Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9891:19028b6e31fc
8147772: Update KerberosTicket to describe behavior if it has been destroyed and fix NullPointerExceptions
8163104: Unexpected NPE still possible on some Kerberos ticket calls
Reviewed-by: mbalao
author | andrew |
---|---|
date | Mon, 03 Feb 2020 02:26:31 +0000 |
parents | a6419eed11eb |
children | ff51e99d392b |
files | src/share/classes/javax/security/auth/kerberos/KerberosTicket.java src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java test/javax/security/auth/kerberos/KerberosTixDateTest.java |
diffstat | 3 files changed, 48 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java Mon Feb 03 01:42:43 2020 +0000 +++ b/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java Mon Feb 03 02:26:31 2020 +0000 @@ -373,7 +373,7 @@ * @return true if this ticket is forwardable, false if not. */ public final boolean isForwardable() { - return flags[FORWARDABLE_TICKET_FLAG]; + return flags == null? false: flags[FORWARDABLE_TICKET_FLAG]; } /** @@ -385,7 +385,7 @@ * false otherwise. */ public final boolean isForwarded() { - return flags[FORWARDED_TICKET_FLAG]; + return flags == null? false: flags[FORWARDED_TICKET_FLAG]; } /** @@ -394,7 +394,7 @@ * @return true if this ticket is proxiable, false if not. */ public final boolean isProxiable() { - return flags[PROXIABLE_TICKET_FLAG]; + return flags == null? false: flags[PROXIABLE_TICKET_FLAG]; } /** @@ -403,7 +403,7 @@ * @return true if this ticket is a proxy-ticket, false if not. */ public final boolean isProxy() { - return flags[PROXY_TICKET_FLAG]; + return flags == null? false: flags[PROXY_TICKET_FLAG]; } @@ -413,7 +413,7 @@ * @return true if this ticket is post-dated, false if not. */ public final boolean isPostdated() { - return flags[POSTDATED_TICKET_FLAG]; + return flags == null? false: flags[POSTDATED_TICKET_FLAG]; } /** @@ -424,7 +424,7 @@ * @return true if this ticket is renewable, false if not. */ public final boolean isRenewable() { - return flags[RENEWABLE_TICKET_FLAG]; + return flags == null? false: flags[RENEWABLE_TICKET_FLAG]; } /** @@ -435,7 +435,7 @@ * protocol, false if not. */ public final boolean isInitial() { - return flags[INITIAL_TICKET_FLAG]; + return flags == null? false: flags[INITIAL_TICKET_FLAG]; } /** @@ -475,7 +475,7 @@ * @return the expiration time for this ticket's validity period. */ public final java.util.Date getEndTime() { - return (Date) endTime.clone(); + return (endTime == null) ? null : (Date) endTime.clone(); } /** @@ -511,7 +511,7 @@ /** Determines if this ticket is still current. */ public boolean isCurrent() { - return (System.currentTimeMillis() <= getEndTime().getTime()); + return endTime == null? false: (System.currentTimeMillis() <= endTime.getTime()); } /**
--- a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java Mon Feb 03 01:42:43 2020 +0000 +++ b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java Mon Feb 03 02:26:31 2020 +0000 @@ -235,8 +235,11 @@ */ public int getInitLifetime() throws GSSException { int retVal = 0; - retVal = (int)(getEndTime().getTime() - - (new Date().getTime())); + Date d = getEndTime(); + if (d == null) { + return 0; + } + retVal = (int)(d.getTime() - (new Date().getTime())); return retVal/1000; }
--- a/test/javax/security/auth/kerberos/KerberosTixDateTest.java Mon Feb 03 01:42:43 2020 +0000 +++ b/test/javax/security/auth/kerberos/KerberosTixDateTest.java Mon Feb 03 02:26:31 2020 +0000 @@ -23,15 +23,18 @@ /* * @test - * @bug 6659990 - * @summary test the immutability of the Date fields in KerberosTicket class. + * @bug 6659990 8147772 + * @summary test the immutability of the Date fields in KerberosTicket class, + * serialization, and behavior after being destroyed. * @ignore Must set up KDC and setup Kerberos configuration file */ -import java.net.InetAddress; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.lang.reflect.Modifier; import java.util.Date; import java.io.*; -import javax.security.auth.kerberos.KerberosKey; +import javax.security.auth.RefreshFailedException; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosTicket; import sun.misc.BASE64Decoder; @@ -75,6 +78,7 @@ testDateImmutability(t, originalTime); testS11nCompatibility(t); // S11n: Serialization + testDestroy(t); } private static void checkTime(KerberosTicket kt, long timeValue) { @@ -137,4 +141,30 @@ System.out.println("S11nCompatibility Test Passed"); } + + private static void testDestroy(KerberosTicket t) throws Exception { + t.destroy(); + if (!t.isDestroyed()) { + throw new RuntimeException("ticket should have been destroyed"); + } + // Although these methods are meaningless, they can be called + for (Method m: KerberosTicket.class.getDeclaredMethods()) { + if (Modifier.isPublic(m.getModifiers()) + && m.getParameterTypes().length == 0) { + System.out.println("Testing " + m.getName() + "..."); + try { + m.invoke(t); + } catch (InvocationTargetException e) { + Throwable cause = e.getCause(); + if (cause instanceof RefreshFailedException || + cause instanceof IllegalStateException) { + // this is OK + } else { + throw e; + } + } + } + } + System.out.println("Destroy Test Passed"); + } }