jdk-sandbox: jdk/test/sun/security/krb5/auto/AcceptPermissions.java@f8bc1966fb30 (annotated)

15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	1	/*
23010 6dadb192ad81 8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013 lana parents: 15649 diff changeset	2	* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	4	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	7	* published by the Free Software Foundation.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	8	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	13	* accompanied this code).
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	14	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	18	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	21	* questions.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	22	*/
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	23
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	24	/*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	25	* @test
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	26	* @bug 9999999
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	27	* @summary default principal can act as anyone
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	28	* @compile -XDignore.symbol.file AcceptPermissions.java
15649 f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	29	* @run main/othervm AcceptPermissions two
f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	30	* @run main/othervm AcceptPermissions unbound
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	31	*/
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	32
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	33	import java.nio.file.Files;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	34	import java.nio.file.Paths;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	35	import java.nio.file.StandardOpenOption;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	36	import java.security.Permission;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	37	import javax.security.auth.kerberos.ServicePermission;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	38	import sun.security.jgss.GSSUtil;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	39	import java.util.*;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	40
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	41	public class AcceptPermissions extends SecurityManager {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	42
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	43	private static Map<Permission,String> perms = new HashMap<>();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	44	@Override
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	45	public void checkPermission(Permission perm) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	46	if (!(perm instanceof ServicePermission)) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	47	return;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	48	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	49	ServicePermission sp = (ServicePermission)perm;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	50	if (!sp.getActions().equals("accept")) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	51	return;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	52	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	53	// We only care about accept ServicePermission in this test
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	54	try {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	55	super.checkPermission(sp);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	56	} catch (SecurityException se) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	57	if (perms.containsKey(sp)) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	58	perms.put(sp, "checked");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	59	} else {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	60	throw se; // We didn't expect this is needed
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	61	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	62	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	63	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	64
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	65	// Fills in permissions we are expecting
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	66	private static void initPerms(String... names) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	67	perms.clear();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	68	for (String name: names) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	69	perms.put(new ServicePermission(
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	70	name + "@" + OneKDC.REALM, "accept"), "expected");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	71	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	72	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	73
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	74	// Checks if they are all checked
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	75	private static void checkPerms() {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	76	for (Map.Entry<Permission,String> entry: perms.entrySet()) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	77	if (entry.getValue().equals("expected")) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	78	throw new RuntimeException(
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	79	"Expected but not used: " + entry.getKey());
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	80	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	81	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	82	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	83
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	84	public static void main(String[] args) throws Exception {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	85	System.setSecurityManager(new AcceptPermissions());
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	86	new OneKDC(null).writeJAASConf();
15649 f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	87	String moreEntries = "two {\n"
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	88	+ " com.sun.security.auth.module.Krb5LoginModule required"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	89	+ " principal=\"" + OneKDC.SERVER + "\" useKeyTab=true"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	90	+ " isInitiator=false storeKey=true;\n"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	91	+ " com.sun.security.auth.module.Krb5LoginModule required"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	92	+ " principal=\"" + OneKDC.BACKEND + "\" useKeyTab=true"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	93	+ " isInitiator=false storeKey=true;\n"
15649 f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	94	+ "};\n"
f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	95	+ "unbound {"
f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	96	+ " com.sun.security.auth.module.Krb5LoginModule required"
f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	97	+ " principal=* useKeyTab=true"
f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	98	+ " isInitiator=false storeKey=true;\n"
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	99	+ "};\n";
15649 f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	100	Files.write(Paths.get(OneKDC.JAAS_CONF), moreEntries.getBytes(),
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	101	StandardOpenOption.APPEND);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	102
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	103	Context c, s;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	104
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	105	// In all cases, a ServicePermission on the acceptor name is needed
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	106	// for a handshake. For default principal with no predictable name,
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	107	// permission not needed (yet) for credentials creation.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	108
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	109	// Named principal
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	110	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	111	c = Context.fromJAAS("client");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	112	s = Context.fromJAAS("server");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	113	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	114	s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	115	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	116	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	117	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	118	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	119
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	120	// Named principal (even if there are 2 JAAS modules)
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	121	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	122	c = Context.fromJAAS("client");
15649 f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	123	s = Context.fromJAAS(args[0]);
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	124	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	125	s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	126	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	127	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	128	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	129	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	130
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	131	// Default principal with a predictable name
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	132	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	133	c = Context.fromJAAS("client");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	134	s = Context.fromJAAS("server");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	135	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	136	s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	137	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	138	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	139	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	140	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	141
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	142	// Default principal with no predictable name
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	143	initPerms(); // permission not needed for cred !!!
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	144	c = Context.fromJAAS("client");
15649 f6bd3d34f844 8001104: Unbound SASL service: the GSSAPI/krb5 mech weijun parents: 15006 diff changeset	145	s = Context.fromJAAS(args[0]);
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	146	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	147	s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	148	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	149	initPerms(OneKDC.SERVER); // still needed for handshake !!!
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	150	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	151	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	152	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	153	}

author	stefank
	Mon, 25 Aug 2014 09:10:13 +0200
changeset 26314	f8bc1966fb30
parent 23010	6dadb192ad81
child 30820	0d4717a011d3
permissions	-rw-r--r--