8212217: JGSS: Don't dispose() of creds too eagerly

Reviewed-by: mullan, weijun

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,12 +63,14 @@ class NativeGSSContext implements GSSContextSpi {
     private GSSNameElement srcName;
     private GSSNameElement targetName;
     private GSSCredElement cred;
+    private GSSCredElement disposeCred;
     private boolean isInitiator;
     private boolean isEstablished;
     private Oid actualMech; // Assigned during context establishment
 
     private ChannelBinding cb;
     private GSSCredElement delegatedCred;
+    private GSSCredElement disposeDelegatedCred;
     private int flags;
     private int lifetime = GSSCredential.DEFAULT_LIFETIME;
     private final GSSLibStub cStub;
@@ -192,6 +194,7 @@ class NativeGSSContext implements GSSContextSpi {
         }
         cStub = stub;
         cred = myCred;
+        disposeCred = null;
         targetName = peer;
         isInitiator = true;
         lifetime = time;
@@ -199,7 +202,8 @@ class NativeGSSContext implements GSSContextSpi {
         if (GSSUtil.isKerberosMech(cStub.getMech())) {
             doServicePermCheck();
             if (cred == null) {
-                cred = new GSSCredElement(null, lifetime,
+                disposeCred = cred =
+                    new GSSCredElement(null, lifetime,
                             GSSCredential.INITIATE_ONLY, cStub);
             }
             srcName = cred.getName();
@@ -211,6 +215,7 @@ class NativeGSSContext implements GSSContextSpi {
         throws GSSException {
         cStub = stub;
         cred = myCred;
+        disposeCred = null;
 
         if (cred != null) targetName = cred.getName();
 
@@ -297,9 +302,9 @@ class NativeGSSContext implements GSSContextSpi {
                         (cStub.getContextName(pContext, true), cStub);
                 }
                 if (cred == null) {
-                    cred = new GSSCredElement(srcName, lifetime,
+                    disposeCred = cred =
-                                              GSSCredential.INITIATE_ONLY,
+                        new GSSCredElement(srcName, lifetime,
-                                              cStub);
+                                GSSCredential.INITIATE_ONLY, cStub);
                 }
             }
         }
@@ -315,6 +320,7 @@ class NativeGSSContext implements GSSContextSpi {
                                     inToken.length);
             long pCred = (cred == null? 0 : cred.pCred);
             outToken = cStub.acceptContext(pCred, cb, inToken, this);
+            disposeDelegatedCred = delegatedCred;
             SunNativeProvider.debug("acceptSecContext=> outToken len=" +
                                     (outToken == null? 0 : outToken.length));
 
@@ -323,8 +329,11 @@ class NativeGSSContext implements GSSContextSpi {
                     (cStub.getContextName(pContext, false), cStub);
                 // Replace the current default acceptor cred now that
                 // the context acceptor name is available
-                if (cred != null) cred.dispose();
+                if (disposeCred != null) {
-                cred = new GSSCredElement(targetName, lifetime,
+                    disposeCred.dispose();
+                }
+                disposeCred = cred =
+                    new GSSCredElement(targetName, lifetime,
                             GSSCredential.ACCEPT_ONLY, cStub);
             }
 
@@ -346,9 +355,15 @@ class NativeGSSContext implements GSSContextSpi {
     }
 
     public void dispose() throws GSSException {
+        if (disposeCred != null) {
+            disposeCred.dispose();
+        }
+        if (disposeDelegatedCred != null) {
+            disposeDelegatedCred.dispose();
+        }
+        disposeDelegatedCred = disposeCred = cred = null;
         srcName = null;
         targetName = null;
-        cred = null;
         delegatedCred = null;
         if (pContext != 0) {
             pContext = cStub.deleteContext(pContext);
@@ -612,6 +627,7 @@ class NativeGSSContext implements GSSContextSpi {
         }
     }
     public GSSCredentialSpi getDelegCred() throws GSSException {
+        disposeDelegatedCred = null;
         return delegatedCred;
     }
     public boolean isInitiator() {