# HG changeset patch # User weijun # Date 1367972734 -28800 # Node ID 0a7ace07ea112347611408398f4b99c9000744ea # Parent 1444a769a68a65a6fd974d922cc90e4b340ca941 8012679: Let allow_weak_crypto default to false Reviewed-by: valeriep diff -r 1444a769a68a -r 0a7ace07ea11 jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java --- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java Mon May 06 11:43:51 2013 -0400 +++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java Wed May 08 08:25:34 2013 +0800 @@ -55,11 +55,11 @@ } public static void initStatic() { - boolean allowed = true; + boolean allowed = false; try { Config cfg = Config.getInstance(); String temp = cfg.get("libdefaults", "allow_weak_crypto"); - if (temp != null && temp.equals("false")) allowed = false; + if (temp != null && temp.equals("true")) allowed = true; } catch (Exception exc) { if (DEBUG) { System.out.println ("Exception in getting allow_weak_crypto, " + diff -r 1444a769a68a -r 0a7ace07ea11 jdk/test/sun/security/krb5/auto/DupEtypes.java --- a/jdk/test/sun/security/krb5/auto/DupEtypes.java Mon May 06 11:43:51 2013 -0400 +++ b/jdk/test/sun/security/krb5/auto/DupEtypes.java Wed May 08 08:25:34 2013 +0800 @@ -34,6 +34,7 @@ */ import sun.security.jgss.GSSUtil; +import sun.security.krb5.Config; public class DupEtypes { @@ -42,6 +43,14 @@ OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "default_keytab_name = " + OneKDC.KTAB, + "allow_weak_crypto = true"); + Config.refresh(); + + // Rewrite to include DES keys + kdc.writeKtab(OneKDC.KTAB); + // Different test cases, read KDC.processAsReq for details kdc.setOption(KDC.Option.DUP_ETYPE, Integer.parseInt(args[0])); diff -r 1444a769a68a -r 0a7ace07ea11 jdk/test/sun/security/krb5/etype/WeakCrypto.java --- a/jdk/test/sun/security/krb5/etype/WeakCrypto.java Mon May 06 11:43:51 2013 -0400 +++ b/jdk/test/sun/security/krb5/etype/WeakCrypto.java Wed May 08 08:25:34 2013 +0800 @@ -22,29 +22,41 @@ */ /* * @test - * @bug 6844909 + * @bug 6844909 8012679 * @run main/othervm WeakCrypto + * @run main/othervm WeakCrypto true + * @run main/othervm WeakCrypto false * @summary support allow_weak_crypto in krb5.conf */ import java.io.File; +import java.lang.Exception; +import java.nio.file.Files; +import java.nio.file.Paths; + import sun.security.krb5.internal.crypto.EType; import sun.security.krb5.EncryptedData; public class WeakCrypto { public static void main(String[] args) throws Exception { - System.setProperty("java.security.krb5.conf", - System.getProperty("test.src", ".") + - File.separator + - "weakcrypto.conf"); + String conf = "[libdefaults]\n" + + (args.length > 0 ? ("allow_weak_crypto = " + args[0]) : ""); + Files.write(Paths.get("krb5.conf"), conf.getBytes()); + System.setProperty("java.security.krb5.conf", "krb5.conf"); + + boolean expected = args.length != 0 && args[0].equals("true"); int[] etypes = EType.getBuiltInDefaults(); + boolean found = false; for (int i=0, length = etypes.length; i