8025124: InitialToken.useNullKey incorrectly applies NULL_KEY in some cases

Reviewed-by: xuelei
This commit is contained in:
Weijun Wang 2013-10-16 14:39:00 +08:00
parent 04360f139e
commit 45dc5dd0df
2 changed files with 13 additions and 17 deletions

View File

@ -277,26 +277,19 @@ abstract class InitialToken extends Krb5Token {
byte[] credBytes = new byte[credLen];
System.arraycopy(checksumBytes, 28, credBytes, 0, credLen);
CipherHelper cipherHelper = context.getCipherHelper(key);
if (useNullKey(cipherHelper)) {
delegCreds =
new KrbCred(credBytes, EncryptionKey.NULL_KEY).
getDelegatedCreds()[0];
} else {
KrbCred cred;
try {
cred = new KrbCred(credBytes, key);
} catch (KrbException e) {
} catch (KrbException ke) {
if (subKey != null) {
cred = new KrbCred(credBytes, subKey);
} else {
throw e;
throw ke;
}
}
delegCreds = cred.getDelegatedCreds()[0];
}
}
}
// check if KRB-CRED message should use NULL_KEY for encryption
private boolean useNullKey(CipherHelper ch) {

View File

@ -119,7 +119,7 @@ public class KrbCred {
return credMessg;
}
// Used in InitialToken, key always NULL_KEY
// Used in InitialToken, NULL_KEY might be used
public KrbCred(byte[] asn1Message, EncryptionKey key)
throws KrbException, IOException {
@ -127,6 +127,9 @@ public class KrbCred {
ticket = credMessg.tickets[0];
if (credMessg.encPart.getEType() == 0) {
key = EncryptionKey.NULL_KEY;
}
byte[] temp = credMessg.encPart.decrypt(key,
KeyUsage.KU_ENC_KRB_CRED_PART);
byte[] plainText = credMessg.encPart.reset(temp);