8012679: Let allow_weak_crypto default to false

Reviewed-by: valeriep
2013-05-08 08:25:34 +08:00 · 2013-05-08 08:25:34 +08:00 · 0c02ab3a5e
commit 0c02ab3a5e
parent 15adfafa5b
3 changed files with 29 additions and 8 deletions
--- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java
+++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java
@ -55,11 +55,11 @@ public abstract class EType {
    }

    public static void initStatic() {
-        boolean allowed = true;
+        boolean allowed = false;
        try {
            Config cfg = Config.getInstance();
            String temp = cfg.get("libdefaults", "allow_weak_crypto");
-            if (temp != null && temp.equals("false")) allowed = false;
+            if (temp != null && temp.equals("true")) allowed = true;
        } catch (Exception exc) {
            if (DEBUG) {
                System.out.println ("Exception in getting allow_weak_crypto, " +
--- a/jdk/test/sun/security/krb5/auto/DupEtypes.java
+++ b/jdk/test/sun/security/krb5/auto/DupEtypes.java
@ -34,6 +34,7 @@
 */

 import sun.security.jgss.GSSUtil;
+import sun.security.krb5.Config;

 public class DupEtypes {

@ -42,6 +43,14 @@ public class DupEtypes {
        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();

+        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+                "default_keytab_name = " + OneKDC.KTAB,
+                "allow_weak_crypto = true");
+        Config.refresh();
+
+        // Rewrite to include DES keys
+        kdc.writeKtab(OneKDC.KTAB);
+
        // Different test cases, read KDC.processAsReq for details
        kdc.setOption(KDC.Option.DUP_ETYPE, Integer.parseInt(args[0]));

--- a/jdk/test/sun/security/krb5/etype/WeakCrypto.java
+++ b/jdk/test/sun/security/krb5/etype/WeakCrypto.java
@ -22,29 +22,41 @@
 */
 /*
 * @test
- * @bug 6844909
+ * @bug 6844909 8012679
 * @run main/othervm WeakCrypto
+ * @run main/othervm WeakCrypto true
+ * @run main/othervm WeakCrypto false
 * @summary support allow_weak_crypto in krb5.conf
 */

 import java.io.File;
+import java.lang.Exception;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
 import sun.security.krb5.internal.crypto.EType;
 import sun.security.krb5.EncryptedData;

 public class WeakCrypto {
    public static void main(String[] args) throws Exception {
-        System.setProperty("java.security.krb5.conf",
-                System.getProperty("test.src", ".") +
-                File.separator +
-                "weakcrypto.conf");
+        String conf = "[libdefaults]\n" +
+                (args.length > 0 ? ("allow_weak_crypto = " + args[0]) : "");
+        Files.write(Paths.get("krb5.conf"), conf.getBytes());
+        System.setProperty("java.security.krb5.conf", "krb5.conf");
+
+        boolean expected = args.length != 0 && args[0].equals("true");
        int[] etypes = EType.getBuiltInDefaults();

+        boolean found = false;
        for (int i=0, length = etypes.length; i<length; i++) {
            if (etypes[i] == EncryptedData.ETYPE_DES_CBC_CRC ||
                    etypes[i] == EncryptedData.ETYPE_DES_CBC_MD4 ||
                    etypes[i] == EncryptedData.ETYPE_DES_CBC_MD5) {
-                throw new Exception("DES should not appear");
+                found = true;
            }
        }
+        if (expected != found) {
+            throw new Exception();
+        }
    }
 }