jdk-sandbox: comparison test/jdk/sun/security/krb5/auto/Renewal.java

equal deleted inserted replaced

-:4ebc2e2fb97c
+:71c04702a3d5
+/*
+* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* This code is free software; you can redistribute it and/or modify it
+* under the terms of the GNU General Public License version 2 only, as
+* published by the Free Software Foundation.
+*
+* This code is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+* version 2 for more details (a copy is included in the LICENSE file that
+* accompanied this code).
+*
+* You should have received a copy of the GNU General Public License version
+* 2 along with this work; if not, write to the Free Software Foundation,
+* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+*
+* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+* or visit www.oracle.com if you need additional information or have any
+* questions.
+*/
+/*
+* @test
+* @bug 8044500
+* @summary Add kinit options and krb5.conf flags that allow users to
+*          obtain renewable tickets and specify ticket lifetimes
+* @library ../../../../java/security/testlibrary/
+* @compile -XDignore.symbol.file Renewal.java
+* @run main/othervm Renewal
+*/
+import sun.security.krb5.Config;
+import sun.security.krb5.internal.ccache.Credentials;
+import sun.security.krb5.internal.ccache.FileCredentialsCache;
+import javax.security.auth.kerberos.KerberosTicket;
+import java.util.Date;
+import java.util.Random;
+import java.util.Set;
+// The basic krb5 test skeleton you can copy from
+public class Renewal {
+static OneKDC kdc;
+static String clazz = "sun.security.krb5.internal.tools.Kinit";
+static String hostsFileName = null;
+public static void main(String[] args) throws Exception {
+hostsFileName = System.getProperty("test.src", ".") + "/TestHosts";
+System.setProperty("jdk.net.hosts.file", hostsFileName);
+kdc = new OneKDC(null);
+kdc.writeJAASConf();
+kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+checkLogin(null, null, KDC.DEFAULT_LIFETIME, -1);
+checkLogin("1h", null, 3600, -1);
+checkLogin(null, "2d", KDC.DEFAULT_LIFETIME, 86400*2);
+checkLogin("1h", "10h", 3600, 36000);
+// When rtime is before till, use till as rtime
+checkLogin("10h", "1h", 36000, 36000);
+try {
+Class.forName(clazz);
+} catch (ClassNotFoundException cnfe) {
+return;
+}
+checkKinit(null, null, null, null, KDC.DEFAULT_LIFETIME, -1);
+checkKinit("1h", "10h", null, null, 3600, 36000);
+checkKinit(null, null, "30m", "5h", 1800, 18000);
+checkKinit("1h", "10h", "30m", "5h", 1800, 18000);
+checkKinitRenew();
+}
+static int count = 0;
+static void checkKinit(
+String s1,      // ticket_lifetime in krb5.conf, null if none
+String s2,      // renew_lifetime in krb5.conf, null if none
+String c1,      // -l on kinit, null if none
+String c2,      // -r on kinit, null if none
+int t1, int t2  // expected lifetimes, -1 of unexpected
+) throws Exception {
+KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+s1 != null ? ("ticket_lifetime = " + s1) : "",
+s2 != null ? ("renew_lifetime = " + s2) : "");
+Proc p = Proc.create(clazz);
+if (c1 != null) {
+p.args("-l", c1);
+}
+if (c2 != null) {
+p.args("-r", c2);
+}
+count++;
+p.args(OneKDC.USER, new String(OneKDC.PASS))
+.inheritIO()
+.prop("jdk.net.hosts.file", hostsFileName)
+.prop("java.security.krb5.conf", OneKDC.KRB5_CONF)
+.env("KRB5CCNAME", "ccache" + count)
+.start();
+if (p.waitFor() != 0) {
+throw new Exception();
+}
+FileCredentialsCache fcc =
+FileCredentialsCache.acquireInstance(null, "ccache" + count);
+Credentials cred = fcc.getDefaultCreds();
+checkRough(cred.getEndTime().toDate(), t1);
+if (cred.getRenewTill() == null) {
+checkRough(null, t2);
+} else {
+checkRough(cred.getRenewTill().toDate(), t2);
+}
+}
+static void checkKinitRenew() throws Exception {
+Proc p = Proc.create(clazz)
+.args("-R")
+.inheritIO()
+.prop("jdk.net.hosts.file", hostsFileName)
+.prop("java.security.krb5.conf", OneKDC.KRB5_CONF)
+.env("KRB5CCNAME", "ccache" + count)
+.start();
+if (p.waitFor() != 0) {
+throw new Exception();
+}
+}
+static void checkLogin(
+String s1,      // ticket_lifetime in krb5.conf, null if none
+String s2,      // renew_lifetime in krb5.conf, null if none
+int t1, int t2  // expected lifetimes, -1 of unexpected
+) throws Exception {
+KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+s1 != null ? ("ticket_lifetime = " + s1) : "",
+s2 != null ? ("renew_lifetime = " + s2) : "");
+Config.refresh();
+Context c;
+c = Context.fromJAAS("client");
+Set<KerberosTicket> tickets =
+c.s().getPrivateCredentials(KerberosTicket.class);
+if (tickets.size() != 1) {
+throw new Exception();
+}
+KerberosTicket ticket = tickets.iterator().next();
+checkRough(ticket.getEndTime(), t1);
+checkRough(ticket.getRenewTill(), t2);
+}
+static void checkRough(Date t, int duration) throws Exception {
+Date now = new Date();
+if (t == null && duration == -1) {
+return;
+}
+long change = (t.getTime() - System.currentTimeMillis()) / 1000;
+if (change > duration + 20 || change < duration - 20) {
+throw new Exception(t + " is not " + duration);
+}
+}
+}

changeset 47216	71c04702a3d5
parent 45028	b0ea3c0bfb81
child 48668	2da4a52715d8