diff -r 1363768bb5ac -r e5639c0d8552 jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java Fri Mar 13 09:20:56 2009 +0800 @@ -0,0 +1,92 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6815182 + * @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library + */ + +import sun.security.jgss.GSSUtil; +import sun.security.util.BitArray; +import sun.security.util.DerInputStream; +import sun.security.util.DerValue; + +public class SpnegoReqFlags { + + public static void main(String[] args) + throws Exception { + + // Create and start the KDC + new OneKDC(null).writeJAASConf(); + new SpnegoReqFlags().go(); + } + + void go() throws Exception { + Context c = Context.fromJAAS("client"); + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); + + byte[] token = c.doAs(new Action() { + @Override + public byte[] run(Context me, byte[] input) throws Exception { + me.x().requestCredDeleg(true); + me.x().requestReplayDet(false); + me.x().requestSequenceDet(false); + return me.x().initSecContext(new byte[0], 0, 0); + } + }, null); + + DerValue d = new DerValue(token); // GSSToken + DerInputStream ins = d.data; // OID + mech token + d.data.getDerValue(); // skip OID + d = d.data.getDerValue(); // NegTokenInit + d = d.data.getDerValue(); // The SEQUENCE inside + + boolean found = false; + + // Go through all fields inside NegTokenInit. The reqFlags field + // is optional. It's even not recommended in RFC 4178. + while (d.data.available() > 0) { + DerValue d2 = d.data.getDerValue(); + if (d2.isContextSpecific((byte)1)) { + found = true; + System.out.println("regFlags field located."); + BitArray ba = d2.data.getUnalignedBitString(); + if (ba.length() != 7) { + throw new Exception("reqFlags should contain 7 bits"); + } + if (!ba.get(0)) { + throw new Exception("delegFlag should be true"); + } + if (ba.get(2) || ba.get(3)) { + throw new Exception("replay/sequenceFlag should be false"); + } + } + } + + if (!found) { + System.out.println("Warning: regFlags field not found, too new?"); + } + c.dispose(); + } +}