RFR: 8279842: HTTPS Channel Binding support for Java GSS/Kerberos [v12]

Michael McMahon michaelm at openjdk.java.net
Thu Jan 27 18:05:25 UTC 2022 

> Hi,
> 
> This change adds Channel Binding Token (CBT) support to HTTPS (java.net.HttpsURLConnection) when used with the Negotiate (SPNEGO, Kerberos) authentication scheme. When enabled, the implementation preemptively includes a CBT with authentication requests over Kerberos. The feature is enabled as follows:
> 
> A system property "jdk.spnego.cbt" is defined which can have the values "never" (default), which means the feature is disabled, "always", which means the CBT is included for all https Negotiate authentications, or it can take the form "domain:a,b.c,*.d.com" which is a comma separated list of domains/hosts where the feature is enabled, and disabled everywhere else. In the given example, the CBT would be included in authentication requests for hosts "a", "b.c" and all hosts under the domain "d.com" and all of its sub-domains.
> 
> A test will be added separately to the implementation.
> 
> Bug report: https://bugs.openjdk.java.net/browse/JDK-8279842
> 
> Thanks,
> Michael

Michael McMahon has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision:

 - test update
 - Merge branch 'master' into spnego
 - test update
 - removed ^M from test
 - Added unit test and comment update
 - final review update (pre CSR)
 - more updates
 - fixed failing test issue and update for latest comments
 - Merge branch 'master' into spnego
 - added root cause to NamingException
 - ... and 5 more: https://git.openjdk.java.net/jdk/compare/35ce454c...59f703da

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7065/files
  - new: https://git.openjdk.java.net/jdk/pull/7065/files/d604ee7f..59f703da

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7065&range=11
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7065&range=10-11

  Stats: 4735 lines in 368 files changed: 2835 ins; 809 del; 1091 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7065.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7065/head:pull/7065

PR: https://git.openjdk.java.net/jdk/pull/7065

More information about the core-libs-dev mailing list