1 /*

     2  * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 import java.io.IOException;

    25 import java.security.NoSuchAlgorithmException;

    26 import java.security.PrivilegedActionException;

    27 import java.util.HashMap;

    28 import java.util.Map;

    29 

    30 import javax.security.auth.login.LoginException;

    31 

    32 /*

    33  * @test

    34  * @bug 8025123 8194486

    35  * @summary Checks if an unbound server pick up a correct key from keytab

    36  * @library /test/lib

    37  * @run main jdk.test.lib.FileInstaller TestHosts TestHosts

    38  * @run main/othervm -Djdk.net.hosts.file=TestHosts UnboundSSLMultipleKeys

    39  *                              unbound.ssl.jaas.conf server_star

    40  * @run main/othervm -Djdk.net.hosts.file=TestHosts UnboundSSLMultipleKeys

    41  *                              unbound.ssl.jaas.conf server_multiple_principals

    42  */

    43 public class UnboundSSLMultipleKeys {

    44 

    45     public static void main(String[] args)

    46             throws IOException, NoSuchAlgorithmException, LoginException,

    47             PrivilegedActionException, InterruptedException {

    48         UnboundSSLMultipleKeys test = new UnboundSSLMultipleKeys();

    49         test.start(args[0], args[1]);

    50     }

    51 

    52     private void start(String jaacConfigFile, String serverJaasConfig)

    53             throws IOException, NoSuchAlgorithmException, LoginException,

    54             PrivilegedActionException, InterruptedException {

    55 

    56         // define service principals

    57         String service1host = "service1." + UnboundSSLUtils.HOST;

    58         String service2host = "service2." + UnboundSSLUtils.HOST;

    59         String service3host = "service3." + UnboundSSLUtils.HOST;

    60         String service1Principal = "host/" + service1host + "@"

    61                 + UnboundSSLUtils.REALM;

    62         String service2Principal = "host/" + service2host + "@"

    63                 + UnboundSSLUtils.REALM;

    64         String service3Principal = "host/" + service3host + "@"

    65                 + UnboundSSLUtils.REALM;

    66 

    67         Map<String, String> principals = new HashMap<>();

    68         principals.put(UnboundSSLUtils.USER_PRINCIPAL,

    69                 UnboundSSLUtils.USER_PASSWORD);

    70         principals.put(UnboundSSLUtils.KRBTGT_PRINCIPAL, "pass");

    71         principals.put(service1Principal, "pass0");

    72         principals.put(service1Principal, "pass1");

    73         principals.put(service1Principal, "pass2");

    74         principals.put(service2Principal, "pass");

    75         principals.put(service3Principal, "pass");

    76 

    77         System.setProperty("java.security.krb5.conf",

    78                 UnboundSSLUtils.KRB5_CONF_FILENAME);

    79 

    80         /*

    81          * Start a local KDC instance

    82          *

    83          * Keytab file contains 3 keys (with different KVNO) for service1

    84          * principal, but password for only one key is the same with the record

    85          * for service1 principal in KDC.

    86          */

    87         KDC.startKDC(UnboundSSLUtils.HOST, UnboundSSLUtils.KRB5_CONF_FILENAME,

    88                 UnboundSSLUtils.REALM, principals,

    89                 UnboundSSLUtils.KTAB_FILENAME, KDC.KtabMode.APPEND);

    90 

    91         System.setProperty("java.security.auth.login.config",

    92                 UnboundSSLUtils.TEST_SRC + UnboundSSLUtils.FS + jaacConfigFile);

    93         System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    94 

    95         // start an SSL server instance

    96         try (SSLEchoServer server = SSLEchoServer.init(

    97                 UnboundSSLUtils.TLS_KRB5_FILTER, UnboundSSLUtils.SNI_PATTERN)) {

    98 

    99             UnboundSSLUtils.startServerWithJaas(server, serverJaasConfig);

   100 

   101             //  wait for the server is ready

   102             while (!server.isReady()) {

   103                 Thread.sleep(UnboundSSLUtils.DELAY);

   104             }

   105 

   106             // run a client

   107             System.out.println("Successful connection is expected");

   108             SSLClient.init(UnboundSSLUtils.HOST, server.getPort(),

   109                     UnboundSSLUtils.TLS_KRB5_FILTER, service1host).connect();

   110         }

   111 

   112         System.out.println("Test passed");

   113     }

   114 

   115 }