8284688: Minor cleanup could be done in java.security.jgss
Reviewed-by: weijun
This commit is contained in:
parent
6e386669e3
commit
db19dc6bb9
src/java.security.jgss/share/classes
javax/security/auth/kerberos
DelegationPermission.javaEncryptionKey.javaKerberosCredMessage.javaKerberosKey.javaKerberosPrincipal.javaKerberosTicket.javaKeyImpl.javaKeyTab.javaServicePermission.java
org/ietf/jgss
ChannelBinding.javaGSSContext.javaGSSCredential.javaGSSException.javaGSSManager.javaGSSName.javaOid.javapackage-info.java
sun/security
jgss
GSSCaller.javaGSSContextImpl.javaGSSCredentialImpl.javaGSSExceptionImpl.javaGSSHeader.javaGSSManagerImpl.javaGSSNameImpl.javaGSSToken.javaGSSUtil.javaJgssExtender.javaLoginConfigImpl.javaProviderList.javaSunProvider.javaTokenTracker.java
krb5
CipherHelper.javaInitSecContextToken.javaInitialToken.javaKrb5AcceptCredential.javaKrb5Context.javaKrb5CredElement.javaKrb5InitCredential.javaKrb5MechFactory.javaKrb5NameElement.javaKrb5Util.javaMessageToken.javaMessageToken_v2.javaMicToken.javaMicToken_v2.javaServiceCreds.javaSubjectComber.javaWrapToken.javaWrapToken_v2.java
spi
spnego
wrapper
krb5/internal/ccache
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,10 +25,7 @@
|
||||
|
||||
package javax.security.auth.kerberos;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.io.ObjectStreamField;
|
||||
import java.io.*;
|
||||
import java.security.BasicPermission;
|
||||
import java.security.Permission;
|
||||
import java.security.PermissionCollection;
|
||||
@ -67,6 +64,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
||||
public final class DelegationPermission extends BasicPermission
|
||||
implements java.io.Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 883133252142523922L;
|
||||
|
||||
private transient String subordinate, service;
|
||||
@ -177,12 +175,10 @@ public final class DelegationPermission extends BasicPermission
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!(obj instanceof DelegationPermission)) {
|
||||
if (!(obj instanceof DelegationPermission that)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
DelegationPermission that = (DelegationPermission) obj;
|
||||
|
||||
return this.subordinate.equals(that.subordinate) &&
|
||||
this.service.equals(that.service);
|
||||
}
|
||||
@ -222,6 +218,7 @@ public final class DelegationPermission extends BasicPermission
|
||||
* @param s the {@code ObjectOutputStream} to which data is written
|
||||
* @throws IOException if an I/O error occurs
|
||||
*/
|
||||
@Serial
|
||||
private synchronized void writeObject(java.io.ObjectOutputStream s)
|
||||
throws IOException
|
||||
{
|
||||
@ -236,6 +233,7 @@ public final class DelegationPermission extends BasicPermission
|
||||
* @throws IOException if an I/O error occurs
|
||||
* @throws ClassNotFoundException if a serialized class cannot be loaded
|
||||
*/
|
||||
@Serial
|
||||
private synchronized void readObject(java.io.ObjectInputStream s)
|
||||
throws IOException, ClassNotFoundException
|
||||
{
|
||||
@ -309,6 +307,7 @@ final class KrbDelegationPermissionCollection extends PermissionCollection
|
||||
return perms.keys();
|
||||
}
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -3383936936589966948L;
|
||||
|
||||
// Need to maintain serialization interoperability with earlier releases,
|
||||
@ -318,6 +317,7 @@ final class KrbDelegationPermissionCollection extends PermissionCollection
|
||||
* @serialField permissions java.util.Vector
|
||||
* A list of DelegationPermission objects.
|
||||
*/
|
||||
@Serial
|
||||
private static final ObjectStreamField[] serialPersistentFields = {
|
||||
new ObjectStreamField("permissions", Vector.class),
|
||||
};
|
||||
@ -329,6 +329,7 @@ final class KrbDelegationPermissionCollection extends PermissionCollection
|
||||
* Writes the contents of the perms field out as a Vector for
|
||||
* serialization compatibility with earlier releases.
|
||||
*/
|
||||
@Serial
|
||||
private void writeObject(ObjectOutputStream out) throws IOException {
|
||||
// Don't call out.defaultWriteObject()
|
||||
|
||||
@ -343,6 +344,7 @@ final class KrbDelegationPermissionCollection extends PermissionCollection
|
||||
/*
|
||||
* Reads in a Vector of DelegationPermissions and saves them in the perms field.
|
||||
*/
|
||||
@Serial
|
||||
@SuppressWarnings("unchecked")
|
||||
private void readObject(ObjectInputStream in)
|
||||
throws IOException, ClassNotFoundException
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,6 +25,7 @@
|
||||
|
||||
package javax.security.auth.kerberos;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Arrays;
|
||||
import java.util.Objects;
|
||||
import javax.crypto.SecretKey;
|
||||
@ -48,6 +49,7 @@ import javax.security.auth.DestroyFailedException;
|
||||
*/
|
||||
public final class EncryptionKey implements SecretKey {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 9L;
|
||||
|
||||
/**
|
||||
@ -205,11 +207,10 @@ public final class EncryptionKey implements SecretKey {
|
||||
if (other == this)
|
||||
return true;
|
||||
|
||||
if (! (other instanceof EncryptionKey)) {
|
||||
if (! (other instanceof EncryptionKey otherKey)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
EncryptionKey otherKey = ((EncryptionKey) other);
|
||||
if (isDestroyed() || otherKey.isDestroyed()) {
|
||||
return false;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -178,11 +178,10 @@ public final class KerberosCredMessage implements Destroyable {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (! (other instanceof KerberosCredMessage)) {
|
||||
if (! (other instanceof KerberosCredMessage otherMessage)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
KerberosCredMessage otherMessage = ((KerberosCredMessage) other);
|
||||
if (isDestroyed() || otherMessage.isDestroyed()) {
|
||||
return false;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,6 +25,7 @@
|
||||
|
||||
package javax.security.auth.kerberos;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Arrays;
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.security.auth.DestroyFailedException;
|
||||
@ -86,6 +87,7 @@ import javax.security.auth.DestroyFailedException;
|
||||
*/
|
||||
public class KerberosKey implements SecretKey {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -4625402278148246993L;
|
||||
|
||||
/**
|
||||
@ -108,7 +110,7 @@ public class KerberosKey implements SecretKey {
|
||||
*
|
||||
* @serial
|
||||
*/
|
||||
private KeyImpl key;
|
||||
private final KeyImpl key;
|
||||
|
||||
private transient boolean destroyed = false;
|
||||
|
||||
@ -312,11 +314,10 @@ public class KerberosKey implements SecretKey {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (! (other instanceof KerberosKey)) {
|
||||
if (! (other instanceof KerberosKey otherKey)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
KerberosKey otherKey = ((KerberosKey) other);
|
||||
if (isDestroyed() || otherKey.isDestroyed()) {
|
||||
return false;
|
||||
}
|
||||
@ -328,15 +329,9 @@ public class KerberosKey implements SecretKey {
|
||||
}
|
||||
|
||||
if (principal == null) {
|
||||
if (otherKey.getPrincipal() != null) {
|
||||
return false;
|
||||
}
|
||||
return otherKey.getPrincipal() == null;
|
||||
} else {
|
||||
if (!principal.equals(otherKey.getPrincipal())) {
|
||||
return false;
|
||||
}
|
||||
return principal.equals(otherKey.getPrincipal());
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -41,6 +41,7 @@ import sun.security.util.*;
|
||||
public final class KerberosPrincipal
|
||||
implements java.security.Principal, java.io.Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -7374788026156829911L;
|
||||
|
||||
//name types
|
||||
@ -190,7 +191,7 @@ public final class KerberosPrincipal
|
||||
|
||||
public KerberosPrincipal(String name, int nameType) {
|
||||
|
||||
PrincipalName krb5Principal = null;
|
||||
PrincipalName krb5Principal;
|
||||
|
||||
try {
|
||||
// Appends the default realm if it is missing
|
||||
@ -274,6 +275,7 @@ public final class KerberosPrincipal
|
||||
* Realm in their DER-encoded form as specified in Section 5.2.2 of
|
||||
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
|
||||
*/
|
||||
@Serial
|
||||
private void writeObject(ObjectOutputStream oos)
|
||||
throws IOException {
|
||||
|
||||
@ -294,6 +296,7 @@ public final class KerberosPrincipal
|
||||
* @throws IOException if an I/O error occurs
|
||||
* @throws ClassNotFoundException if a serialized class cannot be loaded
|
||||
*/
|
||||
@Serial
|
||||
private void readObject(ObjectInputStream ois)
|
||||
throws IOException, ClassNotFoundException {
|
||||
byte[] asn1EncPrincipal = (byte [])ois.readObject();
|
||||
|
@ -82,6 +82,7 @@ import sun.security.util.HexDumpEncoder;
|
||||
public class KerberosTicket implements Destroyable, Refreshable,
|
||||
java.io.Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 7395334370157380539L;
|
||||
|
||||
// XXX Make these flag indices public
|
||||
@ -311,9 +312,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
} else {
|
||||
this.flags = new boolean[NUM_FLAGS];
|
||||
// Fill in whatever we have
|
||||
for (int i = 0; i < flags.length; i++) {
|
||||
this.flags[i] = flags[i];
|
||||
}
|
||||
System.arraycopy(flags, 0, this.flags, 0, flags.length);
|
||||
}
|
||||
} else {
|
||||
this.flags = new boolean[NUM_FLAGS];
|
||||
@ -400,7 +399,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* or destroyed.
|
||||
*/
|
||||
public final boolean isForwardable() {
|
||||
return flags == null? false: flags[FORWARDABLE_TICKET_FLAG];
|
||||
return flags != null && flags[FORWARDABLE_TICKET_FLAG];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -412,7 +411,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* or false otherwise or destroyed.
|
||||
*/
|
||||
public final boolean isForwarded() {
|
||||
return flags == null? false: flags[FORWARDED_TICKET_FLAG];
|
||||
return flags != null && flags[FORWARDED_TICKET_FLAG];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -422,7 +421,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* or destroyed.
|
||||
*/
|
||||
public final boolean isProxiable() {
|
||||
return flags == null? false: flags[PROXIABLE_TICKET_FLAG];
|
||||
return flags != null && flags[PROXIABLE_TICKET_FLAG];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -432,7 +431,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* a proxy-ticket or destroyed.
|
||||
*/
|
||||
public final boolean isProxy() {
|
||||
return flags == null? false: flags[PROXY_TICKET_FLAG];
|
||||
return flags != null && flags[PROXY_TICKET_FLAG];
|
||||
}
|
||||
|
||||
|
||||
@ -443,7 +442,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* or destroyed.
|
||||
*/
|
||||
public final boolean isPostdated() {
|
||||
return flags == null? false: flags[POSTDATED_TICKET_FLAG];
|
||||
return flags != null && flags[POSTDATED_TICKET_FLAG];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -455,7 +454,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* or destroyed.
|
||||
*/
|
||||
public final boolean isRenewable() {
|
||||
return flags == null? false: flags[RENEWABLE_TICKET_FLAG];
|
||||
return flags != null && flags[RENEWABLE_TICKET_FLAG];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -466,7 +465,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* protocol, or false if not issued this way or destroyed.
|
||||
*/
|
||||
public final boolean isInitial() {
|
||||
return flags == null? false: flags[INITIAL_TICKET_FLAG];
|
||||
return flags != null && flags[INITIAL_TICKET_FLAG];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -555,7 +554,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* or destroyed.
|
||||
*/
|
||||
public boolean isCurrent() {
|
||||
return endTime == null? false: (System.currentTimeMillis() <= endTime.getTime());
|
||||
return endTime != null && (System.currentTimeMillis() <= endTime.getTime());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -775,11 +774,10 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
return true;
|
||||
}
|
||||
|
||||
if (! (other instanceof KerberosTicket)) {
|
||||
if (! (other instanceof KerberosTicket otherTicket)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
KerberosTicket otherTicket = ((KerberosTicket) other);
|
||||
if (isDestroyed() || otherTicket.isDestroyed()) {
|
||||
return false;
|
||||
}
|
||||
@ -826,11 +824,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
}
|
||||
}
|
||||
|
||||
if (!Objects.equals(proxy, otherTicket.proxy)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
return Objects.equals(proxy, otherTicket.proxy);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -840,6 +834,7 @@ public class KerberosTicket implements Destroyable, Refreshable,
|
||||
* @throws IOException if an I/O error occurs
|
||||
* @throws ClassNotFoundException if a serialized class cannot be loaded
|
||||
*/
|
||||
@Serial
|
||||
private void readObject(ObjectInputStream s)
|
||||
throws IOException, ClassNotFoundException {
|
||||
s.defaultReadObject();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -49,6 +49,7 @@ import sun.security.util.DerValue;
|
||||
*/
|
||||
class KeyImpl implements SecretKey, Destroyable, Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -7889313790214321193L;
|
||||
|
||||
private transient byte[] keyBytes;
|
||||
@ -189,6 +190,7 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
|
||||
* @throws IOException if an I/O error occurs
|
||||
* }
|
||||
*/
|
||||
@Serial
|
||||
private void writeObject(ObjectOutputStream oos)
|
||||
throws IOException {
|
||||
if (destroyed) {
|
||||
@ -209,6 +211,7 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
|
||||
* @throws IOException if an I/O error occurs
|
||||
* @throws ClassNotFoundException if a serialized class cannot be loaded
|
||||
*/
|
||||
@Serial
|
||||
private void readObject(ObjectInputStream ois)
|
||||
throws IOException, ClassNotFoundException {
|
||||
try {
|
||||
@ -247,20 +250,15 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
|
||||
if (other == this)
|
||||
return true;
|
||||
|
||||
if (! (other instanceof KeyImpl)) {
|
||||
if (! (other instanceof KeyImpl otherKey)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
KeyImpl otherKey = ((KeyImpl) other);
|
||||
if (isDestroyed() || otherKey.isDestroyed()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if(keyType != otherKey.getKeyType() ||
|
||||
!Arrays.equals(keyBytes, otherKey.getEncoded())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
return keyType == otherKey.getKeyType() &&
|
||||
Arrays.equals(keyBytes, otherKey.getEncoded());
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -349,11 +349,10 @@ public final class KeyTab {
|
||||
if (other == this)
|
||||
return true;
|
||||
|
||||
if (! (other instanceof KeyTab)) {
|
||||
if (! (other instanceof KeyTab otherKtab)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
KeyTab otherKtab = (KeyTab) other;
|
||||
return Objects.equals(otherKtab.princ, princ) &&
|
||||
Objects.equals(otherKtab.file, file) &&
|
||||
bound == otherKtab.bound;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,10 +25,7 @@
|
||||
|
||||
package javax.security.auth.kerberos;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.io.ObjectStreamField;
|
||||
import java.io.*;
|
||||
import java.security.Permission;
|
||||
import java.security.PermissionCollection;
|
||||
import java.util.*;
|
||||
@ -38,7 +35,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
||||
* This class is used to protect Kerberos services and the
|
||||
* credentials necessary to access those services. There is a one to
|
||||
* one mapping of a service principal and the credentials necessary
|
||||
* to access the service. Therefore granting access to a service
|
||||
* to access the service. Therefore, granting access to a service
|
||||
* principal implicitly grants access to the credential necessary to
|
||||
* establish a security context with the service principal. This
|
||||
* applies regardless of whether the credentials are in a cache
|
||||
@ -105,6 +102,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
||||
public final class ServicePermission extends Permission
|
||||
implements java.io.Serializable {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -1227585031618624935L;
|
||||
|
||||
/**
|
||||
@ -186,7 +184,7 @@ public final class ServicePermission extends Permission
|
||||
* Checks if this Kerberos service permission object "implies" the
|
||||
* specified permission.
|
||||
* <P>
|
||||
* More specifically, this method returns true if all of the following
|
||||
* More specifically, this method returns true if all the following
|
||||
* are true (and returns false if any of them are not):
|
||||
* <ul>
|
||||
* <li> <i>p</i> is an instanceof {@code ServicePermission},
|
||||
@ -203,11 +201,9 @@ public final class ServicePermission extends Permission
|
||||
*/
|
||||
@Override
|
||||
public boolean implies(Permission p) {
|
||||
if (!(p instanceof ServicePermission))
|
||||
if (!(p instanceof ServicePermission that))
|
||||
return false;
|
||||
|
||||
ServicePermission that = (ServicePermission) p;
|
||||
|
||||
return ((this.mask & that.mask) == that.mask) &&
|
||||
impliesIgnoreMask(that);
|
||||
}
|
||||
@ -234,10 +230,9 @@ public final class ServicePermission extends Permission
|
||||
if (obj == this)
|
||||
return true;
|
||||
|
||||
if (! (obj instanceof ServicePermission))
|
||||
if (! (obj instanceof ServicePermission that))
|
||||
return false;
|
||||
|
||||
ServicePermission that = (ServicePermission) obj;
|
||||
return (this.mask == that.mask) &&
|
||||
this.getName().equals(that.getName());
|
||||
|
||||
@ -270,14 +265,12 @@ public final class ServicePermission extends Permission
|
||||
boolean comma = false;
|
||||
|
||||
if ((mask & INITIATE) == INITIATE) {
|
||||
if (comma) sb.append(',');
|
||||
else comma = true;
|
||||
comma = true;
|
||||
sb.append("initiate");
|
||||
}
|
||||
|
||||
if ((mask & ACCEPT) == ACCEPT) {
|
||||
if (comma) sb.append(',');
|
||||
else comma = true;
|
||||
sb.append("accept");
|
||||
}
|
||||
|
||||
@ -429,6 +422,7 @@ public final class ServicePermission extends Permission
|
||||
* @param s the {@code ObjectOutputStream} to which data is written
|
||||
* @throws IOException if an I/O error occurs
|
||||
*/
|
||||
@Serial
|
||||
private void writeObject(java.io.ObjectOutputStream s)
|
||||
throws IOException
|
||||
{
|
||||
@ -447,6 +441,7 @@ public final class ServicePermission extends Permission
|
||||
* @throws IOException if an I/O error occurs
|
||||
* @throws ClassNotFoundException if a serialized class cannot be loaded
|
||||
*/
|
||||
@Serial
|
||||
private void readObject(java.io.ObjectInputStream s)
|
||||
throws IOException, ClassNotFoundException
|
||||
{
|
||||
@ -516,10 +511,9 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
*/
|
||||
@Override
|
||||
public boolean implies(Permission permission) {
|
||||
if (! (permission instanceof ServicePermission))
|
||||
if (! (permission instanceof ServicePermission np))
|
||||
return false;
|
||||
|
||||
ServicePermission np = (ServicePermission) permission;
|
||||
int desired = np.getMask();
|
||||
|
||||
if (desired == 0) {
|
||||
@ -545,9 +539,7 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
x = (ServicePermission)perms.get(np.getName());
|
||||
if (x != null) {
|
||||
//System.out.println(" trying "+x);
|
||||
if ((x.getMask() & desired) == desired) {
|
||||
return true;
|
||||
}
|
||||
return (x.getMask() & desired) == desired;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
@ -566,13 +558,12 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
*/
|
||||
@Override
|
||||
public void add(Permission permission) {
|
||||
if (! (permission instanceof ServicePermission))
|
||||
if (! (permission instanceof ServicePermission sp))
|
||||
throw new IllegalArgumentException("invalid permission: "+
|
||||
permission);
|
||||
if (isReadOnly())
|
||||
throw new SecurityException("attempt to add a Permission to a readonly PermissionCollection");
|
||||
|
||||
ServicePermission sp = (ServicePermission)permission;
|
||||
String princName = sp.getName();
|
||||
|
||||
// Add permission to map if it is absent, or replace with new
|
||||
@ -583,8 +574,8 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
@Override
|
||||
public Permission apply(Permission existingVal,
|
||||
Permission newVal) {
|
||||
int oldMask = ((ServicePermission)existingVal).getMask();
|
||||
int newMask = ((ServicePermission)newVal).getMask();
|
||||
int oldMask = ((ServicePermission) existingVal).getMask();
|
||||
int newMask = ((ServicePermission) newVal).getMask();
|
||||
if (oldMask != newMask) {
|
||||
int effective = oldMask | newMask;
|
||||
if (effective == newMask) {
|
||||
@ -611,6 +602,7 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
return perms.elements();
|
||||
}
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -4118834211490102011L;
|
||||
|
||||
// Need to maintain serialization interoperability with earlier releases,
|
||||
@ -621,6 +613,7 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
* @serialField permissions java.util.Vector
|
||||
* A list of ServicePermission objects.
|
||||
*/
|
||||
@Serial
|
||||
private static final ObjectStreamField[] serialPersistentFields = {
|
||||
new ObjectStreamField("permissions", Vector.class),
|
||||
};
|
||||
@ -632,6 +625,7 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
* Writes the contents of the perms field out as a Vector for
|
||||
* serialization compatibility with earlier releases.
|
||||
*/
|
||||
@Serial
|
||||
private void writeObject(ObjectOutputStream out) throws IOException {
|
||||
// Don't call out.defaultWriteObject()
|
||||
|
||||
@ -646,6 +640,7 @@ final class KrbServicePermissionCollection extends PermissionCollection
|
||||
/*
|
||||
* Reads in a Vector of ServicePermissions and saves them in the perms field.
|
||||
*/
|
||||
@Serial
|
||||
@SuppressWarnings("unchecked")
|
||||
private void readObject(ObjectInputStream in)
|
||||
throws IOException, ClassNotFoundException
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -79,8 +79,8 @@ import java.util.Arrays;
|
||||
*/
|
||||
public class ChannelBinding {
|
||||
|
||||
private InetAddress initiator;
|
||||
private InetAddress acceptor;
|
||||
private final InetAddress initiator;
|
||||
private final InetAddress acceptor;
|
||||
private byte[] appData;
|
||||
|
||||
/**
|
||||
@ -172,11 +172,9 @@ public class ChannelBinding {
|
||||
if (this == obj)
|
||||
return true;
|
||||
|
||||
if (! (obj instanceof ChannelBinding))
|
||||
if (! (obj instanceof ChannelBinding cb))
|
||||
return false;
|
||||
|
||||
ChannelBinding cb = (ChannelBinding) obj;
|
||||
|
||||
if ((initiator != null && cb.initiator == null) ||
|
||||
(initiator == null && cb.initiator != null))
|
||||
return false;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -216,14 +216,14 @@ public interface GSSContext {
|
||||
* A lifetime constant representing the default context lifetime. This
|
||||
* value is set to 0.
|
||||
*/
|
||||
public static final int DEFAULT_LIFETIME = 0;
|
||||
int DEFAULT_LIFETIME = 0;
|
||||
|
||||
/**
|
||||
* A lifetime constant representing indefinite context lifetime.
|
||||
* This value must is set to the maximum integer value in Java -
|
||||
* {@link java.lang.Integer#MAX_VALUE Integer.MAX_VALUE}.
|
||||
*/
|
||||
public static final int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
|
||||
int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
|
||||
|
||||
/**
|
||||
* Called by the context initiator to start the context creation
|
||||
@ -272,7 +272,7 @@ public interface GSSContext {
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte[] initSecContext(byte inputBuf[], int offset, int len)
|
||||
byte[] initSecContext(byte inputBuf[], int offset, int len)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -360,8 +360,8 @@ public interface GSSContext {
|
||||
* Use {@link #initSecContext(byte[], int, int)} instead.
|
||||
*/
|
||||
@Deprecated(since="11")
|
||||
public int initSecContext(InputStream inStream,
|
||||
OutputStream outStream) throws GSSException;
|
||||
int initSecContext(InputStream inStream,
|
||||
OutputStream outStream) throws GSSException;
|
||||
|
||||
/**
|
||||
* Called by the context acceptor upon receiving a token from the
|
||||
@ -427,7 +427,7 @@ public interface GSSContext {
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte[] acceptSecContext(byte inToken[], int offset, int len)
|
||||
byte[] acceptSecContext(byte inToken[], int offset, int len)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -519,8 +519,8 @@ public interface GSSContext {
|
||||
* sent.</strong>
|
||||
*/
|
||||
@Deprecated(since="11")
|
||||
public void acceptSecContext(InputStream inStream,
|
||||
OutputStream outStream) throws GSSException;
|
||||
void acceptSecContext(InputStream inStream,
|
||||
OutputStream outStream) throws GSSException;
|
||||
|
||||
/**
|
||||
* Used during context establishment to determine the state of the
|
||||
@ -529,7 +529,7 @@ public interface GSSContext {
|
||||
* @return <code>true</code> if this is a fully established context on
|
||||
* the caller's side and no more tokens are needed from the peer.
|
||||
*/
|
||||
public boolean isEstablished();
|
||||
boolean isEstablished();
|
||||
|
||||
/**
|
||||
* Releases any system resources and cryptographic information stored in
|
||||
@ -540,7 +540,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void dispose() throws GSSException;
|
||||
void dispose() throws GSSException;
|
||||
|
||||
/**
|
||||
* Used to determine limits on the size of the message
|
||||
@ -573,8 +573,8 @@ public interface GSSContext {
|
||||
* {@link GSSException#BAD_QOP GSSException.BAD_QOP},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public int getWrapSizeLimit(int qop, boolean confReq,
|
||||
int maxTokenSize) throws GSSException;
|
||||
int getWrapSizeLimit(int qop, boolean confReq,
|
||||
int maxTokenSize) throws GSSException;
|
||||
|
||||
/**
|
||||
* Applies per-message security services over the established security
|
||||
@ -614,8 +614,8 @@ public interface GSSContext {
|
||||
* {@link GSSException#BAD_QOP GSSException.BAD_QOP},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte[] wrap(byte inBuf[], int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
byte[] wrap(byte inBuf[], int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Applies per-message security services over the established security
|
||||
@ -645,7 +645,7 @@ public interface GSSContext {
|
||||
* support the wrapping of zero-length messages.
|
||||
*
|
||||
* @param inStream an InputStream containing the application data to be
|
||||
* protected. All of the data that is available in
|
||||
* protected. All the data that is available in
|
||||
* inStream is used.
|
||||
* @param outStream an OutputStream to write the protected message
|
||||
* to.
|
||||
@ -665,8 +665,8 @@ public interface GSSContext {
|
||||
* Use {@link #wrap(byte[], int, int, MessageProp)} instead.
|
||||
*/
|
||||
@Deprecated(since="11")
|
||||
public void wrap(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void wrap(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Used to process tokens generated by the <code>wrap</code> method on
|
||||
@ -701,8 +701,8 @@ public interface GSSContext {
|
||||
* {@link GSSException#CONTEXT_EXPIRED GSSException.CONTEXT_EXPIRED},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte [] unwrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
byte [] unwrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Uses streams to process tokens generated by the <code>wrap</code>
|
||||
@ -752,8 +752,8 @@ public interface GSSContext {
|
||||
* Use {@link #unwrap(byte[], int, int, MessageProp)} instead.
|
||||
*/
|
||||
@Deprecated(since="11")
|
||||
public void unwrap(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void unwrap(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns a token containing a cryptographic Message Integrity Code
|
||||
@ -784,8 +784,8 @@ public interface GSSContext {
|
||||
* {@link GSSException#BAD_QOP GSSException.BAD_QOP},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte[] getMIC(byte []inMsg, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
byte[] getMIC(byte[] inMsg, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Uses streams to produce a token containing a cryptographic MIC for
|
||||
@ -802,7 +802,7 @@ public interface GSSContext {
|
||||
* derivation of MICs from zero-length messages.
|
||||
*
|
||||
* @param inStream an InputStream containing the message to generate the
|
||||
* MIC over. All of the data that is available in
|
||||
* MIC over. All the data that is available in
|
||||
* inStream is used.
|
||||
* @param outStream an OutputStream to write the output token to.
|
||||
* @param msgProp an instance of <code>MessageProp</code> that is used
|
||||
@ -821,8 +821,8 @@ public interface GSSContext {
|
||||
* Use {@link #getMIC(byte[], int, int, MessageProp)} instead.
|
||||
*/
|
||||
@Deprecated(since="11")
|
||||
public void getMIC(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void getMIC(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Verifies the cryptographic MIC, contained in the token parameter,
|
||||
@ -856,9 +856,9 @@ public interface GSSContext {
|
||||
* {@link GSSException#CONTEXT_EXPIRED GSSException.CONTEXT_EXPIRED}
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void verifyMIC(byte[] inToken, int tokOffset, int tokLen,
|
||||
byte[] inMsg, int msgOffset, int msgLen,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void verifyMIC(byte[] inToken, int tokOffset, int tokLen,
|
||||
byte[] inMsg, int msgOffset, int msgLen,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Uses streams to verify the cryptographic MIC, contained in the token
|
||||
@ -891,7 +891,7 @@ public interface GSSContext {
|
||||
* @param tokStream an InputStream containing the token generated by the
|
||||
* peer's getMIC method.
|
||||
* @param msgStream an InputStream containing the application message to
|
||||
* verify the cryptographic MIC over. All of the data
|
||||
* verify the cryptographic MIC over. All the data
|
||||
* that is available in msgStream is used.
|
||||
* @param msgProp upon return from the method, this object will contain
|
||||
* the applied QOP and supplementary information stating if the token
|
||||
@ -909,12 +909,12 @@ public interface GSSContext {
|
||||
* instead.
|
||||
*/
|
||||
@Deprecated(since="11")
|
||||
public void verifyMIC(InputStream tokStream, InputStream msgStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void verifyMIC(InputStream tokStream, InputStream msgStream,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Exports this context so that another process may
|
||||
* import it.. Provided to support the sharing of work between
|
||||
* import it. Provided to support the sharing of work between
|
||||
* multiple processes. This routine will typically be used by the
|
||||
* context-acceptor, in an application where a single process receives
|
||||
* incoming connection requests and accepts security contexts over
|
||||
@ -941,7 +941,7 @@ public interface GSSContext {
|
||||
* to either avoid placing such sensitive information within
|
||||
* interprocess tokens, or to encrypt the token before returning it to
|
||||
* the application, in a typical GSS-API implementation this may not be
|
||||
* possible. Thus the application must take care to protect the
|
||||
* possible. Thus, the application must take care to protect the
|
||||
* interprocess token, and ensure that any process to which the token
|
||||
* is transferred is trustworthy. <p>
|
||||
*
|
||||
@ -965,12 +965,12 @@ public interface GSSContext {
|
||||
* {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte [] export() throws GSSException;
|
||||
byte [] export() throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that mutual authentication be done during
|
||||
* context establishment. This request can only be made on the context
|
||||
* initiator's side and it has to be done prior to the first call to
|
||||
* initiator's side, and it has to be done prior to the first call to
|
||||
* <code>initSecContext</code>.<p>
|
||||
*
|
||||
* Not all mechanisms support mutual authentication and some mechanisms
|
||||
@ -987,12 +987,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestMutualAuth(boolean state) throws GSSException;
|
||||
void requestMutualAuth(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that replay detection be enabled for the
|
||||
* per-message security services after context establishment. This
|
||||
* request can only be made on the context initiator's side and it has
|
||||
* request can only be made on the context initiator's side, and it has
|
||||
* to be done prior to the first call to
|
||||
* <code>initSecContext</code>. During context establishment replay
|
||||
* detection is not an option and is a function of the underlying
|
||||
@ -1017,12 +1017,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestReplayDet(boolean state) throws GSSException;
|
||||
void requestReplayDet(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that sequence checking be enabled for the
|
||||
* per-message security services after context establishment. This
|
||||
* request can only be made on the context initiator's side and it has
|
||||
* request can only be made on the context initiator's side, and it has
|
||||
* to be done prior to the first call to
|
||||
* <code>initSecContext</code>. During context establishment sequence
|
||||
* checking is not an option and is a function of the underlying
|
||||
@ -1049,12 +1049,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestSequenceDet(boolean state) throws GSSException;
|
||||
void requestSequenceDet(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that the initiator's credentials be
|
||||
* delegated to the acceptor during context establishment. This
|
||||
* request can only be made on the context initiator's side and it has
|
||||
* request can only be made on the context initiator's side, and it has
|
||||
* to be done prior to the first call to
|
||||
* <code>initSecContext</code>.
|
||||
*
|
||||
@ -1075,12 +1075,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestCredDeleg(boolean state) throws GSSException;
|
||||
void requestCredDeleg(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that the initiator's identity not be
|
||||
* disclosed to the acceptor. This request can only be made on the
|
||||
* context initiator's side and it has to be done prior to the first
|
||||
* context initiator's side, and it has to be done prior to the first
|
||||
* call to <code>initSecContext</code>.
|
||||
*
|
||||
* Not all mechanisms support anonymity for the initiator. Therefore, the
|
||||
@ -1095,12 +1095,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestAnonymity(boolean state) throws GSSException;
|
||||
void requestAnonymity(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that data confidentiality be enabled
|
||||
* for the <code>wrap</code> method. This request can only be made on
|
||||
* the context initiator's side and it has to be done prior to the
|
||||
* the context initiator's side, and it has to be done prior to the
|
||||
* first call to <code>initSecContext</code>.
|
||||
*
|
||||
* Not all mechanisms support confidentiality and other mechanisms
|
||||
@ -1125,12 +1125,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestConf(boolean state) throws GSSException;
|
||||
void requestConf(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests that data integrity be enabled
|
||||
* for the <code>wrap</code> and <code>getMIC</code>methods. This
|
||||
* request can only be made on the context initiator's side and it has
|
||||
* request can only be made on the context initiator's side, and it has
|
||||
* to be done prior to the first call to <code>initSecContext</code>.
|
||||
*
|
||||
* Not all mechanisms support integrity and other mechanisms
|
||||
@ -1149,12 +1149,12 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestInteg(boolean state) throws GSSException;
|
||||
void requestInteg(boolean state) throws GSSException;
|
||||
|
||||
/**
|
||||
* Requests a lifetime in seconds for the
|
||||
* context. This method can only be called on the context initiator's
|
||||
* side and it has to be done prior to the first call to
|
||||
* side, and it has to be done prior to the first call to
|
||||
* <code>initSecContext</code>.<p>
|
||||
*
|
||||
* The actual lifetime of the context will depend on the capabilities of
|
||||
@ -1170,7 +1170,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void requestLifetime(int lifetime) throws GSSException;
|
||||
void requestLifetime(int lifetime) throws GSSException;
|
||||
|
||||
/**
|
||||
* Sets the channel bindings to be used during context
|
||||
@ -1187,7 +1187,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void setChannelBinding(ChannelBinding cb) throws GSSException;
|
||||
void setChannelBinding(ChannelBinding cb) throws GSSException;
|
||||
|
||||
/**
|
||||
* Determines if credential delegation is enabled on
|
||||
@ -1202,7 +1202,7 @@ public interface GSSContext {
|
||||
* @return true if delegation is enabled, false otherwise.
|
||||
* @see #requestCredDeleg(boolean)
|
||||
*/
|
||||
public boolean getCredDelegState();
|
||||
boolean getCredDelegState();
|
||||
|
||||
/**
|
||||
* Determines if mutual authentication is enabled on
|
||||
@ -1216,7 +1216,7 @@ public interface GSSContext {
|
||||
* @return true if mutual authentication is enabled, false otherwise.
|
||||
* @see #requestMutualAuth(boolean)
|
||||
*/
|
||||
public boolean getMutualAuthState();
|
||||
boolean getMutualAuthState();
|
||||
|
||||
/**
|
||||
* Determines if replay detection is enabled for the
|
||||
@ -1230,7 +1230,7 @@ public interface GSSContext {
|
||||
* @return true if replay detection is enabled, false otherwise.
|
||||
* @see #requestReplayDet(boolean)
|
||||
*/
|
||||
public boolean getReplayDetState();
|
||||
boolean getReplayDetState();
|
||||
|
||||
/**
|
||||
* Determines if sequence checking is enabled for the
|
||||
@ -1244,7 +1244,7 @@ public interface GSSContext {
|
||||
* @return true if sequence checking is enabled, false otherwise.
|
||||
* @see #requestSequenceDet(boolean)
|
||||
*/
|
||||
public boolean getSequenceDetState();
|
||||
boolean getSequenceDetState();
|
||||
|
||||
/**
|
||||
* Determines if the context initiator is
|
||||
@ -1265,7 +1265,7 @@ public interface GSSContext {
|
||||
* otherwise.
|
||||
* @see #requestAnonymity(boolean)
|
||||
*/
|
||||
public boolean getAnonymityState();
|
||||
boolean getAnonymityState();
|
||||
|
||||
/**
|
||||
* Determines if the context is transferable to other processes
|
||||
@ -1278,7 +1278,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public boolean isTransferable() throws GSSException;
|
||||
boolean isTransferable() throws GSSException;
|
||||
|
||||
/**
|
||||
* Determines if the context is ready for per message operations to be
|
||||
@ -1290,7 +1290,7 @@ public interface GSSContext {
|
||||
* this context at the current stage of context establishment, false
|
||||
* otherwise.
|
||||
*/
|
||||
public boolean isProtReady();
|
||||
boolean isProtReady();
|
||||
|
||||
/**
|
||||
* Determines if data confidentiality is available
|
||||
@ -1305,7 +1305,7 @@ public interface GSSContext {
|
||||
* otherwise.
|
||||
* @see #requestConf(boolean)
|
||||
*/
|
||||
public boolean getConfState();
|
||||
boolean getConfState();
|
||||
|
||||
/**
|
||||
* Determines if data integrity is available
|
||||
@ -1319,7 +1319,7 @@ public interface GSSContext {
|
||||
* @return true if integrity services are available, false otherwise.
|
||||
* @see #requestInteg(boolean)
|
||||
*/
|
||||
public boolean getIntegState();
|
||||
boolean getIntegState();
|
||||
|
||||
/**
|
||||
* Determines what the remaining lifetime for this
|
||||
@ -1331,7 +1331,7 @@ public interface GSSContext {
|
||||
* @return the remaining lifetime in seconds
|
||||
* @see #requestLifetime(int)
|
||||
*/
|
||||
public int getLifetime();
|
||||
int getLifetime();
|
||||
|
||||
/**
|
||||
* Returns the name of the context initiator. This call is valid only
|
||||
@ -1346,7 +1346,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public GSSName getSrcName() throws GSSException;
|
||||
GSSName getSrcName() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the name of the context acceptor. This call is valid only
|
||||
@ -1360,7 +1360,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public GSSName getTargName() throws GSSException;
|
||||
GSSName getTargName() throws GSSException;
|
||||
|
||||
/**
|
||||
* Determines what mechanism is being used for this
|
||||
@ -1374,7 +1374,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public Oid getMech() throws GSSException;
|
||||
Oid getMech() throws GSSException;
|
||||
|
||||
/**
|
||||
* Obtains the credentials delegated by the context
|
||||
@ -1392,7 +1392,7 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public GSSCredential getDelegCred() throws GSSException;
|
||||
GSSCredential getDelegCred() throws GSSException;
|
||||
|
||||
/**
|
||||
* Determines if this is the context initiator. This
|
||||
@ -1406,5 +1406,5 @@ public interface GSSContext {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public boolean isInitiator() throws GSSException;
|
||||
boolean isInitiator() throws GSSException;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -98,7 +98,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* for both context initiation and acceptance.
|
||||
*
|
||||
*/
|
||||
public static final int INITIATE_AND_ACCEPT = 0;
|
||||
int INITIATE_AND_ACCEPT = 0;
|
||||
|
||||
|
||||
/**
|
||||
@ -106,7 +106,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* for context initiation only.
|
||||
*
|
||||
*/
|
||||
public static final int INITIATE_ONLY = 1;
|
||||
int INITIATE_ONLY = 1;
|
||||
|
||||
|
||||
/**
|
||||
@ -114,21 +114,21 @@ public interface GSSCredential extends Cloneable{
|
||||
* for context acceptance only.
|
||||
*
|
||||
*/
|
||||
public static final int ACCEPT_ONLY = 2;
|
||||
int ACCEPT_ONLY = 2;
|
||||
|
||||
|
||||
/**
|
||||
* A lifetime constant representing the default credential lifetime. This
|
||||
* value it set to 0.
|
||||
*/
|
||||
public static final int DEFAULT_LIFETIME = 0;
|
||||
int DEFAULT_LIFETIME = 0;
|
||||
|
||||
/**
|
||||
* A lifetime constant representing indefinite credential lifetime.
|
||||
* This value must is set to the maximum integer value in Java -
|
||||
* {@link java.lang.Integer#MAX_VALUE Integer.MAX_VALUE}.
|
||||
*/
|
||||
public static final int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
|
||||
int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
|
||||
|
||||
/**
|
||||
* Releases any sensitive information that the GSSCredential object may
|
||||
@ -140,7 +140,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void dispose() throws GSSException;
|
||||
void dispose() throws GSSException;
|
||||
|
||||
/**
|
||||
* Retrieves the name of the entity that the credential asserts.
|
||||
@ -151,7 +151,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public GSSName getName() throws GSSException;
|
||||
GSSName getName() throws GSSException;
|
||||
|
||||
/**
|
||||
* Retrieves a Mechanism Name of the entity that the credential
|
||||
@ -169,11 +169,11 @@ public interface GSSCredential extends Cloneable{
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public GSSName getName(Oid mech) throws GSSException;
|
||||
GSSName getName(Oid mech) throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the remaining lifetime in seconds for a credential. The
|
||||
* remaining lifetime is the minimum lifetime amongst all of the underlying
|
||||
* remaining lifetime is the minimum lifetime amongst all the underlying
|
||||
* mechanism specific credential elements.
|
||||
*
|
||||
* @return the minimum remaining lifetime in seconds for this
|
||||
@ -189,7 +189,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public int getRemainingLifetime() throws GSSException;
|
||||
int getRemainingLifetime() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the lifetime in seconds for the credential to remain capable
|
||||
@ -211,7 +211,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public int getRemainingInitLifetime(Oid mech) throws GSSException;
|
||||
int getRemainingInitLifetime(Oid mech) throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the lifetime in seconds for the credential to remain capable
|
||||
@ -233,7 +233,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public int getRemainingAcceptLifetime(Oid mech) throws GSSException;
|
||||
int getRemainingAcceptLifetime(Oid mech) throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the credential usage mode. In other words, it
|
||||
@ -250,7 +250,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public int getUsage() throws GSSException;
|
||||
int getUsage() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the credential usage mode for a specific mechanism. In other
|
||||
@ -269,7 +269,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public int getUsage(Oid mech) throws GSSException;
|
||||
int getUsage(Oid mech) throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns a list of mechanisms supported by this credential. It does
|
||||
@ -285,7 +285,7 @@ public interface GSSCredential extends Cloneable{
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public Oid[] getMechs() throws GSSException;
|
||||
Oid[] getMechs() throws GSSException;
|
||||
|
||||
/**
|
||||
* Adds a mechanism specific credential-element to an existing
|
||||
@ -346,8 +346,8 @@ public interface GSSCredential extends Cloneable{
|
||||
* GSSException.CREDENTIALS_EXPIRED},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public void add(GSSName name, int initLifetime, int acceptLifetime,
|
||||
Oid mech, int usage) throws GSSException;
|
||||
void add(GSSName name, int initLifetime, int acceptLifetime,
|
||||
Oid mech, int usage) throws GSSException;
|
||||
|
||||
/**
|
||||
* Tests if this GSSCredential asserts the same entity as the supplied
|
||||
@ -358,13 +358,13 @@ public interface GSSCredential extends Cloneable{
|
||||
* entity; {@code false} otherwise.
|
||||
* @param another another GSSCredential for comparison to this one
|
||||
*/
|
||||
public boolean equals(Object another);
|
||||
boolean equals(Object another);
|
||||
|
||||
/**
|
||||
* Returns a hashcode value for this GSSCredential.
|
||||
*
|
||||
* @return a hashCode value
|
||||
*/
|
||||
public int hashCode();
|
||||
int hashCode();
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,6 +25,9 @@
|
||||
|
||||
package org.ietf.jgss;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* This exception is thrown whenever a GSS-API error occurs, including
|
||||
* any mechanism specific error. It may contain both the major and the
|
||||
@ -41,6 +44,7 @@ package org.ietf.jgss;
|
||||
*/
|
||||
public class GSSException extends Exception {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -2706218945227726672L;
|
||||
|
||||
/**
|
||||
@ -175,7 +179,7 @@ public class GSSException extends Exception {
|
||||
public static final int GAP_TOKEN = 22;
|
||||
|
||||
|
||||
private static String[] messages = {
|
||||
private static final String[] messages = {
|
||||
"Channel binding mismatch", // BAD_BINDINGS
|
||||
"Unsupported mechanism requested", // BAD_MECH
|
||||
"Invalid name provided", // BAD_NAME
|
||||
@ -206,7 +210,7 @@ public class GSSException extends Exception {
|
||||
*
|
||||
* @serial
|
||||
*/
|
||||
private int major;
|
||||
private final int major;
|
||||
|
||||
/**
|
||||
* The minor code for this exception
|
||||
@ -233,7 +237,7 @@ public class GSSException extends Exception {
|
||||
/**
|
||||
* Creates a GSSException object with a specified major code.
|
||||
*
|
||||
* @param majorCode the The GSS error code for the problem causing this
|
||||
* @param majorCode the GSS error code for the problem causing this
|
||||
* exception to be thrown.
|
||||
*/
|
||||
public GSSException (int majorCode) {
|
||||
@ -326,10 +330,7 @@ public class GSSException extends Exception {
|
||||
*/
|
||||
public String getMajorString() {
|
||||
|
||||
if (majorString != null)
|
||||
return majorString;
|
||||
else
|
||||
return messages[major - 1];
|
||||
return Objects.requireNonNullElseGet(majorString, () -> messages[major - 1]);
|
||||
}
|
||||
|
||||
|
||||
@ -395,9 +396,6 @@ public class GSSException extends Exception {
|
||||
*/
|
||||
private boolean validateMajor(int major) {
|
||||
|
||||
if (major > 0 && major <= messages.length)
|
||||
return (true);
|
||||
|
||||
return (false);
|
||||
return major > 0 && major <= messages.length;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -276,7 +276,7 @@ public abstract class GSSManager {
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public abstract GSSName createName(byte name[], Oid nameType)
|
||||
public abstract GSSName createName(byte[] name, Oid nameType)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -339,7 +339,7 @@ public abstract class GSSManager {
|
||||
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public abstract GSSName createName(byte name[], Oid nameType, Oid mech)
|
||||
public abstract GSSName createName(byte[] name, Oid nameType, Oid mech)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -482,7 +482,7 @@ public abstract class GSSManager {
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public abstract GSSCredential createCredential(GSSName name,
|
||||
int lifetime, Oid mechs[], int usage)
|
||||
int lifetime, Oid[] mechs, int usage)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -674,7 +674,7 @@ public abstract class GSSManager {
|
||||
*
|
||||
* Calling this method repeatedly preserves the older settings but
|
||||
* raises them above newer ones in preference thus forming an ordered
|
||||
* list of providers and Oid pairs that grows at the bottom. Thus the
|
||||
* list of providers and Oid pairs that grows at the bottom. Thus, the
|
||||
* older provider settings will be utilized first before this one is.<p>
|
||||
*
|
||||
* If there are any previously existing preferences that conflict with
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -115,7 +115,7 @@ public interface GSSName {
|
||||
* States(840) mit(113554) infosys(1) gssapi(2) generic(1) service_name(4)
|
||||
* }</code>
|
||||
*/
|
||||
public static final Oid NT_HOSTBASED_SERVICE
|
||||
Oid NT_HOSTBASED_SERVICE
|
||||
= Oid.getInstance("1.2.840.113554.1.2.1.4");
|
||||
|
||||
/**
|
||||
@ -125,7 +125,7 @@ public interface GSSName {
|
||||
* States(840) mit(113554) infosys(1) gssapi(2) generic(1) user_name(1)
|
||||
* }</code>
|
||||
*/
|
||||
public static final Oid NT_USER_NAME
|
||||
Oid NT_USER_NAME
|
||||
= Oid.getInstance("1.2.840.113554.1.2.1.1");
|
||||
|
||||
/**
|
||||
@ -136,7 +136,7 @@ public interface GSSName {
|
||||
* <code>{ iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) machine_uid_name(2) }</code>
|
||||
*/
|
||||
public static final Oid NT_MACHINE_UID_NAME
|
||||
Oid NT_MACHINE_UID_NAME
|
||||
= Oid.getInstance("1.2.840.113554.1.2.1.2");
|
||||
|
||||
/**
|
||||
@ -148,7 +148,7 @@ public interface GSSName {
|
||||
* States(840) mit(113554) infosys(1) gssapi(2) generic(1)
|
||||
* string_uid_name(3) }</code>
|
||||
*/
|
||||
public static final Oid NT_STRING_UID_NAME
|
||||
Oid NT_STRING_UID_NAME
|
||||
= Oid.getInstance("1.2.840.113554.1.2.1.3");
|
||||
|
||||
/**
|
||||
@ -157,7 +157,7 @@ public interface GSSName {
|
||||
* <code>{ 1(iso), 3(org), 6(dod), 1(internet),
|
||||
* 5(security), 6(nametypes), 3(gss-anonymous-name) }</code>
|
||||
*/
|
||||
public static final Oid NT_ANONYMOUS
|
||||
Oid NT_ANONYMOUS
|
||||
= Oid.getInstance("1.3.6.1.5.6.3");
|
||||
|
||||
/**
|
||||
@ -168,7 +168,7 @@ public interface GSSName {
|
||||
* 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
|
||||
* 4(gss-api-exported-name) }</code>
|
||||
*/
|
||||
public static final Oid NT_EXPORT_NAME
|
||||
Oid NT_EXPORT_NAME
|
||||
= Oid.getInstance("1.3.6.1.5.6.4");
|
||||
|
||||
/**
|
||||
@ -185,7 +185,7 @@ public interface GSSName {
|
||||
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public boolean equals(GSSName another) throws GSSException;
|
||||
boolean equals(GSSName another) throws GSSException;
|
||||
|
||||
/**
|
||||
* Compares this <code>GSSName</code> object to another Object that might be a
|
||||
@ -198,14 +198,14 @@ public interface GSSName {
|
||||
* @param another the object to compare this name to
|
||||
* @see #equals(GSSName)
|
||||
*/
|
||||
public boolean equals(Object another);
|
||||
boolean equals(Object another);
|
||||
|
||||
/**
|
||||
* Returns a hashcode value for this GSSName.
|
||||
*
|
||||
* @return a hashCode value
|
||||
*/
|
||||
public int hashCode();
|
||||
int hashCode();
|
||||
|
||||
/**
|
||||
* Creates a name that is canonicalized for some
|
||||
@ -224,7 +224,7 @@ public interface GSSName {
|
||||
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public GSSName canonicalize(Oid mech) throws GSSException;
|
||||
GSSName canonicalize(Oid mech) throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns a canonical contiguous byte representation of a mechanism name
|
||||
@ -259,7 +259,7 @@ public interface GSSName {
|
||||
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public byte[] export() throws GSSException;
|
||||
byte[] export() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns a textual representation of the <code>GSSName</code> object. To retrieve
|
||||
@ -269,7 +269,7 @@ public interface GSSName {
|
||||
*
|
||||
* @return a String representing this name in printable form.
|
||||
*/
|
||||
public String toString();
|
||||
String toString();
|
||||
|
||||
/**
|
||||
* Returns the name type of the printable
|
||||
@ -283,14 +283,14 @@ public interface GSSName {
|
||||
* major error codes:
|
||||
* {@link GSSException#FAILURE GSSException.FAILURE}
|
||||
*/
|
||||
public Oid getStringNameType() throws GSSException;
|
||||
Oid getStringNameType() throws GSSException;
|
||||
|
||||
/**
|
||||
* Tests if this name object represents an anonymous entity.
|
||||
*
|
||||
* @return true if this is an anonymous name, false otherwise.
|
||||
*/
|
||||
public boolean isAnonymous();
|
||||
boolean isAnonymous();
|
||||
|
||||
/**
|
||||
* Tests if this name object represents a Mechanism Name (MN). An MN is
|
||||
@ -299,6 +299,6 @@ public interface GSSName {
|
||||
*
|
||||
* @return true if this is an MN, false otherwise.
|
||||
*/
|
||||
public boolean isMN();
|
||||
boolean isMN();
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -50,7 +50,7 @@ import sun.security.util.ObjectIdentifier;
|
||||
*/
|
||||
public class Oid {
|
||||
|
||||
private ObjectIdentifier oid;
|
||||
private final ObjectIdentifier oid;
|
||||
private byte[] derEncoding;
|
||||
|
||||
/**
|
||||
@ -100,7 +100,7 @@ public class Oid {
|
||||
* Creates an Oid object from its ASN.1 DER encoding. This refers to
|
||||
* the full encoding including tag and length. The structure and
|
||||
* encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825. This
|
||||
* method is identical in functionality to its InputStream conterpart.
|
||||
* method is identical in functionality to its InputStream counterpart.
|
||||
*
|
||||
* @param data byte array containing the DER encoded oid
|
||||
* @exception GSSException may be thrown when the DER encoding does not
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -65,7 +65,7 @@
|
||||
* mechanism will search for the required INITIATE and ACCEPT credentials
|
||||
* ({@link javax.security.auth.kerberos.KerberosTicket KerberosTicket} and
|
||||
* {@link javax.security.auth.kerberos.KerberosKey KerberosKey}) in
|
||||
* the private credential set where as some other mechanism might look
|
||||
* the private credential set whereas some other mechanism might look
|
||||
* in the public set or in both. If the desired credential is not
|
||||
* present in the appropriate sets of the current Subject, the GSS-API
|
||||
* call must fail.<p>
|
||||
|
@ -36,7 +36,7 @@ public sealed class GSSCaller permits HttpCaller {
|
||||
public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
|
||||
public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
|
||||
|
||||
private String name;
|
||||
private final String name;
|
||||
GSSCaller(String s) {
|
||||
name = s;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -145,7 +145,7 @@ public class GSSContextImpl implements GSSContext {
|
||||
public GSSContextImpl(GSSManagerImpl gssManager, GSSName peer, Oid mech,
|
||||
GSSCredential myCred, int lifetime)
|
||||
throws GSSException {
|
||||
if ((peer == null) || !(peer instanceof GSSNameImpl)) {
|
||||
if (!(peer instanceof GSSNameImpl)) {
|
||||
throw new GSSException(GSSException.BAD_NAME);
|
||||
}
|
||||
if (mech == null) mech = ProviderList.DEFAULT_MECH_OID;
|
||||
@ -182,7 +182,7 @@ public class GSSContextImpl implements GSSContext {
|
||||
this.mechOid = mechCtxt.getMech();
|
||||
}
|
||||
|
||||
public byte[] initSecContext(byte inputBuf[], int offset, int len)
|
||||
public byte[] initSecContext(byte[] inputBuf, int offset, int len)
|
||||
throws GSSException {
|
||||
/*
|
||||
* Size of ByteArrayOutputStream will double each time that extra
|
||||
@ -206,7 +206,7 @@ public class GSSContextImpl implements GSSContext {
|
||||
"Illegal call to initSecContext");
|
||||
}
|
||||
|
||||
GSSHeader gssHeader = null;
|
||||
GSSHeader gssHeader;
|
||||
int inTokenLen = -1;
|
||||
GSSCredentialSpi credElement = null;
|
||||
boolean firstToken = false;
|
||||
@ -292,7 +292,7 @@ public class GSSContextImpl implements GSSContext {
|
||||
}
|
||||
}
|
||||
|
||||
public byte[] acceptSecContext(byte inTok[], int offset, int len)
|
||||
public byte[] acceptSecContext(byte[] inTok, int offset, int len)
|
||||
throws GSSException {
|
||||
|
||||
/*
|
||||
@ -315,7 +315,7 @@ public class GSSContextImpl implements GSSContext {
|
||||
"Illegal call to acceptSecContext");
|
||||
}
|
||||
|
||||
GSSHeader gssHeader = null;
|
||||
GSSHeader gssHeader;
|
||||
int inTokenLen = -1;
|
||||
GSSCredentialSpi credElement = null;
|
||||
|
||||
@ -361,14 +361,13 @@ public class GSSContextImpl implements GSSContext {
|
||||
byte[] obuf = mechCtxt.acceptSecContext(inStream, inTokenLen);
|
||||
|
||||
if (obuf != null) {
|
||||
int retVal = obuf.length;
|
||||
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
||||
(GSSUtil.isSpNegoMech(mechOid))) {
|
||||
// do not add GSS header for native provider and SPNEGO
|
||||
} else {
|
||||
// add GSS header
|
||||
gssHeader = new GSSHeader(objId, obuf.length);
|
||||
retVal += gssHeader.encode(outStream);
|
||||
gssHeader.encode(outStream);
|
||||
}
|
||||
outStream.write(obuf);
|
||||
}
|
||||
@ -398,7 +397,7 @@ public class GSSContextImpl implements GSSContext {
|
||||
"No mechanism context yet!");
|
||||
}
|
||||
|
||||
public byte[] wrap(byte inBuf[], int offset, int len,
|
||||
public byte[] wrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
if (mechCtxt != null)
|
||||
return mechCtxt.wrap(inBuf, offset, len, msgProp);
|
||||
|
@ -172,8 +172,8 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
"no longer valid");
|
||||
}
|
||||
|
||||
SearchKey key = null;
|
||||
GSSCredentialSpi element = null;
|
||||
SearchKey key;
|
||||
GSSCredentialSpi element;
|
||||
|
||||
if (mech == null) mech = ProviderList.DEFAULT_MECH_OID;
|
||||
|
||||
@ -213,7 +213,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
|
||||
SearchKey tempKey;
|
||||
GSSCredentialSpi tempCred;
|
||||
int tempLife = 0, tempInitLife = 0, tempAcceptLife = 0;
|
||||
int tempLife, tempInitLife, tempAcceptLife;
|
||||
int min = INDEFINITE_LIFETIME;
|
||||
|
||||
for (Enumeration<SearchKey> e = hashtable.keys();
|
||||
@ -227,9 +227,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
else {
|
||||
tempInitLife = tempCred.getInitLifetime();
|
||||
tempAcceptLife = tempCred.getAcceptLifetime();
|
||||
tempLife = (tempInitLife < tempAcceptLife ?
|
||||
tempInitLife:
|
||||
tempAcceptLife);
|
||||
tempLife = (Math.min(tempInitLife, tempAcceptLife));
|
||||
}
|
||||
if (min > tempLife)
|
||||
min = tempLife;
|
||||
@ -245,8 +243,8 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
"no longer valid");
|
||||
}
|
||||
|
||||
GSSCredentialSpi element = null;
|
||||
SearchKey key = null;
|
||||
GSSCredentialSpi element;
|
||||
SearchKey key;
|
||||
boolean found = false;
|
||||
int max = 0;
|
||||
|
||||
@ -285,8 +283,8 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
"no longer valid");
|
||||
}
|
||||
|
||||
GSSCredentialSpi element = null;
|
||||
SearchKey key = null;
|
||||
GSSCredentialSpi element;
|
||||
SearchKey key;
|
||||
boolean found = false;
|
||||
int max = 0;
|
||||
|
||||
@ -361,8 +359,8 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
"no longer valid");
|
||||
}
|
||||
|
||||
GSSCredentialSpi element = null;
|
||||
SearchKey key = null;
|
||||
GSSCredentialSpi element;
|
||||
SearchKey key;
|
||||
boolean initiate = false;
|
||||
boolean accept = false;
|
||||
|
||||
@ -618,7 +616,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
|
||||
Set<GSSCredentialSpi> getElements() {
|
||||
HashSet<GSSCredentialSpi> retVal =
|
||||
new HashSet<GSSCredentialSpi>(hashtable.size());
|
||||
new HashSet<>(hashtable.size());
|
||||
Enumeration<GSSCredentialSpi> values = hashtable.elements();
|
||||
while (values.hasMoreElements()) {
|
||||
GSSCredentialSpi o = values.nextElement();
|
||||
@ -649,7 +647,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
"no longer valid");
|
||||
}
|
||||
|
||||
GSSCredentialSpi element = null;
|
||||
GSSCredentialSpi element;
|
||||
StringBuilder sb = new StringBuilder("[GSSCredential: ");
|
||||
Object[] elements = hashtable.entrySet().toArray();
|
||||
for (int i = 0; i < elements.length; i++) {
|
||||
@ -676,7 +674,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
}
|
||||
|
||||
static class SearchKey {
|
||||
private Oid mechOid = null;
|
||||
private final Oid mechOid;
|
||||
private int usage = GSSCredential.INITIATE_AND_ACCEPT;
|
||||
public SearchKey(Oid mechOid, int usage) {
|
||||
|
||||
@ -690,9 +688,8 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
return usage;
|
||||
}
|
||||
public boolean equals(Object other) {
|
||||
if (! (other instanceof SearchKey))
|
||||
if (! (other instanceof SearchKey that))
|
||||
return false;
|
||||
SearchKey that = (SearchKey) other;
|
||||
return ((this.mechOid.equals(that.mechOid)) &&
|
||||
(this.usage == that.usage));
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,6 +27,8 @@ package sun.security.jgss;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
/**
|
||||
* This class helps overcome a limitation of the org.ietf.jgss.GSSException
|
||||
* class that does not allow the thrower to set a string corresponding to
|
||||
@ -34,6 +36,7 @@ import org.ietf.jgss.*;
|
||||
*/
|
||||
public class GSSExceptionImpl extends GSSException {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 4251197939069005575L;
|
||||
|
||||
private String majorMessage;
|
||||
|
@ -52,9 +52,9 @@ import sun.security.util.*;
|
||||
|
||||
public class GSSHeader {
|
||||
|
||||
private ObjectIdentifier mechOid = null;
|
||||
private byte[] mechOidBytes = null;
|
||||
private int mechTokenLength = 0;
|
||||
private final ObjectIdentifier mechOid;
|
||||
private final byte[] mechOidBytes;
|
||||
private final int mechTokenLength;
|
||||
|
||||
/**
|
||||
* The tag defined in the GSS-API mechanism independent token
|
||||
@ -80,7 +80,7 @@ public class GSSHeader {
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads in a GSSHeader from an InputStream. Typically this would be
|
||||
* Reads in a GSSHeader from an InputStream. Typically, this would be
|
||||
* used as part of reading the complete token from an InputStream
|
||||
* that is obtained from a socket.
|
||||
*/
|
||||
@ -159,7 +159,7 @@ public class GSSHeader {
|
||||
DerOutputStream temp = new DerOutputStream();
|
||||
temp.putOID(mechOid);
|
||||
mechOidBytesSize = temp.toByteArray().length;
|
||||
} catch (IOException e) {
|
||||
} catch (IOException ignored) {
|
||||
}
|
||||
|
||||
// Subtract bytes needed for 0x60 tag and mechOidBytes
|
||||
@ -196,7 +196,7 @@ public class GSSHeader {
|
||||
* the length field of the GSSHeader.
|
||||
*/
|
||||
private int getLenFieldSize(int len) {
|
||||
int retVal = 1;
|
||||
int retVal;
|
||||
if (len < 128) {
|
||||
retVal=1;
|
||||
} else if (len < (1 << 8)) {
|
||||
@ -261,10 +261,9 @@ public class GSSHeader {
|
||||
*/
|
||||
if (tmp == 0)
|
||||
return -1;
|
||||
if (tmp < 0 || tmp > 4)
|
||||
if (tmp > 4)
|
||||
throw new IOException("DerInputStream.getLength(): lengthTag="
|
||||
+ tmp + ", "
|
||||
+ ((tmp < 0) ? "incorrect DER encoding." : "too big."));
|
||||
+ tmp + ", too big.");
|
||||
|
||||
for (value = 0; tmp > 0; tmp --) {
|
||||
value <<= 8;
|
||||
@ -287,7 +286,7 @@ public class GSSHeader {
|
||||
*/
|
||||
// Shameless lifted from sun.security.util.DerOutputStream.
|
||||
private int putLength(int len, OutputStream out) throws IOException {
|
||||
int retVal = 0;
|
||||
int retVal;
|
||||
if (len < 128) {
|
||||
out.write((byte)len);
|
||||
retVal=1;
|
||||
@ -333,7 +332,7 @@ public class GSSHeader {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (int i = 0; i < len; i++) {
|
||||
|
||||
int b1 = (bytes[i]>>4) & 0x0f;
|
||||
int b1 = (bytes[i] >> 4) & 0x0f;
|
||||
int b2 = bytes[i] & 0x0f;
|
||||
|
||||
sb.append(Integer.toHexString(b1));
|
||||
|
@ -40,7 +40,7 @@ public class GSSManagerImpl extends GSSManager {
|
||||
private static final Boolean USE_NATIVE = GetBooleanAction
|
||||
.privilegedGetProperty("sun.security.jgss.native");
|
||||
|
||||
private ProviderList list;
|
||||
private final ProviderList list;
|
||||
|
||||
// Used by java SPNEGO impl to make sure native is disabled
|
||||
public GSSManagerImpl(GSSCaller caller, boolean useNative) {
|
||||
@ -76,7 +76,7 @@ public class GSSManagerImpl extends GSSManager {
|
||||
nameType = GSSName.NT_HOSTBASED_SERVICE;
|
||||
}
|
||||
|
||||
// Iterate thru all mechs in GSS
|
||||
// Iterate through all mechs in GSS
|
||||
for (int i = 0; i < mechs.length; i++) {
|
||||
// what nametypes does this mech support?
|
||||
Oid mech = mechs[i];
|
||||
@ -98,8 +98,7 @@ public class GSSManagerImpl extends GSSManager {
|
||||
// Trim the list if needed
|
||||
if (pos < retVal.length) {
|
||||
Oid[] temp = new Oid[pos];
|
||||
for (int i = 0; i < pos; i++)
|
||||
temp[i] = retVal[i];
|
||||
System.arraycopy(retVal, 0, temp, 0, pos);
|
||||
retVal = temp;
|
||||
}
|
||||
|
||||
|
@ -54,7 +54,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
* mechanisms are required to be handed out. (Generally, other GSS
|
||||
* classes like GSSContext and GSSCredential request specific
|
||||
* elements depending on the mechanisms that they are dealing with.)
|
||||
* Assume that getting a mechanism to parse the applciation specified
|
||||
* Assume that getting a mechanism to parse the application specified
|
||||
* bytes is an expensive call.
|
||||
*
|
||||
* When a GSSName is canonicalized wrt some mechanism, it is supposed
|
||||
@ -225,7 +225,7 @@ public final class GSSNameImpl implements GSSName {
|
||||
throws GSSException {
|
||||
|
||||
int pos = 0;
|
||||
byte[] bytes = null;
|
||||
byte[] bytes;
|
||||
|
||||
if (appName instanceof String) {
|
||||
bytes = ((String) appName).getBytes(UTF_8);
|
||||
@ -240,7 +240,7 @@ public final class GSSNameImpl implements GSSName {
|
||||
|
||||
int oidLen = (((0xFF & bytes[pos++]) << 8) |
|
||||
(0xFF & bytes[pos++]));
|
||||
ObjectIdentifier temp = null;
|
||||
ObjectIdentifier temp;
|
||||
try {
|
||||
DerInputStream din = new DerInputStream(bytes, pos,
|
||||
oidLen);
|
||||
@ -285,7 +285,7 @@ public final class GSSNameImpl implements GSSName {
|
||||
if (other == this)
|
||||
return true;
|
||||
|
||||
if (! (other instanceof GSSNameImpl))
|
||||
if (! (other instanceof GSSNameImpl that))
|
||||
return equals(gssManager.createName(other.toString(),
|
||||
other.getStringNameType()));
|
||||
|
||||
@ -294,8 +294,6 @@ public final class GSSNameImpl implements GSSName {
|
||||
* available. If that fails, then proceed with this test.
|
||||
*/
|
||||
|
||||
GSSNameImpl that = (GSSNameImpl) other;
|
||||
|
||||
GSSNameSpi myElement = this.mechElement;
|
||||
GSSNameSpi element = that.mechElement;
|
||||
|
||||
@ -399,8 +397,8 @@ public final class GSSNameImpl implements GSSName {
|
||||
}
|
||||
|
||||
byte[] mechPortion = mechElement.export();
|
||||
byte[] oidBytes = null;
|
||||
ObjectIdentifier oid = null;
|
||||
byte[] oidBytes;
|
||||
ObjectIdentifier oid;
|
||||
|
||||
try {
|
||||
oid = ObjectIdentifier.of
|
||||
|
@ -25,11 +25,10 @@
|
||||
|
||||
package sun.security.jgss;
|
||||
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.EOFException;
|
||||
import sun.security.util.*;
|
||||
|
||||
/**
|
||||
* Utilities for processing GSS Tokens.
|
||||
@ -70,7 +69,7 @@ public abstract class GSSToken {
|
||||
}
|
||||
|
||||
public static final void writeBigEndian(int value, byte[] array,
|
||||
int pos) {
|
||||
int pos) {
|
||||
array[pos++] = (byte)((value>>>24));
|
||||
array[pos++] = (byte)((value>>>16));
|
||||
array[pos++] = (byte)((value>>>8));
|
||||
@ -153,7 +152,7 @@ public abstract class GSSToken {
|
||||
/**
|
||||
* Reads a two byte integer value from a byte array.
|
||||
*
|
||||
* @param src the byte arra to read from
|
||||
* @param src the byte array to read from
|
||||
* @param pos the offset to start reading from
|
||||
* @return the integer value
|
||||
*/
|
||||
@ -203,11 +202,11 @@ public abstract class GSSToken {
|
||||
}
|
||||
}
|
||||
|
||||
public static final String getHexBytes(byte[] bytes) {
|
||||
public static final String getHexBytes(byte[] bytes) {
|
||||
return getHexBytes(bytes, 0, bytes.length);
|
||||
}
|
||||
|
||||
public static final String getHexBytes(byte[] bytes, int len) {
|
||||
public static final String getHexBytes(byte[] bytes, int len) {
|
||||
return getHexBytes(bytes, 0, len);
|
||||
}
|
||||
|
||||
|
@ -118,13 +118,13 @@ public class GSSUtil {
|
||||
public static Subject getSubject(GSSName name,
|
||||
GSSCredential creds) {
|
||||
|
||||
HashSet<Object> privCredentials = null;
|
||||
HashSet<Object> pubCredentials = new HashSet<Object>(); // empty Set
|
||||
HashSet<Object> privCredentials;
|
||||
HashSet<Object> pubCredentials = new HashSet<>(); // empty Set
|
||||
|
||||
Set<GSSCredentialSpi> gssCredentials = null;
|
||||
Set<GSSCredentialSpi> gssCredentials;
|
||||
|
||||
Set<KerberosPrincipal> krb5Principals =
|
||||
new HashSet<KerberosPrincipal>();
|
||||
new HashSet<>();
|
||||
|
||||
if (name instanceof GSSNameImpl) {
|
||||
try {
|
||||
@ -146,10 +146,10 @@ public class GSSUtil {
|
||||
|
||||
if (creds instanceof GSSCredentialImpl) {
|
||||
gssCredentials = ((GSSCredentialImpl) creds).getElements();
|
||||
privCredentials = new HashSet<Object>(gssCredentials.size());
|
||||
privCredentials = new HashSet<>(gssCredentials.size());
|
||||
populateCredentials(privCredentials, gssCredentials);
|
||||
} else {
|
||||
privCredentials = new HashSet<Object>(); // empty Set
|
||||
privCredentials = new HashSet<>(); // empty Set
|
||||
}
|
||||
if (DEBUG) {
|
||||
debug("Created Subject with the following");
|
||||
@ -233,7 +233,7 @@ public class GSSUtil {
|
||||
*/
|
||||
public static Subject login(GSSCaller caller, Oid mech) throws LoginException {
|
||||
|
||||
CallbackHandler cb = null;
|
||||
CallbackHandler cb;
|
||||
if (caller instanceof HttpCaller) {
|
||||
cb = new sun.net.www.protocol.http.spnego.NegotiateCallbackHandler(
|
||||
((HttpCaller)caller).info());
|
||||
@ -259,7 +259,7 @@ public class GSSUtil {
|
||||
|
||||
/**
|
||||
* Determines if the application doesn't mind if the mechanism obtains
|
||||
* the required credentials from outside of the current Subject. Our
|
||||
* the required credentials from outside the current Subject. Our
|
||||
* Kerberos v5 mechanism would do a JAAS login on behalf of the
|
||||
* application if this were the case.
|
||||
*
|
||||
@ -324,46 +324,44 @@ public class GSSUtil {
|
||||
@SuppressWarnings("removal")
|
||||
Vector<T> creds =
|
||||
AccessController.doPrivilegedWithCombiner
|
||||
(new PrivilegedExceptionAction<Vector<T>>() {
|
||||
public Vector<T> run() throws Exception {
|
||||
Subject currSubj = Subject.current();
|
||||
Vector<T> result = null;
|
||||
if (currSubj != null) {
|
||||
result = new Vector<T>();
|
||||
Iterator<GSSCredentialImpl> iterator =
|
||||
currSubj.getPrivateCredentials
|
||||
(GSSCredentialImpl.class).iterator();
|
||||
while (iterator.hasNext()) {
|
||||
GSSCredentialImpl cred = iterator.next();
|
||||
((PrivilegedExceptionAction<Vector<T>>) () -> {
|
||||
Subject currSubj = Subject.current();
|
||||
Vector<T> result = null;
|
||||
if (currSubj != null) {
|
||||
result = new Vector<>();
|
||||
Iterator<GSSCredentialImpl> iterator =
|
||||
currSubj.getPrivateCredentials
|
||||
(GSSCredentialImpl.class).iterator();
|
||||
while (iterator.hasNext()) {
|
||||
GSSCredentialImpl cred = iterator.next();
|
||||
if (DEBUG) {
|
||||
debug("...Found cred" + cred);
|
||||
}
|
||||
try {
|
||||
GSSCredentialSpi ce =
|
||||
cred.getElement(mech, initiate);
|
||||
if (DEBUG) {
|
||||
debug("...Found cred" + cred);
|
||||
debug("......Found element: " + ce);
|
||||
}
|
||||
try {
|
||||
GSSCredentialSpi ce =
|
||||
cred.getElement(mech, initiate);
|
||||
if (ce.getClass().equals(credCls) &&
|
||||
(name == null ||
|
||||
name.equals((Object) ce.getName()))) {
|
||||
result.add(credCls.cast(ce));
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
debug("......Found element: " + ce);
|
||||
}
|
||||
if (ce.getClass().equals(credCls) &&
|
||||
(name == null ||
|
||||
name.equals((Object) ce.getName()))) {
|
||||
result.add(credCls.cast(ce));
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
debug("......Discard element");
|
||||
}
|
||||
}
|
||||
} catch (GSSException ge) {
|
||||
if (DEBUG) {
|
||||
debug("...Discard cred (" + ge + ")");
|
||||
debug("......Discard element");
|
||||
}
|
||||
}
|
||||
} catch (GSSException ge) {
|
||||
if (DEBUG) {
|
||||
debug("...Discard cred (" + ge + ")");
|
||||
}
|
||||
}
|
||||
} else if (DEBUG) {
|
||||
debug("No Subject");
|
||||
}
|
||||
return result;
|
||||
} else if (DEBUG) {
|
||||
debug("No Subject");
|
||||
}
|
||||
return result;
|
||||
});
|
||||
return creds;
|
||||
} catch (PrivilegedActionException pae) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,7 +31,7 @@ import org.ietf.jgss.GSSCredential;
|
||||
/**
|
||||
* The extending point of basic JGSS-API.
|
||||
* <p>
|
||||
* If a module wants to extend basic JGSS-API classes, it should extends this
|
||||
* If a module wants to extend basic JGSS-API classes, it should extend this
|
||||
* class and register itself as "the extender" using the setExtender method.
|
||||
* When various GSSManager.createXXX methods are called, they will call
|
||||
* "the extender"'s wrap methods to create objects of extended types
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,6 +25,7 @@
|
||||
|
||||
package sun.security.jgss;
|
||||
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.HashMap;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
import javax.security.auth.login.Configuration;
|
||||
@ -72,11 +73,7 @@ public class LoginConfigImpl extends Configuration {
|
||||
throw new IllegalArgumentException(mech.toString() + " not supported");
|
||||
}
|
||||
config = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction <Configuration> () {
|
||||
public Configuration run() {
|
||||
return Configuration.getConfiguration();
|
||||
}
|
||||
});
|
||||
((PrivilegedAction<Configuration>) Configuration::getConfiguration);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -166,7 +163,7 @@ public class LoginConfigImpl extends Configuration {
|
||||
* the system-wide Configuration object.
|
||||
*/
|
||||
private AppConfigurationEntry[] getDefaultConfigurationEntry() {
|
||||
HashMap <String, String> options = new HashMap <String, String> (2);
|
||||
HashMap <String, String> options = new HashMap<>(2);
|
||||
|
||||
if (mechName == null || mechName.equals("krb5")) {
|
||||
if (isServerSide(caller)) {
|
||||
|
@ -51,7 +51,7 @@ import sun.security.action.GetPropertyAction;
|
||||
* mechanisms.) When it finds such an entry, the corresponding
|
||||
* provider is approached for the mechanism's factory class.
|
||||
* At instantiation time this list in initialized to contain those
|
||||
* system wide providers that contain a property of the form
|
||||
* system-wide providers that contain a property of the form
|
||||
* "GssApiMechanism.x.y.z..." where "x.y.z..." is a numeric object
|
||||
* identifier with numbers x, y, z, etc. Such a property is defined
|
||||
* to map to that provider's implementation of the MechanismFactory
|
||||
@ -73,9 +73,9 @@ import sun.security.action.GetPropertyAction;
|
||||
* the system ones don't suffice.<p>
|
||||
*
|
||||
* If a mechanism's factory is being obtained from a provider as a
|
||||
* result of encountering a entryof the form {@code <provider, oid>} where
|
||||
* result of encountering an entry of the form {@code <provider, oid>} where
|
||||
* oid is non-null, then the assumption is that the application added
|
||||
* this entry and it wants this mechanism to be obtained from this
|
||||
* this entry, and it wants this mechanism to be obtained from this
|
||||
* provider. Thus is the provider does not actually contain the
|
||||
* requested mechanism, an exception will be thrown. However, if the
|
||||
* entry were of the form {@code <provider, null>}, then it is viewed more
|
||||
@ -110,11 +110,11 @@ public final class ProviderList {
|
||||
(defOid == null ? GSSUtil.GSS_KRB5_MECH_OID : defOid);
|
||||
}
|
||||
|
||||
private ArrayList<PreferencesEntry> preferences =
|
||||
new ArrayList<PreferencesEntry>(5);
|
||||
private HashMap<PreferencesEntry, MechanismFactory> factories =
|
||||
new HashMap<PreferencesEntry, MechanismFactory>(5);
|
||||
private HashSet<Oid> mechs = new HashSet<Oid>(5);
|
||||
private final ArrayList<PreferencesEntry> preferences =
|
||||
new ArrayList<>(5);
|
||||
private final HashMap<PreferencesEntry, MechanismFactory> factories =
|
||||
new HashMap<>(5);
|
||||
private final HashSet<Oid> mechs = new HashSet<>(5);
|
||||
|
||||
private final GSSCaller caller;
|
||||
|
||||
@ -186,8 +186,7 @@ public final class ProviderList {
|
||||
if (mechOid == null) mechOid = ProviderList.DEFAULT_MECH_OID;
|
||||
|
||||
if (p == null) {
|
||||
// Iterate thru all preferences to find right provider
|
||||
String className;
|
||||
// Iterate through all preferences to find right provider
|
||||
PreferencesEntry entry;
|
||||
|
||||
Iterator<PreferencesEntry> list = preferences.iterator();
|
||||
@ -200,7 +199,7 @@ public final class ProviderList {
|
||||
} // end of while loop
|
||||
throw new GSSExceptionImpl(GSSException.BAD_MECH, mechOid);
|
||||
} else {
|
||||
// Use the impl from the specified provider; return null if the
|
||||
// Use the impl from the specified provider; return null if
|
||||
// the mech is unsupported by the specified provider.
|
||||
PreferencesEntry entry = new PreferencesEntry(p, mechOid);
|
||||
return getMechFactory(entry, mechOid);
|
||||
@ -396,7 +395,7 @@ public final class ProviderList {
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper routine to go through all properties continued in a
|
||||
* Helper routine to go through all properties contained in a
|
||||
* provider and add its mechanisms to the list of supported
|
||||
* mechanisms. If no default mechanism has been assigned so far,
|
||||
* it sets the default MechanismFactory and Oid as well.
|
||||
@ -440,9 +439,9 @@ public final class ProviderList {
|
||||
* provider should be used for the mechanism. If the mechanism
|
||||
* Oid is null, then it indicates that this preference holds for
|
||||
* any mechanism.<p>
|
||||
*
|
||||
* <p>
|
||||
* The ProviderList maintains an ordered list of
|
||||
* PreferencesEntry's and iterates thru them as it tries to
|
||||
* PreferencesEntry's and iterates through them as it tries to
|
||||
* instantiate MechanismFactory's.
|
||||
*/
|
||||
private static final class PreferencesEntry {
|
||||
@ -458,11 +457,10 @@ public final class ProviderList {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!(other instanceof PreferencesEntry)) {
|
||||
if (!(other instanceof PreferencesEntry that)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
PreferencesEntry that = (PreferencesEntry)other;
|
||||
if (this.p.getName().equals(that.p.getName())) {
|
||||
if (this.oid != null && that.oid != null) {
|
||||
return this.oid.equals(that.oid);
|
||||
@ -494,11 +492,10 @@ public final class ProviderList {
|
||||
*/
|
||||
boolean implies(Object other) {
|
||||
|
||||
if (other instanceof PreferencesEntry) {
|
||||
PreferencesEntry temp = (PreferencesEntry) other;
|
||||
if (other instanceof PreferencesEntry temp) {
|
||||
return (equals(temp) ||
|
||||
p.getName().equals(temp.p.getName()) &&
|
||||
oid == null);
|
||||
oid == null);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
@ -517,6 +514,7 @@ public final class ProviderList {
|
||||
* mechanism. The entry is applicable to the desired mech if
|
||||
* it contains the same oid or if it contains a null oid
|
||||
* indicating that it is applicable to all mechs.
|
||||
*
|
||||
* @param mechOid the desired mechanism
|
||||
* @return true if the provider in this entry should be
|
||||
* queried for this mechanism.
|
||||
@ -527,12 +525,10 @@ public final class ProviderList {
|
||||
|
||||
// For debugging
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder("<");
|
||||
sb.append(p.getName());
|
||||
sb.append(", ");
|
||||
sb.append(oid);
|
||||
sb.append(">");
|
||||
return sb.toString();
|
||||
return "<" + p.getName() +
|
||||
", " +
|
||||
oid +
|
||||
">";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,6 +25,7 @@
|
||||
|
||||
package sun.security.jgss;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.security.Provider;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
@ -59,6 +60,7 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
|
||||
public final class SunProvider extends Provider {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -238911724858694198L;
|
||||
|
||||
private static final String INFO = "Sun " +
|
||||
@ -104,16 +106,14 @@ public final class SunProvider extends Provider {
|
||||
super("SunJGSS", PROVIDER_VER, INFO);
|
||||
|
||||
final Provider p = this;
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
public Void run() {
|
||||
putService(new ProviderService(p, "GssApiMechanism",
|
||||
"1.2.840.113554.1.2.2",
|
||||
"sun.security.jgss.krb5.Krb5MechFactory"));
|
||||
putService(new ProviderService(p, "GssApiMechanism",
|
||||
"1.3.6.1.5.5.2",
|
||||
"sun.security.jgss.spnego.SpNegoMechFactory"));
|
||||
return null;
|
||||
}
|
||||
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
|
||||
putService(new ProviderService(p, "GssApiMechanism",
|
||||
"1.2.840.113554.1.2.2",
|
||||
"sun.security.jgss.krb5.Krb5MechFactory"));
|
||||
putService(new ProviderService(p, "GssApiMechanism",
|
||||
"1.3.6.1.5.5.2",
|
||||
"sun.security.jgss.spnego.SpNegoMechFactory"));
|
||||
return null;
|
||||
});
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -36,12 +36,12 @@ import java.util.LinkedList;
|
||||
* Each element of the list is an interval [a, b]. Its existence in the
|
||||
* list implies that all token numbers in the range a, a+1, ..., b-1, b
|
||||
* have arrived. Gaps in arrived token numbers are represented by the
|
||||
* numbers that fall in between two elements of the list. eg. {[a,b],
|
||||
* numbers that fall in between two elements of the list. e.g. {[a,b],
|
||||
* [c,d]} indicates that the token numbers b+1, ..., c-1 have not arrived
|
||||
* yet.
|
||||
*
|
||||
* The maximum number of intervals that we keep track of is
|
||||
* MAX_INTERVALS. Thus if there are too many gaps, then some of the older
|
||||
* MAX_INTERVALS. Thus, if there are too many gaps, then some older
|
||||
* sequence numbers are deleted from the list. The earliest sequence number
|
||||
* that exists in the list is the windowStart. The next expected sequence
|
||||
* number, or expectedNumber, is one greater than the latest sequence
|
||||
@ -63,13 +63,13 @@ public class TokenTracker {
|
||||
|
||||
static final int MAX_INTERVALS = 5;
|
||||
|
||||
private int initNumber;
|
||||
private final int initNumber;
|
||||
private int windowStart;
|
||||
private int expectedNumber;
|
||||
|
||||
private int windowStartIndex = 0;
|
||||
|
||||
private LinkedList<Entry> list = new LinkedList<Entry>();
|
||||
private final LinkedList<Entry> list = new LinkedList<>();
|
||||
|
||||
public TokenTracker(int initNumber) {
|
||||
|
||||
@ -78,7 +78,7 @@ public class TokenTracker {
|
||||
this.expectedNumber = initNumber;
|
||||
|
||||
// Make an entry with one less than the expected first token
|
||||
Entry entry = new Entry(initNumber-1);
|
||||
Entry entry = new Entry(initNumber - 1);
|
||||
|
||||
list.add(entry);
|
||||
}
|
||||
@ -90,7 +90,7 @@ public class TokenTracker {
|
||||
* a in a new interval ahead of the whole list.
|
||||
*/
|
||||
private int getIntervalIndex(int number) {
|
||||
Entry entry = null;
|
||||
Entry entry;
|
||||
int i;
|
||||
// Start from the rear to optimize for the normal case
|
||||
for (i = list.size() - 1; i >= 0; i--) {
|
||||
@ -235,7 +235,7 @@ public class TokenTracker {
|
||||
|
||||
Entry entry;
|
||||
Entry entryBefore = null;
|
||||
Entry entryAfter = null;
|
||||
Entry entryAfter;
|
||||
|
||||
boolean appended = false;
|
||||
boolean prepended = false;
|
||||
@ -329,7 +329,7 @@ public class TokenTracker {
|
||||
}
|
||||
}
|
||||
|
||||
// Finally we are ready to actually add to the list at index
|
||||
// Finally, we are ready to actually add to the list at index
|
||||
// 'prevEntryPos+1'
|
||||
|
||||
list.add(prevEntryPos+1, entry);
|
||||
@ -356,7 +356,7 @@ public class TokenTracker {
|
||||
* tokens. Each entry is actually an interval of numbers, all of which
|
||||
* have been received.
|
||||
*/
|
||||
class Entry {
|
||||
static class Entry {
|
||||
|
||||
private int start;
|
||||
private int end;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -76,9 +76,10 @@ class CipherHelper {
|
||||
private static final byte[] ZERO_IV = new byte[DES_IV_SIZE];
|
||||
private static final byte[] ZERO_IV_AES = new byte[AES_IV_SIZE];
|
||||
|
||||
private int etype;
|
||||
private int sgnAlg, sealAlg;
|
||||
private byte[] keybytes;
|
||||
private final int etype;
|
||||
private final int sgnAlg;
|
||||
private final int sealAlg;
|
||||
private final byte[] keybytes;
|
||||
|
||||
CipherHelper(EncryptionKey key) throws GSSException {
|
||||
etype = key.getEType();
|
||||
@ -134,11 +135,7 @@ class CipherHelper {
|
||||
}
|
||||
|
||||
boolean isArcFour() {
|
||||
boolean flag = false;
|
||||
if (etype == EncryptedData.ETYPE_ARCFOUR_HMAC) {
|
||||
flag = true;
|
||||
}
|
||||
return flag;
|
||||
return etype == EncryptedData.ETYPE_ARCFOUR_HMAC;
|
||||
}
|
||||
|
||||
@SuppressWarnings("fallthrough")
|
||||
@ -384,9 +381,8 @@ class CipherHelper {
|
||||
|
||||
case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA384_192:
|
||||
try {
|
||||
byte[] answer = Aes256Sha2.calculateChecksum(keybytes, key_usage,
|
||||
return Aes256Sha2.calculateChecksum(keybytes, key_usage,
|
||||
buf, 0, total);
|
||||
return answer;
|
||||
} catch (GeneralSecurityException e) {
|
||||
GSSException ge = new GSSException(GSSException.FAILURE, -1,
|
||||
"Could not use AES256 signing algorithm - " +
|
||||
@ -844,7 +840,7 @@ class CipherHelper {
|
||||
byte[] plaintext, int pStart, int pLen, byte[] ciphertext, int cStart,
|
||||
int key_usage) throws GSSException {
|
||||
|
||||
byte[] ctext = null;
|
||||
byte[] ctext;
|
||||
switch (etype) {
|
||||
case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
|
||||
ctext = aes128Encrypt(confounder, tokenHeader,
|
||||
@ -886,7 +882,7 @@ class CipherHelper {
|
||||
* @param len the length of the data
|
||||
* @throws GSSException when an error occuse in the encryption
|
||||
*/
|
||||
private byte[] getDesCbcChecksum(byte key[],
|
||||
private byte[] getDesCbcChecksum(byte[] key,
|
||||
byte[] header,
|
||||
byte[] data, int offset, int len)
|
||||
throws GSSException {
|
||||
@ -954,14 +950,14 @@ class CipherHelper {
|
||||
* @param key the bytes for the DES key
|
||||
* @param ivBytes the initial vector bytes
|
||||
*/
|
||||
private final Cipher getInitializedDes(boolean encryptMode, byte[] key,
|
||||
byte[] ivBytes)
|
||||
private Cipher getInitializedDes(boolean encryptMode, byte[] key,
|
||||
byte[] ivBytes)
|
||||
throws GSSException {
|
||||
|
||||
|
||||
try {
|
||||
IvParameterSpec iv = new IvParameterSpec(ivBytes);
|
||||
SecretKey jceKey = (SecretKey) (new SecretKeySpec(key, "DES"));
|
||||
SecretKey jceKey = new SecretKeySpec(key, "DES");
|
||||
|
||||
Cipher desCipher = Cipher.getInstance("DES/CBC/NoPadding");
|
||||
desCipher.init(
|
||||
@ -986,7 +982,7 @@ class CipherHelper {
|
||||
* @param offset the offset for the encrypted data
|
||||
* @param len the length of the encrypted data
|
||||
* @param dataOutBuf the output buffer where the application data
|
||||
* should be writte
|
||||
* should be written
|
||||
* @param dataOffset the offset where the application data should
|
||||
* be written.
|
||||
* @throws GSSException is an error occurs while decrypting the
|
||||
@ -1077,7 +1073,7 @@ class CipherHelper {
|
||||
* read
|
||||
* @param len the length of the ciphertext data
|
||||
* @param dataOutBuf the output buffer where the application data
|
||||
* should be writte
|
||||
* should be written
|
||||
* @param dataOffset the offset where the application data should
|
||||
* be written.
|
||||
* @throws GSSException is an error occurs while decrypting the
|
||||
@ -1087,12 +1083,12 @@ class CipherHelper {
|
||||
InputStream is, int len, byte[] dataOutBuf, int dataOffset)
|
||||
throws GSSException, IOException {
|
||||
|
||||
int temp = 0;
|
||||
int temp;
|
||||
|
||||
Cipher des = getInitializedDes(false, key, ZERO_IV);
|
||||
|
||||
WrapTokenInputStream truncatedInputStream =
|
||||
new WrapTokenInputStream(is, len);
|
||||
new WrapTokenInputStream(is, len);
|
||||
CipherInputStream cis = new CipherInputStream(truncatedInputStream,
|
||||
des);
|
||||
/*
|
||||
@ -1419,7 +1415,7 @@ class CipherHelper {
|
||||
int cStart, int cLen, byte[] plaintext, int pStart, int key_usage)
|
||||
throws GSSException {
|
||||
|
||||
byte[] ptext = null;
|
||||
byte[] ptext;
|
||||
|
||||
try {
|
||||
ptext = Aes128.decryptRaw(keybytes, key_usage,
|
||||
@ -1456,7 +1452,7 @@ class CipherHelper {
|
||||
int cStart, int cLen, byte[] plaintext, int pStart, int key_usage)
|
||||
throws GSSException {
|
||||
|
||||
byte[] ptext = null;
|
||||
byte[] ptext;
|
||||
|
||||
try {
|
||||
ptext = Aes128Sha2.decryptRaw(keybytes, key_usage,
|
||||
@ -1633,10 +1629,10 @@ class CipherHelper {
|
||||
* the CipherInputStream from treating the bytes of the following token
|
||||
* as part fo the ciphertext for this token.
|
||||
*/
|
||||
class WrapTokenInputStream extends InputStream {
|
||||
static class WrapTokenInputStream extends InputStream {
|
||||
|
||||
private InputStream is;
|
||||
private int length;
|
||||
private final InputStream is;
|
||||
private final int length;
|
||||
private int remaining;
|
||||
|
||||
private int temp;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -39,7 +39,7 @@ class InitSecContextToken extends InitialToken {
|
||||
|
||||
// If non-mutual authentication is requested, there is no AP-REP message.
|
||||
// The acceptor thus has no chance to send the seq-number field to the
|
||||
// initiator. In this case, the initiator and acceptor should has an
|
||||
// initiator. In this case, the initiator and acceptor should have an
|
||||
// agreement to derive acceptor's initial seq-number if the acceptor wishes
|
||||
// to send messages to the initiator.
|
||||
|
||||
@ -64,7 +64,7 @@ class InitSecContextToken extends InitialToken {
|
||||
}
|
||||
}
|
||||
|
||||
private KrbApReq apReq = null;
|
||||
private final KrbApReq apReq;
|
||||
|
||||
/**
|
||||
* For the context initiator to call. It constructs a new
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -68,7 +68,7 @@ abstract class InitialToken extends Krb5Token {
|
||||
|
||||
protected class OverloadedChecksum {
|
||||
|
||||
private byte[] checksumBytes = null;
|
||||
private final byte[] checksumBytes;
|
||||
private Credentials delegCreds = null;
|
||||
private int flags = 0;
|
||||
|
||||
@ -105,7 +105,7 @@ abstract class InitialToken extends Krb5Token {
|
||||
}
|
||||
|
||||
if (context.getCredDelegState()) {
|
||||
KrbCred krbCred = null;
|
||||
KrbCred krbCred;
|
||||
CipherHelper cipherHelper =
|
||||
context.getCipherHelper(serviceTicket.getSessionKey());
|
||||
if (useNullKey(cipherHelper)) {
|
||||
@ -217,8 +217,6 @@ abstract class InitialToken extends Krb5Token {
|
||||
EncryptionKey key, EncryptionKey subKey)
|
||||
throws GSSException, KrbException, IOException {
|
||||
|
||||
int pos = 0;
|
||||
|
||||
if (checksum == null) {
|
||||
GSSException ge = new GSSException(GSSException.FAILURE, -1,
|
||||
"No cksum in AP_REQ's authenticator");
|
||||
@ -296,12 +294,8 @@ abstract class InitialToken extends Krb5Token {
|
||||
|
||||
// check if KRB-CRED message should use NULL_KEY for encryption
|
||||
private boolean useNullKey(CipherHelper ch) {
|
||||
boolean flag = true;
|
||||
// for "newer" etypes and RC4-HMAC do not use NULL KEY
|
||||
if ((ch.getProto() == 1) || ch.isArcFour()) {
|
||||
flag = false;
|
||||
}
|
||||
return flag;
|
||||
return (ch.getProto() != 1) && !ch.isArcFour();
|
||||
}
|
||||
|
||||
public Checksum getChecksum() throws KrbException {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -64,7 +64,7 @@ public class Krb5AcceptCredential
|
||||
final String serverPrinc = (name == null? null:
|
||||
name.getKrb5PrincipalName().getName());
|
||||
|
||||
ServiceCreds creds = null;
|
||||
ServiceCreds creds;
|
||||
try {
|
||||
creds = AccessController.doPrivilegedWithCombiner(
|
||||
new PrivilegedExceptionAction<ServiceCreds>() {
|
||||
@ -178,7 +178,7 @@ public class Krb5AcceptCredential
|
||||
|
||||
/**
|
||||
* Impersonation is only available on the initiator side. The
|
||||
* service must starts as an initiator to get an initial TGT to complete
|
||||
* service must start as an initiator to get an initial TGT to complete
|
||||
* the S4U2self protocol.
|
||||
*/
|
||||
@Override
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,11 +35,7 @@ import sun.security.krb5.*;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.Provider;
|
||||
import java.security.AccessController;
|
||||
import java.security.Key;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.security.*;
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.kerberos.ServicePermission;
|
||||
import javax.security.auth.kerberos.KerberosCredMessage;
|
||||
@ -88,7 +84,6 @@ class Krb5Context implements GSSContextSpi {
|
||||
private boolean isConstrainedDelegationTried = false;
|
||||
|
||||
private int mySeqNumber;
|
||||
private int peerSeqNumber;
|
||||
private int keySrc;
|
||||
private TokenTracker peerTokenTracker;
|
||||
|
||||
@ -103,14 +98,14 @@ class Krb5Context implements GSSContextSpi {
|
||||
* checking of per-message tokens is enabled.
|
||||
*/
|
||||
|
||||
private Object mySeqNumberLock = new Object();
|
||||
private Object peerSeqNumberLock = new Object();
|
||||
private final Object mySeqNumberLock = new Object();
|
||||
private final Object peerSeqNumberLock = new Object();
|
||||
|
||||
private EncryptionKey key;
|
||||
private Krb5NameElement myName;
|
||||
private Krb5NameElement peerName;
|
||||
private int lifetime;
|
||||
private boolean initiator;
|
||||
private final boolean initiator;
|
||||
private ChannelBinding channelBinding;
|
||||
|
||||
private Krb5CredElement myCred;
|
||||
@ -366,7 +361,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
* MessageToken.init()
|
||||
*/
|
||||
final CipherHelper getCipherHelper(EncryptionKey ckey) throws GSSException {
|
||||
EncryptionKey cipherKey = null;
|
||||
EncryptionKey cipherKey;
|
||||
if (cipherHelper == null) {
|
||||
cipherKey = (getKey() == null) ? ckey: getKey();
|
||||
cipherHelper = new CipherHelper(cipherKey);
|
||||
@ -399,8 +394,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
+ seqNumber);
|
||||
}
|
||||
synchronized (peerSeqNumberLock) {
|
||||
peerSeqNumber = seqNumber;
|
||||
peerTokenTracker = new TokenTracker(peerSeqNumber);
|
||||
peerTokenTracker = new TokenTracker(seqNumber);
|
||||
}
|
||||
}
|
||||
|
||||
@ -415,7 +409,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
return keySrc;
|
||||
}
|
||||
|
||||
private final EncryptionKey getKey() {
|
||||
private EncryptionKey getKey() {
|
||||
return key;
|
||||
}
|
||||
|
||||
@ -707,11 +701,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
@SuppressWarnings("removal")
|
||||
final Subject subject =
|
||||
AccessController.doPrivilegedWithCombiner(
|
||||
new java.security.PrivilegedAction<Subject>() {
|
||||
public Subject run() {
|
||||
return (Subject.current());
|
||||
}
|
||||
});
|
||||
(PrivilegedAction<Subject>) Subject::current);
|
||||
if (subject != null &&
|
||||
!subject.isReadOnly()) {
|
||||
/*
|
||||
@ -725,12 +715,10 @@ class Krb5Context implements GSSContextSpi {
|
||||
Krb5Util.credsToTicket(serviceCreds);
|
||||
@SuppressWarnings("removal")
|
||||
var dummy = AccessController.doPrivileged (
|
||||
new java.security.PrivilegedAction<Void>() {
|
||||
public Void run() {
|
||||
subject.getPrivateCredentials().add(kt);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
(PrivilegedAction<Void>) () -> {
|
||||
subject.getPrivateCredentials().add(kt);
|
||||
return null;
|
||||
});
|
||||
} else {
|
||||
// log it for debugging purpose
|
||||
if (DEBUG) {
|
||||
@ -904,7 +892,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
/*
|
||||
* Per-message calls depend on the sequence number. The sequence number
|
||||
* synchronization is at a finer granularity because wrap and getMIC
|
||||
* care about the local sequence number (mySeqNumber) where are unwrap
|
||||
* care about the local sequence number (mySeqNumber) whereas unwrap
|
||||
* and verifyMIC care about the remote sequence number (peerSeqNumber).
|
||||
*/
|
||||
|
||||
@ -938,7 +926,6 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
return encToken;
|
||||
} catch (IOException e) {
|
||||
encToken = null;
|
||||
GSSException gssException =
|
||||
new GSSException(GSSException.FAILURE, -1, e.getMessage());
|
||||
gssException.initCause(e);
|
||||
@ -972,7 +959,6 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
return retVal;
|
||||
} catch (IOException e) {
|
||||
retVal = 0;
|
||||
GSSException gssException =
|
||||
new GSSException(GSSException.FAILURE, -1, e.getMessage());
|
||||
gssException.initCause(e);
|
||||
@ -1187,7 +1173,6 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
return retVal;
|
||||
} catch (IOException e) {
|
||||
retVal = 0;
|
||||
GSSException gssException =
|
||||
new GSSException(GSSException.FAILURE, -1, e.getMessage());
|
||||
gssException.initCause(e);
|
||||
@ -1196,7 +1181,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
|
||||
/*
|
||||
* Checksum calculation requires a byte[]. Hence might as well pass
|
||||
* Checksum calculation requires a byte[]. Hence, might as well pass
|
||||
* a byte[] into the MicToken constructor. However, writing the
|
||||
* token can be optimized for cases where the application passed in
|
||||
* an OutputStream.
|
||||
@ -1385,7 +1370,7 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
|
||||
GSSCaller getCaller() {
|
||||
// Currently used by InitialToken only
|
||||
// Currently, used by InitialToken only
|
||||
return caller;
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,10 +25,7 @@
|
||||
|
||||
package sun.security.jgss.krb5;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.jgss.spi.*;
|
||||
import sun.security.krb5.*;
|
||||
import java.security.Provider;
|
||||
import sun.security.jgss.spi.GSSCredentialSpi;
|
||||
|
||||
/**
|
||||
* Provides type safety for Krb5 credential elements.
|
||||
|
@ -31,6 +31,7 @@ import sun.security.jgss.spi.*;
|
||||
import sun.security.krb5.*;
|
||||
import javax.security.auth.kerberos.KerberosTicket;
|
||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
import java.io.Serial;
|
||||
import java.net.InetAddress;
|
||||
import java.io.IOException;
|
||||
import java.util.Date;
|
||||
@ -50,12 +51,13 @@ public class Krb5InitCredential
|
||||
extends KerberosTicket
|
||||
implements Krb5CredElement {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 7723415700837898232L;
|
||||
|
||||
@SuppressWarnings("serial") // Not statically typed as Serializable
|
||||
private Krb5NameElement name;
|
||||
private final Krb5NameElement name;
|
||||
@SuppressWarnings("serial") // Not statically typed as Serializable
|
||||
private Credentials krb5Credentials;
|
||||
private final Credentials krb5Credentials;
|
||||
public KerberosTicket proxyTicket;
|
||||
|
||||
private Krb5InitCredential(Krb5NameElement name,
|
||||
@ -198,8 +200,8 @@ public class Krb5InitCredential
|
||||
EncryptionKey sessionKey = delegatedCred.getSessionKey();
|
||||
|
||||
/*
|
||||
* all of the following data is optional in a KRB-CRED
|
||||
* messages. This check for each field.
|
||||
* All the following data is optional in a KRB-CRED
|
||||
* message. This check for each field.
|
||||
*/
|
||||
|
||||
PrincipalName cPrinc = delegatedCred.getClient();
|
||||
|
@ -54,7 +54,7 @@ public final class Krb5MechFactory implements MechanismFactory {
|
||||
static final Oid NT_GSS_KRB5_PRINCIPAL =
|
||||
createOid("1.2.840.113554.1.2.2.1");
|
||||
|
||||
private static Oid[] nameTypes =
|
||||
private static final Oid[] nameTypes =
|
||||
new Oid[] { GSSName.NT_USER_NAME,
|
||||
GSSName.NT_HOSTBASED_SERVICE,
|
||||
GSSName.NT_EXPORT_NAME,
|
||||
@ -214,7 +214,7 @@ public final class Krb5MechFactory implements MechanismFactory {
|
||||
}
|
||||
|
||||
|
||||
public final Oid getMechanismOid() {
|
||||
public Oid getMechanismOid() {
|
||||
return GSS_KRB5_MECH_OID;
|
||||
}
|
||||
|
||||
|
@ -47,10 +47,10 @@ import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
public class Krb5NameElement
|
||||
implements GSSNameSpi {
|
||||
|
||||
private PrincipalName krb5PrincipalName;
|
||||
private final PrincipalName krb5PrincipalName;
|
||||
|
||||
private String gssNameStr = null;
|
||||
private Oid gssNameType = null;
|
||||
private final String gssNameStr;
|
||||
private final Oid gssNameType;
|
||||
|
||||
private Krb5NameElement(PrincipalName principalName,
|
||||
String gssNameStr,
|
||||
@ -185,7 +185,7 @@ public class Krb5NameElement
|
||||
private static String getHostBasedInstance(String serviceName,
|
||||
String hostName)
|
||||
throws GSSException {
|
||||
StringBuffer temp = new StringBuffer(serviceName);
|
||||
StringBuilder temp = new StringBuilder(serviceName);
|
||||
|
||||
try {
|
||||
// A lack of "@" defaults to the service being on the local
|
||||
@ -199,7 +199,7 @@ public class Krb5NameElement
|
||||
}
|
||||
hostName = hostName.toLowerCase(Locale.ENGLISH);
|
||||
|
||||
temp = temp.append('/').append(hostName);
|
||||
temp.append('/').append(hostName);
|
||||
return temp.toString();
|
||||
}
|
||||
|
||||
@ -222,9 +222,8 @@ public class Krb5NameElement
|
||||
if (other == this)
|
||||
return true;
|
||||
|
||||
if (other instanceof Krb5NameElement) {
|
||||
Krb5NameElement that = (Krb5NameElement) other;
|
||||
return (this.krb5PrincipalName.getName().equals(
|
||||
if (other instanceof Krb5NameElement that) {
|
||||
return (this.krb5PrincipalName.getName().equals(
|
||||
that.krb5PrincipalName.getName()));
|
||||
}
|
||||
return false;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -144,7 +144,7 @@ public class Krb5Util {
|
||||
serverAlias.getName(), serverAlias.getNameType()));
|
||||
}
|
||||
return kt;
|
||||
};
|
||||
}
|
||||
|
||||
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
|
||||
throws KrbException, IOException {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -394,11 +394,10 @@ abstract class MessageToken extends Krb5Token {
|
||||
if (initiator)
|
||||
directionByte = (byte) 0xff; // Received token from acceptor
|
||||
|
||||
if ((seqNumberData[4] == directionByte) &&
|
||||
(seqNumberData[5] == directionByte) &&
|
||||
(seqNumberData[6] == directionByte) &&
|
||||
(seqNumberData[7] == directionByte))
|
||||
return true;
|
||||
return (seqNumberData[4] == directionByte) &&
|
||||
(seqNumberData[5] == directionByte) &&
|
||||
(seqNumberData[6] == directionByte) &&
|
||||
(seqNumberData[7] == directionByte);
|
||||
}
|
||||
|
||||
return false;
|
||||
@ -406,7 +405,7 @@ abstract class MessageToken extends Krb5Token {
|
||||
}
|
||||
|
||||
public final int getSequenceNumber() {
|
||||
int sequenceNum = 0;
|
||||
int sequenceNum;
|
||||
if (cipherHelper.isArcFour()) {
|
||||
sequenceNum = readBigEndian(seqNumberData, 0, 4);
|
||||
} else {
|
||||
@ -536,7 +535,7 @@ abstract class MessageToken extends Krb5Token {
|
||||
}
|
||||
|
||||
/**
|
||||
* Obtains the context key that is associated with this token.
|
||||
* Obtains the context key associated with this token.
|
||||
* @return the context key
|
||||
*/
|
||||
/*
|
||||
@ -586,18 +585,18 @@ abstract class MessageToken extends Krb5Token {
|
||||
*/
|
||||
class MessageTokenHeader {
|
||||
|
||||
private int tokenId;
|
||||
private int signAlg;
|
||||
private int sealAlg;
|
||||
private final int tokenId;
|
||||
private final int signAlg;
|
||||
private final int sealAlg;
|
||||
|
||||
private byte[] bytes = new byte[8];
|
||||
private final byte[] bytes = new byte[8];
|
||||
|
||||
/**
|
||||
* Constructs a MessageTokenHeader for the specified token type with
|
||||
* appropriate checksum and encryption algorithms fields.
|
||||
*
|
||||
* @param tokenId the token id for this message token
|
||||
* @param conf true if confidentiality will be resuested with this
|
||||
* @param conf true if confidentiality will be requested with this
|
||||
* message token, false otherwise.
|
||||
* @param qop the value of the quality of protection that will be
|
||||
* desired.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,12 +25,13 @@
|
||||
|
||||
package sun.security.jgss.krb5;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import org.ietf.jgss.MessageProp;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.Arrays;
|
||||
|
||||
@ -499,8 +500,8 @@ abstract class MessageToken_v2 extends Krb5Token {
|
||||
*/
|
||||
class MessageTokenHeader {
|
||||
|
||||
private int tokenId;
|
||||
private byte[] bytes = new byte[TOKEN_HEADER_SIZE];
|
||||
private final int tokenId;
|
||||
private final byte[] bytes = new byte[TOKEN_HEADER_SIZE];
|
||||
|
||||
// Writes a new token header
|
||||
public MessageTokenHeader(int tokenId, boolean conf) throws GSSException {
|
||||
@ -511,7 +512,7 @@ abstract class MessageToken_v2 extends Krb5Token {
|
||||
bytes[1] = (byte) (tokenId);
|
||||
|
||||
// Flags (Note: MIT impl requires subkey)
|
||||
int flags = 0;
|
||||
int flags;
|
||||
flags = (initiator ? 0 : FLAG_SENDER_IS_ACCEPTOR) |
|
||||
((conf && tokenId != MIC_ID_v2) ?
|
||||
FLAG_WRAP_CONFIDENTIAL : 0) |
|
||||
@ -576,12 +577,8 @@ abstract class MessageToken_v2 extends Krb5Token {
|
||||
|
||||
// check for confidentiality
|
||||
int conf_flag = bytes[TOKEN_FLAG_POS] & FLAG_WRAP_CONFIDENTIAL;
|
||||
if ((conf_flag == FLAG_WRAP_CONFIDENTIAL) &&
|
||||
(tokenId == WRAP_ID_v2)) {
|
||||
prop.setPrivacy(true);
|
||||
} else {
|
||||
prop.setPrivacy(false);
|
||||
}
|
||||
prop.setPrivacy((conf_flag == FLAG_WRAP_CONFIDENTIAL) &&
|
||||
(tokenId == WRAP_ID_v2));
|
||||
|
||||
if (tokenId == WRAP_ID_v2) {
|
||||
// validate filler
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,12 +25,12 @@
|
||||
|
||||
package sun.security.jgss.krb5;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import org.ietf.jgss.MessageProp;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
class MicToken extends MessageToken {
|
||||
|
||||
@ -54,7 +54,7 @@ class MicToken extends MessageToken {
|
||||
}
|
||||
|
||||
public void verify(InputStream data) throws GSSException {
|
||||
byte[] dataBytes = null;
|
||||
byte[] dataBytes;
|
||||
try {
|
||||
dataBytes = new byte[data.available()];
|
||||
data.read(dataBytes);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -62,7 +62,7 @@ class MicToken_v2 extends MessageToken_v2 {
|
||||
}
|
||||
|
||||
public void verify(InputStream data) throws GSSException {
|
||||
byte[] dataBytes = null;
|
||||
byte[] dataBytes;
|
||||
try {
|
||||
dataBytes = new byte[data.available()];
|
||||
data.read(dataBytes);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -36,6 +36,7 @@ import sun.security.krb5.EncryptionKey;
|
||||
import sun.security.krb5.KrbException;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import sun.security.krb5.*;
|
||||
@ -201,11 +202,9 @@ public final class ServiceCreds {
|
||||
continue; // skip this legacy bound keytab
|
||||
}
|
||||
}
|
||||
for (KerberosKey k: ktab.getKeys(princ)) {
|
||||
keys.add(k);
|
||||
}
|
||||
Collections.addAll(keys, ktab.getKeys(princ));
|
||||
}
|
||||
return keys.toArray(new KerberosKey[keys.size()]);
|
||||
return keys.toArray(new KerberosKey[0]);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -86,7 +86,7 @@ class SubjectComber {
|
||||
if (subject == null) {
|
||||
return null;
|
||||
} else {
|
||||
List<T> answer = (oneOnly ? null : new ArrayList<T>());
|
||||
List<T> answer = (oneOnly ? null : new ArrayList<>());
|
||||
|
||||
if (credClass == KeyTab.class) {
|
||||
Iterator<KeyTab> iterator =
|
||||
@ -151,11 +151,10 @@ class SubjectComber {
|
||||
Iterator<Object> iterator = pcs.iterator();
|
||||
while (iterator.hasNext()) {
|
||||
Object obj = iterator.next();
|
||||
if (!(obj instanceof KerberosTicket)) {
|
||||
if (!(obj instanceof @SuppressWarnings("unchecked")
|
||||
KerberosTicket ticket)) {
|
||||
continue;
|
||||
}
|
||||
@SuppressWarnings("unchecked")
|
||||
KerberosTicket ticket = (KerberosTicket)obj;
|
||||
if (DEBUG) {
|
||||
System.out.println("Found ticket for "
|
||||
+ ticket.getClient()
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -74,7 +74,7 @@ class WrapToken extends MessageToken {
|
||||
/*
|
||||
* A token may come in either in an InputStream or as a
|
||||
* byte[]. Store a reference to it in either case and process
|
||||
* it's data only later when getData() is called and
|
||||
* its data only later when getData() is called and
|
||||
* decryption/copying is needed to be done. Note that JCE can
|
||||
* decrypt both from a byte[] and from an InputStream.
|
||||
*/
|
||||
@ -96,13 +96,13 @@ class WrapToken extends MessageToken {
|
||||
private int dataLen = 0;
|
||||
|
||||
// the len of the token data: (confounder || data || padding)
|
||||
private int dataSize = 0;
|
||||
private final int dataSize;
|
||||
|
||||
// Accessed by CipherHelper
|
||||
byte[] confounder = null;
|
||||
byte[] padding = null;
|
||||
|
||||
private boolean privacy = false;
|
||||
private final boolean privacy;
|
||||
|
||||
/**
|
||||
* Constructs a WrapToken from token bytes obtained from the
|
||||
@ -303,8 +303,6 @@ class WrapToken extends MessageToken {
|
||||
private void getDataFromStream(byte[] dataBuf, int dataBufOffset)
|
||||
throws GSSException {
|
||||
|
||||
GSSHeader gssHeader = getGSSHeader();
|
||||
|
||||
// Don't check the token length. Data will be read on demand from
|
||||
// the InputStream.
|
||||
|
||||
@ -385,7 +383,7 @@ class WrapToken extends MessageToken {
|
||||
* @return the padding to be applied
|
||||
*/
|
||||
private byte[] getPadding(int len) {
|
||||
int padSize = 0;
|
||||
int padSize;
|
||||
// For RC4-HMAC, all padding is rounded up to 1 byte.
|
||||
// One byte is needed to say that there is 1 byte of padding.
|
||||
if (cipherHelper.isArcFour()) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -220,7 +220,7 @@ class WrapToken_v2 extends MessageToken_v2 {
|
||||
return token.length;
|
||||
}
|
||||
|
||||
// This implementation is way to conservative. And it certainly
|
||||
// This implementation is way too conservative. And it certainly
|
||||
// doesn't return the maximum limit.
|
||||
static int getSizeLimit(int qop, boolean confReq, int maxTokenSize,
|
||||
CipherHelper ch) throws GSSException {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -89,65 +89,65 @@ import java.security.Provider;
|
||||
|
||||
public interface GSSContextSpi {
|
||||
|
||||
public Provider getProvider();
|
||||
Provider getProvider();
|
||||
|
||||
// The specification for the following methods mirrors the
|
||||
// specification of the same methods in the GSSContext interface, as
|
||||
// defined in RFC 2853.
|
||||
|
||||
public void requestLifetime(int lifetime) throws GSSException;
|
||||
void requestLifetime(int lifetime) throws GSSException;
|
||||
|
||||
public void requestMutualAuth(boolean state) throws GSSException;
|
||||
void requestMutualAuth(boolean state) throws GSSException;
|
||||
|
||||
public void requestReplayDet(boolean state) throws GSSException;
|
||||
void requestReplayDet(boolean state) throws GSSException;
|
||||
|
||||
public void requestSequenceDet(boolean state) throws GSSException;
|
||||
void requestSequenceDet(boolean state) throws GSSException;
|
||||
|
||||
public void requestCredDeleg(boolean state) throws GSSException;
|
||||
void requestCredDeleg(boolean state) throws GSSException;
|
||||
|
||||
public void requestAnonymity(boolean state) throws GSSException;
|
||||
void requestAnonymity(boolean state) throws GSSException;
|
||||
|
||||
public void requestConf(boolean state) throws GSSException;
|
||||
void requestConf(boolean state) throws GSSException;
|
||||
|
||||
public void requestInteg(boolean state) throws GSSException;
|
||||
void requestInteg(boolean state) throws GSSException;
|
||||
|
||||
public void requestDelegPolicy(boolean state) throws GSSException;
|
||||
void requestDelegPolicy(boolean state) throws GSSException;
|
||||
|
||||
public void setChannelBinding(ChannelBinding cb) throws GSSException;
|
||||
void setChannelBinding(ChannelBinding cb) throws GSSException;
|
||||
|
||||
public boolean getCredDelegState();
|
||||
boolean getCredDelegState();
|
||||
|
||||
public boolean getMutualAuthState();
|
||||
boolean getMutualAuthState();
|
||||
|
||||
public boolean getReplayDetState();
|
||||
boolean getReplayDetState();
|
||||
|
||||
public boolean getSequenceDetState();
|
||||
boolean getSequenceDetState();
|
||||
|
||||
public boolean getAnonymityState();
|
||||
boolean getAnonymityState();
|
||||
|
||||
public boolean getDelegPolicyState();
|
||||
boolean getDelegPolicyState();
|
||||
|
||||
public boolean isTransferable() throws GSSException;
|
||||
boolean isTransferable() throws GSSException;
|
||||
|
||||
public boolean isProtReady();
|
||||
boolean isProtReady();
|
||||
|
||||
public boolean isInitiator();
|
||||
boolean isInitiator();
|
||||
|
||||
public boolean getConfState();
|
||||
boolean getConfState();
|
||||
|
||||
public boolean getIntegState();
|
||||
boolean getIntegState();
|
||||
|
||||
public int getLifetime();
|
||||
int getLifetime();
|
||||
|
||||
public boolean isEstablished();
|
||||
boolean isEstablished();
|
||||
|
||||
public GSSNameSpi getSrcName() throws GSSException;
|
||||
GSSNameSpi getSrcName() throws GSSException;
|
||||
|
||||
public GSSNameSpi getTargName() throws GSSException;
|
||||
GSSNameSpi getTargName() throws GSSException;
|
||||
|
||||
public Oid getMech() throws GSSException;
|
||||
Oid getMech() throws GSSException;
|
||||
|
||||
public GSSCredentialSpi getDelegCred() throws GSSException;
|
||||
GSSCredentialSpi getDelegCred() throws GSSException;
|
||||
|
||||
/**
|
||||
* Initiator context establishment call. This method may be
|
||||
@ -163,9 +163,9 @@ public interface GSSContextSpi {
|
||||
* with this mechanism level initSecContext. Since the output token
|
||||
* from this method is a fixed size, not exceedingly large, and a one
|
||||
* time deal, an overloaded form that takes an OutputStream has not
|
||||
* been defined. The GSS-Framwork can write the returned byte[] to any
|
||||
* been defined. The GSS-Framework can write the returned byte[] to any
|
||||
* application provided OutputStream. Similarly, any application input
|
||||
* int he form of byte arrays will be wrapped in an input stream by the
|
||||
* in the form of byte arrays will be wrapped in an input stream by the
|
||||
* GSS-Framework and then passed here.
|
||||
* <p>
|
||||
* <strong>
|
||||
@ -187,7 +187,7 @@ public interface GSSContextSpi {
|
||||
* the way out.
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public byte[] initSecContext(InputStream is, int mechTokenSize)
|
||||
byte[] initSecContext(InputStream is, int mechTokenSize)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -204,9 +204,9 @@ public interface GSSContextSpi {
|
||||
* with this mechanism level acceptSecContext. Since the output token
|
||||
* from this method is a fixed size, not exceedingly large, and a one
|
||||
* time deal, an overloaded form that takes an OutputStream has not
|
||||
* been defined. The GSS-Framwork can write the returned byte[] to any
|
||||
* been defined. The GSS-Framework can write the returned byte[] to any
|
||||
* application provided OutputStream. Similarly, any application input
|
||||
* int he form of byte arrays will be wrapped in an input stream by the
|
||||
* in the form of byte arrays will be wrapped in an input stream by the
|
||||
* GSS-Framework and then passed here.
|
||||
* <p>
|
||||
* <strong>
|
||||
@ -227,12 +227,12 @@ public interface GSSContextSpi {
|
||||
* the way out.
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public byte[] acceptSecContext(InputStream is, int mechTokenSize)
|
||||
byte[] acceptSecContext(InputStream is, int mechTokenSize)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
* Queries the context for largest data size to accommodate
|
||||
* the specified protection and for the token to remain less then
|
||||
* the specified protection and for the token to remain less than
|
||||
* maxTokSize.
|
||||
*
|
||||
* @param qop the quality of protection that the context will be
|
||||
@ -245,28 +245,28 @@ public interface GSSContextSpi {
|
||||
* requirements are met.
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public int getWrapSizeLimit(int qop, boolean confReq, int maxTokSize)
|
||||
int getWrapSizeLimit(int qop, boolean confReq, int maxTokSize)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
* Provides per-message token encapsulation.
|
||||
*
|
||||
* @param is the user-provided message to be protected
|
||||
* @param os the token to be sent to the peer. It includes
|
||||
* @param is the token to be sent to the peer. It includes
|
||||
* the message from <i>is</i> with the requested protection.
|
||||
* @param msgProp on input it contains the requested qop and
|
||||
* @param msgProp on input, contains the requested qop and
|
||||
* confidentiality state, on output, the applied values
|
||||
* @exception GSSException may be thrown
|
||||
* @see unwrap
|
||||
*/
|
||||
public void wrap(InputStream is, OutputStream os, MessageProp msgProp)
|
||||
void wrap(InputStream is, OutputStream os, MessageProp msgProp)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
* For apps that want simplicity and don't care about buffer copies.
|
||||
*/
|
||||
public byte[] wrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
byte[] wrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* For apps that care about buffer copies but either cannot use streams
|
||||
@ -308,14 +308,14 @@ public interface GSSContextSpi {
|
||||
* @exception GSSException may be thrown
|
||||
* @see wrap
|
||||
*/
|
||||
public void unwrap(InputStream is, OutputStream os,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void unwrap(InputStream is, OutputStream os,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* For apps that want simplicity and don't care about buffer copies.
|
||||
*/
|
||||
public byte[] unwrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
byte[] unwrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* For apps that care about buffer copies but either cannot use streams
|
||||
@ -352,12 +352,12 @@ public interface GSSContextSpi {
|
||||
* @param msgProp on input the desired QOP and output the applied QOP
|
||||
* @exception GSSException
|
||||
*/
|
||||
public void getMIC(InputStream is, OutputStream os,
|
||||
MessageProp msgProp)
|
||||
void getMIC(InputStream is, OutputStream os,
|
||||
MessageProp msgProp)
|
||||
throws GSSException;
|
||||
|
||||
public byte[] getMIC(byte[] inMsg, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
byte[] getMIC(byte[] inMsg, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Checks the integrity of the supplied tokens.
|
||||
@ -369,12 +369,12 @@ public interface GSSContextSpi {
|
||||
* states of the token as well as any informatory status codes
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public void verifyMIC(InputStream is, InputStream msgStr,
|
||||
MessageProp mProp) throws GSSException;
|
||||
void verifyMIC(InputStream is, InputStream msgStr,
|
||||
MessageProp mProp) throws GSSException;
|
||||
|
||||
public void verifyMIC(byte[] inTok, int tokOffset, int tokLen,
|
||||
byte[] inMsg, int msgOffset, int msgLen,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
void verifyMIC(byte[] inTok, int tokOffset, int tokLen,
|
||||
byte[] inMsg, int msgOffset, int msgLen,
|
||||
MessageProp msgProp) throws GSSException;
|
||||
|
||||
/**
|
||||
* Produces a token representing this context. After this call
|
||||
@ -384,7 +384,7 @@ public interface GSSContextSpi {
|
||||
* @return exported context token
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public byte[] export() throws GSSException;
|
||||
byte[] export() throws GSSException;
|
||||
|
||||
/**
|
||||
* Releases context resources and terminates the
|
||||
@ -392,7 +392,7 @@ public interface GSSContextSpi {
|
||||
*
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public void dispose() throws GSSException;
|
||||
void dispose() throws GSSException;
|
||||
|
||||
/**
|
||||
* Return the mechanism-specific attribute associated with {@code type}.
|
||||
@ -402,6 +402,6 @@ public interface GSSContextSpi {
|
||||
* @throws GSSException see {@link ExtendedGSSContext#inquireSecContext}
|
||||
* for details
|
||||
*/
|
||||
public Object inquireSecContext(String type)
|
||||
Object inquireSecContext(String type)
|
||||
throws GSSException;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,7 +37,7 @@ import java.security.Provider;
|
||||
*/
|
||||
public interface GSSCredentialSpi {
|
||||
|
||||
public Provider getProvider();
|
||||
Provider getProvider();
|
||||
|
||||
/**
|
||||
* Called to invalidate this credential element and release
|
||||
@ -46,7 +46,7 @@ public interface GSSCredentialSpi {
|
||||
*
|
||||
* @exception GSSException with major codes NO_CRED and FAILURE
|
||||
*/
|
||||
public void dispose() throws GSSException;
|
||||
void dispose() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the principal name for this credential. The name
|
||||
@ -55,7 +55,7 @@ public interface GSSCredentialSpi {
|
||||
* @return GSSNameSpi representing principal name of this credential
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public GSSNameSpi getName() throws GSSException;
|
||||
GSSNameSpi getName() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the init lifetime remaining.
|
||||
@ -63,7 +63,7 @@ public interface GSSCredentialSpi {
|
||||
* @return the init lifetime remaining in seconds
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public int getInitLifetime() throws GSSException;
|
||||
int getInitLifetime() throws GSSException;
|
||||
|
||||
|
||||
/**
|
||||
@ -72,21 +72,21 @@ public interface GSSCredentialSpi {
|
||||
* @return the accept lifetime remaining in seconds
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public int getAcceptLifetime() throws GSSException;
|
||||
int getAcceptLifetime() throws GSSException;
|
||||
|
||||
/**
|
||||
* Determines if this credential element can be used by a context
|
||||
* initiator.
|
||||
* @return true if it can be used for initiating contexts
|
||||
*/
|
||||
public boolean isInitiatorCredential() throws GSSException;
|
||||
boolean isInitiatorCredential() throws GSSException;
|
||||
|
||||
/**
|
||||
* Determines if this credential element can be used by a context
|
||||
* acceptor.
|
||||
* @return true if it can be used for accepting contexts
|
||||
*/
|
||||
public boolean isAcceptorCredential() throws GSSException;
|
||||
boolean isAcceptorCredential() throws GSSException;
|
||||
|
||||
/**
|
||||
* Returns the oid representing the underlying credential
|
||||
@ -95,7 +95,7 @@ public interface GSSCredentialSpi {
|
||||
* @return the Oid for this credential mechanism
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public Oid getMechanism();
|
||||
Oid getMechanism();
|
||||
|
||||
/**
|
||||
* Impersonates another client.
|
||||
@ -104,5 +104,5 @@ public interface GSSCredentialSpi {
|
||||
* @return the new credential
|
||||
* @exception GSSException may be thrown
|
||||
*/
|
||||
public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
|
||||
GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2005, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,7 +38,7 @@ import java.security.Provider;
|
||||
|
||||
public interface GSSNameSpi {
|
||||
|
||||
public Provider getProvider();
|
||||
Provider getProvider();
|
||||
|
||||
/**
|
||||
* Equals method for the GSSNameSpi objects.
|
||||
@ -50,7 +50,7 @@ public interface GSSNameSpi {
|
||||
* @exception GSSException with major codes of BAD_NAMETYPE,
|
||||
* BAD_NAME, FAILURE
|
||||
*/
|
||||
public boolean equals(GSSNameSpi name) throws GSSException;
|
||||
boolean equals(GSSNameSpi name) throws GSSException;
|
||||
|
||||
/**
|
||||
* Compares this <code>GSSNameSpi</code> object to another Object
|
||||
@ -63,14 +63,14 @@ public interface GSSNameSpi {
|
||||
* @return true if they both refer to the same entity, else false
|
||||
* @see #equals(GSSNameSpi)
|
||||
*/
|
||||
public boolean equals(Object another);
|
||||
boolean equals(Object another);
|
||||
|
||||
/**
|
||||
* Returns a hashcode value for this GSSNameSpi.
|
||||
*
|
||||
* @return a hashCode value
|
||||
*/
|
||||
public int hashCode();
|
||||
int hashCode();
|
||||
|
||||
/**
|
||||
* Returns a flat name representation for this object. The name
|
||||
@ -80,7 +80,7 @@ public interface GSSNameSpi {
|
||||
* @exception GSSException with major codes NAME_NOT_MN, BAD_NAME,
|
||||
* BAD_NAME, FAILURE.
|
||||
*/
|
||||
public byte[] export() throws GSSException;
|
||||
byte[] export() throws GSSException;
|
||||
|
||||
|
||||
/**
|
||||
@ -88,7 +88,7 @@ public interface GSSNameSpi {
|
||||
*
|
||||
* @return the Oid of the mechanism type
|
||||
*/
|
||||
public Oid getMechanism();
|
||||
Oid getMechanism();
|
||||
|
||||
/**
|
||||
* Returns a string representation for this name. The printed
|
||||
@ -98,7 +98,7 @@ public interface GSSNameSpi {
|
||||
* @see #getStringNameType()
|
||||
* @overrides Object#toString
|
||||
*/
|
||||
public String toString();
|
||||
String toString();
|
||||
|
||||
|
||||
/**
|
||||
@ -106,10 +106,10 @@ public interface GSSNameSpi {
|
||||
*
|
||||
* @return the Oid for the format of the printed name
|
||||
*/
|
||||
public Oid getStringNameType();
|
||||
Oid getStringNameType();
|
||||
|
||||
/**
|
||||
* Indicates if this name object represents an Anonymous name.
|
||||
*/
|
||||
public boolean isAnonymousName();
|
||||
boolean isAnonymousName();
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,7 +37,7 @@ import java.security.Provider;
|
||||
* property "GssApiMechanism.x.y.z" to an implementation class that serves
|
||||
* as the factory for that mechanism.
|
||||
* <p>
|
||||
* e.g., If a provider master file contained the a mapping from the
|
||||
* e.g., If a provider master file contained a mapping from the
|
||||
* property "GssApiMechanism.1.2.840.113554.1.2.2" to the class name
|
||||
* "com.foo.krb5.Krb5GssFactory", then the GSS-API framework would assume
|
||||
* that com.foo.krb5.Krb5GssFactory implements the MechanismFactory
|
||||
@ -53,13 +53,13 @@ public interface MechanismFactory {
|
||||
* Returns the Oid of the mechanism that this factory supports.
|
||||
* @return the Oid
|
||||
*/
|
||||
public Oid getMechanismOid();
|
||||
Oid getMechanismOid();
|
||||
|
||||
/**
|
||||
* Returns the provider that this factory came from.
|
||||
* @return the provider
|
||||
*/
|
||||
public Provider getProvider();
|
||||
Provider getProvider();
|
||||
|
||||
/**
|
||||
* Returns the GSS-API nametypes that this mechanism can
|
||||
@ -69,7 +69,7 @@ public interface MechanismFactory {
|
||||
* nametypes supported
|
||||
* @see org.ietf.jgss.GSSName
|
||||
*/
|
||||
public Oid[] getNameTypes() throws GSSException;
|
||||
Oid[] getNameTypes() throws GSSException;
|
||||
|
||||
/**
|
||||
* Creates a credential element for this mechanism to be included as
|
||||
@ -115,8 +115,8 @@ public interface MechanismFactory {
|
||||
* @throws GSSException if one of the error situations described in RFC
|
||||
* 2743 with the GSS_Acquire_Cred or GSS_Add_Cred calls occurs.
|
||||
*/
|
||||
public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
|
||||
int initLifetime, int acceptLifetime, int usage) throws GSSException;
|
||||
GSSCredentialSpi getCredentialElement(GSSNameSpi name,
|
||||
int initLifetime, int acceptLifetime, int usage) throws GSSException;
|
||||
|
||||
/**
|
||||
* Creates a name element for this mechanism to be included as part of
|
||||
@ -134,7 +134,7 @@ public interface MechanismFactory {
|
||||
* @throws GSSException if any of the errors described in RFC 2743 for
|
||||
* the GSS_Import_Name or GSS_Canonicalize_Name calls occur.
|
||||
*/
|
||||
public GSSNameSpi getNameElement(String nameStr, Oid nameType)
|
||||
GSSNameSpi getNameElement(String nameStr, Oid nameType)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -153,7 +153,7 @@ public interface MechanismFactory {
|
||||
* @throws GSSException if any of the errors described in RFC 2743 for
|
||||
* the GSS_Import_Name or GSS_Canonicalize_Name calls occur.
|
||||
*/
|
||||
public GSSNameSpi getNameElement(byte[] name, Oid nameType)
|
||||
GSSNameSpi getNameElement(byte[] name, Oid nameType)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -174,12 +174,12 @@ public interface MechanismFactory {
|
||||
* @throws GSSException if any of the errors described in RFC 2743 in
|
||||
* the GSS_Init_Sec_Context call occur.
|
||||
*/
|
||||
public GSSContextSpi getMechanismContext(GSSNameSpi peer,
|
||||
GSSCredentialSpi myInitiatorCred,
|
||||
int lifetime) throws GSSException;
|
||||
GSSContextSpi getMechanismContext(GSSNameSpi peer,
|
||||
GSSCredentialSpi myInitiatorCred,
|
||||
int lifetime) throws GSSException;
|
||||
|
||||
/**
|
||||
* Creates a security context for this mechanism so thatit can be used
|
||||
* Creates a security context for this mechanism so that it can be used
|
||||
* on the context acceptor's side.
|
||||
*
|
||||
* @param myAcceptorCred a credential element for the context acceptor
|
||||
@ -192,7 +192,7 @@ public interface MechanismFactory {
|
||||
* @throws GSSException if any of the errors described in RFC 2743 in
|
||||
* the GSS_Accept_Sec_Context call occur.
|
||||
*/
|
||||
public GSSContextSpi getMechanismContext(GSSCredentialSpi myAcceptorCred)
|
||||
GSSContextSpi getMechanismContext(GSSCredentialSpi myAcceptorCred)
|
||||
throws GSSException;
|
||||
|
||||
/**
|
||||
@ -208,7 +208,7 @@ public interface MechanismFactory {
|
||||
* @throws GSSException is any of the errors described in RFC 2743 in
|
||||
* the GSS_Import_Sec_Context call occur.
|
||||
*/
|
||||
public GSSContextSpi getMechanismContext(byte[] exportedContext)
|
||||
GSSContextSpi getMechanismContext(byte[] exportedContext)
|
||||
throws GSSException;
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,12 +25,13 @@
|
||||
|
||||
package sun.security.jgss.spnego;
|
||||
|
||||
import java.io.*;
|
||||
import java.util.*;
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.jgss.*;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import org.ietf.jgss.Oid;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import sun.security.util.*;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Implements the SPNEGO NegTokenInit token
|
||||
* as specified in RFC 2478
|
||||
@ -165,7 +166,7 @@ public class NegTokenInit extends SpNegoToken {
|
||||
// read all the mechTypes
|
||||
DerValue[] mList = mValue.getSequence(0);
|
||||
mechTypeList = new Oid[mList.length];
|
||||
ObjectIdentifier mech = null;
|
||||
ObjectIdentifier mech;
|
||||
for (int i = 0; i < mList.length; i++) {
|
||||
mech = mList[i].getOID();
|
||||
if (DEBUG) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,6 +27,8 @@ package sun.security.jgss.spnego;
|
||||
|
||||
import java.io.*;
|
||||
import java.security.Provider;
|
||||
import java.util.Objects;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.jgss.*;
|
||||
@ -66,14 +68,14 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
|
||||
private GSSNameSpi peerName = null;
|
||||
private GSSNameSpi myName = null;
|
||||
private SpNegoCredElement myCred = null;
|
||||
private final SpNegoCredElement myCred;
|
||||
|
||||
private GSSContext mechContext = null;
|
||||
private byte[] DER_mechTypes = null;
|
||||
|
||||
private int lifetime;
|
||||
private ChannelBinding channelBinding;
|
||||
private boolean initiator;
|
||||
private final boolean initiator;
|
||||
|
||||
// the underlying negotiated mechanism
|
||||
private Oid internal_mech = null;
|
||||
@ -285,7 +287,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
throws GSSException {
|
||||
|
||||
byte[] retVal = null;
|
||||
NegTokenInit initToken = null;
|
||||
NegTokenInit initToken;
|
||||
byte[] mechToken = null;
|
||||
int errorCode = GSSException.FAILURE;
|
||||
|
||||
@ -582,7 +584,6 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
state = STATE_IN_PROCESS;
|
||||
}
|
||||
} else {
|
||||
negoResult = SpNegoToken.NegoResult.REJECT;
|
||||
state = STATE_DELETED;
|
||||
throw new GSSException(GSSException.FAILURE);
|
||||
}
|
||||
@ -642,7 +643,6 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
state = STATE_IN_PROCESS;
|
||||
}
|
||||
} else {
|
||||
negoResult = SpNegoToken.NegoResult.REJECT;
|
||||
state = STATE_DELETED;
|
||||
throw new GSSException(GSSException.FAILURE);
|
||||
}
|
||||
@ -709,8 +709,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// insert in SEQUENCE
|
||||
DerOutputStream mechTypeList = new DerOutputStream();
|
||||
mechTypeList.write(DerValue.tag_Sequence, mech);
|
||||
byte[] encoded = mechTypeList.toByteArray();
|
||||
return encoded;
|
||||
return mechTypeList.toByteArray();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -730,7 +729,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
}
|
||||
|
||||
// Only called on acceptor side. On the initiator side, most flags
|
||||
// are already set at request. For those that might get chanegd,
|
||||
// are already set at request. For those that might get changed,
|
||||
// state from mech below is used.
|
||||
private void setContextFlags() {
|
||||
|
||||
@ -824,7 +823,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
}
|
||||
|
||||
// now verify the token
|
||||
boolean valid = false;
|
||||
boolean valid;
|
||||
try {
|
||||
MessageProp prop = new MessageProp(0, true);
|
||||
verifyMIC(token, 0, token.length, mechTypes,
|
||||
@ -844,7 +843,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
* call gss_init_sec_context for the corresponding underlying mechanism
|
||||
*/
|
||||
private byte[] GSS_initSecContext(byte[] token) throws GSSException {
|
||||
byte[] tok = null;
|
||||
byte[] tok;
|
||||
|
||||
if (mechContext == null) {
|
||||
// initialize mech context
|
||||
@ -874,11 +873,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
}
|
||||
|
||||
// pass token
|
||||
if (token != null) {
|
||||
tok = token;
|
||||
} else {
|
||||
tok = new byte[0];
|
||||
}
|
||||
tok = Objects.requireNonNullElseGet(token, () -> new byte[0]);
|
||||
|
||||
// pass token to mechanism initSecContext
|
||||
byte[] init_token = mechContext.initSecContext(tok, 0, tok.length);
|
||||
@ -1099,10 +1094,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
return null;
|
||||
}
|
||||
// determine delegated cred element usage
|
||||
boolean initiate = false;
|
||||
if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) {
|
||||
initiate = true;
|
||||
}
|
||||
boolean initiate = delegCred.getUsage() == GSSCredential.INITIATE_ONLY;
|
||||
GSSCredentialSpi mechCred =
|
||||
delegCred.getElement(internal_mech, initiate);
|
||||
SpNegoCredElement cred = new SpNegoCredElement(mechCred);
|
||||
@ -1123,7 +1115,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
}
|
||||
}
|
||||
|
||||
public final byte[] wrap(byte inBuf[], int offset, int len,
|
||||
public final byte[] wrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
if (mechContext != null) {
|
||||
return mechContext.wrap(inBuf, offset, len, msgProp);
|
||||
@ -1144,7 +1136,7 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
}
|
||||
}
|
||||
|
||||
public final byte[] unwrap(byte inBuf[], int offset, int len,
|
||||
public final byte[] unwrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp)
|
||||
throws GSSException {
|
||||
if (mechContext != null) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -40,7 +40,7 @@ import sun.security.jgss.spi.GSSCredentialSpi;
|
||||
*/
|
||||
public class SpNegoCredElement implements GSSCredentialSpi {
|
||||
|
||||
private GSSCredentialSpi cred = null;
|
||||
private final GSSCredentialSpi cred;
|
||||
|
||||
public SpNegoCredElement(GSSCredentialSpi cred) throws GSSException {
|
||||
this.cred = cred;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -52,7 +52,7 @@ public final class SpNegoMechFactory implements MechanismFactory {
|
||||
static final Oid GSS_SPNEGO_MECH_OID =
|
||||
GSSUtil.createOid("1.3.6.1.5.5.2");
|
||||
|
||||
private static Oid[] nameTypes =
|
||||
private static final Oid[] nameTypes =
|
||||
new Oid[] { GSSName.NT_USER_NAME,
|
||||
GSSName.NT_HOSTBASED_SERVICE,
|
||||
GSSName.NT_EXPORT_NAME};
|
||||
@ -182,7 +182,7 @@ public final class SpNegoMechFactory implements MechanismFactory {
|
||||
return new SpNegoContext(this, exportedContext);
|
||||
}
|
||||
|
||||
public final Oid getMechanismOid() {
|
||||
public Oid getMechanismOid() {
|
||||
return GSS_SPNEGO_MECH_OID;
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,14 +25,16 @@
|
||||
|
||||
package sun.security.jgss.spnego;
|
||||
|
||||
import java.io.*;
|
||||
import java.util.*;
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.util.*;
|
||||
import sun.security.jgss.*;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import sun.security.jgss.GSSToken;
|
||||
import sun.security.util.DerOutputStream;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Astract class for SPNEGO tokens.
|
||||
* Abstract class for SPNEGO tokens.
|
||||
* Implementation is based on RFC 2478
|
||||
*
|
||||
* NegotiationToken ::= CHOICE {
|
||||
@ -49,13 +51,13 @@ abstract class SpNegoToken extends GSSToken {
|
||||
static final int NEG_TOKEN_INIT_ID = 0x00;
|
||||
static final int NEG_TOKEN_TARG_ID = 0x01;
|
||||
|
||||
static enum NegoResult {
|
||||
enum NegoResult {
|
||||
ACCEPT_COMPLETE,
|
||||
ACCEPT_INCOMPLETE,
|
||||
REJECT,
|
||||
};
|
||||
}
|
||||
|
||||
private int tokenType;
|
||||
private final int tokenType;
|
||||
|
||||
// property
|
||||
static final boolean DEBUG = SpNegoContext.DEBUG;
|
||||
@ -149,26 +151,6 @@ abstract class SpNegoToken extends GSSToken {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the enumerated type of the Negotiation result.
|
||||
*
|
||||
* @param result the negotiated result represented by integer
|
||||
* @return the enumerated type of Negotiated result
|
||||
*/
|
||||
static NegoResult getNegoResultType(int result) {
|
||||
switch (result) {
|
||||
case 0:
|
||||
return NegoResult.ACCEPT_COMPLETE;
|
||||
case 1:
|
||||
return NegoResult.ACCEPT_INCOMPLETE;
|
||||
case 2:
|
||||
return NegoResult.REJECT;
|
||||
default:
|
||||
// unknown - return optimistic result
|
||||
return NegoResult.ACCEPT_COMPLETE;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a string representing the negotiation result.
|
||||
*
|
||||
|
@ -40,9 +40,9 @@ import sun.security.jgss.spi.GSSNameSpi;
|
||||
public class GSSCredElement implements GSSCredentialSpi {
|
||||
private final Cleaner.Cleanable cleanable;
|
||||
|
||||
private int usage;
|
||||
private final int usage;
|
||||
final long pCred; // Pointer to the gss_cred_id_t structure
|
||||
private GSSNameElement name = null;
|
||||
private GSSNameElement name;
|
||||
private final GSSLibStub cStub;
|
||||
|
||||
// Perform the necessary ServicePermission check on this cred
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,13 +25,12 @@
|
||||
|
||||
package sun.security.jgss.wrapper;
|
||||
|
||||
import java.util.Hashtable;
|
||||
import org.ietf.jgss.Oid;
|
||||
import org.ietf.jgss.GSSName;
|
||||
import org.ietf.jgss.ChannelBinding;
|
||||
import org.ietf.jgss.MessageProp;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import org.ietf.jgss.MessageProp;
|
||||
import org.ietf.jgss.Oid;
|
||||
|
||||
import java.util.Hashtable;
|
||||
|
||||
/**
|
||||
* This class is essentially a JNI calling stub for all wrapper classes.
|
||||
@ -42,7 +41,7 @@ import sun.security.jgss.GSSUtil;
|
||||
|
||||
class GSSLibStub {
|
||||
|
||||
private Oid mech;
|
||||
private final Oid mech;
|
||||
private long pMech; // Warning: used by NativeUtil.c
|
||||
|
||||
/**
|
||||
@ -94,8 +93,8 @@ class GSSLibStub {
|
||||
native byte[] wrap(long pContext, byte[] msg, MessageProp prop);
|
||||
native byte[] unwrap(long pContext, byte[] msgToken, MessageProp prop);
|
||||
|
||||
private static Hashtable<Oid, GSSLibStub>
|
||||
table = new Hashtable<Oid, GSSLibStub>(5);
|
||||
private static final Hashtable<Oid, GSSLibStub>
|
||||
table = new Hashtable<>(5);
|
||||
|
||||
static GSSLibStub getInstance(Oid mech) throws GSSException {
|
||||
GSSLibStub s = table.get(mech);
|
||||
|
@ -25,21 +25,21 @@
|
||||
|
||||
package sun.security.jgss.wrapper;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import java.lang.ref.Cleaner;
|
||||
import java.security.Provider;
|
||||
import java.security.Security;
|
||||
import java.io.IOException;
|
||||
import sun.security.krb5.Realm;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import org.ietf.jgss.GSSName;
|
||||
import org.ietf.jgss.Oid;
|
||||
import sun.security.jgss.GSSExceptionImpl;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
import sun.security.jgss.spi.GSSNameSpi;
|
||||
import sun.security.krb5.Realm;
|
||||
import sun.security.util.DerInputStream;
|
||||
import sun.security.util.DerOutputStream;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import sun.security.jgss.GSSExceptionImpl;
|
||||
import sun.security.jgss.spi.GSSNameSpi;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
|
||||
import javax.security.auth.kerberos.ServicePermission;
|
||||
import java.io.IOException;
|
||||
import java.lang.ref.Cleaner;
|
||||
import java.security.Provider;
|
||||
|
||||
/**
|
||||
* This class is essentially a wrapper class for the gss_name_t
|
||||
@ -133,7 +133,7 @@ public class GSSNameElement implements GSSNameSpi {
|
||||
// Need to add back the mech Oid portion (stripped
|
||||
// off by GSSNameImpl class prior to calling this
|
||||
// method) for "NT_EXPORT_NAME"
|
||||
byte[] mechBytes = null;
|
||||
byte[] mechBytes;
|
||||
DerOutputStream dout = new DerOutputStream();
|
||||
Oid mech = cStub.getMech();
|
||||
try {
|
||||
@ -190,7 +190,7 @@ public class GSSNameElement implements GSSNameSpi {
|
||||
}
|
||||
|
||||
private void setPrintables() throws GSSException {
|
||||
Object[] printables = null;
|
||||
Object[] printables;
|
||||
printables = cStub.displayName(pName);
|
||||
assert((printables != null) && (printables.length == 2));
|
||||
printableName = (String) printables[0];
|
||||
@ -203,7 +203,7 @@ public class GSSNameElement implements GSSNameSpi {
|
||||
|
||||
// Need to be public for GSSUtil.getSubject()
|
||||
public String getKrbName() throws GSSException {
|
||||
long mName = 0;
|
||||
long mName;
|
||||
GSSLibStub stub = cStub;
|
||||
if (!GSSUtil.isKerberosMech(cStub.getMech())) {
|
||||
stub = GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID);
|
||||
@ -253,7 +253,7 @@ public class GSSNameElement implements GSSNameSpi {
|
||||
|
||||
int mechOidLen = (((0xFF & nameVal[pos++]) << 8) |
|
||||
(0xFF & nameVal[pos++]));
|
||||
ObjectIdentifier temp = null;
|
||||
ObjectIdentifier temp;
|
||||
try {
|
||||
DerInputStream din = new DerInputStream(nameVal, pos,
|
||||
mechOidLen);
|
||||
|
@ -29,7 +29,7 @@ import java.lang.ref.Cleaner;
|
||||
import javax.security.auth.kerberos.ServicePermission;
|
||||
|
||||
/**
|
||||
* This class is an utility class for Kerberos related stuff.
|
||||
* This class is a utility class for Kerberos related stuff.
|
||||
* @author Valerie Peng
|
||||
* @since 1.6
|
||||
*/
|
||||
@ -44,9 +44,7 @@ class Krb5Util {
|
||||
String krbPrinc = name.getKrbName();
|
||||
int atIndex = krbPrinc.indexOf('@');
|
||||
String realm = krbPrinc.substring(atIndex + 1);
|
||||
StringBuilder sb = new StringBuilder("krbtgt/");
|
||||
sb.append(realm).append('@').append(realm);
|
||||
return sb.toString();
|
||||
return "krbtgt/" + realm + '@' + realm;
|
||||
}
|
||||
|
||||
// Perform the Service Permission check using the specified
|
||||
|
@ -65,7 +65,7 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
private long pContext = 0; // Pointer to the gss_ctx_id_t structure
|
||||
private GSSNameElement srcName;
|
||||
private GSSNameElement targetName;
|
||||
private boolean isInitiator;
|
||||
private final boolean isInitiator;
|
||||
private boolean isEstablished;
|
||||
private GSSCredElement delegatedCred;
|
||||
private int flags;
|
||||
@ -89,7 +89,7 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
throws GSSException {
|
||||
Oid mech = null;
|
||||
if (isInitiator) {
|
||||
GSSHeader header = null;
|
||||
GSSHeader header;
|
||||
try {
|
||||
header = new GSSHeader(new ByteArrayInputStream(token));
|
||||
} catch (IOException ioe) {
|
||||
@ -146,10 +146,8 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
if (sm != null) {
|
||||
String targetStr = targetName.getKrbName();
|
||||
String tgsStr = Krb5Util.getTGSName(targetName);
|
||||
StringBuilder sb = new StringBuilder("\"");
|
||||
sb.append(targetStr).append("\" \"");
|
||||
sb.append(tgsStr).append('\"');
|
||||
String krbPrincPair = sb.toString();
|
||||
String krbPrincPair = "\"" + targetStr + "\" \"" +
|
||||
tgsStr + '\"';
|
||||
SunNativeProvider.debug("Checking DelegationPermission (" +
|
||||
krbPrincPair + ")");
|
||||
DelegationPermission perm =
|
||||
@ -162,7 +160,7 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
private byte[] retrieveToken(InputStream is, int mechTokenLen)
|
||||
throws GSSException {
|
||||
try {
|
||||
byte[] result = null;
|
||||
byte[] result;
|
||||
if (mechTokenLen != -1) {
|
||||
// Need to add back the GSS header for a complete GSS token
|
||||
SunNativeProvider.debug("Precomputed mechToken length: " +
|
||||
@ -461,7 +459,7 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
public int unwrap(byte[] inBuf, int inOffset, int len,
|
||||
byte[] outBuf, int outOffset,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
byte[] result = null;
|
||||
byte[] result;
|
||||
if ((inOffset != 0) || (len != inBuf.length)) {
|
||||
byte[] temp = new byte[len];
|
||||
System.arraycopy(inBuf, inOffset, temp, 0, len);
|
||||
@ -488,8 +486,8 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
public int unwrap(InputStream inStream,
|
||||
byte[] outBuf, int outOffset,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
byte[] wrapped = null;
|
||||
int wLength = 0;
|
||||
byte[] wrapped;
|
||||
int wLength;
|
||||
try {
|
||||
wrapped = new byte[inStream.available()];
|
||||
wLength = inStream.read(wrapped);
|
||||
@ -516,7 +514,7 @@ class NativeGSSContext implements GSSContextSpi {
|
||||
public void getMIC(InputStream inStream, OutputStream outStream,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
try {
|
||||
int length = 0;
|
||||
int length;
|
||||
byte[] msg = new byte[inStream.available()];
|
||||
length = inStream.read(msg);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -25,13 +25,18 @@
|
||||
|
||||
package sun.security.jgss.wrapper;
|
||||
|
||||
import org.ietf.jgss.GSSCredential;
|
||||
import org.ietf.jgss.GSSException;
|
||||
import org.ietf.jgss.Oid;
|
||||
import sun.security.jgss.GSSCaller;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import sun.security.jgss.spi.GSSContextSpi;
|
||||
import sun.security.jgss.spi.GSSCredentialSpi;
|
||||
import sun.security.jgss.spi.GSSNameSpi;
|
||||
import sun.security.jgss.spi.MechanismFactory;
|
||||
|
||||
import java.security.Provider;
|
||||
import java.util.Vector;
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import sun.security.jgss.GSSCaller;
|
||||
import sun.security.jgss.GSSExceptionImpl;
|
||||
import sun.security.jgss.spi.*;
|
||||
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
|
||||
@ -72,7 +77,7 @@ public final class NativeGSSFactory implements MechanismFactory {
|
||||
public NativeGSSFactory(GSSCaller caller) {
|
||||
this.caller = caller;
|
||||
// Have to call setMech(Oid) explicitly before calling other
|
||||
// methods. Otherwise, NPE may be thrown unexpectantly
|
||||
// methods. Otherwise, NPE may be thrown unexpectedly
|
||||
}
|
||||
|
||||
public void setMech(Oid mech) throws GSSException {
|
||||
@ -96,14 +101,14 @@ public final class NativeGSSFactory implements MechanismFactory {
|
||||
int acceptLifetime,
|
||||
int usage)
|
||||
throws GSSException {
|
||||
GSSNameElement nname = null;
|
||||
GSSNameElement nname;
|
||||
if (name != null && !(name instanceof GSSNameElement)) {
|
||||
nname = (GSSNameElement)
|
||||
getNameElement(name.toString(), name.getStringNameType());
|
||||
} else nname = (GSSNameElement) name;
|
||||
|
||||
if (usage == GSSCredential.INITIATE_AND_ACCEPT) {
|
||||
// Force separate acqusition of cred element since
|
||||
// Force separate acquisition of cred element since
|
||||
// MIT's impl does not correctly report NO_CRED error.
|
||||
usage = GSSCredential.INITIATE_ONLY;
|
||||
}
|
||||
@ -137,8 +142,7 @@ public final class NativeGSSFactory implements MechanismFactory {
|
||||
if (peer == null) {
|
||||
throw new GSSException(GSSException.BAD_NAME);
|
||||
} else if (!(peer instanceof GSSNameElement)) {
|
||||
peer = (GSSNameElement)
|
||||
getNameElement(peer.toString(), peer.getStringNameType());
|
||||
peer = getNameElement(peer.toString(), peer.getStringNameType());
|
||||
}
|
||||
if (myCred == null) {
|
||||
myCred = getCredFromSubject(null, true);
|
||||
@ -165,7 +169,7 @@ public final class NativeGSSFactory implements MechanismFactory {
|
||||
return cStub.importContext(exportedContext);
|
||||
}
|
||||
|
||||
public final Oid getMechanismOid() {
|
||||
public Oid getMechanismOid() {
|
||||
return cStub.getMech();
|
||||
}
|
||||
|
||||
|
@ -25,6 +25,7 @@
|
||||
|
||||
package sun.security.jgss.wrapper;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.HashMap;
|
||||
import java.security.Provider;
|
||||
import java.security.AccessController;
|
||||
@ -46,6 +47,7 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
|
||||
public final class SunNativeProvider extends Provider {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -238911724858694204L;
|
||||
|
||||
private static final String NAME = "SunNativeGSS";
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -66,7 +67,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
*/
|
||||
/* V4 of the credentials cache format allows for header tags */
|
||||
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public CCacheInputStream(InputStream is){
|
||||
super(is);
|
||||
@ -109,8 +110,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
*/
|
||||
// made public for KinitOptions to call directly
|
||||
public PrincipalName readPrincipal(int version) throws IOException, RealmException {
|
||||
int type, length, namelength, kret;
|
||||
String[] pname = null;
|
||||
int type, length, namelength;
|
||||
String realm;
|
||||
/* Read principal type */
|
||||
if (version == KRB5_FCC_FVNO_1) {
|
||||
@ -119,7 +119,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
type = read(4);
|
||||
}
|
||||
length = readLength4();
|
||||
List<String> result = new ArrayList<String>();
|
||||
List<String> result = new ArrayList<>();
|
||||
/*
|
||||
* DCE includes the principal's realm in the count; the new format
|
||||
* does not.
|
||||
@ -141,13 +141,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
}
|
||||
return new PrincipalName(
|
||||
type,
|
||||
result.toArray(new String[result.size()]),
|
||||
result.toArray(new String[0]),
|
||||
new Realm(realm));
|
||||
}
|
||||
try {
|
||||
return new PrincipalName(
|
||||
type,
|
||||
result.toArray(new String[result.size()]),
|
||||
result.toArray(new String[0]),
|
||||
Realm.getDefault());
|
||||
} catch (RealmException re) {
|
||||
return null;
|
||||
@ -200,10 +200,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
}
|
||||
|
||||
boolean readskey() throws IOException {
|
||||
if (read() == 0) {
|
||||
return false;
|
||||
}
|
||||
else return true;
|
||||
return read() != 0;
|
||||
}
|
||||
|
||||
HostAddress[] readAddr() throws IOException, KrbApErrException {
|
||||
@ -225,7 +222,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
result[j] = (byte)read(1);
|
||||
addrs.add(new HostAddress(addrType, result));
|
||||
}
|
||||
return addrs.toArray(new HostAddress[addrs.size()]);
|
||||
return addrs.toArray(new HostAddress[0]);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
@ -235,14 +232,14 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
num = readLength4();
|
||||
if (num > 0) {
|
||||
List<AuthorizationDataEntry> auData = new ArrayList<>();
|
||||
byte[] data = null;
|
||||
byte[] data;
|
||||
for (int i = 0; i < num; i++) {
|
||||
adtype = read(2);
|
||||
adlength = readLength4();
|
||||
data = IOUtils.readExactlyNBytes(this, adlength);
|
||||
auData.add(new AuthorizationDataEntry(adtype, data));
|
||||
}
|
||||
return auData.toArray(new AuthorizationDataEntry[auData.size()]);
|
||||
return auData.toArray(new AuthorizationDataEntry[0]);
|
||||
}
|
||||
else return null;
|
||||
}
|
||||
@ -329,9 +326,9 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
* @return the next cred or config entry, null if data unparseable.
|
||||
*
|
||||
* When data is unparseable, this method makes sure the correct number of
|
||||
* bytes are consumed so it's safe to start reading the next element.
|
||||
* bytes are consumed, so it's safe to start reading the next element.
|
||||
*/
|
||||
Object readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
|
||||
Object readCred(int version) throws IOException, RealmException, KrbApErrException, Asn1Exception {
|
||||
PrincipalName cpname = null;
|
||||
try {
|
||||
cpname = readPrincipal(version);
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -189,7 +190,7 @@ public class Credentials {
|
||||
//
|
||||
// This class is for the initiator side. Also, authdata inside a ccache
|
||||
// is most likely to be the one in Authenticator in PA-TGS-REQ encoded
|
||||
// in TGS-REQ, therefore only stored with a service ticket. Currently
|
||||
// in TGS-REQ, therefore only stored with a service ticket. Currently,
|
||||
// in Java, we only reads TGTs.
|
||||
return new sun.security.krb5.Credentials(ticket, cname, null, sname,
|
||||
null, key, flags, authtime, starttime, endtime, renewTill,
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,13 +38,12 @@ import java.util.List;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* CredentialsCache stores credentials(tickets, session keys, etc) in a semi-permanent store
|
||||
* CredentialsCache stores credentials(tickets, session keys, etc.) in a semi-permanent store
|
||||
* for later use by different program.
|
||||
*
|
||||
* @author Yanni Zhang
|
||||
*/
|
||||
public abstract class CredentialsCache {
|
||||
static CredentialsCache singleton = null;
|
||||
static String cacheName;
|
||||
|
||||
public static CredentialsCache getInstance(PrincipalName principal) {
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -43,21 +44,21 @@ public interface FileCCacheConstants {
|
||||
*
|
||||
* FCC version 3 contains keyblock encryption type information, and is
|
||||
* architecture independent. Previous versions are not. */
|
||||
public final int KRB5_FCC_FVNO_1 = 0x501;
|
||||
public final int KRB5_FCC_FVNO_2 = 0x502;
|
||||
public final int KRB5_FCC_FVNO_3 = 0x503;
|
||||
public final int KRB5_FCC_FVNO_4 = 0x504;
|
||||
public final int FCC_TAG_DELTATIME = 1;
|
||||
public final int KRB5_NT_UNKNOWN = 0;
|
||||
public final int TKT_FLG_FORWARDABLE = 0x40000000;
|
||||
public final int TKT_FLG_FORWARDED = 0x20000000;
|
||||
public final int TKT_FLG_PROXIABLE = 0x10000000;
|
||||
public final int TKT_FLG_PROXY = 0x08000000;
|
||||
public final int TKT_FLG_MAY_POSTDATE = 0x04000000;
|
||||
public final int TKT_FLG_POSTDATED = 0x02000000;
|
||||
public final int TKT_FLG_INVALID = 0x01000000;
|
||||
public final int TKT_FLG_RENEWABLE = 0x00800000;
|
||||
public final int TKT_FLG_INITIAL = 0x00400000;
|
||||
public final int TKT_FLG_PRE_AUTH = 0x00200000;
|
||||
public final int TKT_FLG_HW_AUTH = 0x00100000;
|
||||
int KRB5_FCC_FVNO_1 = 0x501;
|
||||
int KRB5_FCC_FVNO_2 = 0x502;
|
||||
int KRB5_FCC_FVNO_3 = 0x503;
|
||||
int KRB5_FCC_FVNO_4 = 0x504;
|
||||
int FCC_TAG_DELTATIME = 1;
|
||||
int KRB5_NT_UNKNOWN = 0;
|
||||
int TKT_FLG_FORWARDABLE = 0x40000000;
|
||||
int TKT_FLG_FORWARDED = 0x20000000;
|
||||
int TKT_FLG_PROXIABLE = 0x10000000;
|
||||
int TKT_FLG_PROXY = 0x08000000;
|
||||
int TKT_FLG_MAY_POSTDATE = 0x04000000;
|
||||
int TKT_FLG_POSTDATED = 0x02000000;
|
||||
int TKT_FLG_INVALID = 0x01000000;
|
||||
int TKT_FLG_RENEWABLE = 0x00800000;
|
||||
int TKT_FLG_INITIAL = 0x00400000;
|
||||
int TKT_FLG_PRE_AUTH = 0x00200000;
|
||||
int TKT_FLG_HW_AUTH = 0x00100000;
|
||||
}
|
||||
|
@ -39,6 +39,7 @@ import sun.security.krb5.internal.*;
|
||||
import sun.security.util.SecurityProperties;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
@ -54,7 +55,7 @@ import java.io.InputStreamReader;
|
||||
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
||||
|
||||
/**
|
||||
* CredentialsCache stores credentials(tickets, session keys, etc) in a
|
||||
* CredentialsCache stores credentials(tickets, session keys, etc.) in a
|
||||
* semi-permanent store
|
||||
* for later use by different program.
|
||||
*
|
||||
@ -68,8 +69,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
public Tag tag; // optional
|
||||
public PrincipalName primaryPrincipal;
|
||||
private Vector<Credentials> credentialsList;
|
||||
private static String dir;
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public static synchronized FileCredentialsCache acquireInstance(
|
||||
PrincipalName principal, String cache) {
|
||||
@ -139,9 +139,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
|
||||
boolean exists(String cache) {
|
||||
File file = new File(cache);
|
||||
if (file.exists()) {
|
||||
return true;
|
||||
} else return false;
|
||||
return file.exists();
|
||||
}
|
||||
|
||||
synchronized void init(PrincipalName principal, String name)
|
||||
@ -176,7 +174,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
} else
|
||||
primaryPrincipal = p;
|
||||
credentialsList = new Vector<Credentials>();
|
||||
credentialsList = new Vector<>();
|
||||
while (cis.available() > 0) {
|
||||
Object cred = cis.readCred(version);
|
||||
if (cred != null) {
|
||||
@ -203,7 +201,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
if (credentialsList.isEmpty()) {
|
||||
credentialsList.addElement(c);
|
||||
} else {
|
||||
Credentials tmp = null;
|
||||
Credentials tmp;
|
||||
boolean matched = false;
|
||||
|
||||
for (int i = 0; i < credentialsList.size(); i++) {
|
||||
@ -224,7 +222,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
}
|
||||
}
|
||||
if (matched == false) {
|
||||
if (!matched) {
|
||||
if (DEBUG) {
|
||||
System.out.println(" >>> FileCredentialsCache Ticket "
|
||||
+ "not exactly matched, "
|
||||
@ -249,7 +247,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
try (FileOutputStream fos = new FileOutputStream(cacheName);
|
||||
CCacheOutputStream cos = new CCacheOutputStream(fos)) {
|
||||
cos.writeHeader(primaryPrincipal, version);
|
||||
Credentials[] tmp = null;
|
||||
Credentials[] tmp;
|
||||
if ((tmp = getCredsList()) != null) {
|
||||
for (int i = 0; i < tmp.length; i++) {
|
||||
cos.addCreds(tmp[i]);
|
||||
@ -310,7 +308,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
}
|
||||
|
||||
private List<ConfigEntry> configEntries = new ArrayList<>();
|
||||
private final List<ConfigEntry> configEntries = new ArrayList<>();
|
||||
|
||||
@Override
|
||||
public void addConfigEntry(ConfigEntry e) {
|
||||
@ -451,18 +449,15 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
// http://docs.oracle.com/cd/E19082-01/819-2252/6n4i8rtr3/index.html
|
||||
@SuppressWarnings("removal")
|
||||
String name = java.security.AccessController.doPrivileged(
|
||||
new java.security.PrivilegedAction<String>() {
|
||||
@Override
|
||||
public String run() {
|
||||
String cache = System.getenv("KRB5CCNAME");
|
||||
if (cache != null &&
|
||||
(cache.length() >= 5) &&
|
||||
cache.regionMatches(true, 0, "FILE:", 0, 5)) {
|
||||
cache = cache.substring(5);
|
||||
}
|
||||
return cache;
|
||||
}
|
||||
});
|
||||
(PrivilegedAction<String>) () -> {
|
||||
String cache = System.getenv("KRB5CCNAME");
|
||||
if (cache != null &&
|
||||
(cache.length() >= 5) &&
|
||||
cache.regionMatches(true, 0, "FILE:", 0, 5)) {
|
||||
cache = cache.substring(5);
|
||||
}
|
||||
return cache;
|
||||
});
|
||||
if (name != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KinitOptions cache name is " + name);
|
||||
@ -528,7 +523,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
|
||||
public static String checkValidation(String name) {
|
||||
String fullname = null;
|
||||
String fullname;
|
||||
if (name == null) {
|
||||
return null;
|
||||
}
|
||||
@ -565,18 +560,16 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
@SuppressWarnings("removal")
|
||||
Process p =
|
||||
java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction<Process> () {
|
||||
public Process run() {
|
||||
try {
|
||||
return (Runtime.getRuntime().exec(command));
|
||||
} catch (java.io.IOException e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
((PrivilegedAction<Process>) () -> {
|
||||
try {
|
||||
return (Runtime.getRuntime().exec(command));
|
||||
} catch (IOException e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
});
|
||||
return null;
|
||||
}
|
||||
});
|
||||
if (p == null) {
|
||||
// exception occurred during executing the command
|
||||
return null;
|
||||
@ -585,7 +578,7 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
BufferedReader commandResult =
|
||||
new BufferedReader
|
||||
(new InputStreamReader(p.getInputStream(), ISO_8859_1));
|
||||
String s1 = null;
|
||||
String s1;
|
||||
if ((command.length == 1) &&
|
||||
(command[0].equals("/usr/bin/env"))) {
|
||||
while ((s1 = commandResult.readLine()) != null) {
|
||||
|
8
src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java
8
src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/MemoryCredentialsCache.java
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,10 +31,11 @@
|
||||
|
||||
package sun.security.krb5.internal.ccache;
|
||||
|
||||
import sun.security.krb5.*;
|
||||
import sun.security.krb5.internal.*;
|
||||
import java.io.IOException;
|
||||
import sun.security.krb5.KrbException;
|
||||
import sun.security.krb5.PrincipalName;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
|
||||
//Windows supports the "API: cache" type, which is a shared memory cache. This is
|
||||
//implemented by krbcc32.dll as part of the MIT Kerberos for Win32 distribution.
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,7 +31,6 @@
|
||||
|
||||
package sun.security.krb5.internal.ccache;
|
||||
|
||||
import sun.security.krb5.*;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
|
||||
/**
|
||||
|
Loading…
x
Reference in New Issue
Block a user