8025124: InitialToken.useNullKey incorrectly applies NULL_KEY in some cases

Reviewed-by: xuelei
2013-10-16 14:39:00 +08:00 · 2013-10-16 14:39:00 +08:00 · 45dc5dd0df
commit 45dc5dd0df
parent 04360f139e
2 changed files with 13 additions and 17 deletions
--- a/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java
@ -277,24 +277,17 @@ abstract class InitialToken extends Krb5Token {
                byte[] credBytes = new byte[credLen];
                System.arraycopy(checksumBytes, 28, credBytes, 0, credLen);
-                CipherHelper cipherHelper = context.getCipherHelper(key);
+                KrbCred cred;
-                if (useNullKey(cipherHelper)) {
+                try {
-                    delegCreds =
+                    cred = new KrbCred(credBytes, key);
-                        new KrbCred(credBytes, EncryptionKey.NULL_KEY).
+                } catch (KrbException ke) {
-                        getDelegatedCreds()[0];
+                    if (subKey != null) {
-                } else {
+                        cred = new KrbCred(credBytes, subKey);
-                    KrbCred cred;
+                    } else {
-                    try {
+                        throw ke;
                        cred = new KrbCred(credBytes, key);
                    } catch (KrbException e) {
                        if (subKey != null) {
                            cred = new KrbCred(credBytes, subKey);
                        } else {
                            throw e;
                        }
                    }
                    delegCreds = cred.getDelegatedCreds()[0];
                }
                delegCreds = cred.getDelegatedCreds()[0];
            }
        }
--- a/jdk/src/share/classes/sun/security/krb5/KrbCred.java
+++ b/jdk/src/share/classes/sun/security/krb5/KrbCred.java
@ -119,7 +119,7 @@ public class KrbCred {
        return credMessg;
    }
-         // Used in InitialToken, key always NULL_KEY
+    // Used in InitialToken, NULL_KEY might be used
    public KrbCred(byte[] asn1Message, EncryptionKey key)
        throws KrbException, IOException {
@ -127,6 +127,9 @@ public class KrbCred {
        ticket = credMessg.tickets[0];
        if (credMessg.encPart.getEType() == 0) {
            key = EncryptionKey.NULL_KEY;
        }
        byte[] temp = credMessg.encPart.decrypt(key,
            KeyUsage.KU_ENC_KRB_CRED_PART);
        byte[] plainText = credMessg.encPart.reset(temp);