< prev index next >
src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java
Print this page
rev 15878 : 8168518: rcache interop with krb5-1.15
@@ -23,27 +23,47 @@
* questions.
*/
package sun.security.krb5.internal.rcache;
+import sun.security.action.GetPropertyAction;
+
import java.util.Objects;
/**
* The class represents a new style replay cache entry. It can be either used
* inside memory or in a dfl file.
*/
public class AuthTimeWithHash extends AuthTime
implements Comparable<AuthTimeWithHash> {
+ // The hash algorithm can be "HASH" or "SHA256".
+ public static String DEFAULT_HASH_ALG = GetPropertyAction
+ .privilegedGetProperty("jdk.krb5.rcache.hashalg", "HASH");
+
+ public static String realAlg(String alg) {
+ if (alg.equals("HASH")) {
+ return "MD5";
+ } else if (alg.equals("SHA")) {
+ return "SHA-1";
+ } else if (alg.startsWith("SHA") && !alg.startsWith("SHA-")) {
+ return "SHA-" + alg.substring(3);
+ } else {
+ return alg;
+ }
+ }
+
+ final String hashAlg;
final String hash;
/**
* Constructs a new <code>AuthTimeWithHash</code>.
*/
public AuthTimeWithHash(String client, String server,
- int ctime, int cusec, String hash) {
+ int ctime, int cusec, String hashAlg, String hash) {
super(client, server, ctime, cusec);
+ this.hashAlg = hashAlg;
this.hash = hash;
}
/**
* Compares if an object equals to an <code>AuthTimeWithHash</code> object.
@@ -54,10 +74,11 @@
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof AuthTimeWithHash)) return false;
AuthTimeWithHash that = (AuthTimeWithHash)o;
return Objects.equals(hash, that.hash)
+ && Objects.equals(hashAlg, that.hashAlg)
&& Objects.equals(client, that.client)
&& Objects.equals(server, that.server)
&& ctime == that.ctime
&& cusec == that.cusec;
}
@@ -89,10 +110,23 @@
}
/**
* Compares with a possibly old style object. Used
* in DflCache$Storage#loadAndCheck.
+ * @return true if all AuthTime fields are the same but different hash
+ */
+ public boolean sameTimeDiffHash(AuthTimeWithHash old) {
+ if (!this.isSameIgnoresHash(old)) {
+ return false;
+ }
+ return this.hashAlg.equals(old.hashAlg) &&
+ !this.hash.equals(old.hash);
+ }
+
+ /**
+ * Compares with a possibly old style object. Used
+ * in DflCache$Storage#loadAndCheck.
* @return true if all AuthTime fields are the same
*/
public boolean isSameIgnoresHash(AuthTime old) {
return client.equals(old.client) &&
server.equals(old.server) &&
@@ -110,11 +144,11 @@
public byte[] encode(boolean withHash) {
String cstring;
String sstring;
if (withHash) {
cstring = "";
- sstring = String.format("HASH:%s %d:%s %d:%s", hash,
+ sstring = String.format("%s:%s %d:%s %d:%s", hashAlg, hash,
client.length(), client,
server.length(), server);
} else {
cstring = client;
sstring = server;
< prev index next >