--- a/jdk/test/sun/security/krb5/auto/SSL.java Fri Sep 27 13:32:32 2013 -0400
+++ b/jdk/test/sun/security/krb5/auto/SSL.java Tue Oct 01 20:25:44 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,11 +23,12 @@
/*
* @test
- * @bug 6894643 6913636 8005523
+ * @bug 6894643 6913636 8005523 8025123
* @summary Test JSSE Kerberos ciphersuite
* @run main/othervm SSL TLS_KRB5_WITH_RC4_128_SHA
* @run main/othervm SSL TLS_KRB5_WITH_RC4_128_SHA unbound
+ * @run main/othervm SSL TLS_KRB5_WITH_RC4_128_SHA unbound sni
* @run main/othervm SSL TLS_KRB5_WITH_3DES_EDE_CBC_SHA
* @run main/othervm SSL TLS_KRB5_WITH_3DES_EDE_CBC_MD5
* @run main/othervm SSL TLS_KRB5_WITH_DES_CBC_SHA
@@ -44,6 +45,9 @@
import javax.net.ssl.*;
import java.security.Principal;
import java.util.Date;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Locale;
import javax.security.auth.kerberos.ServicePermission;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.PrincipalName;
@@ -56,6 +60,8 @@
private static int loopCount = 0;
private static volatile String server;
private static volatile int port;
+ private static String sniHostname = null;
+ private static String sniMatcherPattern = null;
private static String permChecks = "";
@@ -84,11 +90,11 @@
System.setSecurityManager(new SSL());
KDC kdc = KDC.create(OneKDC.REALM);
- // Run this after KDC, so our own DNS service can be started
- try {
- server = InetAddress.getLocalHost().getHostName().toLowerCase();
- } catch (java.net.UnknownHostException e) {
- server = "localhost";
+ server = "host." + OneKDC.REALM.toLowerCase(Locale.US);
+
+ if (args.length > 2) {
+ sniHostname = "test." + server;
+ sniMatcherPattern = ".*";
}
kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
@@ -98,15 +104,21 @@
// Add 3 versions of keys into keytab
KeyTab ktab = KeyTab.create(OneKDC.KTAB);
+ String serviceName = null;
+ if (sniHostname != null) {
+ serviceName = "host/" + sniHostname;
+ } else {
+ serviceName = "host/" + server;
+ }
PrincipalName service = new PrincipalName(
- "host/" + server, PrincipalName.KRB_NT_SRV_HST);
+ serviceName, PrincipalName.KRB_NT_SRV_HST);
ktab.addEntry(service, "pass1".toCharArray(), 1, true);
ktab.addEntry(service, "pass2".toCharArray(), 2, true);
ktab.addEntry(service, "pass3".toCharArray(), 3, true);
ktab.save();
// and use the middle one as the real key
- kdc.addPrincipal("host/" + server, "pass2".toCharArray());
+ kdc.addPrincipal(serviceName, "pass2".toCharArray());
// JAAS config entry name ssl
@@ -118,7 +130,7 @@
" com.sun.security.auth.module.Krb5LoginModule required\n" +
(unbound ?
" principal=*\n" :
- " principal=\"host/" + server + "\"\n") +
+ " principal=\"" + serviceName + "\"\n") +
" useKeyTab=true\n" +
" keyTab=" + OneKDC.KTAB + "\n" +
" isInitiator=false\n" +
@@ -153,7 +165,7 @@
}
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
- c.startAsClient("host/" + server, GSSUtil.GSS_KRB5_MECH_OID);
+ c.startAsClient(serviceName, GSSUtil.GSS_KRB5_MECH_OID);
c.doAs(new JsseClientAction(), null);
// Add another version of key, make sure it can be loaded
@@ -161,10 +173,10 @@
ktab = KeyTab.getInstance(OneKDC.KTAB);
ktab.addEntry(service, "pass4".toCharArray(), 4, true);
ktab.save();
- kdc.addPrincipal("host/" + server, "pass4".toCharArray());
+ kdc.addPrincipal(serviceName, "pass4".toCharArray());
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
- c.startAsClient("host/" + server, GSSUtil.GSS_KRB5_MECH_OID);
+ c.startAsClient(serviceName, GSSUtil.GSS_KRB5_MECH_OID);
c.doAs(new JsseClientAction(), null);
// Permission checking check. Please note this is highly
@@ -199,6 +211,14 @@
sslSocket.setEnabledCipherSuites(enabledSuites);
// Should check for exception if enabledSuites is not supported
+ if (sniHostname != null) {
+ List<SNIServerName> serverNames = new ArrayList<>();
+ serverNames.add(new SNIHostName(sniHostname));
+ SSLParameters params = sslSocket.getSSLParameters();
+ params.setServerNames(serverNames);
+ sslSocket.setSSLParameters(params);
+ }
+
BufferedReader in = new BufferedReader(new InputStreamReader(
sslSocket.getInputStream()));
BufferedWriter out = new BufferedWriter(new OutputStreamWriter(
@@ -242,6 +262,14 @@
sslServerSocket.setEnabledCipherSuites(enabledSuites);
// Should check for exception if enabledSuites is not supported
+ if (sniMatcherPattern != null) {
+ List<SNIMatcher> matchers = new ArrayList<>();
+ matchers.add(SNIHostName.createSNIMatcher(sniMatcherPattern));
+ SSLParameters params = sslServerSocket.getSSLParameters();
+ params.setSNIMatchers(matchers);
+ sslServerSocket.setSSLParameters(params);
+ }
+
while (loopCount++ < LOOP_LIMIT) {
System.out.println("Waiting for incoming connection...");