jdk-sandbox: changeset 56685:c7e7234828c0

--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSCaller.java	Wed Jun 06 14:29:49 2018 -0400
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSCaller.java	Thu Jun 07 07:23:15 2018 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,8 +34,6 @@
     public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN");
     public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
     public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
-    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT");
-    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER");
 
     private String name;
     GSSCaller(String s) {

--- a/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java	Wed Jun 06 14:29:49 2018 -0400
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java	Thu Jun 07 07:23:15 2018 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,16 +109,6 @@
                     "com.sun.security.jgss.krb5.accept",
                     "com.sun.security.jgss.accept",
                 };
-            } else if (caller == GSSCaller.CALLER_SSL_CLIENT) {
-                alts = new String[] {
-                    "com.sun.security.jgss.krb5.initiate",
-                    "com.sun.net.ssl.client",
-                };
-            } else if (caller == GSSCaller.CALLER_SSL_SERVER) {
-                alts = new String[] {
-                    "com.sun.security.jgss.krb5.accept",
-                    "com.sun.net.ssl.server",
-                };
             } else if (caller instanceof HttpCaller) {
                 alts = new String[] {
                     "com.sun.security.jgss.krb5.initiate",
@@ -132,14 +122,12 @@
             /*
             switch (caller) {
             case GSSUtil.CALLER_INITIATE:
-            case GSSUtil.CALLER_SSL_CLIENT:
             case GSSUtil.CALLER_HTTP_NEGOTIATE:
                 alts = new String[] {
                     "com.sun.security.jgss." + mechName + ".initiate",
                 };
                 break;
             case GSSUtil.CALLER_ACCEPT:
-            case GSSUtil.CALLER_SSL_SERVER:
                 alts = new String[] {
                     "com.sun.security.jgss." + mechName + ".accept",
                 };
@@ -207,7 +195,6 @@
     }
 
     private static boolean isServerSide (GSSCaller caller) {
-        return GSSCaller.CALLER_ACCEPT == caller ||
-               GSSCaller.CALLER_SSL_SERVER == caller;
+        return GSSCaller.CALLER_ACCEPT == caller;
     }
 }

--- a/src/java.security.jgss/share/classes/sun/security/krb5/EncryptedData.java	Wed Jun 06 14:29:49 2018 -0400
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/EncryptedData.java	Thu Jun 07 07:23:15 2018 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -103,7 +103,7 @@
         return new_encryptedData;
     }
 
-     // Used in JSSE (com.sun.net.ssl.internal.KerberosPreMasterSecret)
+    // Used by test
     public EncryptedData(
                          int new_eType,
                          Integer new_kvno,
@@ -126,8 +126,7 @@
     }
     */
 
-     // used in KrbApRep, KrbApReq, KrbAsReq, KrbCred, KrbPriv
-     // Used in JSSE (com.sun.net.ssl.internal.KerberosPreMasterSecret)
+    // used in KrbApRep, KrbApReq, KrbAsReq, KrbCred, KrbPriv
     public EncryptedData(
                          EncryptionKey key,
                          byte[] plaintext,

--- a/test/jdk/sun/security/krb5/auto/unbound.ssl.jaas.conf	Wed Jun 06 14:29:49 2018 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-com.sun.net.ssl.client {
-    com.sun.security.auth.module.Krb5LoginModule required
-    principal="USER@TEST.REALM"
-    doNotPrompt=true
-    useKeyTab=true
-    keyTab="krb5.keytab.data";
-};
-
-server_star {
-    com.sun.security.auth.module.Krb5LoginModule required
-    principal="*"
-    isInitiator=false
-    useKeyTab=true
-    keyTab="krb5.keytab.data"
-    storeKey=true;
-};
-
-server_multiple_principals {
-    com.sun.security.auth.module.Krb5LoginModule required
-    principal="host/service1.localhost@TEST.REALM"
-    isInitiator=false
-    useKeyTab=true
-    keyTab="krb5.keytab.data"
-    storeKey=true;
-
-    com.sun.security.auth.module.Krb5LoginModule required
-    principal="host/service2.localhost@TEST.REALM"
-    isInitiator=false
-    useKeyTab=true
-    keyTab="krb5.keytab.data"
-    storeKey=true;
-
-    com.sun.security.auth.module.Krb5LoginModule required
-    principal="host/service3.localhost@TEST.REALM"
-    isInitiator=false
-    useKeyTab=true
-    keyTab="krb5.keytab.data"
-    storeKey=true;
-};
-

--- a/test/jdk/sun/security/krb5/auto/unbound.ssl.policy	Wed Jun 06 14:29:49 2018 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-grant {
-    permission java.util.PropertyPermission "*", "read,write";
-    permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect";
-    permission java.io.FilePermission "/-", "read";
-    permission java.io.FilePermission "*", "read,write,delete";
-    permission java.lang.RuntimePermission "accessDeclaredMembers";
-    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-    permission java.lang.RuntimePermission "accessClassInPackage.*";
-    permission javax.security.auth.AuthPermission "doAs";
-    permission javax.security.auth.AuthPermission "getSubject";
-    permission javax.security.auth.AuthPermission
-                    "createLoginContext.server_star";
-    permission javax.security.auth.AuthPermission
-                    "createLoginContext.server_multiple_principals";
-    permission javax.security.auth.AuthPermission "modifyPrincipals";
-    permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read";
-
-    // clients have a permission to use all service principals
-    permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
-
-    // server has a service permission
-    // to accept only service1 and service3 principals
-    permission javax.security.auth.kerberos.ServicePermission
-                    "host/service1.localhost@TEST.REALM", "accept";
-    permission javax.security.auth.kerberos.ServicePermission
-                    "host/service3.localhost@TEST.REALM", "accept";
-};

author	weijun
	Thu, 07 Jun 2018 07:23:15 +0800
branch	JDK-8145252-TLS13-branch
changeset 56685	c7e7234828c0
parent 56684	89bfd8e0ff19
child 56686	07dc566630ee

src/java.security.jgss/share/classes/sun/security/jgss/GSSCaller.java		file \| annotate \| diff \| comparison \| revisions
src/java.security.jgss/share/classes/sun/security/jgss/LoginConfigImpl.java		file \| annotate \| diff \| comparison \| revisions
src/java.security.jgss/share/classes/sun/security/krb5/EncryptedData.java		file \| annotate \| diff \| comparison \| revisions
test/jdk/sun/security/krb5/auto/unbound.ssl.jaas.conf		file \| annotate \| diff \| comparison \| revisions
test/jdk/sun/security/krb5/auto/unbound.ssl.policy		file \| annotate \| diff \| comparison \| revisions