[8u-dev] Request for Approval for Backport JDK-8075007: Additional tests for krb5-related cipher suites with unbound server
Maxim Soloviev
maxim.soloviev at oracle.com
Mon May 30 12:32:33 UTC 2016
Hello,
could anybody please take a look at a small changes?
Thank in advance,
Maxim
On 05/27/2016 12:27 PM, Maxim Soloviev wrote:
> Hello,
>
> I wold like to mention that even with jdk8 build with integrated fix
> JDK-8154009 the test
> test/sun/security/krb5/auto/UnboundSSL.java
> <http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/76b64929271b/test/sun/security/krb5/auto/UnboundSSL.java>
> will fail with following exception:
> Caused by: java.lang.IllegalArgumentException: EncryptionKey: Key
> bytes cannot be null!
> at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:208)
> at
> sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:186)
> at sun.security.krb5.internal.ktab.KeyTab.addEntry(KeyTab.java:378)
> at KDC.writeKtab(KDC.java:297)
> at KDC.writeKtab(KDC.java:332)
> at UnboundSSLUtils.startKDC(UnboundSSLUtils.java:131)
>
> This occurs because the test is not using the system policy file but
> the test's specified policy file doesn't have permission to load
> SunJCE provider,
> so this is the reason why in following code
>
> encKeys[i] = new EncryptionKey(
> stringToKey(password, salt, null, etypes[i]),
> etypes[i], null);
>
> the method sun.security.krb5.EncryptionKey.stringToKey returns null.
> (http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/1a3de3cdc684/src/share/classes/sun/security/krb5/EncryptionKey.java)
>
>
> It's needed to add permission to the test's policy file to solve the
> issue:
> // permission to use SunJCE provider
> permission java.security.SecurityPermission
> "putProviderProperty.SunJCE";
>
> Please see an updated webrew:
> http://cr.openjdk.java.net/~msolovie/8075007/webrev.01/
>
> Here are the differences:
> http://cr.openjdk.java.net/~msolovie/8075007/webrev.00/raw_files/new/test/sun/security/krb5/auto/unbound.ssl.policy
>
> http://cr.openjdk.java.net/~msolovie/8075007/webrev.01/raw_files/new/test/sun/security/krb5/auto/unbound.ssl.policy
>
>
> Thanks,
> Maxim
>
> On 05/26/2016 12:39 PM, Seán Coffey wrote:
>>
>> Approved on the condition that the only edit needed in backporting
>> was the ProblemList edit.
>>
>> Regards,
>> Sean.
>> On 25/05/2016 18:41, Maxim Soloviev wrote:
>>> Hello,
>>>
>>> please approve the backport of JDK-8075007 from jdk 9 to jdk8u-dev.
>>>
>>> Here is a webrev:
>>> http://cr.openjdk.java.net/~msolovie/8075007/webrev.00/
>>>
>>> Original fix in JDK 9:
>>> https://bugs.openjdk.java.net/browse/JDK-8075007
>>>
>>> Review thread:
>>> http://mail.openjdk.java.net/pipermail/security-dev/2015-April/012021.html
>>>
>>>
>>> JDK 9 changeset:
>>> http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/76b64929271b
>>>
>>> One test fails because of the known jdk issue JDK-8154009
>>> <https://bugs.openjdk.java.net/browse/JDK-8154009> (9-na).
>>> Added it to the ProblemList:
>>>
>>> +# 8154009
>>> +sun/security/krb5/auto/UnboundSSL.java generic-all
>>> +
>>>
>>> Thank you,
>>> Maxim.
>>
>
More information about the jdk8u-dev
mailing list