8228659: Record which Java methods are called by native codes in JGSS and JAAS

Reviewed-by: mullan

Author: wangweij

src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c

@@ -43,7 +43,6 @@
  * Statics for this module
  */
 
-static jclass derValueClass = NULL;
 static jclass ticketClass = NULL;
 static jclass principalNameClass = NULL;
 static jclass encryptionKeyClass = NULL;
@@ -54,7 +53,6 @@ static jclass javaLangIntegerClass = NULL;
 static jclass hostAddressClass = NULL;
 static jclass hostAddressesClass = NULL;
 
-static jmethodID derValueConstructor = 0;
 static jmethodID ticketConstructor = 0;
 static jmethodID principalNameConstructor = 0;
 static jmethodID encryptionKeyConstructor = 0;
@@ -108,9 +106,6 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved)
     principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName");
     if (principalNameClass == NULL) return JNI_ERR;
 
-    derValueClass = FindClass(env, "sun/security/util/DerValue");
-    if (derValueClass == NULL) return JNI_ERR;
-
     encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey");
     if (encryptionKeyClass == NULL) return JNI_ERR;
 
@@ -132,13 +127,7 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved)
     hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses");
     if (hostAddressesClass == NULL) return JNI_ERR;
 
-    derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V");
-    if (derValueConstructor == 0) {
-        printf("Couldn't find DerValue constructor\n");
-        return JNI_ERR;
-    }
-
-    ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V");
+    ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
     if (ticketConstructor == 0) {
         printf("Couldn't find Ticket constructor\n");
         return JNI_ERR;
@@ -204,9 +193,6 @@ JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *jvm, void *reserved)
     if (ticketClass != NULL) {
         (*env)->DeleteWeakGlobalRef(env,ticketClass);
     }
-    if (derValueClass != NULL) {
-        (*env)->DeleteWeakGlobalRef(env,derValueClass);
-    }
     if (principalNameClass != NULL) {
         (*env)->DeleteWeakGlobalRef(env,principalNameClass);
     }
@@ -421,11 +407,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
 
 jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket)
 {
-    /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
-    * But before we can do that, we need to make a byte array out of the ET.
-    */
+    // To build a Ticket, we need to make a byte array out of the EncodedTicket.
 
-    jobject derValue, ticket;
+    jobject ticket;
     jbyteArray ary;
 
     ary = (*env)->NewByteArray(env, encodedTicket->length);
@@ -439,19 +423,12 @@ jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket)
         return (jobject) NULL;
     }
 
-    derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
+    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, ary);
     if ((*env)->ExceptionCheck(env)) {
         (*env)->DeleteLocalRef(env, ary);
         return (jobject) NULL;
     }
-
     (*env)->DeleteLocalRef(env, ary);
-    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
-    if ((*env)->ExceptionCheck(env)) {
-        (*env)->DeleteLocalRef(env, derValue);
-        return (jobject) NULL;
-    }
-    (*env)->DeleteLocalRef(env, derValue);
     return ticket;
 }
 

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@ void doServicePermCheck() throws GSSException {
     }
 
     // Construct delegation cred using the actual context mech and srcName
+    // Warning: called by NativeUtil.c
     GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)
         throws GSSException {
         pCred = pCredentials;

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSLibStub.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,7 @@
 class GSSLibStub {
 
     private Oid mech;
-    private long pMech;
+    private long pMech; // Warning: used by NativeUtil.c
 
     /**
      * Initialization routine to dynamically load function pointers.

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -97,6 +97,7 @@ private GSSNameElement() {
         printableName = "<DEFAULT ACCEPTOR>";
     }
 
+    // Warning: called by NativeUtil.c
     GSSNameElement(long pNativeName, GSSLibStub stub) throws GSSException {
         assert(stub != null);
         if (pNativeName == 0) {

src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,20 +59,22 @@ class NativeGSSContext implements GSSContextSpi {
 
     private static final int NUM_OF_INQUIRE_VALUES = 6;
 
+    // Warning: The following 9 fields are used by NativeUtil.c
     private long pContext = 0; // Pointer to the gss_ctx_id_t structure
     private GSSNameElement srcName;
     private GSSNameElement targetName;
-    private GSSCredElement cred;
-    private GSSCredElement disposeCred;
     private boolean isInitiator;
     private boolean isEstablished;
+    private GSSCredElement delegatedCred;
+    private int flags;
+    private int lifetime = GSSCredential.DEFAULT_LIFETIME;
     private Oid actualMech; // Assigned during context establishment
 
+    private GSSCredElement cred;
+    private GSSCredElement disposeCred;
+
     private ChannelBinding cb;
-    private GSSCredElement delegatedCred;
     private GSSCredElement disposeDelegatedCred;
-    private int flags;
-    private int lifetime = GSSCredential.DEFAULT_LIFETIME;
     private final GSSLibStub cStub;
 
     private boolean skipDelegPermCheck;
@@ -231,6 +233,7 @@ private byte[] retrieveToken(InputStream is, int mechTokenLen)
     }
 
     // Constructor for imported context
+    // Warning: called by NativeUtil.c
     NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
         assert(pContext != 0);
         pContext = pCtxt;

src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java

@@ -88,6 +88,7 @@ public Credentials(Ticket new_ticket,
         this.authzData = authzData;
     }
 
+    // Warning: called by NativeCreds.c and nativeccache.c
     public Credentials(Ticket new_ticket,
                        PrincipalName new_client,
                        PrincipalName new_client_alias,

src/java.security.jgss/share/classes/sun/security/krb5/EncryptionKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -218,8 +218,8 @@ public EncryptionKey(byte[] keyValue,
      * credential cache file.
      *
      */
-     // Used in JSSE (KerberosWrapper), Credentials,
-     // javax.security.auth.kerberos.KeyImpl
+    // Used in Credentials, and javax.security.auth.kerberos.KeyImpl
+    // Warning: called by NativeCreds.c and nativeccache.c
     public EncryptionKey(int keyType,
                          byte[] keyValue) {
         this(keyValue, keyType, null);

src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java

@@ -158,7 +158,7 @@ public PrincipalName(int nameType, String[] nameStrings, Realm nameRealm) {
         this.realmDeduced = false;
     }
 
-    // This method is called by Windows NativeCred.c
+    // Warning: called by NativeCreds.c
     public PrincipalName(String[] nameParts, String realm) throws RealmException {
         this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
     }
@@ -484,6 +484,7 @@ public PrincipalName(String name, int type, String realm)
         }
     }
 
+    // Warning: called by nativeccache.c
     public PrincipalName(String name, int type) throws RealmException {
         this(name, type, (String)null);
     }

src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -165,6 +165,8 @@ public HostAddress() throws UnknownHostException {
     /**
      * Creates a HostAddress from the specified address and address type.
      *
+     * Warning: called by nativeccache.c.
+     *
      * @param new_addrType the value of the address type which matches the defined
      *                       address family constants in the Berkeley Standard
      *                       Distributions of Unix.

src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,6 +68,7 @@ public class HostAddresses implements Cloneable {
     private HostAddress[] addresses = null;
     private volatile int hashCode = 0;
 
+    // Warning: called by nativeccache.c
     public HostAddresses(HostAddress[] new_addresses) throws IOException {
         if (new_addresses != null) {
            addresses = new HostAddress[new_addresses.length];