diff options
author | robm <none@none> | 2014-07-17 18:05:58 +0100 |
---|---|---|
committer | robm <none@none> | 2014-07-17 18:05:58 +0100 |
commit | 24f2dc8fa2121cf211e4e26e1f56c928322f773f (patch) | |
tree | 0fd55b96942d23e804c9c2fd505b38f6a7b33717 /src/share/classes/com/sun | |
parent | ddac2db224a9e51a39e146753f2afc6706fc0c9e (diff) | |
parent | b4d3f6ca8053b68fc41e5bf8c2592eb833226f10 (diff) |
Merge
Diffstat (limited to 'src/share/classes/com/sun')
3 files changed, 43 insertions, 191 deletions
diff --git a/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java b/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java index a69c501d2..536e23156 100644 --- a/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java +++ b/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,22 +34,14 @@ import javax.security.auth.Subject; import javax.management.remote.SubjectDelegationPermission; -import com.sun.jmx.remote.util.CacheMap; -import java.util.ArrayList; -import java.util.Collection; +import java.util.*; public class SubjectDelegator { - private static final int PRINCIPALS_CACHE_SIZE = 10; - private static final int ACC_CACHE_SIZE = 10; - - private CacheMap<Subject, Principal[]> principalsCache; - private CacheMap<Subject, AccessControlContext> accCache; - /* Return the AccessControlContext appropriate to execute an operation on behalf of the delegatedSubject. If the authenticatedAccessControlContext does not have permission to delegate to that subject, throw SecurityException. */ - public synchronized AccessControlContext + public AccessControlContext delegatedContext(AccessControlContext authenticatedACC, Subject delegatedSubject, boolean removeCallerContext) @@ -58,56 +50,14 @@ public class SubjectDelegator { if (System.getSecurityManager() != null && authenticatedACC == null) { throw new SecurityException("Illegal AccessControlContext: null"); } - if (principalsCache == null || accCache == null) { - principalsCache = - new CacheMap<>(PRINCIPALS_CACHE_SIZE); - accCache = - new CacheMap<>(ACC_CACHE_SIZE); - } - - // Retrieve the principals for the given - // delegated subject from the cache - // - Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject); - - // Convert the set of principals stored in the - // delegated subject into an array of principals - // and store it in the cache - // - if (delegatedPrincipals == null) { - delegatedPrincipals = - delegatedSubject.getPrincipals().toArray(new Principal[0]); - principalsCache.put(delegatedSubject, delegatedPrincipals); - } - - // Retrieve the access control context for the - // given delegated subject from the cache - // - AccessControlContext delegatedACC = accCache.get(delegatedSubject); - - // Build the access control context to be used - // when executing code as the delegated subject - // and store it in the cache - // - if (delegatedACC == null) { - if (removeCallerContext) { - delegatedACC = - JMXSubjectDomainCombiner.getDomainCombinerContext( - delegatedSubject); - } else { - delegatedACC = - JMXSubjectDomainCombiner.getContext(delegatedSubject); - } - accCache.put(delegatedSubject, delegatedACC); - } // Check if the subject delegation permission allows the // authenticated subject to assume the identity of each // principal in the delegated subject // - final Principal[] dp = delegatedPrincipals; - final Collection<Permission> permissions = new ArrayList<>(dp.length); - for(Principal p : dp) { + Collection<Principal> ps = getSubjectPrincipals(delegatedSubject); + final Collection<Permission> permissions = new ArrayList<>(ps.size()); + for(Principal p : ps) { final String pname = p.getClass().getName() + "." + p.getName(); permissions.add(new SubjectDelegationPermission(pname)); } @@ -122,7 +72,15 @@ public class SubjectDelegator { }; AccessController.doPrivileged(action, authenticatedACC); - return delegatedACC; + return getDelegatedAcc(delegatedSubject, removeCallerContext); + } + + private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) { + if (removeCallerContext) { + return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject); + } else { + return JMXSubjectDomainCombiner.getContext(delegatedSubject); + } } /** @@ -137,11 +95,9 @@ public class SubjectDelegator { public static synchronized boolean checkRemoveCallerContext(Subject subject) { try { - final Principal[] dp = - subject.getPrincipals().toArray(new Principal[0]); - for (int i = 0 ; i < dp.length ; i++) { + for (Principal p : getSubjectPrincipals(subject)) { final String pname = - dp[i].getClass().getName() + "." + dp[i].getName(); + p.getClass().getName() + "." + p.getName(); final Permission sdp = new SubjectDelegationPermission(pname); AccessController.checkPermission(sdp); @@ -151,4 +107,19 @@ public class SubjectDelegator { } return true; } + + /** + * Retrieves the {@linkplain Subject} principals + * @param subject The subject + * @return If the {@code Subject} is immutable it will return the principals directly. + * If the {@code Subject} is mutable it will create an unmodifiable copy. + */ + private static Collection<Principal> getSubjectPrincipals(Subject subject) { + if (subject.isReadOnly()) { + return subject.getPrincipals(); + } + + List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0])); + return Collections.unmodifiableList(principals); + } } diff --git a/src/share/classes/com/sun/jmx/remote/util/CacheMap.java b/src/share/classes/com/sun/jmx/remote/util/CacheMap.java deleted file mode 100644 index ae21d074c..000000000 --- a/src/share/classes/com/sun/jmx/remote/util/CacheMap.java +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.jmx.remote.util; - -import java.lang.ref.SoftReference; -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; -import java.util.WeakHashMap; - -import com.sun.jmx.mbeanserver.Util; - -/** - * <p>Like WeakHashMap, except that the keys of the <em>n</em> most - * recently-accessed entries are kept as {@link SoftReference soft - * references}. Accessing an element means creating it, or retrieving - * it with {@link #get(Object) get}. Because these entries are kept - * with soft references, they will tend to remain even if their keys - * are not referenced elsewhere. But if memory is short, they will - * be removed.</p> - */ -public class CacheMap<K, V> extends WeakHashMap<K, V> { - /** - * <p>Create a <code>CacheMap</code> that can keep up to - * <code>nSoftReferences</code> as soft references.</p> - * - * @param nSoftReferences Maximum number of keys to keep as soft - * references. Access times for {@link #get(Object) get} and - * {@link #put(Object, Object) put} have a component that scales - * linearly with <code>nSoftReferences</code>, so this value - * should not be too great. - * - * @throws IllegalArgumentException if - * <code>nSoftReferences</code> is negative. - */ - public CacheMap(int nSoftReferences) { - if (nSoftReferences < 0) { - throw new IllegalArgumentException("nSoftReferences = " + - nSoftReferences); - } - this.nSoftReferences = nSoftReferences; - } - - public V put(K key, V value) { - cache(key); - return super.put(key, value); - } - - public V get(Object key) { - cache(Util.<K>cast(key)); - return super.get(key); - } - - /* We don't override remove(Object) or try to do something with - the map's iterators to detect removal. So we may keep useless - entries in the soft reference list for keys that have since - been removed. The assumption is that entries are added to the - cache but never removed. But the behavior is not wrong if - they are in fact removed -- the caching is just less - performant. */ - - private void cache(K key) { - Iterator<SoftReference<K>> it = cache.iterator(); - while (it.hasNext()) { - SoftReference<K> sref = it.next(); - K key1 = sref.get(); - if (key1 == null) - it.remove(); - else if (key.equals(key1)) { - // Move this element to the head of the LRU list - it.remove(); - cache.add(0, sref); - return; - } - } - - int size = cache.size(); - if (size == nSoftReferences) { - if (size == 0) - return; // degenerate case, equivalent to WeakHashMap - it.remove(); - } - - cache.add(0, new SoftReference<K>(key)); - } - - /* List of soft references for the most-recently referenced keys. - The list is in most-recently-used order, i.e. the first element - is the most-recently referenced key. There are never more than - nSoftReferences elements of this list. - - If we didn't care about J2SE 1.3 compatibility, we could use - LinkedHashSet in conjunction with a subclass of SoftReference - whose equals and hashCode reflect the referent. */ - private final LinkedList<SoftReference<K>> cache = - new LinkedList<SoftReference<K>>(); - private final int nSoftReferences; -} diff --git a/src/share/classes/com/sun/security/sasl/CramMD5Base.java b/src/share/classes/com/sun/security/sasl/CramMD5Base.java index 5d0309c60..559b0bc50 100644 --- a/src/share/classes/com/sun/security/sasl/CramMD5Base.java +++ b/src/share/classes/com/sun/security/sasl/CramMD5Base.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import javax.security.sasl.Sasl; import java.security.NoSuchAlgorithmException; import java.security.MessageDigest; +import java.util.Arrays; import java.util.logging.Logger; /** @@ -159,7 +160,7 @@ abstract class CramMD5Base { MessageDigest md5 = MessageDigest.getInstance("MD5"); /* digest the key if longer than 64 bytes */ - if (key.length > 64) { + if (key.length > MD5_BLOCKSIZE) { key = md5.digest(key); } @@ -169,13 +170,9 @@ abstract class CramMD5Base { int i; /* store key in pads */ - for (i = 0; i < MD5_BLOCKSIZE; i++) { - for ( ; i < key.length; i++) { - ipad[i] = key[i]; - opad[i] = key[i]; - } - ipad[i] = 0x00; - opad[i] = 0x00; + for (i = 0; i < key.length; i++) { + ipad[i] = key[i]; + opad[i] = key[i]; } /* XOR key with pads */ @@ -207,6 +204,11 @@ abstract class CramMD5Base { } } + Arrays.fill(ipad, (byte)0); + Arrays.fill(opad, (byte)0); + ipad = null; + opad = null; + return (digestString.toString()); } |