Skip to content

Commit

Permalink
8303809: Dispose context in SPNEGO NegotiatorImpl
Browse files Browse the repository at this point in the history
Backport-of: 10f16746254ce62031f40ffb0f49f22e81cbe631
  • Loading branch information
Alexey Bakhtin committed May 31, 2023
1 parent b2faa35 commit 4267a37
Show file tree
Hide file tree
Showing 5 changed files with 70 additions and 0 deletions.
Expand Up @@ -517,4 +517,13 @@ private synchronized void writeObject(java.io.ObjectOutputStream s)
s2 = new String (pw.getPassword());
s.defaultWriteObject ();
}

/**
* Releases any system or cryptographic resources.
* It is up to implementors to override disposeContext()
* to take necessary action.
*/
public void disposeContext() {
// do nothing
}
}
Expand Up @@ -1953,6 +1953,12 @@ private synchronized InputStream getInputStream0() throws IOException {
if (serverAuthKey != null) {
AuthenticationInfo.endAuthRequest(serverAuthKey);
}
if (proxyAuthentication != null) {
proxyAuthentication.disposeContext();
}
if (serverAuthentication != null) {
serverAuthentication.disposeContext();
}
}
}

Expand Down Expand Up @@ -2182,6 +2188,9 @@ public synchronized void doTunneling() throws IOException {
if (proxyAuthKey != null) {
AuthenticationInfo.endAuthRequest(proxyAuthKey);
}
if (proxyAuthentication != null) {
proxyAuthentication.disposeContext();
}
}

// restore original request headers
Expand Down Expand Up @@ -2428,6 +2437,7 @@ public InetAddress run()
}
if (ret != null) {
if (!ret.setHeaders(this, p, raw)) {
ret.disposeContext();
ret = null;
}
}
Expand Down Expand Up @@ -2596,6 +2606,7 @@ private AuthenticationInfo getServerAuthentication (AuthenticationHeader authhdr

if (ret != null ) {
if (!ret.setHeaders(this, p, raw)) {
ret.disposeContext();
ret = null;
}
}
Expand All @@ -2622,6 +2633,7 @@ private void checkResponseCredentials (boolean inClose) throws IOException {
DigestAuthentication da = (DigestAuthentication)
currentProxyCredentials;
da.checkResponse (raw, method, getRequestURI());
currentProxyCredentials.disposeContext();
currentProxyCredentials = null;
}
}
Expand All @@ -2632,6 +2644,7 @@ private void checkResponseCredentials (boolean inClose) throws IOException {
DigestAuthentication da = (DigestAuthentication)
currentServerCredentials;
da.checkResponse (raw, method, url);
currentServerCredentials.disposeContext();
currentServerCredentials = null;
}
}
Expand Down
Expand Up @@ -225,6 +225,22 @@ private byte[] nextToken(byte[] token) throws IOException {
return negotiator.nextToken(token);
}

/**
* Releases any system resources and cryptographic information stored in
* the context object and invalidates the context.
*/
@Override
public void disposeContext() {
if (negotiator != null) {
try {
negotiator.disposeContext();
} catch (IOException ioEx) {
//do not rethrow IOException
}
negotiator = null;
}
}

// MS will send a final WWW-Authenticate even if the status is already
// 200 OK. The token can be fed into initSecContext() again to determine
// if the server can be trusted. This is not the same concept as Digest's
Expand Down
Expand Up @@ -82,5 +82,7 @@ private static void finest(Exception e) {
logger.finest("NegotiateAuthentication: " + e);
}
}

public void disposeContext() throws IOException { };
}

Expand Up @@ -132,6 +132,11 @@ public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
try {
disposeContext();
} catch (Exception ex) {
//dispose context silently
}
IOException ioe = new IOException("Negotiate support not initiated");
ioe.initCause(e);
throw ioe;
Expand All @@ -156,6 +161,9 @@ public byte[] firstToken() {
@Override
public byte[] nextToken(byte[] token) throws IOException {
try {
if (context == null) {
throw new IOException("Negotiate support cannot continue. Context is invalidated");
}
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
Expand All @@ -167,4 +175,26 @@ public byte[] nextToken(byte[] token) throws IOException {
throw ioe;
}
}

/**
* Releases any system resources and cryptographic information stored in
* the context object and invalidates the context.
*
* @throws IOException containing a reason of failure in the cause
*/
@Override
public void disposeContext() throws IOException {
try {
if (context != null) {
context.dispose();
}
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Cannot release resources. Reason:");
e.printStackTrace();
}
throw new IOException("Cannot release resources", e);
};
context = null;
}
}

1 comment on commit 4267a37

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.