Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9897:42545cbbd2e6
8229951: Better Ticket Granting Services
Summary: Includes change to make KDCReq.pAData public from JDK-8215032
Reviewed-by: mbalao
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/Checksum.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/Checksum.java Mon Feb 03 06:30:19 2020 +0000 @@ -69,6 +69,7 @@ // draft-brezak-win2k-krb-rc4-hmac-04.txt public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138; + // default checksum type, -1 if not set static int CKSUMTYPE_DEFAULT; static int SAFECKSUMTYPE_DEFAULT; @@ -83,26 +84,19 @@ try { cfg = Config.getInstance(); temp = cfg.get("libdefaults", "default_checksum"); - if (temp != null) - { - CKSUMTYPE_DEFAULT = Config.getType(temp); - } else { - /* - * If the default checksum is not - * specified in the configuration we - * set it to RSA_MD5. We follow the MIT and - * SEAM implementation. - */ - CKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5; - } + if (temp != null) { + CKSUMTYPE_DEFAULT = Config.getType(temp); + } else { + CKSUMTYPE_DEFAULT = -1; + } } catch (Exception exc) { if (DEBUG) { System.out.println("Exception in getting default checksum "+ - "value from the configuration " + - "Setting default checksum to be RSA-MD5"); + "value from the configuration. " + + "No default checksum set."); exc.printStackTrace(); } - CKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5; + CKSUMTYPE_DEFAULT = -1; } @@ -112,97 +106,83 @@ { SAFECKSUMTYPE_DEFAULT = Config.getType(temp); } else { - SAFECKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5_DES; + SAFECKSUMTYPE_DEFAULT = -1; } } catch (Exception exc) { if (DEBUG) { System.out.println("Exception in getting safe default " + "checksum value " + - "from the configuration Setting " + - "safe default checksum to be RSA-MD5"); + "from the configuration Setting. " + + "No safe default checksum set."); exc.printStackTrace(); } - SAFECKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5_DES; + SAFECKSUMTYPE_DEFAULT = -1; } } /** * Constructs a new Checksum using the raw data and type. + * + * This constructor is only used by Authenticator Checksum + * {@link sun.security.jgss.krb5.InitialToken.OverloadedChecksum} + * where the checksum type must be 0x8003 + * (see https://tools.ietf.org/html/rfc4121#section-4.1.1) + * and checksum field/value is used to convey service flags, + * channel bindings, and optional delegation information. + * This special type does NOT have a {@link CksumType} and has its + * own calculating and verification rules. It does has the same + * ASN.1 encoding though. + * * @data the byte array of checksum. * @new_cksumType the type of checksum. - * */ - // used in InitialToken public Checksum(byte[] data, int new_cksumType) { cksumType = new_cksumType; checksum = data; } /** - * Constructs a new Checksum by calculating the checksum over the data - * using specified checksum type. - * @new_cksumType the type of checksum. - * @data the data that needs to be performed a checksum calculation on. + * Constructs a new Checksum by calculating over the data using + * the specified checksum type. If the checksum is unkeyed, key + * and usage are ignored. + * + * @param new_cksumType the type of checksum. If set to -1, the + * {@linkplain EType#checksumType() mandatory checksum type} + * for the encryption type of {@code key} will be used + * @param data the data that needs to be performed a checksum calculation on + * @param key the key used by a keyed checksum + * @param usage the usage used by a keyed checksum */ - public Checksum(int new_cksumType, byte[] data) - throws KdcErrException, KrbCryptoException { - - cksumType = new_cksumType; - CksumType cksumEngine = CksumType.getInstance(cksumType); - if (!cksumEngine.isSafe()) { - checksum = cksumEngine.calculateChecksum(data, data.length); + public Checksum(int new_cksumType, byte[] data, + EncryptionKey key, int usage) + throws KdcErrException, KrbApErrException, KrbCryptoException { + if (new_cksumType == -1) { + cksumType = EType.getInstance(key.getEType()).checksumType(); } else { - throw new KdcErrException(Krb5.KRB_AP_ERR_INAPP_CKSUM); + cksumType = new_cksumType; } - } - - /** - * Constructs a new Checksum by calculating the keyed checksum - * over the data using specified checksum type. - * @new_cksumType the type of checksum. - * @data the data that needs to be performed a checksum calculation on. - */ - // KrbSafe, KrbTgsReq - public Checksum(int new_cksumType, byte[] data, - EncryptionKey key, int usage) - throws KdcErrException, KrbApErrException, KrbCryptoException { - cksumType = new_cksumType; - CksumType cksumEngine = CksumType.getInstance(cksumType); - if (!cksumEngine.isSafe()) - throw new KrbApErrException(Krb5.KRB_AP_ERR_INAPP_CKSUM); - checksum = - cksumEngine.calculateKeyedChecksum(data, - data.length, - key.getBytes(), - usage); + checksum = CksumType.getInstance(cksumType).calculateChecksum( + data, data.length, key.getBytes(), usage); } /** * Verifies the keyed checksum over the data passed in. */ - public boolean verifyKeyedChecksum(byte[] data, EncryptionKey key, - int usage) - throws KdcErrException, KrbApErrException, KrbCryptoException { + public boolean verifyKeyedChecksum(byte[] data, EncryptionKey key, int usage) + throws KdcErrException, KrbApErrException, KrbCryptoException { CksumType cksumEngine = CksumType.getInstance(cksumType); - if (!cksumEngine.isSafe()) + if (!cksumEngine.isKeyed()) { throw new KrbApErrException(Krb5.KRB_AP_ERR_INAPP_CKSUM); - return cksumEngine.verifyKeyedChecksum(data, - data.length, - key.getBytes(), - checksum, - usage); + } else { + return cksumEngine.verifyChecksum( + data, data.length, key.getBytes(), checksum, usage); + } } - /* - public Checksum(byte[] data) throws KdcErrException, KrbCryptoException { - this(Checksum.CKSUMTYPE_DEFAULT, data); - } - */ - boolean isEqual(Checksum cksum) throws KdcErrException { - if (cksumType != cksum.cksumType) + if (cksumType != cksum.cksumType) { return false; - CksumType cksumEngine = CksumType.getInstance(cksumType); + } return CksumType.isChecksumEqual(checksum, cksum.checksum); }
--- a/src/share/classes/sun/security/krb5/KrbTgsReq.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/KrbTgsReq.java Mon Feb 03 06:30:19 2020 +0000 @@ -287,26 +287,8 @@ byte[] temp = reqBody.asn1Encode(Krb5.KRB_TGS_REQ); // if the checksum type is one of the keyed checksum types, // use session key. - Checksum cksum; - switch (Checksum.CKSUMTYPE_DEFAULT) { - case Checksum.CKSUMTYPE_RSA_MD4_DES: - case Checksum.CKSUMTYPE_DES_MAC: - case Checksum.CKSUMTYPE_DES_MAC_K: - case Checksum.CKSUMTYPE_RSA_MD4_DES_K: - case Checksum.CKSUMTYPE_RSA_MD5_DES: - case Checksum.CKSUMTYPE_HMAC_SHA1_DES3_KD: - case Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR: - case Checksum.CKSUMTYPE_HMAC_SHA1_96_AES128: - case Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256: - cksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, temp, key, + Checksum cksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, temp, key, KeyUsage.KU_PA_TGS_REQ_CKSUM); - break; - case Checksum.CKSUMTYPE_CRC32: - case Checksum.CKSUMTYPE_RSA_MD4: - case Checksum.CKSUMTYPE_RSA_MD5: - default: - cksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, temp); - } // Usage will be KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR
--- a/src/share/classes/sun/security/krb5/internal/KDCReq.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/KDCReq.java Mon Feb 03 06:30:19 2020 +0000 @@ -59,9 +59,9 @@ public class KDCReq { public KDCReqBody reqBody; + public PAData[] pAData = null; //optional private int pvno; private int msgType; - private PAData[] pAData = null; //optional public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody, int req_type) throws IOException {
--- a/src/share/classes/sun/security/krb5/internal/crypto/CksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/CksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,10 +31,7 @@ package sun.security.krb5.internal.crypto; -import sun.security.krb5.Config; import sun.security.krb5.Checksum; -import sun.security.krb5.EncryptedData; -import sun.security.krb5.KrbException; import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; @@ -81,6 +78,7 @@ cksumTypeName = "sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType"; break; + case Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256: cksumType = new HmacSha1Aes256CksumType(); cksumTypeName = @@ -117,32 +115,11 @@ return cksumType; } - - /** - * Returns default checksum type. - */ - public static CksumType getInstance() throws KdcErrException { - // this method provided for Kerberos applications. - int cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default - try { - Config c = Config.getInstance(); - if ((cksumType = (Config.getType(c.get("libdefaults", - "ap_req_checksum_type")))) == - 1) { - if ((cksumType = Config.getType(c.get("libdefaults", - "checksum_type"))) == -1) { - cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default - } - } - } catch (KrbException e) { - } - return getInstance(cksumType); - } - public abstract int confounderSize(); public abstract int cksumType(); - public abstract boolean isSafe(); + public abstract boolean isKeyed(); public abstract int cksumSize(); @@ -150,13 +127,12 @@ public abstract int keySize(); - public abstract byte[] calculateChecksum(byte[] data, int size) - throws KrbCryptoException; - - public abstract byte[] calculateKeyedChecksum(byte[] data, int size, + // Note: key and usage will be ignored for an unkeyed checksum. + public abstract byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException; - public abstract boolean verifyKeyedChecksum(byte[] data, int size, + // Note: key and usage will be ignored for an unkeyed checksum. + public abstract boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException; public static boolean isChecksumEqual(byte[] cksum1, byte[] cksum2) {
--- a/src/share/classes/sun/security/krb5/internal/crypto/Crc32CksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/Crc32CksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -32,7 +32,6 @@ import sun.security.krb5.*; import sun.security.krb5.internal.*; -import java.util.zip.CRC32; public class Crc32CksumType extends CksumType { @@ -47,7 +46,7 @@ return Checksum.CKSUMTYPE_CRC32; } - public boolean isSafe() { + public boolean isKeyed() { return false; } @@ -63,18 +62,15 @@ return 0; } - public byte[] calculateChecksum(byte[] data, int size) { + public byte[] calculateChecksum(byte[] data, int size, + byte[] key, int usage) { return crc32.byte2crc32sum_bytes(data, size); } - public byte[] calculateKeyedChecksum(byte[] data, int size, - byte[] key, int usage) { - return null; - } - - public boolean verifyKeyedChecksum(byte[] data, int size, - byte[] key, byte[] checksum, int usage) { - return false; + public boolean verifyChecksum(byte[] data, int size, + byte[] key, byte[] checksum, int usage) { + return CksumType.isChecksumEqual(checksum, + crc32.byte2crc32sum_bytes(data)); } public static byte[] int2quad(long input) {
--- a/src/share/classes/sun/security/krb5/internal/crypto/DesCbcCrcEType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/DesCbcCrcEType.java Mon Feb 03 06:30:19 2020 +0000 @@ -53,7 +53,7 @@ } public int checksumType() { - return Checksum.CKSUMTYPE_CRC32; + return Checksum.CKSUMTYPE_RSA_MD5; } public int checksumSize() {
--- a/src/share/classes/sun/security/krb5/internal/crypto/DesMacCksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/DesMacCksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -49,7 +49,7 @@ return Checksum.CKSUMTYPE_DES_MAC; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -65,10 +65,6 @@ return 8; } - public byte[] calculateChecksum(byte[] data, int size) { - return null; - } - /** * Calculates keyed checksum. * @param data the data used to generate the checksum. @@ -78,7 +74,7 @@ * * @modified by Yanni Zhang, 12/08/99. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { byte[] new_data = new byte[size + confounderSize()]; byte[] conf = Confounder.bytes(confounderSize()); @@ -130,7 +126,7 @@ * * @modified by Yanni Zhang, 12/08/99. */ - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { byte[] cksum = decryptKeyedChecksum(checksum, key);
--- a/src/share/classes/sun/security/krb5/internal/crypto/DesMacKCksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/DesMacKCksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -48,7 +48,7 @@ return Checksum.CKSUMTYPE_DES_MAC_K; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -64,10 +64,6 @@ return 8; } - public byte[] calculateChecksum(byte[] data, int size) { - return null; - } - /** * Calculates keyed checksum. * @param data the data used to generate the checksum. @@ -77,7 +73,7 @@ * * @modified by Yanni Zhang, 12/08/99. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { //check for weak keys try { @@ -93,9 +89,9 @@ return cksum; } - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { - byte[] new_cksum = calculateKeyedChecksum(data, data.length, key, usage); + byte[] new_cksum = calculateChecksum(data, data.length, key, usage); return isChecksumEqual(checksum, new_cksum); }
--- a/src/share/classes/sun/security/krb5/internal/crypto/HmacMd5ArcFourCksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/HmacMd5ArcFourCksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ import sun.security.krb5.Checksum; import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; -import javax.crypto.spec.DESKeySpec; -import java.security.InvalidKeyException; import java.security.GeneralSecurityException; /** @@ -51,7 +49,7 @@ return Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -67,10 +65,6 @@ return 16; // bytes } - public byte[] calculateChecksum(byte[] data, int size) { - return null; - } - /** * Calculates keyed checksum. * @param data the data used to generate the checksum. @@ -78,7 +72,7 @@ * @param key the key used to encrypt the checksum. * @return keyed checksum. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { try { @@ -98,7 +92,7 @@ * @param checksum * @return true if verification is successful. */ - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { try {
--- a/src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes128CksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes128CksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ import sun.security.krb5.Checksum; import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; -import javax.crypto.spec.DESKeySpec; -import java.security.InvalidKeyException; import java.security.GeneralSecurityException; /* @@ -51,7 +49,7 @@ return Checksum.CKSUMTYPE_HMAC_SHA1_96_AES128; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -67,10 +65,6 @@ return 16; // bytes } - public byte[] calculateChecksum(byte[] data, int size) { - return null; - } - /** * Calculates keyed checksum. * @param data the data used to generate the checksum. @@ -78,7 +72,7 @@ * @param key the key used to encrypt the checksum. * @return keyed checksum. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { try { @@ -98,7 +92,7 @@ * @param checksum * @return true if verification is successful. */ - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { try {
--- a/src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes256CksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Aes256CksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ import sun.security.krb5.Checksum; import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; -import javax.crypto.spec.DESKeySpec; -import java.security.InvalidKeyException; import java.security.GeneralSecurityException; /* @@ -51,7 +49,7 @@ return Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -67,10 +65,6 @@ return 32; // bytes } - public byte[] calculateChecksum(byte[] data, int size) { - return null; - } - /** * Calculates keyed checksum. * @param data the data used to generate the checksum. @@ -78,7 +72,7 @@ * @param key the key used to encrypt the checksum. * @return keyed checksum. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { try { @@ -98,7 +92,7 @@ * @param checksum * @return true if verification is successful. */ - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { try {
--- a/src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Des3KdCksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/HmacSha1Des3KdCksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ import sun.security.krb5.Checksum; import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; -import javax.crypto.spec.DESKeySpec; -import java.security.InvalidKeyException; import java.security.GeneralSecurityException; public class HmacSha1Des3KdCksumType extends CksumType { @@ -45,7 +43,7 @@ return Checksum.CKSUMTYPE_HMAC_SHA1_DES3_KD; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -61,10 +59,6 @@ return 24; // bytes } - public byte[] calculateChecksum(byte[] data, int size) { - return null; - } - /** * Calculates keyed checksum. * @param data the data used to generate the checksum. @@ -72,7 +66,7 @@ * @param key the key used to encrypt the checksum. * @return keyed checksum. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { try { @@ -92,7 +86,7 @@ * @param checksum * @return true if verification is successful. */ - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { try {
--- a/src/share/classes/sun/security/krb5/internal/crypto/RsaMd5CksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/RsaMd5CksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -33,8 +33,6 @@ import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; import java.security.MessageDigest; -import java.security.Provider; -import java.security.Security; public final class RsaMd5CksumType extends CksumType { @@ -49,7 +47,7 @@ return Checksum.CKSUMTYPE_RSA_MD5; } - public boolean isSafe() { + public boolean isKeyed() { return false; } @@ -74,7 +72,8 @@ * @modified by Yanni Zhang, 12/08/99. */ - public byte[] calculateChecksum(byte[] data, int size) throws KrbCryptoException{ + public byte[] calculateChecksum(byte[] data, int size, + byte[] key, int usage) throws KrbCryptoException{ MessageDigest md5; byte[] result = null; try { @@ -91,14 +90,15 @@ return result; } - public byte[] calculateKeyedChecksum(byte[] data, int size, - byte[] key, int usage) throws KrbCryptoException { - return null; - } - - public boolean verifyKeyedChecksum(byte[] data, int size, - byte[] key, byte[] checksum, int usage) throws KrbCryptoException { - return false; + @Override + public boolean verifyChecksum(byte[] data, int size, + byte[] key, byte[] checksum, int usage) + throws KrbCryptoException { + try { + byte[] calculated = MessageDigest.getInstance("MD5").digest(data); + return CksumType.isChecksumEqual(calculated, checksum); + } catch (Exception e) { + return false; + } } - }
--- a/src/share/classes/sun/security/krb5/internal/crypto/RsaMd5DesCksumType.java Mon Feb 03 05:19:44 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/crypto/RsaMd5DesCksumType.java Mon Feb 03 06:30:19 2020 +0000 @@ -33,12 +33,8 @@ import sun.security.krb5.Confounder; import sun.security.krb5.KrbCryptoException; import sun.security.krb5.internal.*; -import javax.crypto.Cipher; -import javax.crypto.SecretKey; import javax.crypto.spec.DESKeySpec; import java.security.MessageDigest; -import java.security.Provider; -import java.security.Security; import java.security.InvalidKeyException; public final class RsaMd5DesCksumType extends CksumType { @@ -54,7 +50,7 @@ return Checksum.CKSUMTYPE_RSA_MD5_DES; } - public boolean isSafe() { + public boolean isKeyed() { return true; } @@ -79,7 +75,7 @@ * * @modified by Yanni Zhang, 12/08/99. */ - public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key, + public byte[] calculateChecksum(byte[] data, int size, byte[] key, int usage) throws KrbCryptoException { //prepend confounder byte[] new_data = new byte[size + confounderSize()]; @@ -88,7 +84,7 @@ System.arraycopy(data, 0, new_data, confounderSize(), size); //calculate md5 cksum - byte[] mdc_cksum = calculateChecksum(new_data, new_data.length); + byte[] mdc_cksum = calculateRawChecksum(new_data, new_data.length); byte[] cksum = new byte[cksumSize()]; System.arraycopy(conf, 0, cksum, 0, confounderSize()); System.arraycopy(mdc_cksum, 0, cksum, confounderSize(), @@ -125,7 +121,7 @@ * * @modified by Yanni Zhang, 12/08/99. */ - public boolean verifyKeyedChecksum(byte[] data, int size, + public boolean verifyChecksum(byte[] data, int size, byte[] key, byte[] checksum, int usage) throws KrbCryptoException { //decrypt checksum byte[] cksum = decryptKeyedChecksum(checksum, key); @@ -135,7 +131,7 @@ System.arraycopy(cksum, 0, new_data, 0, confounderSize()); System.arraycopy(data, 0, new_data, confounderSize(), size); - byte[] new_cksum = calculateChecksum(new_data, new_data.length); + byte[] new_cksum = calculateRawChecksum(new_data, new_data.length); //extract original cksum value byte[] orig_cksum = new byte[cksumSize() - confounderSize()]; System.arraycopy(cksum, confounderSize(), orig_cksum, 0, @@ -181,7 +177,7 @@ * * @modified by Yanni Zhang, 12/08/99. */ - public byte[] calculateChecksum(byte[] data, int size) throws KrbCryptoException{ + private byte[] calculateRawChecksum(byte[] data, int size) throws KrbCryptoException{ MessageDigest md5; byte[] result = null; try { @@ -197,5 +193,4 @@ } return result; } - }
--- a/test/sun/security/krb5/auto/KDC.java Mon Feb 03 05:19:44 2020 +0000 +++ b/test/sun/security/krb5/auto/KDC.java Mon Feb 03 06:30:19 2020 +0000 @@ -672,7 +672,7 @@ * @return the key * @throws sun.security.krb5.KrbException for unknown/unsupported etype */ - private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server) + EncryptionKey keyForUser(PrincipalName p, int etype, boolean server) throws KrbException { try { // Do not call EncryptionKey.acquireSecretKeys(), otherwise @@ -743,7 +743,7 @@ int e2 = eTypes[0]; // etype for outgoing session key int e3 = eTypes[0]; // etype for outgoing ticket - PAData[] pas = kDCReqDotPAData(tgsReq); + PAData[] pas = tgsReq.pAData; Ticket tkt = null; EncTicketPart etp = null; @@ -753,7 +753,6 @@ for (PAData pa: pas) { if (pa.getType() == Krb5.PA_TGS_REQ) { APReq apReq = new APReq(pa.getValue()); - EncryptedData ed = apReq.authenticator; tkt = apReq.ticket; int te = tkt.encPart.getEType(); EncryptionKey kkey = keyForUser(tkt.sname, te, true); @@ -1113,7 +1112,7 @@ outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray())); } - PAData[] inPAs = kDCReqDotPAData(asReq); + PAData[] inPAs = asReq.pAData; if (inPAs == null || inPAs.length == 0) { Object preauth = options.get(Option.PREAUTH_REQUIRED); if (preauth == null || preauth.equals(Boolean.TRUE)) { @@ -1899,7 +1898,6 @@ } // Calling private methods thru reflections - private static final Field getPADataField; private static final Field getEType; private static final Constructor<EncryptedData> ctorEncryptedData; private static final Method stringToKey; @@ -1908,8 +1906,6 @@ try { ctorEncryptedData = EncryptedData.class.getDeclaredConstructor(DerValue.class); ctorEncryptedData.setAccessible(true); - getPADataField = KDCReq.class.getDeclaredField("pAData"); - getPADataField.setAccessible(true); getEType = KDCReqBody.class.getDeclaredField("eType"); getEType.setAccessible(true); stringToKey = EncryptionKey.class.getDeclaredMethod( @@ -1929,13 +1925,6 @@ throw new AssertionError(e); } } - private static PAData[] kDCReqDotPAData(KDCReq req) { - try { - return (PAData[])getPADataField.get(req); - } catch (Exception e) { - throw new AssertionError(e); - } - } private static int[] KDCReqBodyDotEType(KDCReqBody body) { try { return (int[]) getEType.get(body);