stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8234267: DelegationPermission implementation doesn't completely follow the updated specification

Browse Source 
Reviewed-by: xuelei
This commit is contained in:
Weijun Wang 2019-12-05 10:36:46 +08:00
parent 9c4adc66c7
commit ab280fcac4
2 changed files with 82 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java
View File

@ -109,29 +109,39 @@ public final class DelegationPermission extends BasicPermission
*/
private void init(String target) {
StringTokenizer t = null;
if (!target.startsWith("\"")) {
throw new IllegalArgumentException
("service principal [" + target +
"] syntax invalid: " +
"improperly quoted");
} else {
t = new StringTokenizer(target, "\"", false);
subordinate = t.nextToken();
switch (t.countTokens()) {
case 2:
t.nextToken(); // bypass whitespace
service = t.nextToken();
break;
case 0:
throw new IllegalArgumentException
("service principal not provided");
default:
throw new IllegalArgumentException
("service principal [" + t.nextToken() +
"] syntax invalid: " +
"improperly quoted");
// 7 tokens in a string:
// "subordinate@R1" "service@R2"
// 1<------2----->345<----6--->7
StringTokenizer t = new StringTokenizer(target, "\"", true);
try {
if (!t.nextToken().equals("\"")) { // 1
throw new IllegalArgumentException("Illegal input [" + target
+ "]: improperly quoted");
}
subordinate = t.nextToken(); // 2
if (subordinate.equals("\"")) {
throw new IllegalArgumentException("Illegal input [" + target
+ "]: bad subordinate name");
}
t.nextToken(); // 3
if (!t.nextToken().trim().isEmpty()) { // 4
throw new IllegalArgumentException("Illegal input [" + target
+ "]: improperly separated");
}
t.nextToken(); // 5
service = t.nextToken(); // 6
if (service.equals("\"")) {
throw new IllegalArgumentException("Illegal input [" + target
+ "]: bad service name");
}
t.nextToken(); // 7
} catch (NoSuchElementException e) {
throw new IllegalArgumentException("Illegal input [" + target
+ "]: not enough input");
}
if (t.hasMoreTokens()) {
throw new IllegalArgumentException("Illegal input [" + target
+ "]: extra input");
}
}

55
test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java
View File

@ -22,15 +22,60 @@
*/
import javax.security.auth.kerberos.DelegationPermission;
import java.util.List;
/*
* @test
* @bug 8231196
* @summary DelegationPermission allows to create an instance that thows NPE on ::equals call
* @run main/fail DelegationPermissionInit
* @bug 8231196 8234267
* @summary DelegationPermission input check
*/
public class DelegationPermissionInit {
public static void main(String[] args) {
new DelegationPermission("\"user@REALM\"");
public static void main(String[] args) throws Exception {
var goodOnes = List.of(
"\"aaa\" \"bbb\"",
"\"aaa\" \"bbb\""
);
var badOnes = List.of(
"\"user@REALM\"",
"\"\"\" \"bbb\"",
"\"aaa\" \"\"\"",
"\"\"\" \"\"\"",
"\"aaa\" \"bbb",
"\"\"aaa\"\" \"\"bbb\"\"",
"\"aaa\" \"bbb\"\"\"",
"\"aaa\"-\"bbb\"",
"\"aaa\" - \"bbb\"",
"\"aaa\"- \"bbb\"",
"\"aaa\" \"bbb\" ",
"aaa\" \"bbb\" "
);
boolean failed = false;
for (var good : goodOnes) {
System.out.println(">>> " + good);
try {
new DelegationPermission(good);
} catch (Exception e) {
e.printStackTrace(System.out);
System.out.println("Failed");
failed = true;
}
}
for (var bad : badOnes) {
System.out.println(">>> " + bad);
try {
new DelegationPermission(bad);
System.out.println("Failed");
failed = true;
} catch (IllegalArgumentException e) {
e.printStackTrace(System.out);
} catch (Exception e) {
e.printStackTrace(System.out);
System.out.println("Failed");
failed = true;
}
}
if (failed) {
throw new Exception("Failed");
}
}
}