jdk-sandbox: jdk/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java@b57c48f16179 (annotated)

14413 e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	1	/*
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	2	* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	4	*
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	7	* published by the Free Software Foundation.
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	8	*
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	13	* accompanied this code).
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	14	*
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	18	*
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	21	* questions.
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	22	*/
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	23
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	24	/*
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	25	* @test
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	26	* @bug 6355584
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	27	* @summary Introduce constrained Kerberos delegation
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	28	* @compile -XDignore.symbol.file S4U2selfAsServerGSS.java
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	29	* @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS krb5
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	30	* @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS spnego
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	31	*/
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	32
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	33	import java.io.File;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	34	import java.io.FileOutputStream;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	35	import java.security.Security;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	36	import java.util.Arrays;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	37	import java.util.HashMap;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	38	import java.util.List;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	39	import java.util.Map;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	40	import org.ietf.jgss.Oid;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	41	import sun.security.jgss.GSSUtil;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	42
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	43	public class S4U2selfAsServerGSS {
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	44
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	45	public static void main(String[] args) throws Exception {
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	46	Oid mech;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	47	if (args[0].equals("spnego")) {
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	48	mech = GSSUtil.GSS_SPNEGO_MECH_OID;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	49	} else if (args[0].contains("krb5")) {
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	50	mech = GSSUtil.GSS_KRB5_MECH_OID;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	51	} else {
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	52	throw new Exception("Unknown mech");
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	53	}
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	54
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	55	OneKDC kdc = new OneKDC(null);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	56	kdc.writeJAASConf();
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	57	kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	58	Map<String,List<String>> map = new HashMap<>();
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	59	map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	60	new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	61	kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	62	kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	63	new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	64
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	65	Context s, b;
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	66	System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	67	System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	68	File f = new File(OneKDC.JAAS_CONF);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	69	FileOutputStream fos = new FileOutputStream(f);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	70	fos.write((
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	71	"com.sun.security.jgss.krb5.accept {\n" +
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	72	" com.sun.security.auth.module.Krb5LoginModule required\n" +
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	73	" principal=\"" + OneKDC.SERVER + "\"\n" +
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	74	" useKeyTab=true\n" +
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	75	" storeKey=true;\n};\n"
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	76	).getBytes());
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	77	fos.close();
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	78	Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	79	s = Context.fromThinAir();
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	80	b = Context.fromThinAir();
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	81	s.startAsServer(mech);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	82
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	83	Context p = s.impersonate(OneKDC.USER);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	84
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	85	p.startAsClient(OneKDC.SERVER, mech);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	86	b.startAsServer(mech);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	87	Context.handshake(p, b);
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	88
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	89	String n1 = p.x().getSrcName().toString().split("@")[0];
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	90	String n2 = b.x().getSrcName().toString().split("@")[0];
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	91	if (!n1.equals(OneKDC.USER) \|\| !n2.equals(OneKDC.USER)) {
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	92	throw new Exception("Delegation failed");
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	93	}
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	94	}
e954df027393 6355584: Introduce constrained Kerberos delegation weijun parents: diff changeset	95	}

author	msheppar
	Thu, 21 Feb 2013 20:01:22 +0000
changeset 16020	b57c48f16179
parent 14413	e954df027393
child 30820	0d4717a011d3
permissions	-rw-r--r--