Code review request 8023230, The impl of KerberosClientKeyExchange maybe not exist

Xuelei Fan xuelei.fan at oracle.com
Tue Aug 20 01:44:38 UTC 2013


On 8/20/2013 9:37 AM, Weijun Wang wrote:
> Looks fine now.
> 
> Or maybe you can just remove KerberosClientKeyExchange()? I remember an
> empty public constrictor is equivalent to no constructor. Of course you
> made it protected so it's a little different.
> 
> When I ask if you saw a failure, I had two different questions:
> 
> 1. Is the code change necessary? i.e. if there is no impl at all, can a
> program go as far as this way to this class?
> 
It's a public internal class.  It's a little better to restrict the
usage of this constructor.

> 2. Is the code change sufficient? i.e. is there other places we need to
> take care of?
> 
No similar issue found on other krb5/ssl impl.

Thanks,
Xuelei

> --Max
> 
> On 8/20/13 9:24 AM, Xuelei Fan wrote:
>> new webrev: http://cr.openjdk.java.net/~xuelei/8023230/webrev.01/
>>
>> On 8/19/2013 9:53 PM, Weijun Wang wrote:
>>> Only one change I don't understand:
>>>
>>>    73     public KerberosClientKeyExchange() {
>>>    74         if (impl == null) {
>>>    75             throw new IllegalStateException("Kerberos is
>>> unavailable");
>>>    76         }
>>>    77     }
>>>
>>> It seems this constructor will be automatically called when constructing
>>> an instance of its child class -- KerberosClientKeyExchangeImpl. Isn't
>>> that impl itself? There seems to be a chicken-or-egg puzzle here.
>>>
>> Good catch.  It's a weird link between KerberosClientKeyExchangeImpl and
>> KerberosClientKeyExchange.
>>
>> Then I would like to restrict the use of this constructor, and declare
>> it as protected.   See above webrev.
>>
>>> Also, did you really spot a failure when KerberosClientKeyExchangeImpl
>>> does not exist?
>>>
>> Not really.  But that's the purpose of existence of
>> KerberosClientKeyExchangeImpl.  Krb5 implementation should be able to be
>> removed from jsse.jar.
>>
>> Thanks,
>> Xuelei
>>
>>> Thanks
>>> Max
>>>
>>>
>>> On 8/19/13 8:49 PM, Xuelei Fan wrote:
>>>> Hi Weijun,
>>>>
>>>> Please review this update when you are available.
>>>>
>>>> webrev: http://cr.openjdk.java.net/~xuelei/8023230/webrev.00/
>>>>
>>>> If package sun.security.ssl.krb5 does not exist, the impl of
>>>> KerberosClientKeyExchange (krb5.KerberosClientKeyExchangeImpl) will not
>>>> present as well. Need to consider this case in the implementation of
>>>> sun.security.ssl.KerberosClientKeyExchange.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>




More information about the security-dev mailing list