--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java Fri Jul 05 00:24:54 2019 -0700
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java Sat Jul 06 08:11:19 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,82 +58,6 @@
}
/**
- * Retrieve the service ticket for serverPrincipal from caller's Subject
- * or from Subject obtained by logging in, or if not found, via the
- * Ticket Granting Service using the TGT obtained from the Subject.
- *
- * Caller must have permission to:
- * - access and update Subject's private credentials
- * - create LoginContext
- * - read the auth.login.defaultCallbackHandler security property
- *
- * NOTE: This method is used by JSSE Kerberos Cipher Suites
- */
- public static KerberosTicket getTicketFromSubjectAndTgs(GSSCaller caller,
- String clientPrincipal, String serverPrincipal, String tgsPrincipal,
- AccessControlContext acc)
- throws LoginException, KrbException, IOException {
-
- // 1. Try to find service ticket in acc subject
- Subject accSubj = Subject.getSubject(acc);
- KerberosTicket ticket = SubjectComber.find(accSubj,
- serverPrincipal, clientPrincipal, KerberosTicket.class);
-
- if (ticket != null) {
- return ticket; // found it
- }
-
- Subject loginSubj = null;
- if (!GSSUtil.useSubjectCredsOnly(caller)) {
- // 2. Try to get ticket from login
- try {
- loginSubj = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
- ticket = SubjectComber.find(loginSubj,
- serverPrincipal, clientPrincipal, KerberosTicket.class);
- if (ticket != null) {
- return ticket; // found it
- }
- } catch (LoginException e) {
- // No login entry to use
- // ignore and continue
- }
- }
-
- // Service ticket not found in subject or login
- // Try to get TGT to acquire service ticket
-
- // 3. Try to get TGT from acc subject
- KerberosTicket tgt = SubjectComber.find(accSubj,
- tgsPrincipal, clientPrincipal, KerberosTicket.class);
-
- boolean fromAcc;
- if (tgt == null && loginSubj != null) {
- // 4. Try to get TGT from login subject
- tgt = SubjectComber.find(loginSubj,
- tgsPrincipal, clientPrincipal, KerberosTicket.class);
- fromAcc = false;
- } else {
- fromAcc = true;
- }
-
- // 5. Try to get service ticket using TGT
- if (tgt != null) {
- Credentials tgtCreds = ticketToCreds(tgt);
- Credentials serviceCreds = Credentials.acquireServiceCreds(
- serverPrincipal, tgtCreds);
- if (serviceCreds != null) {
- ticket = credsToTicket(serviceCreds);
-
- // Store service ticket in acc's Subject
- if (fromAcc && accSubj != null && !accSubj.isReadOnly()) {
- accSubj.getPrivateCredentials().add(ticket);
- }
- }
- }
- return ticket;
- }
-
- /**
* Retrieves the ticket corresponding to the client/server principal
* pair from the Subject in the specified AccessControlContext.
* If the ticket can not be found in the Subject, and if