Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9876:29678d1d134b
8012679: Let allow_weak_crypto default to false
Reviewed-by: valeriep
author | weijun |
---|---|
date | Wed, 08 May 2013 08:25:34 +0800 |
parents | cf33d26faa8d |
children | 92761da61627 |
files | src/share/classes/sun/security/krb5/internal/crypto/EType.java test/sun/security/krb5/auto/DupEtypes.java test/sun/security/krb5/etype/WeakCrypto.java |
diffstat | 3 files changed, 29 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/internal/crypto/EType.java Wed Jan 29 05:48:00 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/EType.java Wed May 08 08:25:34 2013 +0800 @@ -55,11 +55,11 @@ } public static void initStatic() { - boolean allowed = true; + boolean allowed = false; try { Config cfg = Config.getInstance(); String temp = cfg.get("libdefaults", "allow_weak_crypto"); - if (temp != null && temp.equals("false")) allowed = false; + if (temp != null && temp.equals("true")) allowed = true; } catch (Exception exc) { if (DEBUG) { System.out.println ("Exception in getting allow_weak_crypto, " +
--- a/test/sun/security/krb5/auto/DupEtypes.java Wed Jan 29 05:48:00 2020 +0000 +++ b/test/sun/security/krb5/auto/DupEtypes.java Wed May 08 08:25:34 2013 +0800 @@ -34,6 +34,7 @@ */ import sun.security.jgss.GSSUtil; +import sun.security.krb5.Config; public class DupEtypes { @@ -42,6 +43,14 @@ OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "default_keytab_name = " + OneKDC.KTAB, + "allow_weak_crypto = true"); + Config.refresh(); + + // Rewrite to include DES keys + kdc.writeKtab(OneKDC.KTAB); + // Different test cases, read KDC.processAsReq for details kdc.setOption(KDC.Option.DUP_ETYPE, Integer.parseInt(args[0]));
--- a/test/sun/security/krb5/etype/WeakCrypto.java Wed Jan 29 05:48:00 2020 +0000 +++ b/test/sun/security/krb5/etype/WeakCrypto.java Wed May 08 08:25:34 2013 +0800 @@ -22,29 +22,41 @@ */ /* * @test - * @bug 6844909 + * @bug 6844909 8012679 * @run main/othervm WeakCrypto + * @run main/othervm WeakCrypto true + * @run main/othervm WeakCrypto false * @summary support allow_weak_crypto in krb5.conf */ import java.io.File; +import java.lang.Exception; +import java.nio.file.Files; +import java.nio.file.Paths; + import sun.security.krb5.internal.crypto.EType; import sun.security.krb5.EncryptedData; public class WeakCrypto { public static void main(String[] args) throws Exception { - System.setProperty("java.security.krb5.conf", - System.getProperty("test.src", ".") + - File.separator + - "weakcrypto.conf"); + String conf = "[libdefaults]\n" + + (args.length > 0 ? ("allow_weak_crypto = " + args[0]) : ""); + Files.write(Paths.get("krb5.conf"), conf.getBytes()); + System.setProperty("java.security.krb5.conf", "krb5.conf"); + + boolean expected = args.length != 0 && args[0].equals("true"); int[] etypes = EType.getBuiltInDefaults(); + boolean found = false; for (int i=0, length = etypes.length; i<length; i++) { if (etypes[i] == EncryptedData.ETYPE_DES_CBC_CRC || etypes[i] == EncryptedData.ETYPE_DES_CBC_MD4 || etypes[i] == EncryptedData.ETYPE_DES_CBC_MD5) { - throw new Exception("DES should not appear"); + found = true; } } + if (expected != found) { + throw new Exception(); + } } }