# HG changeset patch # User weijun # Date 1396617583 -28800 # Node ID 33cc4db6209b3fce33d2f4c91312e9aac6db4287 # Parent 54ae9dd9df737d1ef49f036d982e95c776d61159 8029995: accept yes/no for boolean krb5.conf settings Reviewed-by: mullan diff -r 54ae9dd9df73 -r 33cc4db6209b jdk/src/share/classes/javax/security/auth/kerberos/package-info.java --- a/jdk/src/share/classes/javax/security/auth/kerberos/package-info.java Fri Apr 04 15:43:10 2014 +0400 +++ b/jdk/src/share/classes/javax/security/auth/kerberos/package-info.java Fri Apr 04 21:19:43 2014 +0800 @@ -48,6 +48,12 @@ * {@code /lib/security} and failing that, in an OS-specific * location.

* + * The {@code krb5.conf} file is formatted in the Windows INI file style, + * which contains a series of relations grouped into different sections. + * Each relation contains a key and a value, the value can be an arbitrary + * string or a boolean value. A boolean value can be one of "true", "false", + * "yes", or "no", case-insensitive.

+ * * @since JDK1.4 */ package javax.security.auth.kerberos; diff -r 54ae9dd9df73 -r 33cc4db6209b jdk/src/share/classes/sun/security/krb5/Config.java --- a/jdk/src/share/classes/sun/security/krb5/Config.java Fri Apr 04 15:43:10 2014 +0400 +++ b/jdk/src/share/classes/sun/security/krb5/Config.java Fri Apr 04 21:19:43 2014 +0800 @@ -32,20 +32,15 @@ import java.io.File; import java.io.FileInputStream; -import java.util.Hashtable; -import java.util.Vector; -import java.util.ArrayList; +import java.util.*; import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.IOException; -import java.util.StringTokenizer; import java.net.InetAddress; import java.net.UnknownHostException; import java.security.AccessController; import java.security.PrivilegedExceptionAction; -import java.util.Arrays; -import java.util.List; -import java.util.Locale; + import sun.net.dns.ResolverConfiguration; import sun.security.krb5.internal.crypto.EType; import sun.security.krb5.internal.Krb5; @@ -232,6 +227,31 @@ } /** + * Gets the boolean value for the specified keys. Returns TRUE if the + * string value is "yes", or "true", FALSE if "no", or "false", or null + * if otherwise or not defined. The comparision is case-insensitive. + * + * @param keys the keys, see {@link #get(String...)} + * @return the boolean value, or null if there is no value defined or the + * value does not look like a boolean value. + * @throws IllegalArgumentException see {@link #get(String...)} + */ + public Boolean getBooleanObject(String... keys) { + String s = get(keys); + if (s == null) { + return null; + } + switch (s.toLowerCase(Locale.US)) { + case "yes": case "true": + return Boolean.TRUE; + case "no": case "false": + return Boolean.FALSE; + default: + return null; + } + } + + /** * Gets all values for the specified keys. * @throws IllegalArgumentException if any of the keys is illegal * (See {@link #get}) @@ -317,23 +337,6 @@ } /** - * Gets the boolean value for the specified keys. - * @param keys the keys - * @return the boolean value, false is returned if it cannot be - * found or the value is not "true" (case insensitive). - * @throw IllegalArgumentException if any of the keys is illegal - * @see #get(java.lang.String[]) - */ - public boolean getBooleanValue(String... keys) { - String val = get(keys); - if (val != null && val.equalsIgnoreCase("true")) { - return true; - } else { - return false; - } - } - - /** * Parses a string to an integer. The convertible strings include the * string representations of positive integers, negative integers, and * hex decimal integers. Valid inputs are, e.g., -1234, +1234, @@ -341,7 +344,7 @@ * * @param input the String to be converted to an Integer. * @return an numeric value represented by the string - * @exception NumberFormationException if the String does not contain a + * @exception NumberFormatException if the String does not contain a * parsable integer. */ private int parseIntValue(String input) throws NumberFormatException { @@ -927,32 +930,20 @@ * use addresses if "no_addresses" or "noaddresses" is set to false */ public boolean useAddresses() { - boolean useAddr = false; - // use addresses if "no_addresses" is set to false - String value = get("libdefaults", "no_addresses"); - useAddr = (value != null && value.equalsIgnoreCase("false")); - if (useAddr == false) { - // use addresses if "noaddresses" is set to false - value = get("libdefaults", "noaddresses"); - useAddr = (value != null && value.equalsIgnoreCase("false")); - } - return useAddr; + return getBooleanObject("libdefaults", "no_addresses") == Boolean.FALSE || + getBooleanObject("libdefaults", "noaddresses") == Boolean.FALSE; } /** - * Check if need to use DNS to locate Kerberos services + * Check if need to use DNS to locate Kerberos services for name. If not + * defined, check dns_fallback, whose default value is true. */ private boolean useDNS(String name) { - String value = get("libdefaults", name); - if (value == null) { - value = get("libdefaults", "dns_fallback"); - if ("false".equalsIgnoreCase(value)) { - return false; - } else { - return true; - } + Boolean value = getBooleanObject("libdefaults", name); + if (value != null) { + return value.booleanValue(); } else { - return value.equalsIgnoreCase("true"); + return getBooleanObject("libdefaults", "dns_fallback") != Boolean.FALSE; } } diff -r 54ae9dd9df73 -r 33cc4db6209b jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java --- a/jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java Fri Apr 04 15:43:10 2014 +0400 +++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java Fri Apr 04 21:19:43 2014 +0800 @@ -299,14 +299,14 @@ if ((options & KDC_OPT_RENEWABLE_OK) == KDC_OPT_RENEWABLE_OK) { set(RENEWABLE_OK, true); } else { - if (config.getBooleanValue("libdefaults", "renewable")) { + if (config.getBooleanObject("libdefaults", "renewable") == Boolean.TRUE) { set(RENEWABLE_OK, true); } } if ((options & KDC_OPT_PROXIABLE) == KDC_OPT_PROXIABLE) { set(PROXIABLE, true); } else { - if (config.getBooleanValue("libdefaults", "proxiable")) { + if (config.getBooleanObject("libdefaults", "proxiable") == Boolean.TRUE) { set(PROXIABLE, true); } } @@ -314,7 +314,7 @@ if ((options & KDC_OPT_FORWARDABLE) == KDC_OPT_FORWARDABLE) { set(FORWARDABLE, true); } else { - if (config.getBooleanValue("libdefaults", "forwardable")) { + if (config.getBooleanObject("libdefaults", "forwardable") == Boolean.TRUE) { set(FORWARDABLE, true); } } diff -r 54ae9dd9df73 -r 33cc4db6209b jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java --- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java Fri Apr 04 15:43:10 2014 +0400 +++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java Fri Apr 04 21:19:43 2014 +0800 @@ -58,8 +58,8 @@ boolean allowed = false; try { Config cfg = Config.getInstance(); - String temp = cfg.get("libdefaults", "allow_weak_crypto"); - if (temp != null && temp.equals("true")) allowed = true; + allowed = cfg.getBooleanObject("libdefaults", "allow_weak_crypto") + == Boolean.TRUE; } catch (Exception exc) { if (DEBUG) { System.out.println ("Exception in getting allow_weak_crypto, " + diff -r 54ae9dd9df73 -r 33cc4db6209b jdk/test/sun/security/krb5/config/YesNo.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/config/YesNo.java Fri Apr 04 21:19:43 2014 +0800 @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8029995 + * @summary accept yes/no for boolean krb5.conf settings + * @compile -XDignore.symbol.file YesNo.java + * @run main/othervm YesNo + */ +import sun.security.krb5.Config; +import sun.security.krb5.internal.crypto.EType; + +import java.util.Arrays; + +public class YesNo { + static Config config = null; + public static void main(String[] args) throws Exception { + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") +"/yesno.conf"); + config = Config.getInstance(); + check("a", Boolean.TRUE); + check("b", Boolean.FALSE); + check("c", Boolean.TRUE); + check("d", Boolean.FALSE); + check("e", null); + check("f", null); + + if (!Arrays.stream(EType.getBuiltInDefaults()) + .anyMatch(n -> n < 4)) { + throw new Exception(); + } + } + + static void check(String k, Boolean expected) throws Exception { + Boolean result = config.getBooleanObject("libdefaults", k); + if (expected != result) { + throw new Exception("value for " + k + " is " + result); + } + } +} diff -r 54ae9dd9df73 -r 33cc4db6209b jdk/test/sun/security/krb5/config/yesno.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/config/yesno.conf Fri Apr 04 21:19:43 2014 +0800 @@ -0,0 +1,7 @@ +[libdefaults] +a = true +b = FALSE +c = YES +d = no +e = nothing +allow_weak_crypto = yes