[8u-dev] Request for Approval for Backport JDK-8075007: Additional tests for krb5-related cipher suites with unbound server

Maxim Soloviev maxim.soloviev at oracle.com
Fri May 27 09:27:08 UTC 2016 

Hello,

I wold like to mention that even with jdk8 build with integrated fix 
JDK-8154009 the test
test/sun/security/krb5/auto/UnboundSSL.java 
<http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/76b64929271b/test/sun/security/krb5/auto/UnboundSSL.java>
will fail with following exception:
Caused by: java.lang.IllegalArgumentException: EncryptionKey: Key bytes 
cannot be null!
     at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:208)
     at 
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:186)
     at sun.security.krb5.internal.ktab.KeyTab.addEntry(KeyTab.java:378)
     at KDC.writeKtab(KDC.java:297)
     at KDC.writeKtab(KDC.java:332)
     at UnboundSSLUtils.startKDC(UnboundSSLUtils.java:131)

This occurs because the test is not using the system policy file but
the test's specified policy file doesn't have permission to load SunJCE 
provider,
so this is the reason why in following code

encKeys[i] = new EncryptionKey(
stringToKey(password, salt, null, etypes[i]),
etypes[i], null);

the method sun.security.krb5.EncryptionKey.stringToKey returns null.
(http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/1a3de3cdc684/src/share/classes/sun/security/krb5/EncryptionKey.java)

It's needed to add permission to the test's policy file to solve the issue:
     // permission to use SunJCE provider
     permission java.security.SecurityPermission 
"putProviderProperty.SunJCE";

Please see an updated webrew:
http://cr.openjdk.java.net/~msolovie/8075007/webrev.01/

Here are the differences:
http://cr.openjdk.java.net/~msolovie/8075007/webrev.00/raw_files/new/test/sun/security/krb5/auto/unbound.ssl.policy
http://cr.openjdk.java.net/~msolovie/8075007/webrev.01/raw_files/new/test/sun/security/krb5/auto/unbound.ssl.policy

Thanks,
Maxim

On 05/26/2016 12:39 PM, Seán Coffey wrote:
>
> Approved on the condition that the only edit needed in backporting was 
> the ProblemList edit.
>
> Regards,
> Sean.
> On 25/05/2016 18:41, Maxim Soloviev wrote:
>> Hello,
>>
>> please approve the backport of JDK-8075007 from jdk 9 to jdk8u-dev.
>>
>> Here is a webrev:
>> http://cr.openjdk.java.net/~msolovie/8075007/webrev.00/
>>
>> Original fix in JDK 9:
>> https://bugs.openjdk.java.net/browse/JDK-8075007
>>
>> Review thread:
>> http://mail.openjdk.java.net/pipermail/security-dev/2015-April/012021.html 
>>
>>
>> JDK 9 changeset:
>> http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/76b64929271b
>>
>> One test fails because of the known jdk issue JDK-8154009 
>> <https://bugs.openjdk.java.net/browse/JDK-8154009> (9-na).
>> Added it to the ProblemList:
>>
>> +# 8154009
>> +sun/security/krb5/auto/UnboundSSL.java generic-all
>> +
>>
>> Thank you,
>> Maxim.
>

More information about the jdk8u-dev mailing list