Git Product home page Git Product logo

openjdk-kerberos's Introduction

OpenJDK Kerberos Implementation

A subset of OpenJDK containing an implementation of the Kerberos protocol, built for use on Android.

NOTE

This is not an officially supported Google product. It is provided as a way to help other Android developers build products that utilize Kerberos.

About

The code in this package is an adaptation of the Kerberos implementation from OpenJDK, intended for use in Android applications.

Building

A JAR file suitable for inclusion in Android apps can be built using Bazel.

Using

For the most part, the standard GSS-API can be used, particularly classes under org.ietf.jgss, as well as the Krb5LoginModule.

Local changes

As the Android SDK includes some of the relevant source files, with some modifications, a few changes have been made to get the code to cleanly compile and work with an Android app.

Namespace changes

Relevant classes under javax.naming and javax.security have been prefixed with krb, so are now under krb.javax.naming and krb.javax.security.

Ticket storage

Since the Android SDK does not properly implement a SecurityManager, the Subject instance containing the ticket from a Kerberos authentication cannot be obtained via the implementation of the GSS API.

To address that, a new method has been added to sun.security.jgss.GSSUtil, setGlobalSubject(Subject subject).

This method sets a Subject instance that will be used as the context for all GSS calls.

The caller should take care to clear the global context by setting a null subject after the GSS-related operations have been completed.

Contributing

The CONTRIBUTING.md file contains instructions on how to submit the Contributor License Agreement before sending any pull requests (PRs). Of course, if you're new to the project, it's usually best to discuss any proposals and reach consensus before sending your first PR.

License

This package retains the OpenJDK original license, which is The GNU General Public License (GPL) Version 2 with the Classpath Exception. See the LICENSE file.

openjdk-kerberos's People

Contributors

eranmes avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

openjdk-kerberos's Issues

new restrictions on non-SDK interfaces break the library starting from API 29

With the release of Android API 29, every application utilizing this library will crash with NoSuchMethodError (see an example of a stack trace below) due to new restrictions on non-SDK interfaces introduced in API 28.

Is there any immediate workaround for production devices?
Are you planning a migration to SDK interfaces or other alternatives?


2020-03-01 09:58:13.733 ? W/.enterprise.dp: Accessing hidden method Lsun/misc/HexDumpEncoder;-><init>()V (greylist, linking, allowed)
2020-03-01 09:58:13.733 ? W/.enterprise.dp: Accessing hidden method Lsun/misc/CharacterEncoder;->encodeBuffer([B)Ljava/lang/String; (greylist, linking, allowed)
2020-03-01 09:58:13.737 ? W/.enterprise.dp: Accessing hidden method Lsun/security/action/GetPropertyAction;-><init>(Ljava/lang/String;)V (greylist, linking, allowed)
2020-03-01 09:58:13.738 ? W/.enterprise.dp: Accessing hidden method Lsun/security/action/GetBooleanAction;-><init>(Ljava/lang/String;)V (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getTag()B (blacklist, linking, denied)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerInputStream;->peekByte()I (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerInputStream;->getDerValue()Lsun/security/util/DerValue; (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getTag()B (blacklist, linking, denied)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;-><init>()V (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;->putInteger(Ljava/math/BigInteger;)V (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->createTag(BZB)B (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;->write(BLsun/security/util/DerOutputStream;)V (greylist, linking, allowed)
2020-03-01 09:58:13.741 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;->putOctetString([B)V (greylist, linking, allowed)
2020-03-01 09:58:13.742 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getTag()B (blacklist, linking, denied)
2020-03-01 09:58:13.742 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getTag()B (blacklist, linking, denied)
2020-03-01 09:58:13.743 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;->putSequence([Lsun/security/util/DerValue;)V (greylist, linking, allowed)
2020-03-01 09:58:13.744 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getTag()B (blacklist, linking, denied)
2020-03-01 09:58:13.745 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;->putDerValue(Lsun/security/util/DerValue;)V (greylist, linking, allowed)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;-><init>(I)V (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;-><init>(I[B)V (greylist, linking, allowed)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;->toBooleanArray()[Z (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;-><init>([Z)V (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerOutputStream;->putUnalignedBitString(Lsun/security/util/BitArray;)V (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;->get(I)Z (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;->set(IZ)V (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;->toBooleanArray()[Z (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getUnalignedBitString(Z)Lsun/security/util/BitArray; (blacklist, linking, denied)
2020-03-01 09:58:13.747 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/DerValue;->getTag()B (blacklist, linking, denied)
2020-03-01 09:58:13.748 ? W/.enterprise.dp: Accessing hidden method Lsun/security/util/BitArray;-><init>(I)V (blacklist, linking, denied)
2020-03-01 09:58:13.748 ? E/JavaBinder: *** Uncaught remote exception!  (Exceptions are not yet supported across processes.)
    java.lang.NoSuchMethodError: No direct method <init>(I)V in class Lsun/security/util/BitArray; or its super classes (declaration of 'sun.security.util.BitArray' appears in /apex/com.android.runtime/javalib/core-oj.jar)
        at sun.security.krb5.internal.util.KerberosFlags.<init>(KerberosFlags.java:64)
        at sun.security.krb5.internal.KDCOptions.<init>(KDCOptions.java:182)
        at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:65)
        at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:265)
        at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:755)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:585)
        at iq.earthlink.enterprise.dpc.KerberosAuthenticator.getAuthToken(KerberosAuthenticator.kt:89)
        at android.accounts.AbstractAccountAuthenticator$Transport.getAuthToken(AbstractAccountAuthenticator.java:246)
        at android.accounts.IAccountAuthenticator$Stub.onTransact(IAccountAuthenticator.java:282)
        at android.os.Binder.execTransactInternal(Binder.java:1021)
        at android.os.Binder.execTransact(Binder.java:994)
2020-03-01 09:58:13.749 ? E/AndroidRuntime: FATAL EXCEPTION: Binder:8573_3
    Process: iq.earthlink.enterprise.dpc, PID: 8573
    java.lang.NoSuchMethodError: No direct method <init>(I)V in class Lsun/security/util/BitArray; or its super classes (declaration of 'sun.security.util.BitArray' appears in /apex/com.android.runtime/javalib/core-oj.jar)
        at sun.security.krb5.internal.util.KerberosFlags.<init>(KerberosFlags.java:64)
        at sun.security.krb5.internal.KDCOptions.<init>(KDCOptions.java:182)
        at sun.security.krb5.KrbAsReq.<init>(KrbAsReq.java:65)
        at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:265)
        at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:755)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:585)
        at iq.earthlink.enterprise.dpc.KerberosAuthenticator.getAuthToken(KerberosAuthenticator.kt:89)
        at android.accounts.AbstractAccountAuthenticator$Transport.getAuthToken(AbstractAccountAuthenticator.java:246)
        at android.accounts.IAccountAuthenticator$Stub.onTransact(IAccountAuthenticator.java:282)
        at android.os.Binder.execTransactInternal(Binder.java:1021)
        at android.os.Binder.execTransact(Binder.java:994)

Building for API 17

This is probably a long shot, but does anyone know if I could build this against api_level = 17 or 23? I suspect that this would require working with a different version of the OpenJDK, but figured I'd check anyway.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.