archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8233884: Avoid looking up standard charsets in security libraries

Browse source 
Reviewed-by: coffeys
This commit is contained in:
Ivan Gerasimov 2019-11-12 01:36:17 -08:00
parent 301e068935
commit 8e859259bc
48 changed files with 317 additions and 391 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/java.security.sasl/share/classes/com/sun/security/sasl/ClientFactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,6 +36,8 @@ import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Client factory for EXTERNAL, CRAM-MD5, PLAIN.
*
@ -141,7 +143,7 @@ final public class ClientFactoryImpl implements SaslClientFactory {
String authId;
if (pw != null) {
bytepw = new String(pw).getBytes("UTF8");
bytepw = new String(pw).getBytes(UTF_8);
pcb.clearPassword();
} else {
bytepw = null;

15
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Client.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException;
import java.util.logging.Logger;
import java.util.logging.Level;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the CRAM-MD5 SASL client-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
@ -82,8 +84,8 @@ final class CramMD5Client extends CramMD5Base implements SaslClient {
* data from the server.
* @return A non-null byte array containing the response to be sent to
* the server.
* @throws SaslException If platform does not have MD5 support
* @throw IllegalStateException if this method is invoked more than once.
* @throws SaslException if platform does not have MD5 support
* @throws IllegalStateException if this method is invoked more than once.
*/
public byte[] evaluateChallenge(byte[] challengeData)
throws SaslException {
@ -103,7 +105,7 @@ final class CramMD5Client extends CramMD5Base implements SaslClient {
try {
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "CRAMCLNT01:Received challenge: {0}",
new String(challengeData, "UTF8"));
new String(challengeData, UTF_8));
}
String digest = HMAC_MD5(pw, challengeData);
@ -118,13 +120,10 @@ final class CramMD5Client extends CramMD5Base implements SaslClient {
completed = true;
return resp.getBytes("UTF8");
return resp.getBytes(UTF_8);
} catch (java.security.NoSuchAlgorithmException e) {
aborted = true;
throw new SaslException("MD5 algorithm not available on platform", e);
} catch (java.io.UnsupportedEncodingException e) {
aborted = true;
throw new SaslException("UTF8 not available on platform", e);
}
}
}

27
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Server.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,15 +25,15 @@
package com.sun.security.sasl;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.Map;
import java.util.Random;
import javax.security.sasl.*;
import javax.security.auth.callback.*;
import java.util.Random;
import java.util.Map;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the CRAM-MD5 SASL server-side mechanism.
@ -130,7 +130,7 @@ final class CramMD5Server extends CramMD5Base implements SaslServer {
logger.log(Level.FINE,
"CRAMSRV01:Generated challenge: {0}", challengeStr);
challengeData = challengeStr.getBytes("UTF8");
challengeData = challengeStr.getBytes(UTF_8);
return challengeData.clone();
} else {
@ -138,7 +138,7 @@ final class CramMD5Server extends CramMD5Base implements SaslServer {
if(logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE,
"CRAMSRV02:Received response: {0}",
new String(responseData, "UTF8"));
new String(responseData, UTF_8));
}
// Extract username from response
@ -154,7 +154,7 @@ final class CramMD5Server extends CramMD5Base implements SaslServer {
throw new SaslException(
"CRAM-MD5: Invalid response; space missing");
}
String username = new String(responseData, 0, ulen, "UTF8");
String username = new String(responseData, 0, ulen, UTF_8);
logger.log(Level.FINE,
"CRAMSRV03:Extracted username: {0}", username);
@ -177,7 +177,7 @@ final class CramMD5Server extends CramMD5Base implements SaslServer {
for (int i = 0; i < pwChars.length; i++) {
pwChars[i] = 0;
}
pw = pwStr.getBytes("UTF8");
pw = pwStr.getBytes(UTF_8);
// Generate a keyed-MD5 digest from the user's password and
// original challenge.
@ -190,7 +190,7 @@ final class CramMD5Server extends CramMD5Base implements SaslServer {
clearPassword();
// Check whether digest is as expected
byte[] expectedDigest = digest.getBytes("UTF8");
byte[] expectedDigest = digest.getBytes(UTF_8);
int digestLen = responseData.length - ulen - 1;
if (expectedDigest.length != digestLen) {
aborted = true;
@ -222,9 +222,6 @@ final class CramMD5Server extends CramMD5Base implements SaslServer {
completed = true;
return null;
}
} catch (UnsupportedEncodingException e) {
aborted = true;
throw new SaslException("UTF8 not available on platform", e);
} catch (NoSuchAlgorithmException e) {
aborted = true;
throw new SaslException("MD5 algorithm not available on platform", e);

20
src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,8 @@ package com.sun.security.sasl;
import javax.security.sasl.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the EXTERNAL SASL client mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
@ -43,17 +45,10 @@ final class ExternalClient implements SaslClient {
* Constructs an External mechanism with optional authorization ID.
*
* @param authorizationID If non-null, used to specify authorization ID.
* @throws SaslException if cannot convert authorizationID into UTF-8
* representation.
*/
ExternalClient(String authorizationID) throws SaslException {
ExternalClient(String authorizationID) {
if (authorizationID != null) {
try {
username = authorizationID.getBytes("UTF8");
} catch (java.io.UnsupportedEncodingException e) {
throw new SaslException("Cannot convert " + authorizationID +
" into UTF-8", e);
}
username = authorizationID.getBytes(UTF_8);
} else {
username = new byte[0];
}
@ -88,10 +83,9 @@ final class ExternalClient implements SaslClient {
*
* @param challengeData Ignored.
* @return The possible empty initial response.
* @throws SaslException If authentication has already been called.
* @throws IllegalStateException If authentication has already been called.
*/
public byte[] evaluateChallenge(byte[] challengeData)
throws SaslException {
public byte[] evaluateChallenge(byte[] challengeData) {
if (completed) {
throw new IllegalStateException(
"EXTERNAL authentication already completed");

52
src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,8 @@ package com.sun.security.sasl;
import javax.security.sasl.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the PLAIN SASL client mechanism.
* (<A
@ -89,43 +91,37 @@ final class PlainClient implements SaslClient {
*
* @param challengeData Ignored
* @return A non-null byte array containing the response to be sent to the server.
* @throws SaslException If cannot encode ids in UTF-8
* @throw IllegalStateException if authentication already completed
* @throws IllegalStateException if authentication already completed
*/
public byte[] evaluateChallenge(byte[] challengeData) throws SaslException {
public byte[] evaluateChallenge(byte[] challengeData) {
if (completed) {
throw new IllegalStateException(
"PLAIN authentication already completed");
}
completed = true;
byte[] authz = (authorizationID != null)
? authorizationID.getBytes(UTF_8)
: null;
byte[] auth = authenticationID.getBytes(UTF_8);
try {
byte[] authz = (authorizationID != null)?
authorizationID.getBytes("UTF8") :
null;
byte[] auth = authenticationID.getBytes("UTF8");
byte[] answer = new byte[pw.length + auth.length + 2 +
byte[] answer = new byte[pw.length + auth.length + 2 +
(authz == null ? 0 : authz.length)];
int pos = 0;
if (authz != null) {
System.arraycopy(authz, 0, answer, 0, authz.length);
pos = authz.length;
}
answer[pos++] = SEP;
System.arraycopy(auth, 0, answer, pos, auth.length);
pos += auth.length;
answer[pos++] = SEP;
System.arraycopy(pw, 0, answer, pos, pw.length);
clearPassword();
return answer;
} catch (java.io.UnsupportedEncodingException e) {
throw new SaslException("Cannot get UTF-8 encoding of ids", e);
int pos = 0;
if (authz != null) {
System.arraycopy(authz, 0, answer, 0, authz.length);
pos = authz.length;
}
answer[pos++] = SEP;
System.arraycopy(auth, 0, answer, pos, auth.length);
pos += auth.length;
answer[pos++] = SEP;
System.arraycopy(pw, 0, answer, pos, pw.length);
clearPassword();
return answer;
}
/**

69
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,17 +25,15 @@
package com.sun.security.sasl.digest;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.util.Map;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import java.math.BigInteger;
import java.util.Random;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
@ -43,6 +41,8 @@ import java.security.spec.KeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.InvalidAlgorithmParameterException;
import static java.nio.charset.StandardCharsets.*;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.Mac;
@ -54,10 +54,10 @@ import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.security.sasl.*;
import com.sun.security.sasl.util.AbstractSaslImpl;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.*;
import com.sun.security.sasl.util.AbstractSaslImpl;
/**
* Utility class for DIGEST-MD5 mechanism. Provides utility methods
@ -151,7 +151,7 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
protected String negotiatedQop;
protected String negotiatedRealm;
protected boolean useUTF8 = false;
protected String encoding = "8859_1"; // default unless server specifies utf-8
protected Charset encoding = ISO_8859_1; // default unless server specifies utf-8
protected String digestUri;
protected String authzid; // authzid or canonicalized authzid
@ -384,8 +384,7 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
* @param a non-null byte array
* @return a non-null String contain the HEX value
*/
protected byte[] binaryToHex(byte[] digest) throws
UnsupportedEncodingException {
protected byte[] binaryToHex(byte[] digest) {
StringBuilder digestString = new StringBuilder();
@ -405,26 +404,21 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
* if all chars in string are within the 8859_1 (Latin 1) encoding range.
*
* @param a non-null String
* @return a non-nuill byte array containing the correct character encoding
* @return a non-null byte array containing the correct character encoding
* for username, paswd or realm.
*/
protected byte[] stringToByte_8859_1(String str) throws SaslException {
protected byte[] stringToByte_8859_1(String str) {
char[] buffer = str.toCharArray();
try {
if (useUTF8) {
for( int i = 0; i< buffer.length; i++ ) {
if( buffer[i] > '\u00FF' ) {
return str.getBytes("UTF8");
}
if (useUTF8) {
for (int i = 0; i < buffer.length; i++) {
if (buffer[i] > '\u00FF') {
return str.getBytes(UTF_8);
}
}
return str.getBytes("8859_1");
} catch (UnsupportedEncodingException e) {
throw new SaslException(
"cannot encode string in UTF8 or 8859-1 (Latin-1)", e);
}
return str.getBytes(ISO_8859_1);
}
protected static byte[] getPlatformCiphers() {
@ -461,8 +455,6 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
* @return A non-null byte array containing the repsonse-value.
* @throws NoSuchAlgorithmException if the platform does not have MD5
* digest support.
* @throws UnsupportedEncodingException if a an error occurs
* encoding a string into either Latin-1 or UTF-8.
* @throws IOException if an error occurs writing to the output
* byte array buffer.
*/
@ -478,7 +470,6 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
int nonceCount,
byte[] authzidValue
) throws NoSuchAlgorithmException,
UnsupportedEncodingException,
IOException {
MessageDigest md5 = MessageDigest.getInstance("MD5");
@ -845,14 +836,9 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
try {
generateIntegrityKeyPair(clientMode);
} catch (UnsupportedEncodingException e) {
throw new SaslException(
"DIGEST-MD5: Error encoding strings into UTF-8", e);
} catch (IOException e) {
throw new SaslException("DIGEST-MD5: Error accessing buffers " +
"required to create integrity key pairs", e);
} catch (NoSuchAlgorithmException e) {
throw new SaslException("DIGEST-MD5: Unsupported digest " +
"algorithm used to create integrity key pairs", e);
@ -866,16 +852,13 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
* Generate client-server, server-client key pairs for DIGEST-MD5
* integrity checking.
*
* @throws UnsupportedEncodingException if the UTF-8 encoding is not
* supported on the platform.
* @throws IOException if an error occurs when writing to or from the
* byte array output buffers.
* @throws NoSuchAlgorithmException if the MD5 message digest algorithm
* cannot loaded.
*/
private void generateIntegrityKeyPair(boolean clientMode)
throws UnsupportedEncodingException, IOException,
NoSuchAlgorithmException {
throws IOException, NoSuchAlgorithmException {
byte[] cimagic = CLIENT_INT_MAGIC.getBytes(encoding);
byte[] simagic = SVR_INT_MAGIC.getBytes(encoding);
@ -1130,11 +1113,6 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
} catch (SaslException e) {
throw e;
} catch (UnsupportedEncodingException e) {
throw new SaslException(
"DIGEST-MD5: Error encoding string value into UTF-8", e);
} catch (IOException e) {
throw new SaslException("DIGEST-MD5: Error accessing " +
"buffers required to generate cipher keys", e);
@ -1152,14 +1130,11 @@ abstract class DigestMD5Base extends AbstractSaslImpl {
* byte array output buffers.
* @throws NoSuchAlgorithmException if the MD5 message digest algorithm
* cannot loaded.
* @throws UnsupportedEncodingException if an UTF-8 encoding is not
* supported on the platform.
* @throw SaslException if an error occurs initializing the keys and
* @throws SaslException if an error occurs initializing the keys and
* IVs for the chosen cipher.
*/
private void generatePrivacyKeyPair(boolean clientMode)
throws IOException, UnsupportedEncodingException,
NoSuchAlgorithmException, SaslException {
throws IOException, NoSuchAlgorithmException, SaslException {
byte[] ccmagic = CLIENT_CONF_MAGIC.getBytes(encoding);
byte[] scmagic = SVR_CONF_MAGIC.getBytes(encoding);

18
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,15 +28,15 @@ package com.sun.security.sasl.digest;
import java.security.NoSuchAlgorithmException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.StringTokenizer;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Arrays;
import java.util.logging.Level;
import static java.nio.charset.StandardCharsets.UTF_8;
import javax.security.sasl.*;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
@ -155,13 +155,7 @@ final class DigestMD5Client extends DigestMD5Base implements SaslClient {
// authzID can only be encoded in UTF8 - RFC 2222
if (authzid != null) {
this.authzid = authzid;
try {
authzidBytes = authzid.getBytes("UTF8");
} catch (UnsupportedEncodingException e) {
throw new SaslException(
"DIGEST-MD5: Error encoding authzid value into UTF-8", e);
}
authzidBytes = authzid.getBytes(UTF_8);
}
if (props != null) {
@ -272,7 +266,7 @@ final class DigestMD5Client extends DigestMD5Base implements SaslClient {
* digest challenge format is detected.
*/
private void processChallenge(byte[][] challengeVal, List<byte[]> realmChoices)
throws SaslException, UnsupportedEncodingException {
throws SaslException {
/* CHARSET: optional atmost once */
if (challengeVal[CHARSET] != null) {
@ -281,7 +275,7 @@ final class DigestMD5Client extends DigestMD5Base implements SaslClient {
"violation. Unrecognised charset value: " +
new String(challengeVal[CHARSET]));
} else {
encoding = "UTF8";
encoding = UTF_8;
useUTF8 = true;
}
}

19
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java
View file

@ -25,10 +25,9 @@
package com.sun.security.sasl.digest;
import java.security.NoSuchAlgorithmException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.StringTokenizer;
import java.util.ArrayList;
import java.util.List;
@ -40,6 +39,8 @@ import java.util.logging.Level;
import javax.security.sasl.*;
import javax.security.auth.callback.*;
import static java.nio.charset.StandardCharsets.*;
/**
* An implementation of the DIGEST-MD5 server SASL mechanism.
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
@ -171,7 +172,7 @@ final class DigestMD5Server extends DigestMD5Base implements SaslServer {
}
}
encoding = (useUTF8 ? "UTF8" : "8859_1");
encoding = (useUTF8 ? UTF_8 : ISO_8859_1);
// By default, use server name as realm
if (serverRealms.isEmpty()) {
@ -229,9 +230,6 @@ final class DigestMD5Server extends DigestMD5Base implements SaslServer {
step = 3;
return challenge;
} catch (UnsupportedEncodingException e) {
throw new SaslException(
"DIGEST-MD5: Error encoding challenge", e);
} catch (IOException e) {
throw new SaslException(
"DIGEST-MD5: Error generating challenge", e);
@ -247,11 +245,6 @@ final class DigestMD5Server extends DigestMD5Base implements SaslServer {
byte[][] responseVal = parseDirectives(response, DIRECTIVE_KEY,
null, REALM);
challenge = validateClientResponse(responseVal);
} catch (SaslException e) {
throw e;
} catch (UnsupportedEncodingException e) {
throw new SaslException(
"DIGEST-MD5: Error validating client response", e);
} finally {
step = 0; // Set to invalid state
}
@ -298,7 +291,7 @@ final class DigestMD5Server extends DigestMD5Base implements SaslServer {
* auth-param = token "=" ( token | quoted-string )
*/
private byte[] generateChallenge(List<String> realms, String qopStr,
String cipherStr) throws UnsupportedEncodingException, IOException {
String cipherStr) throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
// Realms (>= 0)
@ -389,7 +382,7 @@ final class DigestMD5Server extends DigestMD5Base implements SaslServer {
* @return response-value ('rspauth') for client to validate
*/
private byte[] validateClientResponse(byte[][] responseVal)
throws SaslException, UnsupportedEncodingException {
throws SaslException {
/* CHARSET: optional atmost once */
if (responseVal[CHARSET] != null) {