Produced by Araxis Merge on 9/25/2018 2:13:23 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\jgss\krb5 | ServiceCreds.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\jgss\krb5 | ServiceCreds.java | Wed Sep 12 17:51:51 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 3 | 520 |
Changed | 2 | 4 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 201 2, 2013, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .jgss.krb5 ; | |
27 | ||
28 | import jav ax.securit y.auth.ker beros.Kerb erosTicket ; | |
29 | import jav ax.securit y.auth.ker beros.Kerb erosKey; | |
30 | import jav ax.securit y.auth.ker beros.Kerb erosPrinci pal; | |
31 | import jav ax.securit y.auth.ker beros.KeyT ab; | |
32 | import jav ax.securit y.auth.Sub ject; | |
33 | ||
34 | import sun .security. krb5.Crede ntials; | |
35 | import sun .security. krb5.Encry ptionKey; | |
36 | import sun .security. krb5.KrbEx ception; | |
37 | import jav a.io.IOExc eption; | |
38 | import jav a.util.Arr ayList; | |
39 | import jav a.util.Lis t; | |
40 | import jav a.util.Set ; | |
41 | import sun .security. krb5.*; | |
42 | import sun .security. krb5.inter nal.Krb5; | |
43 | ||
44 | /** | |
45 | * Credent ials of a kerberos a cceptor. A KerberosP rincipal o bject (kp) is | |
46 | * the pri ncipal. It can be sp ecified as the serve rPrincipal argument | |
47 | * in the getInstanc e() method , or uses only Kerbe rosPrincip al in the subject. | |
48 | * Otherwi se, the cr eds object is unboun d and kp i s null. | |
49 | * | |
50 | * The cla ss also en capsulates various PW s, which c an be: | |
51 | * | |
52 | * 1. So me Kerbero sKeys (gen erated fro m password ) | |
53 | * 2. So me KeyTabs (for a ty pical serv ice based on keytabs ) | |
54 | * 3. A TGT (for S 4U2proxy e xtension o r user2use r) | |
55 | * | |
56 | * Note th at some PW s can coex ist. For e xample, a user2user service | |
57 | * can use its keyta b (or keys ) if the c lient can successful ly obtain a | |
58 | * normal service ti cket, or i t can use the TGT (a ctually, t he session key | |
59 | * of the TGT) if th e client c an only ac quire a se rvice tick et | |
60 | * of ENC- TKT-IN-SKE Y style. | |
61 | * | |
62 | * @since 1.8 | |
63 | */ | |
64 | public fin al class S erviceCred s { | |
65 | // The principal , or null if unbound | |
66 | privat e Kerberos Principal kp; | |
67 | ||
68 | // All principal s in the s ubject's p rinc set | |
69 | privat e Set<Kerb erosPrinci pal> allPr incs; | |
70 | ||
71 | // All private c redentials that can be used | |
72 | privat e List<Key Tab> ktabs ; | |
73 | privat e List<Ker berosKey> kk; | |
74 | privat e Kerberos Ticket tgt ; | |
75 | ||
76 | privat e boolean destroyed; | |
77 | ||
78 | privat e ServiceC reds() { | |
79 | // Make sure this clas s cannot b e instanti ated exter nally. | |
80 | } | |
81 | ||
82 | /** | |
83 | * Cre ates a Ser viceCreds object bas ed on info in a Subj ect for | |
84 | * a g iven princ ipal name (if specif ied). | |
85 | * @re turn the o bject, or null if th ere is no private cr eds for it | |
86 | */ | |
87 | public static Se rviceCreds getInstan ce( | |
88 | Subject subj, Stri ng serverP rincipal) { | |
89 | ||
90 | Se rviceCreds sc = new ServiceCre ds(); | |
91 | ||
92 | sc .allPrincs = | |
93 | subj .getPrinci pals(Kerbe rosPrincip al.class); | |
94 | ||
95 | // Compatibi lity. A ke y implies its own pr incipal | |
96 | fo r (Kerbero sKey key: SubjectCom ber.findMa ny( | |
97 | subj , serverPr incipal, n ull, Kerbe rosKey.cla ss)) { | |
98 | sc.allPr incs.add(k ey.getPrin cipal()); | |
99 | } | |
100 | ||
101 | if (serverPr incipal != null) { // A n amed princ ipal | |
102 | sc.kp = new Kerber osPrincipa l(serverPr incipal); | |
103 | } else { | |
104 | // For c ompatibili ty reason, we set th e name of default pr incipal | |
105 | // to th e "only po ssible" na me it can take, whic h means th ere is | |
106 | // only one Kerber osPrincipa l and ther e is no un bound keyt abs | |
107 | if (sc.a llPrincs.s ize() == 1 ) { | |
108 | bool ean hasUnb ound = fal se; | |
109 | for (KeyTab kt ab: Subjec tComber.fi ndMany( | |
110 | subj, null, null , KeyTab.c lass)) { | |
111 | if (!ktab. isBound()) { | |
112 | hasUnb ound = tru e; | |
113 | break; | |
114 | } | |
115 | } | |
116 | if ( !hasUnboun d) { | |
117 | sc.kp = sc .allPrincs .iterator( ).next(); | |
118 | serverPrin cipal = sc .kp.getNam e(); | |
119 | } | |
120 | } | |
121 | } | |
122 | ||
123 | sc .ktabs = S ubjectComb er.findMan y( | |
124 | subj, serv erPrincipa l, null, K eyTab.clas s); | |
125 | sc .kk = Subj ectComber. findMany( | |
126 | subj, serv erPrincipa l, null, K erberosKey .class); | |
127 | sc .tgt = Sub jectComber .find( | |
128 | subj , null, se rverPrinci pal, Kerbe rosTicket. class); | |
129 | if (sc.ktabs .isEmpty() && sc.kk. isEmpty() && sc.tgt == null) { | |
130 | return n ull; | |
131 | } | |
132 | ||
133 | sc .destroyed = false; | |
134 | ||
135 | re turn sc; | |
136 | } | |
137 | ||
138 | // can be null | |
139 | public String ge tName() { | |
140 | if (destroye d) { | |
141 | throw ne w IllegalS tateExcept ion("This object is destroyed" ); | |
142 | } | |
143 | re turn kp == null ? nu ll : kp.ge tName(); | |
144 | } | |
145 | ||
146 | /** | |
147 | * Get s keys for "someone" . Used in 2 cases: | |
148 | * 1. By TLS bec ause it ne eds to get keys befo re client comes in. | |
149 | * 2. As a fallb ack in get EKeys() be low. | |
150 | * Thi s method c an still r eturn an e mpty array . | |
151 | */ | |
152 | public KerberosK ey[] getKK eys() { | |
153 | if (destroye d) { | |
154 | throw ne w IllegalS tateExcept ion("This object is destroyed" ); | |
155 | } | |
156 | Ke rberosPrin cipal one = kp; // named principal | |
157 | if (one == n ull && !al lPrincs.is Empty()) { // or, a known pri ncipal | |
158 | one = al lPrincs.it erator().n ext(); | |
159 | } | |
160 | if (one == n ull) { // Or, s ome random one | |
161 | for (Key Tab ktab: ktabs) { | |
162 | // M ust be unb ound keyta b, otherwi se, allPri ncs is not empty | |
163 | Prin cipalName pn = | |
164 | Krb5Ut il.snapsho tFromJavax KeyTab(kta b).getOneN ame(); | |
165 | if ( pn != null ) { | |
166 | one = new KerberosPr incipal(pn .getName() ); | |
167 | break; | |
168 | } | |
169 | } | |
170 | } | |
171 | if (one != n ull) { | |
172 | return g etKKeys(on e); | |
173 | } else { | |
174 | return n ew Kerbero sKey[0]; | |
175 | } | |
176 | } | |
177 | ||
178 | /** | |
179 | * Get kkeys for a princip al, | |
180 | * @pa ram princ the target name init iator requ ests. Not null. | |
181 | * @re turn keys for the pr inc, never null, mig ht be empt y | |
182 | */ | |
183 | public KerberosK ey[] getKK eys(Kerber osPrincipa l princ) { | |
184 | if (destroye d) { | |
185 | throw ne w IllegalS tateExcept ion("This object is destroyed" ); | |
186 | } | |
187 | Ar rayList<Ke rberosKey> keys = ne w ArrayLis t<>(); | |
188 | if (kp != nu ll && !pri nc.equals( kp)) { // named principal | |
189 | return n ew Kerbero sKey[0]; | |
190 | } | |
191 | fo r (Kerbero sKey k: kk ) { | |
192 | if (k.ge tPrincipal ().equals( princ)) { | |
193 | keys .add(k); | |
194 | } | |
195 | } | |
196 | fo r (KeyTab ktab: ktab s) { | |
197 | if (ktab .getPrinci pal() == n ull && kta b.isBound( )) { | |
198 | // l egacy boun d keytab. although w e don't kn ow who | |
199 | // t he bound p rincipal i s, it must be in all Princs | |
200 | if ( !allPrincs .contains( princ)) { | |
201 | continue; // skip this legac y bound ke ytab | |
202 | } | |
203 | } | |
204 | for (Ker berosKey k : ktab.get Keys(princ )) { | |
205 | keys .add(k); | |
206 | } | |
207 | } | |
208 | re turn keys. toArray(ne w Kerberos Key[keys.s ize()]); | |
209 | } | |
210 | ||
211 | /** | |
212 | * Get s EKeys fo r a princi pal. | |
213 | * @pa ram princ the target name init iator requ ests. Not null. | |
214 | * @re turn keys for the pr inc, never null, mig ht be empt y | |
215 | */ | |
216 | public Encryptio nKey[] get EKeys(Prin cipalName princ) { | |
217 | if (destroye d) { | |
218 | throw ne w IllegalS tateExcept ion("This object is destroyed" ); | |
219 | } | |
220 | Ke rberosKey[ ] kkeys = getKKeys(n ew Kerbero sPrincipal (princ.get Name())); | |
221 | if (kkeys.le ngth == 0) { | |
222 | // Fallb ack: old J DK does no t perform real name checking. If the | |
223 | // accep tor has ho st.sun.com but initi ator reque sts for ho st, | |
224 | // as lo ng as thei r keys mat ch (i.e. k eys for on e can decr ypt | |
225 | // the o ther's ser vice ticke t), the au thenticati on is OK. | |
226 | // There are real customers depending on this to use diffe rent | |
227 | // names for a sin gle servic e. | |
228 | kkeys = getKKeys() ; | |
229 | } | |
230 | En cryptionKe y[] ekeys = new Encr yptionKey[ kkeys.leng th]; | |
231 | fo r (int i=0 ; i<ekeys. length; i+ +) { | |
232 | ekeys[i] = new En cryptionKe y( | |
233 | kkeys[ i].getEnco ded(), kke ys[i].getK eyType(), | |
234 | new In teger(kkey s[i].getVe rsionNumbe r())); | |
235 | } | |
236 | re turn ekeys ; | |
237 | } | |
238 | ||
239 | public Credentia ls getInit Cred() { | |
240 | if (destroye d) { | |
241 | throw ne w IllegalS tateExcept ion("This object is destroyed" ); | |
242 | } | |
243 | if (tgt == n ull) { | |
244 | return n ull; | |
245 | } | |
246 | tr y { | |
247 | return K rb5Util.ti cketToCred s(tgt); | |
248 | } catch (Krb Exception | IOExcept ion e) { | |
249 | return n ull; | |
250 | } | |
251 | } | |
252 | ||
253 | public void dest roy() { | |
254 | // Do not wi pe out rea l keys bec ause they are refere nces to th e | |
255 | // priv cred s in subje ct. Just m ake it use less. | |
256 | de stroyed = true; | |
257 | kp = null; | |
258 | kt abs.clear( ); | |
259 | kk .clear(); | |
260 | tg t = null; | |
261 | } | |
262 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.