*
* It represents the following Oid value:
- * { 1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 2(gss-host-based-services) }
+ * { iso(1) member-body(2) United
+ * States(840) mit(113554) infosys(1) gssapi(2) generic(1) service_name(4)
+ * }
*/
public static final Oid NT_HOSTBASED_SERVICE
- = Oid.getInstance("1.3.6.1.5.6.2");
+ = Oid.getInstance("1.2.840.113554.1.2.1.4");
/**
* Name type to indicate a named user on a local system.
diff -r f39917c8cf46 -r eb8cec364323 jdk/src/share/classes/sun/security/jgss/GSSManagerImpl.java --- a/jdk/src/share/classes/sun/security/jgss/GSSManagerImpl.java Thu Dec 24 13:56:28 2009 +0800 +++ b/jdk/src/share/classes/sun/security/jgss/GSSManagerImpl.java Tue Jan 05 10:40:36 2010 +0800 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2010 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -89,6 +89,11 @@ Oid[] retVal = new Oid[mechs.length]; int pos = 0; + // Compatibility with RFC 2853 old NT_HOSTBASED_SERVICE value. + if (nameType.equals(GSSNameImpl.oldHostbasedServiceName)) { + nameType = GSSName.NT_HOSTBASED_SERVICE; + } + // Iterate thru all mechs in GSS for (int i = 0; i < mechs.length; i++) { // what nametypes does this mech support? diff -r f39917c8cf46 -r eb8cec364323 jdk/src/share/classes/sun/security/jgss/GSSNameImpl.java --- a/jdk/src/share/classes/sun/security/jgss/GSSNameImpl.java Thu Dec 24 13:56:28 2009 +0800 +++ b/jdk/src/share/classes/sun/security/jgss/GSSNameImpl.java Tue Jan 05 10:40:36 2010 +0800 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2010 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -81,6 +81,29 @@ public class GSSNameImpl implements GSSName { + /** + * The old Oid used in RFC 2853. Now supported as + * input parameters in: + * + * 1. The four overloaded GSSManager.createName(*) methods + * 2. GSSManager.getMechsForName(Oid) + * + * Note that even if a GSSName is created with this old Oid, + * its internal name type and getStringNameType() output are + * always the new value. + */ + final static Oid oldHostbasedServiceName; + + static { + Oid tmp = null; + try { + tmp = new Oid("1.3.6.1.5.6.2"); + } catch (Exception e) { + // should never happen + } + oldHostbasedServiceName = tmp; + } + private GSSManagerImpl gssManager = null; /* @@ -134,6 +157,9 @@ Oid mech) throws GSSException { + if (oldHostbasedServiceName.equals(appNameType)) { + appNameType = GSSName.NT_HOSTBASED_SERVICE; + } if (appName == null) throw new GSSExceptionImpl(GSSException.BAD_NAME, "Cannot import null name"); diff -r f39917c8cf46 -r eb8cec364323 jdk/src/share/classes/sun/security/jgss/GSSUtil.java --- a/jdk/src/share/classes/sun/security/jgss/GSSUtil.java Thu Dec 24 13:56:28 2009 +0800 +++ b/jdk/src/share/classes/sun/security/jgss/GSSUtil.java Tue Jan 05 10:40:36 2010 +0800 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2010 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -66,9 +66,6 @@ public static final Oid NT_GSS_KRB5_PRINCIPAL = GSSUtil.createOid("1.2.840.113554.1.2.2.1"); - public static final Oid NT_HOSTBASED_SERVICE2 = - GSSUtil.createOid("1.2.840.113554.1.2.1.4"); - private static final String DEFAULT_HANDLER = "auth.login.defaultCallbackHandler"; diff -r f39917c8cf46 -r eb8cec364323 jdk/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java --- a/jdk/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Thu Dec 24 13:56:28 2009 +0800 +++ b/jdk/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Tue Jan 05 10:40:36 2010 +0800 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2010 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,8 +55,7 @@ static final GSSNameElement DEF_ACCEPTOR = new GSSNameElement(); private static Oid getNativeNameType(Oid nameType, GSSLibStub stub) { - if (GSSUtil.NT_GSS_KRB5_PRINCIPAL.equals(nameType) || - GSSName.NT_HOSTBASED_SERVICE.equals(nameType)) { + if (GSSUtil.NT_GSS_KRB5_PRINCIPAL.equals(nameType)) { Oid[] supportedNTs = null; try { supportedNTs = stub.inquireNamesForMech(); @@ -83,15 +82,9 @@ if (supportedNTs[i].equals(nameType)) return nameType; } // Special handling the specified name type - if (GSSUtil.NT_GSS_KRB5_PRINCIPAL.equals(nameType)) { - SunNativeProvider.debug("Override " + nameType + - " with mechanism default(null)"); - return null; // Use mechanism specific default - } else { - SunNativeProvider.debug("Override " + nameType + - " with " + GSSUtil.NT_HOSTBASED_SERVICE2); - return GSSUtil.NT_HOSTBASED_SERVICE2; - } + SunNativeProvider.debug("Override " + nameType + + " with mechanism default(null)"); + return null; // Use mechanism specific default } } return nameType; diff -r f39917c8cf46 -r eb8cec364323 jdk/test/sun/security/krb5/auto/Test5653.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/Test5653.java Tue Jan 05 10:40:36 2010 +0800 @@ -0,0 +1,80 @@ +/* + * Copyright 2010 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6895424 + * @summary RFC 5653 + */ + +import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSManager; +import org.ietf.jgss.GSSName; +import org.ietf.jgss.Oid; +import sun.security.jgss.GSSUtil; + +public class Test5653 { + + public static void main(String[] args) + throws Exception { + + Oid oldOid = new Oid("1.3.6.1.5.6.2"); + new OneKDC(null).writeJAASConf(); + + System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); + GSSManager m = GSSManager.getInstance(); + boolean found = false; + + // Test 1: the getMechsForName() method accepts it. + for (Oid tmp: m.getMechsForName(oldOid)) { + if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { + found = true; + break; + } + } + if (!found) { + throw new Exception("Cannot found krb5 mech for old name type"); + } + + // Test 2: the createName() method accepts it. + GSSName name = m.createName("server@host.rabbit.hole", oldOid); + + // Test 3: its getStringNameType() output is correct + if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { + throw new Exception("GSSName not correct name type"); + } + + // Test 4: everything still works. + GSSContext c1 = m.createContext( + name, + GSSUtil.GSS_KRB5_MECH_OID, + null, + GSSContext.DEFAULT_LIFETIME); + byte[] token = c1.initSecContext(new byte[0], 0, 0); + + Context s; + s = Context.fromJAAS("server"); + s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + s.x().acceptSecContext(token, 0, token.length); + } +}