# HG changeset patch # User weijun # Date 1528327395 -28800 # Node ID c7e7234828c04fb7969230b99a001a186270a184 # Parent 89bfd8e0ff19d86e8eb5e61d4e6ac7f866a53c92 more jgss cleanup diff -r 89bfd8e0ff19 -r c7e7234828c0 src/java.security.jgss/share/classes/sun/security/jgss/GSSCaller.java --- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSCaller.java Wed Jun 06 14:29:49 2018 -0400 +++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSCaller.java Thu Jun 07 07:23:15 2018 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,8 +34,6 @@ public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN"); public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE"); public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT"); - public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT"); - public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER"); private String name; GSSCaller(String s) { diff -r 89bfd8e0ff19 -r c7e7234828c0 src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java --- a/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java Wed Jun 06 14:29:49 2018 -0400 +++ b/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java Thu Jun 07 07:23:15 2018 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -109,16 +109,6 @@ "com.sun.security.jgss.krb5.accept", "com.sun.security.jgss.accept", }; - } else if (caller == GSSCaller.CALLER_SSL_CLIENT) { - alts = new String[] { - "com.sun.security.jgss.krb5.initiate", - "com.sun.net.ssl.client", - }; - } else if (caller == GSSCaller.CALLER_SSL_SERVER) { - alts = new String[] { - "com.sun.security.jgss.krb5.accept", - "com.sun.net.ssl.server", - }; } else if (caller instanceof HttpCaller) { alts = new String[] { "com.sun.security.jgss.krb5.initiate", @@ -132,14 +122,12 @@ /* switch (caller) { case GSSUtil.CALLER_INITIATE: - case GSSUtil.CALLER_SSL_CLIENT: case GSSUtil.CALLER_HTTP_NEGOTIATE: alts = new String[] { "com.sun.security.jgss." + mechName + ".initiate", }; break; case GSSUtil.CALLER_ACCEPT: - case GSSUtil.CALLER_SSL_SERVER: alts = new String[] { "com.sun.security.jgss." + mechName + ".accept", }; @@ -207,7 +195,6 @@ } private static boolean isServerSide (GSSCaller caller) { - return GSSCaller.CALLER_ACCEPT == caller || - GSSCaller.CALLER_SSL_SERVER == caller; + return GSSCaller.CALLER_ACCEPT == caller; } } diff -r 89bfd8e0ff19 -r c7e7234828c0 src/java.security.jgss/share/classes/sun/security/krb5/EncryptedData.java --- a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptedData.java Wed Jun 06 14:29:49 2018 -0400 +++ b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptedData.java Thu Jun 07 07:23:15 2018 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -103,7 +103,7 @@ return new_encryptedData; } - // Used in JSSE (com.sun.net.ssl.internal.KerberosPreMasterSecret) + // Used by test public EncryptedData( int new_eType, Integer new_kvno, @@ -126,8 +126,7 @@ } */ - // used in KrbApRep, KrbApReq, KrbAsReq, KrbCred, KrbPriv - // Used in JSSE (com.sun.net.ssl.internal.KerberosPreMasterSecret) + // used in KrbApRep, KrbApReq, KrbAsReq, KrbCred, KrbPriv public EncryptedData( EncryptionKey key, byte[] plaintext, diff -r 89bfd8e0ff19 -r c7e7234828c0 test/jdk/sun/security/krb5/auto/unbound.ssl.jaas.conf --- a/test/jdk/sun/security/krb5/auto/unbound.ssl.jaas.conf Wed Jun 06 14:29:49 2018 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,40 +0,0 @@ -com.sun.net.ssl.client { - com.sun.security.auth.module.Krb5LoginModule required - principal="USER@TEST.REALM" - doNotPrompt=true - useKeyTab=true - keyTab="krb5.keytab.data"; -}; - -server_star { - com.sun.security.auth.module.Krb5LoginModule required - principal="*" - isInitiator=false - useKeyTab=true - keyTab="krb5.keytab.data" - storeKey=true; -}; - -server_multiple_principals { - com.sun.security.auth.module.Krb5LoginModule required - principal="host/service1.localhost@TEST.REALM" - isInitiator=false - useKeyTab=true - keyTab="krb5.keytab.data" - storeKey=true; - - com.sun.security.auth.module.Krb5LoginModule required - principal="host/service2.localhost@TEST.REALM" - isInitiator=false - useKeyTab=true - keyTab="krb5.keytab.data" - storeKey=true; - - com.sun.security.auth.module.Krb5LoginModule required - principal="host/service3.localhost@TEST.REALM" - isInitiator=false - useKeyTab=true - keyTab="krb5.keytab.data" - storeKey=true; -}; - diff -r 89bfd8e0ff19 -r c7e7234828c0 test/jdk/sun/security/krb5/auto/unbound.ssl.policy --- a/test/jdk/sun/security/krb5/auto/unbound.ssl.policy Wed Jun 06 14:29:49 2018 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ -grant { - permission java.util.PropertyPermission "*", "read,write"; - permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect"; - permission java.io.FilePermission "/-", "read"; - permission java.io.FilePermission "*", "read,write,delete"; - permission java.lang.RuntimePermission "accessDeclaredMembers"; - permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; - permission java.lang.RuntimePermission "accessClassInPackage.*"; - permission javax.security.auth.AuthPermission "doAs"; - permission javax.security.auth.AuthPermission "getSubject"; - permission javax.security.auth.AuthPermission - "createLoginContext.server_star"; - permission javax.security.auth.AuthPermission - "createLoginContext.server_multiple_principals"; - permission javax.security.auth.AuthPermission "modifyPrincipals"; - permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read"; - - // clients have a permission to use all service principals - permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; - - // server has a service permission - // to accept only service1 and service3 principals - permission javax.security.auth.kerberos.ServicePermission - "host/service1.localhost@TEST.REALM", "accept"; - permission javax.security.auth.kerberos.ServicePermission - "host/service3.localhost@TEST.REALM", "accept"; -};