jdk-sandbox: jdk/test/sun/security/krb5/auto/AcceptPermissions.java@10d6aacdd67f (annotated)

15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	1	/*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	2	* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	4	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	7	* published by the Free Software Foundation.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	8	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	13	* accompanied this code).
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	14	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	18	*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	21	* questions.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	22	*/
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	23
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	24	/*
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	25	* @test
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	26	* @bug 9999999
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	27	* @summary default principal can act as anyone
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	28	* @compile -XDignore.symbol.file AcceptPermissions.java
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	29	* @run main/othervm AcceptPermissions
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	30	*/
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	31
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	32	import java.nio.file.Files;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	33	import java.nio.file.Paths;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	34	import java.nio.file.StandardOpenOption;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	35	import java.security.Permission;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	36	import javax.security.auth.kerberos.ServicePermission;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	37	import sun.security.jgss.GSSUtil;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	38	import java.util.*;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	39
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	40	public class AcceptPermissions extends SecurityManager {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	41
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	42	private static Map<Permission,String> perms = new HashMap<>();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	43	@Override
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	44	public void checkPermission(Permission perm) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	45	if (!(perm instanceof ServicePermission)) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	46	return;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	47	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	48	ServicePermission sp = (ServicePermission)perm;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	49	if (!sp.getActions().equals("accept")) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	50	return;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	51	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	52	// We only care about accept ServicePermission in this test
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	53	try {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	54	super.checkPermission(sp);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	55	} catch (SecurityException se) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	56	if (perms.containsKey(sp)) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	57	perms.put(sp, "checked");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	58	} else {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	59	throw se; // We didn't expect this is needed
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	60	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	61	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	62	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	63
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	64	// Fills in permissions we are expecting
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	65	private static void initPerms(String... names) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	66	perms.clear();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	67	for (String name: names) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	68	perms.put(new ServicePermission(
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	69	name + "@" + OneKDC.REALM, "accept"), "expected");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	70	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	71	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	72
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	73	// Checks if they are all checked
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	74	private static void checkPerms() {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	75	for (Map.Entry<Permission,String> entry: perms.entrySet()) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	76	if (entry.getValue().equals("expected")) {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	77	throw new RuntimeException(
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	78	"Expected but not used: " + entry.getKey());
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	79	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	80	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	81	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	82
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	83	public static void main(String[] args) throws Exception {
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	84	System.setSecurityManager(new AcceptPermissions());
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	85	new OneKDC(null).writeJAASConf();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	86	String two = "two {\n"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	87	+ " com.sun.security.auth.module.Krb5LoginModule required"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	88	+ " principal=\"" + OneKDC.SERVER + "\" useKeyTab=true"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	89	+ " isInitiator=false storeKey=true;\n"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	90	+ " com.sun.security.auth.module.Krb5LoginModule required"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	91	+ " principal=\"" + OneKDC.BACKEND + "\" useKeyTab=true"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	92	+ " isInitiator=false storeKey=true;\n"
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	93	+ "};\n";
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	94	Files.write(Paths.get(OneKDC.JAAS_CONF), two.getBytes(),
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	95	StandardOpenOption.APPEND);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	96
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	97	Context c, s;
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	98
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	99	// In all cases, a ServicePermission on the acceptor name is needed
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	100	// for a handshake. For default principal with no predictable name,
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	101	// permission not needed (yet) for credentials creation.
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	102
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	103	// Named principal
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	104	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	105	c = Context.fromJAAS("client");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	106	s = Context.fromJAAS("server");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	107	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	108	s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	109	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	110	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	111	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	112	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	113
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	114	// Named principal (even if there are 2 JAAS modules)
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	115	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	116	c = Context.fromJAAS("client");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	117	s = Context.fromJAAS("two");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	118	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	119	s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	120	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	121	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	122	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	123	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	124
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	125	// Default principal with a predictable name
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	126	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	127	c = Context.fromJAAS("client");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	128	s = Context.fromJAAS("server");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	129	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	130	s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	131	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	132	initPerms(OneKDC.SERVER);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	133	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	134	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	135
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	136	// Default principal with no predictable name
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	137	initPerms(); // permission not needed for cred !!!
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	138	c = Context.fromJAAS("client");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	139	s = Context.fromJAAS("two");
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	140	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	141	s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	142	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	143	initPerms(OneKDC.SERVER); // still needed for handshake !!!
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	144	Context.handshake(c, s);
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	145	checkPerms();
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	146	}
10d6aacdd67f 8005447: default principal should act as anyone weijun parents: diff changeset	147	}

author	weijun
	Tue, 08 Jan 2013 14:54:56 +0800
changeset 15006	10d6aacdd67f
child 15649	f6bd3d34f844
permissions	-rw-r--r--