jdk-sandbox: jdk/test/sun/security/krb5/auto/KDC.java@3de38eedde69 (annotated)

1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1	/*
9035 1255eb81cc2f 7033660: Update copyright year to 2011 on any files changed in 2011 ohair parents: 7977 diff changeset	2	* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	4	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	7	* published by the Free Software Foundation.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	8	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	13	* accompanied this code).
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	14	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	18	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4532 diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4532 diff changeset	20	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4532 diff changeset	21	* questions.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	22	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	23
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	24	import java.lang.reflect.Constructor;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	25	import java.lang.reflect.Field;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	26	import java.lang.reflect.InvocationTargetException;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	27	import java.net.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	28	import java.io.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	29	import java.lang.reflect.Method;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	30	import java.security.SecureRandom;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	31	import java.util.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	32	import java.util.concurrent.*;
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	33	import sun.net.spi.nameservice.NameService;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	34	import sun.net.spi.nameservice.NameServiceDescriptor;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	35	import sun.security.krb5.*;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	36	import sun.security.krb5.internal.*;
1575 e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	37	import sun.security.krb5.internal.ccache.CredentialsCache;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	38	import sun.security.krb5.internal.crypto.KeyUsage;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	39	import sun.security.krb5.internal.ktab.KeyTab;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	40	import sun.security.util.DerInputStream;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	41	import sun.security.util.DerOutputStream;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	42	import sun.security.util.DerValue;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	43
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	44	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	45	* A KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	46	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	47	* Features:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	48	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	49	* <li> Supports TCP and UDP
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	50	* <li> Supports AS-REQ and TGS-REQ
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	51	* <li> Principal db and other settings hard coded in application
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	52	* <li> Options, say, request preauth or not
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	53	* </ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	54	* Side effects:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	55	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	56	* <li> The Sun-internal class <code>sun.security.krb5.Config</code> is a
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	57	* singleton and initialized according to Kerberos settings (krb5.conf and
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	58	* java.security.krb5.* system properties). This means once it's initialized
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	59	* it will not automatically notice any changes to these settings (or file
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	60	* changes of krb5.conf). The KDC class normally does not touch these
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	61	* settings (except for the <code>writeKtab()</code> method). However, to make
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	62	* sure nothing ever goes wrong, if you want to make any changes to these
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	63	* settings after calling a KDC method, call <code>Config.refresh()</code> to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	64	* make sure your changes are reflected in the <code>Config</code> object.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	65	* </ol>
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	66	* System properties recognized:
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	67	* <ul>
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	68	* <li>test.kdc.save.ccache
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	69	* </ul>
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	70	* Support policies:
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	71	* <ul>
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	72	* <li>ok-as-delegate
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	73	* </ul>
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	74	* Issues and TODOs:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	75	* <ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	76	* <li> Generates krb5.conf to be used on another machine, currently the kdc is
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	77	* always localhost
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	78	* <li> More options to KDC, say, error output, say, response nonce !=
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	79	* request nonce
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	80	* </ol>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	81	* Note: This program uses internal krb5 classes (including reflection to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	82	* access private fields and methods).
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	83	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	84	* Usages:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	85	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	86	* 1. Init and start the KDC:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	87	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	88	* KDC kdc = KDC.create("REALM.NAME", port, isDaemon);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	89	* KDC kdc = KDC.create("REALM.NAME");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	90	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	91	* Here, <code>port</code> is the UDP and TCP port number the KDC server
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	92	* listens on. If zero, a random port is chosen, which you can use getPort()
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	93	* later to retrieve the value.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	94	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	95	* If <code>isDaemon</code> is true, the KDC worker threads will be daemons.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	96	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	97	* The shortcut <code>KDC.create("REALM.NAME")</code> has port=0 and
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	98	* isDaemon=false, and is commonly used in an embedded KDC.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	99	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	100	* 2. Adding users:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	101	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	102	* kdc.addPrincipal(String principal_name, char[] password);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	103	* kdc.addPrincipalRandKey(String principal_name);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	104	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	105	* A service principal's name should look like "host/f.q.d.n". The second form
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	106	* generates a random key. To expose this key, call <code>writeKtab()</code> to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	107	* save the keys into a keytab file.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	108	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	109	* Note that you need to add the principal name krbtgt/REALM.NAME yourself.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	110	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	111	* Note that you can safely add a principal at any time after the KDC is
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	112	* started and before a user requests info on this principal.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	113	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	114	* 3. Other public methods:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	115	* <ul>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	116	* <li> <code>getPort</code>: Returns the port number the KDC uses
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	117	* <li> <code>getRealm</code>: Returns the realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	118	* <li> <code>writeKtab</code>: Writes all principals' keys into a keytab file
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	119	* <li> <code>saveConfig</code>: Saves a krb5.conf file to access this KDC
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	120	* <li> <code>setOption</code>: Sets various options
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	121	* </ul>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	122	* Read the javadoc for details. Lazy developer can use <code>OneKDC</code>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	123	* directly.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	124	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	125	public class KDC {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	126
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	127	// Under the hood.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	128
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	129	// The random generator to generate random keys (including session keys)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	130	private static SecureRandom secureRandom = new SecureRandom();
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	131
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	132	// Principal db. principal -> pass. A case-insensitive TreeMap is used
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	133	// so that even if the client provides a name with different case, the KDC
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	134	// can still locate the principal and give back correct salt.
7977 f47f211cd627 7008713: diamond conversion of kerberos5 and security tools smarks parents: 7183 diff changeset	135	private TreeMap<String,char[]> passwords = new TreeMap<>
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	136	(String.CASE_INSENSITIVE_ORDER);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	137
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	138	// Realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	139	private String realm;
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	140	// KDC
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	141	private String kdc;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	142	// Service port number
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	143	private int port;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	144	// The request/response job queue
7977 f47f211cd627 7008713: diamond conversion of kerberos5 and security tools smarks parents: 7183 diff changeset	145	private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	146	// Options
7977 f47f211cd627 7008713: diamond conversion of kerberos5 and security tools smarks parents: 7183 diff changeset	147	private Map<Option,Object> options = new HashMap<>();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	148
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	149	private Thread thread1, thread2, thread3;
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	150	DatagramSocket u1 = null;
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	151	ServerSocket t1 = null;
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	152
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	153	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	154	* Option names, to be expanded forever.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	155	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	156	public static enum Option {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	157	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	158	* Whether pre-authentication is required. Default Boolean.TRUE
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	159	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	160	PREAUTH_REQUIRED,
5774 4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	161	/**
5802 ea99d72d3c19 6959292: regression: cannot login if session key and preauth does not use the same etype weijun parents: 5774 diff changeset	162	* Only issue TGT in RC4
5774 4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	163	*/
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	164	ONLY_RC4_TGT,
5802 ea99d72d3c19 6959292: regression: cannot login if session key and preauth does not use the same etype weijun parents: 5774 diff changeset	165	/**
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	166	* Use RC4 as the first in preauth
5802 ea99d72d3c19 6959292: regression: cannot login if session key and preauth does not use the same etype weijun parents: 5774 diff changeset	167	*/
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	168	RC4_FIRST_PREAUTH,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	169	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	170	* Use only one preauth, so that some keys are not easy to generate
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	171	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	172	ONLY_ONE_PREAUTH,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	173	/**
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	174	* Set all name-type to a value in response
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	175	*/
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	176	RESP_NT,
10432 ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	177	/**
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	178	* Multiple ETYPE-INFO-ENTRY with same etype but different salt
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	179	*/
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	180	DUP_ETYPE,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	181	};
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	182
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	183	static {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	184	System.setProperty("sun.net.spi.nameservice.provider.1", "ns,mock");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	185	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	186
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	187	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	188	* A standalone KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	189	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	190	public static void main(String[] args) throws Exception {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	191	KDC kdc = create("RABBIT.HOLE", "kdc.rabbit.hole", 0, false);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	192	kdc.addPrincipal("dummy", "bogus".toCharArray());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	193	kdc.addPrincipal("foo", "bar".toCharArray());
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	194	kdc.addPrincipalRandKey("krbtgt/RABBIT.HOLE");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	195	kdc.addPrincipalRandKey("server/host.rabbit.hole");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	196	kdc.addPrincipalRandKey("backend/host.rabbit.hole");
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	197	KDC.saveConfig("krb5.conf", kdc, "forwardable = true");
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	198	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	199
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	200	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	201	* Creates and starts a KDC running as a daemon on a random port.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	202	* @param realm the realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	203	* @return the running KDC instance
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	204	* @throws java.io.IOException for any socket creation error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	205	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	206	public static KDC create(String realm) throws IOException {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	207	return create(realm, "kdc." + realm.toLowerCase(), 0, true);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	208	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	209
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	210	public static KDC existing(String realm, String kdc, int port) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	211	KDC k = new KDC(realm, kdc);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	212	k.port = port;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	213	return k;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	214	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	215
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	216	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	217	* Creates and starts a KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	218	* @param realm the realm name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	219	* @param port the TCP and UDP port to listen to. A random port will to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	220	* chosen if zero.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	221	* @param asDaemon if true, KDC threads will be daemons. Otherwise, not.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	222	* @return the running KDC instance
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	223	* @throws java.io.IOException for any socket creation error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	224	*/
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	225	public static KDC create(String realm, String kdc, int port, boolean asDaemon) throws IOException {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	226	return new KDC(realm, kdc, port, asDaemon);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	227	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	228
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	229	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	230	* Sets an option
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	231	* @param key the option name
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	232	* @param obj the value
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	233	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	234	public void setOption(Option key, Object value) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	235	options.put(key, value);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	236	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	237
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	238	/**
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	239	* Writes or appends keys into a keytab.
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	240	* <p>
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	241	* Attention: This is the most basic one of a series of methods below on
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	242	* keytab creation or modification. All these methods reference krb5.conf
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	243	* settings. If you need to modify krb5.conf or switch to another krb5.conf
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	244	* later, please call <code>Config.refresh()</code> again. For example:
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	245	* <pre>
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	246	* kdc.writeKtab("/etc/kdc/ktab", true); // Config is initialized,
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	247	* System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf");
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	248	* Config.refresh();
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	249	* </pre>
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	250	* Inside this method there are 2 places krb5.conf is used:
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	251	* <ol>
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	252	* <li> (Fatal) Generating keys: EncryptionKey.acquireSecretKeys
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	253	* <li> (Has workaround) Creating PrincipalName
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	254	* </ol>
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	255	* @param tab the keytab file name
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	256	* @param append true if append, otherwise, overwrite.
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	257	* @param names the names to write into, write all if names is empty
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	258	*/
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	259	public void writeKtab(String tab, boolean append, String... names)
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	260	throws IOException, KrbException {
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	261	KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	262	Iterable<String> entries =
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	263	(names.length != 0) ? Arrays.asList(names): passwords.keySet();
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	264	for (String name : entries) {
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	265	char[] pass = passwords.get(name);
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	266	int kvno = 0;
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	267	if (Character.isDigit(pass[pass.length-1])) {
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	268	kvno = pass[pass.length-1] - '0';
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	269	}
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	270	ktab.addEntry(new PrincipalName(name,
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	271	name.indexOf('/') < 0 ?
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	272	PrincipalName.KRB_NT_UNKNOWN :
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	273	PrincipalName.KRB_NT_SRV_HST),
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	274	pass,
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	275	kvno,
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	276	true);
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	277	}
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	278	ktab.save();
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	279	}
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	280
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	281	/**
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	282	* Writes all principals' keys from multiple KDCs into one keytab file.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	283	* @throws java.io.IOException for any file output error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	284	* @throws sun.security.krb5.KrbException for any realm and/or principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	285	* name error.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	286	*/
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	287	public static void writeMultiKtab(String tab, KDC... kdcs)
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	288	throws IOException, KrbException {
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	289	KeyTab.create(tab).save(); // Empty the old keytab
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	290	appendMultiKtab(tab, kdcs);
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	291	}
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	292
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	293	/**
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	294	* Appends all principals' keys from multiple KDCs to one keytab file.
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	295	*/
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	296	public static void appendMultiKtab(String tab, KDC... kdcs)
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	297	throws IOException, KrbException {
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	298	for (KDC kdc: kdcs) {
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	299	kdc.writeKtab(tab, true);
3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	300	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	301	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	302
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	303	/**
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	304	* Write a ktab for this KDC.
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	305	*/
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	306	public void writeKtab(String tab) throws IOException, KrbException {
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	307	writeKtab(tab, false);
2942 37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	308	}
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	309
37d9baeb7518 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() weijun parents: 1575 diff changeset	310	/**
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	311	* Appends keys in this KDC to a ktab.
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	312	*/
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	313	public void appendKtab(String tab) throws IOException, KrbException {
12199 3de38eedde69 7152176: More krb5 tests weijun parents: 11107 diff changeset	314	writeKtab(tab, true);
9499 f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	315	}
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	316
f3115698a012 6894072: always refresh keytab weijun parents: 9275 diff changeset	317	/**
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	318	* Adds a new principal to this realm with a given password.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	319	* @param user the principal's name. For a service principal, use the
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	320	* form of host/f.q.d.n
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	321	* @param pass the password for the principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	322	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	323	public void addPrincipal(String user, char[] pass) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	324	if (user.indexOf('@') < 0) {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	325	user = user + "@" + realm;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	326	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	327	passwords.put(user, pass);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	328	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	329
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	330	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	331	* Adds a new principal to this realm with a random password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	332	* @param user the principal's name. For a service principal, use the
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	333	* form of host/f.q.d.n
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	334	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	335	public void addPrincipalRandKey(String user) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	336	addPrincipal(user, randomPassword());
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	337	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	338
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	339	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	340	* Returns the name of this realm
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	341	* @return the name of this realm
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	342	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	343	public String getRealm() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	344	return realm;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	345	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	346
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	347	/**
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	348	* Returns the name of kdc
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	349	* @return the name of kdc
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	350	*/
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	351	public String getKDC() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	352	return kdc;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	353	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	354
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	355	/**
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	356	* Writes a krb5.conf for one or more KDC that includes KDC locations for
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	357	* each realm and the default realm name. You can also add extra strings
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	358	* into the file. The method should be called like:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	359	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	360	* KDC.saveConfig("krb5.conf", kdc1, kdc2, ..., line1, line2, ...);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	361	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	362	* Here you can provide one or more kdc# and zero or more line# arguments.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	363	* The line# will be put after [libdefaults] and before [realms]. Therefore
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	364	* you can append new lines into [libdefaults] and/or create your new
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	365	* stanzas as well. Note that a newline character will be appended to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	366	* each line# argument.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	367	* <p>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	368	* For example:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	369	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	370	* KDC.saveConfig("krb5.conf", this);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	371	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	372	* generates:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	373	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	374	* [libdefaults]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	375	* default_realm = REALM.NAME
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	376	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	377	* [realms]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	378	* REALM.NAME = {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	379	* kdc = host:port_number
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	380	* }
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	381	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	382	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	383	* Another example:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	384	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	385	* KDC.saveConfig("krb5.conf", kdc1, kdc2, "forwardable = true", "",
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	386	* "[domain_realm]",
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	387	* ".kdc1.com = KDC1.NAME");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	388	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	389	* generates:
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	390	* <pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	391	* [libdefaults]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	392	* default_realm = KDC1.NAME
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	393	* forwardable = true
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	394	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	395	* [domain_realm]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	396	* .kdc1.com = KDC1.NAME
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	397	*
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	398	* [realms]
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	399	* KDC1.NAME = {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	400	* kdc = host:port1
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	401	* }
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	402	* KDC2.NAME = {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	403	* kdc = host:port2
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	404	* }
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	405	* </pre>
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	406	* @param file the name of the file to write into
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	407	* @param kdc the first (and default) KDC
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	408	* @param more more KDCs or extra lines (in their appearing order) to
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	409	* insert into the krb5.conf file. This method reads each argument's type
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	410	* to determine what it's for. This argument can be empty.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	411	* @throws java.io.IOException for any file output error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	412	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	413	public static void saveConfig(String file, KDC kdc, Object... more)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	414	throws IOException {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	415	File f = new File(file);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	416	StringBuffer sb = new StringBuffer();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	417	sb.append("[libdefaults]\ndefault_realm = ");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	418	sb.append(kdc.realm);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	419	sb.append("\n");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	420	for (Object o: more) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	421	if (o instanceof String) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	422	sb.append(o);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	423	sb.append("\n");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	424	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	425	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	426	sb.append("\n[realms]\n");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	427	sb.append(realmLineForKDC(kdc));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	428	for (Object o: more) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	429	if (o instanceof KDC) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	430	sb.append(realmLineForKDC((KDC)o));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	431	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	432	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	433	FileOutputStream fos = new FileOutputStream(f);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	434	fos.write(sb.toString().getBytes());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	435	fos.close();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	436	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	437
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	438	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	439	* Returns the service port of the KDC server.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	440	* @return the KDC service port
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	441	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	442	public int getPort() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	443	return port;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	444	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	445
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	446	// Private helper methods
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	447
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	448	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	449	* Private constructor, cannot be called outside.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	450	* @param realm
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	451	*/
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	452	private KDC(String realm, String kdc) {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	453	this.realm = realm;
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	454	this.kdc = kdc;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	455	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	456
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	457	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	458	* A constructor that starts the KDC service also.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	459	*/
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	460	protected KDC(String realm, String kdc, int port, boolean asDaemon)
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	461	throws IOException {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	462	this(realm, kdc);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	463	startServer(port, asDaemon);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	464	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	465	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	466	* Generates a 32-char random password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	467	* @return the password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	468	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	469	private static char[] randomPassword() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	470	char[] pass = new char[32];
5622 2a600d13659a 6948287: KDC test strange knvo weijun parents: 5617 diff changeset	471	for (int i=0; i<31; i++)
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	472	pass[i] = (char)secureRandom.nextInt();
5622 2a600d13659a 6948287: KDC test strange knvo weijun parents: 5617 diff changeset	473	// The last char cannot be a number, otherwise, keyForUser()
2a600d13659a 6948287: KDC test strange knvo weijun parents: 5617 diff changeset	474	// believes it's a sign of kvno
2a600d13659a 6948287: KDC test strange knvo weijun parents: 5617 diff changeset	475	pass[31] = 'Z';
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	476	return pass;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	477	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	478
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	479	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	480	* Generates a random key for the given encryption type.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	481	* @param eType the encryption type
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	482	* @return the generated key
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	483	* @throws sun.security.krb5.KrbException for unknown/unsupported etype
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	484	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	485	private static EncryptionKey generateRandomKey(int eType)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	486	throws KrbException {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	487	// Is 32 enough for AES256? I should have generated the keys directly
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	488	// but different cryptos have different rules on what keys are valid.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	489	char[] pass = randomPassword();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	490	String algo;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	491	switch (eType) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	492	case EncryptedData.ETYPE_DES_CBC_MD5: algo = "DES"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	493	case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD: algo = "DESede"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	494	case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96: algo = "AES128"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	495	case EncryptedData.ETYPE_ARCFOUR_HMAC: algo = "ArcFourHMAC"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	496	case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96: algo = "AES256"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	497	default: algo = "DES"; break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	498	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	499	return new EncryptionKey(pass, "NOTHING", algo); // Silly
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	500	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	501
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	502	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	503	* Returns the password for a given principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	504	* @param p principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	505	* @return the password
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	506	* @throws sun.security.krb5.KrbException when the principal is not inside
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	507	* the database.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	508	*/
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	509	private char[] getPassword(PrincipalName p, boolean server)
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	510	throws KrbException {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	511	String pn = p.toString();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	512	if (p.getRealmString() == null) {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	513	pn = pn + "@" + getRealm();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	514	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	515	char[] pass = passwords.get(pn);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	516	if (pass == null) {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	517	throw new KrbException(server?
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	518	Krb5.KDC_ERR_S_PRINCIPAL_UNKNOWN:
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	519	Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	520	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	521	return pass;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	522	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	523
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	524	/**
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	525	* Returns the salt string for the principal.
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	526	* @param p principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	527	* @return the salt
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	528	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	529	private String getSalt(PrincipalName p) {
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	530	String pn = p.toString();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	531	if (p.getRealmString() == null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	532	pn = pn + "@" + getRealm();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	533	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	534	if (passwords.containsKey(pn)) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	535	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	536	// Find the principal name with correct case.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	537	p = new PrincipalName(passwords.ceilingEntry(pn).getKey());
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	538	} catch (RealmException re) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	539	// Won't happen
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	540	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	541	}
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	542	String s = p.getRealmString();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	543	if (s == null) s = getRealm();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	544	for (String n: p.getNameStrings()) {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	545	s += n;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	546	}
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	547	return s;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	548	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	549
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	550	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	551	* Returns the key for a given principal of the given encryption type
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	552	* @param p the principal
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	553	* @param etype the encryption type
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	554	* @param server looking for a server principal?
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	555	* @return the key
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	556	* @throws sun.security.krb5.KrbException for unknown/unsupported etype
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	557	*/
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	558	private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	559	throws KrbException {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	560	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	561	// Do not call EncryptionKey.acquireSecretKeys(), otherwise
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	562	// the krb5.conf config file would be loaded.
4168 1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	563	Integer kvno = null;
4532 f39917c8cf46 6907425: JCK Kerberos tests fail since b77 weijun parents: 4531 diff changeset	564	// For service whose password ending with a number, use it as kvno.
f39917c8cf46 6907425: JCK Kerberos tests fail since b77 weijun parents: 4531 diff changeset	565	// Kvno must be postive.
f39917c8cf46 6907425: JCK Kerberos tests fail since b77 weijun parents: 4531 diff changeset	566	if (p.toString().indexOf('/') > 0) {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	567	char[] pass = getPassword(p, server);
4168 1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	568	if (Character.isDigit(pass[pass.length-1])) {
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	569	kvno = pass[pass.length-1] - '0';
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	570	}
1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	571	}
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	572	return new EncryptionKey(EncryptionKeyDotStringToKey(
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	573	getPassword(p, server), getSalt(p), null, etype),
4168 1a8d21bb898c 6893158: AP_REQ check should use key version number weijun parents: 3046 diff changeset	574	etype, kvno);
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	575	} catch (KrbException ke) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	576	throw ke;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	577	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	578	throw new RuntimeException(e); // should not happen
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	579	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	580	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	581
7977 f47f211cd627 7008713: diamond conversion of kerberos5 and security tools smarks parents: 7183 diff changeset	582	private Map<String,String> policies = new HashMap<>();
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	583
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	584	public void setPolicy(String rule, String value) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	585	if (value == null) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	586	policies.remove(rule);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	587	} else {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	588	policies.put(rule, value);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	589	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	590	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	591	/**
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	592	* If the provided client/server pair matches a rule
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	593	*
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	594	* A system property named test.kdc.policy.RULE will be consulted.
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	595	* If it's unset, returns false. If its value is "", any pair is
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	596	* matched. Otherwise, it should contains the server name matched.
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	597	*
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	598	* TODO: client name is not used currently.
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	599	*
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	600	* @param c client name
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	601	* @param s server name
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	602	* @param rule rule name
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	603	* @return if a match is found
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	604	*/
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	605	private boolean configMatch(String c, String s, String rule) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	606	String policy = policies.get(rule);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	607	boolean result = false;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	608	if (policy == null) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	609	result = false;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	610	} else if (policy.length() == 0) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	611	result = true;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	612	} else {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	613	String[] names = policy.split("\\s+");
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	614	for (String name: names) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	615	if (name.equals(s)) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	616	result = true;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	617	break;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	618	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	619	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	620	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	621	if (result) {
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	622	System.out.printf(">>>> Policy match result (%s vs %s on %s) %b\n",
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	623	c, s, rule, result);
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	624	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	625	return result;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	626	}
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	627
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	628
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	629	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	630	* Processes an incoming request and generates a response.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	631	* @param in the request
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	632	* @return the response
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	633	* @throws java.lang.Exception for various errors
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	634	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	635	private byte[] processMessage(byte[] in) throws Exception {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	636	if ((in[0] & 0x1f) == Krb5.KRB_AS_REQ)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	637	return processAsReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	638	else
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	639	return processTgsReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	640	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	641
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	642	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	643	* Processes a TGS_REQ and generates a TGS_REP (or KRB_ERROR)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	644	* @param in the request
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	645	* @return the response
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	646	* @throws java.lang.Exception for various errors
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	647	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	648	private byte[] processTgsReq(byte[] in) throws Exception {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	649	TGSReq tgsReq = new TGSReq(in);
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	650	PrincipalName service = tgsReq.reqBody.sname;
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	651	if (options.containsKey(KDC.Option.RESP_NT)) {
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	652	service = new PrincipalName(service.getNameStrings(),
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	653	(int)options.get(KDC.Option.RESP_NT));
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	654	service.setRealm(service.getRealm());
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	655	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	656	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	657	System.out.println(realm + "> " + tgsReq.reqBody.cname +
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	658	" sends TGS-REQ for " +
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	659	service);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	660	KDCReqBody body = tgsReq.reqBody;
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	661	int[] eTypes = KDCReqBodyDotEType(body);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	662	int e2 = eTypes[0]; // etype for outgoing session key
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	663	int e3 = eTypes[0]; // etype for outgoing ticket
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	664
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	665	PAData[] pas = kDCReqDotPAData(tgsReq);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	666
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	667	Ticket tkt = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	668	EncTicketPart etp = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	669	if (pas == null \|\| pas.length == 0) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	670	throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	671	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	672	for (PAData pa: pas) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	673	if (pa.getType() == Krb5.PA_TGS_REQ) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	674	APReq apReq = new APReq(pa.getValue());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	675	EncryptedData ed = apReq.authenticator;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	676	tkt = apReq.ticket;
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	677	int te = tkt.encPart.getEType();
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	678	tkt.sname.setRealm(tkt.realm);
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	679	EncryptionKey kkey = keyForUser(tkt.sname, te, true);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	680	byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	681	DerInputStream derIn = new DerInputStream(bb);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	682	DerValue der = derIn.getDerValue();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	683	etp = new EncTicketPart(der.toByteArray());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	684	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	685	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	686	if (tkt == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	687	throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	688	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	689	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	690
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	691	// Session key for original ticket, TGT
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	692	EncryptionKey ckey = etp.key;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	693
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	694	// Session key for session with the service
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	695	EncryptionKey key = generateRandomKey(e2);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	696
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	697	// Check time, TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	698	KerberosTime till = body.till;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	699	if (till == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	700	throw new KrbException(Krb5.KDC_ERR_NEVER_VALID); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	701	} else if (till.isZero()) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	702	till = new KerberosTime(new Date().getTime() + 1000 * 3600 * 11);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	703	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	704
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	705	boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	706	if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	707	bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	708	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	709	if (body.kdcOptions.get(KDCOptions.FORWARDED) \|\|
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	710	etp.flags.get(Krb5.TKT_OPTS_FORWARDED)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	711	bFlags[Krb5.TKT_OPTS_FORWARDED] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	712	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	713	if (body.kdcOptions.get(KDCOptions.RENEWABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	714	bFlags[Krb5.TKT_OPTS_RENEWABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	715	//renew = new KerberosTime(new Date().getTime() + 1000 * 3600 * 24 * 7);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	716	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	717	if (body.kdcOptions.get(KDCOptions.PROXIABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	718	bFlags[Krb5.TKT_OPTS_PROXIABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	719	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	720	if (body.kdcOptions.get(KDCOptions.POSTDATED)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	721	bFlags[Krb5.TKT_OPTS_POSTDATED] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	722	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	723	if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	724	bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	725	}
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	726
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	727	if (configMatch("", service.getNameString(), "ok-as-delegate")) {
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	728	bFlags[Krb5.TKT_OPTS_DELEGATE] = true;
4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	729	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	730	bFlags[Krb5.TKT_OPTS_INITIAL] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	731
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	732	TicketFlags tFlags = new TicketFlags(bFlags);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	733	EncTicketPart enc = new EncTicketPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	734	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	735	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	736	etp.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	737	etp.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	738	new TransitedEncoding(1, new byte[0]), // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	739	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	740	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	741	till, body.rtime,
9240 56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	742	body.addresses != null // always set caddr
56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	743	? body.addresses
56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	744	: new HostAddresses(
56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	745	new InetAddress[]{InetAddress.getLocalHost()}),
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	746	null);
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	747	EncryptionKey skey = keyForUser(service, e3, true);
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	748	if (skey == null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	749	throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	750	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	751	Ticket t = new Ticket(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	752	body.crealm,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	753	service,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	754	new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	755	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	756	EncTGSRepPart enc_part = new EncTGSRepPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	757	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	758	new LastReq(new LastReqEntry[]{
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	759	new LastReqEntry(0, new KerberosTime(new Date().getTime() - 10000))
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	760	}),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	761	body.getNonce(), // TODO: detect replay
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	762	new KerberosTime(new Date().getTime() + 1000 * 3600 * 24),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	763	// Next 5 and last MUST be same with ticket
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	764	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	765	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	766	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	767	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	768	body.crealm,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	769	service,
9240 56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	770	body.addresses != null // always set caddr
56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	771	? body.addresses
56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	772	: new HostAddresses(
56e01f64958e 7032354: no-addresses should not be used on acceptor side weijun parents: 7977 diff changeset	773	new InetAddress[]{InetAddress.getLocalHost()})
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	774	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	775	EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	776	TGSRep tgsRep = new TGSRep(null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	777	etp.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	778	etp.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	779	t,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	780	edata);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	781	System.out.println(" Return " + tgsRep.cname
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	782	+ " ticket for " + tgsRep.ticket.sname);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	783
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	784	DerOutputStream out = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	785	out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	786	true, (byte)Krb5.KRB_TGS_REP), tgsRep.asn1Encode());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	787	return out.toByteArray();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	788	} catch (KrbException ke) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	789	ke.printStackTrace(System.out);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	790	KRBError kerr = ke.getError();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	791	KDCReqBody body = tgsReq.reqBody;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	792	System.out.println(" Error " + ke.returnCode()
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	793	+ " " +ke.returnCodeMessage());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	794	if (kerr == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	795	kerr = new KRBError(null, null, null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	796	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	797	0,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	798	ke.returnCode(),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	799	body.crealm, body.cname,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	800	new Realm(getRealm()), service,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	801	KrbException.errorMessage(ke.returnCode()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	802	null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	803	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	804	return kerr.asn1Encode();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	805	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	806	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	807
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	808	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	809	* Processes a AS_REQ and generates a AS_REP (or KRB_ERROR)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	810	* @param in the request
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	811	* @return the response
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	812	* @throws java.lang.Exception for various errors
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	813	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	814	private byte[] processAsReq(byte[] in) throws Exception {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	815	ASReq asReq = new ASReq(in);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	816	int[] eTypes = null;
7977 f47f211cd627 7008713: diamond conversion of kerberos5 and security tools smarks parents: 7183 diff changeset	817	List<PAData> outPAs = new ArrayList<>();
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	818
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	819	PrincipalName service = asReq.reqBody.sname;
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	820	if (options.containsKey(KDC.Option.RESP_NT)) {
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	821	service = new PrincipalName(service.getNameStrings(),
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	822	(int)options.get(KDC.Option.RESP_NT));
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	823	service.setRealm(service.getRealm());
664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	824	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	825	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	826	System.out.println(realm + "> " + asReq.reqBody.cname +
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	827	" sends AS-REQ for " +
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	828	service);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	829
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	830	KDCReqBody body = asReq.reqBody;
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	831	body.cname.setRealm(getRealm());
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	832
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	833	eTypes = KDCReqBodyDotEType(body);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	834	int eType = eTypes[0];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	835
4336 4c792c19266e 6853328: Support OK-AS-DELEGATE flag weijun parents: 4168 diff changeset	836	EncryptionKey ckey = keyForUser(body.cname, eType, false);
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	837	EncryptionKey skey = keyForUser(service, eType, true);
5774 4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	838
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	839	if (options.containsKey(KDC.Option.ONLY_RC4_TGT)) {
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	840	int tgtEType = EncryptedData.ETYPE_ARCFOUR_HMAC;
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	841	boolean found = false;
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	842	for (int i=0; i<eTypes.length; i++) {
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	843	if (eTypes[i] == tgtEType) {
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	844	found = true;
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	845	break;
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	846	}
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	847	}
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	848	if (!found) {
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	849	throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	850	}
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	851	skey = keyForUser(service, tgtEType, true);
5774 4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	852	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	853	if (ckey == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	854	throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	855	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	856	if (skey == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	857	throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	858	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	859
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	860	// Session key
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	861	EncryptionKey key = generateRandomKey(eType);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	862	// Check time, TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	863	KerberosTime till = body.till;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	864	if (till == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	865	throw new KrbException(Krb5.KDC_ERR_NEVER_VALID); // TODO
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	866	} else if (till.isZero()) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	867	till = new KerberosTime(new Date().getTime() + 1000 * 3600 * 11);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	868	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	869	//body.from
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	870	boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	871	if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	872	bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	873	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	874	if (body.kdcOptions.get(KDCOptions.RENEWABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	875	bFlags[Krb5.TKT_OPTS_RENEWABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	876	//renew = new KerberosTime(new Date().getTime() + 1000 * 3600 * 24 * 7);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	877	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	878	if (body.kdcOptions.get(KDCOptions.PROXIABLE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	879	bFlags[Krb5.TKT_OPTS_PROXIABLE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	880	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	881	if (body.kdcOptions.get(KDCOptions.POSTDATED)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	882	bFlags[Krb5.TKT_OPTS_POSTDATED] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	883	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	884	if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	885	bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	886	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	887	bFlags[Krb5.TKT_OPTS_INITIAL] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	888
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	889	// Creating PA-DATA
10432 ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	890	DerValue[] pas2 = null, pas = null;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	891	if (options.containsKey(KDC.Option.DUP_ETYPE)) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	892	int n = (Integer)options.get(KDC.Option.DUP_ETYPE);
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	893	switch (n) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	894	case 1: // customer's case in 7067974
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	895	pas2 = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	896	new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	897	new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	898	new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	899	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	900	pas = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	901	new DerValue(new ETypeInfo(1, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	902	new DerValue(new ETypeInfo(1, "").asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	903	new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	904	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	905	break;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	906	case 2: // we still reject non-null s2kparams and prefer E2 over E
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	907	pas2 = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	908	new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	909	new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	910	new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	911	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	912	pas = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	913	new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	914	new DerValue(new ETypeInfo(1, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	915	new DerValue(new ETypeInfo(1, "").asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	916	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	917	break;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	918	case 3: // but only E is wrong
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	919	pas = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	920	new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	921	new DerValue(new ETypeInfo(1, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	922	new DerValue(new ETypeInfo(1, "").asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	923	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	924	break;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	925	case 4: // we also ignore rc4-hmac
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	926	pas = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	927	new DerValue(new ETypeInfo(23, "ANYTHING").asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	928	new DerValue(new ETypeInfo(1, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	929	new DerValue(new ETypeInfo(1, "").asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	930	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	931	break;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	932	case 5: // "" should be wrong, but we accept it now
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	933	// See s.s.k.internal.PAData$SaltAndParams
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	934	pas = new DerValue[] {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	935	new DerValue(new ETypeInfo(1, "").asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	936	new DerValue(new ETypeInfo(1, null).asn1Encode()),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	937	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	938	break;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	939	}
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	940	} else {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	941	int[] epas = eTypes;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	942	if (options.containsKey(KDC.Option.RC4_FIRST_PREAUTH)) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	943	for (int i=1; i<epas.length; i++) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	944	if (epas[i] == EncryptedData.ETYPE_ARCFOUR_HMAC) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	945	epas[i] = epas[0];
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	946	epas[0] = EncryptedData.ETYPE_ARCFOUR_HMAC;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	947	break;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	948	}
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	949	};
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	950	} else if (options.containsKey(KDC.Option.ONLY_ONE_PREAUTH)) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	951	epas = new int[] { eTypes[0] };
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	952	}
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	953	pas2 = new DerValue[epas.length];
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	954	for (int i=0; i<epas.length; i++) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	955	pas2[i] = new DerValue(new ETypeInfo2(
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	956	epas[i],
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	957	epas[i] == EncryptedData.ETYPE_ARCFOUR_HMAC ?
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	958	null : getSalt(body.cname),
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	959	null).asn1Encode());
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	960	}
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	961	boolean allOld = true;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	962	for (int i: eTypes) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	963	if (i == EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96 \|\|
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	964	i == EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	965	allOld = false;
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	966	break;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	967	}
10432 ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	968	}
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	969	if (allOld) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	970	pas = new DerValue[epas.length];
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	971	for (int i=0; i<epas.length; i++) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	972	pas[i] = new DerValue(new ETypeInfo(
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	973	epas[i],
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	974	epas[i] == EncryptedData.ETYPE_ARCFOUR_HMAC ?
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	975	null : getSalt(body.cname)
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	976	).asn1Encode());
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	977	}
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	978	}
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	979	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	980
10432 ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	981	DerOutputStream eid;
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	982	if (pas2 != null) {
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	983	eid = new DerOutputStream();
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	984	eid.putSequence(pas2);
ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	985	outPAs.add(new PAData(Krb5.PA_ETYPE_INFO2, eid.toByteArray()));
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	986	}
10432 ef33e56c55a9 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt weijun parents: 10141 diff changeset	987	if (pas != null) {
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	988	eid = new DerOutputStream();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	989	eid.putSequence(pas);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	990	outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray()));
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	991	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	992
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	993	PAData[] inPAs = kDCReqDotPAData(asReq);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	994	if (inPAs == null \|\| inPAs.length == 0) {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	995	Object preauth = options.get(Option.PREAUTH_REQUIRED);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	996	if (preauth == null \|\| preauth.equals(Boolean.TRUE)) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	997	throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	998	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	999	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1000	try {
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1001	EncryptedData data = newEncryptedData(new DerValue(inPAs[0].getValue()));
5774 4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	1002	EncryptionKey pakey = keyForUser(body.cname, data.getEType(), false);
4b9857e483c1 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode weijun parents: 5627 diff changeset	1003	data.decrypt(pakey, KeyUsage.KU_PA_ENC_TS);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1004	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1005	throw new KrbException(Krb5.KDC_ERR_PREAUTH_FAILED);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1006	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1007	bFlags[Krb5.TKT_OPTS_PRE_AUTHENT] = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1008	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1009
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1010	TicketFlags tFlags = new TicketFlags(bFlags);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1011	EncTicketPart enc = new EncTicketPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1012	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1013	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1014	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1015	body.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1016	new TransitedEncoding(1, new byte[0]),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1017	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1018	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1019	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1020	body.addresses,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1021	null);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1022	Ticket t = new Ticket(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1023	body.crealm,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	1024	service,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1025	new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1026	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1027	EncASRepPart enc_part = new EncASRepPart(
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1028	key,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1029	new LastReq(new LastReqEntry[]{
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1030	new LastReqEntry(0, new KerberosTime(new Date().getTime() - 10000))
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1031	}),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1032	body.getNonce(), // TODO: detect replay?
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1033	new KerberosTime(new Date().getTime() + 1000 * 3600 * 24),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1034	// Next 5 and last MUST be same with ticket
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1035	tFlags,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1036	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1037	body.from,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1038	till, body.rtime,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1039	body.crealm,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	1040	service,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1041	body.addresses
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1042	);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1043	EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART);
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1044	ASRep asRep = new ASRep(
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1045	outPAs.toArray(new PAData[outPAs.size()]),
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1046	body.crealm,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1047	body.cname,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1048	t,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1049	edata);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1050
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1051	System.out.println(" Return " + asRep.cname
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1052	+ " ticket for " + asRep.ticket.sname);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1053
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1054	DerOutputStream out = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1055	out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1056	true, (byte)Krb5.KRB_AS_REP), asRep.asn1Encode());
1575 e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1057	byte[] result = out.toByteArray();
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1058
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1059	// Added feature:
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1060	// Write the current issuing TGT into a ccache file specified
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1061	// by the system property below.
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1062	String ccache = System.getProperty("test.kdc.save.ccache");
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1063	if (ccache != null) {
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1064	asRep.encKDCRepPart = enc_part;
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1065	sun.security.krb5.internal.ccache.Credentials credentials =
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1066	new sun.security.krb5.internal.ccache.Credentials(asRep);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1067	asReq.reqBody.cname.setRealm(getRealm());
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1068	CredentialsCache cache =
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1069	CredentialsCache.create(asReq.reqBody.cname, ccache);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1070	if (cache == null) {
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1071	throw new IOException("Unable to create the cache file " +
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1072	ccache);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1073	}
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1074	cache.update(credentials);
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1075	cache.save();
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1076	}
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1077
e0f1979051b5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear. weijun parents: 1456 diff changeset	1078	return result;
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1079	} catch (KrbException ke) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1080	ke.printStackTrace(System.out);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1081	KRBError kerr = ke.getError();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1082	KDCReqBody body = asReq.reqBody;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1083	System.out.println(" Error " + ke.returnCode()
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1084	+ " " +ke.returnCodeMessage());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1085	byte[] eData = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1086	if (kerr == null) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1087	if (ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED \|\|
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1088	ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1089	DerOutputStream bytes = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1090	bytes.write(new PAData(Krb5.PA_ENC_TIMESTAMP, new byte[0]).asn1Encode());
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1091	for (PAData p: outPAs) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1092	bytes.write(p.asn1Encode());
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1093	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1094	DerOutputStream temp = new DerOutputStream();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1095	temp.write(DerValue.tag_Sequence, bytes);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1096	eData = temp.toByteArray();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1097	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1098	kerr = new KRBError(null, null, null,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1099	new KerberosTime(new Date()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1100	0,
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1101	ke.returnCode(),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1102	body.crealm, body.cname,
10141 664ba64d2472 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem weijun parents: 9499 diff changeset	1103	new Realm(getRealm()), service,
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1104	KrbException.errorMessage(ke.returnCode()),
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1105	eData);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1106	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1107	return kerr.asn1Encode();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1108	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1109	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1110
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1111	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1112	* Generates a line for a KDC to put inside [realms] of krb5.conf
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1113	* @param kdc the KDC
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1114	* @return REALM.NAME = { kdc = host:port }
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1115	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1116	private static String realmLineForKDC(KDC kdc) {
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1117	return String.format(" %s = {\n kdc = %s:%d\n }\n",
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1118	kdc.realm,
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1119	kdc.kdc,
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1120	kdc.port);
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1121	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1122
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1123	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1124	* Start the KDC service. This server listens on both UDP and TCP using
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1125	* the same port number. It uses three threads to deal with requests.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1126	* They can be set to daemon threads if requested.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1127	* @param port the port number to listen to. If zero, a random available
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1128	* port no less than 8000 will be chosen and used.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1129	* @param asDaemon true if the KDC threads should be daemons
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1130	* @throws java.io.IOException for any communication error
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1131	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1132	protected void startServer(int port, boolean asDaemon) throws IOException {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1133	if (port > 0) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1134	u1 = new DatagramSocket(port, InetAddress.getByName("127.0.0.1"));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1135	t1 = new ServerSocket(port);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1136	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1137	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1138	// Try to find a port number that's both TCP and UDP free
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1139	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1140	port = 8000 + new java.util.Random().nextInt(10000);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1141	u1 = null;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1142	u1 = new DatagramSocket(port, InetAddress.getByName("127.0.0.1"));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1143	t1 = new ServerSocket(port);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1144	break;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1145	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1146	if (u1 != null) u1.close();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1147	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1148	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1149	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1150	final DatagramSocket udp = u1;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1151	final ServerSocket tcp = t1;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1152	System.out.println("Start KDC on " + port);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1153
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1154	this.port = port;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1155
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1156	// The UDP consumer
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1157	thread1 = new Thread() {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1158	public void run() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1159	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1160	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1161	byte[] inbuf = new byte[8192];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1162	DatagramPacket p = new DatagramPacket(inbuf, inbuf.length);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1163	udp.receive(p);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1164	System.out.println("-----------------------------------------------");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1165	System.out.println(">>>>> UDP packet received");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1166	q.put(new Job(processMessage(Arrays.copyOf(inbuf, p.getLength())), udp, p));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1167	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1168	e.printStackTrace();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1169	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1170	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1171	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1172	};
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1173	thread1.setDaemon(asDaemon);
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1174	thread1.start();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1175
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1176	// The TCP consumer
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1177	thread2 = new Thread() {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1178	public void run() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1179	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1180	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1181	Socket socket = tcp.accept();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1182	System.out.println("-----------------------------------------------");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1183	System.out.println(">>>>> TCP connection established");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1184	DataInputStream in = new DataInputStream(socket.getInputStream());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1185	DataOutputStream out = new DataOutputStream(socket.getOutputStream());
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1186	byte[] token = new byte[in.readInt()];
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1187	in.readFully(token);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1188	q.put(new Job(processMessage(token), socket, out));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1189	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1190	e.printStackTrace();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1191	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1192	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1193	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1194	};
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1195	thread2.setDaemon(asDaemon);
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1196	thread2.start();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1197
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1198	// The dispatcher
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1199	thread3 = new Thread() {
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1200	public void run() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1201	while (true) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1202	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1203	q.take().send();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1204	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1205	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1206	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1207	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1208	};
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1209	thread3.setDaemon(true);
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1210	thread3.start();
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1211	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1212
4531 3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1213	public void terminate() {
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1214	try {
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1215	thread1.stop();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1216	thread2.stop();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1217	thread3.stop();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1218	u1.close();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1219	t1.close();
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1220	} catch (Exception e) {
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1221	// OK
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1222	}
3a9206343ab2 6843127: krb5 should not try to access unavailable kdc too often weijun parents: 4336 diff changeset	1223	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1224	/**
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1225	* Helper class to encapsulate a job in a KDC.
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1226	*/
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1227	private static class Job {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1228	byte[] token; // The received request at creation time and
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1229	// the response at send time
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1230	Socket s; // The TCP socket from where the request comes
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1231	DataOutputStream out; // The OutputStream of the TCP socket
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1232	DatagramSocket s2; // The UDP socket from where the request comes
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1233	DatagramPacket dp; // The incoming UDP datagram packet
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1234	boolean useTCP; // Whether TCP or UDP is used
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1235
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1236	// Creates a job object for TCP
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1237	Job(byte[] token, Socket s, DataOutputStream out) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1238	useTCP = true;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1239	this.token = token;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1240	this.s = s;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1241	this.out = out;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1242	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1243
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1244	// Creates a job object for UDP
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1245	Job(byte[] token, DatagramSocket s2, DatagramPacket dp) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1246	useTCP = false;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1247	this.token = token;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1248	this.s2 = s2;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1249	this.dp = dp;
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1250	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1251
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1252	// Sends the output back to the client
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1253	void send() {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1254	try {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1255	if (useTCP) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1256	System.out.println(">>>>> TCP request honored");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1257	out.writeInt(token.length);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1258	out.write(token);
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1259	s.close();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1260	} else {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1261	System.out.println(">>>>> UDP request honored");
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1262	s2.send(new DatagramPacket(token, token.length, dp.getAddress(), dp.getPort()));
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1263	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1264	} catch (Exception e) {
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1265	e.printStackTrace();
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1266	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1267	}
d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1268	}
3046 dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1269
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1270	public static class KDCNameService implements NameServiceDescriptor {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1271	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1272	public NameService createNameService() throws Exception {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1273	NameService ns = new NameService() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1274	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1275	public InetAddress[] lookupAllHostAddr(String host)
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1276	throws UnknownHostException {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1277	// Everything is localhost
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1278	return new InetAddress[]{
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1279	InetAddress.getByAddress(host, new byte[]{127,0,0,1})
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1280	};
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1281	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1282	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1283	public String getHostByAddr(byte[] addr)
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1284	throws UnknownHostException {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1285	// No reverse lookup, PrincipalName use original string
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1286	throw new UnknownHostException();
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1287	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1288	};
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1289	return ns;
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1290	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1291
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1292	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1293	public String getProviderName() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1294	return "mock";
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1295	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1296
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1297	@Override
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1298	public String getType() {
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1299	return "ns";
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1300	}
dd50d75d88e6 6849275: enhance krb5 reg tests weijun parents: 2942 diff changeset	1301	}
7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1302
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1303	// Calling private methods thru reflections
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1304	private static final Field getPADataField;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1305	private static final Field getEType;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1306	private static final Constructor<EncryptedData> ctorEncryptedData;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1307	private static final Method stringToKey;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1308
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1309	static {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1310	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1311	ctorEncryptedData = EncryptedData.class.getDeclaredConstructor(DerValue.class);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1312	ctorEncryptedData.setAccessible(true);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1313	getPADataField = KDCReq.class.getDeclaredField("pAData");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1314	getPADataField.setAccessible(true);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1315	getEType = KDCReqBody.class.getDeclaredField("eType");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1316	getEType.setAccessible(true);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1317	stringToKey = EncryptionKey.class.getDeclaredMethod(
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1318	"stringToKey",
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1319	char[].class, String.class, byte[].class, Integer.TYPE);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1320	stringToKey.setAccessible(true);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1321	} catch (NoSuchFieldException nsfe) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1322	throw new AssertionError(nsfe);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1323	} catch (NoSuchMethodException nsme) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1324	throw new AssertionError(nsme);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1325	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1326	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1327	private EncryptedData newEncryptedData(DerValue der) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1328	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1329	return ctorEncryptedData.newInstance(der);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1330	} catch (Exception e) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1331	throw new AssertionError(e);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1332	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1333	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1334	private static PAData[] kDCReqDotPAData(KDCReq req) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1335	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1336	return (PAData[])getPADataField.get(req);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1337	} catch (Exception e) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1338	throw new AssertionError(e);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1339	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1340	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1341	private static int[] KDCReqBodyDotEType(KDCReqBody body) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1342	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1343	return (int[]) getEType.get(body);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1344	} catch (Exception e) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1345	throw new AssertionError(e);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1346	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1347	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1348	private static byte[] EncryptionKeyDotStringToKey(char[] password, String salt,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1349	byte[] s2kparams, int keyType) throws KrbCryptoException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1350	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1351	return (byte[])stringToKey.invoke(
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1352	null, password, salt, s2kparams, keyType);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1353	} catch (InvocationTargetException ex) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1354	throw (KrbCryptoException)ex.getCause();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1355	} catch (Exception e) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1356	throw new AssertionError(e);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1357	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: 7037 diff changeset	1358	}
1454 d9b6f1de641f 6706974: Add krb5 test infrastructure weijun parents: diff changeset	1359	}

author	weijun
	Tue, 20 Mar 2012 19:12:21 +0800
changeset 12199	3de38eedde69
parent 11107	fc8efc57da08
child 12867	5492127ab0a8
permissions	-rw-r--r--