--- a/test/jdk/sun/security/krb5/auto/SSLwithPerms.java Mon Jun 25 21:22:16 2018 +0300
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 8038089 8194486
- * @summary TLS optional support for Kerberos cipher suites needs to be re-examined
- * @library ../../../../java/security/testlibrary/ /test/lib
- * @run main jdk.test.lib.FileInstaller TestHosts TestHosts
- * @run main/othervm -Djdk.net.hosts.file=TestHosts SSLwithPerms
- */
-import java.io.*;
-import javax.net.ssl.*;
-import javax.security.auth.AuthPermission;
-import javax.security.auth.kerberos.ServicePermission;
-import java.net.SocketPermission;
-import java.nio.ByteBuffer;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.security.Principal;
-import java.security.Security;
-import java.security.SecurityPermission;
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Locale;
-import java.util.PropertyPermission;
-
-import sun.security.jgss.GSSUtil;
-
-public class SSLwithPerms {
-
- static String KRB5_CONF = "krb5.conf";
- static String JAAS_CONF = "jaas.conf";
- static String REALM = "REALM";
- static String KTAB = "ktab";
- static String HOST = "host." + REALM.toLowerCase(Locale.US);
- static String SERVER = "host/" + HOST;
- static String USER = "user";
- static char[] PASS = "password".toCharArray();
-
- public static void main(String[] args) throws Exception {
-
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- if (args.length == 0) {
- KDC kdc = KDC.create(REALM, HOST, 0, true);
-
- kdc.addPrincipal(USER, PASS);
- kdc.addPrincipalRandKey("krbtgt/" + REALM);
- kdc.addPrincipalRandKey(SERVER);
- KDC.saveConfig(KRB5_CONF, kdc);
- kdc.writeKtab(KTAB);
-
- File f = new File(JAAS_CONF);
- FileOutputStream fos = new FileOutputStream(f);
- fos.write((
- "ssl {\n" +
- " com.sun.security.auth.module.Krb5LoginModule required\n" +
- " principal=\"" + SERVER + "\"\n" +
- " useKeyTab=true\n" +
- " keyTab=" + KTAB + "\n" +
- " isInitiator=false\n" +
- " storeKey=true;\n};\n"
- ).getBytes());
- fos.close();
-
- String hostsFileName = System.getProperty("test.src", ".") + "/TestHosts";
-
- Proc pc = Proc.create("SSLwithPerms")
- .args("client")
- .inheritIO()
- .prop("java.security.manager", "")
- .prop("java.security.krb5.conf", KRB5_CONF)
- .prop("jdk.net.hosts.file", hostsFileName)
- .prop("javax.net.ssl", "handshake")
- .prop("sun.security.krb5.debug", "true")
- .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms"))
- .perm(new java.util.PropertyPermission("user.name", "read"))
- .perm(new PropertyPermission("sun.security.krb5.principal", "read"))
- .perm(new FilePermission("port", "read"))
- .perm(new FilePermission(hostsFileName, "read"))
- .perm(new FilePermission(KTAB, "read"))
- .perm(new AuthPermission("modifyPrincipals"))
- .perm(new AuthPermission("modifyPrivateCredentials"))
- .perm(new AuthPermission("doAs"))
- .perm(new SocketPermission("127.0.0.1", "connect"))
- .perm(new ServicePermission("host/host.realm@REALM", "initiate"))
- .start();
-
- Proc ps = Proc.create("SSLwithPerms")
- .args("server")
- .inheritIO()
- .prop("java.security.manager", "")
- .prop("java.security.krb5.conf", KRB5_CONF)
- .prop("java.security.auth.login.config", JAAS_CONF)
- .prop("jdk.net.hosts.file", hostsFileName)
- .prop("javax.net.ssl", "handshake")
- .prop("sun.security.krb5.debug", "true")
- .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms"))
- .perm(new AuthPermission("createLoginContext.ssl"))
- .perm(new AuthPermission("doAs"))
- .perm(new FilePermission(hostsFileName, "read"))
- .perm(new FilePermission("port", "write"))
- .perm(new SocketPermission("127.0.0.1", "accept"))
- .perm(new ServicePermission("host/host.realm@REALM", "accept"))
- .start();
-
- if (pc.waitFor() != 0) {
- throw new Exception();
- }
- if (ps.waitFor() != 0) {
- throw new Exception();
- }
- } else if (args[0].equals("client")) {
- Context c;
- c = Context.fromUserPass(USER, PASS, false);
- c.doAs(new JsseClientAction(), null);
- } else if (args[0].equals("server")) {
- final Context s = Context.fromJAAS("ssl");
- s.doAs(new JsseServerAction(), null);
- }
- }
-
- private static class JsseClientAction implements Action {
- public byte[] run(Context s, byte[] input) throws Exception {
- SSLSocketFactory sslsf =
- (SSLSocketFactory) SSLSocketFactory.getDefault();
- while (!Files.exists(Paths.get("port"))) {
- Thread.sleep(100);
- }
- int port = ByteBuffer.allocate(4)
- .put(Files.readAllBytes(Paths.get("port"))).getInt(0);
- System.out.println("Connecting " + SERVER + ":" + port);
- SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(HOST, port);
-
- // Enable only a KRB5 cipher suite.
- String enabledSuites[] = {"TLS_KRB5_WITH_RC4_128_SHA"};
- sslSocket.setEnabledCipherSuites(enabledSuites);
-
- SSLParameters params = sslSocket.getSSLParameters();
- params.setServerNames(Collections.singletonList(new SNIHostName(HOST)));
- sslSocket.setSSLParameters(params);
-
- BufferedReader in = new BufferedReader(new InputStreamReader(
- sslSocket.getInputStream()));
- BufferedWriter out = new BufferedWriter(new OutputStreamWriter(
- sslSocket.getOutputStream()));
-
- String outStr = "Hello There!\n";
- out.write(outStr);
- out.flush();
- System.out.print("Sending " + outStr);
-
- String inStr = in.readLine();
- System.out.println("Received " + inStr);
-
- String cipherSuiteChosen = sslSocket.getSession().getCipherSuite();
- System.out.println("Cipher suite in use: " + cipherSuiteChosen);
- Principal self = sslSocket.getSession().getLocalPrincipal();
- System.out.println("I am: " + self.toString());
- Principal peer = sslSocket.getSession().getPeerPrincipal();
- System.out.println("Server is: " + peer.toString());
-
- sslSocket.close();
- return null;
- }
- }
-
- private static class JsseServerAction implements Action {
- public byte[] run(Context s, byte[] input) throws Exception {
- SSLServerSocketFactory sslssf =
- (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket) sslssf.createServerSocket(0); // any port
- int port = sslServerSocket.getLocalPort();
- System.out.println("Listening on " + port);
-
- String enabledSuites[] = {"TLS_KRB5_WITH_RC4_128_SHA"};
- sslServerSocket.setEnabledCipherSuites(enabledSuites);
-
- Files.write(Paths.get("port"), ByteBuffer.allocate(4).putInt(port).array());
- System.out.println("Waiting for incoming connection...");
-
- SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
-
- System.out.println("Got connection from client "
- + sslSocket.getInetAddress());
-
- BufferedReader in = new BufferedReader(new InputStreamReader(
- sslSocket.getInputStream()));
- BufferedWriter out = new BufferedWriter(new OutputStreamWriter(
- sslSocket.getOutputStream()));
-
- String inStr = in.readLine();
- System.out.println("Received " + inStr);
-
- String outStr = inStr + " " + new Date().toString() + "\n";
- out.write(outStr);
- System.out.println("Sending " + outStr);
- out.flush();
-
- String cipherSuiteChosen =
- sslSocket.getSession().getCipherSuite();
- System.out.println("Cipher suite in use: " + cipherSuiteChosen);
- Principal self = sslSocket.getSession().getLocalPrincipal();
- System.out.println("I am: " + self.toString());
- Principal peer = sslSocket.getSession().getPeerPrincipal();
- System.out.println("Client is: " + peer.toString());
-
- sslSocket.close();
- return null;
- }
- }
-}