--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/krb5/auto/KrbTicket.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.RefreshFailedException;
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.login.LoginContext;
+
+/*
+ * @test
+ * @bug 6857795 8075299
+ * @summary Checks Kerberos ticket properties
+ * @run main/othervm KrbTicket
+ */
+public class KrbTicket {
+
+ private static final String REALM = "TEST.REALM";
+ private static final String HOST = "localhost";
+ private static final String USER = "TESTER";
+ private static final String USER_PRINCIPAL = USER + "@" + REALM;
+ private static final String PASSWORD = "password";
+ private static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM;
+ private static final String KRB5_CONF_FILENAME = "krb5.conf";
+ private static final String JAAS_CONF = "jaas.conf";
+ private static final long TICKET_LIFTETIME = 5 * 60 * 1000; // 5 mins
+
+ public static void main(String[] args) throws Exception {
+ // define principals
+ Map<String, String> principals = new HashMap<>();
+ principals.put(USER_PRINCIPAL, PASSWORD);
+ principals.put(KRBTGT_PRINCIPAL, null);
+
+ System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
+
+ // start a local KDC instance
+ KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
+ KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
+ "forwardable = true", "proxiable = true");
+
+ // create JAAS config
+ Files.write(Paths.get(JAAS_CONF), Arrays.asList(
+ "Client {",
+ " com.sun.security.auth.module.Krb5LoginModule required;",
+ "};"
+ ));
+ System.setProperty("java.security.auth.login.config", JAAS_CONF);
+ System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+
+ long startTime = Instant.now().getEpochSecond() * 1000;
+
+ LoginContext lc = new LoginContext("Client",
+ new Helper.UserPasswordHandler(USER, PASSWORD));
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ System.out.println("subject: " + subject);
+
+ Set creds = subject.getPrivateCredentials(
+ KerberosTicket.class);
+
+ if (creds.size() > 1) {
+ throw new RuntimeException("Multiple credintials found");
+ }
+
+ Object o = creds.iterator().next();
+ if (!(o instanceof KerberosTicket)) {
+ throw new RuntimeException("Instance of KerberosTicket expected");
+ }
+ KerberosTicket krbTkt = (KerberosTicket) o;
+
+ System.out.println("forwardable = " + krbTkt.isForwardable());
+ System.out.println("proxiable = " + krbTkt.isProxiable());
+ System.out.println("renewable = " + krbTkt.isRenewable());
+ System.out.println("current = " + krbTkt.isCurrent());
+
+ if (!krbTkt.isForwardable()) {
+ throw new RuntimeException("Forwardable ticket expected");
+ }
+
+ if (!krbTkt.isProxiable()) {
+ throw new RuntimeException("Proxiable ticket expected");
+ }
+
+ if (!krbTkt.isCurrent()) {
+ throw new RuntimeException("Ticket is not current");
+ }
+
+ if (krbTkt.isRenewable()) {
+ throw new RuntimeException("Not renewable ticket expected");
+ }
+ try {
+ krbTkt.refresh();
+ throw new RuntimeException(
+ "Expected RefreshFailedException not thrown");
+ } catch(RefreshFailedException e) {
+ System.out.println("Expected exception: " + e);
+ }
+
+ if (!checkTime(krbTkt, startTime)) {
+ throw new RuntimeException("Wrong ticket life time");
+ }
+
+ krbTkt.destroy();
+ if (!krbTkt.isDestroyed()) {
+ throw new RuntimeException("Ticket not destroyed");
+ }
+
+ System.out.println("Test passed");
+ }
+
+ private static boolean checkTime(KerberosTicket krbTkt, long startTime) {
+ long ticketEndTime = krbTkt.getEndTime().getTime();
+ long roughLifeTime = ticketEndTime - startTime;
+ System.out.println("start time = " + startTime);
+ System.out.println("end time = " + ticketEndTime);
+ System.out.println("rough life time = " + roughLifeTime);
+ return roughLifeTime >= TICKET_LIFTETIME;
+ }
+}