JDK-8080128 : GSSContext.acceptSecContext does not established context with valid Spnego ticke
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss
  • Affected Version: 8u40
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2015-03-23
  • Updated: 2015-05-12
  • Resolved: 2015-05-12
Related Reports
Duplicate :  
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b25)
Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
Since Update 40 a GSSContext does not get established with a valid Spnego-Ticket. After calling 

GSSContext gssContext = manager.createContext((GSSCredential) null);
gssContext.acceptSecContext(token, 0, token.length);

assertTrue(gssContext.isEstablished())

validates to false. It does not fail with an exception or any other kind of error.

My Spngo-Token uses the following Mechnisms 1.2.840.48018.1.2.2, 1.2.840.113554.1.2.2, 1.3.6.1.4.1.311.2.2.30, 1.3.6.1.4.1.311.2.2.10, which was generated by an IE9 using rc4-hmac.

REGRESSION.  Last worked in version 8u31

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
- Generate an Initiate-SPNEGO-ticket 
- Call gssContext.acceptSecContext with Update 31 and Update 40
- Compare the two results of gssContext.isEstablished()

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
gssContext.isEstablished() = true
ACTUAL -
gssContext.isEstablished() = false

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
no workaround known.


Comments
Must be a duplicate of JDK-8078439. Recommend to move it to JDK and close it as a duplicate.
03-05-2015