8025124: InitialToken.useNullKey incorrectly applies NULL_KEY in some cases
Reviewed-by: xuelei
--- a/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java Tue Oct 15 20:54:00 2013 -0400
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java Wed Oct 16 14:39:00 2013 +0800
@@ -277,24 +277,17 @@
byte[] credBytes = new byte[credLen];
System.arraycopy(checksumBytes, 28, credBytes, 0, credLen);
- CipherHelper cipherHelper = context.getCipherHelper(key);
- if (useNullKey(cipherHelper)) {
- delegCreds =
- new KrbCred(credBytes, EncryptionKey.NULL_KEY).
- getDelegatedCreds()[0];
- } else {
- KrbCred cred;
- try {
- cred = new KrbCred(credBytes, key);
- } catch (KrbException e) {
- if (subKey != null) {
- cred = new KrbCred(credBytes, subKey);
- } else {
- throw e;
- }
+ KrbCred cred;
+ try {
+ cred = new KrbCred(credBytes, key);
+ } catch (KrbException ke) {
+ if (subKey != null) {
+ cred = new KrbCred(credBytes, subKey);
+ } else {
+ throw ke;
}
- delegCreds = cred.getDelegatedCreds()[0];
}
+ delegCreds = cred.getDelegatedCreds()[0];
}
}
--- a/jdk/src/share/classes/sun/security/krb5/KrbCred.java Tue Oct 15 20:54:00 2013 -0400
+++ b/jdk/src/share/classes/sun/security/krb5/KrbCred.java Wed Oct 16 14:39:00 2013 +0800
@@ -119,7 +119,7 @@
return credMessg;
}
- // Used in InitialToken, key always NULL_KEY
+ // Used in InitialToken, NULL_KEY might be used
public KrbCred(byte[] asn1Message, EncryptionKey key)
throws KrbException, IOException {
@@ -127,6 +127,9 @@
ticket = credMessg.tickets[0];
+ if (credMessg.encPart.getEType() == 0) {
+ key = EncryptionKey.NULL_KEY;
+ }
byte[] temp = credMessg.encPart.decrypt(key,
KeyUsage.KU_ENC_KRB_CRED_PART);
byte[] plainText = credMessg.encPart.reset(temp);