Mercurial > hg > release > icedtea8-forest-3.0 > jdk
changeset 10726:02d6b1096e89
8071643: sun.security.krb5.KrbApReq.authenticate() is not thread safe
Reviewed-by: mullan
author | igerasim |
---|---|
date | Wed, 11 Feb 2015 14:45:56 +0300 |
parents | bed86c103348 |
children | 92b7d67ee862 |
files | src/share/classes/sun/security/krb5/KrbApReq.java |
diffstat | 1 files changed, 13 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/KrbApReq.java Fri Feb 06 18:42:49 2015 +0300 +++ b/src/share/classes/sun/security/krb5/KrbApReq.java Wed Feb 11 14:45:56 2015 +0300 @@ -60,22 +60,12 @@ private static boolean DEBUG = Krb5.DEBUG; private static final char[] hexConst = "0123456789ABCDEF".toCharArray(); - private static final MessageDigest md; - - static { - try { - md = MessageDigest.getInstance("MD5"); - } catch (NoSuchAlgorithmException ex) { - throw new RuntimeException("Impossible"); - } - } - /** * Constructs an AP-REQ message to send to the peer. * @param tgsCred the <code>Credentials</code> to be used to construct the * AP Request protocol message. * @param mutualRequired Whether mutual authentication is required - * @param useSubkey Whether the subkey is to be used to protect this + * @param useSubKey Whether the subkey is to be used to protect this * specific application session. If this is not set then the * session key from the ticket will be used. * @throws KrbException for any Kerberos protocol specific error @@ -99,10 +89,10 @@ * @param tgsCred the <code>Credentials</code> to be used to construct the * AP Request protocol message. * @param mutualRequired Whether mutual authentication is required - * @param useSubkey Whether the subkey is to be used to protect this + * @param useSubKey Whether the subkey is to be used to protect this * specific application session. If this is not set then the * session key from the ticket will be used. - * @param checksum checksum of the the application data that accompanies + * @param cksum checksum of the the application data that accompanies * the KRB_AP_REQ. * @throws KrbException for any Kerberos protocol specific error * @throws IOException for any IO related errors @@ -142,8 +132,8 @@ * Constructs an AP-REQ message from the bytes received from the * peer. * @param message The message received from the peer - * @param keys <code>EncrtyptionKey</code>s to decrypt the message; - * key selected will depend on etype used to encrypte data + * @param cred <code>KrbAcceptCredential</code> containing keys to decrypt + * the message; key selected will depend on etype used to encrypt data * @throws KrbException for any Kerberos protocol specific error * @throws IOException for any IO related errors * (e.g. socket operations) @@ -311,7 +301,14 @@ if (!authenticator.ctime.inClockSkew()) throw new KrbApErrException(Krb5.KRB_AP_ERR_SKEW); - byte[] hash = md.digest(apReqMessg.authenticator.cipher); + byte[] hash; + try { + hash = MessageDigest.getInstance("MD5") + .digest(apReqMessg.authenticator.cipher); + } catch (NoSuchAlgorithmException ex) { + throw new AssertionError("Impossible"); + } + char[] h = new char[hash.length * 2]; for (int i=0; i<hash.length; i++) { h[2*i] = hexConst[(hash[i]&0xff)>>4];