--- a/jdk/src/share/classes/javax/security/auth/kerberos/package-info.java Fri Apr 04 15:43:10 2014 +0400
+++ b/jdk/src/share/classes/javax/security/auth/kerberos/package-info.java Fri Apr 04 21:19:43 2014 +0800
@@ -48,6 +48,12 @@
* {@code <java-home>/lib/security} and failing that, in an OS-specific
* location.<p>
*
+ * The {@code krb5.conf} file is formatted in the Windows INI file style,
+ * which contains a series of relations grouped into different sections.
+ * Each relation contains a key and a value, the value can be an arbitrary
+ * string or a boolean value. A boolean value can be one of "true", "false",
+ * "yes", or "no", case-insensitive.<p>
+ *
* @since JDK1.4
*/
package javax.security.auth.kerberos;
--- a/jdk/src/share/classes/sun/security/krb5/Config.java Fri Apr 04 15:43:10 2014 +0400
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java Fri Apr 04 21:19:43 2014 +0800
@@ -32,20 +32,15 @@
import java.io.File;
import java.io.FileInputStream;
-import java.util.Hashtable;
-import java.util.Vector;
-import java.util.ArrayList;
+import java.util.*;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.IOException;
-import java.util.StringTokenizer;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Locale;
+
import sun.net.dns.ResolverConfiguration;
import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.Krb5;
@@ -232,6 +227,31 @@
}
/**
+ * Gets the boolean value for the specified keys. Returns TRUE if the
+ * string value is "yes", or "true", FALSE if "no", or "false", or null
+ * if otherwise or not defined. The comparision is case-insensitive.
+ *
+ * @param keys the keys, see {@link #get(String...)}
+ * @return the boolean value, or null if there is no value defined or the
+ * value does not look like a boolean value.
+ * @throws IllegalArgumentException see {@link #get(String...)}
+ */
+ public Boolean getBooleanObject(String... keys) {
+ String s = get(keys);
+ if (s == null) {
+ return null;
+ }
+ switch (s.toLowerCase(Locale.US)) {
+ case "yes": case "true":
+ return Boolean.TRUE;
+ case "no": case "false":
+ return Boolean.FALSE;
+ default:
+ return null;
+ }
+ }
+
+ /**
* Gets all values for the specified keys.
* @throws IllegalArgumentException if any of the keys is illegal
* (See {@link #get})
@@ -317,23 +337,6 @@
}
/**
- * Gets the boolean value for the specified keys.
- * @param keys the keys
- * @return the boolean value, false is returned if it cannot be
- * found or the value is not "true" (case insensitive).
- * @throw IllegalArgumentException if any of the keys is illegal
- * @see #get(java.lang.String[])
- */
- public boolean getBooleanValue(String... keys) {
- String val = get(keys);
- if (val != null && val.equalsIgnoreCase("true")) {
- return true;
- } else {
- return false;
- }
- }
-
- /**
* Parses a string to an integer. The convertible strings include the
* string representations of positive integers, negative integers, and
* hex decimal integers. Valid inputs are, e.g., -1234, +1234,
@@ -341,7 +344,7 @@
*
* @param input the String to be converted to an Integer.
* @return an numeric value represented by the string
- * @exception NumberFormationException if the String does not contain a
+ * @exception NumberFormatException if the String does not contain a
* parsable integer.
*/
private int parseIntValue(String input) throws NumberFormatException {
@@ -927,32 +930,20 @@
* use addresses if "no_addresses" or "noaddresses" is set to false
*/
public boolean useAddresses() {
- boolean useAddr = false;
- // use addresses if "no_addresses" is set to false
- String value = get("libdefaults", "no_addresses");
- useAddr = (value != null && value.equalsIgnoreCase("false"));
- if (useAddr == false) {
- // use addresses if "noaddresses" is set to false
- value = get("libdefaults", "noaddresses");
- useAddr = (value != null && value.equalsIgnoreCase("false"));
- }
- return useAddr;
+ return getBooleanObject("libdefaults", "no_addresses") == Boolean.FALSE ||
+ getBooleanObject("libdefaults", "noaddresses") == Boolean.FALSE;
}
/**
- * Check if need to use DNS to locate Kerberos services
+ * Check if need to use DNS to locate Kerberos services for name. If not
+ * defined, check dns_fallback, whose default value is true.
*/
private boolean useDNS(String name) {
- String value = get("libdefaults", name);
- if (value == null) {
- value = get("libdefaults", "dns_fallback");
- if ("false".equalsIgnoreCase(value)) {
- return false;
- } else {
- return true;
- }
+ Boolean value = getBooleanObject("libdefaults", name);
+ if (value != null) {
+ return value.booleanValue();
} else {
- return value.equalsIgnoreCase("true");
+ return getBooleanObject("libdefaults", "dns_fallback") != Boolean.FALSE;
}
}
--- a/jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java Fri Apr 04 15:43:10 2014 +0400
+++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java Fri Apr 04 21:19:43 2014 +0800
@@ -299,14 +299,14 @@
if ((options & KDC_OPT_RENEWABLE_OK) == KDC_OPT_RENEWABLE_OK) {
set(RENEWABLE_OK, true);
} else {
- if (config.getBooleanValue("libdefaults", "renewable")) {
+ if (config.getBooleanObject("libdefaults", "renewable") == Boolean.TRUE) {
set(RENEWABLE_OK, true);
}
}
if ((options & KDC_OPT_PROXIABLE) == KDC_OPT_PROXIABLE) {
set(PROXIABLE, true);
} else {
- if (config.getBooleanValue("libdefaults", "proxiable")) {
+ if (config.getBooleanObject("libdefaults", "proxiable") == Boolean.TRUE) {
set(PROXIABLE, true);
}
}
@@ -314,7 +314,7 @@
if ((options & KDC_OPT_FORWARDABLE) == KDC_OPT_FORWARDABLE) {
set(FORWARDABLE, true);
} else {
- if (config.getBooleanValue("libdefaults", "forwardable")) {
+ if (config.getBooleanObject("libdefaults", "forwardable") == Boolean.TRUE) {
set(FORWARDABLE, true);
}
}
--- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java Fri Apr 04 15:43:10 2014 +0400
+++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/EType.java Fri Apr 04 21:19:43 2014 +0800
@@ -58,8 +58,8 @@
boolean allowed = false;
try {
Config cfg = Config.getInstance();
- String temp = cfg.get("libdefaults", "allow_weak_crypto");
- if (temp != null && temp.equals("true")) allowed = true;
+ allowed = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
+ == Boolean.TRUE;
} catch (Exception exc) {
if (DEBUG) {
System.out.println ("Exception in getting allow_weak_crypto, " +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/YesNo.java Fri Apr 04 21:19:43 2014 +0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029995
+ * @summary accept yes/no for boolean krb5.conf settings
+ * @compile -XDignore.symbol.file YesNo.java
+ * @run main/othervm YesNo
+ */
+import sun.security.krb5.Config;
+import sun.security.krb5.internal.crypto.EType;
+
+import java.util.Arrays;
+
+public class YesNo {
+ static Config config = null;
+ public static void main(String[] args) throws Exception {
+ System.setProperty("java.security.krb5.conf",
+ System.getProperty("test.src", ".") +"/yesno.conf");
+ config = Config.getInstance();
+ check("a", Boolean.TRUE);
+ check("b", Boolean.FALSE);
+ check("c", Boolean.TRUE);
+ check("d", Boolean.FALSE);
+ check("e", null);
+ check("f", null);
+
+ if (!Arrays.stream(EType.getBuiltInDefaults())
+ .anyMatch(n -> n < 4)) {
+ throw new Exception();
+ }
+ }
+
+ static void check(String k, Boolean expected) throws Exception {
+ Boolean result = config.getBooleanObject("libdefaults", k);
+ if (expected != result) {
+ throw new Exception("value for " + k + " is " + result);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/yesno.conf Fri Apr 04 21:19:43 2014 +0800
@@ -0,0 +1,7 @@
+[libdefaults]
+a = true
+b = FALSE
+c = YES
+d = no
+e = nothing
+allow_weak_crypto = yes