From 679930dc1804692d5feadf28e25430b6063d0b3e Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Mon, 2 Dec 2024 12:26:57 -0500 Subject: [PATCH] the fix --- .../sun/security/krb5/PrincipalName.java | 21 +---- .../classes/sun/security/krb5/Realm.java | 3 - .../sun/security/krb5/name/Constructors.java | 78 +++++++++---------- 3 files changed, 39 insertions(+), 63 deletions(-) diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java index 130f2c23f8670..9bee88eab9beb 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java @@ -99,7 +99,6 @@ public class PrincipalName implements Cloneable { * TGS Name */ public static final String TGS_DEFAULT_SRV_NAME = "krbtgt"; - public static final int TGS_DEFAULT_NT = KRB_NT_SRV_INST; public static final char NAME_COMPONENT_SEPARATOR = '/'; public static final char NAME_REALM_SEPARATOR = '@'; @@ -107,7 +106,6 @@ public class PrincipalName implements Cloneable { public static final String NAME_COMPONENT_SEPARATOR_STR = "/"; public static final String NAME_REALM_SEPARATOR_STR = "@"; - public static final String REALM_COMPONENT_SEPARATOR_STR = "."; private static final boolean NAME_CASE_SENSITIVE_IN_MATCH = "true".equalsIgnoreCase( @@ -135,12 +133,6 @@ public class PrincipalName implements Cloneable { private final Realm nameRealm; // not null - /** - * When constructing a PrincipalName, whether the realm is included in - * the input, or deduced from default realm or domain-realm mapping. - */ - private final boolean realmDeduced; - // cached default salt, not used in clone private transient String salt = null; @@ -161,7 +153,6 @@ public PrincipalName(int nameType, String[] nameStrings, Realm nameRealm) { this.nameType = nameType; this.nameStrings = nameStrings.clone(); this.nameRealm = nameRealm; - this.realmDeduced = false; } // Warning: called by NativeCreds.c @@ -251,7 +242,6 @@ public PrincipalName(DerValue encoding, Realm realm) if (realm == null) { throw new IllegalArgumentException("Null realm not allowed"); } - realmDeduced = false; nameRealm = realm; DerValue der; if (encoding == null) { @@ -405,9 +395,6 @@ public PrincipalName(String name, int type, String realm) realm = Realm.parseRealmAtSeparator(name); } - // No realm info from parameter and string, must deduce later - realmDeduced = realm == null; - switch (type) { case KRB_NT_SRV_HST: if (nameParts.length >= 2) { @@ -437,8 +424,8 @@ public PrincipalName(String name, int type, String realm) hostName.toLowerCase(Locale.ENGLISH) + ".")) { hostName = canonicalized; } - } catch (UnknownHostException | SecurityException e) { - // not canonicalized or no permission to do so, use old + } catch (UnknownHostException e) { + // not canonicalized, use old } if (hostName.endsWith(".")) { hostName = hostName.substring(0, hostName.length() - 1); @@ -726,8 +713,4 @@ static String mapHostToRealm(String name) { } return result; } - - public boolean isRealmDeduced() { - return realmDeduced; - } } diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java b/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java index 93dbfe2b23733..758c0ce4f64bc 100644 --- a/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java +++ b/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java @@ -47,9 +47,6 @@ */ public class Realm implements Cloneable { - public static final boolean AUTODEDUCEREALM = - Boolean.getBoolean("sun.security.krb5.autodeducerealm"); - private final String realm; // not null nor empty public Realm(String name) throws RealmException { diff --git a/test/jdk/sun/security/krb5/name/Constructors.java b/test/jdk/sun/security/krb5/name/Constructors.java index f3943cc88ef3f..733a9e421f832 100644 --- a/test/jdk/sun/security/krb5/name/Constructors.java +++ b/test/jdk/sun/security/krb5/name/Constructors.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,23 +41,22 @@ public static void main(String[] args) throws Exception { // Good ones type = PrincipalName.KRB_NT_UNKNOWN; - checkName("a", type, "R", "R", false, "a"); - checkName("a@R2", type, "R", "R", false, "a"); - checkName("a/b", type, "R", "R", false, "a", "b"); - checkName("a/b@R2", type, "R", "R", false, "a", "b"); - checkName("a/b/c", type, "R", "R", false, "a", "b", "c"); - checkName("a/b/c@R2", type, "R", "R", false, "a", "b", "c"); + checkName("a", type, "R", "R", "a"); + checkName("a@R2", type, "R", "R", "a"); + checkName("a/b", type, "R", "R", "a", "b"); + checkName("a/b@R2", type, "R", "R", "a", "b"); + checkName("a/b/c", type, "R", "R", "a", "b", "c"); + checkName("a/b/c@R2", type, "R", "R", "a", "b", "c"); // Weird ones - checkName("a\\/b", type, "R", "R", false, "a/b"); - checkName("a\\/b\\/c", type, "R", "R", false, "a/b/c"); - checkName("a\\/b\\@R2", type, "R", "R", false, "a/b@R2"); + checkName("a\\/b", type, "R", "R", "a/b"); + checkName("a\\/b\\/c", type, "R", "R", "a/b/c"); + checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2"); // Bad ones - checkName("a", type, "", null, false); - checkName("a/", type, "R", null, false); - checkName("/a", type, "R", null, false); - checkName("a//b", type, "R", null, false); - checkName("a@", type, null, null, false); - type = PrincipalName.KRB_NT_SRV_HST; + checkName("a", type, "", null); + checkName("a/", type, "R", null); + checkName("/a", type, "R", null); + checkName("a//b", type, "R", null); + checkName("a@", type, null, null); // Part 2: on realm choices @@ -78,17 +77,17 @@ public static void main(String[] args) throws Exception { if (testNoDefaultDomain) { type = PrincipalName.KRB_NT_UNKNOWN; - checkName("a", type, "R1", "R1", false, "a"); // arg - checkName("a@R1", type, null, "R1", false, "a"); // or r in name - checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r - checkName("a", type, null, null, false); // fail if none - checkName("a/b@R1", type, null, "R1", false, "a", "b"); + checkName("a", type, "R1", "R1", "a"); // arg + checkName("a@R1", type, null, "R1", "a"); // or r in name + checkName("a@R2", type, "R1", "R1", "a"); // arg over r + checkName("a", type, null, null); // fail if none + checkName("a/b@R1", type, null, "R1", "a", "b"); type = PrincipalName.KRB_NT_SRV_HST; // Let's pray "b.h" won't be canonicalized - checkName("a/b.h", type, "R1", "R1", false, "a", "b.h"); // arg - checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name - checkName("a/b.h@R1", type, "R2", "R2", false, "a", "b.h"); // arg over r - checkName("a/b.h", type, null, null, false); // fail if none + checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg + checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name + checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r + checkName("a/b.h", type, null, null); // fail if none } // When there is default realm @@ -97,25 +96,25 @@ public static void main(String[] args) throws Exception { Config.refresh(); type = PrincipalName.KRB_NT_UNKNOWN; - checkName("a", type, "R1", "R1", false, "a"); // arg - checkName("a@R1", type, null, "R1", false, "a"); // or r in name - checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r - checkName("a", type, null, "R", true, "a"); // default - checkName("a/b", type, null, "R", true, "a", "b"); + checkName("a", type, "R1", "R1", "a"); // arg + checkName("a@R1", type, null, "R1", "a"); // or r in name + checkName("a@R2", type, "R1", "R1", "a"); // arg over r + checkName("a", type, null, "R", "a"); // default + checkName("a/b", type, null, "R", "a", "b"); type = PrincipalName.KRB_NT_SRV_HST; - checkName("a/b.h3", type, "R1", "R1", false, "a", "b.h3"); // arg - checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name - checkName("a/b.h3@R2", type, "R1", "R1", false, "a", "b.h3"); // arg over r - checkName("a/b.h2", type, "R1", "R1", false, "a", "b.h2"); // arg over map - checkName("a/b.h2@R1", type, null, "R1", false, "a", "b.h2"); // r over map - checkName("a/b.h2", type, null, "R2", true, "a", "b.h2"); // map - checkName("a/b.h", type, null, "R", true, "a", "b.h"); // default + checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg + checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name + checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r + checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map + checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map + checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map + checkName("a/b.h", type, null, "R", "a", "b.h"); // default } // Check if the creation matches the expected output. // Note: realm == null means creation failure static void checkName(String n, int t, String s, - String realm, boolean deduced, String... parts) + String realm, String... parts) throws Exception { PrincipalName pn = null; try { @@ -132,8 +131,5 @@ static void checkName(String n, int t, String s, throw new Exception(pn.toString() + " vs " + Arrays.toString(parts) + "@" + realm); } - if (deduced != pn.isRealmDeduced()) { - throw new Exception("pn.realmDeduced is " + pn.isRealmDeduced()); - } } }