQOP(int) method\n");
+ fprintf(stderr, "Couldn't find MessageProp.setQOP(int) method\n");
return JNI_ERR;
}
MID_MessageProp_setSupplementaryStates =
(*env)->GetMethodID(env, cls, "setSupplementaryStates",
"(ZZZZILjava/lang/String;)V");
if (MID_MessageProp_setSupplementaryStates == NULL) {
- printf("Couldn't find MessageProp.setSupplementaryStates(...) method\n");
+ fprintf(stderr, "Couldn't find MessageProp.setSupplementaryStates(...) method\n");
return JNI_ERR;
}
MID_GSSException_ctor3 = (*env)->GetMethodID
(env, CLS_GSSException, "", "(IILjava/lang/String;)V");
if (MID_GSSException_ctor3 == NULL) {
- printf("Couldn't find GSSException(int, int, String) constructor\n");
+ fprintf(stderr, "Couldn't find GSSException(int, int, String) constructor\n");
return JNI_ERR;
}
cls = (*env)->FindClass(env, "org/ietf/jgss/ChannelBinding");
if (cls == NULL) {
- printf("Couldn't find org.ietf.jgss.ChannelBinding class\n");
+ fprintf(stderr, "Couldn't find org.ietf.jgss.ChannelBinding class\n");
return JNI_ERR;
}
MID_ChannelBinding_getInitiatorAddr =
(*env)->GetMethodID(env, cls, "getInitiatorAddress",
"()Ljava/net/InetAddress;");
if (MID_ChannelBinding_getInitiatorAddr == NULL) {
- printf("Couldn't find ChannelBinding.getInitiatorAddress() method\n");
+ fprintf(stderr, "Couldn't find ChannelBinding.getInitiatorAddress() method\n");
return JNI_ERR;
}
MID_ChannelBinding_getAcceptorAddr =
(*env)->GetMethodID(env, cls, "getAcceptorAddress",
"()Ljava/net/InetAddress;");
if (MID_ChannelBinding_getAcceptorAddr == NULL) {
- printf("Couldn't find ChannelBinding.getAcceptorAddress() method\n");
+ fprintf(stderr, "Couldn't find ChannelBinding.getAcceptorAddress() method\n");
return JNI_ERR;
}
MID_ChannelBinding_getAppData =
(*env)->GetMethodID(env, cls, "getApplicationData", "()[B");
if (MID_ChannelBinding_getAppData == NULL) {
- printf("Couldn't find ChannelBinding.getApplicationData() method\n");
+ fprintf(stderr, "Couldn't find ChannelBinding.getApplicationData() method\n");
return JNI_ERR;
}
cls = (*env)->FindClass(env, "java/net/InetAddress");
if (cls == NULL) {
- printf("Couldn't find java.net.InetAddress class\n");
+ fprintf(stderr, "Couldn't find java.net.InetAddress class\n");
return JNI_ERR;
}
MID_InetAddress_getAddr = (*env)->GetMethodID(env, cls, "getAddress",
"()[B");
if (MID_InetAddress_getAddr == NULL) {
- printf("Couldn't find InetAddress.getAddress() method\n");
+ fprintf(stderr, "Couldn't find InetAddress.getAddress() method\n");
return JNI_ERR;
}
MID_GSSNameElement_ctor =
(*env)->GetMethodID(env, CLS_GSSNameElement,
"", "(JLsun/security/jgss/wrapper/GSSLibStub;)V");
if (MID_GSSNameElement_ctor == NULL) {
- printf("Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
+ fprintf(stderr, "Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
return JNI_ERR;
}
MID_GSSCredElement_ctor =
(*env)->GetMethodID(env, CLS_GSSCredElement, "",
"(JLsun/security/jgss/wrapper/GSSNameElement;Lorg/ietf/jgss/Oid;)V");
if (MID_GSSCredElement_ctor == NULL) {
- printf("Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
+ fprintf(stderr, "Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
return JNI_ERR;
}
MID_NativeGSSContext_ctor =
(*env)->GetMethodID(env, CLS_NativeGSSContext, "",
"(JLsun/security/jgss/wrapper/GSSLibStub;)V");
if (MID_NativeGSSContext_ctor == NULL) {
- printf("Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
return JNI_ERR;
}
@@ -296,78 +296,78 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
(*env)->GetMethodID(env, CLS_NativeGSSContext, "setContext",
"(J)V");
if (MID_NativeGSSContext_setContext == NULL) {
- printf("Couldn't find NativeGSSContext.setContext(long) method\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.setContext(long) method\n");
return JNI_ERR;
}
/* Compute and cache the field ID */
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSLibStub");
if (cls == NULL) {
- printf("Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
+ fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
return JNI_ERR;
}
FID_GSSLibStub_pMech =
(*env)->GetFieldID(env, cls, "pMech", "J");
if (FID_GSSLibStub_pMech == NULL) {
- printf("Couldn't find GSSLibStub.pMech field\n");
+ fprintf(stderr, "Couldn't find GSSLibStub.pMech field\n");
return JNI_ERR;
}
FID_NativeGSSContext_pContext =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "pContext", "J");
if (FID_NativeGSSContext_pContext == NULL) {
- printf("Couldn't find NativeGSSContext.pContext field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.pContext field\n");
return JNI_ERR;
}
FID_NativeGSSContext_srcName =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "srcName",
"Lsun/security/jgss/wrapper/GSSNameElement;");
if (FID_NativeGSSContext_srcName == NULL) {
- printf("Couldn't find NativeGSSContext.srcName field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.srcName field\n");
return JNI_ERR;
}
FID_NativeGSSContext_targetName =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "targetName",
"Lsun/security/jgss/wrapper/GSSNameElement;");
if (FID_NativeGSSContext_targetName == NULL) {
- printf("Couldn't find NativeGSSContext.targetName field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.targetName field\n");
return JNI_ERR;
}
FID_NativeGSSContext_isInitiator =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isInitiator", "Z");
if (FID_NativeGSSContext_isInitiator == NULL) {
- printf("Couldn't find NativeGSSContext.isInitiator field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.isInitiator field\n");
return JNI_ERR;
}
FID_NativeGSSContext_isEstablished =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isEstablished", "Z");
if (FID_NativeGSSContext_isEstablished == NULL) {
- printf("Couldn't find NativeGSSContext.isEstablished field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.isEstablished field\n");
return JNI_ERR;
}
FID_NativeGSSContext_delegatedCred =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "delegatedCred",
"Lsun/security/jgss/wrapper/GSSCredElement;");
if (FID_NativeGSSContext_delegatedCred == NULL) {
- printf("Couldn't find NativeGSSContext.delegatedCred field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.delegatedCred field\n");
return JNI_ERR;
}
FID_NativeGSSContext_flags =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "flags", "I");
if (FID_NativeGSSContext_flags == NULL) {
- printf("Couldn't find NativeGSSContext.flags field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.flags field\n");
return JNI_ERR;
}
FID_NativeGSSContext_lifetime =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "lifetime", "I");
if (FID_NativeGSSContext_lifetime == NULL) {
- printf("Couldn't find NativeGSSContext.lifetime field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.lifetime field\n");
return JNI_ERR;
}
FID_NativeGSSContext_actualMech =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "actualMech",
"Lorg/ietf/jgss/Oid;");
if (FID_NativeGSSContext_actualMech == NULL) {
- printf("Couldn't find NativeGSSContext.actualMech field\n");
+ fprintf(stderr, "Couldn't find NativeGSSContext.actualMech field\n");
return JNI_ERR;
}
return JNI_VERSION_1_2;
diff --git a/src/java.security.jgss/share/native/libj2gss/NativeUtil.h b/src/java.security.jgss/share/native/libj2gss/NativeUtil.h
index 81873252900..b238e6a9acd 100644
--- a/src/java.security.jgss/share/native/libj2gss/NativeUtil.h
+++ b/src/java.security.jgss/share/native/libj2gss/NativeUtil.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -84,10 +84,10 @@ extern "C" {
extern jfieldID FID_NativeGSSContext_flags;
extern jfieldID FID_NativeGSSContext_lifetime;
extern jfieldID FID_NativeGSSContext_actualMech;
- #define TRACE0(s) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stdout); }}
- #define TRACE1(s, p1) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stdout); }}
- #define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stdout); }}
- #define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stdout); }}
+ #define TRACE0(s) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stderr); }}
+ #define TRACE1(s, p1) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stderr); }}
+ #define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stderr); }}
+ #define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stderr); }}
#ifdef __cplusplus
diff --git a/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Kinit.java b/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Kinit.java
index a14ece6ee0e..9d24de5c2e6 100644
--- a/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Kinit.java
+++ b/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Kinit.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@ import java.util.Arrays;
import sun.security.util.Password;
import javax.security.auth.kerberos.KeyTab;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Kinit tool for obtaining Kerberos v5 tickets.
*
@@ -48,7 +50,6 @@ import javax.security.auth.kerberos.KeyTab;
public class Kinit {
private KinitOptions options;
- private static final boolean DEBUG = Krb5.DEBUG;
/**
* The main method is used to accept user command line input for ticket
@@ -180,8 +181,8 @@ public class Kinit {
princName = principal.toString();
}
KrbAsReqBuilder builder;
- if (DEBUG) {
- System.out.println("Principal is " + principal);
+ if (DEBUG != null) {
+ DEBUG.println("Principal is " + principal);
}
char[] psswd = options.password;
boolean useKeytab = options.useKeytabFile();
@@ -194,15 +195,15 @@ public class Kinit {
System.out.print("Password for " + princName + ":");
System.out.flush();
psswd = Password.readPassword(System.in);
- if (DEBUG) {
- System.out.println(">>> Kinit console input " +
+ if (DEBUG != null) {
+ DEBUG.println(">>> Kinit console input " +
new String(psswd));
}
}
builder = new KrbAsReqBuilder(principal, psswd);
} else {
- if (DEBUG) {
- System.out.println(">>> Kinit using keytab");
+ if (DEBUG != null) {
+ DEBUG.println(">>> Kinit using keytab");
}
if (princName == null) {
throw new IllegalArgumentException
@@ -210,8 +211,8 @@ public class Kinit {
}
String ktabName = options.keytabFileName();
if (ktabName != null) {
- if (DEBUG) {
- System.out.println(
+ if (DEBUG != null) {
+ DEBUG.println(
">>> Kinit keytab file name: " + ktabName);
}
}
@@ -230,15 +231,15 @@ public class Kinit {
realm = Config.getInstance().getDefaultRealm();
}
- if (DEBUG) {
- System.out.println(">>> Kinit realm name is " + realm);
+ if (DEBUG != null) {
+ DEBUG.println(">>> Kinit realm name is " + realm);
}
PrincipalName sname = PrincipalName.tgsService(realm, realm);
builder.setTarget(sname);
- if (DEBUG) {
- System.out.println(">>> Creating KrbAsReq");
+ if (DEBUG != null) {
+ DEBUG.println(">>> Creating KrbAsReq");
}
if (options.getAddressOption())
diff --git a/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java b/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
index 445b806bb50..31f2cb0fbd4 100644
--- a/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
+++ b/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/KinitOptions.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@ import java.io.IOException;
import java.time.Instant;
import java.io.FileInputStream;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* Maintains user-specific options or default settings when the user requests
* a KDC ticket using Kinit.
@@ -63,7 +65,6 @@ class KinitOptions {
public String realm;
char[] password = null;
public boolean keytab;
- private boolean DEBUG = Krb5.DEBUG;
private boolean includeAddresses = true; // default.
private boolean useKeytab = false; // default = false.
private String ktabName; // keytab file name
@@ -193,26 +194,26 @@ class KinitOptions {
}
PrincipalName p = cis.readPrincipal(version);
cis.close();
- if (DEBUG) {
- System.out.println(">>>KinitOptions principal name from " +
+ if (DEBUG != null) {
+ DEBUG.println(">>>KinitOptions principal name from " +
"the cache is: " + p);
}
return p;
} catch (IOException e) {
// ignore any exceptions; we will use the user name as the
// principal name
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
} catch (RealmException e) {
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
String username = System.getProperty("user.name");
- if (DEBUG) {
- System.out.println(">>>KinitOptions default username is: "
+ if (DEBUG != null) {
+ DEBUG.println(">>>KinitOptions default username is: "
+ username);
}
try {
@@ -220,10 +221,10 @@ class KinitOptions {
return p;
} catch (RealmException e) {
// ignore exception , return null
- if (DEBUG) {
- System.out.println ("Exception in getting principal " +
+ if (DEBUG != null) {
+ DEBUG.println ("Exception in getting principal " +
"name " + e.getMessage());
- e.printStackTrace();
+ e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;
diff --git a/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Klist.java b/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Klist.java
index 16c9fd99ec4..375a8b52c39 100644
--- a/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Klist.java
+++ b/src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Klist.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@ import sun.security.krb5.internal.ccache.*;
import sun.security.krb5.internal.ktab.*;
import sun.security.krb5.internal.crypto.EType;
+import static sun.security.krb5.internal.Krb5.DEBUG;
+
/**
* This class can execute as a command-line tool to list entries in
* credential cache and key tab.
@@ -54,7 +56,6 @@ public class Klist {
String name; // the name of credentials cache and keytable.
char action; // actions would be 'c' for credentials cache
// and 'k' for keytable.
- private static boolean DEBUG = Krb5.DEBUG;
/**
* The main program that can be invoked at command line.
@@ -321,8 +322,8 @@ public class Klist {
} catch (RealmException e) {
System.out.println("Error reading principal from "+
"the entry.");
- if (DEBUG) {
- e.printStackTrace();
+ if (DEBUG != null) {
+ e.printStackTrace(DEBUG.getPrintStream());
}
return -1;
}
diff --git a/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c b/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c
index 5857267b760..221aaccbf2b 100644
--- a/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c
+++ b/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -124,24 +124,24 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
if (cls == NULL) {
- printf("LSA: Couldn't find Krb5\n");
+ fprintf(stderr, "LSA: Couldn't find Krb5\n");
return JNI_ERR;
}
- fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
+ fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Lsun/security/util/Debug;");
if (fldDEBUG == NULL) {
- printf("LSA: Krb5 has no DEBUG field\n");
+ fprintf(stderr, "LSA: Krb5 has no DEBUG field\n");
return JNI_ERR;
}
- native_debug = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
+ native_debug = (*env)->GetStaticObjectField(env, cls, fldDEBUG) != NULL;
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
if (cls == NULL) {
- printf("LSA: Couldn't find Ticket\n");
+ fprintf(stderr, "LSA: Couldn't find Ticket\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found Ticket\n");
+ fprintf(stderr, "LSA: Found Ticket\n");
}
ticketClass = (*env)->NewWeakGlobalRef(env,cls);
@@ -149,17 +149,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
+ fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
if (cls == NULL) {
- printf("LSA: Couldn't find PrincipalName\n");
+ fprintf(stderr, "LSA: Couldn't find PrincipalName\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found PrincipalName\n");
+ fprintf(stderr, "LSA: Found PrincipalName\n");
}
principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
@@ -167,17 +167,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
+ fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
if (cls == NULL) {
- printf("LSA: Couldn't find EncryptionKey\n");
+ fprintf(stderr, "LSA: Couldn't find EncryptionKey\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found EncryptionKey\n");
+ fprintf(stderr, "LSA: Found EncryptionKey\n");
}
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
@@ -185,17 +185,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
+ fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
if (cls == NULL) {
- printf("LSA: Couldn't find TicketFlags\n");
+ fprintf(stderr, "LSA: Couldn't find TicketFlags\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found TicketFlags\n");
+ fprintf(stderr, "LSA: Found TicketFlags\n");
}
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
@@ -203,17 +203,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
+ fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
if (cls == NULL) {
- printf("LSA: Couldn't find KerberosTime\n");
+ fprintf(stderr, "LSA: Couldn't find KerberosTime\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found KerberosTime\n");
+ fprintf(stderr, "LSA: Found KerberosTime\n");
}
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
@@ -221,17 +221,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
+ fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"java/lang/String");
if (cls == NULL) {
- printf("LSA: Couldn't find String\n");
+ fprintf(stderr, "LSA: Couldn't find String\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found String\n");
+ fprintf(stderr, "LSA: Found String\n");
}
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
@@ -239,61 +239,61 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Made NewWeakGlobalRef\n");
+ fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
"", "([B)V");
if (ticketConstructor == 0) {
- printf("LSA: Couldn't find Ticket constructor\n");
+ fprintf(stderr, "LSA: Couldn't find Ticket constructor\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found Ticket constructor\n");
+ fprintf(stderr, "LSA: Found Ticket constructor\n");
}
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"", "([Ljava/lang/String;Ljava/lang/String;)V");
if (principalNameConstructor == 0) {
- printf("LSA: Couldn't find PrincipalName constructor\n");
+ fprintf(stderr, "LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found PrincipalName constructor\n");
+ fprintf(stderr, "LSA: Found PrincipalName constructor\n");
}
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
"", "(I[B)V");
if (encryptionKeyConstructor == 0) {
- printf("LSA: Couldn't find EncryptionKey constructor\n");
+ fprintf(stderr, "LSA: Couldn't find EncryptionKey constructor\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found EncryptionKey constructor\n");
+ fprintf(stderr, "LSA: Found EncryptionKey constructor\n");
}
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
"", "(I[B)V");
if (ticketFlagsConstructor == 0) {
- printf("LSA: Couldn't find TicketFlags constructor\n");
+ fprintf(stderr, "LSA: Couldn't find TicketFlags constructor\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found TicketFlags constructor\n");
+ fprintf(stderr, "LSA: Found TicketFlags constructor\n");
}
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
"", "(Ljava/lang/String;)V");
if (kerberosTimeConstructor == 0) {
- printf("LSA: Couldn't find KerberosTime constructor\n");
+ fprintf(stderr, "LSA: Couldn't find KerberosTime constructor\n");
return JNI_ERR;
}
if (native_debug) {
- printf("LSA: Found KerberosTime constructor\n");
+ fprintf(stderr, "LSA: Found KerberosTime constructor\n");
}
if (native_debug) {
- printf("LSA: Finished OnLoad processing\n");
+ fprintf(stderr, "LSA: Finished OnLoad processing\n");
}
return JNI_VERSION_1_2;
@@ -383,13 +383,13 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/HostAddresses;)V");
if (krbcredsConstructor == 0) {
- printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
+ fprintf(stderr, "LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
break;
}
}
if (native_debug) {
- printf("LSA: Found KrbCreds constructor\n");
+ fprintf(stderr, "LSA: Found KrbCreds constructor\n");
}
//
@@ -400,7 +400,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
break;
if (native_debug) {
- printf("LSA: Got handle to Kerberos package\n");
+ fprintf(stderr, "LSA: Got handle to Kerberos package\n");
}
// Get the MS TGT from cache
@@ -419,7 +419,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
);
if (native_debug) {
- printf("LSA: Response size is %d\n", rspSize);
+ fprintf(stderr, "LSA: Response size is %d\n", rspSize);
}
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
@@ -443,7 +443,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
// check TGT validity
if (native_debug) {
- printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
+ fprintf(stderr, "LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
}
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
@@ -455,7 +455,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (etypes[i] == msticket->SessionKey.KeyType) {
found = 1;
if (native_debug) {
- printf("LSA: Valid etype found: %d\n", etypes[i]);
+ fprintf(stderr, "LSA: Valid etype found: %d\n", etypes[i]);
}
break;
}
@@ -465,7 +465,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (!found) {
if (native_debug) {
- printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
+ fprintf(stderr, "LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
}
// use domain to request Ticket
@@ -492,7 +492,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
);
if (native_debug) {
- printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]);
+ fprintf(stderr, "LSA: Response size is %d for %d\n", responseSize, etypes[i]);
}
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
@@ -509,7 +509,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (msticket->SessionKey.KeyType != etypes[i]) {
if (native_debug) {
- printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
+ fprintf(stderr, "LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
}
continue;
}
@@ -809,7 +809,7 @@ ShowLastError(
DWORD dwRes;
if (native_debug) {
- printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
+ fprintf(stderr, "LSA: Error calling function %s: %lu\n", szAPI, dwError);
}
dwRes = FormatMessage (
@@ -822,11 +822,11 @@ ShowLastError(
NULL);
if (native_debug) {
if (0 == dwRes) {
- printf("LSA: FormatMessage failed with %d\n", GetLastError());
+ fprintf(stderr, "LSA: FormatMessage failed with %d\n", GetLastError());
// #define EXIT_FAILURE -1 // mdu
// ExitProcess(EXIT_FAILURE);
} else {
- printf("LSA: %S",szMsgBuf);
+ fprintf(stderr, "LSA: %S",szMsgBuf);
}
}
}
@@ -917,9 +917,9 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
if (native_debug) {
- printf("LSA: Principal domain is %S\n", realm);
- printf("LSA: Name type is %x\n", principalName->NameType);
- printf("LSA: Name count is %x\n", principalName->NameCount);
+ fprintf(stderr, "LSA: Principal domain is %S\n", realm);
+ fprintf(stderr, "LSA: Name type is %x\n", principalName->NameType);
+ fprintf(stderr, "LSA: Name count is %x\n", principalName->NameCount);
}
nameCount = principalName->NameCount;
@@ -927,7 +927,7 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
javaLangStringClass, NULL);
if (stringArray == NULL) {
if (native_debug) {
- printf("LSA: Can't allocate String array for Principal\n");
+ fprintf(stderr, "LSA: Can't allocate String array for Principal\n");
}
goto cleanup;
}
@@ -982,7 +982,7 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
}
if (i == cryptoKey->Length) {
if (native_debug) {
- printf("LSA: Session key all zero. Stop.\n");
+ fprintf(stderr, "LSA: Session key all zero. Stop.\n");
}
return NULL;
}
@@ -1057,7 +1057,7 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
minute,
second );
if (native_debug) {
- printf("LSA: %S\n", (wchar_t *)timeString);
+ fprintf(stderr, "LSA: %S\n", (wchar_t *)timeString);
}
stringTime = (*env)->NewString(env, timeString,
(sizeof(timeString)/sizeof(WCHAR))-1);
diff --git a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
index 4255e0aac9d..24f26d4364b 100644
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
@@ -42,6 +42,7 @@ import javax.security.auth.spi.*;
import sun.security.krb5.*;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.Credentials;
+import sun.security.util.Debug;
import sun.security.util.HexDumpEncoder;
import static sun.security.util.ResourcesMgr.getAuthResourceString;
@@ -377,7 +378,8 @@ public class Krb5LoginModule implements LoginModule {
private Map options;
// configurable option
- private boolean debug = false;
+ private Debug debug = null;
+
private boolean storeKey = false;
private boolean doNotPrompt = false;
private boolean useTicketCache = false;
@@ -458,7 +460,7 @@ public class Krb5LoginModule implements LoginModule {
// initialize any configured options
- debug = "true".equalsIgnoreCase((String)options.get("debug"));
+ debug = Debug.of("krb5loginmodule", (String)options.get("debug"));
storeKey = "true".equalsIgnoreCase((String)options.get("storeKey"));
doNotPrompt = "true".equalsIgnoreCase((String)options.get
("doNotPrompt"));
@@ -495,8 +497,8 @@ public class Krb5LoginModule implements LoginModule {
"true".equalsIgnoreCase((String)options.get("storePass"));
clearPass =
"true".equalsIgnoreCase((String)options.get("clearPass"));
- if (debug) {
- System.out.print("Debug is " + debug
+ if (debug != null) {
+ debug.println("Debug is " + (debug != null)
+ " storeKey " + storeKey
+ " useTicketCache " + useTicketCache
+ " useKeyTab " + useKeyTab
@@ -529,8 +531,8 @@ public class Krb5LoginModule implements LoginModule {
if (refreshKrb5Config) {
try {
- if (debug) {
- System.out.println("Refreshing Kerberos configuration");
+ if (debug != null) {
+ debug.println("Refreshing Kerberos configuration");
}
sun.security.krb5.Config.refresh();
} catch (KrbException ke) {
@@ -558,8 +560,8 @@ public class Krb5LoginModule implements LoginModule {
if (tryFirstPass) {
try {
attemptAuthentication(true);
- if (debug)
- System.out.println("\t\t[Krb5LoginModule] " +
+ if (debug != null)
+ debug.println("\t\t[Krb5LoginModule] " +
"authentication succeeded");
succeeded = true;
cleanState();
@@ -567,8 +569,8 @@ public class Krb5LoginModule implements LoginModule {
} catch (LoginException le) {
// authentication failed -- try again below by prompting
cleanState();
- if (debug) {
- System.out.println("\t\t[Krb5LoginModule] " +
+ if (debug != null) {
+ debug.println("\t\t[Krb5LoginModule] " +
"tryFirstPass failed with:" +
le.getMessage());
}
@@ -581,8 +583,8 @@ public class Krb5LoginModule implements LoginModule {
return true;
} catch (LoginException e) {
// authentication failed -- clean out state
- if (debug) {
- System.out.println("\t\t[Krb5LoginModule] " +
+ if (debug != null) {
+ debug.println("\t\t[Krb5LoginModule] " +
"authentication failed \n" +
e.getMessage());
}
@@ -602,8 +604,8 @@ public class Krb5LoginModule implements LoginModule {
return true;
} catch (LoginException e) {
// authentication failed -- clean out state
- if (debug) {
- System.out.println("\t\t[Krb5LoginModule] " +
+ if (debug != null) {
+ debug.println("\t\t[Krb5LoginModule] " +
"authentication failed \n" +
e.getMessage());
}
@@ -641,8 +643,8 @@ public class Krb5LoginModule implements LoginModule {
try {
if (useTicketCache) {
// ticketCacheName == null implies the default cache
- if (debug)
- System.out.println("Acquire TGT from Cache");
+ if (debug != null)
+ debug.println("Acquire TGT from Cache");
cred = Credentials.acquireTGTFromCache
(principal, ticketCacheName);
@@ -658,8 +660,8 @@ public class Krb5LoginModule implements LoginModule {
if (!isCurrent(cred)) {
// credentials have expired
cred = null;
- if (debug)
- System.out.println("Credentials are" +
+ if (debug != null)
+ debug.println("Credentials are" +
" no longer valid");
}
}
@@ -672,10 +674,10 @@ public class Krb5LoginModule implements LoginModule {
: cred.getClient();
}
}
- if (debug) {
- System.out.println("Principal is " + principal);
+ if (debug != null) {
+ debug.println("Principal is " + principal);
if (cred == null) {
- System.out.println
+ debug.println
("null credentials from Ticket Cache");
}
}
@@ -729,8 +731,8 @@ public class Krb5LoginModule implements LoginModule {
if (Krb5Util.keysFromJavaxKeyTab(ktab, principal).length
== 0) {
ktab = null;
- if (debug) {
- System.out.println
+ if (debug != null) {
+ debug.println
("Key for the principal " +
principal +
" not available in " +
@@ -765,14 +767,14 @@ public class Krb5LoginModule implements LoginModule {
}
builder.destroy();
- if (debug) {
- System.out.println("principal is " + principal);
+ if (debug != null) {
+ debug.println("principal is " + principal);
HexDumpEncoder hd = new HexDumpEncoder();
if (ktab != null) {
- System.out.println("Will use keytab");
+ debug.println("Will use keytab");
} else if (storeKey) {
for (int i = 0; i < encKeys.length; i++) {
- System.out.println("EncryptionKey: keyType=" +
+ debug.println("EncryptionKey: keyType=" +
encKeys[i].getEType() +
" keyBytes (hex dump)=" +
hd.encodeBuffer(encKeys[i].getBytes()));
@@ -800,20 +802,14 @@ public class Krb5LoginModule implements LoginModule {
if (getPasswdFromSharedState) {
// use the name saved by the first module in the stack
username = (String)sharedState.get(NAME);
- if (debug) {
- System.out.println
- ("username from shared state is " + username + "\n");
+ if (debug != null) {
+ debug.println
+ ("username from shared state is " + username + "\n");
}
if (username == null) {
- System.out.println
- ("username from shared state is null\n");
throw new LoginException
("Username can not be obtained from sharedstate ");
}
- if (debug) {
- System.out.println
- ("username from shared state is " + username + "\n");
- }
if (username != null && username.length() > 0) {
krb5PrincName.insert(0, username);
return;
@@ -863,15 +859,15 @@ public class Krb5LoginModule implements LoginModule {
// use the password saved by the first module in the stack
password = (char[])sharedState.get(PWD);
if (password == null) {
- if (debug) {
- System.out.println
+ if (debug != null) {
+ debug.println
("Password from shared state is null");
}
throw new LoginException
("Password can not be obtained from sharedstate ");
}
- if (debug) {
- System.out.println
+ if (debug != null) {
+ debug.println
("password is " + new String(password));
}
return;
@@ -911,11 +907,11 @@ public class Krb5LoginModule implements LoginModule {
for (int i = 0; i < tmpPassword.length; i++)
tmpPassword[i] = ' ';
tmpPassword = null;
- if (debug) {
- System.out.println("\t\t[Krb5LoginModule] " +
+ if (debug != null) {
+ debug.println("\t\t[Krb5LoginModule] " +
"user entered username: " +
krb5PrincName);
- System.out.println();
+ debug.println();
}
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.getMessage());
@@ -1008,12 +1004,12 @@ public class Krb5LoginModule implements LoginModule {
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
lcreds = creds.renew();
- if (debug)
- System.out.println("Renewed Kerberos Ticket");
+ if (debug != null)
+ debug.println("Renewed Kerberos Ticket");
} catch (Exception e) {
lcreds = null;
- if (debug)
- System.out.println("Ticket could not be renewed : "
+ if (debug != null)
+ debug.println("Ticket could not be renewed : "
+ e.getMessage());
}
return lcreds;
@@ -1131,10 +1127,10 @@ public class Krb5LoginModule implements LoginModule {
}
encKeys[i].destroy();
encKeys[i] = null;
- if (debug) {
- System.out.println("Added server's key"
+ if (debug != null) {
+ debug.println("Added server's key"
+ kerbKeys[i]);
- System.out.println("\t\t[Krb5LoginModule] " +
+ debug.println("\t\t[Krb5LoginModule] " +
"added Krb5Principal " +
kerbClientPrinc.toString()
+ " to Subject");
@@ -1144,8 +1140,8 @@ public class Krb5LoginModule implements LoginModule {
}
}
commitSucceeded = true;
- if (debug)
- System.out.println("Commit Succeeded \n");
+ if (debug != null)
+ debug.println("Commit Succeeded \n");
return true;
}
@@ -1194,8 +1190,8 @@ public class Krb5LoginModule implements LoginModule {
*/
public boolean logout() throws LoginException {
- if (debug) {
- System.out.println("\t\t[Krb5LoginModule]: " +
+ if (debug != null) {
+ debug.println("\t\t[Krb5LoginModule]: " +
"Entering logout");
}
@@ -1222,8 +1218,8 @@ public class Krb5LoginModule implements LoginModule {
succeeded = false;
commitSucceeded = false;
- if (debug) {
- System.out.println("\t\t[Krb5LoginModule]: " +
+ if (debug != null) {
+ debug.println("\t\t[Krb5LoginModule]: " +
"logged out Subject");
}
return true;
diff --git a/test/jdk/sun/security/krb5/IPv6.java b/test/jdk/sun/security/krb5/IPv6.java
index 5f541035528..ba7fc7242dd 100644
--- a/test/jdk/sun/security/krb5/IPv6.java
+++ b/test/jdk/sun/security/krb5/IPv6.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -78,8 +78,8 @@ public class IPv6 {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream po = new PrintStream(bo);
- PrintStream oldout = System.out;
- System.setOut(po);
+ PrintStream oldErr = System.err;
+ System.setErr(po);
try {
Subject subject = new Subject();
@@ -101,7 +101,7 @@ public class IPv6 {
po.flush();
- System.setOut(oldout);
+ System.setErr(oldErr);
BufferedReader br = new BufferedReader(new StringReader(
new String(bo.toByteArray())));
int cc = 0;
diff --git a/test/jdk/sun/security/krb5/auto/Cleaners.java b/test/jdk/sun/security/krb5/auto/Cleaners.java
index cdd1040bb60..8f2867d714b 100644
--- a/test/jdk/sun/security/krb5/auto/Cleaners.java
+++ b/test/jdk/sun/security/krb5/auto/Cleaners.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -152,7 +152,7 @@ public class Cleaners {
Proc.binOut(b.getMic(MSG));
}
}
- System.out.println("Prepare for GC");
+ System.err.println("Prepare for GC");
for (int i = 0; i < 10; i++) {
System.gc();
Thread.sleep(100);
@@ -162,9 +162,9 @@ public class Cleaners {
private static void ensureCleanersCalled(Proc p) throws Exception {
p.output()
.shouldHaveExitValue(0)
- .stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
- .stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
- .stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
+ .stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
+ .stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
+ .stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
}
private static Proc proc(String type) throws Exception {
diff --git a/test/jdk/sun/security/krb5/auto/KdcPolicy.java b/test/jdk/sun/security/krb5/auto/KdcPolicy.java
index 5372a73cc6f..27c2ace4e54 100644
--- a/test/jdk/sun/security/krb5/auto/KdcPolicy.java
+++ b/test/jdk/sun/security/krb5/auto/KdcPolicy.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -257,16 +257,16 @@ public class KdcPolicy {
static void test(String... expected) throws Exception {
System.out.println("------------------TEST----------------------");
- PrintStream oldOut = System.out;
+ PrintStream oldErr = System.err;
boolean failed = false;
ByteArrayOutputStream bo = new ByteArrayOutputStream();
- System.setOut(new PrintStream(bo));
+ System.setErr(new PrintStream(bo));
try {
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
} catch (Exception e) {
failed = true;
} finally {
- System.setOut(oldOut);
+ System.setErr(oldErr);
}
String[] lines = new String(bo.toByteArray()).split("\n");
diff --git a/test/jdk/sun/security/krb5/auto/LoginModuleDebug.java b/test/jdk/sun/security/krb5/auto/LoginModuleDebug.java
new file mode 100644
index 00000000000..6348eb4b0af
--- /dev/null
+++ b/test/jdk/sun/security/krb5/auto/LoginModuleDebug.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8327818
+ * @summary reimplement debug option in Krb5LoginModule
+ * @library /test/lib
+ */
+import com.sun.security.auth.module.Krb5LoginModule;
+import jdk.test.lib.process.ProcessTools;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+
+public class LoginModuleDebug {
+ public static void main(String[] args) throws Exception {
+ if (args.length == 0) {
+ // debug option set to true
+ ProcessTools.executeTestJava("LoginModuleDebug",
+ "debug", "true")
+ .stdoutShouldBeEmpty()
+ .stderrShouldContain("krb5loginmodule:");
+ // debug option set to false
+ ProcessTools.executeTestJava("LoginModuleDebug",
+ "debug", "false")
+ .stdoutShouldBeEmpty()
+ .stderrShouldNotContain("krb5loginmodule:");
+ // no debug option
+ ProcessTools.executeTestJava("LoginModuleDebug",
+ "foo", "bar")
+ .stdoutShouldBeEmpty()
+ .stderrShouldNotContain("krb5loginmodule:");
+ } else {
+ test(args[0], args[1]);
+ }
+ }
+
+ static void test(String key, String prop)
+ throws Exception {
+ new Krb5LoginModule().initialize(
+ new Subject(), null, Map.of(), Map.of(key, prop));
+ }
+}