1 /*

     2  * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,

    20  * CA 95054 USA or visit www.sun.com if you need additional information or

    21  * have any questions.

    22  */

    23 

    24 /*

    25  * @test

    26  * @bug 6894643

    27  * @summary Test JSSE Kerberos ciphersuite

    28  */

    29 import java.io.*;

    30 import java.net.InetAddress;

    31 import javax.net.ssl.*;

    32 import java.security.Principal;

    33 import java.util.Date;

    34 import sun.security.jgss.GSSUtil;

    35 

    36 public class SSL {

    37 

    38     private static final String KRB5_CIPHER = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA";

    39     private static final int PORT = 4569;

    40     private static final int LOOP_LIMIT = 1;

    41     private static final char[] PASS = "secret".toCharArray();

    42     private static int loopCount = 0;

    43 

    44     private static String SERVER;

    45 

    46     public static void main(String[] args) throws Exception {

    47 

    48         KDC kdc = KDC.create(OneKDC.REALM);

    49         // Run this after KDC, so our own DNS service can be started

    50         try {

    51             SERVER = InetAddress.getLocalHost().getHostName();

    52         } catch (java.net.UnknownHostException e) {

    53             SERVER = "localhost";

    54         }

    55 

    56         kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);

    57         kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);

    58         kdc.addPrincipal("host/" + SERVER, PASS);

    59         KDC.saveConfig(OneKDC.KRB5_CONF, kdc);

    60         System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);

    61 

    62         final Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);

    63         final Context s = Context.fromUserPass("host/" + SERVER, PASS, true);

    64 

    65         c.startAsClient("host/" + SERVER, GSSUtil.GSS_KRB5_MECH_OID);

    66         s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    67 

    68         new Thread(new Runnable() {

    69             public void run() {

    70                 try {

    71                     s.doAs(new JsseServerAction(), null);

    72                 } catch (Exception e) {

    73                     e.printStackTrace();

    74                 }

    75             }

    76         }).start();

    77 

    78         // Warm the server

    79         Thread.sleep(2000);

    80 

    81         c.doAs(new JsseClientAction(), null);

    82     }

    83 

    84     // Following codes copied from

    85     // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part2.html#JSSE

    86     private static class JsseClientAction implements Action {

    87         public byte[] run(Context s, byte[] input) throws Exception {

    88             SSLSocketFactory sslsf =

    89                 (SSLSocketFactory) SSLSocketFactory.getDefault();

    90             SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(SERVER, PORT);

    91 

    92             // Enable only a KRB5 cipher suite.

    93             String enabledSuites[] = {KRB5_CIPHER};

    94             sslSocket.setEnabledCipherSuites(enabledSuites);

    95             // Should check for exception if enabledSuites is not supported

    96 

    97             BufferedReader in = new BufferedReader(new InputStreamReader(

    98                 sslSocket.getInputStream()));

    99             BufferedWriter out = new BufferedWriter(new OutputStreamWriter(

   100                 sslSocket.getOutputStream()));

   101 

   102             String outStr = "Hello There!\n";

   103             out.write(outStr);

   104             out.flush();

   105             System.out.print("Sending " + outStr);

   106 

   107             String inStr = in.readLine();

   108             System.out.println("Received " + inStr);

   109 

   110             String cipherSuiteChosen = sslSocket.getSession().getCipherSuite();

   111             System.out.println("Cipher suite in use: " + cipherSuiteChosen);

   112             Principal self = sslSocket.getSession().getLocalPrincipal();

   113             System.out.println("I am: " + self.toString());

   114             Principal peer = sslSocket.getSession().getPeerPrincipal();

   115             System.out.println("Server is: " + peer.toString());

   116 

   117             sslSocket.close();

   118             return null;

   119         }

   120     }

   121 

   122     private static class JsseServerAction implements Action {

   123         public byte[] run(Context s, byte[] input) throws Exception {

   124             SSLServerSocketFactory sslssf =

   125                 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();

   126             SSLServerSocket sslServerSocket =

   127                 (SSLServerSocket) sslssf.createServerSocket(PORT);

   128 

   129             // Enable only a KRB5 cipher suite.

   130             String enabledSuites[] = {KRB5_CIPHER};

   131             sslServerSocket.setEnabledCipherSuites(enabledSuites);

   132             // Should check for exception if enabledSuites is not supported

   133 

   134             while (loopCount++ < LOOP_LIMIT) {

   135                 System.out.println("Waiting for incoming connection...");

   136 

   137                 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

   138 

   139                 System.out.println("Got connection from client "

   140                     + sslSocket.getInetAddress());

   141 

   142                 BufferedReader in = new BufferedReader(new InputStreamReader(

   143                     sslSocket.getInputStream()));

   144                 BufferedWriter out = new BufferedWriter(new OutputStreamWriter(

   145                     sslSocket.getOutputStream()));

   146 

   147                 String inStr = in.readLine();

   148                 System.out.println("Received " + inStr);

   149 

   150                 String outStr = inStr + " " + new Date().toString() + "\n";

   151                 out.write(outStr);

   152                 System.out.println("Sending " + outStr);

   153                 out.flush();

   154 

   155                 String cipherSuiteChosen =

   156                     sslSocket.getSession().getCipherSuite();

   157                 System.out.println("Cipher suite in use: " + cipherSuiteChosen);

   158                 Principal self = sslSocket.getSession().getLocalPrincipal();

   159                 System.out.println("I am: " + self.toString());

   160                 Principal peer = sslSocket.getSession().getPeerPrincipal();

   161                 System.out.println("Client is: " + peer.toString());

   162 

   163                 sslSocket.close();

   164             }

   165             return null;

   166         }

   167     }

   168 }