< prev index next >
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java
Print this page
rev 15878 : 8168518: rcache interop with krb5-1.15
@@ -23,27 +23,54 @@
* questions.
*/
package sun.security.krb5.internal.rcache;
+import sun.security.action.GetPropertyAction;
+
import java.util.Objects;
/**
* The class represents a new style replay cache entry. It can be either used
* inside memory or in a dfl file.
*/
public class AuthTimeWithHash extends AuthTime
implements Comparable<AuthTimeWithHash> {
+ // The hash algorithm can be "HASH" or "SHA256".
+ public static final String DEFAULT_HASH_ALG;
+
+ static {
+ if (GetPropertyAction.privilegedGetProperty(
+ "jdk.krb5.rcache.usemd5", "false").equals("true")) {
+ DEFAULT_HASH_ALG = "HASH";
+ } else {
+ DEFAULT_HASH_ALG = "SHA256";
+ }
+ }
+
+ public static String realAlg(String alg) {
+ switch (alg) {
+ case "HASH":
+ return "MD5";
+ case "SHA256":
+ return "SHA-256";
+ default:
+ throw new AssertionError(alg + " is not HASH or SHA256");
+ }
+ }
+
+ final String hashAlg;
final String hash;
/**
* Constructs a new <code>AuthTimeWithHash</code>.
*/
public AuthTimeWithHash(String client, String server,
- int ctime, int cusec, String hash) {
+ int ctime, int cusec, String hashAlg, String hash) {
super(client, server, ctime, cusec);
+ this.hashAlg = hashAlg;
this.hash = hash;
}
/**
* Compares if an object equals to an <code>AuthTimeWithHash</code> object.
@@ -54,10 +81,11 @@
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof AuthTimeWithHash)) return false;
AuthTimeWithHash that = (AuthTimeWithHash)o;
return Objects.equals(hash, that.hash)
+ && Objects.equals(hashAlg, that.hashAlg)
&& Objects.equals(client, that.client)
&& Objects.equals(server, that.server)
&& ctime == that.ctime
&& cusec == that.cusec;
}
@@ -89,10 +117,23 @@
}
/**
* Compares with a possibly old style object. Used
* in DflCache$Storage#loadAndCheck.
+ * @return true if all AuthTime fields are the same but different hash
+ */
+ public boolean sameTimeDiffHash(AuthTimeWithHash old) {
+ if (!this.isSameIgnoresHash(old)) {
+ return false;
+ }
+ return this.hashAlg.equals(old.hashAlg) &&
+ !this.hash.equals(old.hash);
+ }
+
+ /**
+ * Compares with a possibly old style object. Used
+ * in DflCache$Storage#loadAndCheck.
* @return true if all AuthTime fields are the same
*/
public boolean isSameIgnoresHash(AuthTime old) {
return client.equals(old.client) &&
server.equals(old.server) &&
@@ -110,11 +151,11 @@
public byte[] encode(boolean withHash) {
String cstring;
String sstring;
if (withHash) {
cstring = "";
- sstring = String.format("HASH:%s %d:%s %d:%s", hash,
+ sstring = String.format("%s:%s %d:%s %d:%s", hashAlg, hash,
client.length(), client,
server.length(), server);
} else {
cstring = client;
sstring = server;
< prev index next >