OpenJDK / jdk / jdk

changeset 57238:18420160287b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8234267: DelegationPermission implementation doesn't completely follow the updated specification Reviewed-by: xuelei
author weijun
date Thu, 05 Dec 2019 10:36:46 +0800
parents 1413f714d1a9
children 832efc785f53
files src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java
diffstat 2 files changed, 82 insertions(+), 27 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java	Wed Dec 04 10:38:54 2019 +0100
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java	Thu Dec 05 10:36:46 2019 +0800
@@ -109,29 +109,39 @@
      */
     private void init(String target) {
 
-        StringTokenizer t = null;
-        if (!target.startsWith("\"")) {
-            throw new IllegalArgumentException
-                ("service principal [" + target +
-                 "] syntax invalid: " +
-                 "improperly quoted");
-        } else {
-            t = new StringTokenizer(target, "\"", false);
-            subordinate = t.nextToken();
-            switch (t.countTokens()) {
-                case 2:
-                    t.nextToken();  // bypass whitespace
-                    service = t.nextToken();
-                    break;
-                case 0:
-                    throw new IllegalArgumentException
-                            ("service principal not provided");
-                default:
-                    throw new IllegalArgumentException
-                            ("service principal [" + t.nextToken() +
-                            "] syntax invalid: " +
-                            "improperly quoted");
+        // 7 tokens in a string:
+        //    "subordinate@R1" "service@R2"
+        //    1<------2----->345<----6--->7
+        StringTokenizer t = new StringTokenizer(target, "\"", true);
+        try {
+            if (!t.nextToken().equals("\"")) { // 1
+                throw new IllegalArgumentException("Illegal input [" + target
+                        + "]: improperly quoted");
+            }
+            subordinate = t.nextToken(); // 2
+            if (subordinate.equals("\"")) {
+                throw new IllegalArgumentException("Illegal input [" + target
+                        + "]: bad subordinate name");
             }
+            t.nextToken(); // 3
+            if (!t.nextToken().trim().isEmpty()) { // 4
+                throw new IllegalArgumentException("Illegal input [" + target
+                        + "]: improperly separated");
+            }
+            t.nextToken(); // 5
+            service = t.nextToken(); // 6
+            if (service.equals("\"")) {
+                throw new IllegalArgumentException("Illegal input [" + target
+                        + "]: bad service name");
+            }
+            t.nextToken(); // 7
+        } catch (NoSuchElementException e) {
+            throw new IllegalArgumentException("Illegal input [" + target
+                    + "]: not enough input");
+        }
+        if (t.hasMoreTokens()) {
+            throw new IllegalArgumentException("Illegal input [" + target
+                    + "]: extra input");
         }
     }
 
--- a/test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java	Wed Dec 04 10:38:54 2019 +0100
+++ b/test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java	Thu Dec 05 10:36:46 2019 +0800
@@ -22,15 +22,60 @@
  */
 
 import javax.security.auth.kerberos.DelegationPermission;
+import java.util.List;
 
 /*
  * @test
- * @bug 8231196
- * @summary DelegationPermission allows to create an instance that thows NPE on ::equals call
- * @run main/fail DelegationPermissionInit
+ * @bug 8231196 8234267
+ * @summary DelegationPermission input check
  */
 public class DelegationPermissionInit {
-    public static void main(String[] args) {
-        new DelegationPermission("\"user@REALM\"");
+    public static void main(String[] args) throws Exception {
+        var goodOnes = List.of(
+                "\"aaa\" \"bbb\"",
+                "\"aaa\"  \"bbb\""
+        );
+        var badOnes = List.of(
+                "\"user@REALM\"",
+                "\"\"\" \"bbb\"",
+                "\"aaa\" \"\"\"",
+                "\"\"\" \"\"\"",
+                "\"aaa\" \"bbb",
+                "\"\"aaa\"\" \"\"bbb\"\"",
+                "\"aaa\" \"bbb\"\"\"",
+                "\"aaa\"-\"bbb\"",
+                "\"aaa\" - \"bbb\"",
+                "\"aaa\"- \"bbb\"",
+                "\"aaa\" \"bbb\"  ",
+                "aaa\" \"bbb\"  "
+        );
+        boolean failed = false;
+        for (var good : goodOnes) {
+            System.out.println(">>> " + good);
+            try {
+                new DelegationPermission(good);
+            } catch (Exception e) {
+                e.printStackTrace(System.out);
+                System.out.println("Failed");
+                failed = true;
+            }
+        }
+        for (var bad : badOnes) {
+            System.out.println(">>> " + bad);
+            try {
+                new DelegationPermission(bad);
+                System.out.println("Failed");
+                failed = true;
+            } catch (IllegalArgumentException e) {
+                e.printStackTrace(System.out);
+            } catch (Exception e) {
+                e.printStackTrace(System.out);
+                System.out.println("Failed");
+                failed = true;
+            }
+        }
+        if (failed) {
+            throw new Exception("Failed");
+        }
     }
 }
© 2007, Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks