# HG changeset patch # User weijun # Date 1260170849 -28800 # Node ID 5b1eb97d243affb52b03ad704938c66b28e69dd7 # Parent ab0a9f4958443a45424e669897a5d41a3134920c 6879540: enable empty password for kerberos 5 Reviewed-by: valeriep, wetmore diff -r ab0a9f495844 -r 5b1eb97d243a jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java --- a/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java Thu Dec 03 18:19:10 2009 -0800 +++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java Mon Dec 07 15:27:29 2009 +0800 @@ -36,7 +36,7 @@ /** * This class constitutes the core of HMAC- algorithms, where - * can be SHA1 or MD5, etc. + * can be SHA1 or MD5, etc. See RFC 2104 for spec. * * It also contains the implementation classes for the SHA-256, * SHA-384, and SHA-512 HMACs. @@ -116,7 +116,7 @@ } byte[] secret = key.getEncoded(); - if (secret == null || secret.length == 0) { + if (secret == null) { throw new InvalidKeyException("Missing key data"); } diff -r ab0a9f495844 -r 5b1eb97d243a jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java --- a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Thu Dec 03 18:19:10 2009 -0800 +++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Mon Dec 07 15:27:29 2009 +0800 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,21 +25,19 @@ package com.sun.crypto.provider; -import java.io.*; +import java.io.ObjectStreamException; import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.Charset; import java.util.Arrays; import java.security.KeyRep; import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.spec.InvalidKeySpecException; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; /** * This class represents a PBE key derived using PBKDF2 defined @@ -123,7 +121,7 @@ this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength); } - private static byte[] deriveKey(Mac prf, byte[] password, byte[] salt, + private static byte[] deriveKey(final Mac prf, final byte[] password, byte[] salt, int iterCount, int keyLengthInBit) { int keyLength = keyLengthInBit/8; byte[] key = new byte[keyLength]; @@ -133,7 +131,34 @@ int intR = keyLength - (intL - 1)*hlen; // residue byte[] ui = new byte[hlen]; byte[] ti = new byte[hlen]; - SecretKey macKey = new SecretKeySpec(password, prf.getAlgorithm()); + // SecretKeySpec cannot be used, since password can be empty here. + SecretKey macKey = new SecretKey() { + @Override + public String getAlgorithm() { + return prf.getAlgorithm(); + } + @Override + public String getFormat() { + return "RAW"; + } + @Override + public byte[] getEncoded() { + return password; + } + @Override + public int hashCode() { + return Arrays.hashCode(password) * 41 + + prf.getAlgorithm().toLowerCase().hashCode(); + } + @Override + public boolean equals(Object obj) { + if (this == obj) return true; + if (this.getClass() != obj.getClass()) return false; + SecretKey sk = (SecretKey)obj; + return prf.getAlgorithm().equalsIgnoreCase(sk.getAlgorithm()) && + Arrays.equals(password, sk.getEncoded()); + } + }; prf.init(macKey); byte[] ibytes = new byte[4]; @@ -230,7 +255,7 @@ * @throws ObjectStreamException if a new object representing * this PBE key could not be created */ - private Object writeReplace() throws java.io.ObjectStreamException { + private Object writeReplace() throws ObjectStreamException { return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded()); }