Skip to content

Commit

Permalink
8303809: Dispose context in SPNEGO NegotiatorImpl
Browse files Browse the repository at this point in the history
Backport-of: 10f16746254ce62031f40ffb0f49f22e81cbe631
  • Loading branch information
Alexey Bakhtin committed May 26, 2023
1 parent 6919ff2 commit 1684377
Show file tree
Hide file tree
Showing 5 changed files with 70 additions and 0 deletions.
Expand Up @@ -528,4 +528,13 @@ private synchronized void writeObject(java.io.ObjectOutputStream s)
s2 = new String (pw.getPassword());
s.defaultWriteObject ();
}

/**
* Releases any system or cryptographic resources.
* It is up to implementors to override disposeContext()
* to take necessary action.
*/
public void disposeContext() {
// do nothing
}
}
Expand Up @@ -2029,6 +2029,12 @@ private InputStream getInputStream0() throws IOException {
if (serverAuthKey != null) {
AuthenticationInfo.endAuthRequest(serverAuthKey);
}
if (proxyAuthentication != null) {
proxyAuthentication.disposeContext();
}
if (serverAuthentication != null) {
serverAuthentication.disposeContext();
}
}
}

Expand Down Expand Up @@ -2274,6 +2280,9 @@ private void doTunneling0() throws IOException {
if (proxyAuthKey != null) {
AuthenticationInfo.endAuthRequest(proxyAuthKey);
}
if (proxyAuthentication != null) {
proxyAuthentication.disposeContext();
}
}

// restore original request headers
Expand Down Expand Up @@ -2525,6 +2534,7 @@ public InetAddress run()
}
if (ret != null) {
if (!ret.setHeaders(this, p, raw)) {
ret.disposeContext();
ret = null;
}
}
Expand Down Expand Up @@ -2699,6 +2709,7 @@ private AuthenticationInfo getServerAuthentication(AuthenticationHeader authhdr)

if (ret != null ) {
if (!ret.setHeaders(this, p, raw)) {
ret.disposeContext();
ret = null;
}
}
Expand All @@ -2725,6 +2736,7 @@ private void checkResponseCredentials (boolean inClose) throws IOException {
DigestAuthentication da = (DigestAuthentication)
currentProxyCredentials;
da.checkResponse (raw, method, getRequestURI());
currentProxyCredentials.disposeContext();
currentProxyCredentials = null;
}
}
Expand All @@ -2735,6 +2747,7 @@ private void checkResponseCredentials (boolean inClose) throws IOException {
DigestAuthentication da = (DigestAuthentication)
currentServerCredentials;
da.checkResponse (raw, method, url);
currentServerCredentials.disposeContext();
currentServerCredentials = null;
}
}
Expand Down
Expand Up @@ -245,6 +245,22 @@ private byte[] nextToken(byte[] token) throws IOException {
return negotiator.nextToken(token);
}

/**
* Releases any system resources and cryptographic information stored in
* the context object and invalidates the context.
*/
@Override
public void disposeContext() {
if (negotiator != null) {
try {
negotiator.disposeContext();
} catch (IOException ioEx) {
//do not rethrow IOException
}
negotiator = null;
}
}

// MS will send a final WWW-Authenticate even if the status is already
// 200 OK. The token can be fed into initSecContext() again to determine
// if the server can be trusted. This is not the same concept as Digest's
Expand Down
Expand Up @@ -82,5 +82,7 @@ private static void finest(Exception e) {
logger.finest("NegotiateAuthentication: " + e);
}
}

public void disposeContext() throws IOException { };
}

Expand Up @@ -127,6 +127,11 @@ public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
"fallback to other scheme if allowed. Reason:");
e.printStackTrace();
}
try {
disposeContext();
} catch (Exception ex) {
//dispose context silently
}
IOException ioe = new IOException("Negotiate support not initiated");
ioe.initCause(e);
throw ioe;
Expand All @@ -151,6 +156,9 @@ public byte[] firstToken() {
@Override
public byte[] nextToken(byte[] token) throws IOException {
try {
if (context == null) {
throw new IOException("Negotiate support cannot continue. Context is invalidated");
}
return context.initSecContext(token, 0, token.length);
} catch (GSSException e) {
if (DEBUG) {
Expand All @@ -162,4 +170,26 @@ public byte[] nextToken(byte[] token) throws IOException {
throw ioe;
}
}

/**
* Releases any system resources and cryptographic information stored in
* the context object and invalidates the context.
*
* @throws IOException containing a reason of failure in the cause
*/
@Override
public void disposeContext() throws IOException {
try {
if (context != null) {
context.dispose();
}
} catch (GSSException e) {
if (DEBUG) {
System.out.println("Cannot release resources. Reason:");
e.printStackTrace();
}
throw new IOException("Cannot release resources", e);
};
context = null;
}
}

1 comment on commit 1684377

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.