jdk-sandbox: test/jdk/sun/security/krb5/auto/ReferralsTest.java@d65d3c37232c (annotated)

55258 d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	1	/*
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	2	* Copyright (c) 2019, Red Hat, Inc.
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	4	*
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	7	* published by the Free Software Foundation.
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	8	*
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	13	* accompanied this code).
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	14	*
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	18	*
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	21	* questions.
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	22	*/
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	23
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	24	/*
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	25	* @test
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	26	* @bug 8215032
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	27	* @library /test/lib
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	28	* @run main/othervm/timeout=120 -Dsun.security.krb5.debug=true ReferralsTest
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	29	* @summary Test Kerberos cross-realm referrals (RFC 6806)
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	30	*/
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	31
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	32	import java.io.File;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	33	import sun.security.krb5.Credentials;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	34	import sun.security.krb5.internal.CredentialsUtil;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	35	import sun.security.krb5.KrbAsReqBuilder;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	36	import sun.security.krb5.PrincipalName;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	37
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	38	public class ReferralsTest {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	39	private static final boolean DEBUG = true;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	40	private static final String krbConfigName = "krb5-localkdc.conf";
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	41	private static final String realmKDC1 = "RABBIT.HOLE";
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	42	private static final String realmKDC2 = "DEV.RABBIT.HOLE";
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	43	private static final char[] password = "123qwe@Z".toCharArray();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	44	private static final String clientName = "test";
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	45
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	46	private static final String clientAlias = clientName +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	47	PrincipalName.NAME_REALM_SEPARATOR_STR + realmKDC1;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	48
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	49	private static final String clientKDC1QueryName = clientAlias.replaceAll(
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	50	PrincipalName.NAME_REALM_SEPARATOR_STR, "\\\\" +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	51	PrincipalName.NAME_REALM_SEPARATOR_STR) +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	52	PrincipalName.NAME_REALM_SEPARATOR_STR + realmKDC1;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	53	private static PrincipalName clientKDC1QueryPrincipal = null;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	54	static {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	55	try {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	56	clientKDC1QueryPrincipal = new PrincipalName(
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	57	clientKDC1QueryName, PrincipalName.KRB_NT_ENTERPRISE,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	58	null);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	59	} catch (Throwable t) {}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	60	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	61
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	62	private static final String clientKDC2Name = clientName +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	63	PrincipalName.NAME_REALM_SEPARATOR_STR + realmKDC2;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	64
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	65	private static final String serviceName = "http" +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	66	PrincipalName.NAME_COMPONENT_SEPARATOR_STR +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	67	"server.dev.rabbit.hole";
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	68
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	69	private static Credentials tgt;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	70	private static Credentials tgs;
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	71
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	72	public static void main(String[] args) throws Exception {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	73	try {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	74	initializeKDCs();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	75	getTGT();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	76	getTGS();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	77	} finally {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	78	cleanup();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	79	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	80	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	81
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	82	private static void initializeKDCs() throws Exception {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	83	KDC kdc1 = KDC.create(realmKDC1, "localhost", 0, true);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	84	kdc1.addPrincipalRandKey(PrincipalName.TGS_DEFAULT_SRV_NAME +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	85	PrincipalName.NAME_COMPONENT_SEPARATOR_STR + realmKDC1);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	86	kdc1.addPrincipal(PrincipalName.TGS_DEFAULT_SRV_NAME +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	87	PrincipalName.NAME_COMPONENT_SEPARATOR_STR + realmKDC1 +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	88	PrincipalName.NAME_REALM_SEPARATOR_STR + realmKDC2,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	89	password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	90	kdc1.addPrincipal(PrincipalName.TGS_DEFAULT_SRV_NAME +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	91	PrincipalName.NAME_COMPONENT_SEPARATOR_STR + realmKDC2,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	92	password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	93
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	94	KDC kdc2 = KDC.create(realmKDC2, "localhost", 0, true);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	95	kdc2.addPrincipalRandKey(PrincipalName.TGS_DEFAULT_SRV_NAME +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	96	PrincipalName.NAME_COMPONENT_SEPARATOR_STR + realmKDC2);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	97	kdc2.addPrincipal(clientKDC2Name, password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	98	kdc2.addPrincipal(serviceName, password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	99	kdc2.addPrincipal(PrincipalName.TGS_DEFAULT_SRV_NAME +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	100	PrincipalName.NAME_COMPONENT_SEPARATOR_STR + realmKDC1,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	101	password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	102	kdc2.addPrincipal(PrincipalName.TGS_DEFAULT_SRV_NAME +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	103	PrincipalName.NAME_COMPONENT_SEPARATOR_STR + realmKDC2 +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	104	PrincipalName.NAME_REALM_SEPARATOR_STR + realmKDC1,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	105	password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	106
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	107	kdc1.registerAlias(clientAlias, kdc2);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	108	kdc1.registerAlias(serviceName, kdc2);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	109	kdc2.registerAlias(clientAlias, clientKDC2Name);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	110
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	111	KDC.saveConfig(krbConfigName, kdc1, kdc2,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	112	"forwardable=true");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	113	System.setProperty("java.security.krb5.conf", krbConfigName);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	114	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	115
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	116	private static void cleanup() {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	117	File f = new File(krbConfigName);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	118	if (f.exists()) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	119	f.delete();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	120	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	121	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	122
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	123	private static void getTGT() throws Exception {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	124	KrbAsReqBuilder builder = new KrbAsReqBuilder(clientKDC1QueryPrincipal,
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	125	password);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	126	tgt = builder.action().getCreds();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	127	builder.destroy();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	128	if (DEBUG) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	129	System.out.println("TGT");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	130	System.out.println("----------------------");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	131	System.out.println(tgt);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	132	System.out.println("----------------------");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	133	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	134	if (tgt == null) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	135	throw new Exception("TGT is null");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	136	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	137	if (!tgt.getClient().getName().equals(clientKDC2Name)) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	138	throw new Exception("Unexpected TGT client");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	139	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	140	String[] tgtServerNames = tgt.getServer().getNameStrings();
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	141	if (tgtServerNames.length != 2 \|\| !tgtServerNames[0].equals(
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	142	PrincipalName.TGS_DEFAULT_SRV_NAME) \|\|
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	143	!tgtServerNames[1].equals(realmKDC2) \|\|
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	144	!tgt.getServer().getRealmString().equals(realmKDC2)) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	145	throw new Exception("Unexpected TGT server");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	146	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	147	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	148
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	149	private static void getTGS() throws Exception {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	150	tgs = CredentialsUtil.acquireServiceCreds(serviceName +
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	151	PrincipalName.NAME_REALM_SEPARATOR_STR + realmKDC1, tgt);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	152	if (DEBUG) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	153	System.out.println("TGS");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	154	System.out.println("----------------------");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	155	System.out.println(tgs);
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	156	System.out.println("----------------------");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	157	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	158	if (tgs == null) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	159	throw new Exception("TGS is null");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	160	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	161	if (!tgs.getClient().getName().equals(clientKDC2Name)) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	162	throw new Exception("Unexpected TGS client");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	163	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	164	if (!tgs.getServer().getNameString().equals(serviceName) \|\|
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	165	!tgs.getServer().getRealmString().equals(realmKDC2)) {
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	166	throw new Exception("Unexpected TGS server");
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	167	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	168	}
d65d3c37232c 8215032: Support Kerberos cross-realm referrals (RFC 6806) mbalao parents: diff changeset	169	}

author	mbalao
	Wed, 05 Jun 2019 01:42:11 -0300
changeset 55258	d65d3c37232c
child 57487	643978a35f6e
permissions	-rw-r--r--