Merge
This commit is contained in:
commit
4721c15d98
@ -972,15 +972,12 @@ class NameClassPairEnumeration implements NamingEnumeration {
|
||||
}
|
||||
|
||||
/*
|
||||
* ctx will be closed when no longer needed by the enumeration.
|
||||
* ctx will be set to null when no longer needed by the enumeration.
|
||||
*/
|
||||
public void close () {
|
||||
public void close() {
|
||||
nodes = null;
|
||||
if (ctx != null) {
|
||||
ctx.close();
|
||||
ctx = null;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean hasMore() {
|
||||
boolean more = ((nodes != null) && nodes.hasMoreElements());
|
||||
|
@ -0,0 +1,68 @@
|
||||
/*
|
||||
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Sun designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Sun in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
|
||||
package com.sun.security.jgss;
|
||||
|
||||
/**
|
||||
* Kerberos 5 AuthorizationData entry.
|
||||
*/
|
||||
final public class AuthorizationDataEntry {
|
||||
|
||||
private final int type;
|
||||
private final byte[] data;
|
||||
|
||||
/**
|
||||
* Create an AuthorizationDataEntry object.
|
||||
* @param type the ad-type
|
||||
* @param data the ad-data, a copy of the data will be saved
|
||||
* inside the object.
|
||||
*/
|
||||
public AuthorizationDataEntry(int type, byte[] data) {
|
||||
this.type = type;
|
||||
this.data = data.clone();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the ad-type field.
|
||||
* @return ad-type
|
||||
*/
|
||||
public int getType() {
|
||||
return type;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a copy of the ad-data field.
|
||||
* @return ad-data
|
||||
*/
|
||||
public byte[] getData() {
|
||||
return data.clone();
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
return "AuthorizationDataEntry: type="+type+", data=" +
|
||||
data.length + " bytes:\n" +
|
||||
new sun.misc.HexDumpEncoder().encode(data);
|
||||
}
|
||||
}
|
@ -0,0 +1,102 @@
|
||||
/*
|
||||
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Sun designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Sun in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
|
||||
package com.sun.security.jgss;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
|
||||
/**
|
||||
* The extended GSSContext interface for supporting additional
|
||||
* functionalities not defined by {@code org.ietf.jgss.GSSContext},
|
||||
* such as querying context-specific attributes.
|
||||
*/
|
||||
public interface ExtendedGSSContext extends GSSContext {
|
||||
/**
|
||||
* Return the mechanism-specific attribute associated with {@code type}.
|
||||
* <br><br>
|
||||
* For each supported attribute type, the type for the output are
|
||||
* defined below.
|
||||
* <ol>
|
||||
* <li>{@code KRB5_GET_TKT_FLAGS}:
|
||||
* the returned object is a boolean array for the service ticket flags,
|
||||
* which is long enough to contain all true bits. This means if
|
||||
* the user wants to get the <em>n</em>'th bit but the length of the
|
||||
* returned array is less than <em>n</em>, it is regarded as false.
|
||||
* <li>{@code KRB5_GET_SESSION_KEY}:
|
||||
* the returned object is an instance of {@link java.security.Key},
|
||||
* which has the following properties:
|
||||
* <ul>
|
||||
* <li>Algorithm: enctype as a string, where
|
||||
* enctype is defined in RFC 3961, section 8.
|
||||
* <li>Format: "RAW"
|
||||
* <li>Encoded form: the raw key bytes, not in any ASN.1 encoding
|
||||
* </ul>
|
||||
* <li>{@code KRB5_GET_AUTHZ_DATA}:
|
||||
* the returned object is an array of
|
||||
* {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the
|
||||
* optional field is missing in the service ticket.
|
||||
* <li>{@code KRB5_GET_AUTHTIME}:
|
||||
* the returned object is a String object in the standard KerberosTime
|
||||
* format defined in RFC 4120 5.2.3
|
||||
* </ol>
|
||||
*
|
||||
* If there is a security manager, an {@link InquireSecContextPermission}
|
||||
* with the name {@code type.mech} must be granted. Otherwise, this could
|
||||
* result in a {@link SecurityException}.<p>
|
||||
*
|
||||
* Example:
|
||||
* <pre>
|
||||
* GSSContext ctxt = m.createContext(...)
|
||||
* // Establishing the context
|
||||
* if (ctxt instanceof ExtendedGSSContext) {
|
||||
* ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
|
||||
* try {
|
||||
* Key key = (key)ex.inquireSecContext(
|
||||
* InquireType.KRB5_GET_SESSION_KEY);
|
||||
* // read key info
|
||||
* } catch (GSSException gsse) {
|
||||
* // deal with exception
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
* @param type the type of the attribute requested
|
||||
* @return the attribute, see the method documentation for details.
|
||||
* @throws GSSException containing the following
|
||||
* major error codes:
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH} if the mechanism
|
||||
* does not support this method,
|
||||
* {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE} if the
|
||||
* type specified is not supported,
|
||||
* {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT} if the
|
||||
* security context is invalid,
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE} for other
|
||||
* unspecified failures.
|
||||
* @throws SecurityException if a security manager exists and a proper
|
||||
* {@link InquireSecContextPermission} is not granted.
|
||||
* @see InquireSecContextPermission
|
||||
*/
|
||||
public Object inquireSecContext(InquireType type)
|
||||
throws GSSException;
|
||||
}
|
@ -0,0 +1,54 @@
|
||||
/*
|
||||
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Sun designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Sun in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
|
||||
package com.sun.security.jgss;
|
||||
|
||||
import java.security.BasicPermission;
|
||||
|
||||
/**
|
||||
* This class is used to protect various attributes of an established
|
||||
* GSS security context that can be accessed using the
|
||||
* {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
|
||||
* method.
|
||||
*
|
||||
* <p>The target name is the {@link InquireType} allowed.
|
||||
*/
|
||||
public final class InquireSecContextPermission extends BasicPermission {
|
||||
|
||||
/**
|
||||
* Constructs a new {@code InquireSecContextPermission} object with
|
||||
* the specified name. The name is the symbolic name of the
|
||||
* {@link InquireType} allowed.
|
||||
*
|
||||
* @param name the {@link InquireType} allowed by this
|
||||
* permission. "*" means all {@link InquireType}s are allowed.
|
||||
*
|
||||
* @throws NullPointerException if <code>name</code> is <code>null</code>.
|
||||
* @throws IllegalArgumentException if <code>name</code> is empty.
|
||||
*/
|
||||
public InquireSecContextPermission(String name) {
|
||||
super(name);
|
||||
}
|
||||
}
|
54
jdk/src/share/classes/com/sun/security/jgss/InquireType.java
Normal file
54
jdk/src/share/classes/com/sun/security/jgss/InquireType.java
Normal file
@ -0,0 +1,54 @@
|
||||
/*
|
||||
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Sun designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Sun in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
|
||||
package com.sun.security.jgss;
|
||||
|
||||
/**
|
||||
* Attribute types that can be specified as an argument of
|
||||
* {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
|
||||
*/
|
||||
public enum InquireType {
|
||||
/**
|
||||
* Attribute type for retrieving the session key of an
|
||||
* established Kerberos 5 security context.
|
||||
*/
|
||||
KRB5_GET_SESSION_KEY,
|
||||
/**
|
||||
* Attribute type for retrieving the service ticket flags of an
|
||||
* established Kerberos 5 security context.
|
||||
*/
|
||||
KRB5_GET_TKT_FLAGS,
|
||||
/**
|
||||
* Attribute type for retrieving the authorization data in the
|
||||
* service ticket of an established Kerberos 5 security context.
|
||||
* Only supported on the acceptor side.
|
||||
*/
|
||||
KRB5_GET_AUTHZ_DATA,
|
||||
/**
|
||||
* Attribute type for retrieving the authtime in the service ticket
|
||||
* of an established Kerberos 5 security context.
|
||||
*/
|
||||
KRB5_GET_AUTHTIME
|
||||
}
|
@ -47,6 +47,14 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
|
||||
protected SimpleFileVisitor() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Throws NullPointerException if obj is null.
|
||||
*/
|
||||
private static void checkNotNull(Object obj) {
|
||||
if (obj == null)
|
||||
throw new NullPointerException();
|
||||
}
|
||||
|
||||
/**
|
||||
* Invoked for a directory before entries in the directory are visited.
|
||||
*
|
||||
@ -55,6 +63,7 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
|
||||
*/
|
||||
@Override
|
||||
public FileVisitResult preVisitDirectory(T dir) {
|
||||
checkNotNull(dir);
|
||||
return FileVisitResult.CONTINUE;
|
||||
}
|
||||
|
||||
@ -70,6 +79,8 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
|
||||
*/
|
||||
@Override
|
||||
public FileVisitResult preVisitDirectoryFailed(T dir, IOException exc) {
|
||||
checkNotNull(dir);
|
||||
checkNotNull(exc);
|
||||
throw new IOError(exc);
|
||||
}
|
||||
|
||||
@ -81,6 +92,8 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
|
||||
*/
|
||||
@Override
|
||||
public FileVisitResult visitFile(T file, BasicFileAttributes attrs) {
|
||||
checkNotNull(file);
|
||||
checkNotNull(attrs);
|
||||
return FileVisitResult.CONTINUE;
|
||||
}
|
||||
|
||||
@ -96,6 +109,8 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
|
||||
*/
|
||||
@Override
|
||||
public FileVisitResult visitFileFailed(T file, IOException exc) {
|
||||
checkNotNull(file);
|
||||
checkNotNull(exc);
|
||||
throw new IOError(exc);
|
||||
}
|
||||
|
||||
@ -114,6 +129,7 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
|
||||
*/
|
||||
@Override
|
||||
public FileVisitResult postVisitDirectory(T dir, IOException exc) {
|
||||
checkNotNull(dir);
|
||||
if (exc != null)
|
||||
throw new IOError(exc);
|
||||
return FileVisitResult.CONTINUE;
|
||||
|
@ -75,7 +75,7 @@ import java.io.IOException;
|
||||
* .lookupPrincipalByName("joe");
|
||||
*
|
||||
* // get view
|
||||
* AclFileAttributeView view = file.newFileAttributeView(AclFileAttributeView.class);
|
||||
* AclFileAttributeView view = file.getFileAttributeView(AclFileAttributeView.class);
|
||||
*
|
||||
* // create ACE to give "joe" read access
|
||||
* AclEntry entry = AclEntry.newBuilder()
|
||||
|
@ -61,7 +61,7 @@ import java.io.IOException;
|
||||
* Suppose we need to print out the owner and access permissions of a file:
|
||||
* <pre>
|
||||
* FileRef file = ...
|
||||
* PosixFileAttributes attrs = file.newFileAttributeView(PosixFileAttributeView.class)
|
||||
* PosixFileAttributes attrs = file.getFileAttributeView(PosixFileAttributeView.class)
|
||||
* .readAttributes();
|
||||
* System.out.format("%s %s%n",
|
||||
* attrs.owner().getName(),
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,14 +27,13 @@ package sun.security.jgss;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.jgss.spi.*;
|
||||
import sun.security.jgss.*;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
import com.sun.security.jgss.*;
|
||||
|
||||
/**
|
||||
* This class represents the JGSS security context and its associated
|
||||
@ -88,7 +87,7 @@ import java.io.IOException;
|
||||
* per-message operations are returned in an instance of the MessageProp
|
||||
* class, which is used as an argument in these calls.</dl>
|
||||
*/
|
||||
class GSSContextImpl implements GSSContext {
|
||||
class GSSContextImpl implements ExtendedGSSContext {
|
||||
|
||||
private GSSManagerImpl gssManager = null;
|
||||
|
||||
@ -630,4 +629,16 @@ class GSSContextImpl implements GSSContext {
|
||||
srcName = null;
|
||||
targName = null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object inquireSecContext(InquireType type) throws GSSException {
|
||||
SecurityManager security = System.getSecurityManager();
|
||||
if (security != null) {
|
||||
security.checkPermission(new InquireSecContextPermission(type.toString()));
|
||||
}
|
||||
if (mechCtxt == null) {
|
||||
throw new GSSException(GSSException.NO_CONTEXT);
|
||||
}
|
||||
return mechCtxt.inquireSecContext(type);
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,12 +25,14 @@
|
||||
|
||||
package sun.security.jgss.krb5;
|
||||
|
||||
import com.sun.security.jgss.AuthorizationDataEntry;
|
||||
import org.ietf.jgss.*;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import sun.security.krb5.*;
|
||||
import java.net.InetAddress;
|
||||
import sun.security.krb5.internal.AuthorizationData;
|
||||
import sun.security.krb5.internal.KerberosTime;
|
||||
|
||||
class InitSecContextToken extends InitialToken {
|
||||
|
||||
@ -59,6 +61,9 @@ class InitSecContextToken extends InitialToken {
|
||||
|
||||
Checksum checksum = gssChecksum.getChecksum();
|
||||
|
||||
context.setTktFlags(serviceTicket.getFlags());
|
||||
context.setAuthTime(
|
||||
new KerberosTime(serviceTicket.getAuthTime()).toString());
|
||||
apReq = new KrbApReq(serviceTicket,
|
||||
mutualRequired,
|
||||
useSubkey,
|
||||
@ -143,6 +148,21 @@ class InitSecContextToken extends InitialToken {
|
||||
// Use the same sequence number as the peer
|
||||
// (Behaviour exhibited by the Windows SSPI server)
|
||||
context.resetMySequenceNumber(peerSeqNumber);
|
||||
context.setAuthTime(
|
||||
new KerberosTime(apReq.getCreds().getAuthTime()).toString());
|
||||
context.setTktFlags(apReq.getCreds().getFlags());
|
||||
AuthorizationData ad = apReq.getCreds().getAuthzData();
|
||||
if (ad == null) {
|
||||
context.setAuthzData(null);
|
||||
} else {
|
||||
AuthorizationDataEntry[] authzData =
|
||||
new AuthorizationDataEntry[ad.count()];
|
||||
for (int i=0; i<ad.count(); i++) {
|
||||
authzData[i] = new AuthorizationDataEntry(
|
||||
ad.item(i).adType, ad.item(i).adData);
|
||||
}
|
||||
context.setAuthzData(authzData);
|
||||
}
|
||||
}
|
||||
|
||||
public final KrbApReq getKrbApReq() {
|
||||
|
@ -25,6 +25,7 @@
|
||||
|
||||
package sun.security.jgss.krb5;
|
||||
|
||||
import com.sun.security.jgss.InquireType;
|
||||
import org.ietf.jgss.*;
|
||||
import sun.misc.HexDumpEncoder;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
@ -38,6 +39,7 @@ import java.io.IOException;
|
||||
import java.security.Provider;
|
||||
import java.security.AccessController;
|
||||
import java.security.AccessControlContext;
|
||||
import java.security.Key;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.security.PrivilegedActionException;
|
||||
import javax.crypto.Cipher;
|
||||
@ -1283,4 +1285,81 @@ class Krb5Context implements GSSContextSpi {
|
||||
// Currently used by InitialToken only
|
||||
return caller;
|
||||
}
|
||||
|
||||
/**
|
||||
* The session key returned by inquireSecContext(KRB5_INQ_SSPI_SESSION_KEY)
|
||||
*/
|
||||
static class KerberosSessionKey implements Key {
|
||||
private final EncryptionKey key;
|
||||
|
||||
KerberosSessionKey(EncryptionKey key) {
|
||||
this.key = key;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getAlgorithm() {
|
||||
return Integer.toString(key.getEType());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getFormat() {
|
||||
return "RAW";
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] getEncoded() {
|
||||
return key.getBytes().clone();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "Kerberos session key: etype: " + key.getEType() + "\n" +
|
||||
new sun.misc.HexDumpEncoder().encodeBuffer(key.getBytes());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the mechanism-specific attribute associated with {@code type}.
|
||||
*/
|
||||
public Object inquireSecContext(InquireType type)
|
||||
throws GSSException {
|
||||
if (!isEstablished()) {
|
||||
throw new GSSException(GSSException.NO_CONTEXT, -1,
|
||||
"Security context not established.");
|
||||
}
|
||||
switch (type) {
|
||||
case KRB5_GET_SESSION_KEY:
|
||||
return new KerberosSessionKey(key);
|
||||
case KRB5_GET_TKT_FLAGS:
|
||||
return tktFlags.clone();
|
||||
case KRB5_GET_AUTHZ_DATA:
|
||||
if (isInitiator()) {
|
||||
throw new GSSException(GSSException.UNAVAILABLE, -1,
|
||||
"AuthzData not available on initiator side.");
|
||||
} else {
|
||||
return (authzData==null)?null:authzData.clone();
|
||||
}
|
||||
case KRB5_GET_AUTHTIME:
|
||||
return authTime;
|
||||
}
|
||||
throw new GSSException(GSSException.UNAVAILABLE, -1,
|
||||
"Inquire type not supported.");
|
||||
}
|
||||
|
||||
// Helpers for inquireSecContext
|
||||
private boolean[] tktFlags;
|
||||
private String authTime;
|
||||
private com.sun.security.jgss.AuthorizationDataEntry[] authzData;
|
||||
|
||||
public void setTktFlags(boolean[] tktFlags) {
|
||||
this.tktFlags = tktFlags;
|
||||
}
|
||||
|
||||
public void setAuthTime(String authTime) {
|
||||
this.authTime = authTime;
|
||||
}
|
||||
|
||||
public void setAuthzData(com.sun.security.jgss.AuthorizationDataEntry[] authzData) {
|
||||
this.authzData = authzData;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Portions Copyright 2000-2005 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -46,6 +46,7 @@ import org.ietf.jgss.*;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.security.Provider;
|
||||
import com.sun.security.jgss.*;
|
||||
|
||||
/**
|
||||
* This interface is implemented by a mechanism specific instance of a GSS
|
||||
@ -265,7 +266,6 @@ public interface GSSContextSpi {
|
||||
* @param msgPro on input it contains the requested qop and
|
||||
* confidentiality state, on output, the applied values
|
||||
* @exception GSSException may be thrown
|
||||
* @see MessageInfo
|
||||
* @see unwrap
|
||||
*/
|
||||
public void wrap(InputStream is, OutputStream os, MessageProp msgProp)
|
||||
@ -315,7 +315,6 @@ public interface GSSContextSpi {
|
||||
* @param msgProp will contain the applied qop and confidentiality
|
||||
* of the input token and any informatory status values
|
||||
* @exception GSSException may be thrown
|
||||
* @see MessageInfo
|
||||
* @see wrap
|
||||
*/
|
||||
public void unwrap(InputStream is, OutputStream os,
|
||||
@ -403,4 +402,15 @@ public interface GSSContextSpi {
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public void dispose() throws GSSException;
|
||||
|
||||
/**
|
||||
* Return the mechanism-specific attribute associated with (@code type}.
|
||||
*
|
||||
* @param type the type of the attribute requested
|
||||
* @return the attribute
|
||||
* @throws GSSException see {@link ExtendedGSSContext#inquireSecContext}
|
||||
* for details
|
||||
*/
|
||||
public Object inquireSecContext(InquireType type)
|
||||
throws GSSException;
|
||||
}
|
||||
|
@ -25,10 +25,10 @@
|
||||
|
||||
package sun.security.jgss.spnego;
|
||||
|
||||
import com.sun.security.jgss.ExtendedGSSContext;
|
||||
import com.sun.security.jgss.InquireType;
|
||||
import java.io.*;
|
||||
import java.security.Provider;
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.jgss.*;
|
||||
import sun.security.jgss.spi.*;
|
||||
@ -1185,4 +1185,22 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
return ("Unknown state " + state);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve attribute of the context for {@code type}.
|
||||
*/
|
||||
public Object inquireSecContext(InquireType type)
|
||||
throws GSSException {
|
||||
if (mechContext == null) {
|
||||
throw new GSSException(GSSException.NO_CONTEXT, -1,
|
||||
"Underlying mech not established.");
|
||||
}
|
||||
if (mechContext instanceof ExtendedGSSContext) {
|
||||
return ((ExtendedGSSContext)mechContext).inquireSecContext(type);
|
||||
} else {
|
||||
throw new GSSException(GSSException.BAD_MECH, -1,
|
||||
"inquireSecContext not supported by underlying mech.");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -36,6 +36,7 @@ import sun.security.util.ObjectIdentifier;
|
||||
import sun.security.jgss.spnego.NegTokenInit;
|
||||
import sun.security.jgss.spnego.NegTokenTarg;
|
||||
import javax.security.auth.kerberos.DelegationPermission;
|
||||
import com.sun.security.jgss.InquireType;
|
||||
import java.io.*;
|
||||
|
||||
|
||||
@ -615,4 +616,10 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
protected void finalize() throws Throwable {
|
||||
dispose();
|
||||
}
|
||||
|
||||
public Object inquireSecContext(InquireType type)
|
||||
throws GSSException {
|
||||
throw new GSSException(GSSException.UNAVAILABLE, -1,
|
||||
"Inquire type not supported.");
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Portions Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -63,12 +63,29 @@ public class Credentials {
|
||||
KerberosTime renewTill;
|
||||
HostAddresses cAddr;
|
||||
EncryptionKey serviceKey;
|
||||
AuthorizationData authzData;
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
private static CredentialsCache cache;
|
||||
static boolean alreadyLoaded = false;
|
||||
private static boolean alreadyTried = false;
|
||||
private static native Credentials acquireDefaultNativeCreds();
|
||||
|
||||
public Credentials(Ticket new_ticket,
|
||||
PrincipalName new_client,
|
||||
PrincipalName new_server,
|
||||
EncryptionKey new_key,
|
||||
TicketFlags new_flags,
|
||||
KerberosTime authTime,
|
||||
KerberosTime new_startTime,
|
||||
KerberosTime new_endTime,
|
||||
KerberosTime renewTill,
|
||||
HostAddresses cAddr,
|
||||
AuthorizationData authzData) {
|
||||
this(new_ticket, new_client, new_server, new_key, new_flags,
|
||||
authTime, new_startTime, new_endTime, renewTill, cAddr);
|
||||
this.authzData = authzData;
|
||||
}
|
||||
|
||||
public Credentials(Ticket new_ticket,
|
||||
PrincipalName new_client,
|
||||
PrincipalName new_server,
|
||||
@ -213,6 +230,9 @@ public class Credentials {
|
||||
return flags;
|
||||
}
|
||||
|
||||
public AuthorizationData getAuthzData() {
|
||||
return authzData;
|
||||
}
|
||||
/**
|
||||
* Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE
|
||||
* flag set
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Portions Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -356,12 +356,13 @@ public class KrbApReq {
|
||||
authenticator.cname,
|
||||
apReqMessg.ticket.sname,
|
||||
enc_ticketPart.key,
|
||||
null,
|
||||
enc_ticketPart.flags,
|
||||
enc_ticketPart.authtime,
|
||||
enc_ticketPart.starttime,
|
||||
enc_ticketPart.endtime,
|
||||
enc_ticketPart.renewTill,
|
||||
enc_ticketPart.caddr);
|
||||
enc_ticketPart.caddr,
|
||||
enc_ticketPart.authorizationData);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbApReq: authenticate succeed.");
|
||||
}
|
||||
|
@ -174,4 +174,12 @@ public class AuthorizationData implements Cloneable {
|
||||
}
|
||||
return retVal;
|
||||
}
|
||||
|
||||
public int count() {
|
||||
return entry.length;
|
||||
}
|
||||
|
||||
public AuthorizationDataEntry item(int i) {
|
||||
return (AuthorizationDataEntry)entry[i].clone();
|
||||
}
|
||||
}
|
||||
|
@ -412,6 +412,16 @@ public class JarSigner {
|
||||
}
|
||||
storetype = KeyStoreUtil.niceStoreTypeName(storetype);
|
||||
|
||||
try {
|
||||
if (signedjar != null && new File(signedjar).getCanonicalPath().equals(
|
||||
new File(jarfile).getCanonicalPath())) {
|
||||
signedjar = null;
|
||||
}
|
||||
} catch (IOException ioe) {
|
||||
// File system error?
|
||||
// Just ignore it.
|
||||
}
|
||||
|
||||
if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
|
||||
KeyStoreUtil.isWindowsKeyStore(storetype)) {
|
||||
token = true;
|
||||
|
@ -880,14 +880,19 @@ public final class KeyTool {
|
||||
// might not work properly, since -gencert is slow
|
||||
// and there's no data in the pipe at the beginning.
|
||||
ByteArrayOutputStream bout = new ByteArrayOutputStream();
|
||||
try {
|
||||
byte[] b = new byte[4096];
|
||||
while (true) {
|
||||
int len = inStream.read(b);
|
||||
if (len < 0) break;
|
||||
bout.write(b, 0, len);
|
||||
}
|
||||
} finally {
|
||||
if (inStream != System.in) {
|
||||
inStream.close();
|
||||
}
|
||||
}
|
||||
inStream = new ByteArrayInputStream(bout.toByteArray());
|
||||
try {
|
||||
String importAlias = (alias!=null)?alias:keyAlias;
|
||||
if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
|
||||
kssave = installReply(importAlias, inStream);
|
||||
@ -910,11 +915,6 @@ public final class KeyTool {
|
||||
("Certificate was not added to keystore"));
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
if (inStream != System.in) {
|
||||
inStream.close();
|
||||
}
|
||||
}
|
||||
} else if (command == IMPORTKEYSTORE) {
|
||||
doImportKeyStore();
|
||||
kssave = true;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,21 +35,16 @@ import java.net.MalformedURLException;
|
||||
import java.lang.reflect.*;
|
||||
import java.text.Collator;
|
||||
import java.text.MessageFormat;
|
||||
import sun.misc.BASE64Decoder;
|
||||
import sun.security.provider.PolicyParser.PermissionEntry;
|
||||
import sun.security.util.PropertyExpander;
|
||||
import sun.security.util.PropertyExpander.ExpandException;
|
||||
import java.awt.*;
|
||||
import java.awt.event.*;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.*;
|
||||
import sun.security.provider.*;
|
||||
import sun.security.util.PolicyUtil;
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
import java.util.HashSet;
|
||||
|
||||
/**
|
||||
* PolicyTool may be used by users and administrators to configure the
|
||||
@ -1459,6 +1454,7 @@ class ToolDialog extends Dialog {
|
||||
PERM_ARRAY.add(new AWTPerm());
|
||||
PERM_ARRAY.add(new DelegationPerm());
|
||||
PERM_ARRAY.add(new FilePerm());
|
||||
PERM_ARRAY.add(new InqSecContextPerm());
|
||||
PERM_ARRAY.add(new LogPerm());
|
||||
PERM_ARRAY.add(new MgmtPerm());
|
||||
PERM_ARRAY.add(new MBeanPerm());
|
||||
@ -3961,6 +3957,20 @@ class FilePerm extends Perm {
|
||||
}
|
||||
}
|
||||
|
||||
class InqSecContextPerm extends Perm {
|
||||
public InqSecContextPerm() {
|
||||
super("InquireSecContextPermission",
|
||||
"com.sun.security.jgss.InquireSecContextPermission",
|
||||
new String[] {
|
||||
"KRB5_GET_SESSION_KEY",
|
||||
"KRB5_GET_TKT_FLAGS",
|
||||
"KRB5_GET_AUTHZ_DATA",
|
||||
"KRB5_GET_AUTHTIME"
|
||||
},
|
||||
null);
|
||||
}
|
||||
}
|
||||
|
||||
class LogPerm extends Perm {
|
||||
public LogPerm() {
|
||||
super("LoggingPermission",
|
||||
|
@ -541,7 +541,7 @@ Java_sun_nio_ch_Net_shutdown(JNIEnv *env, jclass cl, jobject fdo, jint jhow)
|
||||
{
|
||||
int how = (jhow == sun_nio_ch_Net_SHUT_RD) ? SHUT_RD :
|
||||
(jhow == sun_nio_ch_Net_SHUT_WR) ? SHUT_WR : SHUT_RDWR;
|
||||
if (shutdown(fdval(env, fdo), how) < 0)
|
||||
if ((shutdown(fdval(env, fdo), how) < 0) && (errno != ENOTCONN))
|
||||
handleSocketError(env, errno);
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,50 @@
|
||||
/*
|
||||
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @bug 6710360
|
||||
* @summary export Kerberos session key to applications
|
||||
*/
|
||||
|
||||
import com.sun.security.jgss.InquireSecContextPermission;
|
||||
|
||||
public class InquireSecContextPermissionCheck {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
InquireSecContextPermission p0, p1;
|
||||
p0 = new InquireSecContextPermission(
|
||||
"KRB5_GET_SESSION_KEY");
|
||||
p1 = new InquireSecContextPermission("*");
|
||||
|
||||
if (!p1.implies(p0) || !p1.implies(p1) || !p0.implies(p0)) {
|
||||
throw new Exception("Check failed");
|
||||
}
|
||||
|
||||
if (p0.implies(p1)) {
|
||||
throw new Exception("This is bad");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -22,26 +22,65 @@
|
||||
*/
|
||||
|
||||
/* @test
|
||||
* @bug 4618960
|
||||
* @summary Test isInputShutdown
|
||||
* @library ..
|
||||
* @bug 4618960 4516760
|
||||
* @summary Test shutdownXXX and isInputShutdown
|
||||
*/
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.*;
|
||||
import java.nio.*;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.channels.*;
|
||||
|
||||
public class Shutdown {
|
||||
|
||||
public static void main(String args[]) throws Exception {
|
||||
InetSocketAddress sa = new InetSocketAddress(
|
||||
InetAddress.getByName(TestUtil.HOST), 23);
|
||||
SocketChannel sc = SocketChannel.open(sa);
|
||||
/**
|
||||
* Accept a connection, and close it immediately causing a hard reset.
|
||||
*/
|
||||
static void acceptAndReset(ServerSocketChannel ssc) throws IOException {
|
||||
SocketChannel peer = ssc.accept();
|
||||
try {
|
||||
peer.setOption(StandardSocketOption.SO_LINGER, 0);
|
||||
peer.configureBlocking(false);
|
||||
peer.write(ByteBuffer.wrap(new byte[128*1024]));
|
||||
} finally {
|
||||
peer.close();
|
||||
}
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
ServerSocketChannel ssc = ServerSocketChannel.open()
|
||||
.bind(new InetSocketAddress(0));
|
||||
try {
|
||||
InetAddress lh = InetAddress.getLocalHost();
|
||||
int port = ((InetSocketAddress)(ssc.getLocalAddress())).getPort();
|
||||
SocketAddress remote = new InetSocketAddress(lh, port);
|
||||
|
||||
// Test SocketChannel shutdownXXX
|
||||
SocketChannel sc;
|
||||
sc = SocketChannel.open(remote);
|
||||
try {
|
||||
acceptAndReset(ssc);
|
||||
sc.shutdownInput();
|
||||
sc.shutdownOutput();
|
||||
} finally {
|
||||
sc.close();
|
||||
}
|
||||
|
||||
// Test Socket adapter shutdownXXX and isShutdownInput
|
||||
sc = SocketChannel.open(remote);
|
||||
try {
|
||||
acceptAndReset(ssc);
|
||||
boolean before = sc.socket().isInputShutdown();
|
||||
sc.socket().shutdownInput();
|
||||
boolean after = sc.socket().isInputShutdown();
|
||||
sc.close();
|
||||
if (before || !after)
|
||||
throw new Exception("Test failed");
|
||||
throw new RuntimeException("Before and after test failed");
|
||||
sc.socket().shutdownOutput();
|
||||
} finally {
|
||||
sc.close();
|
||||
}
|
||||
} finally {
|
||||
ssc.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -22,13 +22,14 @@
|
||||
*/
|
||||
|
||||
/* @test
|
||||
* @bug 4313887 6838333
|
||||
* @bug 4313887 6838333 6865748
|
||||
* @summary Unit test for java.nio.file.Files for miscellenous cases not
|
||||
* covered by other tests
|
||||
* @library ..
|
||||
*/
|
||||
|
||||
import java.nio.file.*;
|
||||
import java.nio.file.attribute.Attributes;
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
|
||||
@ -113,5 +114,29 @@ public class Misc {
|
||||
npeExpected();
|
||||
} catch (NullPointerException e) {
|
||||
}
|
||||
|
||||
SimpleFileVisitor<Path> visitor = new SimpleFileVisitor<Path>() { };
|
||||
boolean ranTheGauntlet = false;
|
||||
try { visitor.preVisitDirectory(null);
|
||||
} catch (NullPointerException x0) {
|
||||
try { visitor.preVisitDirectoryFailed(null, new IOException());
|
||||
} catch (NullPointerException x1) {
|
||||
try { visitor.preVisitDirectoryFailed(dir, null);
|
||||
} catch (NullPointerException x2) {
|
||||
try { visitor.visitFile(null, Attributes.readBasicFileAttributes(Paths.get(".")));
|
||||
} catch (NullPointerException x3) {
|
||||
try { visitor.visitFile(dir, null);
|
||||
} catch (NullPointerException x4) {
|
||||
try { visitor.visitFileFailed(null, new IOException());
|
||||
} catch (NullPointerException x5) {
|
||||
try { visitor.visitFileFailed(dir, null);
|
||||
} catch (NullPointerException x6) {
|
||||
try { visitor.postVisitDirectory(null, new IOException());
|
||||
} catch (NullPointerException x7) {
|
||||
// if we get here then all visit* methods threw NPE as expected
|
||||
ranTheGauntlet = true;
|
||||
}}}}}}}}
|
||||
if (!ranTheGauntlet)
|
||||
throw new RuntimeException("A visit method did not throw NPE");
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2008-2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -22,6 +22,7 @@
|
||||
*/
|
||||
|
||||
import com.sun.security.auth.module.Krb5LoginModule;
|
||||
import java.security.Key;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.Arrays;
|
||||
@ -38,6 +39,9 @@ import org.ietf.jgss.GSSManager;
|
||||
import org.ietf.jgss.GSSName;
|
||||
import org.ietf.jgss.MessageProp;
|
||||
import org.ietf.jgss.Oid;
|
||||
import com.sun.security.jgss.ExtendedGSSContext;
|
||||
import com.sun.security.jgss.InquireType;
|
||||
import com.sun.security.jgss.AuthorizationDataEntry;
|
||||
|
||||
/**
|
||||
* Context of a JGSS subject, encapsulating Subject and GSSContext.
|
||||
@ -276,6 +280,34 @@ public class Context {
|
||||
}
|
||||
}
|
||||
}
|
||||
if (x != null && x instanceof ExtendedGSSContext) {
|
||||
if (x.isEstablished()) {
|
||||
ExtendedGSSContext ex = (ExtendedGSSContext)x;
|
||||
Key k = (Key)ex.inquireSecContext(
|
||||
InquireType.KRB5_GET_SESSION_KEY);
|
||||
if (k == null) {
|
||||
throw new Exception("Session key cannot be null");
|
||||
}
|
||||
System.out.println("Session key is: " + k);
|
||||
boolean[] flags = (boolean[])ex.inquireSecContext(
|
||||
InquireType.KRB5_GET_TKT_FLAGS);
|
||||
if (flags == null) {
|
||||
throw new Exception("Ticket flags cannot be null");
|
||||
}
|
||||
System.out.println("Ticket flags is: " + Arrays.toString(flags));
|
||||
String authTime = (String)ex.inquireSecContext(
|
||||
InquireType.KRB5_GET_AUTHTIME);
|
||||
if (authTime == null) {
|
||||
throw new Exception("Auth time cannot be null");
|
||||
}
|
||||
System.out.println("AuthTime is: " + authTime);
|
||||
if (!x.isInitiator()) {
|
||||
AuthorizationDataEntry[] ad = (AuthorizationDataEntry[])ex.inquireSecContext(
|
||||
InquireType.KRB5_GET_AUTHZ_DATA);
|
||||
System.out.println("AuthzData is: " + Arrays.toString(ad));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
61
jdk/test/sun/security/tools/jarsigner/samename.sh
Normal file
61
jdk/test/sun/security/tools/jarsigner/samename.sh
Normal file
@ -0,0 +1,61 @@
|
||||
#
|
||||
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License version 2 only, as
|
||||
# published by the Free Software Foundation.
|
||||
#
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# version 2 for more details (a copy is included in the LICENSE file that
|
||||
# accompanied this code).
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License version
|
||||
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
# CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
# have any questions.
|
||||
#
|
||||
|
||||
# @test
|
||||
# @bug 6866479
|
||||
# @summary libzip.so caused JVM to crash when running jarsigner
|
||||
#
|
||||
|
||||
if [ "${TESTJAVA}" = "" ] ; then
|
||||
JAVAC_CMD=`which javac`
|
||||
TESTJAVA=`dirname $JAVAC_CMD`/..
|
||||
fi
|
||||
|
||||
# set platform-dependent variables
|
||||
OS=`uname -s`
|
||||
case "$OS" in
|
||||
Windows_* | CYGWIN* )
|
||||
SIGNEDJAR=EM.jar
|
||||
FS="\\"
|
||||
;;
|
||||
* )
|
||||
SIGNEDJAR=em.jar
|
||||
FS="/"
|
||||
;;
|
||||
esac
|
||||
|
||||
KS=samename.jks
|
||||
JFILE=em.jar
|
||||
|
||||
KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
|
||||
JAR=$TESTJAVA${FS}bin${FS}jar
|
||||
JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
|
||||
|
||||
rm $KS $JFILE $SIGNEDJAR
|
||||
echo A > A
|
||||
$JAR cvf $JFILE A
|
||||
|
||||
$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
|
||||
|
||||
$JARSIGNER -keystore $KS -storepass changeit -signedjar $SIGNEDJAR $JFILE a
|
||||
|
Loading…
x
Reference in New Issue
Block a user