jdk-sandbox: test/jdk/sun/security/krb5/auto/SaslBasic.java@2da4a52715d8 (annotated)

14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	1	/*
48668 2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	2	* Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	4	*
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	7	* published by the Free Software Foundation.
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	8	*
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	13	* accompanied this code).
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	14	*
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	18	*
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	21	* questions.
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	22	*/
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	23
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	24	/*
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	25	* @test
48668 2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	26	* @bug 7110803 8170732 8194486
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	27	* @summary SASL service for multiple hostnames
48668 2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	28	* @library /test/lib
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	29	* @compile -XDignore.symbol.file SaslBasic.java
48668 2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	30	* @run main jdk.test.lib.FileInstaller TestHosts TestHosts
2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	31	* @run main/othervm -Djdk.net.hosts.file=TestHosts SaslBasic bound auth-int
2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	32	* @run main/othervm -Djdk.net.hosts.file=TestHosts SaslBasic unbound auth-conf
2da4a52715d8 8194486: Several krb5 tests failed in Mac. ssahoo parents: 47216 diff changeset	33	* @run main/othervm -Djdk.net.hosts.file=TestHosts SaslBasic bound auth
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	34	*/
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	35	import java.io.IOException;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	36	import java.util.Arrays;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	37	import java.util.HashMap;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	38	import javax.security.auth.callback.Callback;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	39	import javax.security.auth.callback.CallbackHandler;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	40	import javax.security.auth.callback.UnsupportedCallbackException;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	41	import javax.security.sasl.*;
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	42
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	43	// The basic krb5 test skeleton you can copy from
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	44	public class SaslBasic {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	45
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	46	public static void main(String[] args) throws Exception {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	47
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	48	boolean bound = args[0].equals("bound");
39484 3cf8b2fa2b9e 8135114: sun/security/krb5/auto tests failed on machine with TR locale akosarev parents: 31474 diff changeset	49	String name = "host." + OneKDC.REALM_LOWER_CASE;
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	50
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	51	new OneKDC(null).writeJAASConf();
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	52	System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	53
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	54	HashMap clntprops = new HashMap();
43000 fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	55	clntprops.put(Sasl.QOP, args[1]);
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	56	SaslClient sc = Sasl.createSaslClient(
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	57	new String[]{"GSSAPI"}, null, "server",
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	58	name, clntprops, null);
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	59
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	60	final HashMap srvprops = new HashMap();
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	61	srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf");
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	62	SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	63	bound? name: null, srvprops,
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	64	new CallbackHandler() {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	65	public void handle(Callback[] callbacks)
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	66	throws IOException, UnsupportedCallbackException {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	67	for (Callback cb : callbacks) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	68	if (cb instanceof RealmCallback) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	69	((RealmCallback) cb).setText(OneKDC.REALM);
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	70	} else if (cb instanceof AuthorizeCallback) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	71	((AuthorizeCallback) cb).setAuthorized(true);
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	72	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	73	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	74	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	75	});
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	76
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	77	byte[] token = new byte[0];
43000 fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	78	byte[] lastClientToken = null;
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	79	while (!sc.isComplete() \|\| !ss.isComplete()) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	80	if (!sc.isComplete()) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	81	token = sc.evaluateChallenge(token);
43000 fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	82	lastClientToken = token;
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	83	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	84	if (!ss.isComplete()) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	85	token = ss.evaluateResponse(token);
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	86	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	87	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	88	if (!bound) {
25403 e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	89	String boundName = (String)ss.getNegotiatedProperty(
e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	90	Sasl.BOUND_SERVER_NAME);
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	91	if (!boundName.equals(name)) {
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	92	throw new Exception("Wrong bound server name");
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	93	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	94	}
25403 e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	95	Object key = ss.getNegotiatedProperty(
e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	96	"com.sun.security.jgss.inquiretype.krb5_get_session_key");
e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	97	if (key == null) {
e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	98	throw new Exception("Extended negotiated property not read");
e982fe3e83a4 8044085: Access ExtendedGSSContext.inquireSecContext() result through SASL weijun parents: 14340 diff changeset	99	}
43000 fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	100
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	101	if (args[1].equals("auth")) {
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	102	// 8170732. These are the maximum size bytes after jgss/krb5 wrap.
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	103	if (lastClientToken[17] != 0 \|\| lastClientToken[18] != 0
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	104	\|\| lastClientToken[19] != 0) {
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	105	throw new Exception("maximum size for auth must be 0");
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	106	}
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	107	} else {
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	108	byte[] hello = "hello".getBytes();
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	109	token = sc.wrap(hello, 0, hello.length);
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	110	token = ss.unwrap(token, 0, token.length);
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	111	if (!Arrays.equals(hello, token)) {
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	112	throw new Exception("Message altered");
fa648bd4286b 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" weijun parents: 39484 diff changeset	113	}
14340 e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	114	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	115	}
e150cbaf584e 7110803: SASL service for multiple hostnames weijun parents: diff changeset	116	}

author	ssahoo
	Thu, 25 Jan 2018 05:57:22 -0800
changeset 48668	2da4a52715d8
parent 47216	71c04702a3d5
permissions	-rw-r--r--