< prev index next >

src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java

Print this page
rev 15878 : 8168518: rcache interop with krb5-1.15

@@ -23,27 +23,47 @@
  * questions.
  */
 
 package sun.security.krb5.internal.rcache;
 
+import sun.security.action.GetPropertyAction;
+
 import java.util.Objects;
 
 /**
  * The class represents a new style replay cache entry. It can be either used
  * inside memory or in a dfl file.
  */
 public class AuthTimeWithHash extends AuthTime
         implements Comparable<AuthTimeWithHash> {
 
+    // The hash algorithm can be "HASH" or "SHA256".
+    public static String DEFAULT_HASH_ALG = GetPropertyAction
+            .privilegedGetProperty("jdk.krb5.rcache.hashalg", "HASH");
+
+    public static String realAlg(String alg) {
+        if (alg.equals("HASH")) {
+            return "MD5";
+        } else if (alg.equals("SHA")) {
+            return "SHA-1";
+        } else if (alg.startsWith("SHA") && !alg.startsWith("SHA-")) {
+            return "SHA-" + alg.substring(3);
+        } else {
+            return alg;
+        }
+    }
+
+    final String hashAlg;
     final String hash;
 
     /**
      * Constructs a new <code>AuthTimeWithHash</code>.
      */
     public AuthTimeWithHash(String client, String server,
-            int ctime, int cusec, String hash) {
+            int ctime, int cusec, String hashAlg, String hash) {
         super(client, server, ctime, cusec);
+        this.hashAlg = hashAlg;
         this.hash = hash;
     }
 
     /**
      * Compares if an object equals to an <code>AuthTimeWithHash</code> object.

@@ -54,10 +74,11 @@
     public boolean equals(Object o) {
         if (this == o) return true;
         if (!(o instanceof AuthTimeWithHash)) return false;
         AuthTimeWithHash that = (AuthTimeWithHash)o;
         return Objects.equals(hash, that.hash)
+                && Objects.equals(hashAlg, that.hashAlg)
                 && Objects.equals(client, that.client)
                 && Objects.equals(server, that.server)
                 && ctime == that.ctime
                 && cusec == that.cusec;
     }

@@ -89,10 +110,23 @@
     }
 
     /**
      * Compares with a possibly old style object. Used
      * in DflCache$Storage#loadAndCheck.
+     * @return true if all AuthTime fields are the same but different hash
+     */
+    public boolean sameTimeDiffHash(AuthTimeWithHash old) {
+        if (!this.isSameIgnoresHash(old)) {
+            return false;
+        }
+        return this.hashAlg.equals(old.hashAlg) &&
+                !this.hash.equals(old.hash);
+    }
+
+    /**
+     * Compares with a possibly old style object. Used
+     * in DflCache$Storage#loadAndCheck.
      * @return true if all AuthTime fields are the same
      */
     public boolean isSameIgnoresHash(AuthTime old) {
         return  client.equals(old.client) &&
                 server.equals(old.server) &&

@@ -110,11 +144,11 @@
     public byte[] encode(boolean withHash) {
         String cstring;
         String sstring;
         if (withHash) {
             cstring = "";
-            sstring = String.format("HASH:%s %d:%s %d:%s", hash,
+            sstring = String.format("%s:%s %d:%s %d:%s", hashAlg, hash,
                     client.length(), client,
                     server.length(), server);
         } else {
             cstring = client;
             sstring = server;
< prev index next >