Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL
authorweijun
Thu, 10 Jul 2014 10:44:48 +0800
changeset 25403 e982fe3e83a4
parent 25402 0c24d9aa8fb9
child 25404 c922a1b67208
8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL Reviewed-by: mullan
jdk/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java file | annotate | diff | comparison | revisions
jdk/src/share/classes/javax/security/sasl/SaslClient.java file | annotate | diff | comparison | revisions
jdk/src/share/classes/javax/security/sasl/SaslServer.java file | annotate | diff | comparison | revisions
jdk/test/sun/security/krb5/auto/SaslBasic.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java	Wed Jul 09 18:34:45 2014 -0700
+++ b/jdk/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java	Thu Jul 10 10:44:48 2014 +0800
@@ -26,11 +26,14 @@
 
 package com.sun.security.sasl.gsskerb;
 
+import java.util.Locale;
 import java.util.Map;
 import java.util.logging.Level;
 import javax.security.sasl.*;
 import com.sun.security.sasl.util.AbstractSaslImpl;
 import org.ietf.jgss.*;
+import com.sun.security.jgss.ExtendedGSSContext;
+import com.sun.security.jgss.InquireType;
 
 abstract class GssKrb5Base extends AbstractSaslImpl {
 
@@ -61,6 +64,36 @@
         return "GSSAPI";
     }
 
+    @Override
+    public Object getNegotiatedProperty(String propName) {
+        if (!completed) {
+            throw new IllegalStateException("Authentication incomplete");
+        }
+        String xprefix = "com.sun.security.jgss.inquiretype.";
+        if (propName.startsWith(xprefix)) {
+            String type = propName.substring(xprefix.length());
+            if (logger.isLoggable(Level.FINEST)) {
+                logger.logp(Level.FINE, "GssKrb5Base",
+                        "getNegotiatedProperty", propName);
+            }
+            for (InquireType t: InquireType.values()) {
+                if (t.name().toLowerCase(Locale.US).equals(type)) {
+                    try {
+                        return ((ExtendedGSSContext)secCtx).inquireSecContext(t);
+                    } catch (GSSException e) {
+                        if (logger.isLoggable(Level.FINEST)) {
+                            logger.log(Level.WARNING, "inquireSecContext error", e);
+                        }
+                        return null;
+                    }
+                }
+            }
+            // No such InquireType. Although not likely to be defined
+            // as a property in a parent class, still try it.
+        }
+        return super.getNegotiatedProperty(propName);
+    }
+
     public byte[] unwrap(byte[] incoming, int start, int len)
         throws SaslException {
         if (!completed) {
--- a/jdk/src/share/classes/javax/security/sasl/SaslClient.java	Wed Jul 09 18:34:45 2014 -0700
+++ b/jdk/src/share/classes/javax/security/sasl/SaslClient.java	Thu Jul 10 10:44:48 2014 +0800
@@ -204,6 +204,10 @@
      * This method can be called only after the authentication exchange has
      * completed (i.e., when {@code isComplete()} returns true); otherwise, an
      * {@code IllegalStateException} is thrown.
+     * <p>
+     * The {@link Sasl} class includes several well-known property names
+     * (For example, {@link Sasl#QOP}). A SASL provider can support other
+     * properties which are specific to the vendor and/or a mechanism.
      *
      * @param propName The non-null property name.
      * @return The value of the negotiated property. If null, the property was
--- a/jdk/src/share/classes/javax/security/sasl/SaslServer.java	Wed Jul 09 18:34:45 2014 -0700
+++ b/jdk/src/share/classes/javax/security/sasl/SaslServer.java	Thu Jul 10 10:44:48 2014 +0800
@@ -196,6 +196,10 @@
      * This method can be called only after the authentication exchange has
      * completed (i.e., when {@code isComplete()} returns true); otherwise, an
      * {@code IllegalStateException} is thrown.
+     * <p>
+     * The {@link Sasl} class includes several well-known property names
+     * (For example, {@link Sasl#QOP}). A SASL provider can support other
+     * properties which are specific to the vendor and/or a mechanism.
      *
      * @param propName the property
      * @return The value of the negotiated property. If null, the property was
--- a/jdk/test/sun/security/krb5/auto/SaslBasic.java	Wed Jul 09 18:34:45 2014 -0700
+++ b/jdk/test/sun/security/krb5/auto/SaslBasic.java	Thu Jul 10 10:44:48 2014 +0800
@@ -29,6 +29,8 @@
  * @run main/othervm SaslBasic bound
  * @run main/othervm SaslBasic unbound
  */
+import com.sun.security.jgss.InquireType;
+
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -82,11 +84,17 @@
             }
         }
         if (!bound) {
-            String boundName = (String)ss.getNegotiatedProperty(Sasl.BOUND_SERVER_NAME);
+            String boundName = (String)ss.getNegotiatedProperty(
+                    Sasl.BOUND_SERVER_NAME);
             if (!boundName.equals(name)) {
                 throw new Exception("Wrong bound server name");
             }
         }
+        Object key = ss.getNegotiatedProperty(
+                "com.sun.security.jgss.inquiretype.krb5_get_session_key");
+        if (key == null) {
+            throw new Exception("Extended negotiated property not read");
+        }
         byte[] hello = "hello".getBytes();
         token = sc.wrap(hello, 0, hello.length);
         token = ss.unwrap(token, 0, token.length);
jdk-sandbox