8049520: FileCredentialsCache loads cache once and is never refreshed

Reviewed-by: mullan
openjdk · Oct 15, 2021 · 8e02064 · 8e02064 · openjdk-notifier · Oct 15, 2021
1 parent 172aed1
commit 8e02064
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 8 deletions.
diff --git a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
@@ -61,7 +61,6 @@ public class Credentials {
     HostAddresses cAddr;
     AuthorizationData authzData;
     private static boolean DEBUG = Krb5.DEBUG;
-    private static CredentialsCache cache;
     static boolean alreadyLoaded = false;
     private static boolean alreadyTried = false;
 
@@ -416,9 +415,8 @@ public static Credentials acquireTGTFromCache(PrincipalName princ,
     public static synchronized Credentials acquireDefaultCreds() {
         Credentials result = null;
 
-        if (cache == null) {
-            cache = CredentialsCache.getInstance();
-        }
+        CredentialsCache cache = CredentialsCache.getInstance();
+
         if (cache != null) {
             Credentials temp = cache.getInitialCreds();
             if (temp != null) {
@@ -505,10 +503,6 @@ public static Credentials acquireS4U2proxyCreds(String service,
                 service, second, client, ccreds);
     }
 
-    public CredentialsCache getCache() {
-        return cache;
-    }
-
     /*
      * Prints out debug info.
      */

diff --git a/test/jdk/sun/security/krb5/ccache/Refresh.java b/test/jdk/sun/security/krb5/ccache/Refresh.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049520
+ * @summary FileCredentialsCache loads cache once and is never refreshed
+ * @modules java.security.jgss/sun.security.krb5
+ *          java.security.jgss/sun.security.krb5.internal.ccache:+open
+ * @library /test/lib
+ */
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.process.Proc;
+import sun.security.krb5.Credentials;
+
+public class Refresh {
+    public static void main(String[] args) throws Exception {
+        if (args.length == 0) {
+            Proc.create("Refresh")
+                    .args("test")
+                    .env("KRB5CCNAME", "tmpcc")
+                    .inheritIO()
+                    .start()
+                    .waitFor(0);
+        } else {
+            Path cache = Path.of(System.getenv("KRB5CCNAME"));
+            byte[] data = TimeInCCache.ccache.clone();
+            Files.write(cache, data);
+            check("dummy@MAXI.LOCAL");
+            data[0x2A] = data[0x49] = 'f';
+            Files.write(cache, data);
+            check("fummy@MAXI.LOCAL");
+        }
+    }
+
+    static void check(String expected) throws Exception {
+        var cred = Credentials.acquireTGTFromCache(null, null);
+        var pn = cred == null ? null : cred.getClient();
+        var name = pn == null ? null : pn.toString();
+        Asserts.assertEQ(expected, name);
+    }
+}