src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java

/*
 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.krb5.internal.rcache;

import sun.security.action.GetPropertyAction;

import java.util.Objects;

/**
 * The class represents a new style replay cache entry. It can be either used
 * inside memory or in a dfl file.
 */
public class AuthTimeWithHash extends AuthTime
        implements Comparable<AuthTimeWithHash> {

    // The hash algorithm can be "HASH" or "SHA256".
    public static final String DEFAULT_HASH_ALG;

    static {
        if (GetPropertyAction.privilegedGetProperty(
                "jdk.krb5.rcache.useMD5", "false").equals("true")) {
            DEFAULT_HASH_ALG = "HASH";
        } else {
            DEFAULT_HASH_ALG = "SHA256";
        }
    }

    public static String realAlg(String alg) {
        switch (alg) {
            case "HASH":
                return "MD5";
            case "SHA256":
                return "SHA-256";
            default:
                throw new AssertionError(alg + " is not HASH or SHA256");
        }
    }

    final String hashAlg;
    final String hash;

    /**
     * Constructs a new <code>AuthTimeWithHash</code>.
     */
    public AuthTimeWithHash(String client, String server,
            int ctime, int cusec, String hashAlg, String hash) {
        super(client, server, ctime, cusec);
        this.hashAlg = hashAlg;
        this.hash = hash;
    }

    /**
     * Compares if an object equals to an <code>AuthTimeWithHash</code> object.
     * @param o an object.
     * @return true if two objects are equivalent, otherwise, return false.
     */
    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
        if (!(o instanceof AuthTimeWithHash)) return false;
        AuthTimeWithHash that = (AuthTimeWithHash)o;
        return Objects.equals(hash, that.hash)
                && Objects.equals(hashAlg, that.hashAlg)
                && Objects.equals(client, that.client)
                && Objects.equals(server, that.server)
                && ctime == that.ctime
                && cusec == that.cusec;
    }

    /**
     * Returns a hash code for this <code>AuthTimeWithHash</code> object.
     */
    @Override
    public int hashCode() {
        return Objects.hash(hash);
    }

    @Override
    public String toString() {
        return String.format("%d/%06d/%s/%s", ctime, cusec, hash, client);
    }

    @Override
    public int compareTo(AuthTimeWithHash other) {
        int cmp = 0;
        if (ctime != other.ctime) {
            cmp = Integer.compare(ctime, other.ctime);
        } else if (cusec != other.cusec) {
            cmp = Integer.compare(cusec, other.cusec);
        } else {
            cmp = hash.compareTo(other.hash);
        }
        return cmp;
    }

    /**
     * Compares with a possibly old style object. Used
     * in DflCache$Storage#loadAndCheck.
     * @return true if all AuthTime fields are the same but different hash
     */
    public boolean sameTimeDiffHash(AuthTimeWithHash old) {
        if (!this.isSameIgnoresHash(old)) {
            return false;
        }
        return this.hashAlg.equals(old.hashAlg) &&
                !this.hash.equals(old.hash);
    }

    /**
     * Compares with a possibly old style object. Used
     * in DflCache$Storage#loadAndCheck.
     * @return true if all AuthTime fields are the same
     */
    public boolean isSameIgnoresHash(AuthTime old) {
        return  client.equals(old.client) &&
                server.equals(old.server) &&
                ctime == old.ctime &&
                cusec == old.cusec;
    }

    // Methods used when saved in a dfl file. See DflCache.java

    /**
     * Encodes to be used in a dfl file
     * @param withHash write new style if true
     */
    @Override
    public byte[] encode(boolean withHash) {
        String cstring;
        String sstring;
        if (withHash) {
            cstring = "";
            sstring = String.format("%s:%s %d:%s %d:%s", hashAlg, hash,
                    client.length(), client,
                    server.length(), server);
        } else {
            cstring = client;
            sstring = server;
        }
        return encode0(cstring, sstring);
    }
}