--- a/test/jdk/sun/security/krb5/auto/LongLife.java Mon Jun 25 10:54:55 2018 +0200
+++ b/test/jdk/sun/security/krb5/auto/LongLife.java Tue Mar 20 11:16:10 2018 +0530
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 8131051 8194486
+ * @bug 8131051 8194486 8187218
* @summary KDC might issue a renewable ticket even if not requested
* @library /test/lib
* @compile -XDignore.symbol.file LongLife.java
@@ -31,7 +31,12 @@
* @run main/othervm -Djdk.net.hosts.file=TestHosts LongLife
*/
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSManager;
import sun.security.krb5.Config;
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosTicket;
+import java.security.PrivilegedExceptionAction;
public class LongLife {
@@ -39,11 +44,53 @@
OneKDC kdc = new OneKDC(null).writeJAASConf();
- // A lifetime 2d will make it renewable
+ test(kdc, "10h", false, 36000, false);
+ test(kdc, "2d", false, KDC.DEFAULT_LIFETIME, true);
+ test(kdc, "2d", true, 2 * 24 * 3600, false);
+
+ // 8187218: getRemainingLifetime() is negative if lifetime
+ // is longer than 30 days.
+ test(kdc, "30d", true, 30 * 24 * 3600, false);
+ }
+
+ static void test(
+ KDC kdc,
+ String ticketLifetime,
+ boolean forceTill, // if true, KDC will not try RENEWABLE
+ int expectedLifeTime,
+ boolean expectedRenewable) throws Exception {
+
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
- "ticket_lifetime = 2d");
+ "ticket_lifetime = " + ticketLifetime);
Config.refresh();
- Context.fromJAAS("client");
+ if (forceTill) {
+ System.setProperty("test.kdc.force.till", "");
+ } else {
+ System.clearProperty("test.kdc.force.till");
+ }
+
+ Context c = Context.fromJAAS("client");
+
+ GSSCredential cred = Subject.doAs(c.s(),
+ (PrivilegedExceptionAction<GSSCredential>)
+ ()-> {
+ GSSManager m = GSSManager.getInstance();
+ return m.createCredential(GSSCredential.INITIATE_ONLY);
+ });
+
+ KerberosTicket tgt = c.s().getPrivateCredentials(KerberosTicket.class)
+ .iterator().next();
+ System.out.println(tgt);
+
+ int actualLifeTime = cred.getRemainingLifetime();
+ if (actualLifeTime < expectedLifeTime - 60
+ || actualLifeTime > expectedLifeTime + 60) {
+ throw new Exception("actualLifeTime is " + actualLifeTime);
+ }
+
+ if (tgt.isRenewable() != expectedRenewable) {
+ throw new Exception("TGT's RENEWABLE flag is " + tgt.isRenewable());
+ }
}
}