8304264: Debug messages always show up for NativeGSS

Reviewed-by: mullan
openjdk · Mar 15, 2023 · be08a25 · be08a25 · openjdk-notifier · Mar 15, 2023
1 parent 1ae69e3
commit be08a25
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 32 deletions.
diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -105,7 +105,9 @@ static GSSLibStub getInstance(Oid mech) throws GSSException {
         return s;
     }
     private GSSLibStub(Oid mech) throws GSSException {
-        SunNativeProvider.debug("Created GSSLibStub for mech " + mech);
+        if (SunNativeProvider.DEBUG) {
+            SunNativeProvider.debug("Created GSSLibStub for mech " + mech);
+        }
         this.mech = mech;
         this.pMech = getMechPtr(mech.getDER());
     }

diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -73,21 +73,27 @@ private static Oid getNativeNameType(Oid nameType, GSSLibStub stub) {
                         supportedNTs = stub.inquireNamesForMech();
                     } catch (GSSException ge2) {
                         // Should never happen
-                        SunNativeProvider.debug("Name type list unavailable: " +
-                            ge2.getMajorString());
+                        if (SunNativeProvider.DEBUG) {
+                            SunNativeProvider.debug("Name type list unavailable: " +
+                                    ge2.getMajorString());
+                        }
                     }
                 } else {
-                    SunNativeProvider.debug("Name type list unavailable: " +
-                        ge.getMajorString());
+                    if (SunNativeProvider.DEBUG) {
+                        SunNativeProvider.debug("Name type list unavailable: " +
+                                ge.getMajorString());
+                    }
                 }
             }
             if (supportedNTs != null) {
                 for (int i = 0; i < supportedNTs.length; i++) {
                     if (supportedNTs[i].equals(nameType)) return nameType;
                 }
                 // Special handling the specified name type
-                SunNativeProvider.debug("Override " + nameType +
-                    " with mechanism default(null)");
+                if (SunNativeProvider.DEBUG) {
+                    SunNativeProvider.debug("Override " + nameType +
+                            " with mechanism default(null)");
+                }
                 return null; // Use mechanism specific default
             }
         }
@@ -185,8 +191,10 @@ && new String(nameBytes).endsWith(atRealm)) {
             }
         }
 
-        SunNativeProvider.debug("Imported " + printableName + " w/ type " +
-                                printableType);
+        if (SunNativeProvider.DEBUG) {
+            SunNativeProvider.debug("Imported " + printableName + " w/ type " +
+                    printableType);
+        }
     }
 
     private void setPrintables() throws GSSException {
@@ -211,7 +219,9 @@ public String getKrbName() throws GSSException {
         mName = stub.canonicalizeName(pName);
         Object[] printables2 = stub.displayName(mName);
         stub.releaseName(mName);
-        SunNativeProvider.debug("Got kerberized name: " + printables2[0]);
+        if (SunNativeProvider.DEBUG) {
+            SunNativeProvider.debug("Got kerberized name: " + printables2[0]);
+        }
         return (String) printables2[0];
     }
 

diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/Krb5Util.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/Krb5Util.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,8 +53,10 @@ static void checkServicePermission(String target, String action) {
         @SuppressWarnings("removal")
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            SunNativeProvider.debug("Checking ServicePermission(" +
-                                    target + ", " + action + ")");
+            if (SunNativeProvider.DEBUG) {
+                SunNativeProvider.debug("Checking ServicePermission(" +
+                        target + ", " + action + ")");
+            }
             ServicePermission perm =
                 new ServicePermission(target, action);
             sm.checkPermission(perm);

diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -148,8 +148,10 @@ private void doDelegPermCheck() throws GSSException {
             String tgsStr = Krb5Util.getTGSName(targetName);
             String krbPrincPair = "\"" + targetStr + "\" \"" +
                     tgsStr + '\"';
-            SunNativeProvider.debug("Checking DelegationPermission (" +
-                                    krbPrincPair + ")");
+            if (SunNativeProvider.DEBUG) {
+                SunNativeProvider.debug("Checking DelegationPermission (" +
+                        krbPrincPair + ")");
+            }
             DelegationPermission perm =
                 new DelegationPermission(krbPrincPair);
             sm.checkPermission(perm);
@@ -163,8 +165,10 @@ private byte[] retrieveToken(InputStream is, int mechTokenLen)
             byte[] result;
             if (mechTokenLen != -1) {
                 // Need to add back the GSS header for a complete GSS token
-                SunNativeProvider.debug("Precomputed mechToken length: " +
-                                         mechTokenLen);
+                if (SunNativeProvider.DEBUG) {
+                    SunNativeProvider.debug("Precomputed mechToken length: " +
+                            mechTokenLen);
+                }
                 GSSHeader gssHeader = new GSSHeader
                     (ObjectIdentifier.of(cStub.getMech().toString()),
                      mechTokenLen);
@@ -182,8 +186,10 @@ private byte[] retrieveToken(InputStream is, int mechTokenLen)
                 DerValue dv = new DerValue(is);
                 result = dv.toByteArray();
             }
-            SunNativeProvider.debug("Complete Token length: " +
-                                    result.length);
+            if (SunNativeProvider.DEBUG) {
+                SunNativeProvider.debug("Complete Token length: " +
+                        result.length);
+            }
             return result;
         } catch (IOException ioe) {
             throw new GSSExceptionImpl(GSSException.FAILURE, ioe);
@@ -273,8 +279,10 @@ public byte[] initSecContext(InputStream is, int mechTokenLen)
             // Ignore the specified input stream on the first call
             if (pContext != 0) {
                 inToken = retrieveToken(is, mechTokenLen);
-                SunNativeProvider.debug("initSecContext=> inToken len=" +
-                    inToken.length);
+                if (SunNativeProvider.DEBUG) {
+                    SunNativeProvider.debug("initSecContext=> inToken len=" +
+                            inToken.length);
+                }
             }
 
             if (!getCredDelegState()) skipDelegPermCheck = true;
@@ -286,8 +294,10 @@ public byte[] initSecContext(InputStream is, int mechTokenLen)
             long pCred = (cred == null? 0 : cred.pCred);
             outToken = cStub.initContext(pCred, targetName.pName,
                                          cb, inToken, this);
-            SunNativeProvider.debug("initSecContext=> outToken len=" +
-                (outToken == null ? 0 : outToken.length));
+            if (SunNativeProvider.DEBUG) {
+                SunNativeProvider.debug("initSecContext=> outToken len=" +
+                        (outToken == null ? 0 : outToken.length));
+            }
 
             // Only inspect the token when the permission check
             // has not been performed
@@ -321,13 +331,17 @@ public byte[] acceptSecContext(InputStream is, int mechTokenLen)
         byte[] outToken = null;
         if ((!isEstablished) && (!isInitiator)) {
             byte[] inToken = retrieveToken(is, mechTokenLen);
-            SunNativeProvider.debug("acceptSecContext=> inToken len=" +
-                                    inToken.length);
+            if (SunNativeProvider.DEBUG) {
+                SunNativeProvider.debug("acceptSecContext=> inToken len=" +
+                        inToken.length);
+            }
             long pCred = (cred == null? 0 : cred.pCred);
             outToken = cStub.acceptContext(pCred, cb, inToken, this);
             disposeDelegatedCred = delegatedCred;
-            SunNativeProvider.debug("acceptSecContext=> outToken len=" +
-                                    (outToken == null? 0 : outToken.length));
+            if (SunNativeProvider.DEBUG) {
+                SunNativeProvider.debug("acceptSecContext=> outToken len=" +
+                        (outToken == null ? 0 : outToken.length));
+            }
 
             if (targetName == null) {
                 targetName = new GSSNameElement

diff --git a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,7 +54,8 @@ public final class SunNativeProvider extends Provider {
     private static final String INFO = "Sun Native GSS provider";
     private static final String MF_CLASS =
         "sun.security.jgss.wrapper.NativeGSSFactory";
-    private static final boolean DEBUG =
+
+    static final boolean DEBUG =
         GetBooleanAction.privilegedGetProperty("sun.security.nativegss.debug");
 
     static void debug(String message) {