jdk-sandbox: comparison jdk/test/sun/security/krb5/auto/SaslGSS.java

equal deleted inserted replaced

-:cf76dafb155d
+:6f556e154816
+/*
+* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* This code is free software; you can redistribute it and/or modify it
+* under the terms of the GNU General Public License version 2 only, as
+* published by the Free Software Foundation.
+*
+* This code is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+* version 2 for more details (a copy is included in the LICENSE file that
+* accompanied this code).
+*
+* You should have received a copy of the GNU General Public License version
+* 2 along with this work; if not, write to the Free Software Foundation,
+* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+*
+* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+* or visit www.oracle.com if you need additional information or have any
+* questions.
+*/
+/*
+* @test
+* @bug 8012082
+* @summary SASL: auth-conf negotiated, but unencrypted data is accepted,
+*         reset to unencrypt
+* @compile -XDignore.symbol.file SaslGSS.java
+* @run main/othervm SaslGSS
+*/
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.RealmCallback;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslServer;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Locale;
+import org.ietf.jgss.*;
+import sun.security.jgss.GSSUtil;
+public class SaslGSS {
+public static void main(String[] args) throws Exception {
+String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);
+new OneKDC(null).writeJAASConf();
+System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+// Client in JGSS so that it can control wrap privacy mode
+GSSManager m = GSSManager.getInstance();
+GSSContext sc = m.createContext(
+m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
+GSSUtil.GSS_KRB5_MECH_OID,
+null,
+GSSContext.DEFAULT_LIFETIME);
+sc.requestMutualAuth(false);
+// Server in SASL
+final HashMap props = new HashMap();
+props.put(Sasl.QOP, "auth-conf");
+SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
+name, props,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+for (Callback cb : callbacks) {
+if (cb instanceof RealmCallback) {
+((RealmCallback) cb).setText(OneKDC.REALM);
+} else if (cb instanceof AuthorizeCallback) {
+((AuthorizeCallback) cb).setAuthorized(true);
+}
+}
+}
+});
+// Handshake
+byte[] token = new byte[0];
+token = sc.initSecContext(token, 0, token.length);
+token = ss.evaluateResponse(token);
+token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
+token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
+token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
+ss.evaluateResponse(token);
+// Talk
+// 1. Client sends a auth-int message
+byte[] hello = "hello".getBytes();
+MessageProp qop = new MessageProp(0, false);
+token = sc.wrap(hello, 0, hello.length, qop);
+// 2. Server accepts it anyway
+ss.unwrap(token, 0, token.length);
+// 3. Server sends a message
+token = ss.wrap(hello, 0, hello.length);
+// 4. Client accepts, should be auth-conf
+sc.unwrap(token, 0, token.length, qop);
+if (!qop.getPrivacy()) {
+throw new Exception();
+}
+}
+}

changeset 17209	6f556e154816
child 18793	4d9455e24050