Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
8049520: FileCredentialsCache loads cache once and is never refreshed
Reviewed-by: mullan
  • Loading branch information
wangweij committed Oct 15, 2021
1 parent 172aed1 commit 8e02064
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 8 deletions.
Expand Up @@ -61,7 +61,6 @@ public class Credentials {
HostAddresses cAddr;
AuthorizationData authzData;
private static boolean DEBUG = Krb5.DEBUG;
private static CredentialsCache cache;
static boolean alreadyLoaded = false;
private static boolean alreadyTried = false;

Expand Down Expand Up @@ -416,9 +415,8 @@ public static Credentials acquireTGTFromCache(PrincipalName princ,
public static synchronized Credentials acquireDefaultCreds() {
Credentials result = null;

if (cache == null) {
cache = CredentialsCache.getInstance();
}
CredentialsCache cache = CredentialsCache.getInstance();

if (cache != null) {
Credentials temp = cache.getInitialCreds();
if (temp != null) {
Expand Down Expand Up @@ -505,10 +503,6 @@ public static Credentials acquireS4U2proxyCreds(String service,
service, second, client, ccreds);
}

public CredentialsCache getCache() {
return cache;
}

/*
* Prints out debug info.
*/
Expand Down
65 changes: 65 additions & 0 deletions test/jdk/sun/security/krb5/ccache/Refresh.java
@@ -0,0 +1,65 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8049520
* @summary FileCredentialsCache loads cache once and is never refreshed
* @modules java.security.jgss/sun.security.krb5
* java.security.jgss/sun.security.krb5.internal.ccache:+open
* @library /test/lib
*/
import java.nio.file.Files;
import java.nio.file.Path;

import jdk.test.lib.Asserts;
import jdk.test.lib.process.Proc;
import sun.security.krb5.Credentials;

public class Refresh {
public static void main(String[] args) throws Exception {
if (args.length == 0) {
Proc.create("Refresh")
.args("test")
.env("KRB5CCNAME", "tmpcc")
.inheritIO()
.start()
.waitFor(0);
} else {
Path cache = Path.of(System.getenv("KRB5CCNAME"));
byte[] data = TimeInCCache.ccache.clone();
Files.write(cache, data);
check("dummy@MAXI.LOCAL");
data[0x2A] = data[0x49] = 'f';
Files.write(cache, data);
check("fummy@MAXI.LOCAL");
}
}

static void check(String expected) throws Exception {
var cred = Credentials.acquireTGTFromCache(null, null);
var pn = cred == null ? null : cred.getClient();
var name = pn == null ? null : pn.toString();
Asserts.assertEQ(expected, name);
}
}

1 comment on commit 8e02064

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.