author | weijun |
Mon, 22 Jan 2018 12:00:41 +0800 | |
changeset 48651 | 67abfee27e69 |
parent 47216 | 71c04702a3d5 |
child 48668 | 2da4a52715d8 |
permissions | -rw-r--r-- |
18536 | 1 |
/* |
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. |
18536 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. |
|
8 |
* |
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
13 |
* accompanied this code). |
|
14 |
* |
|
15 |
* You should have received a copy of the GNU General Public License version |
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 |
* |
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
22 |
*/ |
|
23 |
||
24 |
/* |
|
25 |
* @test |
|
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
26 |
* @bug 7152176 8168518 8172017 8014628 |
18536 | 27 |
* @summary More krb5 tests |
41832 | 28 |
* @library ../../../../java/security/testlibrary/ /test/lib |
45467
99c87a16a8e4
8181761: add explicit @build actions for jdk.test.lib classes in all :tier2 tests
iignatyev
parents:
42998
diff
changeset
|
29 |
* @build jdk.test.lib.Platform |
41832 | 30 |
* @run main/othervm/timeout=300 ReplayCacheTestProc |
18536 | 31 |
*/ |
32 |
||
33 |
import java.io.*; |
|
34 |
import java.nio.BufferUnderflowException; |
|
35 |
import java.nio.channels.SeekableByteChannel; |
|
36 |
import java.nio.file.Files; |
|
37 |
import java.nio.file.Paths; |
|
38 |
import java.nio.file.StandardCopyOption; |
|
39 |
import java.nio.file.StandardOpenOption; |
|
40 |
import java.security.MessageDigest; |
|
41832 | 41 |
import java.security.NoSuchAlgorithmException; |
18536 | 42 |
import java.util.*; |
41832 | 43 |
import java.util.regex.Matcher; |
44 |
import java.util.regex.Pattern; |
|
24271
19000122bb5e
8039951: com.sun.security.auth.module missing classes on some platforms
weijun
parents:
18826
diff
changeset
|
45 |
|
41832 | 46 |
import jdk.test.lib.Platform; |
18536 | 47 |
import sun.security.jgss.GSSUtil; |
48 |
import sun.security.krb5.internal.rcache.AuthTime; |
|
49 |
||
41832 | 50 |
/** |
51 |
* This test runs multiple acceptor Procs to mimic AP-REQ replays. |
|
52 |
* These system properties are supported: |
|
53 |
* |
|
54 |
* - test.libs on what types of acceptors to use |
|
55 |
* Format: CSV of (J|N|N<suffix>=<libname>|J<suffix>=<launcher>) |
|
56 |
* Default: J,N on Solaris and Linux where N is available, or J |
|
57 |
* Example: J,N,N14=/krb5-1.14/lib/libgssapi_krb5.so,J8=/java8/bin/java |
|
58 |
* |
|
59 |
* - test.runs on manual runs. If empty, a iterate through all pattern |
|
60 |
* Format: (req# | client# service#) acceptor# expected, ... |
|
61 |
* Default: null |
|
62 |
* Example: c0s0Jav,c1s1N14av,r0Jbx means 0th req is new c0->s0 sent to Ja, |
|
63 |
* 1st req is new c1 to s1 sent to N14a, |
|
64 |
* 2nd req is old (0th replayed) sent to Jb. |
|
65 |
* a/b at the end of acceptor is different acceptors of the same lib |
|
66 |
* |
|
67 |
* - test.autoruns on number of automatic runs |
|
68 |
* Format: number |
|
69 |
* Default: 100 |
|
70 |
*/ |
|
18536 | 71 |
public class ReplayCacheTestProc { |
72 |
||
41832 | 73 |
private static Proc[] pa; // all acceptors |
74 |
private static Proc pi; // the single initiator |
|
18536 | 75 |
private static List<Req> reqs = new ArrayList<>(); |
76 |
private static String HOST = "localhost"; |
|
77 |
||
42108
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
78 |
private static final String SERVICE; |
42998
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
79 |
private static long uid; |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
80 |
private static String cwd; |
42108
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
81 |
|
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
82 |
static { |
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
83 |
String tmp = System.getProperty("test.service"); |
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
84 |
SERVICE = (tmp == null) ? "service" : tmp; |
42998
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
85 |
uid = jdk.internal.misc.VM.geteuid(); |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
86 |
// Where should the rcache be saved. KRB5RCACHEDIR is not |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
87 |
// recognized on Solaris (might be supported on Solaris 12), |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
88 |
// and directory name is different when launched by root. |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
89 |
// See manpage krb5envvar(5) on KRB5RCNAME. |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
90 |
if (System.getProperty("os.name").startsWith("SunOS")) { |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
91 |
if (uid == 0) { |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
92 |
cwd = "/var/krb5/rcache/root/"; |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
93 |
} else { |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
94 |
cwd = "/var/krb5/rcache/"; |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
95 |
} |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
96 |
} else { |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
97 |
cwd = System.getProperty("user.dir"); |
1a5bb301d855
8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris
weijun
parents:
42108
diff
changeset
|
98 |
} |
42108
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
99 |
} |
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
100 |
|
41832 | 101 |
private static MessageDigest md5, sha256; |
102 |
||
103 |
static { |
|
104 |
try { |
|
105 |
md5 = MessageDigest.getInstance("MD5"); |
|
106 |
sha256 = MessageDigest.getInstance("SHA-256"); |
|
107 |
} catch (NoSuchAlgorithmException nsae) { |
|
108 |
throw new AssertionError("Impossible", nsae); |
|
109 |
} |
|
110 |
} |
|
18536 | 111 |
|
112 |
||
113 |
public static void main0(String[] args) throws Exception { |
|
114 |
System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF); |
|
115 |
if (args.length == 0) { // The controller |
|
41832 | 116 |
int nc = 5; // number of clients |
117 |
int ns = 5; // number of services |
|
118 |
String[] libs; // available acceptor types: |
|
119 |
// J: java |
|
120 |
// J<suffix>=<java launcher>: another java |
|
121 |
// N: default native lib |
|
122 |
// N<suffix>=<libname>: another native lib |
|
123 |
Ex[] result; |
|
124 |
int numPerType = 2; // number of acceptors per type |
|
18542
7b1fa08a804e
8017453: ReplayCache tests fail on multiple platforms
weijun
parents:
18536
diff
changeset
|
125 |
|
18536 | 126 |
KDC kdc = KDC.create(OneKDC.REALM, HOST, 0, true); |
41832 | 127 |
for (int i=0; i<nc; i++) { |
128 |
kdc.addPrincipal(client(i), OneKDC.PASS); |
|
18536 | 129 |
} |
130 |
kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); |
|
41832 | 131 |
for (int i=0; i<ns; i++) { |
132 |
kdc.addPrincipalRandKey(service(i)); |
|
18536 | 133 |
} |
134 |
||
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
135 |
// Native lib might not support aes-sha2 |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
136 |
KDC.saveConfig(OneKDC.KRB5_CONF, kdc, |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
137 |
"default_tkt_enctypes = aes128-cts", |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
138 |
"default_tgs_enctypes = aes128-cts"); |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
139 |
|
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
140 |
// Write KTAB after krb5.conf so it contains no aes-sha2 keys |
18536 | 141 |
kdc.writeKtab(OneKDC.KTAB); |
142 |
||
41832 | 143 |
// User-provided libs |
144 |
String userLibs = System.getProperty("test.libs"); |
|
145 |
||
146 |
if (userLibs != null) { |
|
147 |
libs = userLibs.split(","); |
|
148 |
} else { |
|
149 |
if (Platform.isOSX() || Platform.isWindows()) { |
|
150 |
// macOS uses Heimdal and Windows has no native lib |
|
151 |
libs = new String[]{"J"}; |
|
152 |
} else { |
|
153 |
if (acceptor("N", "sanity").waitFor() != 0) { |
|
154 |
Proc.d("Native mode sanity check failed, only java"); |
|
155 |
libs = new String[]{"J"}; |
|
156 |
} else { |
|
157 |
libs = new String[]{"J", "N"}; |
|
158 |
} |
|
18826
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
159 |
} |
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
160 |
} |
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
161 |
|
41832 | 162 |
pi = Proc.create("ReplayCacheTestProc").debug("C") |
163 |
.args("initiator") |
|
18536 | 164 |
.start(); |
165 |
||
41832 | 166 |
int na = libs.length * numPerType; // total number of acceptors |
167 |
pa = new Proc[na]; |
|
18536 | 168 |
|
41832 | 169 |
// Acceptors, numPerType for 1st, numForType for 2nd, ... |
170 |
for (int i=0; i<na; i++) { |
|
171 |
pa[i] = acceptor(libs[i/numPerType], |
|
172 |
"" + (char)('a' + i%numPerType)); |
|
173 |
} |
|
18536 | 174 |
|
41832 | 175 |
// Manual runs |
176 |
String userRuns = System.getProperty("test.runs"); |
|
18536 | 177 |
|
41832 | 178 |
if (userRuns == null) { |
179 |
result = new Ex[Integer.parseInt( |
|
180 |
System.getProperty("test.autoruns", "100"))]; |
|
18536 | 181 |
Random r = new Random(); |
41832 | 182 |
for (int i = 0; i < result.length; i++) { |
183 |
boolean expected = reqs.isEmpty() || r.nextBoolean(); |
|
184 |
result[i] = new Ex( |
|
185 |
i, |
|
186 |
expected ? |
|
187 |
req(r.nextInt(nc), r.nextInt(ns)) : |
|
188 |
r.nextInt(reqs.size()), |
|
189 |
pa[r.nextInt(na)], |
|
190 |
expected); |
|
18536 | 191 |
} |
41832 | 192 |
} else if (userRuns.isEmpty()) { |
193 |
int count = 0; |
|
194 |
result = new Ex[libs.length * libs.length]; |
|
195 |
for (int i = 0; i < libs.length; i++) { |
|
196 |
result[count] = new Ex( |
|
197 |
count, |
|
198 |
req(0, 0), |
|
199 |
pa[i * numPerType], |
|
200 |
true); |
|
201 |
count++; |
|
202 |
for (int j = 0; j < libs.length; j++) { |
|
203 |
if (i == j) { |
|
204 |
continue; |
|
205 |
} |
|
206 |
result[count] = new Ex( |
|
207 |
count, |
|
208 |
i, |
|
209 |
pa[j * numPerType], |
|
210 |
false); |
|
211 |
count++; |
|
18536 | 212 |
} |
41832 | 213 |
} |
214 |
} else { |
|
215 |
String[] runs = userRuns.split(","); |
|
216 |
result = new Ex[runs.length]; |
|
217 |
for (int i = 0; i < runs.length; i++) { |
|
218 |
UserRun run = new UserRun(runs[i]); |
|
219 |
result[i] = new Ex( |
|
220 |
i, |
|
221 |
run.req() == -1 ? |
|
222 |
req(run.client(), run.service()) : |
|
223 |
result[run.req()].req, |
|
224 |
Arrays.stream(pa) |
|
225 |
.filter(p -> p.debug().equals(run.acceptor())) |
|
226 |
.findFirst() |
|
227 |
.orElseThrow(() -> new Exception( |
|
228 |
"no acceptor named " + run.acceptor())), |
|
229 |
run.success()); |
|
18536 | 230 |
} |
231 |
} |
|
232 |
||
41832 | 233 |
for (Ex x : result) { |
234 |
x.run(); |
|
18536 | 235 |
} |
41832 | 236 |
|
237 |
pi.println("END"); |
|
238 |
for (int i=0; i<na; i++) { |
|
239 |
pa[i].println("END"); |
|
240 |
} |
|
241 |
System.out.println("\nAll Test Results\n================"); |
|
18536 | 242 |
boolean finalOut = true; |
41832 | 243 |
System.out.println(" req** client service acceptor Result"); |
244 |
System.out.println("---- ------- ------ --------- -------- -------"); |
|
245 |
for (int i=0; i<result.length; i++) { |
|
18536 | 246 |
boolean out = result[i].expected==result[i].actual; |
247 |
finalOut &= out; |
|
41832 | 248 |
System.out.printf("%3d: %3d%s c%d s%d %4s %8s %s %s\n", |
18536 | 249 |
i, |
41832 | 250 |
result[i].req, |
251 |
result[i].expected ? "**" : " ", |
|
252 |
reqs.get(result[i].req).client, |
|
253 |
reqs.get(result[i].req).service, |
|
254 |
"(" + result[i].csize + ")", |
|
255 |
result[i].acceptor.debug(), |
|
256 |
result[i].actual ? "++" : "--", |
|
257 |
out ? " " : "xxx"); |
|
258 |
} |
|
259 |
||
260 |
System.out.println("\nPath of Reqs\n============"); |
|
261 |
for (int j=0; ; j++) { |
|
262 |
boolean found = false; |
|
263 |
for (int i=0; i<result.length; i++) { |
|
264 |
if (result[i].req == j) { |
|
265 |
if (!found) { |
|
266 |
System.out.printf("%3d (c%s -> s%s): ", j, |
|
267 |
reqs.get(j).client, reqs.get(j).service); |
|
268 |
} |
|
269 |
System.out.printf("%s%s(%d)%s", |
|
270 |
found ? " -> " : "", |
|
271 |
result[i].acceptor.debug(), |
|
272 |
i, |
|
273 |
result[i].actual != result[i].expected ? |
|
274 |
"xxx" : ""); |
|
275 |
found = true; |
|
276 |
} |
|
277 |
} |
|
278 |
System.out.println(); |
|
279 |
if (!found) { |
|
280 |
break; |
|
281 |
} |
|
18536 | 282 |
} |
283 |
if (!finalOut) throw new Exception(); |
|
41832 | 284 |
} else if (args[0].equals("Nsanity")) { |
18826
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
285 |
// Native mode sanity check |
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
286 |
Proc.d("Detect start"); |
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
287 |
Context s = Context.fromUserKtab("*", OneKDC.KTAB, true); |
aba6cde7fafb
8019410: sun/security/krb5/auto/ReplayCacheTestProc.java
weijun
parents:
18542
diff
changeset
|
288 |
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); |
41832 | 289 |
} else if (args[0].equals("initiator")) { |
18536 | 290 |
while (true) { |
291 |
String title = Proc.textIn(); |
|
292 |
Proc.d("Client see " + title); |
|
293 |
if (title.equals("END")) break; |
|
294 |
String[] cas = title.split(" "); |
|
295 |
Context c = Context.fromUserPass(cas[0], OneKDC.PASS, false); |
|
296 |
c.startAsClient(cas[1], GSSUtil.GSS_KRB5_MECH_OID); |
|
297 |
c.x().requestCredDeleg(true); |
|
298 |
byte[] token = c.take(new byte[0]); |
|
299 |
Proc.d("Client AP-REQ generated"); |
|
300 |
Proc.binOut(token); |
|
301 |
} |
|
302 |
} else { |
|
41832 | 303 |
Proc.d(System.getProperty("java.vm.version")); |
304 |
Proc.d(System.getProperty("sun.security.jgss.native")); |
|
305 |
Proc.d(System.getProperty("sun.security.jgss.lib")); |
|
306 |
Proc.d("---------------------------------\n"); |
|
18536 | 307 |
Proc.d("Server start"); |
308 |
Context s = Context.fromUserKtab("*", OneKDC.KTAB, true); |
|
309 |
Proc.d("Server login"); |
|
310 |
while (true) { |
|
311 |
String title = Proc.textIn(); |
|
41832 | 312 |
Proc.d("Server sees " + title); |
18536 | 313 |
if (title.equals("END")) break; |
314 |
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); |
|
315 |
byte[] token = Proc.binIn(); |
|
316 |
try { |
|
317 |
s.take(token); |
|
318 |
Proc.textOut("true"); |
|
41832 | 319 |
Proc.d("Good"); |
18536 | 320 |
} catch (Exception e) { |
321 |
Proc.textOut("false"); |
|
41832 | 322 |
Proc.d("Bad"); |
18536 | 323 |
} |
324 |
} |
|
325 |
} |
|
326 |
} |
|
327 |
||
328 |
public static void main(String[] args) throws Exception { |
|
329 |
try { |
|
330 |
main0(args); |
|
331 |
} catch (Exception e) { |
|
332 |
Proc.d(e); |
|
333 |
throw e; |
|
334 |
} |
|
335 |
} |
|
336 |
||
41832 | 337 |
// returns the client name |
338 |
private static String client(int p) { |
|
339 |
return "client" + p; |
|
18536 | 340 |
} |
41832 | 341 |
|
342 |
// returns the service name |
|
343 |
private static String service(int p) { |
|
42108
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
344 |
return SERVICE + p + "/" + HOST; |
18536 | 345 |
} |
41832 | 346 |
|
347 |
// returns the dfl name for a service |
|
18536 | 348 |
private static String dfl(int p) { |
42108
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
349 |
return SERVICE + p + (uid == -1 ? "" : ("_"+uid)); |
18536 | 350 |
} |
41832 | 351 |
|
18536 | 352 |
// generates an ap-req and save into reqs, returns the index |
41832 | 353 |
private static int req(int client, int service) throws Exception { |
354 |
pi.println(client(client) + " " + service(service)); |
|
355 |
Req req = new Req(client, service, pi.readData()); |
|
18536 | 356 |
reqs.add(req); |
357 |
return reqs.size() - 1; |
|
358 |
} |
|
41832 | 359 |
|
360 |
// create a acceptor |
|
361 |
private static Proc acceptor(String type, String suffix) throws Exception { |
|
362 |
Proc p; |
|
363 |
String label; |
|
364 |
String lib; |
|
365 |
int pos = type.indexOf('='); |
|
366 |
if (pos < 0) { |
|
367 |
label = type; |
|
368 |
lib = null; |
|
369 |
} else { |
|
370 |
label = type.substring(0, pos); |
|
371 |
lib = type.substring(pos + 1); |
|
18536 | 372 |
} |
41832 | 373 |
if (type.startsWith("J")) { |
374 |
if (lib == null) { |
|
375 |
p = Proc.create("ReplayCacheTestProc"); |
|
376 |
} else { |
|
377 |
p = Proc.create("ReplayCacheTestProc", lib); |
|
378 |
} |
|
379 |
p.prop("sun.security.krb5.rcache", "dfl") |
|
380 |
.prop("java.io.tmpdir", cwd); |
|
381 |
String useMD5 = System.getProperty("jdk.krb5.rcache.useMD5"); |
|
382 |
if (useMD5 != null) { |
|
383 |
p.prop("jdk.krb5.rcache.useMD5", useMD5); |
|
384 |
} |
|
385 |
} else { |
|
386 |
p = Proc.create("ReplayCacheTestProc") |
|
387 |
.env("KRB5_CONFIG", OneKDC.KRB5_CONF) |
|
388 |
.env("KRB5_KTNAME", OneKDC.KTAB) |
|
389 |
.env("KRB5RCACHEDIR", cwd) |
|
390 |
.prop("sun.security.jgss.native", "true") |
|
391 |
.prop("javax.security.auth.useSubjectCredsOnly", "false") |
|
392 |
.prop("sun.security.nativegss.debug", "true"); |
|
393 |
if (lib != null) { |
|
394 |
String libDir = lib.substring(0, lib.lastIndexOf('/')); |
|
395 |
p.prop("sun.security.jgss.lib", lib) |
|
396 |
.env("DYLD_LIBRARY_PATH", libDir) |
|
397 |
.env("LD_LIBRARY_PATH", libDir); |
|
398 |
} |
|
399 |
} |
|
400 |
Proc.d(label+suffix+" started"); |
|
401 |
return p.args(label+suffix).debug(label+suffix).start(); |
|
18536 | 402 |
} |
41832 | 403 |
|
404 |
// generates hash of authenticator inside ap-req inside initsectoken |
|
405 |
private static void record(String label, Req req) throws Exception { |
|
406 |
byte[] data = Base64.getDecoder().decode(req.msg); |
|
407 |
data = Arrays.copyOfRange(data, 17, data.length); |
|
408 |
||
409 |
try (PrintStream ps = new PrintStream( |
|
410 |
new FileOutputStream("log.txt", true))) { |
|
411 |
ps.printf("%s:\nmsg: %s\nMD5: %s\nSHA-256: %s\n\n", |
|
412 |
label, |
|
413 |
req.msg, |
|
414 |
hex(md5.digest(data)), |
|
415 |
hex(sha256.digest(data))); |
|
416 |
} |
|
18536 | 417 |
} |
41832 | 418 |
|
419 |
// Returns a compact hexdump for a byte array |
|
420 |
private static String hex(byte[] hash) { |
|
18536 | 421 |
char[] h = new char[hash.length * 2]; |
422 |
char[] hexConst = "0123456789ABCDEF".toCharArray(); |
|
423 |
for (int i=0; i<hash.length; i++) { |
|
424 |
h[2*i] = hexConst[(hash[i]&0xff)>>4]; |
|
425 |
h[2*i+1] = hexConst[hash[i]&0xf]; |
|
426 |
} |
|
427 |
return new String(h); |
|
428 |
} |
|
41832 | 429 |
|
18536 | 430 |
// return size of dfl file, excluding the null hash ones |
431 |
private static int csize(int p) throws Exception { |
|
432 |
try (SeekableByteChannel chan = Files.newByteChannel( |
|
41832 | 433 |
Paths.get(cwd, dfl(p)), StandardOpenOption.READ)) { |
18536 | 434 |
chan.position(6); |
435 |
int cc = 0; |
|
436 |
while (true) { |
|
437 |
try { |
|
438 |
if (AuthTime.readFrom(chan) != null) cc++; |
|
439 |
} catch (BufferUnderflowException e) { |
|
440 |
break; |
|
441 |
} |
|
442 |
} |
|
443 |
return cc; |
|
444 |
} catch (IOException ioe) { |
|
445 |
return 0; |
|
446 |
} |
|
447 |
} |
|
41832 | 448 |
|
18536 | 449 |
// models an experiement |
450 |
private static class Ex { |
|
451 |
int i; // # |
|
41832 | 452 |
int req; // which ap-req to send |
453 |
Proc acceptor; // which acceptor to send to |
|
18536 | 454 |
boolean expected; // expected result |
41832 | 455 |
|
18536 | 456 |
boolean actual; // actual output |
41832 | 457 |
int csize; // size of rcache after test |
18536 | 458 |
String hash; // the hash of req |
41832 | 459 |
|
460 |
Ex(int i, int req, Proc acceptor, boolean expected) { |
|
461 |
this.i = i; |
|
462 |
this.req = req; |
|
463 |
this.acceptor = acceptor; |
|
464 |
this.expected = expected; |
|
465 |
} |
|
466 |
||
467 |
void run() throws Exception { |
|
468 |
Req r = reqs.get(req); |
|
469 |
acceptor.println("TEST"); |
|
470 |
acceptor.println(r.msg); |
|
471 |
String reply = acceptor.readData(); |
|
472 |
||
473 |
actual = Boolean.valueOf(reply); |
|
474 |
csize = csize(r.service); |
|
475 |
||
42108
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
476 |
String label = String.format("%03d-client%d-%s%d-%s-%s", |
1542d48cebeb
8169751: sun/security/krb5/auto/rcache_usemd5.sh fails on solaris
weijun
parents:
41832
diff
changeset
|
477 |
i, r.client, SERVICE, r.service, acceptor.debug(), actual); |
41832 | 478 |
|
479 |
record(label, r); |
|
480 |
if (new File(cwd, dfl(r.service)).exists()) { |
|
481 |
Files.copy(Paths.get(cwd, dfl(r.service)), Paths.get(label), |
|
482 |
StandardCopyOption.COPY_ATTRIBUTES); |
|
483 |
} |
|
484 |
} |
|
18536 | 485 |
} |
41832 | 486 |
|
18536 | 487 |
// models a saved ap-req msg |
488 |
private static class Req { |
|
489 |
String msg; // based64-ed req |
|
41832 | 490 |
int client; // which client |
491 |
int service; // which service |
|
492 |
Req(int client, int service, String msg) { |
|
18536 | 493 |
this.msg = msg; |
41832 | 494 |
this.client= client; |
495 |
this.service = service; |
|
496 |
} |
|
497 |
} |
|
498 |
||
499 |
private static class UserRun { |
|
500 |
static final Pattern p |
|
501 |
= Pattern.compile("(c(\\d)+s(\\d+)|r(\\d+))(.*)(.)"); |
|
502 |
final Matcher m; |
|
503 |
||
504 |
UserRun(String run) { m = p.matcher(run); m.find(); } |
|
505 |
||
506 |
int req() { return group(4); } |
|
507 |
int client() { return group(2); } |
|
508 |
int service() { return group(3); } |
|
509 |
String acceptor() { return m.group(5); } |
|
510 |
boolean success() { return m.group(6).equals("v"); } |
|
511 |
||
512 |
int group(int i) { |
|
513 |
String g = m.group(i); |
|
514 |
return g == null ? -1 : Integer.parseInt(g); |
|
18536 | 515 |
} |
516 |
} |
|
517 |
} |