< prev index next >

src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java

Print this page
rev 15878 : 8168518: rcache interop with krb5-1.15

@@ -23,27 +23,54 @@
  * questions.
  */
 
 package sun.security.krb5.internal.rcache;
 
+import sun.security.action.GetPropertyAction;
+
 import java.util.Objects;
 
 /**
  * The class represents a new style replay cache entry. It can be either used
  * inside memory or in a dfl file.
  */
 public class AuthTimeWithHash extends AuthTime
         implements Comparable<AuthTimeWithHash> {
 
+    // The hash algorithm can be "HASH" or "SHA256".
+    public static final String DEFAULT_HASH_ALG;
+
+    static {
+        if (GetPropertyAction.privilegedGetProperty(
+                "jdk.krb5.rcache.usemd5", "false").equals("true")) {
+            DEFAULT_HASH_ALG = "HASH";
+        } else {
+            DEFAULT_HASH_ALG = "SHA256";
+        }
+    }
+
+    public static String realAlg(String alg) {
+        switch (alg) {
+            case "HASH":
+                return "MD5";
+            case "SHA256":
+                return "SHA-256";
+            default:
+                throw new AssertionError(alg + " is not HASH or SHA256");
+        }
+    }
+
+    final String hashAlg;
     final String hash;
 
     /**
      * Constructs a new <code>AuthTimeWithHash</code>.
      */
     public AuthTimeWithHash(String client, String server,
-            int ctime, int cusec, String hash) {
+            int ctime, int cusec, String hashAlg, String hash) {
         super(client, server, ctime, cusec);
+        this.hashAlg = hashAlg;
         this.hash = hash;
     }
 
     /**
      * Compares if an object equals to an <code>AuthTimeWithHash</code> object.

@@ -54,10 +81,11 @@
     public boolean equals(Object o) {
         if (this == o) return true;
         if (!(o instanceof AuthTimeWithHash)) return false;
         AuthTimeWithHash that = (AuthTimeWithHash)o;
         return Objects.equals(hash, that.hash)
+                && Objects.equals(hashAlg, that.hashAlg)
                 && Objects.equals(client, that.client)
                 && Objects.equals(server, that.server)
                 && ctime == that.ctime
                 && cusec == that.cusec;
     }

@@ -89,10 +117,23 @@
     }
 
     /**
      * Compares with a possibly old style object. Used
      * in DflCache$Storage#loadAndCheck.
+     * @return true if all AuthTime fields are the same but different hash
+     */
+    public boolean sameTimeDiffHash(AuthTimeWithHash old) {
+        if (!this.isSameIgnoresHash(old)) {
+            return false;
+        }
+        return this.hashAlg.equals(old.hashAlg) &&
+                !this.hash.equals(old.hash);
+    }
+
+    /**
+     * Compares with a possibly old style object. Used
+     * in DflCache$Storage#loadAndCheck.
      * @return true if all AuthTime fields are the same
      */
     public boolean isSameIgnoresHash(AuthTime old) {
         return  client.equals(old.client) &&
                 server.equals(old.server) &&

@@ -110,11 +151,11 @@
     public byte[] encode(boolean withHash) {
         String cstring;
         String sstring;
         if (withHash) {
             cstring = "";
-            sstring = String.format("HASH:%s %d:%s %d:%s", hash,
+            sstring = String.format("%s:%s %d:%s %d:%s", hashAlg, hash,
                     client.length(), client,
                     server.length(), server);
         } else {
             cstring = client;
             sstring = server;
< prev index next >