8327818: Implement Kerberos debug with sun.security.util.Debug

Reviewed-by: coffeys, ssahoo
This commit is contained in:
Weijun Wang 2024-03-18 15:36:28 +00:00
parent dec68d7e36
commit 569b05addf
62 changed files with 855 additions and 816 deletions

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -159,6 +159,33 @@ public class Debug {
}
}
/**
* Get a Debug object corresponding to the given option on the given
* property value.
* <p>
* Note: unlike other {@code getInstance} methods, this method does not
* use the {@code java.security.debug} system property.
* <p>
* Usually, this method is used by other individual area-specific debug
* settings. For example,
* {@snippet lang=java:
* Map<String, String> settings = loadLoginSettings();
* String property = settings.get("login");
* Debug debug = Debug.of("login", property);
* }
* @param option the debug option name
* @param property debug setting for this option
* @return a new Debug object if the property is true
*/
public static Debug of(String option, String property) {
if ("true".equalsIgnoreCase(property)) {
Debug d = new Debug();
d.prefix = option;
return d;
}
return null;
}
/**
* True if the system property "security.debug" contains the
* string "option".

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -81,7 +81,7 @@ static jclass FindClass(JNIEnv *env, char *className)
jclass cls = (*env)->FindClass(env, className);
if (cls == NULL) {
printf("Couldn't find %s\n", className);
fprintf(stderr, "Couldn't find %s\n", className);
return NULL;
}
@ -129,49 +129,49 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved)
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
if (ticketConstructor == 0) {
printf("Couldn't find Ticket constructor\n");
fprintf(stderr, "Couldn't find Ticket constructor\n");
return JNI_ERR;
}
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V");
if (principalNameConstructor == 0) {
printf("Couldn't find PrincipalName constructor\n");
fprintf(stderr, "Couldn't find PrincipalName constructor\n");
return JNI_ERR;
}
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V");
if (encryptionKeyConstructor == 0) {
printf("Couldn't find EncryptionKey constructor\n");
fprintf(stderr, "Couldn't find EncryptionKey constructor\n");
return JNI_ERR;
}
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V");
if (ticketFlagsConstructor == 0) {
printf("Couldn't find TicketFlags constructor\n");
fprintf(stderr, "Couldn't find TicketFlags constructor\n");
return JNI_ERR;
}
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V");
if (kerberosTimeConstructor == 0) {
printf("Couldn't find KerberosTime constructor\n");
fprintf(stderr, "Couldn't find KerberosTime constructor\n");
return JNI_ERR;
}
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V");
if (integerConstructor == 0) {
printf("Couldn't find Integer constructor\n");
fprintf(stderr, "Couldn't find Integer constructor\n");
return JNI_ERR;
}
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V");
if (hostAddressConstructor == 0) {
printf("Couldn't find HostAddress constructor\n");
fprintf(stderr, "Couldn't find HostAddress constructor\n");
return JNI_ERR;
}
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V");
if (hostAddressesConstructor == 0) {
printf("Couldn't find HostAddresses constructor\n");
fprintf(stderr, "Couldn't find HostAddresses constructor\n");
return JNI_ERR;
}
@ -376,7 +376,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
if (krbcredsConstructor == 0) {
printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
fprintf(stderr, "Couldn't find sun.security.krb5.internal.Ticket constructor\n");
break;
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -447,43 +447,6 @@ public final class ServicePermission extends Permission
s.defaultReadObject();
init(getName(),getMask(actions));
}
/*
public static void main(String[] args) throws Exception {
ServicePermission this_ =
new ServicePermission(args[0], "accept");
ServicePermission that_ =
new ServicePermission(args[1], "accept,initiate");
System.out.println("-----\n");
System.out.println("this.implies(that) = " + this_.implies(that_));
System.out.println("-----\n");
System.out.println("this = "+this_);
System.out.println("-----\n");
System.out.println("that = "+that_);
System.out.println("-----\n");
KrbServicePermissionCollection nps =
new KrbServicePermissionCollection();
nps.add(this_);
nps.add(new ServicePermission("nfs/example.com@EXAMPLE.COM",
"accept"));
nps.add(new ServicePermission("host/example.com@EXAMPLE.COM",
"initiate"));
System.out.println("nps.implies(that) = " + nps.implies(that_));
System.out.println("-----\n");
Enumeration e = nps.elements();
while (e.hasMoreElements()) {
ServicePermission x =
(ServicePermission) e.nextElement();
System.out.println("nps.e = " + x);
}
}
*/
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,7 +35,6 @@ import org.ietf.jgss.Oid;
import sun.net.www.protocol.http.HttpCallerInfo;
import sun.net.www.protocol.http.Negotiator;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
import sun.security.jgss.GSSManagerImpl;
import sun.security.jgss.GSSContextImpl;
@ -45,6 +44,8 @@ import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
import sun.security.util.ChannelBindingException;
import sun.security.util.TlsChannelBinding;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates all JAAS and JGSS API calls in a separate class
* outside NegotiateAuthentication.java so that J2SE build can go smoothly
@ -55,9 +56,6 @@ import sun.security.util.TlsChannelBinding;
*/
public class NegotiatorImpl extends Negotiator {
private static final boolean DEBUG =
GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
private GSSContext context;
private byte[] oneToken;
@ -105,8 +103,8 @@ public class NegotiatorImpl extends Negotiator {
((GSSContextImpl)context).requestDelegPolicy(true);
}
if (hci.serverCert != null) {
if (DEBUG) {
System.out.println("Negotiate: Setting CBT");
if (DEBUG != null) {
DEBUG.println("Negotiate: Setting CBT");
}
// set the channel binding token
TlsChannelBinding b = TlsChannelBinding.create(hci.serverCert);
@ -123,8 +121,8 @@ public class NegotiatorImpl extends Negotiator {
try {
init(hci);
} catch (GSSException | ChannelBindingException e) {
if (DEBUG) {
System.out.println("Negotiate support not initiated, will " +
if (DEBUG != null) {
DEBUG.println("Negotiate support not initiated, will " +
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
@ -160,9 +158,9 @@ public class NegotiatorImpl extends Negotiator {
}
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Negotiate support cannot continue. Reason:");
e.printStackTrace();
if (DEBUG != null) {
DEBUG.println("Negotiate support cannot continue. Reason:");
e.printStackTrace(DEBUG.getPrintStream());
}
throw new IOException("Negotiate support cannot continue", e);
}
@ -181,9 +179,9 @@ public class NegotiatorImpl extends Negotiator {
context.dispose();
}
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Cannot release resources. Reason:");
e.printStackTrace();
if (DEBUG != null) {
DEBUG.println("Cannot release resources. Reason:");
e.printStackTrace(DEBUG.getPrintStream());
}
throw new IOException("Cannot release resources", e);
};

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -90,7 +90,7 @@ public class GSSCredentialImpl implements GSSCredential {
} catch (GSSException e) {
if (defaultList) {
// Try the next mechanism
if (GSSUtil.DEBUG) {
if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Ignore " + e + " while acquiring cred for "
+ mechs[i]);
// e.printStackTrace();

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -317,25 +317,4 @@ public class GSSHeader {
return retVal;
}
// XXX Call these two in some central class
private void debug(String str) {
System.err.print(str);
}
private String getHexBytes(byte[] bytes, int len)
throws IOException {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < len; i++) {
int b1 = (bytes[i] >> 4) & 0x0f;
int b2 = bytes[i] & 0x0f;
sb.append(Integer.toHexString(b1));
sb.append(Integer.toHexString(b2));
sb.append(' ');
}
return sb.toString();
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -88,7 +88,7 @@ public class GSSManagerImpl extends GSSManager {
}
} catch (GSSException e) {
// Squelch it and just skip over this mechanism
if (GSSUtil.DEBUG) {
if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Skip " + mech +
": error retrieving supported name types");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,8 +45,8 @@ import java.security.PrivilegedActionException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import sun.security.action.GetBooleanAction;
import sun.security.util.ConsoleCallbackHandler;
import sun.security.util.Debug;
/**
* The GSSUtilImplementation that knows how to work with the internals of
@ -67,12 +67,12 @@ public class GSSUtil {
public static final Oid NT_GSS_KRB5_PRINCIPAL =
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
static final boolean DEBUG =
GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
static final Debug DEBUG = Debug.of("jgss", GetPropertyAction
.privilegedGetProperty("sun.security.jgss.debug"));
static void debug(String message) {
assert(message != null);
System.out.println(message);
DEBUG.println(message);
}
// NOTE: this method is only for creating Oid objects with
@ -82,7 +82,7 @@ public class GSSUtil {
try {
return new Oid(oidStr);
} catch (GSSException e) {
if (DEBUG) {
if (DEBUG != null) {
debug("Ignored invalid OID: " + oidStr);
}
return null;
@ -138,7 +138,7 @@ public class GSSUtil {
KerberosPrincipal krbPrinc = new KerberosPrincipal(krbName);
krb5Principals.add(krbPrinc);
} catch (GSSException ge) {
if (DEBUG) {
if (DEBUG != null) {
debug("Skipped name " + name + " due to " + ge);
}
}
@ -151,7 +151,7 @@ public class GSSUtil {
} else {
privCredentials = new HashSet<>(); // empty Set
}
if (DEBUG) {
if (DEBUG != null) {
debug("Created Subject with the following");
debug("principals=" + krb5Principals);
debug("public creds=" + pubCredentials);
@ -216,7 +216,7 @@ public class GSSUtil {
credentials.add(cred);
} else {
// Ignore non-KerberosTicket and non-KerberosKey elements
if (DEBUG) {
if (DEBUG != null) {
debug("Skipped cred element: " + cred);
}
}
@ -314,7 +314,7 @@ public class GSSUtil {
final Oid mech,
final boolean initiate,
final Class<? extends T> credCls) {
if (DEBUG) {
if (DEBUG != null) {
debug("Search Subject for " + getMechStr(mech) +
(initiate ? " INIT" : " ACCEPT") + " cred (" +
(name == null ? "<<DEF>>" : name.toString()) + ", " +
@ -334,13 +334,13 @@ public class GSSUtil {
(GSSCredentialImpl.class).iterator();
while (iterator.hasNext()) {
GSSCredentialImpl cred = iterator.next();
if (DEBUG) {
if (DEBUG != null) {
debug("...Found cred" + cred);
}
try {
GSSCredentialSpi ce =
cred.getElement(mech, initiate);
if (DEBUG) {
if (DEBUG != null) {
debug("......Found element: " + ce);
}
if (ce.getClass().equals(credCls) &&
@ -348,24 +348,24 @@ public class GSSUtil {
name.equals((Object) ce.getName()))) {
result.add(credCls.cast(ce));
} else {
if (DEBUG) {
if (DEBUG != null) {
debug("......Discard element");
}
}
} catch (GSSException ge) {
if (DEBUG) {
if (DEBUG != null) {
debug("...Discard cred (" + ge + ")");
}
}
}
} else if (DEBUG) {
} else if (DEBUG != null) {
debug("No Subject");
}
return result;
});
return creds;
} catch (PrivilegedActionException pae) {
if (DEBUG) {
if (DEBUG != null) {
debug("Unexpected exception when searching Subject:");
pae.printStackTrace();
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -135,7 +135,7 @@ public final class ProviderList {
addProviderAtEnd(prov, null);
} catch (GSSException ge) {
// Move on to the next provider
if (GSSUtil.DEBUG) {
if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Error in adding provider " +
prov.getName() + ": " + ge);
}
@ -420,7 +420,7 @@ public final class ProviderList {
retVal = true;
} catch (GSSException e) {
// Skip to next property
if (GSSUtil.DEBUG) {
if (GSSUtil.DEBUG != null) {
GSSUtil.debug("Ignore the invalid property " +
prop + " from provider " + p.getName());
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -66,9 +66,6 @@ class CipherHelper {
// key usage for MIC tokens used by MS
private static final int KG_USAGE_SIGN_MS = 15;
// debug flag
private static final boolean DEBUG = Krb5Util.DEBUG;
/**
* A zero initial vector to be used for checksum calculation and for
* DesCbc application data encryption/decryption.

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -43,6 +43,8 @@ import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import sun.security.krb5.internal.AuthorizationData;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the mechanism specific context class for the Kerberos v5
* GSS-API mechanism.
@ -121,7 +123,6 @@ class Krb5Context implements GSSContextSpi {
private Credentials serviceCreds;
private KrbApReq apReq;
private final GSSCaller caller;
private static final boolean DEBUG = Krb5Util.DEBUG;
/**
* Constructor for Krb5Context to be called on the context initiator's
@ -379,8 +380,8 @@ class Krb5Context implements GSSContextSpi {
}
final void resetMySequenceNumber(int seqNumber) {
if (DEBUG) {
System.out.println("Krb5Context setting mySeqNumber to: "
if (DEBUG != null) {
DEBUG.println("Krb5Context setting mySeqNumber to: "
+ seqNumber);
}
synchronized (mySeqNumberLock) {
@ -389,8 +390,8 @@ class Krb5Context implements GSSContextSpi {
}
final void resetPeerSequenceNumber(int seqNumber) {
if (DEBUG) {
System.out.println("Krb5Context setting peerSeqNumber to: "
if (DEBUG != null) {
DEBUG.println("Krb5Context setting peerSeqNumber to: "
+ seqNumber);
}
synchronized (peerSeqNumberLock) {
@ -534,8 +535,8 @@ class Krb5Context implements GSSContextSpi {
// We will only try constrained delegation once (if necessary).
if (!isConstrainedDelegationTried) {
if (delegatedCred == null) {
if (DEBUG) {
System.out.println(">>> Constrained deleg from " + caller);
if (DEBUG != null) {
DEBUG.println(">>> Constrained deleg from " + caller);
}
// The constrained delegation part. The acceptor needs to have
// isInitiator=true in order to get a TGT, either earlier at
@ -593,8 +594,8 @@ class Krb5Context implements GSSContextSpi {
byte[] retVal = null;
InitialToken token = null;
int errorCode = GSSException.FAILURE;
if (DEBUG) {
System.out.println("Entered Krb5Context.initSecContext with " +
if (DEBUG != null) {
DEBUG.println("Entered Krb5Context.initSecContext with " +
"state=" + printState(state));
}
if (!isInitiator()) {
@ -660,14 +661,14 @@ class Krb5Context implements GSSContextSpi {
}});
kerbTicket = tmp;
} catch (PrivilegedActionException e) {
if (DEBUG) {
System.out.println("Attempt to obtain service"
if (DEBUG != null) {
DEBUG.println("Attempt to obtain service"
+ " ticket from the subject failed!");
}
}
if (kerbTicket != null) {
if (DEBUG) {
System.out.println("Found service ticket in " +
if (DEBUG != null) {
DEBUG.println("Found service ticket in " +
"the subject" +
kerbTicket);
}
@ -681,8 +682,8 @@ class Krb5Context implements GSSContextSpi {
if (serviceCreds == null) {
// either we did not find the serviceCreds in the
// Subject or useSubjectCreds is false
if (DEBUG) {
System.out.println("Service ticket not found in " +
if (DEBUG != null) {
DEBUG.println("Service ticket not found in " +
"the subject");
}
// Get Service ticket using the Kerberos protocols
@ -721,8 +722,8 @@ class Krb5Context implements GSSContextSpi {
});
} else {
// log it for debugging purpose
if (DEBUG) {
System.out.println("Subject is " +
if (DEBUG != null) {
DEBUG.println("Subject is " +
"readOnly;Kerberos Service "+
"ticket not stored");
}
@ -738,8 +739,8 @@ class Krb5Context implements GSSContextSpi {
if (!getMutualAuthState()) {
state = STATE_DONE;
}
if (DEBUG) {
System.out.println("Created InitSecContextToken:\n"+
if (DEBUG != null) {
DEBUG.println("Created InitSecContextToken:\n"+
new HexDumpEncoder().encodeBuffer(retVal));
}
} else if (state == STATE_IN_PROCESS) {
@ -750,12 +751,12 @@ class Krb5Context implements GSSContextSpi {
state = STATE_DONE;
} else {
// XXX Use logging API?
if (DEBUG) {
System.out.println(state);
if (DEBUG != null) {
DEBUG.println("state is " + state);
}
}
} catch (KrbException e) {
if (DEBUG) {
if (DEBUG != null) {
e.printStackTrace();
}
GSSException gssException =
@ -792,8 +793,8 @@ class Krb5Context implements GSSContextSpi {
byte[] retVal = null;
if (DEBUG) {
System.out.println("Entered Krb5Context.acceptSecContext with " +
if (DEBUG != null) {
DEBUG.println("Entered Krb5Context.acceptSecContext with " +
"state=" + printState(state));
}
@ -839,8 +840,8 @@ class Krb5Context implements GSSContextSpi {
state = STATE_DONE;
} else {
// XXX Use logging API?
if (DEBUG) {
System.out.println(state);
if (DEBUG != null) {
DEBUG.println("state is " + state);
}
}
} catch (KrbException e) {
@ -849,8 +850,8 @@ class Krb5Context implements GSSContextSpi {
gssException.initCause(e);
throw gssException;
} catch (IOException e) {
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
GSSException gssException =
new GSSException(GSSException.FAILURE, -1, e.getMessage());
@ -898,8 +899,8 @@ class Krb5Context implements GSSContextSpi {
public final byte[] wrap(byte[] inBuf, int offset, int len,
MessageProp msgProp) throws GSSException {
if (DEBUG) {
System.out.println("Krb5Context.wrap: data=["
if (DEBUG != null) {
DEBUG.println("Krb5Context.wrap: data=["
+ getHexBytes(inBuf, offset, len)
+ "]");
}
@ -919,8 +920,8 @@ class Krb5Context implements GSSContextSpi {
new WrapToken_v2(this, msgProp, inBuf, offset, len);
encToken = token.encode();
}
if (DEBUG) {
System.out.println("Krb5Context.wrap: token=["
if (DEBUG != null) {
DEBUG.println("Krb5Context.wrap: token=["
+ getHexBytes(encToken, 0, encToken.length)
+ "]");
}
@ -952,8 +953,8 @@ class Krb5Context implements GSSContextSpi {
new WrapToken_v2(this, msgProp, inBuf, inOffset, len);
retVal = token.encode(outBuf, outOffset);
}
if (DEBUG) {
System.out.println("Krb5Context.wrap: token=["
if (DEBUG != null) {
DEBUG.println("Krb5Context.wrap: token=["
+ getHexBytes(outBuf, outOffset, retVal)
+ "]");
}
@ -980,14 +981,14 @@ class Krb5Context implements GSSContextSpi {
WrapToken token =
new WrapToken(this, msgProp, inBuf, offset, len);
token.encode(os);
if (DEBUG) {
if (DEBUG != null) {
encToken = token.encode();
}
} else if (cipherHelper.getProto() == 1) {
WrapToken_v2 token =
new WrapToken_v2(this, msgProp, inBuf, offset, len);
token.encode(os);
if (DEBUG) {
if (DEBUG != null) {
encToken = token.encode();
}
}
@ -998,8 +999,8 @@ class Krb5Context implements GSSContextSpi {
throw gssException;
}
if (DEBUG) {
System.out.println("Krb5Context.wrap: token=["
if (DEBUG != null) {
DEBUG.println("Krb5Context.wrap: token=["
+ getHexBytes(encToken, 0, encToken.length)
+ "]");
}
@ -1025,8 +1026,8 @@ class Krb5Context implements GSSContextSpi {
MessageProp msgProp)
throws GSSException {
if (DEBUG) {
System.out.println("Krb5Context.unwrap: token=["
if (DEBUG != null) {
DEBUG.println("Krb5Context.unwrap: token=["
+ getHexBytes(inBuf, offset, len)
+ "]");
}
@ -1049,8 +1050,8 @@ class Krb5Context implements GSSContextSpi {
setSequencingAndReplayProps(token, msgProp);
}
if (DEBUG) {
System.out.println("Krb5Context.unwrap: data=["
if (DEBUG != null) {
DEBUG.println("Krb5Context.unwrap: data=["
+ getHexBytes(data, 0, data.length)
+ "]");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,8 @@ import javax.security.auth.kerberos.ServicePermission;
import java.security.Provider;
import java.util.Vector;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Krb5 Mechanism plug in for JGSS
* This is the properties object required by the JGSS framework.
@ -43,8 +45,6 @@ import java.util.Vector;
public final class Krb5MechFactory implements MechanismFactory {
private static final boolean DEBUG = Krb5Util.DEBUG;
static final Provider PROVIDER =
new sun.security.jgss.SunProvider();
@ -152,8 +152,8 @@ public final class Krb5MechFactory implements MechanismFactory {
try {
sm.checkPermission(perm);
} catch (SecurityException e) {
if (DEBUG) {
System.out.println("Permission to initiate " +
if (DEBUG != null) {
DEBUG.println("Permission to initiate " +
"kerberos init credential" + e.getMessage());
}
throw e;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,7 +31,6 @@ import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.GSSCaller;
@ -47,9 +46,6 @@ import sun.security.krb5.PrincipalName;
*/
public class Krb5Util {
static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.debug");
/**
* Default constructor
*/

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,8 @@ import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This utility looks through the current Subject and retrieves private
* credentials for the desired client/server principals.
@ -49,8 +51,6 @@ import javax.security.auth.kerberos.KeyTab;
class SubjectComber {
private static final boolean DEBUG = Krb5Util.DEBUG;
/**
* Default constructor
*/
@ -114,8 +114,8 @@ class SubjectComber {
}
}
// Check passed, we can add now
if (DEBUG) {
System.out.println("Found " + credClass.getSimpleName()
if (DEBUG != null) {
DEBUG.println("Found " + credClass.getSimpleName()
+ " " + t);
}
if (oneOnly) {
@ -132,8 +132,8 @@ class SubjectComber {
KerberosKey t = iterator.next();
String name = t.getPrincipal().getName();
if (serverPrincipal == null || serverPrincipal.equals(name)) {
if (DEBUG) {
System.out.println("Found " +
if (DEBUG != null) {
DEBUG.println("Found " +
credClass.getSimpleName() + " for " + name);
}
if (oneOnly) {
@ -155,8 +155,8 @@ class SubjectComber {
KerberosTicket ticket)) {
continue;
}
if (DEBUG) {
System.out.println("Found ticket for "
if (DEBUG != null) {
DEBUG.println("Found ticket for "
+ ticket.getClient()
+ " to go to "
+ ticket.getServer()
@ -171,15 +171,15 @@ class SubjectComber {
iterator.remove();
try {
ticket.destroy();
if (DEBUG) {
System.out.println("Removed and destroyed "
if (DEBUG != null) {
DEBUG.println("Removed and destroyed "
+ "the expired Ticket \n"
+ ticket);
}
} catch (DestroyFailedException dfe) {
if (DEBUG) {
System.out.println("Expired ticket not" +
if (DEBUG != null) {
DEBUG.println("Expired ticket not" +
" destroyed successfully. " + dfe);
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,8 @@ import sun.security.util.*;
import java.io.IOException;
import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
/**
* Implements the SPNEGO NegTokenInit token
* as specified in RFC 2478
@ -116,8 +118,8 @@ public class NegTokenInit extends SpNegoToken {
// mechListMIC with CONTEXT 03
if (mechListMIC != null) {
if (DEBUG) {
System.out.println("SpNegoToken NegTokenInit: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenInit: " +
"sending MechListMIC");
}
DerOutputStream mic = new DerOutputStream();
@ -163,8 +165,8 @@ public class NegTokenInit extends SpNegoToken {
ObjectIdentifier mech;
for (int i = 0; i < mList.length; i++) {
mech = mList[i].getOID();
if (DEBUG) {
System.out.println("SpNegoToken NegTokenInit: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenInit: " +
"reading Mechanism Oid = " + mech);
}
mechTypeList[i] = new Oid(mech.toString());
@ -174,8 +176,8 @@ public class NegTokenInit extends SpNegoToken {
// received reqFlags, skip it
} else if (tmp2.isContextSpecific((byte)0x02)) {
lastField = checkNextField(lastField, 2);
if (DEBUG) {
System.out.println("SpNegoToken NegTokenInit: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenInit: " +
"reading Mech Token");
}
mechToken = tmp2.data.getOctetString();
@ -183,8 +185,8 @@ public class NegTokenInit extends SpNegoToken {
lastField = checkNextField(lastField, 3);
if (!GSSUtil.useMSInterop()) {
mechListMIC = tmp2.data.getOctetString();
if (DEBUG) {
System.out.println("SpNegoToken NegTokenInit: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenInit: " +
"MechListMIC Token = " +
getHexBytes(mechListMIC));
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,8 @@ import org.ietf.jgss.*;
import sun.security.jgss.*;
import sun.security.util.*;
import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
/**
* Implements the SPNEGO NegTokenTarg token
* as specified in RFC 2478
@ -103,8 +105,8 @@ public class NegTokenTarg extends SpNegoToken {
// mechListMIC with CONTEXT 03
if (mechListMIC != null) {
if (DEBUG) {
System.out.println("SpNegoToken NegTokenTarg: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenTarg: " +
"sending MechListMIC");
}
DerOutputStream mic = new DerOutputStream();
@ -141,16 +143,16 @@ public class NegTokenTarg extends SpNegoToken {
if (tmp2.isContextSpecific((byte)0x00)) {
lastField = checkNextField(lastField, 0);
negResult = tmp2.data.getEnumerated();
if (DEBUG) {
System.out.println("SpNegoToken NegTokenTarg: negotiated" +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenTarg: negotiated" +
" result = " + getNegoResultString(negResult));
}
} else if (tmp2.isContextSpecific((byte)0x01)) {
lastField = checkNextField(lastField, 1);
ObjectIdentifier mech = tmp2.data.getOID();
supportedMech = new Oid(mech.toString());
if (DEBUG) {
System.out.println("SpNegoToken NegTokenTarg: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenTarg: " +
"supported mechanism = " + supportedMech);
}
} else if (tmp2.isContextSpecific((byte)0x02)) {
@ -160,8 +162,8 @@ public class NegTokenTarg extends SpNegoToken {
lastField = checkNextField(lastField, 3);
if (!GSSUtil.useMSInterop()) {
mechListMIC = tmp2.data.getOctetString();
if (DEBUG) {
System.out.println("SpNegoToken NegTokenTarg: " +
if (DEBUG != null) {
DEBUG.println("SpNegoToken NegTokenTarg: " +
"MechListMIC Token = " +
getHexBytes(mechListMIC));
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@ import java.util.Objects;
import org.ietf.jgss.*;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
import sun.security.jgss.*;
import sun.security.jgss.spi.*;
import sun.security.util.*;
@ -84,8 +85,8 @@ public class SpNegoContext implements GSSContextSpi {
private final SpNegoMechFactory factory;
// debug property
static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.spnego.debug");
static final Debug DEBUG = Debug.of("spnego", GetPropertyAction
.privilegedGetProperty("sun.security.spnego.debug"));
/**
* Constructor for SpNegoContext to be called on the context initiator's
@ -294,8 +295,8 @@ public class SpNegoContext implements GSSContextSpi {
byte[] mechToken = null;
int errorCode = GSSException.FAILURE;
if (DEBUG) {
System.out.println("Entered SpNego.initSecContext with " +
if (DEBUG != null) {
DEBUG.println("Entered SpNego.initSecContext with " +
"state=" + printState(state));
}
if (!isInitiator()) {
@ -323,8 +324,8 @@ public class SpNegoContext implements GSSContextSpi {
// generate SPNEGO token
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
mechToken, null);
if (DEBUG) {
System.out.println("SpNegoContext.initSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.initSecContext: " +
"sending token of type = " +
SpNegoToken.getTokenName(initToken.getType()));
}
@ -342,8 +343,8 @@ public class SpNegoContext implements GSSContextSpi {
errorCode = GSSException.DEFECTIVE_TOKEN;
byte[] server_token = new byte[is.available()];
SpNegoToken.readFully(is, server_token);
if (DEBUG) {
System.out.println("SpNegoContext.initSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.initSecContext: " +
"process received token = " +
SpNegoToken.getHexBytes(server_token));
}
@ -352,8 +353,8 @@ public class SpNegoContext implements GSSContextSpi {
// token will be validated when parsing
NegTokenTarg targToken = new NegTokenTarg(server_token);
if (DEBUG) {
System.out.println("SpNegoContext.initSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.initSecContext: " +
"received token of type = " +
SpNegoToken.getTokenName(targToken.getType()));
}
@ -421,8 +422,8 @@ public class SpNegoContext implements GSSContextSpi {
if (isMechContextEstablished()) {
state = STATE_DONE;
retVal = mechToken;
if (DEBUG) {
System.out.println("SPNEGO Negotiated Mechanism = "
if (DEBUG != null) {
DEBUG.println("SPNEGO Negotiated Mechanism = "
+ internal_mech + " " +
GSSUtil.getMechStr(internal_mech));
}
@ -430,8 +431,8 @@ public class SpNegoContext implements GSSContextSpi {
// generate SPNEGO token
initToken = new NegTokenInit(null, null,
mechToken, null);
if (DEBUG) {
System.out.println("SpNegoContext.initSecContext:" +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.initSecContext:" +
" continue sending token of type = " +
SpNegoToken.getTokenName(initToken.getType()));
}
@ -442,13 +443,13 @@ public class SpNegoContext implements GSSContextSpi {
} else {
// XXX Use logging API
if (DEBUG) {
System.out.println(state);
if (DEBUG != null) {
DEBUG.println("state is " + state);
}
}
if (DEBUG) {
if (DEBUG != null) {
if (retVal != null) {
System.out.println("SNegoContext.initSecContext: " +
DEBUG.println("SNegoContext.initSecContext: " +
"sending token = " + SpNegoToken.getHexBytes(retVal));
}
}
@ -488,8 +489,8 @@ public class SpNegoContext implements GSSContextSpi {
SpNegoToken.NegoResult negoResult;
boolean valid = true;
if (DEBUG) {
System.out.println("Entered SpNegoContext.acceptSecContext with " +
if (DEBUG != null) {
DEBUG.println("Entered SpNegoContext.acceptSecContext with " +
"state=" + printState(state));
}
@ -505,8 +506,8 @@ public class SpNegoContext implements GSSContextSpi {
// read data
byte[] token = new byte[is.available()];
SpNegoToken.readFully(is, token);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"receiving token = " +
SpNegoToken.getHexBytes(token));
}
@ -515,8 +516,8 @@ public class SpNegoContext implements GSSContextSpi {
// token will be validated when parsing
NegTokenInit initToken = new NegTokenInit(token);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"received token of type = " +
SpNegoToken.getTokenName(initToken.getType()));
}
@ -548,8 +549,8 @@ public class SpNegoContext implements GSSContextSpi {
(GSSUtil.isKerberosMech(mechList[0]) &&
GSSUtil.isKerberosMech(mech_wanted))) {
// get the mechanism token
if (DEBUG && !mech_wanted.equals(mechList[0])) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null && !mech_wanted.equals(mechList[0])) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"negotiated mech adjusted to " + mechList[0]);
}
byte[] mechToken = initToken.getMechToken();
@ -577,8 +578,8 @@ public class SpNegoContext implements GSSContextSpi {
// now set the context flags for acceptor
setContextFlags();
// print the negotiated mech info
if (DEBUG) {
System.out.println("SPNEGO Negotiated Mechanism = "
if (DEBUG != null) {
DEBUG.println("SPNEGO Negotiated Mechanism = "
+ internal_mech + " " +
GSSUtil.getMechStr(internal_mech));
}
@ -591,18 +592,18 @@ public class SpNegoContext implements GSSContextSpi {
throw new GSSException(GSSException.FAILURE);
}
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"mechanism wanted = " + mech_wanted);
System.out.println("SpNegoContext.acceptSecContext: " +
DEBUG.println("SpNegoContext.acceptSecContext: " +
"negotiated result = " + negoResult);
}
// generate SPNEGO token
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
mech_wanted, accept_token, null);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"sending token of type = " +
SpNegoToken.getTokenName(targToken.getType()));
}
@ -613,8 +614,8 @@ public class SpNegoContext implements GSSContextSpi {
// read data
byte[] token = new byte[is.available()];
SpNegoToken.readFully(is, token);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"receiving token = " +
SpNegoToken.getHexBytes(token));
}
@ -623,8 +624,8 @@ public class SpNegoContext implements GSSContextSpi {
// token will be validated when parsing
NegTokenTarg inputToken = new NegTokenTarg(token);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"received token of type = " +
SpNegoToken.getTokenName(inputToken.getType()));
}
@ -653,8 +654,8 @@ public class SpNegoContext implements GSSContextSpi {
// generate SPNEGO token
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
null, accept_token, null);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"sending token of type = " +
SpNegoToken.getTokenName(targToken.getType()));
}
@ -663,12 +664,12 @@ public class SpNegoContext implements GSSContextSpi {
} else {
// XXX Use logging API
if (DEBUG) {
System.out.println("AcceptSecContext: state = " + state);
if (DEBUG != null) {
DEBUG.println("AcceptSecContext: state = " + state);
}
}
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext.acceptSecContext: " +
"sending token = " + SpNegoToken.getHexBytes(retVal));
}
} catch (IOException e) {
@ -768,16 +769,16 @@ public class SpNegoContext implements GSSContextSpi {
// sanity check the required input
if (mechTypes == null) {
if (DEBUG) {
System.out.println("SpNegoContext: no MIC token included");
if (DEBUG != null) {
DEBUG.println("SpNegoContext: no MIC token included");
}
return null;
}
// check if mechanism supports integrity
if (!mechContext.getIntegState()) {
if (DEBUG) {
System.out.println("SpNegoContext: no MIC token included" +
if (DEBUG != null) {
DEBUG.println("SpNegoContext: no MIC token included" +
" - mechanism does not support integrity");
}
return null;
@ -788,14 +789,14 @@ public class SpNegoContext implements GSSContextSpi {
try {
MessageProp prop = new MessageProp(0, true);
mic = getMIC(mechTypes, 0, mechTypes.length, prop);
if (DEBUG) {
System.out.println("SpNegoContext: getMIC = " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext: getMIC = " +
SpNegoToken.getHexBytes(mic));
}
} catch (GSSException e) {
mic = null;
if (DEBUG) {
System.out.println("SpNegoContext: no MIC token included" +
if (DEBUG != null) {
DEBUG.println("SpNegoContext: no MIC token included" +
" - getMIC failed : " + e.getMessage());
}
}
@ -810,16 +811,16 @@ public class SpNegoContext implements GSSContextSpi {
// sanity check the input
if (token == null) {
if (DEBUG) {
System.out.println("SpNegoContext: no MIC token validation");
if (DEBUG != null) {
DEBUG.println("SpNegoContext: no MIC token validation");
}
return true;
}
// check if mechanism supports integrity
if (!mechContext.getIntegState()) {
if (DEBUG) {
System.out.println("SpNegoContext: no MIC token validation" +
if (DEBUG != null) {
DEBUG.println("SpNegoContext: no MIC token validation" +
" - mechanism does not support integrity");
}
return true;
@ -834,8 +835,8 @@ public class SpNegoContext implements GSSContextSpi {
valid = true;
} catch (GSSException e) {
valid = false;
if (DEBUG) {
System.out.println("SpNegoContext: MIC validation failed! " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext: MIC validation failed! " +
e.getMessage());
}
}
@ -921,8 +922,8 @@ public class SpNegoContext implements GSSContextSpi {
for (int i = 0; i < supported_mechSet.length; i++) {
for (int j = 0; j < mechSet.length; j++) {
if (mechSet[j].equals(supported_mechSet[i])) {
if (DEBUG) {
System.out.println("SpNegoContext: " +
if (DEBUG != null) {
DEBUG.println("SpNegoContext: " +
"negotiated mechanism = " + mechSet[j]);
}
return (mechSet[j]);
@ -940,8 +941,8 @@ public class SpNegoContext implements GSSContextSpi {
if (mechContext != null) {
return mechContext.isEstablished();
} else {
if (DEBUG) {
System.out.println("The underlying mechanism context has " +
if (DEBUG != null) {
DEBUG.println("The underlying mechanism context has " +
"not been initialized");
}
return false;
@ -1053,8 +1054,8 @@ public class SpNegoContext implements GSSContextSpi {
peerName = targName.getElement(internal_mech);
return peerName;
} else {
if (DEBUG) {
System.out.println("The underlying mechanism context has " +
if (DEBUG != null) {
DEBUG.println("The underlying mechanism context has " +
"not been initialized");
}
return null;
@ -1069,8 +1070,8 @@ public class SpNegoContext implements GSSContextSpi {
myName = srcName.getElement(internal_mech);
return myName;
} else {
if (DEBUG) {
System.out.println("The underlying mechanism context has " +
if (DEBUG != null) {
DEBUG.println("The underlying mechanism context has " +
"not been initialized");
}
return null;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -59,9 +59,6 @@ abstract class SpNegoToken extends GSSToken {
private final int tokenType;
// property
static final boolean DEBUG = SpNegoContext.DEBUG;
/**
* The object identifier corresponding to the SPNEGO GSS-API
* mechanism.

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -65,7 +65,7 @@ public final class SunNativeProvider extends Provider {
if (message == null) {
throw new NullPointerException();
}
System.out.println(NAME + ": " + message);
System.err.println(NAME + ": " + message);
}
@SuppressWarnings("removal")

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -73,8 +73,6 @@ public class Checksum {
// draft-brezak-win2k-krb-rc4-hmac-04.txt
public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138;
private static boolean DEBUG = Krb5.DEBUG;
/**
* Constructs a new Checksum using the raw data and type.
*

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -51,6 +51,8 @@ import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.Krb5;
import sun.security.util.SecurityProperties;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class maintains key-value pairs of Kerberos configurable constants
* from configuration file or from user specified system properties.
@ -103,8 +105,6 @@ public class Config {
*/
private Hashtable<String,Object> stanzaTable = new Hashtable<>();
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
// these are used for hexadecimal calculation.
private static final int BASE16_0 = 1;
private static final int BASE16_1 = 16;
@ -213,16 +213,16 @@ public class Config {
if (fileName != null) {
configFile = loadConfigFile(fileName);
stanzaTable = parseStanzaTable(configFile);
if (DEBUG) {
System.out.println("Loaded from Java config");
if (DEBUG != null) {
DEBUG.println("Loaded from Java config");
}
} else {
boolean found = false;
if (isMacosLionOrBetter()) {
try {
stanzaTable = SCDynamicStoreConfig.getConfig();
if (DEBUG) {
System.out.println("Loaded from SCDynamicStoreConfig");
if (DEBUG != null) {
DEBUG.println("Loaded from SCDynamicStoreConfig");
}
found = true;
} catch (IOException ioe) {
@ -233,15 +233,15 @@ public class Config {
fileName = getNativeFileName();
configFile = loadConfigFile(fileName);
stanzaTable = parseStanzaTable(configFile);
if (DEBUG) {
System.out.println("Loaded from native config");
if (DEBUG != null) {
DEBUG.println("Loaded from native config");
}
}
}
} catch (IOException ioe) {
if (DEBUG) {
System.out.println("Exception thrown in loading config:");
ioe.printStackTrace(System.out);
if (DEBUG != null) {
DEBUG.println("Exception thrown in loading config:");
ioe.printStackTrace(DEBUG.getPrintStream());
}
throw new KrbException("krb5.conf loading failed");
}
@ -440,11 +440,11 @@ public class Config {
try {
value = parseIntValue(result);
} catch (NumberFormatException e) {
if (DEBUG) {
System.out.println("Exception in getting value of " +
if (DEBUG != null) {
DEBUG.println("Exception in getting value of " +
Arrays.toString(keys) + ": " +
e.getMessage());
System.out.println("Setting " + Arrays.toString(keys) +
DEBUG.println("Setting " + Arrays.toString(keys) +
" to minimum value");
}
value = Integer.MIN_VALUE;
@ -584,8 +584,8 @@ public class Config {
Path file, List<String> content, Set<Path> dups)
throws IOException {
if (DEBUG) {
System.out.println("Loading krb5 profile at " + file);
if (DEBUG != null) {
DEBUG.println("Loading krb5 profile at " + file);
}
if (!file.isAbsolute()) {
throw new IOException("Profile path not absolute");
@ -628,8 +628,8 @@ public class Config {
content, dups);
} else {
// Unsupported directives
if (DEBUG) {
System.out.println("Unknown directive: " + line);
if (DEBUG != null) {
DEBUG.println("Unknown directive: " + line);
}
}
} else {
@ -670,8 +670,8 @@ public class Config {
private List<String> loadConfigFile(final String fileName)
throws IOException, KrbException {
if (DEBUG) {
System.out.println("Loading config file from " + fileName);
if (DEBUG != null) {
DEBUG.println("Loading config file from " + fileName);
}
List<String> result = new ArrayList<>();
List<String> raw = new ArrayList<>();
@ -783,8 +783,8 @@ public class Config {
throws KrbException {
Hashtable<String,Object> current = stanzaTable;
for (String line: v) {
if (DEBUG) {
System.out.println(line);
if (DEBUG != null) {
DEBUG.println(line);
}
// There are only 3 kinds of lines
// 1. a = b
@ -872,8 +872,8 @@ public class Config {
name = null;
}
}
if (DEBUG) {
System.out.println("Java config name: " + name);
if (DEBUG != null) {
DEBUG.println("Java config name: " + name);
}
return name;
}
@ -935,8 +935,8 @@ public class Config {
} else {
name = "/etc/krb5.conf";
}
if (DEBUG) {
System.out.println("Native config name: " + name);
if (DEBUG != null) {
DEBUG.println("Native config name: " + name);
}
return name;
}
@ -984,21 +984,21 @@ public class Config {
String default_enctypes;
default_enctypes = get("libdefaults", configName);
if (default_enctypes == null && !configName.equals("permitted_enctypes")) {
if (DEBUG) {
System.out.println("Getting permitted_enctypes from libdefaults");
if (DEBUG != null) {
DEBUG.println("Getting permitted_enctypes from libdefaults");
}
default_enctypes = get("libdefaults", "permitted_enctypes");
}
int[] etype;
if (default_enctypes == null) {
if (DEBUG) {
System.out.println("default_enctypes were null, using builtin default etypes for configuration " +
if (DEBUG != null) {
DEBUG.println("default_enctypes were null, using builtin default etypes for configuration " +
configName);
}
etype = EType.getBuiltInDefaults();
} else {
if (DEBUG) {
System.out.println("default_enctypes:" + default_enctypes);
if (DEBUG != null) {
DEBUG.println("default_enctypes:" + default_enctypes);
}
String delim = " ";
StringTokenizer st;
@ -1032,12 +1032,13 @@ public class Config {
}
}
if (DEBUG) {
System.out.print("default etypes for " + configName + ":");
if (DEBUG != null) {
String s = "default etypes for " + configName + ":";
for (int i = 0; i < etype.length; i++) {
System.out.print(" " + etype[i]);
s += " " + etype[i];
}
System.out.println(".");
s += ".";
DEBUG.println(s);
}
return etype;
}
@ -1135,8 +1136,8 @@ public class Config {
* This method was useless. Kept here in case some class still calls it.
*/
public void resetDefaultRealm(String realm) {
if (DEBUG) {
System.out.println(">>> Config try resetting default kdc " + realm);
if (DEBUG != null) {
DEBUG.println(">>> Config try resetting default kdc " + realm);
}
}
@ -1319,8 +1320,8 @@ public class Config {
* @return the realm if correct, or null otherwise
*/
private static String checkRealm(String mapRealm) {
if (DEBUG) {
System.out.println("getRealmFromDNS: trying " + mapRealm);
if (DEBUG != null) {
DEBUG.println("getRealmFromDNS: trying " + mapRealm);
}
String[] records = null;
String newRealm = mapRealm;
@ -1351,14 +1352,14 @@ public class Config {
String kdcs = "";
String[] srvs = null;
// locate DNS SRV record using UDP
if (DEBUG) {
System.out.println("getKDCFromDNS using UDP");
if (DEBUG != null) {
DEBUG.println("getKDCFromDNS using UDP");
}
srvs = KrbServiceLocator.getKerberosService(realm, "_udp");
if (srvs == null) {
// locate DNS SRV record using TCP
if (DEBUG) {
System.out.println("getKDCFromDNS using TCP");
if (DEBUG != null) {
DEBUG.println("getKDCFromDNS using TCP");
}
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -41,6 +41,8 @@ import java.io.IOException;
import java.util.Date;
import java.net.InetAddress;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates the concept of a Kerberos service
* credential. That includes a Kerberos ticket and an associated
@ -61,7 +63,6 @@ public class Credentials {
KerberosTime renewTill;
HostAddresses cAddr;
AuthorizationData authzData;
private static boolean DEBUG = Krb5.DEBUG;
static boolean alreadyLoaded = false;
private static boolean alreadyTried = false;
@ -240,8 +241,8 @@ public class Credentials {
try {
retVal = ticket.asn1Encode();
} catch (Asn1Exception | IOException e) {
if (DEBUG) {
System.out.println(e);
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
}
return retVal;
@ -330,21 +331,21 @@ public class Credentials {
OperatingSystem.isMacOS()) {
Credentials creds = acquireDefaultCreds();
if (creds == null) {
if (DEBUG) {
System.out.println(">>> Found no TGT's in native ccache");
if (DEBUG != null) {
DEBUG.println(">>> Found no TGT's in native ccache");
}
return null;
}
if (princ != null) {
if (creds.getClient().equals(princ)) {
if (DEBUG) {
System.out.println(">>> Obtained TGT from native ccache: "
if (DEBUG != null) {
DEBUG.println(">>> Obtained TGT from native ccache: "
+ creds);
}
return creds;
} else {
if (DEBUG) {
System.out.println(">>> native ccache contains TGT for "
if (DEBUG != null) {
DEBUG.println(">>> native ccache contains TGT for "
+ creds.getClient()
+ " not "
+ princ);
@ -352,8 +353,8 @@ public class Credentials {
return null;
}
} else {
if (DEBUG) {
System.out.println(">>> Obtained TGT from native ccache: "
if (DEBUG != null) {
DEBUG.println(">>> Obtained TGT from native ccache: "
+ creds);
}
return creds;
@ -381,8 +382,8 @@ public class Credentials {
if (EType.isSupported(tgtCred.key.getEType())) {
return tgtCred;
} else {
if (DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>> unsupported key type found the default TGT: " +
tgtCred.key.getEType());
}
@ -420,15 +421,15 @@ public class Credentials {
if (cache != null) {
Credentials temp = cache.getInitialCreds();
if (temp != null) {
if (DEBUG) {
System.out.println(">>> KrbCreds found the default ticket"
if (DEBUG != null) {
DEBUG.println(">>> KrbCreds found the default ticket"
+ " granting ticket in credential cache.");
}
if (EType.isSupported(temp.key.getEType())) {
result = temp;
} else {
if (DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>> unsupported key type found the default TGT: " +
temp.key.getEType());
}
@ -444,8 +445,8 @@ public class Credentials {
try {
ensureLoaded();
} catch (Exception e) {
if (DEBUG) {
System.out.println("Can not load native ccache library");
if (DEBUG != null) {
DEBUG.println("Can not load native ccache library");
e.printStackTrace();
}
alreadyTried = true;
@ -453,8 +454,8 @@ public class Credentials {
}
if (alreadyLoaded) {
// There is some native code
if (DEBUG) {
System.out.println(">> Acquire default native Credentials");
if (DEBUG != null) {
DEBUG.println(">> Acquire default native Credentials");
}
try {
result = acquireDefaultNativeCreds(
@ -507,19 +508,19 @@ public class Credentials {
* Prints out debug info.
*/
public static void printDebug(Credentials c) {
System.out.println(">>> DEBUG: ----Credentials----");
System.out.println("\tclient: " + c.client.toString());
DEBUG.println(">>> DEBUG: ----Credentials----");
DEBUG.println("\tclient: " + c.client.toString());
if (c.clientAlias != null)
System.out.println("\tclient alias: " + c.clientAlias.toString());
System.out.println("\tserver: " + c.server.toString());
DEBUG.println("\tclient alias: " + c.clientAlias.toString());
DEBUG.println("\tserver: " + c.server.toString());
if (c.serverAlias != null)
System.out.println("\tserver alias: " + c.serverAlias.toString());
System.out.println("\tticket: sname: " + c.ticket.sname.toString());
DEBUG.println("\tserver alias: " + c.serverAlias.toString());
DEBUG.println("\tticket: sname: " + c.ticket.sname.toString());
if (c.startTime != null) {
System.out.println("\tstartTime: " + c.startTime.getTime());
DEBUG.println("\tstartTime: " + c.startTime.getTime());
}
System.out.println("\tendTime: " + c.endTime.getTime());
System.out.println(" ----Credentials end----");
DEBUG.println("\tendTime: " + c.endTime.getTime());
DEBUG.println(" ----Credentials end----");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,6 +42,8 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates the concept of an EncryptionKey. An encryption
* key is defined in RFC 4120 as:
@ -74,8 +76,6 @@ public class EncryptionKey
private byte[] keyValue;
private Integer kvno; // not part of ASN1 encoding;
private static final boolean DEBUG = Krb5.DEBUG;
public synchronized int getEType() {
return keyType;
}
@ -186,8 +186,8 @@ public class EncryptionKey
stringToKey(password, salt, null, etypes[i]),
etypes[i], null);
} else {
if (DEBUG) {
System.out.println("Encryption Type " +
if (DEBUG != null) {
DEBUG.println("Encryption Type " +
EType.toString(etypes[i]) +
" is not supported/enabled");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -49,6 +49,8 @@ import java.util.HashSet;
import java.util.Iterator;
import sun.security.krb5.internal.KRBError;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* KDC-REQ/KDC-REP communication. No more base class for KrbAsReq and
* KrbTgsReq. This class is now communication only.
@ -72,8 +74,6 @@ public final class KdcComm {
*/
private static int defaultUdpPrefLimit;
private static final boolean DEBUG = Krb5.DEBUG;
/**
* What to do when a KDC is unavailable, specified in the
* java.security file with key krb5.kdc.bad.policy.
@ -118,8 +118,8 @@ public final class KdcComm {
} catch (NumberFormatException nfe) {
// Ignored. Please note that tryLess is recognized and
// used, parameters using default values
if (DEBUG) {
System.out.println("Invalid krb5.kdc.bad.policy" +
if (DEBUG != null) {
DEBUG.println("Invalid krb5.kdc.bad.policy" +
" parameter for tryLess: " +
value + ", use default");
}
@ -151,8 +151,8 @@ public final class KdcComm {
udp_pref_limit = parsePositiveIntString(temp);
} catch (Exception exc) {
// ignore any exceptions; use default values
if (DEBUG) {
System.out.println ("Exception in getting KDC communication " +
if (DEBUG != null) {
DEBUG.println ("Exception in getting KDC communication " +
"settings, using default value " +
exc.getMessage());
}
@ -276,10 +276,10 @@ public final class KdcComm {
KdcAccessibility.removeBad(tempKdc);
return ibuf;
} catch(Exception e) {
if (DEBUG) {
System.out.println(">>> KrbKdcReq send: error trying " +
if (DEBUG != null) {
DEBUG.println(">>> KrbKdcReq send: error trying " +
tempKdc);
e.printStackTrace(System.out);
e.printStackTrace(DEBUG.getPrintStream());
}
KdcAccessibility.addBad(tempKdc);
throw e;
@ -345,8 +345,8 @@ public final class KdcComm {
}
byte[] obuf = req.encoding();
if (DEBUG) {
System.out.println(">>> KrbKdcReq send: kdc=" + kdc
if (DEBUG != null) {
DEBUG.println(">>> KrbKdcReq send: kdc=" + kdc
+ (useTCP ? " TCP:":" UDP:")
+ port + ", timeout="
+ timeout
@ -360,8 +360,8 @@ public final class KdcComm {
try {
@SuppressWarnings("removal")
byte[] ibuf = AccessController.doPrivileged(kdcCommunication);
if (DEBUG) {
System.out.println(">>> KrbKdcReq send: #bytes read="
if (DEBUG != null) {
DEBUG.println(">>> KrbKdcReq send: #bytes read="
+ (ibuf != null ? ibuf.length : 0));
}
return ibuf;
@ -404,8 +404,8 @@ public final class KdcComm {
for (int i=1; i <= retries; i++) {
String proto = useTCP?"TCP":"UDP";
if (DEBUG) {
System.out.println(">>> KDCCommunication: kdc=" + kdc
if (DEBUG != null) {
DEBUG.println(">>> KDCCommunication: kdc=" + kdc
+ " " + proto + ":"
+ port + ", timeout="
+ timeout
@ -418,8 +418,8 @@ public final class KdcComm {
ibuf = kdcClient.receive();
break;
} catch (SocketTimeoutException se) {
if (DEBUG) {
System.out.println ("SocketTimeOutException with " +
if (DEBUG != null) {
DEBUG.println ("SocketTimeOutException with " +
"attempt: " + i);
}
if (i == retries) {
@ -518,15 +518,15 @@ public final class KdcComm {
private static Set<String> bads = new HashSet<>();
private static synchronized void addBad(String kdc) {
if (DEBUG) {
System.out.println(">>> KdcAccessibility: add " + kdc);
if (DEBUG != null) {
DEBUG.println(">>> KdcAccessibility: add " + kdc);
}
bads.add(kdc);
}
private static synchronized void removeBad(String kdc) {
if (DEBUG) {
System.out.println(">>> KdcAccessibility: remove " + kdc);
if (DEBUG != null) {
DEBUG.println(">>> KdcAccessibility: remove " + kdc);
}
bads.remove(kdc);
}
@ -536,8 +536,8 @@ public final class KdcComm {
}
private static synchronized void reset() {
if (DEBUG) {
System.out.println(">>> KdcAccessibility: reset");
if (DEBUG != null) {
DEBUG.println(">>> KdcAccessibility: reset");
}
bads.clear();
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,6 +42,8 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import sun.security.krb5.internal.rcache.AuthTimeWithHash;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates a KRB-AP-REQ that a client sends to a
* server for authentication.
@ -57,7 +59,6 @@ public class KrbApReq {
// Used by acceptor side
private static ReplayCache rcache = ReplayCache.getInstance();
private static boolean DEBUG = Krb5.DEBUG;
private static final char[] hexConst = "0123456789ABCDEF".toCharArray();
/**
@ -109,8 +110,8 @@ public class KrbApReq {
APOptions apOptions = (mutualRequired?
new APOptions(Krb5.AP_OPTS_MUTUAL_REQUIRED):
new APOptions());
if (DEBUG)
System.out.println(">>> KrbApReq: APOptions are " + apOptions);
if (DEBUG != null)
DEBUG.println(">>> KrbApReq: APOptions are " + apOptions);
EncryptionKey subKey = (useSubKey?
new EncryptionKey(tgsCred.getSessionKey()):
@ -329,8 +330,8 @@ public class KrbApReq {
HostAddress sender = new HostAddress(initiator);
if (enc_ticketPart.caddr != null
&& !enc_ticketPart.caddr.inList(sender)) {
if (DEBUG) {
System.out.println(">>> KrbApReq: initiator is "
if (DEBUG != null) {
DEBUG.println(">>> KrbApReq: initiator is "
+ sender.getInetAddress()
+ ", but caddr is "
+ Arrays.toString(
@ -374,8 +375,8 @@ public class KrbApReq {
enc_ticketPart.renewTill,
enc_ticketPart.caddr,
enc_ticketPart.authorizationData);
if (DEBUG) {
System.out.println(">>> KrbApReq: authenticate succeed.");
if (DEBUG != null) {
DEBUG.println(">>> KrbApReq: authenticate succeed.");
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -40,6 +40,8 @@ import java.util.Objects;
import javax.security.auth.kerberos.KeyTab;
import sun.security.jgss.krb5.Krb5Util;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates a AS-REP message that the KDC sends to the
* client.
@ -51,8 +53,6 @@ final class KrbAsRep extends KrbKdcRep {
// message, created by initiator after calling
// the decrypt() method
private boolean DEBUG = Krb5.DEBUG;
KrbAsRep(byte[] ibuf) throws
KrbException, Asn1Exception, IOException {
DerValue encoding = new DerValue(ibuf);
@ -75,8 +75,8 @@ final class KrbAsRep extends KrbKdcRep {
// no text sent from server
ke = new KrbException(err);
} else {
if (DEBUG) {
System.out.println("KRBError received: " + eText);
if (DEBUG != null) {
DEBUG.println("KRBError received: " + eText);
}
// override default text with server text
ke = new KrbException(err, eText);
@ -175,8 +175,8 @@ final class KrbAsRep extends KrbKdcRep {
enc_part.endtime,
enc_part.renewTill,
enc_part.caddr);
if (DEBUG) {
System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
if (DEBUG != null) {
DEBUG.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
req.reqBody.cname.getNameString());
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,6 +38,8 @@ import java.io.IOException;
import java.time.Instant;
import java.util.Arrays;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates the KRB-AS-REQ message that the client
* sends to the KDC.
@ -45,8 +47,6 @@ import java.util.Arrays;
public class KrbAsReq extends KrbKdcReq {
private ASReq asReqMessg;
private boolean DEBUG = Krb5.DEBUG;
/**
* Constructs an AS-REQ message.
*/
@ -110,8 +110,8 @@ public class KrbAsReq extends KrbKdcReq {
"default realm not specified ");
}
if (DEBUG) {
System.out.println(">>> KrbAsReq creating message");
if (DEBUG != null) {
DEBUG.println(">>> KrbAsReq creating message");
}
Config cfg = Config.getInstance();

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,6 +37,8 @@ import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.PAData;
import sun.security.krb5.internal.crypto.EType;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* A manager class for AS-REQ communications.
*
@ -348,8 +350,8 @@ public final class KrbAsReqBuilder {
if (!preAuthFailedOnce && (
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
if (Krb5.DEBUG) {
System.out.println("KrbAsReqBuilder: " +
if (DEBUG != null) {
DEBUG.println("KrbAsReqBuilder: " +
"PREAUTH FAILED/REQ, re-send AS-REQ");
}
preAuthFailedOnce = true;
@ -403,8 +405,8 @@ public final class KrbAsReqBuilder {
.getBooleanObject("libdefaults", "canonicalize") ==
Boolean.TRUE;
} catch (KrbException e) {
if (Krb5.DEBUG) {
System.out.println("Exception in getting canonicalize," +
if (DEBUG != null) {
DEBUG.println("Exception in getting canonicalize," +
" using default value " +
Boolean.valueOf(canonicalizeConfig) + ": " +
e.getMessage());
@ -450,8 +452,8 @@ public final class KrbAsReqBuilder {
}
}
if (count < Config.MAX_REFERRALS && sendCanonicalize) {
if (Krb5.DEBUG) {
System.out.println("KrbAsReqBuilder: AS-REQ failed." +
if (DEBUG != null) {
DEBUG.println("KrbAsReqBuilder: AS-REQ failed." +
" Retrying with CANONICALIZE false.");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,6 +37,8 @@ import java.io.IOException;
import sun.security.util.DerValue;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class encapsulates the KRB-CRED message that a client uses to
* send its delegated credentials to a server.
@ -46,8 +48,6 @@ import sun.security.util.DerValue;
*/
public class KrbCred {
private static boolean DEBUG = Krb5.DEBUG;
private byte[] obuf = null;
private KRBCred credMessg = null;
private Ticket ticket = null;
@ -144,8 +144,8 @@ public class KrbCred {
PrincipalName sname = credInfo.sname;
HostAddresses caddr = credInfo.caddr;
if (DEBUG) {
System.out.println(">>>Delegated Creds have pname=" + pname
if (DEBUG != null) {
DEBUG.println(">>>Delegated Creds have pname=" + pname
+ " sname=" + sname
+ " authtime=" + authtime
+ " starttime=" + starttime

@ -34,6 +34,8 @@ import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import sun.security.util.DerInputStream;
import static sun.security.krb5.internal.Krb5.DEBUG;
abstract class KrbKdcRep {
static void check(
@ -86,8 +88,8 @@ abstract class KrbKdcRep {
for (int i = 2; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) !=
rep.encKDCRepPart.flags.get(i)) {
if (Krb5.DEBUG) {
System.out.println("> KrbKdcRep.check: at #" + i
if (DEBUG == null) {
DEBUG.println("> KrbKdcRep.check: at #" + i
+ ". request for " + req.reqBody.kdcOptions.get(i)
+ ", received " + rep.encKDCRepPart.flags.get(i));
}
@ -171,8 +173,8 @@ abstract class KrbKdcRep {
req.asn1Encode(), replyKey,
KeyUsage.KU_AS_REQ);
} catch (Exception e) {
if (Krb5.DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
}
break;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import static sun.security.krb5.internal.Krb5.DEBUG;
public class SCDynamicStoreConfig {
private static native void installNotificationCallback();
@ -42,7 +43,6 @@ public class SCDynamicStoreConfig {
* (realm kdc* null) null (mapping-domain mapping-realm)*
*/
private static native List<String> getKerberosConfig();
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
static {
@SuppressWarnings("removal")
@ -72,7 +72,7 @@ public class SCDynamicStoreConfig {
throw new IOException(
"Could not load configuration from SCDynamicStore");
}
if (DEBUG) System.out.println("Raw map from JNI: " + list);
if (DEBUG != null) DEBUG.println("Raw map from JNI: " + list);
Hashtable<String,Object> v = new Hashtable<>();
Hashtable<String,Object> realms = new Hashtable<>();

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,6 +37,8 @@ import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class is a utility that contains much of the TGS-Exchange
* protocol. It is used by ../Credentials.java for service ticket
@ -44,8 +46,6 @@ import java.util.List;
*/
public class CredentialsUtil {
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private static enum S4U2Type {
NONE, SELF, PROXY
}
@ -193,8 +193,8 @@ public class CredentialsUtil {
for (cTgt = localTGT, i = 0; i < realms.length;) {
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
if (DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>> Credentials acquireServiceCreds: main loop: ["
+ i +"] tempService=" + tempService);
}
@ -206,8 +206,8 @@ public class CredentialsUtil {
}
if (newTgt == null) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
if (DEBUG != null) {
DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "no tgt; searching thru capath");
}
@ -217,8 +217,8 @@ public class CredentialsUtil {
for (newTgt = null, k = i+1;
newTgt == null && k < realms.length; k++) {
tempService = PrincipalName.tgsService(realms[k], realms[i]);
if (DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>> Credentials acquireServiceCreds: "
+ "inner loop: [" + k
+ "] tempService=" + tempService);
@ -232,8 +232,8 @@ public class CredentialsUtil {
} // Ends 'if (newTgt == null)'
if (newTgt == null) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
if (DEBUG != null) {
DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "no tgt; cannot get creds");
}
break;
@ -245,16 +245,16 @@ public class CredentialsUtil {
*/
newTgtRealm = newTgt.getServer().getInstanceComponent();
if (okAsDelegate[0] && !newTgt.checkDelegate()) {
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: " +
if (DEBUG != null) {
DEBUG.println(">>> Credentials acquireServiceCreds: " +
"global OK-AS-DELEGATE turned off at " +
newTgt.getServer());
}
okAsDelegate[0] = false;
}
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
if (DEBUG != null) {
DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "got tgt");
}
@ -283,8 +283,8 @@ public class CredentialsUtil {
i = k;
cTgt = newTgt;
if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: "
if (DEBUG != null) {
DEBUG.println(">>> Credentials acquireServiceCreds: "
+ "continuing with main loop counter reset to " + i);
}
continue;
@ -453,10 +453,10 @@ public class CredentialsUtil {
String serviceRealm = refSname.getRealmString();
if (!serviceRealm.equals(tgtRealm)) {
// This is a cross-realm service request
if (DEBUG) {
System.out.println(">>> serviceCredsSingle:" +
if (DEBUG != null) {
DEBUG.println(">>> serviceCredsSingle:" +
" cross-realm authentication");
System.out.println(">>> serviceCredsSingle:" +
DEBUG.println(">>> serviceCredsSingle:" +
" obtaining credentials from " + tgtRealm +
" to " + serviceRealm);
}
@ -465,8 +465,8 @@ public class CredentialsUtil {
if (newTgt == null) {
throw new KrbException("No service creds");
}
if (DEBUG) {
System.out.println(">>> Cross-realm TGT Credentials" +
if (DEBUG != null) {
DEBUG.println(">>> Cross-realm TGT Credentials" +
" serviceCredsSingle: ");
Credentials.printDebug(newTgt);
}
@ -475,16 +475,16 @@ public class CredentialsUtil {
}
asCreds = newTgt;
cname = asCreds.getClient();
} else if (DEBUG) {
System.out.println(">>> Credentials serviceCredsSingle:" +
} else if (DEBUG != null) {
DEBUG.println(">>> Credentials serviceCredsSingle:" +
" same realm");
}
KrbTgsReq req = new KrbTgsReq(options, asCreds, cname, clientAlias,
refSname, sname, additionalCreds, extraPAs);
theCreds = req.sendAndGetCreds();
if (theCreds != null) {
if (DEBUG) {
System.out.println(">>> TGS credentials serviceCredsSingle:");
if (DEBUG != null) {
DEBUG.println(">>> TGS credentials serviceCredsSingle:");
Credentials.printDebug(theCreds);
}
if (!okAsDelegate[0]) {
@ -502,8 +502,8 @@ public class CredentialsUtil {
private static void handleS4U2SelfReferral(PAData[] pas,
PrincipalName user, Credentials newCreds)
throws Asn1Exception, KrbException, IOException {
if (DEBUG) {
System.out.println(">>> Handling S4U2Self referral");
if (DEBUG != null) {
DEBUG.println(">>> Handling S4U2Self referral");
}
for (int i = 0; i < pas.length; i++) {
PAData pa = pas[i];
@ -539,8 +539,8 @@ public class CredentialsUtil {
private static String handleS4U2ProxyReferral(Credentials asCreds,
Credentials[] credsInOut, PrincipalName sname)
throws KrbException, IOException {
if (DEBUG) {
System.out.println(">>> Handling S4U2Proxy referral");
if (DEBUG != null) {
DEBUG.println(">>> Handling S4U2Proxy referral");
}
Credentials refTGT = null;
// Get a credential for the middle service to the backend so we know

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,7 +31,6 @@
package sun.security.krb5.internal;
import sun.security.krb5.Config;
import sun.security.krb5.Asn1Exception;
import sun.security.util.*;
import java.net.InetAddress;
@ -41,6 +40,7 @@ import java.net.UnknownHostException;
import java.io.IOException;
import java.util.Arrays;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 HostAddress type.
*
@ -63,7 +63,6 @@ public class HostAddress implements Cloneable {
byte[] address = null;
private static InetAddress localInetAddress; //caches local inet address
private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private volatile int hashCode = 0;
private HostAddress(int dummy) {}
@ -191,10 +190,10 @@ public class HostAddress implements Cloneable {
if (new_address != null) {
address = new_address.clone();
}
if (DEBUG) {
if (DEBUG != null) {
if (addrType == Krb5.ADDRTYPE_INET ||
addrType == Krb5.ADDRTYPE_INET6) {
System.out.println("Host address is " +
DEBUG.println("Host address is " +
InetAddress.getByAddress(address));
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,6 +42,8 @@ import java.util.*;
import java.io.IOException;
import sun.security.krb5.internal.ccache.CCacheOutputStream;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 HostAddresses type.
*
@ -64,7 +66,6 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
*/
public class HostAddresses implements Cloneable {
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private HostAddress[] addresses = null;
private volatile int hashCode = 0;
@ -276,25 +277,25 @@ public class HostAddresses implements Cloneable {
{
Set<InetAddress> all = new LinkedHashSet<>();
try {
if (DEBUG) {
System.out.println(">>> KrbKdcReq local addresses are:");
if (DEBUG != null) {
DEBUG.println(">>> KrbKdcReq local addresses are:");
}
String extra = Config.getInstance().getAll(
"libdefaults", "extra_addresses");
if (extra != null) {
for (String s: extra.split("\\s+")) {
all.add(InetAddress.getByName(s));
if (DEBUG) {
System.out.println(" extra_addresses: "
if (DEBUG != null) {
DEBUG.println(" extra_addresses: "
+ InetAddress.getByName(s));
}
}
}
for (NetworkInterface ni:
Collections.list(NetworkInterface.getNetworkInterfaces())) {
if (DEBUG) {
System.out.println(" NetworkInterface " + ni + ":");
System.out.println(" "
if (DEBUG != null) {
DEBUG.println(" NetworkInterface " + ni + ":");
DEBUG.println(" "
+ Collections.list(ni.getInetAddresses()));
}
all.addAll(Collections.list(ni.getInetAddresses()));

@ -37,6 +37,8 @@ import sun.security.krb5.internal.util.KerberosFlags;
import sun.security.util.*;
import java.io.IOException;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 KDCOptions type.
*
@ -170,8 +172,6 @@ public class KDCOptions extends KerberosFlags {
"VALIDATE", //31;
};
private boolean DEBUG = Krb5.DEBUG;
public static KDCOptions with(int... flags) {
KDCOptions options = new KDCOptions();
for (int flag: flags) {
@ -321,8 +321,8 @@ public class KDCOptions extends KerberosFlags {
}
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting default values for " +
if (DEBUG != null) {
DEBUG.println("Exception in getting default values for " +
"KDC Options from the configuration ");
e.printStackTrace();

@ -35,6 +35,8 @@ import sun.security.util.*;
import java.io.IOException;
import java.math.BigInteger;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 KDC-REP type.
*
@ -68,7 +70,6 @@ public class KDCRep {
private int pvno;
private int msgType;
public PAData[] pAData = null; //optional
private boolean DEBUG = Krb5.DEBUG;
public KDCRep(
PAData[] new_pAData,
@ -131,8 +132,8 @@ public class KDCRep {
KrbApErrException {
DerValue der, subDer;
if ((encoding.getTag() & 0x1F) != req_type) {
if (DEBUG) {
System.out.println(">>> KDCRep: init() " +
if (DEBUG != null) {
DEBUG.println(">>> KDCRep: init() " +
"encoding tag is " +
encoding.getTag() +
" req type is " + req_type);

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -47,6 +47,8 @@ import java.util.List;
import java.util.Objects;
import sun.security.krb5.internal.util.KerberosString;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 KRBError type.
*
@ -103,8 +105,6 @@ public class KRBError implements java.io.Serializable {
private PAData[] pa; // PA-DATA in eData
private static boolean DEBUG = Krb5.DEBUG;
private void readObject(ObjectInputStream is)
throws IOException, ClassNotFoundException {
try {
@ -232,16 +232,16 @@ public class KRBError implements java.io.Serializable {
// may fail.
parsePAData(data);
} catch (Exception e) {
if (DEBUG) {
System.out.println("Unable to parse eData field of KRB-ERROR:\n" +
if (DEBUG != null) {
DEBUG.println("Unable to parse eData field of KRB-ERROR:\n" +
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
}
throw new IOException(
"Unable to parse eData field of KRB-ERROR", e);
}
} else {
if (DEBUG) {
System.out.println("Unknown eData field of KRB-ERROR:\n" +
if (DEBUG != null) {
DEBUG.println("Unknown eData field of KRB-ERROR:\n" +
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
}
}
@ -260,8 +260,8 @@ public class KRBError implements java.io.Serializable {
DerValue tmp = derPA.data.getDerValue();
PAData pa_data = new PAData(tmp);
paList.add(pa_data);
if (DEBUG) {
System.out.println(pa_data);
if (DEBUG != null) {
DEBUG.println(pa_data.toString());
}
}
pa = paList.toArray(new PAData[paList.size()]);
@ -389,35 +389,35 @@ public class KRBError implements java.io.Serializable {
* For debug use only
*/
private void showDebug() {
if (DEBUG) {
System.out.println(">>>KRBError:");
if (DEBUG != null) {
DEBUG.println(">>>KRBError:");
if (cTime != null)
System.out.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
DEBUG.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
if (cuSec != null) {
System.out.println("\t cuSec is " + cuSec.intValue());
DEBUG.println("\t cuSec is " + cuSec.intValue());
}
System.out.println("\t sTime is " + sTime.toDate().toString
DEBUG.println("\t sTime is " + sTime.toDate().toString
() + " " + sTime.toDate().getTime());
System.out.println("\t suSec is " + suSec);
System.out.println("\t error code is " + errorCode);
System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
DEBUG.println("\t suSec is " + suSec);
DEBUG.println("\t error code is " + errorCode);
DEBUG.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
if (crealm != null) {
System.out.println("\t crealm is " + crealm.toString());
DEBUG.println("\t crealm is " + crealm.toString());
}
if (cname != null) {
System.out.println("\t cname is " + cname.toString());
DEBUG.println("\t cname is " + cname.toString());
}
if (sname != null) {
System.out.println("\t sname is " + sname.toString());
DEBUG.println("\t sname is " + sname.toString());
}
if (eData != null) {
System.out.println("\t eData provided.");
DEBUG.println("\t eData provided.");
}
if (eCksum != null) {
System.out.println("\t checksum provided.");
DEBUG.println("\t checksum provided.");
}
System.out.println("\t msgType is " + msgType);
DEBUG.println("\t msgType is " + msgType);
}
}

@ -43,6 +43,8 @@ import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Implements the ASN.1 KerberosTime type. This is an immutable class.
*
@ -72,8 +74,6 @@ public class KerberosTime {
private static long initMilli = System.currentTimeMillis();
private static long initMicro = System.nanoTime() / 1000;
private static boolean DEBUG = Krb5.DEBUG;
// Do not make this public. It's a little confusing that micro
// is only the last 3 digits of microsecond.
private KerberosTime(long time, int micro) {
@ -144,8 +144,8 @@ public class KerberosTime {
long microElapsed = newMicro - initMicro;
long calcMilli = initMilli + microElapsed/1000;
if (calcMilli - newMilli > 100 || newMilli - calcMilli > 100) {
if (DEBUG) {
System.out.println("System time adjusted");
if (DEBUG != null) {
DEBUG.println("System time adjusted");
}
initMilli = newMilli;
initMicro = newMicro;
@ -297,8 +297,8 @@ public class KerberosTime {
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
if (DEBUG != null) {
DEBUG.println("Exception in getting clockskew from " +
"Configuration " +
"using default value: " +
e.getMessage());

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,7 +31,8 @@
package sun.security.krb5.internal;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
import sun.security.util.Debug;
import java.util.Hashtable;
@ -315,8 +316,8 @@ public class Krb5 {
}
// Warning: used by NativeCreds.c
public static final boolean DEBUG = GetBooleanAction
.privilegedGetProperty("sun.security.krb5.debug");
public static final Debug DEBUG = Debug.of("krb5", GetPropertyAction
.privilegedGetProperty("sun.security.krb5.debug"));
public static final sun.security.util.HexDumpEncoder hexDumper =
new sun.security.util.HexDumpEncoder();

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,6 +35,8 @@ import java.io.*;
import java.net.*;
import sun.security.util.IOUtils;
import static sun.security.krb5.internal.Krb5.DEBUG;
public abstract class NetClient implements AutoCloseable {
public static NetClient getInstance(String protocol, String hostname, int port,
int timeout) throws IOException {
@ -81,21 +83,21 @@ class TCPClient extends NetClient {
int count = readFully(lenField, 4);
if (count != 4) {
if (Krb5.DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>>DEBUG: TCPClient could not read length field");
}
return null;
}
int len = networkByteOrderToInt(lenField, 0, 4);
if (Krb5.DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>>DEBUG: TCPClient reading " + len + " bytes");
}
if (len <= 0) {
if (Krb5.DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>>DEBUG: TCPClient zero or negative length field: "+len);
}
return null;
@ -104,8 +106,8 @@ class TCPClient extends NetClient {
try {
return IOUtils.readExactlyNBytes(in, len);
} catch (IOException ioe) {
if (Krb5.DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>>DEBUG: TCPClient could not read complete packet (" +
len + "/" + count + ")");
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,6 +42,8 @@ import sun.security.krb5.internal.*;
import sun.security.krb5.internal.util.KrbDataInputStream;
import sun.security.util.IOUtils;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class extends KrbDataInputStream. It is used for parsing FCC-format
* data from file to memory.
@ -67,8 +69,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
*/
/* V4 of the credentials cache format allows for header tags */
private static final boolean DEBUG = Krb5.DEBUG;
public CCacheInputStream(InputStream is){
super(is);
}
@ -212,8 +212,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
addrType = read(2);
addrLength = readLength4();
if (!(addrLength == 4 || addrLength == 16)) {
if (DEBUG) {
System.out.println("Incorrect address format.");
if (DEBUG != null) {
DEBUG.println("Incorrect address format.");
}
return null;
}
@ -280,7 +280,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
flags[10] = true;
if ((ticketFlags & 0x00100000) == TKT_FLG_HW_AUTH)
flags[11] = true;
if (DEBUG) {
if (DEBUG != null) {
String msg = ">>> CCacheInputStream: readFlags() ";
if (flags[1] == true) {
msg += " FORWARDABLE;";
@ -316,7 +316,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
if (flags[11] == true) {
msg += " HW_AUTH;";
}
System.out.println(msg);
DEBUG.println(msg);
}
return flags;
}
@ -336,8 +336,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
// Do not return here. All data for this cred should be fully
// consumed so that we can read the next one.
}
if (DEBUG) {
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
if (DEBUG != null) {
DEBUG.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
}
PrincipalName spname = null;
try {
@ -345,12 +345,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
} catch (Exception e) {
// same as above
}
if (DEBUG) {
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
if (DEBUG != null) {
DEBUG.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
}
EncryptionKey key = readKey(version);
if (DEBUG) {
System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
if (DEBUG != null) {
DEBUG.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
}
long[] times = readTimes();
KerberosTime authtime = new KerberosTime(times[0]);
@ -360,12 +360,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
KerberosTime renewTill =
(times[3]==0) ? null : new KerberosTime(times[3]);
if (DEBUG) {
System.out.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
System.out.println(">>>DEBUG <CCacheInputStream> start time: " +
if (DEBUG != null) {
DEBUG.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
DEBUG.println(">>>DEBUG <CCacheInputStream> start time: " +
((starttime==null)?"null":starttime.toDate().toString()));
System.out.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
DEBUG.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
DEBUG.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
((renewTill==null)?"null":renewTill.toDate().toString()));
}
boolean skey = readskey();
@ -404,8 +404,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
ticketData != null ? new Ticket(ticketData) : null,
ticketData2 != null ? new Ticket(ticketData2) : null);
} catch (Exception e) { // If any of new Ticket(*) fails.
if (DEBUG) {
e.printStackTrace(System.out);
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
return null;
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -54,6 +54,7 @@ import java.io.BufferedReader;
import java.io.InputStreamReader;
import static java.nio.charset.StandardCharsets.ISO_8859_1;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* CredentialsCache stores credentials(tickets, session keys, etc.) in a
@ -70,7 +71,6 @@ public class FileCredentialsCache extends CredentialsCache
public Tag tag; // optional
public PrincipalName primaryPrincipal;
private Vector<Credentials> credentialsList;
private static final boolean DEBUG = Krb5.DEBUG;
public static synchronized FileCredentialsCache acquireInstance(
PrincipalName principal, String cache) {
@ -92,8 +92,8 @@ public class FileCredentialsCache extends CredentialsCache
return fcc;
} catch (IOException | KrbException e) {
// we don't handle it now, instead we return a null at the end.
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;
@ -128,8 +128,8 @@ public class FileCredentialsCache extends CredentialsCache
return fcc;
}
catch (IOException | KrbException e) {
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;
@ -213,8 +213,8 @@ public class FileCredentialsCache extends CredentialsCache
tmp.sname.getRealmString()))) {
matched = true;
if (c.endtime.getTime() >= tmp.endtime.getTime()) {
if (DEBUG) {
System.out.println(" >>> FileCredentialsCache "
if (DEBUG != null) {
DEBUG.println(" >>> FileCredentialsCache "
+ "Ticket matched, overwrite "
+ "the old one.");
}
@ -224,8 +224,8 @@ public class FileCredentialsCache extends CredentialsCache
}
}
if (!matched) {
if (DEBUG) {
System.out.println(" >>> FileCredentialsCache Ticket "
if (DEBUG != null) {
DEBUG.println(" >>> FileCredentialsCache Ticket "
+ "not exactly matched, "
+ "add new one into cache.");
}
@ -349,8 +349,8 @@ public class FileCredentialsCache extends CredentialsCache
CredentialsCache.ConfigEntry entry = getConfigEntry("proxy_impersonator");
if (entry == null) {
if (DEBUG) {
System.out.println("get normal credential");
if (DEBUG != null) {
DEBUG.println("get normal credential");
}
return tgt;
}
@ -363,8 +363,8 @@ public class FileCredentialsCache extends CredentialsCache
}
switch (prop) {
case "no-impersonate": // never try impersonation
if (DEBUG) {
System.out.println("get normal credential");
if (DEBUG != null) {
DEBUG.println("get normal credential");
}
return tgt;
case "try-impersonate":
@ -382,8 +382,8 @@ public class FileCredentialsCache extends CredentialsCache
PrincipalName service = new PrincipalName(
new String(entry.getData(), StandardCharsets.UTF_8));
if (!tgt.getClient().equals(service)) {
if (DEBUG) {
System.out.println("proxy_impersonator does not match service name");
if (DEBUG != null) {
DEBUG.println("proxy_impersonator does not match service name");
}
return force ? null : tgt;
}
@ -397,18 +397,18 @@ public class FileCredentialsCache extends CredentialsCache
}
}
if (proxy == null) {
if (DEBUG) {
System.out.println("Cannot find evidence ticket in ccache");
if (DEBUG != null) {
DEBUG.println("Cannot find evidence ticket in ccache");
}
return force ? null : tgt;
}
if (DEBUG) {
System.out.println("Get proxied credential");
if (DEBUG != null) {
DEBUG.println("Get proxied credential");
}
return tgt.setProxy(proxy.setKrbCreds());
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Impersonation with ccache failed");
if (DEBUG != null) {
DEBUG.println("Impersonation with ccache failed");
}
return force ? null : tgt;
}
@ -460,8 +460,8 @@ public class FileCredentialsCache extends CredentialsCache
return cache;
});
if (name != null) {
if (DEBUG) {
System.out.println(">>>KinitOptions cache name is " + name);
if (DEBUG != null) {
DEBUG.println(">>>KinitOptions cache name is " + name);
}
return name;
}
@ -482,14 +482,14 @@ public class FileCredentialsCache extends CredentialsCache
if (uid != -1) {
name = File.separator + "tmp" +
File.separator + stdCacheNameComponent + "_" + uid;
if (DEBUG) {
System.out.println(">>>KinitOptions cache name is " +
if (DEBUG != null) {
DEBUG.println(">>>KinitOptions cache name is " +
name);
}
return name;
} else {
if (DEBUG) {
System.out.println("Error in obtaining uid " +
if (DEBUG != null) {
DEBUG.println("Error in obtaining uid " +
"for Unix platforms " +
"Using user's home directory");
}
@ -513,8 +513,8 @@ public class FileCredentialsCache extends CredentialsCache
name = user_home + File.separator + stdCacheNameComponent;
}
if (DEBUG) {
System.out.println(">>>KinitOptions cache name is " + name);
if (DEBUG != null) {
DEBUG.println(">>>KinitOptions cache name is " + name);
}
return name;
@ -562,8 +562,8 @@ public class FileCredentialsCache extends CredentialsCache
try {
return (Runtime.getRuntime().exec(command));
} catch (IOException e) {
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
return null;
}
@ -592,8 +592,8 @@ public class FileCredentialsCache extends CredentialsCache
commandResult.close();
return s1;
} catch (Exception e) {
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,9 +35,9 @@ import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
public abstract class CksumType {
import static sun.security.krb5.internal.Krb5.DEBUG;
private static boolean DEBUG = Krb5.DEBUG;
public abstract class CksumType {
public static CksumType getInstance(int cksumTypeConst)
throws KdcErrException {
@ -121,8 +121,8 @@ public abstract class CksumType {
default:
throw new KdcErrException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
}
if (DEBUG) {
System.out.println(">>> CksumType: " + cksumTypeName);
if (DEBUG != null) {
DEBUG.println(">>> CksumType: " + cksumTypeName);
}
return cksumType;
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,13 +42,13 @@ import java.util.Arrays;
import java.util.List;
import java.util.ArrayList;
import static sun.security.krb5.internal.Krb5.DEBUG;
//only needed if dataSize() implementation changes back to spec;
//see dataSize() below
public abstract class EType {
private static final boolean DEBUG = Krb5.DEBUG;
// etypes supported by JDK, including weak ones
private static int[] supportedETypes;
// common default etypes if not defined in krb5.conf
@ -83,8 +83,8 @@ public abstract class EType {
allowWeakCrypto = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
== Boolean.TRUE;
} catch (Exception exc) {
if (DEBUG) {
System.out.println ("Exception in getting allow_weak_crypto, " +
if (DEBUG != null) {
DEBUG.println ("Exception in getting allow_weak_crypto, " +
"using default value: " +
exc.getMessage());
}
@ -160,8 +160,8 @@ public abstract class EType {
+ " (" + eTypeConst + ")";
throw new KdcErrException(Krb5.KDC_ERR_ETYPE_NOSUPP, msg);
}
if (DEBUG) {
System.out.println(">>> EType: " + eTypeName);
if (DEBUG != null) {
DEBUG.println(">>> EType: " + eTypeName);
}
return eType;
}
@ -245,10 +245,10 @@ public abstract class EType {
try {
config = Config.getInstance();
} catch (KrbException exc) {
if (DEBUG) {
System.out.println("Exception while getting " +
if (DEBUG != null) {
DEBUG.println("Exception while getting " +
configName + ": " + exc.getMessage());
System.out.println("Using default builtin etypes");
DEBUG.println("Using default builtin etypes");
}
return getBuiltInDefaults();
}

@ -33,10 +33,11 @@ package sun.security.krb5.internal.crypto;
import java.security.MessageDigestSpi;
import java.security.DigestException;
import static sun.security.krb5.internal.Krb5.DEBUG;
public final class crc32 extends MessageDigestSpi implements Cloneable {
private static final int CRC32_LENGTH = 4; //32-bit
private int seed;
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
// buffer;
// private int bufferIndex, bufferLeft;
@ -259,9 +260,9 @@ public final class crc32 extends MessageDigestSpi implements Cloneable {
public static byte[] byte2crc32sum_bytes(byte[] data, int size) {
int temp = byte2crc32sum(0, data, size);
if (DEBUG) {
System.out.println(">>>crc32: " + Integer.toHexString(temp));
System.out.println(">>>crc32: " + Integer.toBinaryString(temp));
if (DEBUG != null) {
DEBUG.println(">>>crc32: " + Integer.toHexString(temp));
DEBUG.println(">>>crc32: " + Integer.toBinaryString(temp));
}
return int2quad(temp);
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -140,7 +140,7 @@ public class ArcFourCrypto extends DkCrypto {
int start, int len) throws GeneralSecurityException {
if (debug) {
System.out.println("ARCFOUR: calculateChecksum with usage = " +
System.err.println("ARCFOUR: calculateChecksum with usage = " +
usage);
}
@ -258,7 +258,7 @@ public class ArcFourCrypto extends DkCrypto {
}
if (debug) {
System.out.println("ArcFour: ENCRYPT with key usage = " + usage);
System.err.println("ArcFour: ENCRYPT with key usage = " + usage);
}
// get the confounder
@ -313,7 +313,7 @@ public class ArcFourCrypto extends DkCrypto {
}
if (debug) {
System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
System.err.println("\nARCFOUR: encryptRaw with usage = " + usage);
}
// Derive encryption key for data
@ -352,7 +352,7 @@ public class ArcFourCrypto extends DkCrypto {
+ usage);
}
if (debug) {
System.out.println("\nARCFOUR: DECRYPT using key usage = " + usage);
System.err.println("\nARCFOUR: DECRYPT using key usage = " + usage);
}
// compute K1
@ -424,7 +424,7 @@ public class ArcFourCrypto extends DkCrypto {
+ usage);
}
if (debug) {
System.out.println("\nARCFOUR: decryptRaw with usage = " + usage);
System.err.println("\nARCFOUR: decryptRaw with usage = " + usage);
}
// Derive encryption key for data

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -49,6 +49,8 @@ import java.util.StringTokenizer;
import java.util.Vector;
import sun.security.jgss.krb5.ServiceCreds;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class represents key table. The key table functions deal with storing
* and retrieving service keys for use in authentication exchanges.
@ -64,7 +66,6 @@ import sun.security.jgss.krb5.ServiceCreds;
*/
public class KeyTab implements KeyTabConstants {
private static final boolean DEBUG = Krb5.DEBUG;
private static String defaultTabName = null;
// Attention: Currently there is no way to remove a keytab from this map,
@ -101,14 +102,14 @@ public class KeyTab implements KeyTabConstants {
} catch (FileNotFoundException e) {
entries.clear();
isMissing = true;
if (DEBUG) {
System.out.println("Cannot load keytab " + tabName + ": " + e);
if (DEBUG != null) {
DEBUG.println("Cannot load keytab " + tabName + ": " + e);
}
} catch (Exception ioe) {
entries.clear();
isValid = false;
if (DEBUG) {
System.out.println("Cannot load keytab " + tabName + ": " + ioe);
if (DEBUG != null) {
DEBUG.println("Cannot load keytab " + tabName + ": " + ioe);
}
}
}
@ -263,8 +264,8 @@ public class KeyTab implements KeyTabConstants {
while (kis.available() > 0) {
entryLength = kis.readEntryLength();
entry = kis.readEntry(entryLength, kt_vno);
if (DEBUG) {
System.out.println(">>> KeyTab: load() entry length: " +
if (DEBUG != null) {
DEBUG.println(">>> KeyTab: load() entry length: " +
entryLength + "; type: " +
(entry != null? entry.keyType : 0));
}
@ -293,8 +294,8 @@ public class KeyTab implements KeyTabConstants {
EncryptionKey key;
int size = entries.size();
ArrayList<EncryptionKey> keys = new ArrayList<>(size);
if (DEBUG) {
System.out.println("Looking for keys for: " + service);
if (DEBUG != null) {
DEBUG.println("Looking for keys for: " + service);
}
for (int i = size-1; i >= 0; i--) {
entry = entries.elementAt(i);
@ -304,12 +305,12 @@ public class KeyTab implements KeyTabConstants {
entry.keyType,
entry.keyVersion);
keys.add(key);
if (DEBUG) {
System.out.println("Added key: " + entry.keyType +
if (DEBUG != null) {
DEBUG.println("Added key: " + entry.keyType +
", version: " + entry.keyVersion);
}
} else if (DEBUG) {
System.out.println("Found unsupported keytype (" +
} else if (DEBUG != null) {
DEBUG.println("Found unsupported keytype (" +
entry.keyType + ") for " + service);
}
}
@ -347,8 +348,8 @@ public class KeyTab implements KeyTabConstants {
if (entry.service.match(service)) {
if (EType.isSupported(entry.keyType)) {
return true;
} else if (DEBUG) {
System.out.println("Found unsupported keytype (" +
} else if (DEBUG != null) {
DEBUG.println("Found unsupported keytype (" +
entry.keyType + ") for " + service);
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,6 +35,7 @@ import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import static java.nio.charset.StandardCharsets.ISO_8859_1;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class represents a Key Table entry. Each entry contains the service principal of
@ -49,7 +50,6 @@ public class KeyTabEntry implements KeyTabConstants {
int keyVersion;
int keyType;
byte[] keyblock = null;
boolean DEBUG = Krb5.DEBUG;
public KeyTabEntry (PrincipalName new_service, Realm new_realm, KerberosTime new_time,
int new_keyVersion, int new_keyType, byte[] new_keyblock) {
@ -95,8 +95,8 @@ public class KeyTabEntry implements KeyTabConstants {
+ timestampSize + keyVersionSize
+ keyTypeSize + keySize + keyblock.length;
if (DEBUG) {
System.out.println(">>> KeyTabEntry: key tab entry size is " + size);
if (DEBUG != null) {
DEBUG.println(">>> KeyTabEntry: key tab entry size is " + size);
}
return size;
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,8 @@ import sun.security.krb5.internal.util.KrbDataInputStream;
import java.io.IOException;
import java.io.InputStream;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class implements a buffered input stream. It is used for parsing key table
* data to memory.
@ -48,7 +50,6 @@ import java.io.InputStream;
*/
public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConstants {
boolean DEBUG = Krb5.DEBUG;
int index;
public KeyTabInputStream(InputStream is) {
@ -151,8 +152,8 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
read(bytes, 0, length);
index -= length;
name = new String(bytes);
if (DEBUG) {
System.out.println(">>> KeyTabInputStream, readName(): " + name);
if (DEBUG != null) {
DEBUG.println(">>> KeyTabInputStream, readName(): " + name);
}
return name;
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,6 +38,8 @@ import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.krb5.internal.ReplayCache;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class stores replay caches. AuthTimeWithHash objects are categorized
* into AuthLists keyed by the names of client and server.
@ -48,7 +50,6 @@ public class MemoryCache extends ReplayCache {
// TODO: One day we'll need to read dynamic krb5.conf.
private static final int lifespan = KerberosTime.getDefaultSkew();
private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
private final Map<String,AuthList> content = new ConcurrentHashMap<>();
@ -58,8 +59,8 @@ public class MemoryCache extends ReplayCache {
String key = time.client + "|" + time.server;
content.computeIfAbsent(key, k -> new AuthList(lifespan))
.put(time, currTime);
if (DEBUG) {
System.out.println("MemoryCache: add " + time + " to " + key);
if (DEBUG != null) {
DEBUG.println("MemoryCache: add " + time + " to " + key);
}
// TODO: clean up AuthList entries with only expired AuthTimeWithHash objects.
}

@ -99,9 +99,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_init(JNIEnv *env,
MAX_MSG_SIZE,
NULL);
if (0 == dwRes) {
printf("GSS-API: Unknown failure %d\n", dwError);
TRACE1("GSS-API: Unknown failure %d", dwError);
} else {
printf("GSS-API: %s\n",szMsgBuf);
TRACE1("GSS-API: %s",szMsgBuf);
}
#else
char* error = dlerror();

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -106,7 +106,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
/* Retrieve and store the classes in global ref */
cls = (*env)->FindClass(env, "java/lang/Object");
if (cls == NULL) {
printf("Couldn't find Object class\n");
fprintf(stderr, "Couldn't find Object class\n");
return JNI_ERR;
}
CLS_Object = (*env)->NewGlobalRef(env, cls);
@ -115,7 +115,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "java/lang/String");
if (cls == NULL) {
printf("Couldn't find String class\n");
fprintf(stderr, "Couldn't find String class\n");
return JNI_ERR;
}
CLS_String = (*env)->NewGlobalRef(env, cls);
@ -124,7 +124,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "org/ietf/jgss/Oid");
if (cls == NULL) {
printf("Couldn't find org.ietf.jgss.Oid class\n");
fprintf(stderr, "Couldn't find org.ietf.jgss.Oid class\n");
return JNI_ERR;
}
CLS_Oid = (*env)->NewGlobalRef(env, cls);
@ -133,7 +133,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "org/ietf/jgss/GSSException");
if (cls == NULL) {
printf("Couldn't find org.ietf.jgss.GSSException class\n");
fprintf(stderr, "Couldn't find org.ietf.jgss.GSSException class\n");
return JNI_ERR;
}
CLS_GSSException = (*env)->NewGlobalRef(env, cls);
@ -142,7 +142,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSNameElement");
if (cls == NULL) {
printf("Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
return JNI_ERR;
}
CLS_GSSNameElement = (*env)->NewGlobalRef(env, cls);
@ -151,7 +151,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSCredElement");
if (cls == NULL) {
printf("Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
return JNI_ERR;
}
CLS_GSSCredElement = (*env)->NewGlobalRef(env, cls);
@ -160,7 +160,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/NativeGSSContext");
if (cls == NULL) {
printf("Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
return JNI_ERR;
}
CLS_NativeGSSContext = (*env)->NewGlobalRef(env, cls);
@ -169,7 +169,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
}
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/SunNativeProvider");
if (cls == NULL) {
printf("Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
return JNI_ERR;
}
CLS_SunNativeProvider = (*env)->NewGlobalRef(env, cls);
@ -180,115 +180,115 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
MID_String_ctor = (*env)->GetMethodID(env, CLS_String,
"<init>", "([B)V");
if (MID_String_ctor == NULL) {
printf("Couldn't find String(byte[]) constructor\n");
fprintf(stderr, "Couldn't find String(byte[]) constructor\n");
return JNI_ERR;
}
MID_Oid_ctor1 =
(*env)->GetMethodID(env, CLS_Oid, "<init>", "([B)V");
if (MID_Oid_ctor1 == NULL) {
printf("Couldn't find Oid(byte[]) constructor\n");
fprintf(stderr, "Couldn't find Oid(byte[]) constructor\n");
return JNI_ERR;
}
MID_Oid_getDER = (*env)->GetMethodID(env, CLS_Oid, "getDER", "()[B");
if (MID_Oid_getDER == NULL) {
printf("Couldn't find Oid.getDER() method\n");
fprintf(stderr, "Couldn't find Oid.getDER() method\n");
return JNI_ERR;
}
cls = (*env)->FindClass(env, "org/ietf/jgss/MessageProp");
if (cls == NULL) {
printf("Couldn't find org.ietf.jgss.MessageProp class\n");
fprintf(stderr, "Couldn't find org.ietf.jgss.MessageProp class\n");
return JNI_ERR;
}
MID_MessageProp_getPrivacy =
(*env)->GetMethodID(env, cls, "getPrivacy", "()Z");
if (MID_MessageProp_getPrivacy == NULL) {
printf("Couldn't find MessageProp.getPrivacy() method\n");
fprintf(stderr, "Couldn't find MessageProp.getPrivacy() method\n");
return JNI_ERR;
}
MID_MessageProp_getQOP = (*env)->GetMethodID(env, cls, "getQOP", "()I");
if (MID_MessageProp_getQOP == NULL) {
printf("Couldn't find MessageProp.getQOP() method\n");
fprintf(stderr, "Couldn't find MessageProp.getQOP() method\n");
return JNI_ERR;
}
MID_MessageProp_setPrivacy =
(*env)->GetMethodID(env, cls, "setPrivacy", "(Z)V");
if (MID_MessageProp_setPrivacy == NULL) {
printf("Couldn't find MessageProp.setPrivacy(boolean) method\n");
fprintf(stderr, "Couldn't find MessageProp.setPrivacy(boolean) method\n");
return JNI_ERR;
}
MID_MessageProp_setQOP = (*env)->GetMethodID(env, cls, "setQOP", "(I)V");
if (MID_MessageProp_setQOP == NULL) {
printf("Couldn't find MessageProp.setQOP(int) method\n");
fprintf(stderr, "Couldn't find MessageProp.setQOP(int) method\n");
return JNI_ERR;
}
MID_MessageProp_setSupplementaryStates =
(*env)->GetMethodID(env, cls, "setSupplementaryStates",
"(ZZZZILjava/lang/String;)V");
if (MID_MessageProp_setSupplementaryStates == NULL) {
printf("Couldn't find MessageProp.setSupplementaryStates(...) method\n");
fprintf(stderr, "Couldn't find MessageProp.setSupplementaryStates(...) method\n");
return JNI_ERR;
}
MID_GSSException_ctor3 = (*env)->GetMethodID
(env, CLS_GSSException, "<init>", "(IILjava/lang/String;)V");
if (MID_GSSException_ctor3 == NULL) {
printf("Couldn't find GSSException(int, int, String) constructor\n");
fprintf(stderr, "Couldn't find GSSException(int, int, String) constructor\n");
return JNI_ERR;
}
cls = (*env)->FindClass(env, "org/ietf/jgss/ChannelBinding");
if (cls == NULL) {
printf("Couldn't find org.ietf.jgss.ChannelBinding class\n");
fprintf(stderr, "Couldn't find org.ietf.jgss.ChannelBinding class\n");
return JNI_ERR;
}
MID_ChannelBinding_getInitiatorAddr =
(*env)->GetMethodID(env, cls, "getInitiatorAddress",
"()Ljava/net/InetAddress;");
if (MID_ChannelBinding_getInitiatorAddr == NULL) {
printf("Couldn't find ChannelBinding.getInitiatorAddress() method\n");
fprintf(stderr, "Couldn't find ChannelBinding.getInitiatorAddress() method\n");
return JNI_ERR;
}
MID_ChannelBinding_getAcceptorAddr =
(*env)->GetMethodID(env, cls, "getAcceptorAddress",
"()Ljava/net/InetAddress;");
if (MID_ChannelBinding_getAcceptorAddr == NULL) {
printf("Couldn't find ChannelBinding.getAcceptorAddress() method\n");
fprintf(stderr, "Couldn't find ChannelBinding.getAcceptorAddress() method\n");
return JNI_ERR;
}
MID_ChannelBinding_getAppData =
(*env)->GetMethodID(env, cls, "getApplicationData", "()[B");
if (MID_ChannelBinding_getAppData == NULL) {
printf("Couldn't find ChannelBinding.getApplicationData() method\n");
fprintf(stderr, "Couldn't find ChannelBinding.getApplicationData() method\n");
return JNI_ERR;
}
cls = (*env)->FindClass(env, "java/net/InetAddress");
if (cls == NULL) {
printf("Couldn't find java.net.InetAddress class\n");
fprintf(stderr, "Couldn't find java.net.InetAddress class\n");
return JNI_ERR;
}
MID_InetAddress_getAddr = (*env)->GetMethodID(env, cls, "getAddress",
"()[B");
if (MID_InetAddress_getAddr == NULL) {
printf("Couldn't find InetAddress.getAddress() method\n");
fprintf(stderr, "Couldn't find InetAddress.getAddress() method\n");
return JNI_ERR;
}
MID_GSSNameElement_ctor =
(*env)->GetMethodID(env, CLS_GSSNameElement,
"<init>", "(JLsun/security/jgss/wrapper/GSSLibStub;)V");
if (MID_GSSNameElement_ctor == NULL) {
printf("Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
fprintf(stderr, "Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
return JNI_ERR;
}
MID_GSSCredElement_ctor =
(*env)->GetMethodID(env, CLS_GSSCredElement, "<init>",
"(JLsun/security/jgss/wrapper/GSSNameElement;Lorg/ietf/jgss/Oid;)V");
if (MID_GSSCredElement_ctor == NULL) {
printf("Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
fprintf(stderr, "Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
return JNI_ERR;
}
MID_NativeGSSContext_ctor =
(*env)->GetMethodID(env, CLS_NativeGSSContext, "<init>",
"(JLsun/security/jgss/wrapper/GSSLibStub;)V");
if (MID_NativeGSSContext_ctor == NULL) {
printf("Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
fprintf(stderr, "Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
return JNI_ERR;
}
@ -296,78 +296,78 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
(*env)->GetMethodID(env, CLS_NativeGSSContext, "setContext",
"(J)V");
if (MID_NativeGSSContext_setContext == NULL) {
printf("Couldn't find NativeGSSContext.setContext(long) method\n");
fprintf(stderr, "Couldn't find NativeGSSContext.setContext(long) method\n");
return JNI_ERR;
}
/* Compute and cache the field ID */
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSLibStub");
if (cls == NULL) {
printf("Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
return JNI_ERR;
}
FID_GSSLibStub_pMech =
(*env)->GetFieldID(env, cls, "pMech", "J");
if (FID_GSSLibStub_pMech == NULL) {
printf("Couldn't find GSSLibStub.pMech field\n");
fprintf(stderr, "Couldn't find GSSLibStub.pMech field\n");
return JNI_ERR;
}
FID_NativeGSSContext_pContext =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "pContext", "J");
if (FID_NativeGSSContext_pContext == NULL) {
printf("Couldn't find NativeGSSContext.pContext field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.pContext field\n");
return JNI_ERR;
}
FID_NativeGSSContext_srcName =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "srcName",
"Lsun/security/jgss/wrapper/GSSNameElement;");
if (FID_NativeGSSContext_srcName == NULL) {
printf("Couldn't find NativeGSSContext.srcName field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.srcName field\n");
return JNI_ERR;
}
FID_NativeGSSContext_targetName =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "targetName",
"Lsun/security/jgss/wrapper/GSSNameElement;");
if (FID_NativeGSSContext_targetName == NULL) {
printf("Couldn't find NativeGSSContext.targetName field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.targetName field\n");
return JNI_ERR;
}
FID_NativeGSSContext_isInitiator =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isInitiator", "Z");
if (FID_NativeGSSContext_isInitiator == NULL) {
printf("Couldn't find NativeGSSContext.isInitiator field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.isInitiator field\n");
return JNI_ERR;
}
FID_NativeGSSContext_isEstablished =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isEstablished", "Z");
if (FID_NativeGSSContext_isEstablished == NULL) {
printf("Couldn't find NativeGSSContext.isEstablished field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.isEstablished field\n");
return JNI_ERR;
}
FID_NativeGSSContext_delegatedCred =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "delegatedCred",
"Lsun/security/jgss/wrapper/GSSCredElement;");
if (FID_NativeGSSContext_delegatedCred == NULL) {
printf("Couldn't find NativeGSSContext.delegatedCred field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.delegatedCred field\n");
return JNI_ERR;
}
FID_NativeGSSContext_flags =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "flags", "I");
if (FID_NativeGSSContext_flags == NULL) {
printf("Couldn't find NativeGSSContext.flags field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.flags field\n");
return JNI_ERR;
}
FID_NativeGSSContext_lifetime =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "lifetime", "I");
if (FID_NativeGSSContext_lifetime == NULL) {
printf("Couldn't find NativeGSSContext.lifetime field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.lifetime field\n");
return JNI_ERR;
}
FID_NativeGSSContext_actualMech =
(*env)->GetFieldID(env, CLS_NativeGSSContext, "actualMech",
"Lorg/ietf/jgss/Oid;");
if (FID_NativeGSSContext_actualMech == NULL) {
printf("Couldn't find NativeGSSContext.actualMech field\n");
fprintf(stderr, "Couldn't find NativeGSSContext.actualMech field\n");
return JNI_ERR;
}
return JNI_VERSION_1_2;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -84,10 +84,10 @@ extern "C" {
extern jfieldID FID_NativeGSSContext_flags;
extern jfieldID FID_NativeGSSContext_lifetime;
extern jfieldID FID_NativeGSSContext_actualMech;
#define TRACE0(s) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stdout); }}
#define TRACE1(s, p1) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stdout); }}
#define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stdout); }}
#define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stdout); }}
#define TRACE0(s) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stderr); }}
#define TRACE1(s, p1) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stderr); }}
#define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stderr); }}
#define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stderr); }}
#ifdef __cplusplus

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,8 @@ import java.util.Arrays;
import sun.security.util.Password;
import javax.security.auth.kerberos.KeyTab;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Kinit tool for obtaining Kerberos v5 tickets.
*
@ -48,7 +50,6 @@ import javax.security.auth.kerberos.KeyTab;
public class Kinit {
private KinitOptions options;
private static final boolean DEBUG = Krb5.DEBUG;
/**
* The main method is used to accept user command line input for ticket
@ -180,8 +181,8 @@ public class Kinit {
princName = principal.toString();
}
KrbAsReqBuilder builder;
if (DEBUG) {
System.out.println("Principal is " + principal);
if (DEBUG != null) {
DEBUG.println("Principal is " + principal);
}
char[] psswd = options.password;
boolean useKeytab = options.useKeytabFile();
@ -194,15 +195,15 @@ public class Kinit {
System.out.print("Password for " + princName + ":");
System.out.flush();
psswd = Password.readPassword(System.in);
if (DEBUG) {
System.out.println(">>> Kinit console input " +
if (DEBUG != null) {
DEBUG.println(">>> Kinit console input " +
new String(psswd));
}
}
builder = new KrbAsReqBuilder(principal, psswd);
} else {
if (DEBUG) {
System.out.println(">>> Kinit using keytab");
if (DEBUG != null) {
DEBUG.println(">>> Kinit using keytab");
}
if (princName == null) {
throw new IllegalArgumentException
@ -210,8 +211,8 @@ public class Kinit {
}
String ktabName = options.keytabFileName();
if (ktabName != null) {
if (DEBUG) {
System.out.println(
if (DEBUG != null) {
DEBUG.println(
">>> Kinit keytab file name: " + ktabName);
}
}
@ -230,15 +231,15 @@ public class Kinit {
realm = Config.getInstance().getDefaultRealm();
}
if (DEBUG) {
System.out.println(">>> Kinit realm name is " + realm);
if (DEBUG != null) {
DEBUG.println(">>> Kinit realm name is " + realm);
}
PrincipalName sname = PrincipalName.tgsService(realm, realm);
builder.setTarget(sname);
if (DEBUG) {
System.out.println(">>> Creating KrbAsReq");
if (DEBUG != null) {
DEBUG.println(">>> Creating KrbAsReq");
}
if (options.getAddressOption())

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,6 +37,8 @@ import java.io.IOException;
import java.time.Instant;
import java.io.FileInputStream;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* Maintains user-specific options or default settings when the user requests
* a KDC ticket using Kinit.
@ -63,7 +65,6 @@ class KinitOptions {
public String realm;
char[] password = null;
public boolean keytab;
private boolean DEBUG = Krb5.DEBUG;
private boolean includeAddresses = true; // default.
private boolean useKeytab = false; // default = false.
private String ktabName; // keytab file name
@ -193,26 +194,26 @@ class KinitOptions {
}
PrincipalName p = cis.readPrincipal(version);
cis.close();
if (DEBUG) {
System.out.println(">>>KinitOptions principal name from " +
if (DEBUG != null) {
DEBUG.println(">>>KinitOptions principal name from " +
"the cache is: " + p);
}
return p;
} catch (IOException e) {
// ignore any exceptions; we will use the user name as the
// principal name
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
} catch (RealmException e) {
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
}
String username = System.getProperty("user.name");
if (DEBUG) {
System.out.println(">>>KinitOptions default username is: "
if (DEBUG != null) {
DEBUG.println(">>>KinitOptions default username is: "
+ username);
}
try {
@ -220,10 +221,10 @@ class KinitOptions {
return p;
} catch (RealmException e) {
// ignore exception , return null
if (DEBUG) {
System.out.println ("Exception in getting principal " +
if (DEBUG != null) {
DEBUG.println ("Exception in getting principal " +
"name " + e.getMessage());
e.printStackTrace();
e.printStackTrace(DEBUG.getPrintStream());
}
}
return null;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,8 @@ import sun.security.krb5.internal.ccache.*;
import sun.security.krb5.internal.ktab.*;
import sun.security.krb5.internal.crypto.EType;
import static sun.security.krb5.internal.Krb5.DEBUG;
/**
* This class can execute as a command-line tool to list entries in
* credential cache and key tab.
@ -54,7 +56,6 @@ public class Klist {
String name; // the name of credentials cache and keytable.
char action; // actions would be 'c' for credentials cache
// and 'k' for keytable.
private static boolean DEBUG = Krb5.DEBUG;
/**
* The main program that can be invoked at command line.
@ -321,8 +322,8 @@ public class Klist {
} catch (RealmException e) {
System.out.println("Error reading principal from "+
"the entry.");
if (DEBUG) {
e.printStackTrace();
if (DEBUG != null) {
e.printStackTrace(DEBUG.getPrintStream());
}
return -1;
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -124,24 +124,24 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
if (cls == NULL) {
printf("LSA: Couldn't find Krb5\n");
fprintf(stderr, "LSA: Couldn't find Krb5\n");
return JNI_ERR;
}
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Lsun/security/util/Debug;");
if (fldDEBUG == NULL) {
printf("LSA: Krb5 has no DEBUG field\n");
fprintf(stderr, "LSA: Krb5 has no DEBUG field\n");
return JNI_ERR;
}
native_debug = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
native_debug = (*env)->GetStaticObjectField(env, cls, fldDEBUG) != NULL;
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
if (cls == NULL) {
printf("LSA: Couldn't find Ticket\n");
fprintf(stderr, "LSA: Couldn't find Ticket\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found Ticket\n");
fprintf(stderr, "LSA: Found Ticket\n");
}
ticketClass = (*env)->NewWeakGlobalRef(env,cls);
@ -149,17 +149,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Made NewWeakGlobalRef\n");
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
if (cls == NULL) {
printf("LSA: Couldn't find PrincipalName\n");
fprintf(stderr, "LSA: Couldn't find PrincipalName\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found PrincipalName\n");
fprintf(stderr, "LSA: Found PrincipalName\n");
}
principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
@ -167,17 +167,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Made NewWeakGlobalRef\n");
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
if (cls == NULL) {
printf("LSA: Couldn't find EncryptionKey\n");
fprintf(stderr, "LSA: Couldn't find EncryptionKey\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found EncryptionKey\n");
fprintf(stderr, "LSA: Found EncryptionKey\n");
}
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
@ -185,17 +185,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Made NewWeakGlobalRef\n");
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
if (cls == NULL) {
printf("LSA: Couldn't find TicketFlags\n");
fprintf(stderr, "LSA: Couldn't find TicketFlags\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found TicketFlags\n");
fprintf(stderr, "LSA: Found TicketFlags\n");
}
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
@ -203,17 +203,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Made NewWeakGlobalRef\n");
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
if (cls == NULL) {
printf("LSA: Couldn't find KerberosTime\n");
fprintf(stderr, "LSA: Couldn't find KerberosTime\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found KerberosTime\n");
fprintf(stderr, "LSA: Found KerberosTime\n");
}
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
@ -221,17 +221,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Made NewWeakGlobalRef\n");
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
cls = (*env)->FindClass(env,"java/lang/String");
if (cls == NULL) {
printf("LSA: Couldn't find String\n");
fprintf(stderr, "LSA: Couldn't find String\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found String\n");
fprintf(stderr, "LSA: Found String\n");
}
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
@ -239,61 +239,61 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Made NewWeakGlobalRef\n");
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
}
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
"<init>", "([B)V");
if (ticketConstructor == 0) {
printf("LSA: Couldn't find Ticket constructor\n");
fprintf(stderr, "LSA: Couldn't find Ticket constructor\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found Ticket constructor\n");
fprintf(stderr, "LSA: Found Ticket constructor\n");
}
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
if (principalNameConstructor == 0) {
printf("LSA: Couldn't find PrincipalName constructor\n");
fprintf(stderr, "LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found PrincipalName constructor\n");
fprintf(stderr, "LSA: Found PrincipalName constructor\n");
}
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
"<init>", "(I[B)V");
if (encryptionKeyConstructor == 0) {
printf("LSA: Couldn't find EncryptionKey constructor\n");
fprintf(stderr, "LSA: Couldn't find EncryptionKey constructor\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found EncryptionKey constructor\n");
fprintf(stderr, "LSA: Found EncryptionKey constructor\n");
}
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
"<init>", "(I[B)V");
if (ticketFlagsConstructor == 0) {
printf("LSA: Couldn't find TicketFlags constructor\n");
fprintf(stderr, "LSA: Couldn't find TicketFlags constructor\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found TicketFlags constructor\n");
fprintf(stderr, "LSA: Found TicketFlags constructor\n");
}
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
"<init>", "(Ljava/lang/String;)V");
if (kerberosTimeConstructor == 0) {
printf("LSA: Couldn't find KerberosTime constructor\n");
fprintf(stderr, "LSA: Couldn't find KerberosTime constructor\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Found KerberosTime constructor\n");
fprintf(stderr, "LSA: Found KerberosTime constructor\n");
}
if (native_debug) {
printf("LSA: Finished OnLoad processing\n");
fprintf(stderr, "LSA: Finished OnLoad processing\n");
}
return JNI_VERSION_1_2;
@ -383,13 +383,13 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
"Lsun/security/krb5/internal/KerberosTime;"
"Lsun/security/krb5/internal/HostAddresses;)V");
if (krbcredsConstructor == 0) {
printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
fprintf(stderr, "LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
break;
}
}
if (native_debug) {
printf("LSA: Found KrbCreds constructor\n");
fprintf(stderr, "LSA: Found KrbCreds constructor\n");
}
//
@ -400,7 +400,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
break;
if (native_debug) {
printf("LSA: Got handle to Kerberos package\n");
fprintf(stderr, "LSA: Got handle to Kerberos package\n");
}
// Get the MS TGT from cache
@ -419,7 +419,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
);
if (native_debug) {
printf("LSA: Response size is %d\n", rspSize);
fprintf(stderr, "LSA: Response size is %d\n", rspSize);
}
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
@ -443,7 +443,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
// check TGT validity
if (native_debug) {
printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
fprintf(stderr, "LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
}
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
@ -455,7 +455,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (etypes[i] == msticket->SessionKey.KeyType) {
found = 1;
if (native_debug) {
printf("LSA: Valid etype found: %d\n", etypes[i]);
fprintf(stderr, "LSA: Valid etype found: %d\n", etypes[i]);
}
break;
}
@ -465,7 +465,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (!found) {
if (native_debug) {
printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
fprintf(stderr, "LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
}
// use domain to request Ticket
@ -492,7 +492,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
);
if (native_debug) {
printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]);
fprintf(stderr, "LSA: Response size is %d for %d\n", responseSize, etypes[i]);
}
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
@ -509,7 +509,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
if (msticket->SessionKey.KeyType != etypes[i]) {
if (native_debug) {
printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
fprintf(stderr, "LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
}
continue;
}
@ -809,7 +809,7 @@ ShowLastError(
DWORD dwRes;
if (native_debug) {
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
fprintf(stderr, "LSA: Error calling function %s: %lu\n", szAPI, dwError);
}
dwRes = FormatMessage (
@ -822,11 +822,11 @@ ShowLastError(
NULL);
if (native_debug) {
if (0 == dwRes) {
printf("LSA: FormatMessage failed with %d\n", GetLastError());
fprintf(stderr, "LSA: FormatMessage failed with %d\n", GetLastError());
// #define EXIT_FAILURE -1 // mdu
// ExitProcess(EXIT_FAILURE);
} else {
printf("LSA: %S",szMsgBuf);
fprintf(stderr, "LSA: %S",szMsgBuf);
}
}
}
@ -917,9 +917,9 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
if (native_debug) {
printf("LSA: Principal domain is %S\n", realm);
printf("LSA: Name type is %x\n", principalName->NameType);
printf("LSA: Name count is %x\n", principalName->NameCount);
fprintf(stderr, "LSA: Principal domain is %S\n", realm);
fprintf(stderr, "LSA: Name type is %x\n", principalName->NameType);
fprintf(stderr, "LSA: Name count is %x\n", principalName->NameCount);
}
nameCount = principalName->NameCount;
@ -927,7 +927,7 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
javaLangStringClass, NULL);
if (stringArray == NULL) {
if (native_debug) {
printf("LSA: Can't allocate String array for Principal\n");
fprintf(stderr, "LSA: Can't allocate String array for Principal\n");
}
goto cleanup;
}
@ -982,7 +982,7 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
}
if (i == cryptoKey->Length) {
if (native_debug) {
printf("LSA: Session key all zero. Stop.\n");
fprintf(stderr, "LSA: Session key all zero. Stop.\n");
}
return NULL;
}
@ -1057,7 +1057,7 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
minute,
second );
if (native_debug) {
printf("LSA: %S\n", (wchar_t *)timeString);
fprintf(stderr, "LSA: %S\n", (wchar_t *)timeString);
}
stringTime = (*env)->NewString(env, timeString,
(sizeof(timeString)/sizeof(WCHAR))-1);

@ -42,6 +42,7 @@ import javax.security.auth.spi.*;
import sun.security.krb5.*;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.Credentials;
import sun.security.util.Debug;
import sun.security.util.HexDumpEncoder;
import static sun.security.util.ResourcesMgr.getAuthResourceString;
@ -377,7 +378,8 @@ public class Krb5LoginModule implements LoginModule {
private Map<String, ?> options;
// configurable option
private boolean debug = false;
private Debug debug = null;
private boolean storeKey = false;
private boolean doNotPrompt = false;
private boolean useTicketCache = false;
@ -458,7 +460,7 @@ public class Krb5LoginModule implements LoginModule {
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
debug = Debug.of("krb5loginmodule", (String)options.get("debug"));
storeKey = "true".equalsIgnoreCase((String)options.get("storeKey"));
doNotPrompt = "true".equalsIgnoreCase((String)options.get
("doNotPrompt"));
@ -495,8 +497,8 @@ public class Krb5LoginModule implements LoginModule {
"true".equalsIgnoreCase((String)options.get("storePass"));
clearPass =
"true".equalsIgnoreCase((String)options.get("clearPass"));
if (debug) {
System.out.print("Debug is " + debug
if (debug != null) {
debug.println("Debug is " + (debug != null)
+ " storeKey " + storeKey
+ " useTicketCache " + useTicketCache
+ " useKeyTab " + useKeyTab
@ -529,8 +531,8 @@ public class Krb5LoginModule implements LoginModule {
if (refreshKrb5Config) {
try {
if (debug) {
System.out.println("Refreshing Kerberos configuration");
if (debug != null) {
debug.println("Refreshing Kerberos configuration");
}
sun.security.krb5.Config.refresh();
} catch (KrbException ke) {
@ -558,8 +560,8 @@ public class Krb5LoginModule implements LoginModule {
if (tryFirstPass) {
try {
attemptAuthentication(true);
if (debug)
System.out.println("\t\t[Krb5LoginModule] " +
if (debug != null)
debug.println("\t\t[Krb5LoginModule] " +
"authentication succeeded");
succeeded = true;
cleanState();
@ -567,8 +569,8 @@ public class Krb5LoginModule implements LoginModule {
} catch (LoginException le) {
// authentication failed -- try again below by prompting
cleanState();
if (debug) {
System.out.println("\t\t[Krb5LoginModule] " +
if (debug != null) {
debug.println("\t\t[Krb5LoginModule] " +
"tryFirstPass failed with:" +
le.getMessage());
}
@ -581,8 +583,8 @@ public class Krb5LoginModule implements LoginModule {
return true;
} catch (LoginException e) {
// authentication failed -- clean out state
if (debug) {
System.out.println("\t\t[Krb5LoginModule] " +
if (debug != null) {
debug.println("\t\t[Krb5LoginModule] " +
"authentication failed \n" +
e.getMessage());
}
@ -602,8 +604,8 @@ public class Krb5LoginModule implements LoginModule {
return true;
} catch (LoginException e) {
// authentication failed -- clean out state
if (debug) {
System.out.println("\t\t[Krb5LoginModule] " +
if (debug != null) {
debug.println("\t\t[Krb5LoginModule] " +
"authentication failed \n" +
e.getMessage());
}
@ -641,8 +643,8 @@ public class Krb5LoginModule implements LoginModule {
try {
if (useTicketCache) {
// ticketCacheName == null implies the default cache
if (debug)
System.out.println("Acquire TGT from Cache");
if (debug != null)
debug.println("Acquire TGT from Cache");
cred = Credentials.acquireTGTFromCache
(principal, ticketCacheName);
@ -658,8 +660,8 @@ public class Krb5LoginModule implements LoginModule {
if (!isCurrent(cred)) {
// credentials have expired
cred = null;
if (debug)
System.out.println("Credentials are" +
if (debug != null)
debug.println("Credentials are" +
" no longer valid");
}
}
@ -672,10 +674,10 @@ public class Krb5LoginModule implements LoginModule {
: cred.getClient();
}
}
if (debug) {
System.out.println("Principal is " + principal);
if (debug != null) {
debug.println("Principal is " + principal);
if (cred == null) {
System.out.println
debug.println
("null credentials from Ticket Cache");
}
}
@ -729,8 +731,8 @@ public class Krb5LoginModule implements LoginModule {
if (Krb5Util.keysFromJavaxKeyTab(ktab, principal).length
== 0) {
ktab = null;
if (debug) {
System.out.println
if (debug != null) {
debug.println
("Key for the principal " +
principal +
" not available in " +
@ -765,14 +767,14 @@ public class Krb5LoginModule implements LoginModule {
}
builder.destroy();
if (debug) {
System.out.println("principal is " + principal);
if (debug != null) {
debug.println("principal is " + principal);
HexDumpEncoder hd = new HexDumpEncoder();
if (ktab != null) {
System.out.println("Will use keytab");
debug.println("Will use keytab");
} else if (storeKey) {
for (int i = 0; i < encKeys.length; i++) {
System.out.println("EncryptionKey: keyType=" +
debug.println("EncryptionKey: keyType=" +
encKeys[i].getEType() +
" keyBytes (hex dump)=" +
hd.encodeBuffer(encKeys[i].getBytes()));
@ -800,20 +802,14 @@ public class Krb5LoginModule implements LoginModule {
if (getPasswdFromSharedState) {
// use the name saved by the first module in the stack
username = (String)sharedState.get(NAME);
if (debug) {
System.out.println
("username from shared state is " + username + "\n");
if (debug != null) {
debug.println
("username from shared state is " + username + "\n");
}
if (username == null) {
System.out.println
("username from shared state is null\n");
throw new LoginException
("Username can not be obtained from sharedstate ");
}
if (debug) {
System.out.println
("username from shared state is " + username + "\n");
}
if (username != null && username.length() > 0) {
krb5PrincName.insert(0, username);
return;
@ -863,15 +859,15 @@ public class Krb5LoginModule implements LoginModule {
// use the password saved by the first module in the stack
password = (char[])sharedState.get(PWD);
if (password == null) {
if (debug) {
System.out.println
if (debug != null) {
debug.println
("Password from shared state is null");
}
throw new LoginException
("Password can not be obtained from sharedstate ");
}
if (debug) {
System.out.println
if (debug != null) {
debug.println
("password is " + new String(password));
}
return;
@ -911,11 +907,11 @@ public class Krb5LoginModule implements LoginModule {
for (int i = 0; i < tmpPassword.length; i++)
tmpPassword[i] = ' ';
tmpPassword = null;
if (debug) {
System.out.println("\t\t[Krb5LoginModule] " +
if (debug != null) {
debug.println("\t\t[Krb5LoginModule] " +
"user entered username: " +
krb5PrincName);
System.out.println();
debug.println();
}
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.getMessage());
@ -1008,12 +1004,12 @@ public class Krb5LoginModule implements LoginModule {
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
lcreds = creds.renew();
if (debug)
System.out.println("Renewed Kerberos Ticket");
if (debug != null)
debug.println("Renewed Kerberos Ticket");
} catch (Exception e) {
lcreds = null;
if (debug)
System.out.println("Ticket could not be renewed : "
if (debug != null)
debug.println("Ticket could not be renewed : "
+ e.getMessage());
}
return lcreds;
@ -1131,10 +1127,10 @@ public class Krb5LoginModule implements LoginModule {
}
encKeys[i].destroy();
encKeys[i] = null;
if (debug) {
System.out.println("Added server's key"
if (debug != null) {
debug.println("Added server's key"
+ kerbKeys[i]);
System.out.println("\t\t[Krb5LoginModule] " +
debug.println("\t\t[Krb5LoginModule] " +
"added Krb5Principal " +
kerbClientPrinc.toString()
+ " to Subject");
@ -1144,8 +1140,8 @@ public class Krb5LoginModule implements LoginModule {
}
}
commitSucceeded = true;
if (debug)
System.out.println("Commit Succeeded \n");
if (debug != null)
debug.println("Commit Succeeded \n");
return true;
}
@ -1194,8 +1190,8 @@ public class Krb5LoginModule implements LoginModule {
*/
public boolean logout() throws LoginException {
if (debug) {
System.out.println("\t\t[Krb5LoginModule]: " +
if (debug != null) {
debug.println("\t\t[Krb5LoginModule]: " +
"Entering logout");
}
@ -1222,8 +1218,8 @@ public class Krb5LoginModule implements LoginModule {
succeeded = false;
commitSucceeded = false;
if (debug) {
System.out.println("\t\t[Krb5LoginModule]: " +
if (debug != null) {
debug.println("\t\t[Krb5LoginModule]: " +
"logged out Subject");
}
return true;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -78,8 +78,8 @@ public class IPv6 {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream po = new PrintStream(bo);
PrintStream oldout = System.out;
System.setOut(po);
PrintStream oldErr = System.err;
System.setErr(po);
try {
Subject subject = new Subject();
@ -101,7 +101,7 @@ public class IPv6 {
po.flush();
System.setOut(oldout);
System.setErr(oldErr);
BufferedReader br = new BufferedReader(new StringReader(
new String(bo.toByteArray())));
int cc = 0;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -152,7 +152,7 @@ public class Cleaners {
Proc.binOut(b.getMic(MSG));
}
}
System.out.println("Prepare for GC");
System.err.println("Prepare for GC");
for (int i = 0; i < 10; i++) {
System.gc();
Thread.sleep(100);
@ -162,9 +162,9 @@ public class Cleaners {
private static void ensureCleanersCalled(Proc p) throws Exception {
p.output()
.shouldHaveExitValue(0)
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
}
private static Proc proc(String type) throws Exception {

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -257,16 +257,16 @@ public class KdcPolicy {
static void test(String... expected) throws Exception {
System.out.println("------------------TEST----------------------");
PrintStream oldOut = System.out;
PrintStream oldErr = System.err;
boolean failed = false;
ByteArrayOutputStream bo = new ByteArrayOutputStream();
System.setOut(new PrintStream(bo));
System.setErr(new PrintStream(bo));
try {
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
} catch (Exception e) {
failed = true;
} finally {
System.setOut(oldOut);
System.setErr(oldErr);
}
String[] lines = new String(bo.toByteArray()).split("\n");

@ -0,0 +1,64 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8327818
* @summary reimplement debug option in Krb5LoginModule
* @library /test/lib
*/
import com.sun.security.auth.module.Krb5LoginModule;
import jdk.test.lib.process.ProcessTools;
import java.util.Map;
import javax.security.auth.Subject;
public class LoginModuleDebug {
public static void main(String[] args) throws Exception {
if (args.length == 0) {
// debug option set to true
ProcessTools.executeTestJava("LoginModuleDebug",
"debug", "true")
.stdoutShouldBeEmpty()
.stderrShouldContain("krb5loginmodule:");
// debug option set to false
ProcessTools.executeTestJava("LoginModuleDebug",
"debug", "false")
.stdoutShouldBeEmpty()
.stderrShouldNotContain("krb5loginmodule:");
// no debug option
ProcessTools.executeTestJava("LoginModuleDebug",
"foo", "bar")
.stdoutShouldBeEmpty()
.stderrShouldNotContain("krb5loginmodule:");
} else {
test(args[0], args[1]);
}
}
static void test(String key, String prop)
throws Exception {
new Krb5LoginModule().initialize(
new Subject(), null, Map.of(), Map.of(key, prop));
}
}