1 /* |
1 /* |
2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
82 " isInitiator=false\n" + |
82 " isInitiator=false\n" + |
83 " storeKey=true;\n};\n" |
83 " storeKey=true;\n};\n" |
84 ).getBytes()); |
84 ).getBytes()); |
85 fos.close(); |
85 fos.close(); |
86 |
86 |
|
87 String hostsFileName = System.getProperty("test.src", ".") + "/TestHosts"; |
|
88 |
87 Proc pc = Proc.create("SSLwithPerms") |
89 Proc pc = Proc.create("SSLwithPerms") |
88 .args("client") |
90 .args("client") |
89 .inheritIO() |
91 .inheritIO() |
90 .prop("java.security.manager", "") |
92 .prop("java.security.manager", "") |
91 .prop("java.security.krb5.conf", KRB5_CONF) |
93 .prop("java.security.krb5.conf", KRB5_CONF) |
92 .prop("sun.net.spi.nameservice.provider.1", "ns,mock") |
94 .prop("jdk.net.hosts.file", hostsFileName) |
93 .prop("javax.net.ssl", "handshake") |
95 .prop("javax.net.ssl", "handshake") |
94 .prop("sun.security.krb5.debug", "true") |
96 .prop("sun.security.krb5.debug", "true") |
95 .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms")) |
97 .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms")) |
96 .perm(new PropertyPermission("sun.security.krb5.principal", "read")) |
98 .perm(new PropertyPermission("sun.security.krb5.principal", "read")) |
97 .perm(new FilePermission("port", "read")) |
99 .perm(new FilePermission("port", "read")) |
|
100 .perm(new FilePermission(hostsFileName, "read")) |
98 .perm(new FilePermission(KTAB, "read")) |
101 .perm(new FilePermission(KTAB, "read")) |
99 .perm(new RuntimePermission("accessClassInPackage.sun.net.spi.nameservice")) |
|
100 .perm(new AuthPermission("modifyPrincipals")) |
102 .perm(new AuthPermission("modifyPrincipals")) |
101 .perm(new AuthPermission("modifyPrivateCredentials")) |
103 .perm(new AuthPermission("modifyPrivateCredentials")) |
102 .perm(new AuthPermission("doAs")) |
104 .perm(new AuthPermission("doAs")) |
103 .perm(new SocketPermission("127.0.0.1", "connect")) |
105 .perm(new SocketPermission("127.0.0.1", "connect")) |
104 .perm(new ServicePermission("host/host.realm@REALM", "initiate")) |
106 .perm(new ServicePermission("host/host.realm@REALM", "initiate")) |
108 .args("server") |
110 .args("server") |
109 .inheritIO() |
111 .inheritIO() |
110 .prop("java.security.manager", "") |
112 .prop("java.security.manager", "") |
111 .prop("java.security.krb5.conf", KRB5_CONF) |
113 .prop("java.security.krb5.conf", KRB5_CONF) |
112 .prop("java.security.auth.login.config", JAAS_CONF) |
114 .prop("java.security.auth.login.config", JAAS_CONF) |
|
115 .prop("jdk.net.hosts.file", hostsFileName) |
113 .prop("javax.net.ssl", "handshake") |
116 .prop("javax.net.ssl", "handshake") |
114 .prop("sun.security.krb5.debug", "true") |
117 .prop("sun.security.krb5.debug", "true") |
115 .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms")) |
118 .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms")) |
116 .perm(new AuthPermission("createLoginContext.ssl")) |
119 .perm(new AuthPermission("createLoginContext.ssl")) |
117 .perm(new AuthPermission("doAs")) |
120 .perm(new AuthPermission("doAs")) |
|
121 .perm(new FilePermission(hostsFileName, "read")) |
118 .perm(new FilePermission("port", "write")) |
122 .perm(new FilePermission("port", "write")) |
119 .perm(new SocketPermission("127.0.0.1", "accept")) |
123 .perm(new SocketPermission("127.0.0.1", "accept")) |
120 .perm(new ServicePermission("host/host.realm@REALM", "accept")) |
124 .perm(new ServicePermission("host/host.realm@REALM", "accept")) |
121 .start(); |
125 .start(); |
122 |
126 |