8328726: Better Kerberos support
Reviewed-by: ahgross, rhalade, valeriep, coffeys
This commit is contained in:
parent
369c573383
commit
893e7bc894
src
java.security.jgss
share/classes
javax/security/auth/kerberos
sun/security
windows/classes/sun/security/krb5/internal/tools
jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper
jdk.security.auth/share/classes/com/sun/security/auth/module
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -170,7 +170,7 @@ public final class EncryptionKey implements SecretKey {
|
||||
if (destroyed) {
|
||||
return "Destroyed EncryptionKey";
|
||||
}
|
||||
return "key " + key.toString();
|
||||
return "EncryptionKey: " + key.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,7 +27,6 @@ package javax.security.auth.kerberos;
|
||||
|
||||
import javax.security.auth.Destroyable;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
@ -140,8 +139,7 @@ public final class KerberosCredMessage implements Destroyable {
|
||||
if (destroyed) {
|
||||
return "Destroyed KerberosCredMessage";
|
||||
} else {
|
||||
return "KRB_CRED from " + sender + " to " + recipient + ":\n"
|
||||
+ Base64.getUrlEncoder().encodeToString(message);
|
||||
return "KRB_CRED from " + sender + " to " + recipient;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -273,9 +273,9 @@ public class KerberosKey implements SecretKey {
|
||||
if (destroyed) {
|
||||
return "Destroyed KerberosKey";
|
||||
}
|
||||
return "Kerberos Principal " + principal +
|
||||
"Key Version " + versionNum +
|
||||
"key " + key.toString();
|
||||
return "KerberosKey: principal " + principal +
|
||||
", version " + versionNum +
|
||||
", key " + key.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,7 +30,8 @@ import java.util.Arrays;
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.security.auth.Destroyable;
|
||||
import javax.security.auth.DestroyFailedException;
|
||||
import sun.security.util.HexDumpEncoder;
|
||||
|
||||
import sun.security.jgss.krb5.Krb5Util;
|
||||
import sun.security.krb5.Asn1Exception;
|
||||
import sun.security.krb5.PrincipalName;
|
||||
import sun.security.krb5.EncryptionKey;
|
||||
@ -225,15 +226,8 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
HexDumpEncoder hd = new HexDumpEncoder();
|
||||
return "EncryptionKey: keyType=" + keyType
|
||||
+ " keyBytes (hex dump)="
|
||||
+ (keyBytes == null || keyBytes.length == 0 ?
|
||||
" Empty Key" :
|
||||
'\n' + hd.encodeBuffer(keyBytes)
|
||||
+ '\n');
|
||||
|
||||
|
||||
return "keyType=" + keyType
|
||||
+ ", " + Krb5Util.keyInfo(keyBytes);
|
||||
}
|
||||
|
||||
public int hashCode() {
|
||||
|
@ -901,15 +901,11 @@ class Krb5Context implements GSSContextSpi {
|
||||
|
||||
public final byte[] wrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.wrap: data=["
|
||||
+ getHexBytes(inBuf, offset, len)
|
||||
+ "]");
|
||||
}
|
||||
|
||||
if (state != STATE_DONE)
|
||||
throw new GSSException(GSSException.NO_CONTEXT, -1,
|
||||
"Wrap called in invalid state!");
|
||||
if (state != STATE_DONE) {
|
||||
throw new GSSException(GSSException.NO_CONTEXT, -1,
|
||||
"Wrap called in invalid state!");
|
||||
}
|
||||
|
||||
byte[] encToken = null;
|
||||
try {
|
||||
@ -1052,12 +1048,6 @@ class Krb5Context implements GSSContextSpi {
|
||||
setSequencingAndReplayProps(token, msgProp);
|
||||
}
|
||||
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.unwrap: data=["
|
||||
+ getHexBytes(data, 0, data.length)
|
||||
+ "]");
|
||||
}
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
@ -1407,8 +1397,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "Kerberos session key: etype: " + key.getEType() + "\n" +
|
||||
new HexDumpEncoder().encodeBuffer(key.getBytes());
|
||||
return "Kerberos session key: etype=" + key.getEType()
|
||||
+ ", " + Krb5Util.keyInfo(key.getBytes());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -187,4 +187,19 @@ public class Krb5Util {
|
||||
KeyTab ktab, PrincipalName cname) {
|
||||
return snapshotFromJavaxKeyTab(ktab).readServiceKeys(cname);
|
||||
}
|
||||
|
||||
public static String keyInfo(byte[] data) {
|
||||
if (data == null) {
|
||||
return "null key";
|
||||
} else if (data.length == 0) {
|
||||
return "empty key";
|
||||
} else {
|
||||
for (byte b : data) {
|
||||
if (b != 0) {
|
||||
return data.length + "-byte key";
|
||||
}
|
||||
}
|
||||
return data.length + "-byte zero key";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -31,6 +31,7 @@
|
||||
|
||||
package sun.security.krb5;
|
||||
|
||||
import sun.security.jgss.krb5.Krb5Util;
|
||||
import sun.security.util.*;
|
||||
import sun.security.krb5.internal.*;
|
||||
import sun.security.krb5.internal.crypto.*;
|
||||
@ -498,12 +499,7 @@ public class EncryptionKey
|
||||
|
||||
public String toString() {
|
||||
return "EncryptionKey: keyType=" + keyType
|
||||
+ " kvno=" + kvno
|
||||
+ " keyValue (hex dump)="
|
||||
+ (keyValue == null || keyValue.length == 0 ?
|
||||
" Empty Key" : '\n'
|
||||
+ Krb5.hexDumper.encodeBuffer(keyValue)
|
||||
+ '\n');
|
||||
+ ", kvno=" + kvno + ", " + Krb5Util.keyInfo(keyValue);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -320,9 +320,6 @@ public class Krb5 {
|
||||
public static final Debug DEBUG = Debug.of("krb5", GetPropertyAction
|
||||
.privilegedGetProperty("sun.security.krb5.debug"));
|
||||
|
||||
public static final sun.security.util.HexDumpEncoder hexDumper =
|
||||
new sun.security.util.HexDumpEncoder();
|
||||
|
||||
static {
|
||||
errMsgList = new Hashtable<Integer,String> ();
|
||||
errMsgList.put(KDC_ERR_NONE, "No error");
|
||||
|
@ -195,10 +195,6 @@ public class Kinit {
|
||||
System.out.print("Password for " + princName + ":");
|
||||
System.out.flush();
|
||||
psswd = Password.readPassword(System.in);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Kinit console input " +
|
||||
new String(psswd));
|
||||
}
|
||||
}
|
||||
builder = new KrbAsReqBuilder(principal, psswd);
|
||||
} else {
|
||||
|
@ -127,11 +127,6 @@ public class CK_PBE_PARAMS {
|
||||
sb.append(pPassword.length);
|
||||
sb.append(Constants.NEWLINE);
|
||||
|
||||
sb.append(Constants.INDENT);
|
||||
sb.append("pPassword: ");
|
||||
sb.append(pPassword);
|
||||
sb.append(Constants.NEWLINE);
|
||||
|
||||
sb.append(Constants.INDENT);
|
||||
sb.append("ulSaltLen: ");
|
||||
sb.append(pSalt.length);
|
||||
|
@ -43,7 +43,7 @@ import sun.security.krb5.*;
|
||||
import sun.security.jgss.krb5.Krb5Util;
|
||||
import sun.security.krb5.Credentials;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.HexDumpEncoder;
|
||||
|
||||
import static sun.security.util.ResourcesMgr.getAuthResourceString;
|
||||
|
||||
/**
|
||||
@ -769,15 +769,11 @@ public class Krb5LoginModule implements LoginModule {
|
||||
|
||||
if (debug != null) {
|
||||
debug.println("principal is " + principal);
|
||||
HexDumpEncoder hd = new HexDumpEncoder();
|
||||
if (ktab != null) {
|
||||
debug.println("Will use keytab");
|
||||
} else if (storeKey) {
|
||||
for (int i = 0; i < encKeys.length; i++) {
|
||||
debug.println("EncryptionKey: keyType=" +
|
||||
encKeys[i].getEType() +
|
||||
" keyBytes (hex dump)=" +
|
||||
hd.encodeBuffer(encKeys[i].getBytes()));
|
||||
debug.println(encKeys[i].toString());
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -868,7 +864,7 @@ public class Krb5LoginModule implements LoginModule {
|
||||
}
|
||||
if (debug != null) {
|
||||
debug.println
|
||||
("password is " + new String(password));
|
||||
("Get password from shared state");
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user