diff options
Diffstat (limited to 'src/share/classes/sun/security/krb5/Checksum.java')
-rw-r--r-- | src/share/classes/sun/security/krb5/Checksum.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/share/classes/sun/security/krb5/Checksum.java b/src/share/classes/sun/security/krb5/Checksum.java index 377a07b973..f0fa577fc1 100644 --- a/src/share/classes/sun/security/krb5/Checksum.java +++ b/src/share/classes/sun/security/krb5/Checksum.java @@ -193,6 +193,26 @@ public class Checksum { usage); } + // =============== ATTENTION! Use with care ================== + // According to https://tools.ietf.org/html/rfc3961#section-6.1, + // An unkeyed checksum should only be used "in limited circumstances + // where the lack of a key does not provide a window for an attack, + // preferably as part of an encrypted message". + public boolean verifyAnyChecksum(byte[] data, EncryptionKey key, + int usage) + throws KdcErrException, KrbCryptoException { + CksumType cksumEngine = CksumType.getInstance(cksumType); + if (!cksumEngine.isSafe()) { + return cksumEngine.verifyChecksum(data, checksum); + } else { + return cksumEngine.verifyKeyedChecksum(data, + data.length, + key.getBytes(), + checksum, + usage); + } + } + /* public Checksum(byte[] data) throws KdcErrException, KrbCryptoException { this(Checksum.CKSUMTYPE_DEFAULT, data); |