Mercurial > hg > release > icedtea7-forest-2.6 > jdk

changeset 9876:29678d1d134b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8012679: Let allow_weak_crypto default to false Reviewed-by: valeriep
author weijun
date Wed, 08 May 2013 08:25:34 +0800
parents cf33d26faa8d
children 92761da61627
files src/share/classes/sun/security/krb5/internal/crypto/EType.java test/sun/security/krb5/auto/DupEtypes.java test/sun/security/krb5/etype/WeakCrypto.java
diffstat 3 files changed, 29 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/internal/crypto/EType.java	Wed Jan 29 05:48:00 2020 +0000
+++ b/src/share/classes/sun/security/krb5/internal/crypto/EType.java	Wed May 08 08:25:34 2013 +0800
@@ -55,11 +55,11 @@
     }
 
     public static void initStatic() {
-        boolean allowed = true;
+        boolean allowed = false;
         try {
             Config cfg = Config.getInstance();
             String temp = cfg.get("libdefaults", "allow_weak_crypto");
-            if (temp != null && temp.equals("false")) allowed = false;
+            if (temp != null && temp.equals("true")) allowed = true;
         } catch (Exception exc) {
             if (DEBUG) {
                 System.out.println ("Exception in getting allow_weak_crypto, " +
--- a/test/sun/security/krb5/auto/DupEtypes.java	Wed Jan 29 05:48:00 2020 +0000
+++ b/test/sun/security/krb5/auto/DupEtypes.java	Wed May 08 08:25:34 2013 +0800
@@ -34,6 +34,7 @@
  */
 
 import sun.security.jgss.GSSUtil;
+import sun.security.krb5.Config;
 
 public class DupEtypes {
 
@@ -42,6 +43,14 @@
         OneKDC kdc = new OneKDC(null);
         kdc.writeJAASConf();
 
+        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+                "default_keytab_name = " + OneKDC.KTAB,
+                "allow_weak_crypto = true");
+        Config.refresh();
+
+        // Rewrite to include DES keys
+        kdc.writeKtab(OneKDC.KTAB);
+
         // Different test cases, read KDC.processAsReq for details
         kdc.setOption(KDC.Option.DUP_ETYPE, Integer.parseInt(args[0]));
 
--- a/test/sun/security/krb5/etype/WeakCrypto.java	Wed Jan 29 05:48:00 2020 +0000
+++ b/test/sun/security/krb5/etype/WeakCrypto.java	Wed May 08 08:25:34 2013 +0800
@@ -22,29 +22,41 @@
  */
 /*
  * @test
- * @bug 6844909
+ * @bug 6844909 8012679
  * @run main/othervm WeakCrypto
+ * @run main/othervm WeakCrypto true
+ * @run main/othervm WeakCrypto false
  * @summary support allow_weak_crypto in krb5.conf
  */
 
 import java.io.File;
+import java.lang.Exception;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
 import sun.security.krb5.internal.crypto.EType;
 import sun.security.krb5.EncryptedData;
 
 public class WeakCrypto {
     public static void main(String[] args) throws Exception {
-        System.setProperty("java.security.krb5.conf",
-                System.getProperty("test.src", ".") +
-                File.separator +
-                "weakcrypto.conf");
+        String conf = "[libdefaults]\n" +
+                (args.length > 0 ? ("allow_weak_crypto = " + args[0]) : "");
+        Files.write(Paths.get("krb5.conf"), conf.getBytes());
+        System.setProperty("java.security.krb5.conf", "krb5.conf");
+
+        boolean expected = args.length != 0 && args[0].equals("true");
         int[] etypes = EType.getBuiltInDefaults();
 
+        boolean found = false;
         for (int i=0, length = etypes.length; i<length; i++) {
             if (etypes[i] == EncryptedData.ETYPE_DES_CBC_CRC ||
                     etypes[i] == EncryptedData.ETYPE_DES_CBC_MD4 ||
                     etypes[i] == EncryptedData.ETYPE_DES_CBC_MD5) {
-                throw new Exception("DES should not appear");
+                found = true;
             }
         }
+        if (expected != found) {
+            throw new Exception();
+        }
     }
 }