changeset 11854:fd0e0898721c

8147772: Update KerberosTicket to describe behavior if it has been destroyed and fix NullPointerExceptions 8163104: Unexpected NPE still possible on some Kerberos ticket calls Reviewed-by: weijun
author coffeys
date Wed, 10 Aug 2016 16:33:24 +0100
parents d0308c23e33b
children 283c8d76ec26
files src/share/classes/javax/security/auth/kerberos/KerberosTicket.java src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java test/javax/security/auth/kerberos/KerberosTixDateTest.java
diffstat 3 files changed, 48 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java	Wed Mar 26 19:53:07 2014 +0000
+++ b/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java	Wed Aug 10 16:33:24 2016 +0100
@@ -377,7 +377,7 @@
      * @return true if this ticket is forwardable, false if not.
      */
     public final boolean isForwardable() {
-        return flags[FORWARDABLE_TICKET_FLAG];
+        return flags == null? false: flags[FORWARDABLE_TICKET_FLAG];
     }
 
     /**
@@ -389,7 +389,7 @@
      * false otherwise.
      */
     public final boolean isForwarded() {
-        return flags[FORWARDED_TICKET_FLAG];
+        return flags == null? false: flags[FORWARDED_TICKET_FLAG];
     }
 
     /**
@@ -398,7 +398,7 @@
      * @return true if this ticket is proxiable, false if not.
      */
     public final boolean isProxiable() {
-        return flags[PROXIABLE_TICKET_FLAG];
+        return flags == null? false: flags[PROXIABLE_TICKET_FLAG];
     }
 
     /**
@@ -407,7 +407,7 @@
      * @return true if this ticket is a proxy-ticket, false if not.
      */
     public final boolean isProxy() {
-        return flags[PROXY_TICKET_FLAG];
+        return flags == null? false: flags[PROXY_TICKET_FLAG];
     }
 
 
@@ -417,7 +417,7 @@
      * @return true if this ticket is post-dated, false if not.
      */
     public final boolean isPostdated() {
-        return flags[POSTDATED_TICKET_FLAG];
+        return flags == null? false: flags[POSTDATED_TICKET_FLAG];
     }
 
     /**
@@ -428,7 +428,7 @@
      * @return true if this ticket is renewable, false if not.
      */
     public final boolean isRenewable() {
-        return flags[RENEWABLE_TICKET_FLAG];
+        return flags == null? false: flags[RENEWABLE_TICKET_FLAG];
     }
 
     /**
@@ -439,7 +439,7 @@
      * protocol, false if not.
      */
     public final boolean isInitial() {
-        return flags[INITIAL_TICKET_FLAG];
+        return flags == null? false: flags[INITIAL_TICKET_FLAG];
     }
 
     /**
@@ -479,7 +479,7 @@
      * @return the expiration time for this ticket's validity period.
      */
     public final java.util.Date getEndTime() {
-        return (Date) endTime.clone();
+        return (endTime == null) ? null : (Date) endTime.clone();
     }
 
     /**
@@ -515,7 +515,7 @@
 
     /** Determines if this ticket is still current.  */
     public boolean isCurrent() {
-        return (System.currentTimeMillis() <= getEndTime().getTime());
+        return endTime == null? false: (System.currentTimeMillis() <= endTime.getTime());
     }
 
     /**
--- a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Wed Mar 26 19:53:07 2014 +0000
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Wed Aug 10 16:33:24 2016 +0100
@@ -235,8 +235,11 @@
      */
     public int getInitLifetime() throws GSSException {
         int retVal = 0;
-        retVal = (int)(getEndTime().getTime()
-                       - (new Date().getTime()));
+        Date d = getEndTime();
+        if (d == null) {
+            return 0;
+        }
+        retVal = (int)(d.getTime() - (new Date().getTime()));
 
         return retVal/1000;
     }
--- a/test/javax/security/auth/kerberos/KerberosTixDateTest.java	Wed Mar 26 19:53:07 2014 +0000
+++ b/test/javax/security/auth/kerberos/KerberosTixDateTest.java	Wed Aug 10 16:33:24 2016 +0100
@@ -23,15 +23,18 @@
 
 /*
  * @test
- * @bug 6659990
- * @summary test the immutability of the Date fields in KerberosTicket class.
+ * @bug 6659990 8147772
+ * @summary test the immutability of the Date fields in KerberosTicket class,
+ *          serialization, and behavior after being destroyed.
  * @ignore Must set up KDC and setup Kerberos configuration file
  */
 
-import java.net.InetAddress;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
 import java.util.Date;
 import java.io.*;
-import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.RefreshFailedException;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.kerberos.KerberosTicket;
 import java.util.Base64;
@@ -75,6 +78,7 @@
 
         testDateImmutability(t, originalTime);
         testS11nCompatibility(t); // S11n: Serialization
+        testDestroy(t);
     }
 
     private static void checkTime(KerberosTicket kt, long timeValue) {
@@ -137,4 +141,30 @@
 
         System.out.println("S11nCompatibility Test Passed");
     }
+
+    private static void testDestroy(KerberosTicket t) throws Exception {
+        t.destroy();
+        if (!t.isDestroyed()) {
+            throw new RuntimeException("ticket should have been destroyed");
+        }
+        // Although these methods are meaningless, they can be called
+        for (Method m: KerberosTicket.class.getDeclaredMethods()) {
+            if (Modifier.isPublic(m.getModifiers())
+                    && m.getParameterCount() == 0) {
+                System.out.println("Testing " + m.getName() + "...");
+                try {
+                    m.invoke(t);
+                } catch (InvocationTargetException e) {
+                    Throwable cause = e.getCause();
+                    if (cause instanceof RefreshFailedException ||
+                            cause instanceof IllegalStateException) {
+                        // this is OK
+                    } else {
+                        throw e;
+                    }
+                }
+            }
+        }
+        System.out.println("Destroy Test Passed");
+    }
 }