Mercurial > hg > release > icedtea6-1.10
changeset 2585:5b164019304c
Backport Kerberos fixes from b24.
2012-08-31 Andrew John Hughes <ahughes@redhat.com>
* Makefile.am: Add patches.
* NEWS: Update.
* patches/openjdk/6815182-gssapi_spnego_does_not_work_with_server.patch,
* patches/openjdk/6979329-ccacheinput_stream_fails_to_read_ticket_cache.patch,
* patches/openjdk/7110373-krb5_test_infrastructure.patch:
Backported Kerberos fixes from b24.
| author | Andrew John Hughes <ahughes@redhat.com> |
|---|---|
| date | Fri, 31 Aug 2012 17:42:10 +0100 |
| parents | fa657fd33ff2 |
| children | bb69c927dd0a |
| files | ChangeLog Makefile.am NEWS patches/openjdk/6815182-gssapi_spnego_does_not_work_with_server.patch patches/openjdk/6979329-ccacheinput_stream_fails_to_read_ticket_cache.patch patches/openjdk/7110373-krb5_test_infrastructure.patch |
| diffstat | 6 files changed, 653 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Aug 31 17:07:24 2012 +0100 +++ b/ChangeLog Fri Aug 31 17:42:10 2012 +0100 @@ -1,3 +1,12 @@ +2012-08-31 Andrew John Hughes <ahughes@redhat.com> + + * Makefile.am: Add patches. + * NEWS: Update. + * patches/openjdk/6815182-gssapi_spnego_does_not_work_with_server.patch, + * patches/openjdk/6979329-ccacheinput_stream_fails_to_read_ticket_cache.patch, + * patches/openjdk/7110373-krb5_test_infrastructure.patch: + Backported Kerberos fixes from b24. + 2012-08-31 Andrew John Hughes <ahughes@redhat.com> * NEWS: Updated with latest fixes.
--- a/Makefile.am Fri Aug 31 17:07:24 2012 +0100 +++ b/Makefile.am Fri Aug 31 17:42:10 2012 +0100 @@ -400,7 +400,10 @@ patches/openjdk/7140882-dont-return-booleans-from-methods-returning-pointers.patch \ patches/openjdk/remove-mimpure-option-to-gcc.patch \ patches/coverage-table.patch \ - patches/openjdk/7185678-xmenuitem_peer_npe.patch + patches/openjdk/7185678-xmenuitem_peer_npe.patch \ + patches/openjdk/6815182-gssapi_spnego_does_not_work_with_server.patch \ + patches/openjdk/6979329-ccacheinput_stream_fails_to_read_ticket_cache.patch \ + patches/openjdk/7110373-krb5_test_infrastructure.patch if WITH_ALT_HSBUILD ICEDTEA_PATCHES += \
--- a/NEWS Fri Aug 31 17:07:24 2012 +0100 +++ b/NEWS Fri Aug 31 17:42:10 2012 +0100 @@ -17,6 +17,9 @@ * OpenJDK - S7182135: Impossible to use some editors directly - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE + - S6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library + - S6979329: CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1 + - S7110373: krb5 test in openjdk6 without test infrastructure New in release 1.10.8 (2012-06-12):
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/openjdk/6815182-gssapi_spnego_does_not_work_with_server.patch Fri Aug 31 17:42:10 2012 +0100 @@ -0,0 +1,206 @@ +# HG changeset patch +# User weijun +# Date 1236907256 -28800 +# Node ID d4f7664a6c3ca90e09480ccfea4806e44bc9d967 +# Parent 95ac2f7ddad0b8350d5ea3aed7d7d028c44396ba +6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library +Reviewed-by: valeriep + +diff --git a/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java b/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java +--- openjdk/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java ++++ openjdk/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -66,11 +66,11 @@ + private byte[] mechTypes = null; + private Oid[] mechTypeList = null; + +- private byte[] reqFlags = null; ++ private BitArray reqFlags = null; + private byte[] mechToken = null; + private byte[] mechListMIC = null; + +- NegTokenInit(byte[] mechTypes, byte[] flags, ++ NegTokenInit(byte[] mechTypes, BitArray flags, + byte[] token, byte[] mechListMIC) + { + super(NEG_TOKEN_INIT_ID); +@@ -101,7 +101,7 @@ + // write context flags with CONTEXT 01 + if (reqFlags != null) { + DerOutputStream flags = new DerOutputStream(); +- flags.putBitString(reqFlags); ++ flags.putUnalignedBitString(reqFlags); + initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), flags); + } +@@ -237,7 +237,7 @@ + return mechTypeList; + } + +- byte[] getReqFlags() { ++ BitArray getReqFlags() { + return reqFlags; + } + +diff --git a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java +--- openjdk/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java ++++ openjdk/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -53,13 +53,6 @@ + + private int state = STATE_NEW; + +- private static final int CHECKSUM_DELEG_FLAG = 1; +- private static final int CHECKSUM_MUTUAL_FLAG = 2; +- private static final int CHECKSUM_REPLAY_FLAG = 4; +- private static final int CHECKSUM_SEQUENCE_FLAG = 8; +- private static final int CHECKSUM_CONF_FLAG = 16; +- private static final int CHECKSUM_INTEG_FLAG = 32; +- + /* + * Optional features that the application can set and their default + * values. +@@ -700,25 +693,17 @@ + /** + * get the context flags + */ +- private byte[] getContextFlags() { +- int flags = 0; ++ private BitArray getContextFlags() { ++ BitArray out = new BitArray(7); + +- if (getCredDelegState()) +- flags |= CHECKSUM_DELEG_FLAG; +- if (getMutualAuthState()) +- flags |= CHECKSUM_MUTUAL_FLAG; +- if (getReplayDetState()) +- flags |= CHECKSUM_REPLAY_FLAG; +- if (getSequenceDetState()) +- flags |= CHECKSUM_SEQUENCE_FLAG; +- if (getIntegState()) +- flags |= CHECKSUM_INTEG_FLAG; +- if (getConfState()) +- flags |= CHECKSUM_CONF_FLAG; ++ if (getCredDelegState()) out.set(0, true); ++ if (getMutualAuthState()) out.set(1, true); ++ if (getReplayDetState()) out.set(2, true); ++ if (getSequenceDetState()) out.set(3, true); ++ if (getConfState()) out.set(5, true); ++ if (getIntegState()) out.set(6, true); + +- byte[] temp = new byte[1]; +- temp[0] = (byte)(flags & 0xff); +- return temp; ++ return out; + } + + private void setContextFlags() { +diff --git a/test/sun/security/krb5/auto/SpnegoReqFlags.java b/test/sun/security/krb5/auto/SpnegoReqFlags.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java +@@ -0,0 +1,92 @@ ++/* ++ * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 6815182 ++ * @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library ++ */ ++ ++import sun.security.jgss.GSSUtil; ++import sun.security.util.BitArray; ++import sun.security.util.DerInputStream; ++import sun.security.util.DerValue; ++ ++public class SpnegoReqFlags { ++ ++ public static void main(String[] args) ++ throws Exception { ++ ++ // Create and start the KDC ++ new OneKDC(null).writeJAASConf(); ++ new SpnegoReqFlags().go(); ++ } ++ ++ void go() throws Exception { ++ Context c = Context.fromJAAS("client"); ++ c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); ++ ++ byte[] token = c.doAs(new Action() { ++ @Override ++ public byte[] run(Context me, byte[] input) throws Exception { ++ me.x().requestCredDeleg(true); ++ me.x().requestReplayDet(false); ++ me.x().requestSequenceDet(false); ++ return me.x().initSecContext(new byte[0], 0, 0); ++ } ++ }, null); ++ ++ DerValue d = new DerValue(token); // GSSToken ++ DerInputStream ins = d.data; // OID + mech token ++ d.data.getDerValue(); // skip OID ++ d = d.data.getDerValue(); // NegTokenInit ++ d = d.data.getDerValue(); // The SEQUENCE inside ++ ++ boolean found = false; ++ ++ // Go through all fields inside NegTokenInit. The reqFlags field ++ // is optional. It's even not recommended in RFC 4178. ++ while (d.data.available() > 0) { ++ DerValue d2 = d.data.getDerValue(); ++ if (d2.isContextSpecific((byte)1)) { ++ found = true; ++ System.out.println("regFlags field located."); ++ BitArray ba = d2.data.getUnalignedBitString(); ++ if (ba.length() != 7) { ++ throw new Exception("reqFlags should contain 7 bits"); ++ } ++ if (!ba.get(0)) { ++ throw new Exception("delegFlag should be true"); ++ } ++ if (ba.get(2) || ba.get(3)) { ++ throw new Exception("replay/sequenceFlag should be false"); ++ } ++ } ++ } ++ ++ if (!found) { ++ System.out.println("Warning: regFlags field not found, too new?"); ++ } ++ c.dispose(); ++ } ++}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/openjdk/6979329-ccacheinput_stream_fails_to_read_ticket_cache.patch Fri Aug 31 17:42:10 2012 +0100 @@ -0,0 +1,326 @@ +# HG changeset patch +# User weijun +# Date 1290390238 -28800 +# Node ID b139627f7bc3ef57bf7e4a49490783ab9dbfcd95 +# Parent d4f7664a6c3ca90e09480ccfea4806e44bc9d967 +6979329: CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1 +Reviewed-by: valeriep + +diff --git a/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java b/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java +--- openjdk/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java ++++ openjdk/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java +@@ -247,16 +247,16 @@ + else return null; + } + +- Ticket readData() throws IOException, RealmException, KrbApErrException, Asn1Exception { ++ byte[] readData() throws IOException { + int length; + length = read(4); +- if (length > 0) { ++ if (length == 0) { ++ return null; ++ } else { + byte[] bytes = new byte[length]; + read(bytes, 0, length); +- Ticket ticket = new Ticket(bytes); +- return ticket; ++ return bytes; + } +- else return null; + } + + boolean[] readFlags() throws IOException { +@@ -325,6 +325,17 @@ + } + return flags; + } ++ ++ /** ++ * Reads the next cred in stream. ++ * @return the next cred, null if ticket or second_ticket unparseable. ++ * ++ * Note: MIT krb5 1.8.1 might generate a config entry with server principal ++ * X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM. The ++ * entry is used by KDC to inform the client that it support certain ++ * features. Its ticket is not a valid krb5 ticket and thus this method ++ * returns null. ++ */ + Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception { + PrincipalName cpname = readPrincipal(version); + if (DEBUG) +@@ -360,17 +371,17 @@ + if (auData != null) { + auData = new AuthorizationData(auDataEntry); + } +- Ticket ticket = readData(); +- if (DEBUG) { +- System.out.println(">>>DEBUG <CCacheInputStream>"); +- if (ticket == null) { +- System.out.println("///ticket is null"); +- } ++ byte[] ticketData = readData(); ++ byte[] ticketData2 = readData(); ++ ++ try { ++ return new Credentials(cpname, spname, key, authtime, starttime, ++ endtime, renewTill, skey, tFlags, ++ addrs, auData, ++ ticketData != null ? new Ticket(ticketData) : null, ++ ticketData2 != null ? new Ticket(ticketData2) : null); ++ } catch (Exception e) { // If any of new Ticket(*) fails. ++ return null; + } +- Ticket secTicket = readData(); +- Credentials cred = new Credentials(cpname, spname, key, authtime, starttime, +- endtime, renewTill, skey, tFlags, +- addrs, auData, ticket, secTicket); +- return cred; + } + } +diff --git a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java +--- openjdk/jdk/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java ++++ openjdk/jdk/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -186,7 +186,10 @@ + primaryRealm = primaryPrincipal.getRealm(); + credentialsList = new Vector<Credentials> (); + while (cis.available() > 0) { +- credentialsList.addElement(cis.readCred(version)); ++ Credentials cred = cis.readCred(version); ++ if (cred != null) { ++ credentialsList.addElement(cred); ++ } + } + cis.close(); + } +diff --git a/test/sun/security/krb5/UnknownCCEntry.java b/test/sun/security/krb5/UnknownCCEntry.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/krb5/UnknownCCEntry.java +@@ -0,0 +1,219 @@ ++/* ++ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++/* ++ * @test ++ * @bug 6979329 ++ * @summary CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1 ++ */ ++ ++import java.io.ByteArrayInputStream; ++import java.io.File; ++import java.io.FileOutputStream; ++import sun.security.krb5.internal.ccache.CCacheInputStream; ++import sun.security.krb5.internal.ccache.CredentialsCache; ++ ++public class UnknownCCEntry { ++ public static void main(String[] args) throws Exception { ++ // This is a ccache file generated on a test machine: ++ // Default principal: dummy@MAX.LOCAL ++ // Valid starting Expires Service principal ++ // 08/24/10 10:37:28 08/25/10 10:37:28 krbtgt/MAX.LOCAL@MAX.LOCAL ++ // Flags: FI, Etype (skey, tkt): AES-128 CTS mode with 96-bit SHA-1 ++ // HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC ++ byte[] krb5cc = { ++ (byte)0x05, (byte)0x04, (byte)0x00, (byte)0x0C, ++ (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x08, ++ (byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFA, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x09, ++ (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E, ++ (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41, ++ (byte)0x4C, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x05, (byte)0x64, (byte)0x75, (byte)0x6D, ++ (byte)0x6D, (byte)0x79, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x09, (byte)0x4D, (byte)0x41, ++ (byte)0x58, (byte)0x2E, (byte)0x4C, (byte)0x4F, ++ (byte)0x43, (byte)0x41, (byte)0x4C, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x05, (byte)0x64, ++ (byte)0x75, (byte)0x6D, (byte)0x6D, (byte)0x79, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x02, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x09, ++ (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E, ++ (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41, ++ (byte)0x4C, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x06, (byte)0x6B, (byte)0x72, (byte)0x62, ++ (byte)0x74, (byte)0x67, (byte)0x74, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x09, (byte)0x4D, ++ (byte)0x41, (byte)0x58, (byte)0x2E, (byte)0x4C, ++ (byte)0x4F, (byte)0x43, (byte)0x41, (byte)0x4C, ++ (byte)0x00, (byte)0x11, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x10, (byte)0x92, (byte)0x1D, ++ (byte)0x1A, (byte)0x0C, (byte)0x7F, (byte)0xB8, ++ (byte)0x01, (byte)0x2E, (byte)0xC9, (byte)0xF5, ++ (byte)0x7B, (byte)0x92, (byte)0x81, (byte)0xCA, ++ (byte)0x49, (byte)0xC5, (byte)0x4C, (byte)0x73, ++ (byte)0x30, (byte)0x68, (byte)0x4C, (byte)0x73, ++ (byte)0x30, (byte)0x68, (byte)0x4C, (byte)0x74, ++ (byte)0x81, (byte)0xE8, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x40, ++ (byte)0x41, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x01, (byte)0x29, (byte)0x61, ++ (byte)0x82, (byte)0x01, (byte)0x25, (byte)0x30, ++ (byte)0x82, (byte)0x01, (byte)0x21, (byte)0xA0, ++ (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x05, ++ (byte)0xA1, (byte)0x0B, (byte)0x1B, (byte)0x09, ++ (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E, ++ (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41, ++ (byte)0x4C, (byte)0xA2, (byte)0x1E, (byte)0x30, ++ (byte)0x1C, (byte)0xA0, (byte)0x03, (byte)0x02, ++ (byte)0x01, (byte)0x00, (byte)0xA1, (byte)0x15, ++ (byte)0x30, (byte)0x13, (byte)0x1B, (byte)0x06, ++ (byte)0x6B, (byte)0x72, (byte)0x62, (byte)0x74, ++ (byte)0x67, (byte)0x74, (byte)0x1B, (byte)0x09, ++ (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E, ++ (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41, ++ (byte)0x4C, (byte)0xA3, (byte)0x81, (byte)0xEC, ++ (byte)0x30, (byte)0x81, (byte)0xE9, (byte)0xA0, ++ (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x12, ++ (byte)0xA1, (byte)0x03, (byte)0x02, (byte)0x01, ++ (byte)0x01, (byte)0xA2, (byte)0x81, (byte)0xDC, ++ (byte)0x04, (byte)0x81, (byte)0xD9, (byte)0xFB, ++ (byte)0x4B, (byte)0xD2, (byte)0x55, (byte)0x33, ++ (byte)0xA8, (byte)0x1A, (byte)0xE6, (byte)0xB5, ++ (byte)0x3D, (byte)0x67, (byte)0x46, (byte)0x69, ++ (byte)0x6F, (byte)0x0A, (byte)0x64, (byte)0xE7, ++ (byte)0x3D, (byte)0xEF, (byte)0x22, (byte)0xBE, ++ (byte)0x81, (byte)0x32, (byte)0xF3, (byte)0x72, ++ (byte)0xB4, (byte)0x50, (byte)0xE3, (byte)0xC3, ++ (byte)0xDB, (byte)0xE5, (byte)0x38, (byte)0x3C, ++ (byte)0x60, (byte)0xC8, (byte)0x08, (byte)0x53, ++ (byte)0x44, (byte)0x6F, (byte)0xDF, (byte)0x55, ++ (byte)0x67, (byte)0x32, (byte)0x02, (byte)0xDD, ++ (byte)0x6B, (byte)0xFB, (byte)0x23, (byte)0x1A, ++ (byte)0x88, (byte)0x71, (byte)0xE0, (byte)0xF8, ++ (byte)0xBB, (byte)0x51, (byte)0x1E, (byte)0x76, ++ (byte)0xC9, (byte)0x1F, (byte)0x45, (byte)0x9B, ++ (byte)0xA0, (byte)0xA5, (byte)0x61, (byte)0x45, ++ (byte)0x9E, (byte)0x65, (byte)0xB8, (byte)0xD6, ++ (byte)0x0E, (byte)0x3C, (byte)0xD9, (byte)0x56, ++ (byte)0xD6, (byte)0xA6, (byte)0xDD, (byte)0x36, ++ (byte)0x21, (byte)0x25, (byte)0x0E, (byte)0xE6, ++ (byte)0xAD, (byte)0xA0, (byte)0x3A, (byte)0x9B, ++ (byte)0x21, (byte)0x87, (byte)0xE2, (byte)0xAF, ++ (byte)0x3A, (byte)0xEF, (byte)0x75, (byte)0x85, ++ (byte)0xA8, (byte)0xD7, (byte)0xE5, (byte)0x46, ++ (byte)0xD8, (byte)0x5C, (byte)0x17, (byte)0x4E, ++ (byte)0x64, (byte)0x51, (byte)0xDB, (byte)0x38, ++ (byte)0x8E, (byte)0x6B, (byte)0x02, (byte)0x05, ++ (byte)0x46, (byte)0x77, (byte)0xD0, (byte)0x75, ++ (byte)0x8A, (byte)0xE0, (byte)0x42, (byte)0x5E, ++ (byte)0x8D, (byte)0x49, (byte)0x86, (byte)0xDE, ++ (byte)0x6C, (byte)0xBC, (byte)0xAF, (byte)0x10, ++ (byte)0x9A, (byte)0x97, (byte)0x64, (byte)0xA6, ++ (byte)0xBD, (byte)0xDB, (byte)0x01, (byte)0x40, ++ (byte)0xA9, (byte)0x3D, (byte)0x74, (byte)0x99, ++ (byte)0xDC, (byte)0x63, (byte)0x34, (byte)0x40, ++ (byte)0x31, (byte)0x57, (byte)0xC7, (byte)0x70, ++ (byte)0x9F, (byte)0xCE, (byte)0xC6, (byte)0x7B, ++ (byte)0x00, (byte)0x5B, (byte)0x02, (byte)0x5C, ++ (byte)0xC7, (byte)0x81, (byte)0x40, (byte)0x4D, ++ (byte)0xA7, (byte)0xB1, (byte)0xD2, (byte)0xEA, ++ (byte)0x8E, (byte)0xEC, (byte)0xA0, (byte)0xB3, ++ (byte)0x03, (byte)0x29, (byte)0xB8, (byte)0x44, ++ (byte)0xD7, (byte)0xA1, (byte)0x2B, (byte)0x37, ++ (byte)0x9D, (byte)0x19, (byte)0x11, (byte)0x1D, ++ (byte)0x58, (byte)0xE8, (byte)0x06, (byte)0xE7, ++ (byte)0x06, (byte)0xE3, (byte)0xF7, (byte)0xEF, ++ (byte)0x05, (byte)0xA9, (byte)0x05, (byte)0x93, ++ (byte)0x42, (byte)0x94, (byte)0x5A, (byte)0xD6, ++ (byte)0xA0, (byte)0x24, (byte)0x3A, (byte)0x52, ++ (byte)0x92, (byte)0xA3, (byte)0x79, (byte)0x98, ++ (byte)0x3C, (byte)0x68, (byte)0x55, (byte)0x1B, ++ (byte)0x6A, (byte)0xC5, (byte)0x83, (byte)0x89, ++ (byte)0x5A, (byte)0x79, (byte)0x5C, (byte)0x52, ++ (byte)0xBA, (byte)0xB8, (byte)0xF7, (byte)0x72, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x09, ++ (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E, ++ (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41, ++ (byte)0x4C, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x05, (byte)0x64, (byte)0x75, (byte)0x6D, ++ (byte)0x6D, (byte)0x79, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x03, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x0C, (byte)0x58, (byte)0x2D, ++ (byte)0x43, (byte)0x41, (byte)0x43, (byte)0x48, ++ (byte)0x45, (byte)0x43, (byte)0x4F, (byte)0x4E, ++ (byte)0x46, (byte)0x3A, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x15, (byte)0x6B, (byte)0x72, ++ (byte)0x62, (byte)0x35, (byte)0x5F, (byte)0x63, ++ (byte)0x63, (byte)0x61, (byte)0x63, (byte)0x68, ++ (byte)0x65, (byte)0x5F, (byte)0x63, (byte)0x6F, ++ (byte)0x6E, (byte)0x66, (byte)0x5F, (byte)0x64, ++ (byte)0x61, (byte)0x74, (byte)0x61, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x0A, (byte)0x66, ++ (byte)0x61, (byte)0x73, (byte)0x74, (byte)0x5F, ++ (byte)0x61, (byte)0x76, (byte)0x61, (byte)0x69, ++ (byte)0x6C, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x1A, (byte)0x6B, (byte)0x72, (byte)0x62, ++ (byte)0x74, (byte)0x67, (byte)0x74, (byte)0x2F, ++ (byte)0x4D, (byte)0x41, (byte)0x58, (byte)0x2E, ++ (byte)0x4C, (byte)0x4F, (byte)0x43, (byte)0x41, ++ (byte)0x4C, (byte)0x40, (byte)0x4D, (byte)0x41, ++ (byte)0x58, (byte)0x2E, (byte)0x4C, (byte)0x4F, ++ (byte)0x43, (byte)0x41, (byte)0x4C, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, (byte)0x03, (byte)0x79, (byte)0x65, ++ (byte)0x73, (byte)0x00, (byte)0x00, (byte)0x00, ++ (byte)0x00, ++ }; ++ ++ File f = File.createTempFile("ccache", "cc", new File(".")); ++ FileOutputStream fout = new FileOutputStream(f); ++ fout.write(krb5cc); ++ fout.close(); ++ ++ CredentialsCache cc = CredentialsCache.getInstance(f.getPath()); ++ if (!cc.getDefaultCreds().getServicePrincipal().getNameStrings()[0] ++ .equals("krbtgt")) { ++ throw new Exception("No TGT found"); ++ } ++ } ++}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/openjdk/7110373-krb5_test_infrastructure.patch Fri Aug 31 17:42:10 2012 +0100 @@ -0,0 +1,105 @@ +# HG changeset patch +# User weijun +# Date 1320967836 -28800 +# Node ID 458d97ab05549a01a19690d8ab41998c5cf5efd1 +# Parent b58af78ac79cf403ff4e099567a3ac09327ff2f9 +7110373: krb5 test in openjdk6 without test infrastructure +Reviewed-by: mullan + +diff --git a/test/sun/security/krb5/auto/SpnegoReqFlags.java b/test/sun/security/krb5/auto/SpnegoReqFlags.java +deleted file mode 100644 +--- openjdk/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java ++++ /dev/null +@@ -1,92 +0,0 @@ +-/* +- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-/* +- * @test +- * @bug 6815182 +- * @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library +- */ +- +-import sun.security.jgss.GSSUtil; +-import sun.security.util.BitArray; +-import sun.security.util.DerInputStream; +-import sun.security.util.DerValue; +- +-public class SpnegoReqFlags { +- +- public static void main(String[] args) +- throws Exception { +- +- // Create and start the KDC +- new OneKDC(null).writeJAASConf(); +- new SpnegoReqFlags().go(); +- } +- +- void go() throws Exception { +- Context c = Context.fromJAAS("client"); +- c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); +- +- byte[] token = c.doAs(new Action() { +- @Override +- public byte[] run(Context me, byte[] input) throws Exception { +- me.x().requestCredDeleg(true); +- me.x().requestReplayDet(false); +- me.x().requestSequenceDet(false); +- return me.x().initSecContext(new byte[0], 0, 0); +- } +- }, null); +- +- DerValue d = new DerValue(token); // GSSToken +- DerInputStream ins = d.data; // OID + mech token +- d.data.getDerValue(); // skip OID +- d = d.data.getDerValue(); // NegTokenInit +- d = d.data.getDerValue(); // The SEQUENCE inside +- +- boolean found = false; +- +- // Go through all fields inside NegTokenInit. The reqFlags field +- // is optional. It's even not recommended in RFC 4178. +- while (d.data.available() > 0) { +- DerValue d2 = d.data.getDerValue(); +- if (d2.isContextSpecific((byte)1)) { +- found = true; +- System.out.println("regFlags field located."); +- BitArray ba = d2.data.getUnalignedBitString(); +- if (ba.length() != 7) { +- throw new Exception("reqFlags should contain 7 bits"); +- } +- if (!ba.get(0)) { +- throw new Exception("delegFlag should be true"); +- } +- if (ba.get(2) || ba.get(3)) { +- throw new Exception("replay/sequenceFlag should be false"); +- } +- } +- } +- +- if (!found) { +- System.out.println("Warning: regFlags field not found, too new?"); +- } +- c.dispose(); +- } +-}