--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ReferralsCache.java Wed Jul 17 16:13:26 2019 -0700
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ReferralsCache.java Wed Jul 17 12:26:56 2019 -0300
@@ -45,8 +45,27 @@
*/
final class ReferralsCache {
- private static Map<PrincipalName, Map<String, ReferralCacheEntry>> referralsMap =
- new HashMap<>();
+ private static Map<ReferralCacheKey, Map<String, ReferralCacheEntry>>
+ referralsMap = new HashMap<>();
+
+ static private final class ReferralCacheKey {
+ private PrincipalName cname;
+ private PrincipalName sname;
+ ReferralCacheKey (PrincipalName cname, PrincipalName sname) {
+ this.cname = cname;
+ this.sname = sname;
+ }
+ public boolean equals(Object other) {
+ if (!(other instanceof ReferralCacheKey))
+ return false;
+ ReferralCacheKey that = (ReferralCacheKey)other;
+ return cname.equals(that.cname) &&
+ sname.equals(that.sname);
+ }
+ public int hashCode() {
+ return cname.hashCode() + sname.hashCode();
+ }
+ }
static final class ReferralCacheEntry {
private final Credentials creds;
@@ -64,8 +83,9 @@
}
/*
- * Add a new referral entry to the cache, including: service principal,
- * source KDC realm, destination KDC realm and referral TGT.
+ * Add a new referral entry to the cache, including: client principal,
+ * service principal, source KDC realm, destination KDC realm and
+ * referral TGT.
*
* If a loop is generated when adding the new referral, the first hop is
* automatically removed. For example, let's assume that adding a
@@ -73,16 +93,17 @@
* REALM-1.COM -> REALM-2.COM -> REALM-3.COM -> REALM-1.COM. Then,
* REALM-1.COM -> REALM-2.COM referral entry is removed from the cache.
*/
- static synchronized void put(PrincipalName service,
+ static synchronized void put(PrincipalName cname, PrincipalName service,
String fromRealm, String toRealm, Credentials creds) {
- pruneExpired(service);
+ ReferralCacheKey k = new ReferralCacheKey(cname, service);
+ pruneExpired(k);
if (creds.getEndTime().before(new Date())) {
return;
}
- Map<String, ReferralCacheEntry> entries = referralsMap.get(service);
+ Map<String, ReferralCacheEntry> entries = referralsMap.get(k);
if (entries == null) {
entries = new HashMap<String, ReferralCacheEntry>();
- referralsMap.put(service, entries);
+ referralsMap.put(k, entries);
}
entries.remove(fromRealm);
ReferralCacheEntry newEntry = new ReferralCacheEntry(creds, toRealm);
@@ -103,13 +124,14 @@
}
/*
- * Obtain a referral entry from the cache given a service principal and a
- * source KDC realm.
+ * Obtain a referral entry from the cache given a client principal,
+ * service principal and a source KDC realm.
*/
- static synchronized ReferralCacheEntry get(PrincipalName service,
- String fromRealm) {
- pruneExpired(service);
- Map<String, ReferralCacheEntry> entries = referralsMap.get(service);
+ static synchronized ReferralCacheEntry get(PrincipalName cname,
+ PrincipalName service, String fromRealm) {
+ ReferralCacheKey k = new ReferralCacheKey(cname, service);
+ pruneExpired(k);
+ Map<String, ReferralCacheEntry> entries = referralsMap.get(k);
if (entries != null) {
ReferralCacheEntry toRef = entries.get(fromRealm);
if (toRef != null) {
@@ -122,9 +144,9 @@
/*
* Remove referral entries from the cache when referral TGTs expire.
*/
- private static void pruneExpired(PrincipalName service) {
+ private static void pruneExpired(ReferralCacheKey k) {
Date now = new Date();
- Map<String, ReferralCacheEntry> entries = referralsMap.get(service);
+ Map<String, ReferralCacheEntry> entries = referralsMap.get(k);
if (entries != null) {
for (Entry<String, ReferralCacheEntry> mapEntry :
entries.entrySet()) {