jdk-sandbox: jdk/test/sun/security/krb5/auto/KDC.java@07af3c279166 (annotated)

1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1	/*
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	2	* Copyright 2008-2009 Sun Microsystems, Inc. All Rights Reserved.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	4	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	7	* published by the Free Software Foundation.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	8	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	13	* accompanied this code).
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	14	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	18	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	19	* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	20	* CA 95054 USA or visit www.sun.com if you need additional information or
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	21	* have any questions.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	22	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	23
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	24	import java.lang.reflect.Constructor;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	25	import java.lang.reflect.Field;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	26	import java.lang.reflect.InvocationTargetException;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	27	import java.net.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	28	import java.io.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	29	import java.lang.reflect.Method;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	30	import java.security.SecureRandom;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	31	import java.util.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	32	import java.util.concurrent.*;
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	33	import sun.net.spi.nameservice.NameService;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	34	import sun.net.spi.nameservice.NameServiceDescriptor;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	35	import sun.security.krb5.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	36	import sun.security.krb5.internal.*;
1575 e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	37	import sun.security.krb5.internal.ccache.CredentialsCache;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	38	import sun.security.krb5.internal.crypto.KeyUsage;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	39	import sun.security.krb5.internal.ktab.KeyTab;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	40	import sun.security.util.DerInputStream;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	41	import sun.security.util.DerOutputStream;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	42	import sun.security.util.DerValue;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	43
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	44	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	45	* A KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	46	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	47	* Features:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	48	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	49	* <li> Supports TCP and UDP
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	50	* <li> Supports AS-REQ and TGS-REQ
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	51	* <li> Principal db and other settings hard coded in application
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	52	* <li> Options, say, request preauth or not
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	53	* </ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	54	* Side effects:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	55	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	56	* <li> The Sun-internal class <code>sun.security.krb5.Config</code> is a
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	57	* singleton and initialized according to Kerberos settings (krb5.conf and
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	58	* java.security.krb5.* system properties). This means once it's initialized
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	59	* it will not automatically notice any changes to these settings (or file
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	60	* changes of krb5.conf). The KDC class normally does not touch these
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	61	* settings (except for the <code>writeKtab()</code> method). However, to make
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	62	* sure nothing ever goes wrong, if you want to make any changes to these
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	63	* settings after calling a KDC method, call <code>Config.refresh()</code> to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	64	* make sure your changes are reflected in the <code>Config</code> object.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	65	* </ol>
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	66	* System properties recognized:
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	67	* <ul>
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	68	* <li>test.kdc.save.ccache
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	69	* </ul>
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	70	* Support policies:
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	71	* <ul>
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	72	* <li>ok-as-delegate
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	73	* </ul>
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	74	* Issues and TODOs:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	75	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	76	* <li> Generates krb5.conf to be used on another machine, currently the kdc is
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	77	* always localhost
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	78	* <li> More options to KDC, say, error output, say, response nonce !=
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	79	* request nonce
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	80	* </ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	81	* Note: This program uses internal krb5 classes (including reflection to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	82	* access private fields and methods).
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	83	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	84	* Usages:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	85	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	86	* 1. Init and start the KDC:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	87	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	88	* KDC kdc = KDC.create("REALM.NAME", port, isDaemon);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	89	* KDC kdc = KDC.create("REALM.NAME");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	90	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	91	* Here, <code>port</code> is the UDP and TCP port number the KDC server
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	92	* listens on. If zero, a random port is chosen, which you can use getPort()
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	93	* later to retrieve the value.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	94	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	95	* If <code>isDaemon</code> is true, the KDC worker threads will be daemons.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	96	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	97	* The shortcut <code>KDC.create("REALM.NAME")</code> has port=0 and
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	98	* isDaemon=false, and is commonly used in an embedded KDC.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	99	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	100	* 2. Adding users:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	101	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	102	* kdc.addPrincipal(String principal_name, char[] password);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	103	* kdc.addPrincipalRandKey(String principal_name);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	104	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	105	* A service principal's name should look like "host/f.q.d.n". The second form
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	106	* generates a random key. To expose this key, call <code>writeKtab()</code> to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	107	* save the keys into a keytab file.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	108	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	109	* Note that you need to add the principal name krbtgt/REALM.NAME yourself.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	110	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	111	* Note that you can safely add a principal at any time after the KDC is
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	112	* started and before a user requests info on this principal.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	113	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	114	* 3. Other public methods:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	115	* <ul>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	116	* <li> <code>getPort</code>: Returns the port number the KDC uses
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	117	* <li> <code>getRealm</code>: Returns the realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	118	* <li> <code>writeKtab</code>: Writes all principals' keys into a keytab file
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	119	* <li> <code>saveConfig</code>: Saves a krb5.conf file to access this KDC
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	120	* <li> <code>setOption</code>: Sets various options
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	121	* </ul>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	122	* Read the javadoc for details. Lazy developer can use <code>OneKDC</code>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	123	* directly.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	124	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	125	public class KDC {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	126
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	127	// Under the hood.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	128
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	129	// The random generator to generate random keys (including session keys)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	130	private static SecureRandom secureRandom = new SecureRandom();
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	131	// Principal db. principal -> pass
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	132	private Map<String,char[]> passwords = new HashMap<String,char[]>();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	133	// Realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	134	private String realm;
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	135	// KDC
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	136	private String kdc;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	137	// Service port number
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	138	private int port;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	139	// The request/response job queue
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	140	private BlockingQueue<Job> q = new ArrayBlockingQueue<Job>(100);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	141	// Options
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	142	private Map<Option,Object> options = new HashMap<Option,Object>();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	143
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	144	private Thread thread1, thread2, thread3;
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	145	DatagramSocket u1 = null;
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	146	ServerSocket t1 = null;
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	147
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	148	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	149	* Option names, to be expanded forever.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	150	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	151	public static enum Option {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	152	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	153	* Whether pre-authentication is required. Default Boolean.TRUE
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	154	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	155	PREAUTH_REQUIRED,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	156	};
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	157
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	158	static {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	159	System.setProperty("sun.net.spi.nameservice.provider.1", "ns,mock");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	160	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	161
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	162	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	163	* A standalone KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	164	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	165	public static void main(String[] args) throws Exception {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	166	KDC kdc = create("RABBIT.HOLE", "kdc.rabbit.hole", 0, false);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	167	kdc.addPrincipal("dummy", "bogus".toCharArray());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	168	kdc.addPrincipal("foo", "bar".toCharArray());
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	169	kdc.addPrincipalRandKey("krbtgt/RABBIT.HOLE");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	170	kdc.addPrincipalRandKey("server/host.rabbit.hole");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	171	kdc.addPrincipalRandKey("backend/host.rabbit.hole");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	172	KDC.saveConfig("krb5.conf", kdc, "forwardable = true");
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	173	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	174
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	175	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	176	* Creates and starts a KDC running as a daemon on a random port.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	177	* @param realm the realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	178	* @return the running KDC instance
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	179	* @throws java.io.IOException for any socket creation error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	180	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	181	public static KDC create(String realm) throws IOException {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	182	return create(realm, "kdc." + realm.toLowerCase(), 0, true);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	183	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	184
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	185	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	186	* Creates and starts a KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	187	* @param realm the realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	188	* @param port the TCP and UDP port to listen to. A random port will to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	189	* chosen if zero.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	190	* @param asDaemon if true, KDC threads will be daemons. Otherwise, not.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	191	* @return the running KDC instance
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	192	* @throws java.io.IOException for any socket creation error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	193	*/
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	194	public static KDC create(String realm, String kdc, int port, boolean asDaemon) throws IOException {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	195	return new KDC(realm, kdc, port, asDaemon);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	196	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	197
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	198	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	199	* Sets an option
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	200	* @param key the option name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	201	* @param obj the value
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	202	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	203	public void setOption(Option key, Object value) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	204	options.put(key, value);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	205	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	206
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	207	/**
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	208	* Write all principals' keys from multiple KDCsinto one keytab file.
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	209	* Note that the keys for the krbtgt principals will not be written.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	210	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	211	* Attention: This method references krb5.conf settings. If you need to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	212	* setup krb5.conf later, please call <code>Config.refresh()</code> after
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	213	* the new setting. For example:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	214	* <pre>
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	215	* KDC.writeKtab("/etc/kdc/ktab", kdc); // Config is initialized,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	216	* System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	217	* Config.refresh();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	218	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	219	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	220	* Inside this method there are 2 places krb5.conf is used:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	221	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	222	* <li> (Fatal) Generating keys: EncryptionKey.acquireSecretKeys
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	223	* <li> (Has workaround) Creating PrincipalName
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	224	* </ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	225	* @param tab The keytab filename to write to.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	226	* @throws java.io.IOException for any file output error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	227	* @throws sun.security.krb5.KrbException for any realm and/or principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	228	* name error.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	229	*/
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	230	public static void writeMultiKtab(String tab, KDC... kdcs)
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	231	throws IOException, KrbException {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	232	KeyTab ktab = KeyTab.create(tab);
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	233	for (KDC kdc: kdcs) {
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	234	for (String name : kdc.passwords.keySet()) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	235	ktab.addEntry(new PrincipalName(name,
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	236	name.indexOf('/') < 0 ?
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	237	PrincipalName.KRB_NT_UNKNOWN :
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	238	PrincipalName.KRB_NT_SRV_HST),
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	239	kdc.passwords.get(name));
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	240	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	241	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	242	ktab.save();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	243	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	244
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	245	/**
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	246	* Write a ktab for this KDC.
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	247	*/
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	248	public void writeKtab(String tab) throws IOException, KrbException {
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	249	KDC.writeMultiKtab(tab, this);
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	250	}
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	251
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	252	/**
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	253	* Adds a new principal to this realm with a given password.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	254	* @param user the principal's name. For a service principal, use the
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	255	* form of host/f.q.d.n
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	256	* @param pass the password for the principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	257	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	258	public void addPrincipal(String user, char[] pass) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	259	if (user.indexOf('@') < 0) {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	260	user = user + "@" + realm;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	261	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	262	passwords.put(user, pass);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	263	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	264
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	265	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	266	* Adds a new principal to this realm with a random password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	267	* @param user the principal's name. For a service principal, use the
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	268	* form of host/f.q.d.n
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	269	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	270	public void addPrincipalRandKey(String user) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	271	addPrincipal(user, randomPassword());
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	272	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	273
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	274	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	275	* Returns the name of this realm
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	276	* @return the name of this realm
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	277	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	278	public String getRealm() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	279	return realm;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	280	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	281
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	282	/**
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	283	* Returns the name of kdc
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	284	* @return the name of kdc
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	285	*/
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	286	public String getKDC() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	287	return kdc;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	288	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	289
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	290	/**
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	291	* Writes a krb5.conf for one or more KDC that includes KDC locations for
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	292	* each realm and the default realm name. You can also add extra strings
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	293	* into the file. The method should be called like:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	294	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	295	* KDC.saveConfig("krb5.conf", kdc1, kdc2, ..., line1, line2, ...);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	296	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	297	* Here you can provide one or more kdc# and zero or more line# arguments.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	298	* The line# will be put after [libdefaults] and before [realms]. Therefore
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	299	* you can append new lines into [libdefaults] and/or create your new
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	300	* stanzas as well. Note that a newline character will be appended to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	301	* each line# argument.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	302	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	303	* For example:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	304	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	305	* KDC.saveConfig("krb5.conf", this);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	306	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	307	* generates:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	308	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	309	* [libdefaults]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	310	* default_realm = REALM.NAME
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	311	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	312	* [realms]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	313	* REALM.NAME = {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	314	* kdc = host:port_number
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	315	* }
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	316	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	317	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	318	* Another example:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	319	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	320	* KDC.saveConfig("krb5.conf", kdc1, kdc2, "forwardable = true", "",
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	321	* "[domain_realm]",
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	322	* ".kdc1.com = KDC1.NAME");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	323	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	324	* generates:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	325	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	326	* [libdefaults]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	327	* default_realm = KDC1.NAME
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	328	* forwardable = true
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	329	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	330	* [domain_realm]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	331	* .kdc1.com = KDC1.NAME
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	332	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	333	* [realms]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	334	* KDC1.NAME = {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	335	* kdc = host:port1
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	336	* }
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	337	* KDC2.NAME = {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	338	* kdc = host:port2
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	339	* }
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	340	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	341	* @param file the name of the file to write into
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	342	* @param kdc the first (and default) KDC
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	343	* @param more more KDCs or extra lines (in their appearing order) to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	344	* insert into the krb5.conf file. This method reads each argument's type
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	345	* to determine what it's for. This argument can be empty.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	346	* @throws java.io.IOException for any file output error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	347	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	348	public static void saveConfig(String file, KDC kdc, Object... more)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	349	throws IOException {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	350	File f = new File(file);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	351	StringBuffer sb = new StringBuffer();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	352	sb.append("[libdefaults]\ndefault_realm = ");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	353	sb.append(kdc.realm);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	354	sb.append("\n");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	355	for (Object o: more) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	356	if (o instanceof String) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	357	sb.append(o);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	358	sb.append("\n");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	359	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	360	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	361	sb.append("\n[realms]\n");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	362	sb.append(realmLineForKDC(kdc));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	363	for (Object o: more) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	364	if (o instanceof KDC) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	365	sb.append(realmLineForKDC((KDC)o));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	366	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	367	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	368	FileOutputStream fos = new FileOutputStream(f);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	369	fos.write(sb.toString().getBytes());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	370	fos.close();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	371	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	372
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	373	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	374	* Returns the service port of the KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	375	* @return the KDC service port
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	376	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	377	public int getPort() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	378	return port;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	379	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	380
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	381	// Private helper methods
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	382
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	383	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	384	* Private constructor, cannot be called outside.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	385	* @param realm
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	386	*/
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	387	private KDC(String realm, String kdc) {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	388	this.realm = realm;
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	389	this.kdc = kdc;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	390	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	391
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	392	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	393	* A constructor that starts the KDC service also.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	394	*/
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	395	protected KDC(String realm, String kdc, int port, boolean asDaemon)
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	396	throws IOException {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	397	this(realm, kdc);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	398	startServer(port, asDaemon);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	399	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	400	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	401	* Generates a 32-char random password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	402	* @return the password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	403	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	404	private static char[] randomPassword() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	405	char[] pass = new char[32];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	406	for (int i=0; i<32; i++)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	407	pass[i] = (char)secureRandom.nextInt();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	408	return pass;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	409	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	410
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	411	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	412	* Generates a random key for the given encryption type.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	413	* @param eType the encryption type
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	414	* @return the generated key
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	415	* @throws sun.security.krb5.KrbException for unknown/unsupported etype
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	416	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	417	private static EncryptionKey generateRandomKey(int eType)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	418	throws KrbException {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	419	// Is 32 enough for AES256? I should have generated the keys directly
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	420	// but different cryptos have different rules on what keys are valid.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	421	char[] pass = randomPassword();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	422	String algo;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	423	switch (eType) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	424	case EncryptedData.ETYPE_DES_CBC_MD5: algo = "DES"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	425	case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD: algo = "DESede"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	426	case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96: algo = "AES128"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	427	case EncryptedData.ETYPE_ARCFOUR_HMAC: algo = "ArcFourHMAC"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	428	case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96: algo = "AES256"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	429	default: algo = "DES"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	430	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	431	return new EncryptionKey(pass, "NOTHING", algo); // Silly
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	432	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	433
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	434	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	435	* Returns the password for a given principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	436	* @param p principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	437	* @return the password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	438	* @throws sun.security.krb5.KrbException when the principal is not inside
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	439	* the database.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	440	*/
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	441	private char[] getPassword(PrincipalName p, boolean server)
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	442	throws KrbException {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	443	String pn = p.toString();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	444	if (p.getRealmString() == null) {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	445	pn = pn + "@" + getRealm();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	446	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	447	char[] pass = passwords.get(pn);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	448	if (pass == null) {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	449	throw new KrbException(server?
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	450	Krb5.KDC_ERR_S_PRINCIPAL_UNKNOWN:
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	451	Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	452	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	453	return pass;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	454	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	455
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	456	/**
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	457	* Returns the salt string for the principal.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	458	* @param p principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	459	* @return the salt
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	460	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	461	private String getSalt(PrincipalName p) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	462	String[] ns = p.getNameStrings();
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	463	String s = p.getRealmString();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	464	if (s == null) s = getRealm();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	465	for (String n: p.getNameStrings()) {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	466	s += n;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	467	}
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	468	return s;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	469	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	470
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	471	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	472	* Returns the key for a given principal of the given encryption type
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	473	* @param p the principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	474	* @param etype the encryption type
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	475	* @param server looking for a server principal?
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	476	* @return the key
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	477	* @throws sun.security.krb5.KrbException for unknown/unsupported etype
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	478	*/
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	479	private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	480	throws KrbException {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	481	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	482	// Do not call EncryptionKey.acquireSecretKeys(), otherwise
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	483	// the krb5.conf config file would be loaded.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	484	Method stringToKey = EncryptionKey.class.getDeclaredMethod("stringToKey", char[].class, String.class, byte[].class, Integer.TYPE);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	485	stringToKey.setAccessible(true);
4168 1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	486	Integer kvno = null;
4532 f39917c8cf46 6907425: JCK Kerberos tests fail since b77 weijun parents: 4531 diff changeset	487	// For service whose password ending with a number, use it as kvno.
f39917c8cf46 6907425: JCK Kerberos tests fail since b77 weijun parents: 4531 diff changeset	488	// Kvno must be postive.
f39917c8cf46 6907425: JCK Kerberos tests fail since b77 weijun parents: 4531 diff changeset	489	if (p.toString().indexOf('/') > 0) {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	490	char[] pass = getPassword(p, server);
4168 1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	491	if (Character.isDigit(pass[pass.length-1])) {
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	492	kvno = pass[pass.length-1] - '0';
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	493	}
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	494	}
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	495	return new EncryptionKey((byte[]) stringToKey.invoke(
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	496	null, getPassword(p, server), getSalt(p), null, etype),
4168 1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	497	etype, kvno);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	498	} catch (InvocationTargetException ex) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	499	KrbException ke = (KrbException)ex.getCause();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	500	throw ke;
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	501	} catch (KrbException ke) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	502	throw ke;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	503	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	504	throw new RuntimeException(e); // should not happen
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	505	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	506	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	507
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	508	private Map<String,String> policies = new HashMap<String,String>();
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	509
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	510	public void setPolicy(String rule, String value) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	511	if (value == null) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	512	policies.remove(rule);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	513	} else {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	514	policies.put(rule, value);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	515	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	516	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	517	/**
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	518	* If the provided client/server pair matches a rule
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	519	*
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	520	* A system property named test.kdc.policy.RULE will be consulted.
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	521	* If it's unset, returns false. If its value is "", any pair is
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	522	* matched. Otherwise, it should contains the server name matched.
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	523	*
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	524	* TODO: client name is not used currently.
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	525	*
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	526	* @param c client name
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	527	* @param s server name
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	528	* @param rule rule name
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	529	* @return if a match is found
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	530	*/
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	531	private boolean configMatch(String c, String s, String rule) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	532	String policy = policies.get(rule);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	533	boolean result = false;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	534	if (policy == null) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	535	result = false;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	536	} else if (policy.length() == 0) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	537	result = true;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	538	} else {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	539	String[] names = policy.split("\\s+");
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	540	for (String name: names) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	541	if (name.equals(s)) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	542	result = true;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	543	break;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	544	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	545	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	546	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	547	if (result) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	548	System.out.printf(">>>> Policy match result (%s vs %s on %s) %b\n",
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	549	c, s, rule, result);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	550	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	551	return result;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	552	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	553
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	554
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	555	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	556	* Processes an incoming request and generates a response.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	557	* @param in the request
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	558	* @return the response
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	559	* @throws java.lang.Exception for various errors
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	560	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	561	private byte[] processMessage(byte[] in) throws Exception {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	562	if ((in[0] & 0x1f) == Krb5.KRB_AS_REQ)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	563	return processAsReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	564	else
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	565	return processTgsReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	566	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	567
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	568	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	569	* Processes a TGS_REQ and generates a TGS_REP (or KRB_ERROR)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	570	* @param in the request
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	571	* @return the response
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	572	* @throws java.lang.Exception for various errors
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	573	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	574	private byte[] processTgsReq(byte[] in) throws Exception {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	575	TGSReq tgsReq = new TGSReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	576	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	577	System.out.println(realm + "> " + tgsReq.reqBody.cname +
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	578	" sends TGS-REQ for " +
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	579	tgsReq.reqBody.sname);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	580	KDCReqBody body = tgsReq.reqBody;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	581	int etype = 0;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	582
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	583	// Reflection: PAData[] pas = tgsReq.pAData;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	584	Field f = KDCReq.class.getDeclaredField("pAData");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	585	f.setAccessible(true);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	586	PAData[] pas = (PAData[])f.get(tgsReq);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	587
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	588	Ticket tkt = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	589	EncTicketPart etp = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	590	if (pas == null \|\| pas.length == 0) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	591	throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	592	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	593	for (PAData pa: pas) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	594	if (pa.getType() == Krb5.PA_TGS_REQ) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	595	APReq apReq = new APReq(pa.getValue());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	596	EncryptedData ed = apReq.authenticator;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	597	tkt = apReq.ticket;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	598	etype = tkt.encPart.getEType();
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	599	tkt.sname.setRealm(tkt.realm);
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	600	EncryptionKey kkey = keyForUser(tkt.sname, etype, true);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	601	byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	602	DerInputStream derIn = new DerInputStream(bb);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	603	DerValue der = derIn.getDerValue();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	604	etp = new EncTicketPart(der.toByteArray());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	605	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	606	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	607	if (tkt == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	608	throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	609	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	610	}
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	611	EncryptionKey skey = keyForUser(body.sname, etype, true);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	612	if (skey == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	613	throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	614	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	615
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	616	// Session key for original ticket, TGT
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	617	EncryptionKey ckey = etp.key;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	618
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	619	// Session key for session with the service
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	620	EncryptionKey key = generateRandomKey(etype);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	621
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	622	// Check time, TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	623	KerberosTime till = body.till;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	624	if (till == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	625	throw new KrbException(Krb5.KDC_ERR_NEVER_VALID); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	626	} else if (till.isZero()) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	627	till = new KerberosTime(new Date().getTime() + 1000 * 3600 * 11);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	628	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	629
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	630	boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	631	if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	632	bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	633	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	634	if (body.kdcOptions.get(KDCOptions.FORWARDED) \|\|
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	635	etp.flags.get(Krb5.TKT_OPTS_FORWARDED)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	636	bFlags[Krb5.TKT_OPTS_FORWARDED] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	637	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	638	if (body.kdcOptions.get(KDCOptions.RENEWABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	639	bFlags[Krb5.TKT_OPTS_RENEWABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	640	//renew = new KerberosTime(new Date().getTime() + 1000 * 3600 * 24 * 7);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	641	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	642	if (body.kdcOptions.get(KDCOptions.PROXIABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	643	bFlags[Krb5.TKT_OPTS_PROXIABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	644	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	645	if (body.kdcOptions.get(KDCOptions.POSTDATED)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	646	bFlags[Krb5.TKT_OPTS_POSTDATED] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	647	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	648	if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	649	bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	650	}
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	651
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	652	if (configMatch("", body.sname.getNameString(), "ok-as-delegate")) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	653	bFlags[Krb5.TKT_OPTS_DELEGATE] = true;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	654	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	655	bFlags[Krb5.TKT_OPTS_INITIAL] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	656
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	657	TicketFlags tFlags = new TicketFlags(bFlags);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	658	EncTicketPart enc = new EncTicketPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	659	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	660	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	661	etp.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	662	etp.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	663	new TransitedEncoding(1, new byte[0]), // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	664	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	665	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	666	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	667	body.addresses,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	668	null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	669	Ticket t = new Ticket(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	670	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	671	body.sname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	672	new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	673	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	674	EncTGSRepPart enc_part = new EncTGSRepPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	675	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	676	new LastReq(new LastReqEntry[]{
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	677	new LastReqEntry(0, new KerberosTime(new Date().getTime() - 10000))
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	678	}),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	679	body.getNonce(), // TODO: detect replay
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	680	new KerberosTime(new Date().getTime() + 1000 * 3600 * 24),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	681	// Next 5 and last MUST be same with ticket
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	682	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	683	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	684	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	685	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	686	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	687	body.sname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	688	body.addresses
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	689	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	690	EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	691	TGSRep tgsRep = new TGSRep(null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	692	etp.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	693	etp.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	694	t,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	695	edata);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	696	System.out.println(" Return " + tgsRep.cname
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	697	+ " ticket for " + tgsRep.ticket.sname);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	698
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	699	DerOutputStream out = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	700	out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	701	true, (byte)Krb5.KRB_TGS_REP), tgsRep.asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	702	return out.toByteArray();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	703	} catch (KrbException ke) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	704	ke.printStackTrace(System.out);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	705	KRBError kerr = ke.getError();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	706	KDCReqBody body = tgsReq.reqBody;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	707	System.out.println(" Error " + ke.returnCode()
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	708	+ " " +ke.returnCodeMessage());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	709	if (kerr == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	710	kerr = new KRBError(null, null, null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	711	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	712	0,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	713	ke.returnCode(),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	714	body.crealm, body.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	715	new Realm(getRealm()), body.sname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	716	KrbException.errorMessage(ke.returnCode()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	717	null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	718	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	719	return kerr.asn1Encode();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	720	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	721	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	722
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	723	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	724	* Processes a AS_REQ and generates a AS_REP (or KRB_ERROR)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	725	* @param in the request
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	726	* @return the response
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	727	* @throws java.lang.Exception for various errors
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	728	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	729	private byte[] processAsReq(byte[] in) throws Exception {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	730	ASReq asReq = new ASReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	731	int[] eTypes = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	732	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	733	System.out.println(realm + "> " + asReq.reqBody.cname +
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	734	" sends AS-REQ for " +
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	735	asReq.reqBody.sname);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	736
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	737	KDCReqBody body = asReq.reqBody;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	738
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	739	// Reflection: int[] eType = body.eType;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	740	Field f = KDCReqBody.class.getDeclaredField("eType");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	741	f.setAccessible(true);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	742	eTypes = (int[])f.get(body);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	743	int eType = eTypes[0];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	744
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	745	EncryptionKey ckey = keyForUser(body.cname, eType, false);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	746	EncryptionKey skey = keyForUser(body.sname, eType, true);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	747	if (ckey == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	748	throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	749	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	750	if (skey == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	751	throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	752	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	753
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	754	// Session key
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	755	EncryptionKey key = generateRandomKey(eType);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	756	// Check time, TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	757	KerberosTime till = body.till;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	758	if (till == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	759	throw new KrbException(Krb5.KDC_ERR_NEVER_VALID); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	760	} else if (till.isZero()) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	761	till = new KerberosTime(new Date().getTime() + 1000 * 3600 * 11);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	762	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	763	//body.from
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	764	boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	765	if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	766	bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	767	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	768	if (body.kdcOptions.get(KDCOptions.RENEWABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	769	bFlags[Krb5.TKT_OPTS_RENEWABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	770	//renew = new KerberosTime(new Date().getTime() + 1000 * 3600 * 24 * 7);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	771	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	772	if (body.kdcOptions.get(KDCOptions.PROXIABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	773	bFlags[Krb5.TKT_OPTS_PROXIABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	774	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	775	if (body.kdcOptions.get(KDCOptions.POSTDATED)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	776	bFlags[Krb5.TKT_OPTS_POSTDATED] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	777	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	778	if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	779	bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	780	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	781	bFlags[Krb5.TKT_OPTS_INITIAL] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	782
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	783	f = KDCReq.class.getDeclaredField("pAData");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	784	f.setAccessible(true);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	785	PAData[] pas = (PAData[])f.get(asReq);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	786	if (pas == null \|\| pas.length == 0) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	787	Object preauth = options.get(Option.PREAUTH_REQUIRED);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	788	if (preauth == null \|\| preauth.equals(Boolean.TRUE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	789	throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	790	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	791	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	792	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	793	Constructor<EncryptedData> ctor = EncryptedData.class.getDeclaredConstructor(DerValue.class);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	794	ctor.setAccessible(true);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	795	EncryptedData data = ctor.newInstance(new DerValue(pas[0].getValue()));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	796	data.decrypt(ckey, KeyUsage.KU_PA_ENC_TS);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	797	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	798	throw new KrbException(Krb5.KDC_ERR_PREAUTH_FAILED);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	799	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	800	bFlags[Krb5.TKT_OPTS_PRE_AUTHENT] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	801	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	802
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	803	TicketFlags tFlags = new TicketFlags(bFlags);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	804	EncTicketPart enc = new EncTicketPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	805	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	806	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	807	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	808	body.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	809	new TransitedEncoding(1, new byte[0]),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	810	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	811	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	812	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	813	body.addresses,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	814	null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	815	Ticket t = new Ticket(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	816	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	817	body.sname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	818	new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	819	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	820	EncASRepPart enc_part = new EncASRepPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	821	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	822	new LastReq(new LastReqEntry[]{
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	823	new LastReqEntry(0, new KerberosTime(new Date().getTime() - 10000))
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	824	}),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	825	body.getNonce(), // TODO: detect replay?
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	826	new KerberosTime(new Date().getTime() + 1000 * 3600 * 24),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	827	// Next 5 and last MUST be same with ticket
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	828	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	829	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	830	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	831	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	832	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	833	body.sname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	834	body.addresses
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	835	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	836	EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	837	ASRep asRep = new ASRep(null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	838	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	839	body.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	840	t,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	841	edata);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	842
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	843	System.out.println(" Return " + asRep.cname
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	844	+ " ticket for " + asRep.ticket.sname);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	845
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	846	DerOutputStream out = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	847	out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	848	true, (byte)Krb5.KRB_AS_REP), asRep.asn1Encode());
1575 e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	849	byte[] result = out.toByteArray();
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	850
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	851	// Added feature:
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	852	// Write the current issuing TGT into a ccache file specified
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	853	// by the system property below.
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	854	String ccache = System.getProperty("test.kdc.save.ccache");
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	855	if (ccache != null) {
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	856	asRep.encKDCRepPart = enc_part;
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	857	sun.security.krb5.internal.ccache.Credentials credentials =
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	858	new sun.security.krb5.internal.ccache.Credentials(asRep);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	859	asReq.reqBody.cname.setRealm(getRealm());
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	860	CredentialsCache cache =
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	861	CredentialsCache.create(asReq.reqBody.cname, ccache);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	862	if (cache == null) {
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	863	throw new IOException("Unable to create the cache file " +
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	864	ccache);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	865	}
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	866	cache.update(credentials);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	867	cache.save();
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	868	new File(ccache).deleteOnExit();
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	869	}
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	870
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	871	return result;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	872	} catch (KrbException ke) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	873	ke.printStackTrace(System.out);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	874	KRBError kerr = ke.getError();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	875	KDCReqBody body = asReq.reqBody;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	876	System.out.println(" Error " + ke.returnCode()
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	877	+ " " +ke.returnCodeMessage());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	878	byte[] eData = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	879	if (kerr == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	880	if (ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED \|\|
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	881	ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	882	PAData pa;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	883
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	884	ETypeInfo2 ei2 = new ETypeInfo2(eTypes[0], null, null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	885	DerOutputStream eid = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	886	eid.write(DerValue.tag_Sequence, ei2.asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	887
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	888	pa = new PAData(Krb5.PA_ETYPE_INFO2, eid.toByteArray());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	889
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	890	DerOutputStream bytes = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	891	bytes.write(new PAData(Krb5.PA_ENC_TIMESTAMP, new byte[0]).asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	892	bytes.write(pa.asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	893
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	894	boolean allOld = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	895	for (int i: eTypes) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	896	if (i == EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96 \|\|
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	897	i == EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	898	allOld = false;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	899	break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	900	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	901	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	902	if (allOld) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	903	ETypeInfo ei = new ETypeInfo(eTypes[0], null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	904	eid = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	905	eid.write(DerValue.tag_Sequence, ei.asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	906	pa = new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	907	bytes.write(pa.asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	908	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	909	DerOutputStream temp = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	910	temp.write(DerValue.tag_Sequence, bytes);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	911	eData = temp.toByteArray();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	912	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	913	kerr = new KRBError(null, null, null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	914	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	915	0,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	916	ke.returnCode(),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	917	body.crealm, body.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	918	new Realm(getRealm()), body.sname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	919	KrbException.errorMessage(ke.returnCode()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	920	eData);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	921	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	922	return kerr.asn1Encode();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	923	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	924	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	925
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	926	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	927	* Generates a line for a KDC to put inside [realms] of krb5.conf
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	928	* @param kdc the KDC
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	929	* @return REALM.NAME = { kdc = host:port }
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	930	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	931	private static String realmLineForKDC(KDC kdc) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	932	return String.format(" %s = {\n kdc = %s:%d\n }\n",
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	933	kdc.realm,
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	934	kdc.kdc,
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	935	kdc.port);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	936	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	937
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	938	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	939	* Start the KDC service. This server listens on both UDP and TCP using
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	940	* the same port number. It uses three threads to deal with requests.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	941	* They can be set to daemon threads if requested.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	942	* @param port the port number to listen to. If zero, a random available
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	943	* port no less than 8000 will be chosen and used.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	944	* @param asDaemon true if the KDC threads should be daemons
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	945	* @throws java.io.IOException for any communication error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	946	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	947	protected void startServer(int port, boolean asDaemon) throws IOException {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	948	if (port > 0) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	949	u1 = new DatagramSocket(port, InetAddress.getByName("127.0.0.1"));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	950	t1 = new ServerSocket(port);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	951	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	952	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	953	// Try to find a port number that's both TCP and UDP free
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	954	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	955	port = 8000 + new java.util.Random().nextInt(10000);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	956	u1 = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	957	u1 = new DatagramSocket(port, InetAddress.getByName("127.0.0.1"));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	958	t1 = new ServerSocket(port);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	959	break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	960	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	961	if (u1 != null) u1.close();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	962	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	963	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	964	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	965	final DatagramSocket udp = u1;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	966	final ServerSocket tcp = t1;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	967	System.out.println("Start KDC on " + port);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	968
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	969	this.port = port;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	970
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	971	// The UDP consumer
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	972	thread1 = new Thread() {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	973	public void run() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	974	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	975	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	976	byte[] inbuf = new byte[8192];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	977	DatagramPacket p = new DatagramPacket(inbuf, inbuf.length);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	978	udp.receive(p);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	979	System.out.println("-----------------------------------------------");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	980	System.out.println(">>>>> UDP packet received");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	981	q.put(new Job(processMessage(Arrays.copyOf(inbuf, p.getLength())), udp, p));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	982	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	983	e.printStackTrace();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	984	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	985	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	986	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	987	};
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	988	thread1.setDaemon(asDaemon);
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	989	thread1.start();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	990
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	991	// The TCP consumer
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	992	thread2 = new Thread() {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	993	public void run() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	994	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	995	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	996	Socket socket = tcp.accept();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	997	System.out.println("-----------------------------------------------");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	998	System.out.println(">>>>> TCP connection established");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	999	DataInputStream in = new DataInputStream(socket.getInputStream());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1000	DataOutputStream out = new DataOutputStream(socket.getOutputStream());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1001	byte[] token = new byte[in.readInt()];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1002	in.readFully(token);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1003	q.put(new Job(processMessage(token), socket, out));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1004	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1005	e.printStackTrace();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1006	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1007	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1008	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1009	};
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1010	thread2.setDaemon(asDaemon);
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1011	thread2.start();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1012
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1013	// The dispatcher
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1014	thread3 = new Thread() {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1015	public void run() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1016	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1017	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1018	q.take().send();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1019	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1020	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1021	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1022	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1023	};
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1024	thread3.setDaemon(true);
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1025	thread3.start();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1026	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1027
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1028	public void terminate() {
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1029	try {
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1030	thread1.stop();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1031	thread2.stop();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1032	thread3.stop();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1033	u1.close();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1034	t1.close();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1035	} catch (Exception e) {
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1036	// OK
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1037	}
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1038	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1039	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1040	* Helper class to encapsulate a job in a KDC.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1041	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1042	private static class Job {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1043	byte[] token; // The received request at creation time and
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1044	// the response at send time
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1045	Socket s; // The TCP socket from where the request comes
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1046	DataOutputStream out; // The OutputStream of the TCP socket
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1047	DatagramSocket s2; // The UDP socket from where the request comes
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1048	DatagramPacket dp; // The incoming UDP datagram packet
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1049	boolean useTCP; // Whether TCP or UDP is used
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1050
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1051	// Creates a job object for TCP
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1052	Job(byte[] token, Socket s, DataOutputStream out) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1053	useTCP = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1054	this.token = token;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1055	this.s = s;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1056	this.out = out;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1057	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1058
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1059	// Creates a job object for UDP
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1060	Job(byte[] token, DatagramSocket s2, DatagramPacket dp) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1061	useTCP = false;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1062	this.token = token;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1063	this.s2 = s2;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1064	this.dp = dp;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1065	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1066
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1067	// Sends the output back to the client
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1068	void send() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1069	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1070	if (useTCP) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1071	System.out.println(">>>>> TCP request honored");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1072	out.writeInt(token.length);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1073	out.write(token);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1074	s.close();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1075	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1076	System.out.println(">>>>> UDP request honored");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1077	s2.send(new DatagramPacket(token, token.length, dp.getAddress(), dp.getPort()));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1078	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1079	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1080	e.printStackTrace();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1081	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1082	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1083	}
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1084
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1085	public static class KDCNameService implements NameServiceDescriptor {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1086	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1087	public NameService createNameService() throws Exception {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1088	NameService ns = new NameService() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1089	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1090	public InetAddress[] lookupAllHostAddr(String host)
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1091	throws UnknownHostException {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1092	// Everything is localhost
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1093	return new InetAddress[]{
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1094	InetAddress.getByAddress(host, new byte[]{127,0,0,1})
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1095	};
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1096	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1097	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1098	public String getHostByAddr(byte[] addr)
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1099	throws UnknownHostException {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1100	// No reverse lookup, PrincipalName use original string
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1101	throw new UnknownHostException();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1102	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1103	};
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1104	return ns;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1105	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1106
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1107	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1108	public String getProviderName() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1109	return "mock";
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1110	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1111
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1112	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1113	public String getType() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1114	return "ns";
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1115	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1116	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1117	}

author	weijun
	Thu, 18 Mar 2010 18:26:37 +0800
changeset 5154	07af3c279166
parent 4532	f39917c8cf46
child 5506	202f599c92aa
child 5617	1b0d8c3d6223
permissions	-rw-r--r--