Produced by Araxis Merge on 9/25/2018 2:13:12 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\javax\security\auth\kerberos | KeyTab.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\javax\security\auth\kerberos | KeyTab.java | Wed Sep 12 17:23:21 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 758 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 201 1, 2013, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package ja vax.securi ty.auth.ke rberos; | |
27 | ||
28 | import jav a.io.File; | |
29 | import jav a.security .AccessCon trolExcept ion; | |
30 | import jav a.util.Obj ects; | |
31 | import sun .security. krb5.Encry ptionKey; | |
32 | import sun .security. krb5.Kerbe rosSecrets ; | |
33 | import sun .security. krb5.Princ ipalName; | |
34 | import sun .security. krb5.Realm Exception; | |
35 | ||
36 | /** | |
37 | * This cl ass encaps ulates a k eytab file . | |
38 | * <p> | |
39 | * A Kerbe ros JAAS l ogin modul e that obt ains long term PW keys from a | |
40 | * keytab file shoul d use this class. Th e login mo dule will store | |
41 | * an inst ance of th is class i n the priv ate creden tial set o f a | |
42 | * {@link javax.secu rity.auth. Subject Su bject} dur ing the co mmit phase of the | |
43 | * authent ication pr ocess. | |
44 | * <p> | |
45 | * If a {@ code KeyTa b} object is obtaine d from {@l ink #getUn boundInsta nce()} | |
46 | * or {@li nk #getUnb oundInstan ce(java.io .File)}, i t is unbou nd and thu s can be | |
47 | * used by any servi ce princip al. Otherw ise, if it 's obtaine d from | |
48 | * {@link #getInstan ce(Kerbero sPrincipal )} or | |
49 | * {@link #getInstan ce(Kerbero sPrincipal , java.io. File)}, it is bound to the | |
50 | * specifi c service principal and can on ly be used by it. | |
51 | * <p> | |
52 | * Please note the c onstructor s {@link # getInstanc e()} and | |
53 | * {@link #getInstan ce(java.io .File)} we re created when ther e was no s upport | |
54 | * for unb ound keyta bs. These methods sh ould not b e used any more. An o bject | |
55 | * created with eith er of thes e methods are consid ered to be bound to an | |
56 | * unknown principal , which me ans, its { @link #isB ound()} re turns true and | |
57 | * {@link #getPrinci pal()} ret urns null. | |
58 | * <p> | |
59 | * It migh t be neces sary for t he applica tion to be granted a | |
60 | * {@link javax.secu rity.auth. PrivateCre dentialPer mission | |
61 | * Private Credential Permission } if it ne eds to acc ess the Ke yTab | |
62 | * instanc e from a S ubject. Th is permiss ion is not needed wh en the | |
63 | * applica tion depen ds on the default JG SS Kerbero s mechanis m to acces s the | |
64 | * KeyTab. In that c ase, howev er, the ap plication will need an appropr iate | |
65 | * {@link javax.secu rity.auth. kerberos.S ervicePerm ission Ser vicePermis sion}. | |
66 | * <p> | |
67 | * The key tab file f ormat is d escribed a t | |
68 | * <a href ="http://w ww.ioplex. com/utilit ies/keytab .txt"> | |
69 | * http:// www.ioplex .com/utili ties/keyta b.txt</a>. | |
70 | * <p> | |
71 | * @since 1.7 | |
72 | */ | |
73 | public fin al class K eyTab { | |
74 | ||
75 | /* | |
76 | * Imp l notes: | |
77 | * | |
78 | * Thi s class is only a na me, a perm anent link to the ke ytab sourc e | |
79 | * (ca n be missi ng). Itsel f has no c ontent. In order to read conte nt, | |
80 | * tak e a snapsh ot and rea d from it. | |
81 | * | |
82 | * The snapshot is of type sun.secur ity.krb5.i nternal.kt ab.KeyTab, which | |
83 | * con tains the content of the keyta b file whe n the snap shot is ta ken. | |
84 | * Its elf has no refresh f unction an d mostly a n immutabl e class (e xcept | |
85 | * for the creat e/add/save methods o nly used b y the ktab command). | |
86 | */ | |
87 | ||
88 | // Sou rce, null if using t he default one. Note that the default na me | |
89 | // is maintained in snapsh ot, this f ield is ne ver "resol ved". | |
90 | privat e final Fi le file; | |
91 | ||
92 | // Bou nd user: n ormally fr om the "pr incipal" v alue in a JAAS krb5 | |
93 | // log in conf. W ill be nul l if it's "*". | |
94 | privat e final Ke rberosPrin cipal prin c; | |
95 | ||
96 | privat e final bo olean boun d; | |
97 | ||
98 | // Set up JavaxS ecurityAut hKerberosA ccess in K erberosSec rets | |
99 | static { | |
100 | Ke rberosSecr ets.setJav axSecurity AuthKerber osAccess( | |
101 | new JavaxSecur ityAuthKer berosAcces sImpl()); | |
102 | } | |
103 | ||
104 | privat e KeyTab(K erberosPri ncipal pri nc, File f ile, boole an bound) { | |
105 | th is.princ = princ; | |
106 | th is.file = file; | |
107 | th is.bound = bound; | |
108 | } | |
109 | ||
110 | /** | |
111 | * Ret urns a {@c ode KeyTab } instance from a {@ code File} object | |
112 | * tha t is bound to an unk nown servi ce princip al. | |
113 | * <p> | |
114 | * The result of this meth od is neve r null. Th is method only assoc iates | |
115 | * the returned {@code Key Tab} objec t with the file and does not r ead it. | |
116 | * <p> | |
117 | * Dev elopers sh ould call {@link #ge tInstance( KerberosPr incipal,Fi le)} | |
118 | * whe n the boun d service principal is known. | |
119 | * @pa ram file t he keytab {@code Fil e} object, must not be null | |
120 | * @re turn the k eytab inst ance | |
121 | * @th rows NullP ointerExce ption if t he {@code file} argu ment is nu ll | |
122 | */ | |
123 | public static Ke yTab getIn stance(Fil e file) { | |
124 | if (file == null) { | |
125 | throw ne w NullPoin terExcepti on("file m ust be non null"); | |
126 | } | |
127 | re turn new K eyTab(null , file, tr ue); | |
128 | } | |
129 | ||
130 | /** | |
131 | * Ret urns an un bound {@co de KeyTab} instance from a {@c ode File} | |
132 | * obj ect. | |
133 | * <p> | |
134 | * The result of this meth od is neve r null. Th is method only assoc iates | |
135 | * the returned {@code Key Tab} objec t with the file and does not r ead it. | |
136 | * @pa ram file t he keytab {@code Fil e} object, must not be null | |
137 | * @re turn the k eytab inst ance | |
138 | * @th rows NullP ointerExce ption if t he file ar gument is null | |
139 | * @si nce 1.8 | |
140 | */ | |
141 | public static Ke yTab getUn boundInsta nce(File f ile) { | |
142 | if (file == null) { | |
143 | throw ne w NullPoin terExcepti on("file m ust be non null"); | |
144 | } | |
145 | re turn new K eyTab(null , file, fa lse); | |
146 | } | |
147 | ||
148 | /** | |
149 | * Ret urns a {@c ode KeyTab } instance from a {@ code File} object | |
150 | * tha t is bound to the sp ecified se rvice prin cipal. | |
151 | * <p> | |
152 | * The result of this meth od is neve r null. Th is method only assoc iates | |
153 | * the returned {@code Key Tab} objec t with the file and does not r ead it. | |
154 | * @pa ram princ the bound service pr incipal, m ust not be null | |
155 | * @pa ram file t he keytab {@code Fil e} object, must not be null | |
156 | * @re turn the k eytab inst ance | |
157 | * @th rows NullP ointerExce ption if e ither of t he argumen ts is null | |
158 | * @si nce 1.8 | |
159 | */ | |
160 | public static Ke yTab getIn stance(Ker berosPrinc ipal princ , File fil e) { | |
161 | if (princ == null) { | |
162 | throw ne w NullPoin terExcepti on("princ must be no n null"); | |
163 | } | |
164 | if (file == null) { | |
165 | throw ne w NullPoin terExcepti on("file m ust be non null"); | |
166 | } | |
167 | re turn new K eyTab(prin c, file, t rue); | |
168 | } | |
169 | ||
170 | /** | |
171 | * Ret urns the d efault {@c ode KeyTab } instance that is b ound | |
172 | * to an unknown service p rincipal. | |
173 | * <p> | |
174 | * The result of this meth od is neve r null. Th is method only assoc iates | |
175 | * the returned {@code Key Tab} objec t with the default k eytab file and | |
176 | * doe s not read it. | |
177 | * <p> | |
178 | * Dev elopers sh ould call {@link #ge tInstance( KerberosPr incipal)} | |
179 | * whe n the boun d service principal is known. | |
180 | * @re turn the d efault key tab instan ce. | |
181 | */ | |
182 | public static Ke yTab getIn stance() { | |
183 | re turn new K eyTab(null , null, tr ue); | |
184 | } | |
185 | ||
186 | /** | |
187 | * Ret urns the d efault unb ound {@cod e KeyTab} instance. | |
188 | * <p> | |
189 | * The result of this meth od is neve r null. Th is method only assoc iates | |
190 | * the returned {@code Key Tab} objec t with the default k eytab file and | |
191 | * doe s not read it. | |
192 | * @re turn the d efault key tab instan ce | |
193 | * @si nce 1.8 | |
194 | */ | |
195 | public static Ke yTab getUn boundInsta nce() { | |
196 | re turn new K eyTab(null , null, fa lse); | |
197 | } | |
198 | ||
199 | /** | |
200 | * Ret urns the d efault {@c ode KeyTab } instance that is b ound | |
201 | * to the specif ied servic e principa l. | |
202 | * <p> | |
203 | * The result of this meth od is neve r null. Th is method only assoc iates | |
204 | * the returned {@code Key Tab} objec t with the default k eytab file and | |
205 | * doe s not read it. | |
206 | * @pa ram princ the bound service pr incipal, m ust not be null | |
207 | * @re turn the d efault key tab instan ce | |
208 | * @th rows NullP ointerExce ption if { @code prin c} is null | |
209 | * @si nce 1.8 | |
210 | */ | |
211 | public static Ke yTab getIn stance(Ker berosPrinc ipal princ ) { | |
212 | if (princ == null) { | |
213 | throw ne w NullPoin terExcepti on("princ must be no n null"); | |
214 | } | |
215 | re turn new K eyTab(prin c, null, t rue); | |
216 | } | |
217 | ||
218 | // Tak es a snaps hot of the keytab co ntent. Thi s method i s called b y | |
219 | // Jav axSecurity AuthKerber osAccessIm pl so no m ore privat e | |
220 | sun.se curity.krb 5.internal .ktab.KeyT ab takeSna pshot() { | |
221 | tr y { | |
222 | return s un.securit y.krb5.int ernal.ktab .KeyTab.ge tInstance( file); | |
223 | } catch (Acc essControl Exception ace) { | |
224 | if (file != null) { | |
225 | // I t's OK to show the n ame if cal ler specif ied it | |
226 | thro w ace; | |
227 | } else { | |
228 | Acce ssControlE xception a ce2 = new AccessCont rolExcepti on( | |
229 | "Acces s to defau lt keytab denied (mo dified exc eption)"); | |
230 | ace2 .setStackT race(ace.g etStackTra ce()); | |
231 | thro w ace2; | |
232 | } | |
233 | } | |
234 | } | |
235 | ||
236 | /** | |
237 | * Ret urns fresh keys for the given Kerberos p rincipal. | |
238 | * <p> | |
239 | * Imp lementatio n of this method sho uld make s ure the re turned key s match | |
240 | * the latest co ntent of t he keytab file. The result is a newly cr eated | |
241 | * cop y that can be modifi ed by the caller wit hout modif ying the k eytab | |
242 | * obj ect. The c aller shou ld {@link KerberosKe y#destroy( ) destroy} the | |
243 | * res ult keys a fter they are used. | |
244 | * <p> | |
245 | * Ple ase note t hat the ke ytab file can be cre ated after the | |
246 | * {@c ode KeyTab } object i s instanti ated and i ts content may chang e over | |
247 | * tim e. Therefo re, an app lication s hould call this meth od only wh en it | |
248 | * nee ds to use the keys. Any previo us result from an ea rlier invo cation | |
249 | * cou ld potenti ally be ex pired. | |
250 | * <p> | |
251 | * If there is a ny error ( say, I/O e rror or fo rmat error ) | |
252 | * dur ing the re ading proc ess of the KeyTab fi le, a save d result s hould be | |
253 | * ret urned. If there is n o saved re sult (say, this is t he first t ime this | |
254 | * met hod is cal led, or, a ll previou s read att empts fail ed), an em pty array | |
255 | * sho uld be ret urned. Thi s can make sure the result is not drasti cally | |
256 | * cha nged durin g the (pro bably slow ) update o f the keyt ab file. | |
257 | * <p> | |
258 | * Eac h time thi s method i s called a nd the rea ding of th e file suc ceeds | |
259 | * wit h no excep tion (say, I/O error or file f ormat erro r), | |
260 | * the result sh ould be sa ved for {@ code princ ipal}. The implement ation can | |
261 | * als o save key s for othe r principa ls having keys in th e same key tab object | |
262 | * if convenient . | |
263 | * <p> | |
264 | * Any unsupport ed key rea d from the keytab is ignored a nd not inc luded | |
265 | * in the result . | |
266 | * <p> | |
267 | * If this keyta b is bound to a spec ific princ ipal, call ing this m ethod on | |
268 | * ano ther princ ipal will return an empty arra y. | |
269 | * | |
270 | * @pa ram princi pal the Ke rberos pri ncipal, mu st not be null. | |
271 | * @re turn the k eys (never null, may be empty) | |
272 | * @th rows NullP ointerExce ption if t he {@code principal} | |
273 | * arg ument is n ull | |
274 | * @th rows Secur ityExcepti on if a se curity man ager exist s and the read | |
275 | * acc ess to the keytab fi le is not permitted | |
276 | */ | |
277 | public KerberosK ey[] getKe ys(Kerbero sPrincipal principal ) { | |
278 | tr y { | |
279 | if (prin c != null && !princi pal.equals (princ)) { | |
280 | retu rn new Ker berosKey[0 ]; | |
281 | } | |
282 | Principa lName pn = new Princ ipalName(p rincipal.g etName()); | |
283 | Encrypti onKey[] ke ys = takeS napshot(). readServic eKeys(pn); | |
284 | Kerberos Key[] kks = new Kerb erosKey[ke ys.length] ; | |
285 | for (int i=0; i<kk s.length; i++) { | |
286 | Inte ger tmp = keys[i].ge tKeyVersio nNumber(); | |
287 | kks[ i] = new K erberosKey ( | |
288 | princi pal, | |
289 | keys[i ].getBytes (), | |
290 | keys[i ].getEType (), | |
291 | tmp == null ? 0 : tmp.intV alue()); | |
292 | keys [i].destro y(); | |
293 | } | |
294 | return k ks; | |
295 | } catch (Rea lmExceptio n re) { | |
296 | return n ew Kerbero sKey[0]; | |
297 | } | |
298 | } | |
299 | ||
300 | Encryp tionKey[] getEncrypt ionKeys(Pr incipalNam e principa l) { | |
301 | re turn takeS napshot(). readServic eKeys(prin cipal); | |
302 | } | |
303 | ||
304 | /** | |
305 | * Che cks if the keytab fi le exists. Implement ation of t his method | |
306 | * sho uld make s ure that t he result matches th e latest s tatus of t he | |
307 | * key tab file. | |
308 | * <p> | |
309 | * The caller ca n use the result to determine if it shou ld fallbac k to | |
310 | * ano ther mecha nism to re ad the key s. | |
311 | * @re turn true if the key tab file e xists; fal se otherwi se. | |
312 | * @th rows Secur ityExcepti on if a se curity man ager exist s and the read | |
313 | * acc ess to the keytab fi le is not permitted | |
314 | */ | |
315 | public boolean e xists() { | |
316 | re turn !take Snapshot() .isMissing (); | |
317 | } | |
318 | ||
319 | public String to String() { | |
320 | St ring s = ( file == nu ll) ? "Def ault keyta b" : file. toString() ; | |
321 | if (!bound) return s; | |
322 | el se if (pri nc == null ) return s + " for s omeone"; | |
323 | el se return s + " for " + princ; | |
324 | } | |
325 | ||
326 | /** | |
327 | * Ret urns a has hcode for this KeyTa b. | |
328 | * | |
329 | * @re turn a has hCode() fo r the {@co de KeyTab} | |
330 | */ | |
331 | public int hashC ode() { | |
332 | re turn Objec ts.hash(fi le, princ, bound); | |
333 | } | |
334 | ||
335 | /** | |
336 | * Com pares the specified Object wit h this Key Tab for eq uality. | |
337 | * Ret urns true if the giv en object is also a | |
338 | * {@c ode KeyTab } and the two | |
339 | * {@c ode KeyTab } instance s are equi valent. | |
340 | * | |
341 | * @pa ram other the Object to compar e to | |
342 | * @re turn true if the spe cified obj ect is equ al to this KeyTab | |
343 | */ | |
344 | public boolean e quals(Obje ct other) { | |
345 | if (other == this) | |
346 | return t rue; | |
347 | ||
348 | if (! (other instanceo f KeyTab)) { | |
349 | return f alse; | |
350 | } | |
351 | ||
352 | Ke yTab other Ktab = (Ke yTab) othe r; | |
353 | re turn Objec ts.equals( otherKtab. princ, pri nc) && | |
354 | Obje cts.equals (otherKtab .file, fil e) && | |
355 | boun d == other Ktab.bound ; | |
356 | } | |
357 | ||
358 | /** | |
359 | * Ret urns the s ervice pri ncipal thi s {@code K eyTab} obj ect | |
360 | * is bound to. Returns {@ code null} if it's n ot bound. | |
361 | * <p> | |
362 | * Ple ase note t he depreca ted constr uctors cre ate a KeyT ab object bound for | |
363 | * som e unknown principal. In this c ase, this method als o returns null. | |
364 | * Use r can call {@link #i sBound()} to verify this case. | |
365 | * @re turn the s ervice pri ncipal | |
366 | * @si nce 1.8 | |
367 | */ | |
368 | public KerberosP rincipal g etPrincipa l() { | |
369 | re turn princ ; | |
370 | } | |
371 | ||
372 | /** | |
373 | * Ret urns if th e keytab i s bound to a princip al | |
374 | * @re turn if th e keytab i s bound to a princip al | |
375 | * @si nce 1.8 | |
376 | */ | |
377 | public boolean i sBound() { | |
378 | re turn bound ; | |
379 | } | |
380 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.