jdk-sandbox: jdk/test/sun/security/krb5/auto/KeyTabCompat.java@7b79555b8073 (annotated)

9499 f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	1	/*
23010 6dadb192ad81 8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013 lana parents: 15006 diff changeset	2	* Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
9499 f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	4	*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	7	* published by the Free Software Foundation.
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	8	*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	13	* accompanied this code).
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	14	*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	18	*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	21	* questions.
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	22	*/
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	23
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	24	/*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	25	* @test
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	26	* @bug 6894072
14769 22808af10edd 8004488: wrong permissions checked in krb5 weijun parents: 9499 diff changeset	27	* @bug 8004488
9499 f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	28	* @compile -XDignore.symbol.file KeyTabCompat.java
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	29	* @run main/othervm KeyTabCompat
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	30	* @summary always refresh keytab
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	31	*/
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	32
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	33	import javax.security.auth.kerberos.KerberosKey;
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	34	import sun.security.jgss.GSSUtil;
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	35
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	36	/*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	37	* There are 2 compat issues to check:
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	38	*
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	39	* 1. If there is only KerberosKeys in private credential set and no
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	40	* KerberosPrincipal. JAAS login should go on.
15006 10d6aacdd67f 8005447: default principal should act as anyone weijun parents: 14769 diff changeset	41	* 2. If KeyTab is used, user won't get KerberosKeys from
9499 f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	42	* private credentials set.
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	43	*/
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	44	public class KeyTabCompat {
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	45
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	46	public static void main(String[] args)
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	47	throws Exception {
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	48	OneKDC kdc = new OneKDC("aes128-cts");
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	49	kdc.writeJAASConf();
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	50	kdc.addPrincipal(OneKDC.SERVER, "pass1".toCharArray());
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	51	kdc.writeKtab(OneKDC.KTAB);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	52
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	53	Context c, s;
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	54
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	55	// Part 1
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	56	c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	57	s = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, true);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	58
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	59	s.s().getPrincipals().clear();
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	60
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	61	c.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	62	s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	63
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	64	Context.handshake(c, s);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	65
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	66	// Part 2
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	67	c = Context.fromJAAS("client");
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	68	s = Context.fromJAAS("server");
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	69
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	70	c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	71	s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	72	s.status();
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	73
14769 22808af10edd 8004488: wrong permissions checked in krb5 weijun parents: 9499 diff changeset	74	if (s.s().getPrivateCredentials(KerberosKey.class).size() != 0) {
22808af10edd 8004488: wrong permissions checked in krb5 weijun parents: 9499 diff changeset	75	throw new Exception("There should be no KerberosKey");
9499 f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	76	}
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	77	}
f3115698a012 6894072: always refresh keytab weijun parents: diff changeset	78	}

author	weijun
	Thu, 02 Jul 2015 16:20:43 +0800
changeset 31474	7b79555b8073
parent 30820	0d4717a011d3
permissions	-rw-r--r--