File _service:tar_scm:Revert-backport-8035986-Kerber... of Package openjdk-1.8.0

File _service:tar_scm:Revert-backport-8035986-KerberosKey-algorithm-names-are-not-specified.patch of Package openjdk-1.8.0

From 46b7cb7838a2de1a6463ddf17edefef73ec1217f Mon Sep 17 00:00:00 2001
Date: Thu, 3 Aug 2023 10:03:27 +0800
Subject: [PATCH] Revert-backport-8035986-KerberosKey-algorithm-names-are-not-specified

---
 .../security/auth/kerberos/KerberosKey.java   |  46 ++------
 .../javax/security/auth/kerberos/KeyImpl.java |  26 ++---
 .../sun/security/krb5/EncryptionKey.java      |  17 +--
 .../security/auth/kerberos/StandardNames.java | 108 ------------------
 4 files changed, 28 insertions(+), 169 deletions(-)
 delete mode 100644 jdk/test/javax/security/auth/kerberos/StandardNames.java

diff --git a/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java b/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java
index a8d12131a..5c8b65f27 100644
--- a/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java
+++ b/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java
@@ -52,20 +52,7 @@ import javax.security.auth.DestroyFailedException;
  * application depends on the default JGSS Kerberos mechanism to access the
  * KerberosKey. In that case, however, the application will need an
  * appropriate
- * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.<p>
- *
- * When creating a {@code KerberosKey} using the
- * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor,
- * an implementation may accept non-IANA algorithm names (For example,
- * "ArcFourMac" for "rc4-hmac"), but the {@link #getAlgorithm} method
- * must always return the IANA algorithm name.<p>
- *
- * @implNote Old algorithm names used before JDK 9 are supported in the
- * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor in this
- * implementation for compatibility reasons, which are "DES" (and null) for
- * "des-cbc-md5", "DESede" for "des3-cbc-sha1-kd", "ArcFourHmac" for "rc4-hmac",
- * "AES128" for "aes128-cts-hmac-sha1-96", and "AES256" for
- * "aes256-cts-hmac-sha1-96".
+ * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.
  *
  * @author Mayank Upadhyay
  * @since 1.4
@@ -86,7 +73,7 @@ public class KerberosKey implements SecretKey, Destroyable {
      *
      * @serial
      */
-    private final int versionNum;
+    private int versionNum;
 
    /**
     * {@code KeyImpl} is serialized by writing out the ASN1 Encoded bytes
@@ -126,16 +113,13 @@ public class KerberosKey implements SecretKey, Destroyable {
     }
 
     /**
-     * Constructs a KerberosKey from a principal's password using the specified
-     * algorithm name. The algorithm name (case insensitive) should be provided
-     * as the encryption type string defined on the IANA
-     * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a>
-     * page. The version number of the key generated will be 0.
+     * Constructs a KerberosKey from a principal's password.
      *
      * @param principal the principal that this password belongs to
      * @param password the password that should be used to compute the key
      * @param algorithm the name for the algorithm that this key will be
-     * used for
+     * used for. This parameter may be null in which case the default
+     * algorithm "DES" will be assumed.
      * @throws IllegalArgumentException if the name of the
      * algorithm passed is unsupported.
      */
@@ -144,7 +128,6 @@ public class KerberosKey implements SecretKey, Destroyable {
                        String algorithm) {
 
         this.principal = principal;
-        this.versionNum = 0;
         // Pass principal in for salt
         key = new KeyImpl(principal, password, algorithm);
     }
@@ -187,18 +170,13 @@ public class KerberosKey implements SecretKey, Destroyable {
      */
 
     /**
-     * Returns the standard algorithm name for this key. The algorithm names
-     * are the encryption type string defined on the IANA
-     * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a>
-     * page.
-     * <p>
-     * This method can return the following value not defined on the IANA page:
-     * <ol>
-     *     <li>none: for etype equal to 0</li>
-     *     <li>unknown: for etype greater than 0 but unsupported by
-     *         the implementation</li>
-     *     <li>private: for etype smaller than 0</li>
-     * </ol>
+     * Returns the standard algorithm name for this key. For
+     * example, "DES" would indicate that this key is a DES key.
+     * See Appendix A in the <a href=
+     * "../../../../../technotes/guides/security/crypto/CryptoSpec.html#AppA">
+     * Java Cryptography Architecture API Specification &amp; Reference
+     * </a>
+     * for information about standard algorithm names.
      *
      * @return the name of the algorithm associated with this key.
      */
diff --git a/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java b/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java
index 571387e0c..6791c42f0 100644
--- a/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java
+++ b/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java
@@ -36,6 +36,7 @@ import sun.security.krb5.PrincipalName;
 import sun.security.krb5.EncryptionKey;
 import sun.security.krb5.EncryptedData;
 import sun.security.krb5.KrbException;
+import sun.security.krb5.KrbCryptoException;
 import sun.security.util.DerValue;
 
 /**
@@ -85,12 +86,8 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
 
         try {
             PrincipalName princ = new PrincipalName(principal.getName());
-            EncryptionKey key;
-            if ("none".equalsIgnoreCase(algorithm)) {
-                key = EncryptionKey.NULL_KEY;
-            } else {
-                key = new EncryptionKey(password, princ.getSalt(), algorithm);
-            }
+            EncryptionKey key =
+                new EncryptionKey(password, princ.getSalt(), algorithm);
             this.keyBytes = key.getBytes();
             this.keyType = key.getEType();
         } catch (KrbException e) {
@@ -121,22 +118,20 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
 
         switch (eType) {
         case EncryptedData.ETYPE_DES_CBC_CRC:
-            return "des-cbc-crc";
-
         case EncryptedData.ETYPE_DES_CBC_MD5:
-            return "des-cbc-md5";
+            return "DES";
 
         case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
-            return "des3-cbc-sha1-kd";
+            return "DESede";
 
         case EncryptedData.ETYPE_ARCFOUR_HMAC:
-            return "rc4-hmac";
+            return "ArcFourHmac";
 
         case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
-            return "aes128-cts-hmac-sha1-96";
+            return "AES128";
 
         case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
-            return "aes256-cts-hmac-sha1-96";
+            return "AES256";
 
         case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128:
             return "aes128-cts-hmac-sha256-128";
@@ -145,10 +140,11 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
             return "aes256-cts-hmac-sha384-192";
 
         case EncryptedData.ETYPE_NULL:
-            return "none";
+            return "NULL";
 
         default:
-            return eType > 0 ? "unknown" : "private";
+            throw new IllegalArgumentException(
+                "Unsupported encryption type: " + eType);
         }
     }
 
diff --git a/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java b/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java
index 627168e70..71e667028 100644
--- a/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java
+++ b/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java
@@ -277,22 +277,15 @@ public class EncryptionKey
                          String salt,
                          String algorithm) throws KrbCryptoException {
 
-        if (algorithm == null || algorithm.equalsIgnoreCase("DES")
-                || algorithm.equalsIgnoreCase("des-cbc-md5")) {
+        if (algorithm == null || algorithm.equalsIgnoreCase("DES")) {
             keyType = EncryptedData.ETYPE_DES_CBC_MD5;
-        } else if (algorithm.equalsIgnoreCase("des-cbc-crc")) {
-            keyType = EncryptedData.ETYPE_DES_CBC_CRC;
-        } else if (algorithm.equalsIgnoreCase("DESede")
-                || algorithm.equalsIgnoreCase("des3-cbc-sha1-kd")) {
+        } else if (algorithm.equalsIgnoreCase("DESede")) {
             keyType = EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD;
-        } else if (algorithm.equalsIgnoreCase("AES128")
-                || algorithm.equalsIgnoreCase("aes128-cts-hmac-sha1-96")) {
+        } else if (algorithm.equalsIgnoreCase("AES128")) {
             keyType = EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96;
-        } else if (algorithm.equalsIgnoreCase("ArcFourHmac")
-                || algorithm.equalsIgnoreCase("rc4-hmac")) {
+        } else if (algorithm.equalsIgnoreCase("ArcFourHmac")) {
             keyType = EncryptedData.ETYPE_ARCFOUR_HMAC;
-        } else if (algorithm.equalsIgnoreCase("AES256")
-                || algorithm.equalsIgnoreCase("aes256-cts-hmac-sha1-96")) {
+        } else if (algorithm.equalsIgnoreCase("AES256")) {
             keyType = EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96;
             // validate if AES256 is enabled
             if (!EType.isSupported(keyType)) {
diff --git a/jdk/test/javax/security/auth/kerberos/StandardNames.java b/jdk/test/javax/security/auth/kerberos/StandardNames.java
deleted file mode 100644
index 40590f6d0..000000000
--- a/jdk/test/javax/security/auth/kerberos/StandardNames.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 8035986
- * @summary KerberosKey algorithm names are not specified
- */
-
-import sun.security.krb5.EncryptedData;
-
-import javax.crypto.Cipher;
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import java.util.Locale;
-
-public class StandardNames {
-    static KerberosPrincipal kp = new KerberosPrincipal("user@REALM");
-    static char[] pass = "secret".toCharArray();
-    static byte[] keyBytes = new byte[1];
-
-    public static void main(String[] args) throws Exception {
-        for (EncType e: EncType.values()) {
-            if (e == EncType.e18) {
-                if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
-                    System.out.println("Skipping aes256-cts-hmac-sha1-96");
-                    continue;
-                }
-            }
-            checkByName(e.name, e);
-            checkByName(e.name.toUpperCase(Locale.US), e);
-            for (String n: e.oldnames) {
-                checkByName(n, e);
-                if (n != null) {
-                    checkByName(n.toLowerCase(Locale.US), e);
-                }
-            }
-            checkByEType(e.etype, e.name);
-        }
-        checkByEType(100, "unknown");
-        checkByEType(-1, "private");
-
-        try {
-            System.out.println("unsupported");
-            new KerberosKey(kp, pass, "unsupported");
-            throw new Exception("unsupported");
-        } catch (IllegalArgumentException iae) {
-            // Expected
-        }
-    }
-
-    private static void checkByName(String n, EncType e) throws Exception {
-        System.out.println("CheckByName " + n);
-        KerberosKey k = new KerberosKey(kp, pass, n);
-        if (!k.getAlgorithm().equals(e.name)) throw new Exception(n);
-        if (k.getKeyType() != e.etype) throw new Exception(n);
-        if (k.getVersionNumber() != 0) throw new Exception(n);
-    }
-
-    private static void checkByEType(int i, String n) throws Exception {
-        System.out.println("CheckByInt " + i);
-        KerberosKey k = new KerberosKey(kp, keyBytes, i, 13);
-        if (!k.getAlgorithm().equals(n)) throw new Exception("" + i);
-        if (k.getKeyType() != i) throw new Exception("" + i);
-        if (k.getVersionNumber() != 13) throw new Exception("" + i);
-    }
-}
-
-enum EncType {
-    e0("none", EncryptedData.ETYPE_NULL),
-    e1("des-cbc-crc", EncryptedData.ETYPE_DES_CBC_CRC),
-    e3("des-cbc-md5", EncryptedData.ETYPE_DES_CBC_MD5, "DES", null),
-    e16("des3-cbc-sha1-kd", EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD, "DESede"),
-    e17("aes128-cts-hmac-sha1-96", EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, "AES128"),
-    e18("aes256-cts-hmac-sha1-96", EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96, "AES256"),
-    e23("rc4-hmac", EncryptedData.ETYPE_ARCFOUR_HMAC, "ArcFourHmac"),
-    ;
-
-    final String name;
-    final int etype;
-    final String[] oldnames;
-
-    EncType(String name, int etype, String... oldnames) {
-        this.name = name;
-        this.etype = etype;
-        this.oldnames = oldnames;
-    }
-}
-- 
2.22.0