8227305: Krb5Util::getTicketFromSubjectAndTgs is useless
authorweijun
Sat, 06 Jul 2019 08:11:19 +0800
changeset 55613 a55b46a208d1
parent 55604 a30c86af2eb7
child 55614 040cb8bf265e
8227305: Krb5Util::getTicketFromSubjectAndTgs is useless Reviewed-by: xuelei
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java	Fri Jul 05 00:24:54 2019 -0700
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java	Sat Jul 06 08:11:19 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,82 +58,6 @@
     }
 
     /**
-     * Retrieve the service ticket for serverPrincipal from caller's Subject
-     * or from Subject obtained by logging in, or if not found, via the
-     * Ticket Granting Service using the TGT obtained from the Subject.
-     *
-     * Caller must have permission to:
-     *    - access and update Subject's private credentials
-     *    - create LoginContext
-     *    - read the auth.login.defaultCallbackHandler security property
-     *
-     * NOTE: This method is used by JSSE Kerberos Cipher Suites
-     */
-    public static KerberosTicket getTicketFromSubjectAndTgs(GSSCaller caller,
-        String clientPrincipal, String serverPrincipal, String tgsPrincipal,
-        AccessControlContext acc)
-        throws LoginException, KrbException, IOException {
-
-        // 1. Try to find service ticket in acc subject
-        Subject accSubj = Subject.getSubject(acc);
-        KerberosTicket ticket = SubjectComber.find(accSubj,
-            serverPrincipal, clientPrincipal, KerberosTicket.class);
-
-        if (ticket != null) {
-            return ticket;  // found it
-        }
-
-        Subject loginSubj = null;
-        if (!GSSUtil.useSubjectCredsOnly(caller)) {
-            // 2. Try to get ticket from login
-            try {
-                loginSubj = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
-                ticket = SubjectComber.find(loginSubj,
-                    serverPrincipal, clientPrincipal, KerberosTicket.class);
-                if (ticket != null) {
-                    return ticket; // found it
-                }
-            } catch (LoginException e) {
-                // No login entry to use
-                // ignore and continue
-            }
-        }
-
-        // Service ticket not found in subject or login
-        // Try to get TGT to acquire service ticket
-
-        // 3. Try to get TGT from acc subject
-        KerberosTicket tgt = SubjectComber.find(accSubj,
-            tgsPrincipal, clientPrincipal, KerberosTicket.class);
-
-        boolean fromAcc;
-        if (tgt == null && loginSubj != null) {
-            // 4. Try to get TGT from login subject
-            tgt = SubjectComber.find(loginSubj,
-                tgsPrincipal, clientPrincipal, KerberosTicket.class);
-            fromAcc = false;
-        } else {
-            fromAcc = true;
-        }
-
-        // 5. Try to get service ticket using TGT
-        if (tgt != null) {
-            Credentials tgtCreds = ticketToCreds(tgt);
-            Credentials serviceCreds = Credentials.acquireServiceCreds(
-                        serverPrincipal, tgtCreds);
-            if (serviceCreds != null) {
-                ticket = credsToTicket(serviceCreds);
-
-                // Store service ticket in acc's Subject
-                if (fromAcc && accSubj != null && !accSubj.isReadOnly()) {
-                    accSubj.getPrivateCredentials().add(ticket);
-                }
-            }
-        }
-        return ticket;
-    }
-
-    /**
      * Retrieves the ticket corresponding to the client/server principal
      * pair from the Subject in the specified AccessControlContext.
      * If the ticket can not be found in the Subject, and if