Skip to content

Commit

Permalink
8303809: Dispose context in SPNEGO NegotiatorImpl
Browse files Browse the repository at this point in the history
Reviewed-by: dfuchs, weijun
  • Loading branch information
Alexey Bakhtin committed Mar 14, 2023
1 parent 9f9ab02 commit 10f1674
Show file tree
Hide file tree
Showing 5 changed files with 70 additions and 0 deletions.
Expand Up @@ -519,4 +519,13 @@ private synchronized void writeObject(java.io.ObjectOutputStream s)
s2 = new String (pw.getPassword());
s.defaultWriteObject ();
}

/**
* Releases any system or cryptographic resources.
* It is up to implementors to override disposeContext()
* to take necessary action.
*/
public void disposeContext() {
// do nothing
}
}
Expand Up @@ -2009,6 +2009,12 @@ private InputStream getInputStream0() throws IOException {
if (serverAuthKey != null) {
AuthenticationInfo.endAuthRequest(serverAuthKey);
}
if (proxyAuthentication != null) {
proxyAuthentication.disposeContext();
}
if (serverAuthentication != null) {
serverAuthentication.disposeContext();
}
}
}

Expand Down Expand Up @@ -2252,6 +2258,9 @@ private void doTunneling0() throws IOException {
if (proxyAuthKey != null) {
AuthenticationInfo.endAuthRequest(proxyAuthKey);
}
if (proxyAuthentication != null) {
proxyAuthentication.disposeContext();
}
}

// restore original request headers
Expand Down Expand Up @@ -2502,6 +2511,7 @@ public InetAddress run()
}
if (ret != null) {
if (!ret.setHeaders(this, p, raw)) {
ret.disposeContext();
ret = null;
}
}
Expand Down Expand Up @@ -2674,6 +2684,7 @@ private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr)

if (ret != null ) {
if (!ret.setHeaders(this, p, raw)) {
ret.disposeContext();
ret = null;
}
}
Expand All @@ -2700,6 +2711,7 @@ private void checkResponseCredentials (boolean inClose) throws IOException {
DigestAuthentication da = (DigestAuthentication)
currentProxyCredentials;
da.checkResponse (raw, method, getRequestURI());
currentProxyCredentials.disposeContext();
currentProxyCredentials = null;
}
}
Expand All @@ -2710,6 +2722,7 @@ private void checkResponseCredentials (boolean inClose) throws IOException {
DigestAuthentication da = (DigestAuthentication)
currentServerCredentials;
da.checkResponse (raw, method, url);
currentServerCredentials.disposeContext();
currentServerCredentials = null;
}
}
Expand Down
Expand Up @@ -242,6 +242,22 @@ private byte[] nextToken(byte[] token) throws IOException {
return negotiator.nextToken(token);
}

/**
* Releases any system resources and cryptographic information stored in
* the context object and invalidates the context.
*/
@Override
public void disposeContext() {
if (negotiator != null) {
try {
negotiator.disposeContext();
} catch (IOException ioEx) {
//do not rethrow IOException
}
negotiator = null;
}
}

// MS will send a final WWW-Authenticate even if the status is already
// 200 OK. The token can be fed into initSecContext() again to determine
// if the server can be trusted. This is not the same concept as Digest's
Expand Down
Expand Up @@ -82,5 +82,7 @@ private static void finest(Exception e) {
logger.finest("NegotiateAuthentication: " + e);
}
}

public void disposeContext() throws IOException { };
}

Expand Up @@ -127,6 +127,11 @@ public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
try {
disposeContext();
} catch (Exception ex) {
//dispose context silently
}
throw new IOException("Negotiate support not initiated", e);
}
}
Expand All @@ -149,6 +154,9 @@ public byte[] firstToken() {
@Override
public byte[] nextToken(byte[] token) throws IOException {
try {
if (context == null) {
throw new IOException("Negotiate support cannot continue. Context is invalidated");
}
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
Expand All @@ -158,4 +166,26 @@ public byte[] nextToken(byte[] token) throws IOException {
throw new IOException("Negotiate support cannot continue", e);
}
}

/**
* Releases any system resources and cryptographic information stored in
* the context object and invalidates the context.
*
* @throws IOException containing a reason of failure in the cause
*/
@Override
public void disposeContext() throws IOException {
try {
if (context != null) {
context.dispose();
}
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Cannot release resources. Reason:");
e.printStackTrace();
}
throw new IOException("Cannot release resources", e);
};
context = null;
}
}

1 comment on commit 10f1674

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.