8025124: InitialToken.useNullKey incorrectly applies NULL_KEY in some cases
Reviewed-by: xuelei
This commit is contained in:
parent
04360f139e
commit
45dc5dd0df
@ -277,26 +277,19 @@ abstract class InitialToken extends Krb5Token {
|
||||
byte[] credBytes = new byte[credLen];
|
||||
System.arraycopy(checksumBytes, 28, credBytes, 0, credLen);
|
||||
|
||||
CipherHelper cipherHelper = context.getCipherHelper(key);
|
||||
if (useNullKey(cipherHelper)) {
|
||||
delegCreds =
|
||||
new KrbCred(credBytes, EncryptionKey.NULL_KEY).
|
||||
getDelegatedCreds()[0];
|
||||
} else {
|
||||
KrbCred cred;
|
||||
try {
|
||||
cred = new KrbCred(credBytes, key);
|
||||
} catch (KrbException e) {
|
||||
} catch (KrbException ke) {
|
||||
if (subKey != null) {
|
||||
cred = new KrbCred(credBytes, subKey);
|
||||
} else {
|
||||
throw e;
|
||||
throw ke;
|
||||
}
|
||||
}
|
||||
delegCreds = cred.getDelegatedCreds()[0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// check if KRB-CRED message should use NULL_KEY for encryption
|
||||
private boolean useNullKey(CipherHelper ch) {
|
||||
|
@ -119,7 +119,7 @@ public class KrbCred {
|
||||
return credMessg;
|
||||
}
|
||||
|
||||
// Used in InitialToken, key always NULL_KEY
|
||||
// Used in InitialToken, NULL_KEY might be used
|
||||
public KrbCred(byte[] asn1Message, EncryptionKey key)
|
||||
throws KrbException, IOException {
|
||||
|
||||
@ -127,6 +127,9 @@ public class KrbCred {
|
||||
|
||||
ticket = credMessg.tickets[0];
|
||||
|
||||
if (credMessg.encPart.getEType() == 0) {
|
||||
key = EncryptionKey.NULL_KEY;
|
||||
}
|
||||
byte[] temp = credMessg.encPart.decrypt(key,
|
||||
KeyUsage.KU_ENC_KRB_CRED_PART);
|
||||
byte[] plainText = credMessg.encPart.reset(temp);
|
||||
|
Loading…
x
Reference in New Issue
Block a user