diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java b/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java index bdca3cf7d76..f4a6dc4dd3d 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,7 @@ package sun.security.krb5.internal.util; import java.io.IOException; -import java.security.AccessController; -import sun.security.action.GetBooleanAction; +import sun.security.action.GetPropertyAction; import sun.security.util.DerValue; /** @@ -45,15 +44,21 @@ import sun.security.util.DerValue; public final class KerberosString { /** * RFC 4120 defines KerberosString as GeneralString (IA5String), which - * only includes ASCII characters. However, other implementations have been - * known to use GeneralString to contain UTF-8 encoding. To interop - * with these implementations, the following system property is defined. - * When set as true, KerberosString is encoded as UTF-8. Note that this - * only affects the byte encoding, the tag of the ASN.1 type is still - * GeneralString. + * only includes ASCII characters. However, most implementations have been + * known to use GeneralString to contain UTF-8 encoding. The following + * system property is defined. When set as true, KerberosString is encoded + * as UTF-8. Otherwise, it's ASCII. The default is true. + * + * Note that this only affects the byte encoding, the tag of the ASN.1 + * type is still GeneralString. */ - public static final boolean MSNAME = AccessController.doPrivileged( - new GetBooleanAction("sun.security.krb5.msinterop.kstring")); + public static final boolean MSNAME; + + static { + String prop = GetPropertyAction.privilegedGetProperty( + "sun.security.krb5.msinterop.kstring", "true"); + MSNAME = Boolean.parseBoolean(prop); + } private final String s; diff --git a/test/jdk/sun/security/krb5/auto/NonAscii.java b/test/jdk/sun/security/krb5/auto/NonAscii.java new file mode 100644 index 00000000000..f4716b91f10 --- /dev/null +++ b/test/jdk/sun/security/krb5/auto/NonAscii.java @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8200152 + * @summary KerberosString should use UTF-8 by default + * @library /test/lib + * @compile -XDignore.symbol.file NonAscii.java + * @run main jdk.test.lib.FileInstaller TestHosts TestHosts + * @run main/othervm -Djdk.net.hosts.file=TestHosts NonAscii + * @run main/othervm/fail -Djdk.net.hosts.file=TestHosts + * -Dsun.security.krb5.msinterop.kstring=false + * NonAscii + * @run main/othervm/fail -Djdk.net.hosts.file=TestHosts + * -Dsun.security.krb5.msinterop.kstring=no + * NonAscii + */ + +public class NonAscii { + public static void main(String[] args) throws Exception { + String name = "ab\u00e7"; + char[] password = "password".toCharArray(); + new OneKDC(null).addPrincipal(name, password); + Context.fromUserPass(name, password, false); + } +}