8210821: Support dns_canonicalize_hostname in krb5.conf

Reviewed-by: valeriep
2025-08-28 15:24:43 +02:00 · 2018-10-02 16:02:35 +08:00 · 2018-10-02 16:02:35 +08:00 · 9452b88d93
commit 9452b88d93
parent 33c38f2ccb
3 changed files with 119 additions and 19 deletions
--- a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -406,26 +406,37 @@ public class PrincipalName implements Cloneable {
        case KRB_NT_SRV_HST:
            if (nameParts.length >= 2) {
                String hostName = nameParts[1];
+                Boolean option;
                try {
-                    // RFC4120 does not recommend canonicalizing a hostname.
-                    // However, for compatibility reason, we will try
-                    // canonicalize it and see if the output looks better.
-
-                    String canonicalized = (InetAddress.getByName(hostName)).
-                            getCanonicalHostName();
-
-                    // Looks if canonicalized is a longer format of hostName,
-                    // we accept cases like
-                    //     bunny -> bunny.rabbit.hole
-                    if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
-                                hostName.toLowerCase(Locale.ENGLISH)+".")) {
-                        hostName = canonicalized;
-                    }
-                } catch (UnknownHostException | SecurityException e) {
-                    // not canonicalized or no permission to do so, use old
+                    // If true, try canonicalizing and accept it if it starts
+                    // with the short name. Otherwise, never. Default true.
+                    option = Config.getInstance().getBooleanObject(
+                            "libdefaults", "dns_canonicalize_hostname");
+                } catch (KrbException e) {
+                    option = null;
                }
-                if (hostName.endsWith(".")) {
-                    hostName = hostName.substring(0, hostName.length() - 1);
+                if (option != Boolean.FALSE) {
+                    try {
+                        // RFC4120 does not recommend canonicalizing a hostname.
+                        // However, for compatibility reason, we will try
+                        // canonicalizing it and see if the output looks better.
+
+                        String canonicalized = (InetAddress.getByName(hostName)).
+                                getCanonicalHostName();
+
+                        // Looks if canonicalized is a longer format of hostName,
+                        // we accept cases like
+                        //     bunny -> bunny.rabbit.hole
+                        if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
+                                hostName.toLowerCase(Locale.ENGLISH) + ".")) {
+                            hostName = canonicalized;
+                        }
+                    } catch (UnknownHostException | SecurityException e) {
+                        // not canonicalized or no permission to do so, use old
+                    }
+                    if (hostName.endsWith(".")) {
+                        hostName = hostName.substring(0, hostName.length() - 1);
+                    }
                }
                nameParts[1] = hostName.toLowerCase(Locale.ENGLISH);
            }