6770883: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism

Reviewed-by: valeriep

jdk/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java

@@ -57,6 +57,12 @@ public final class SpNegoMechFactory implements MechanismFactory {
                         GSSName.NT_HOSTBASED_SERVICE,
                         GSSName.NT_EXPORT_NAME};
 
+    // The default underlying mech of SPNEGO, must not be SPNEGO itself.
+    private static final Oid DEFAULT_SPNEGO_MECH_OID =
+            ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)?
+                GSSUtil.GSS_KRB5_MECH_OID:
+                ProviderList.DEFAULT_MECH_OID;
+
     // Use an instance of a GSSManager whose provider list
     // does not include native provider
     final GSSManagerImpl manager;
@@ -100,18 +106,27 @@ public final class SpNegoMechFactory implements MechanismFactory {
                 availableMechs[j++] = mechs[i];
             }
         }
+        // Move the preferred mech to first place
+        for (int i=0; i<availableMechs.length; i++) {
+            if (availableMechs[i].equals(DEFAULT_SPNEGO_MECH_OID)) {
+                if (i != 0) {
+                    availableMechs[i] = availableMechs[0];
+                    availableMechs[0] = DEFAULT_SPNEGO_MECH_OID;
+                }
+                break;
+            }
+        }
     }
 
     public GSSNameSpi getNameElement(String nameStr, Oid nameType)
-        throws GSSException {
+            throws GSSException {
-        // get NameElement for the default Mechanism
+        return manager.getNameElement(
-        return manager.getNameElement(nameStr, nameType, null);
+                nameStr, nameType, DEFAULT_SPNEGO_MECH_OID);
     }
 
     public GSSNameSpi getNameElement(byte[] name, Oid nameType)
-        throws GSSException {
+            throws GSSException {
-        // get NameElement for the default Mechanism
+        return manager.getNameElement(name, nameType, DEFAULT_SPNEGO_MECH_OID);
-        return manager.getNameElement(name, nameType, null);
     }
 
     public GSSCredentialSpi getCredentialElement(GSSNameSpi name,

jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6770883
+ * @summary Infinite loop if SPNEGO specified as sun.security.jgss.mechanism
+ */
+
+import org.ietf.jgss.*;
+import sun.security.jgss.*;
+
+public class NoSpnegoAsDefMech {
+
+    public static void main(String[] argv) throws Exception {
+        System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString());
+        try {
+            GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
+        } catch (GSSException e) {
+            // This is OK, for example, krb5.conf is missing or other problems
+        }
+    }
+}