changeset 9679:c448ab3c4262

8029995: accept yes/no for boolean krb5.conf settings Reviewed-by: mullan
author weijun
date Fri, 04 Apr 2014 21:19:43 +0800
parents f59b19679950
children 5ed0f02131ad
files src/share/classes/javax/security/auth/kerberos/package-info.java src/share/classes/sun/security/krb5/Config.java src/share/classes/sun/security/krb5/internal/KDCOptions.java src/share/classes/sun/security/krb5/internal/crypto/EType.java test/sun/security/krb5/config/YesNo.java test/sun/security/krb5/config/yesno.conf
diffstat 6 files changed, 115 insertions(+), 50 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/javax/security/auth/kerberos/package-info.java	Fri Apr 04 15:43:10 2014 +0400
+++ b/src/share/classes/javax/security/auth/kerberos/package-info.java	Fri Apr 04 21:19:43 2014 +0800
@@ -48,6 +48,12 @@
  * {@code <java-home>/lib/security} and failing that, in an OS-specific
  * location.<p>
  *
+ * The {@code krb5.conf} file is formatted in the Windows INI file style,
+ * which contains a series of relations grouped into different sections.
+ * Each relation contains a key and a value, the value can be an arbitrary
+ * string or a boolean value. A boolean value can be one of "true", "false",
+ * "yes", or "no", case-insensitive.<p>
+ *
  * @since JDK1.4
  */
 package javax.security.auth.kerberos;
--- a/src/share/classes/sun/security/krb5/Config.java	Fri Apr 04 15:43:10 2014 +0400
+++ b/src/share/classes/sun/security/krb5/Config.java	Fri Apr 04 21:19:43 2014 +0800
@@ -32,20 +32,15 @@
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.util.Hashtable;
-import java.util.Vector;
-import java.util.ArrayList;
+import java.util.*;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
 import java.io.IOException;
-import java.util.StringTokenizer;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.AccessController;
 import java.security.PrivilegedExceptionAction;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Locale;
+
 import sun.net.dns.ResolverConfiguration;
 import sun.security.krb5.internal.crypto.EType;
 import sun.security.krb5.internal.Krb5;
@@ -232,6 +227,31 @@
     }
 
     /**
+     * Gets the boolean value for the specified keys. Returns TRUE if the
+     * string value is "yes", or "true", FALSE if "no", or "false", or null
+     * if otherwise or not defined. The comparision is case-insensitive.
+     *
+     * @param keys the keys, see {@link #get(String...)}
+     * @return the boolean value, or null if there is no value defined or the
+     * value does not look like a boolean value.
+     * @throws IllegalArgumentException see {@link #get(String...)}
+     */
+    public Boolean getBooleanObject(String... keys) {
+        String s = get(keys);
+        if (s == null) {
+            return null;
+        }
+        switch (s.toLowerCase(Locale.US)) {
+            case "yes": case "true":
+                return Boolean.TRUE;
+            case "no": case "false":
+                return Boolean.FALSE;
+            default:
+                return null;
+        }
+    }
+
+    /**
      * Gets all values for the specified keys.
      * @throws IllegalArgumentException if any of the keys is illegal
      *         (See {@link #get})
@@ -317,23 +337,6 @@
     }
 
     /**
-     * Gets the boolean value for the specified keys.
-     * @param keys the keys
-     * @return the boolean value, false is returned if it cannot be
-     * found or the value is not "true" (case insensitive).
-     * @throw IllegalArgumentException if any of the keys is illegal
-     * @see #get(java.lang.String[])
-     */
-    public boolean getBooleanValue(String... keys) {
-        String val = get(keys);
-        if (val != null && val.equalsIgnoreCase("true")) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    /**
      * Parses a string to an integer. The convertible strings include the
      * string representations of positive integers, negative integers, and
      * hex decimal integers.  Valid inputs are, e.g., -1234, +1234,
@@ -341,7 +344,7 @@
      *
      * @param input the String to be converted to an Integer.
      * @return an numeric value represented by the string
-     * @exception NumberFormationException if the String does not contain a
+     * @exception NumberFormatException if the String does not contain a
      * parsable integer.
      */
     private int parseIntValue(String input) throws NumberFormatException {
@@ -927,32 +930,20 @@
      * use addresses if "no_addresses" or "noaddresses" is set to false
      */
     public boolean useAddresses() {
-        boolean useAddr = false;
-        // use addresses if "no_addresses" is set to false
-        String value = get("libdefaults", "no_addresses");
-        useAddr = (value != null && value.equalsIgnoreCase("false"));
-        if (useAddr == false) {
-            // use addresses if "noaddresses" is set to false
-            value = get("libdefaults", "noaddresses");
-            useAddr = (value != null && value.equalsIgnoreCase("false"));
-        }
-        return useAddr;
+        return getBooleanObject("libdefaults", "no_addresses") == Boolean.FALSE ||
+                getBooleanObject("libdefaults", "noaddresses") == Boolean.FALSE;
     }
 
     /**
-     * Check if need to use DNS to locate Kerberos services
+     * Check if need to use DNS to locate Kerberos services for name. If not
+     * defined, check dns_fallback, whose default value is true.
      */
     private boolean useDNS(String name) {
-        String value = get("libdefaults", name);
-        if (value == null) {
-            value = get("libdefaults", "dns_fallback");
-            if ("false".equalsIgnoreCase(value)) {
-                return false;
-            } else {
-                return true;
-            }
+        Boolean value = getBooleanObject("libdefaults", name);
+        if (value != null) {
+            return value.booleanValue();
         } else {
-            return value.equalsIgnoreCase("true");
+            return getBooleanObject("libdefaults", "dns_fallback") != Boolean.FALSE;
         }
     }
 
--- a/src/share/classes/sun/security/krb5/internal/KDCOptions.java	Fri Apr 04 15:43:10 2014 +0400
+++ b/src/share/classes/sun/security/krb5/internal/KDCOptions.java	Fri Apr 04 21:19:43 2014 +0800
@@ -299,14 +299,14 @@
             if ((options & KDC_OPT_RENEWABLE_OK) == KDC_OPT_RENEWABLE_OK) {
                 set(RENEWABLE_OK, true);
             } else {
-                if (config.getBooleanValue("libdefaults", "renewable")) {
+                if (config.getBooleanObject("libdefaults", "renewable") == Boolean.TRUE) {
                     set(RENEWABLE_OK, true);
                 }
             }
             if ((options & KDC_OPT_PROXIABLE) == KDC_OPT_PROXIABLE) {
                 set(PROXIABLE, true);
             } else {
-                if (config.getBooleanValue("libdefaults", "proxiable")) {
+                if (config.getBooleanObject("libdefaults", "proxiable") == Boolean.TRUE) {
                     set(PROXIABLE, true);
                 }
             }
@@ -314,7 +314,7 @@
             if ((options & KDC_OPT_FORWARDABLE) == KDC_OPT_FORWARDABLE) {
                 set(FORWARDABLE, true);
             } else {
-                if (config.getBooleanValue("libdefaults", "forwardable")) {
+                if (config.getBooleanObject("libdefaults", "forwardable") == Boolean.TRUE) {
                     set(FORWARDABLE, true);
                 }
             }
--- a/src/share/classes/sun/security/krb5/internal/crypto/EType.java	Fri Apr 04 15:43:10 2014 +0400
+++ b/src/share/classes/sun/security/krb5/internal/crypto/EType.java	Fri Apr 04 21:19:43 2014 +0800
@@ -58,8 +58,8 @@
         boolean allowed = false;
         try {
             Config cfg = Config.getInstance();
-            String temp = cfg.get("libdefaults", "allow_weak_crypto");
-            if (temp != null && temp.equals("true")) allowed = true;
+            allowed = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
+                    == Boolean.TRUE;
         } catch (Exception exc) {
             if (DEBUG) {
                 System.out.println ("Exception in getting allow_weak_crypto, " +
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/krb5/config/YesNo.java	Fri Apr 04 21:19:43 2014 +0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029995
+ * @summary accept yes/no for boolean krb5.conf settings
+ * @compile -XDignore.symbol.file YesNo.java
+ * @run main/othervm YesNo
+ */
+import sun.security.krb5.Config;
+import sun.security.krb5.internal.crypto.EType;
+
+import java.util.Arrays;
+
+public class YesNo {
+    static Config config = null;
+    public static void main(String[] args) throws Exception {
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/yesno.conf");
+        config = Config.getInstance();
+        check("a", Boolean.TRUE);
+        check("b", Boolean.FALSE);
+        check("c", Boolean.TRUE);
+        check("d", Boolean.FALSE);
+        check("e", null);
+        check("f", null);
+
+        if (!Arrays.stream(EType.getBuiltInDefaults())
+                .anyMatch(n -> n < 4)) {
+            throw new Exception();
+        }
+    }
+
+    static void check(String k, Boolean expected) throws Exception {
+        Boolean result = config.getBooleanObject("libdefaults", k);
+        if (expected != result) {
+            throw new Exception("value for " + k + " is " + result);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/krb5/config/yesno.conf	Fri Apr 04 21:19:43 2014 +0800
@@ -0,0 +1,7 @@
+[libdefaults]
+a = true
+b = FALSE
+c = YES
+d = no
+e = nothing
+allow_weak_crypto = yes