[8u-dev] Request for Approval for Backport JDK-8075007: Additional tests for krb5-related cipher suites with unbound server
Seán Coffey
sean.coffey at oracle.com
Mon May 30 12:45:52 UTC 2016
thanks for explaining the extra changes required Maxim. Looks good to me.
Regards,
Sean.
On 30/05/16 13:32, Maxim Soloviev wrote:
> Hello,
>
> could anybody please take a look at a small changes?
>
> Thank in advance,
> Maxim
>
> On 05/27/2016 12:27 PM, Maxim Soloviev wrote:
>> Hello,
>>
>> I wold like to mention that even with jdk8 build with integrated fix
>> JDK-8154009 the test
>> test/sun/security/krb5/auto/UnboundSSL.java
>> <http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/76b64929271b/test/sun/security/krb5/auto/UnboundSSL.java>
>> will fail with following exception:
>> Caused by: java.lang.IllegalArgumentException: EncryptionKey: Key
>> bytes cannot be null!
>> at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:208)
>> at
>> sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:186)
>> at sun.security.krb5.internal.ktab.KeyTab.addEntry(KeyTab.java:378)
>> at KDC.writeKtab(KDC.java:297)
>> at KDC.writeKtab(KDC.java:332)
>> at UnboundSSLUtils.startKDC(UnboundSSLUtils.java:131)
>>
>> This occurs because the test is not using the system policy file but
>> the test's specified policy file doesn't have permission to load
>> SunJCE provider,
>> so this is the reason why in following code
>>
>> encKeys[i] = new EncryptionKey(
>> stringToKey(password, salt, null, etypes[i]),
>> etypes[i], null);
>>
>> the method sun.security.krb5.EncryptionKey.stringToKey returns null.
>> (http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/1a3de3cdc684/src/share/classes/sun/security/krb5/EncryptionKey.java)
>>
>>
>> It's needed to add permission to the test's policy file to solve the
>> issue:
>> // permission to use SunJCE provider
>> permission java.security.SecurityPermission
>> "putProviderProperty.SunJCE";
>>
>> Please see an updated webrew:
>> http://cr.openjdk.java.net/~msolovie/8075007/webrev.01/
>>
>> Here are the differences:
>> http://cr.openjdk.java.net/~msolovie/8075007/webrev.00/raw_files/new/test/sun/security/krb5/auto/unbound.ssl.policy
>>
>> http://cr.openjdk.java.net/~msolovie/8075007/webrev.01/raw_files/new/test/sun/security/krb5/auto/unbound.ssl.policy
>>
>>
>> Thanks,
>> Maxim
>>
>> On 05/26/2016 12:39 PM, Seán Coffey wrote:
>>>
>>> Approved on the condition that the only edit needed in backporting
>>> was the ProblemList edit.
>>>
>>> Regards,
>>> Sean.
>>> On 25/05/2016 18:41, Maxim Soloviev wrote:
>>>> Hello,
>>>>
>>>> please approve the backport of JDK-8075007 from jdk 9 to jdk8u-dev.
>>>>
>>>> Here is a webrev:
>>>> http://cr.openjdk.java.net/~msolovie/8075007/webrev.00/
>>>>
>>>> Original fix in JDK 9:
>>>> https://bugs.openjdk.java.net/browse/JDK-8075007
>>>>
>>>> Review thread:
>>>> http://mail.openjdk.java.net/pipermail/security-dev/2015-April/012021.html
>>>>
>>>>
>>>> JDK 9 changeset:
>>>> http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/76b64929271b
>>>>
>>>> One test fails because of the known jdk issue JDK-8154009
>>>> <https://bugs.openjdk.java.net/browse/JDK-8154009> (9-na).
>>>> Added it to the ProblemList:
>>>>
>>>> +# 8154009
>>>> +sun/security/krb5/auto/UnboundSSL.java generic-all
>>>> +
>>>>
>>>> Thank you,
>>>> Maxim.
>>>
>>
>
More information about the jdk8u-dev
mailing list