#! /usr/bin/bash

# ATTENTION:

#

# Please read spnegoReadme first to setup the testing

# environment needed

# the following ENV should be adjusted to match your environment

WWW_REALM=JSL.BEIJING

WWW_KDC=jsl-bjlab1.jsl.beijing

WWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt

PROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM

PROXY_KDC=anchor.jsldublin.ireland.sun.com

PROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt

PROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080"

GOOD_PASS='-Duser=olala -Dpass=1q2w#E$R'

GOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R'

BAD_PASS='-Duser=olala -Dpass=false'

BAD_KPASS='-Dkuser=olala -Dkpass=false'

WWW_TAB=www.tab

PROXY_TAB=proxy.tab

TAB_PATH=/tmp/krb5cc_156710

FILE_CONTENT=content_of_web_file

# these ENV determines how much to show in terminal. don't edit

EXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint"

ANY_EXCEPTION='Exception'

IO_EXCEPTION='java.io.IOException'

PROTO_EXCEPTION='java.net.ProtocolException'

HEADER_200='HTTP/1.1 200'

# a java run

function runonce {

  echo Testing $AUTH_TYPE-$TEST_NAME ...

  java -Djava.security.krb5.realm=$USE_REALM \

     -Djava.security.krb5.kdc=$USE_KDC \

     -Djava.security.auth.login.config=spnegoLogin.conf \

     -Dhttp.maxRedirects=2 \

     $AUTH_PREF \

     $EXTRA_PARA \

     $EXTRA_LOG \

     $USER_PASS \

     $KUSER_PASS \

     WebGet $USE_URL 2> err.log > out.log

  if [ "$HAS_CACHE" = true ]; then

     grep -i 'PROVIDING Kerberos' out.log && exit $LINENO

  else

     grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass'

  fi

}

function testsuite {

    # normal runs

    USER_PASS=$GOOD_PASS

    KUSER_PASS=$GOOD_KPASS

    TEST_NAME=Authenticate

    AUTH_PREF=

    runonce

    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO

    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO

    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO

    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    TEST_NAME="Authenticate with Negotiate"

    AUTH_PREF=-Dhttp.auth.preference=Negotiate

    runonce

    # first 40X and ask for authen i author-neg and 200 and success

    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO

    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO

    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO

    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    TEST_NAME="Authenticate with Kerberos"

    AUTH_PREF=-Dhttp.auth.preference=Kerberos

    runonce

    # first 40X and ask for authen i author-neg and 200 and success

    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO

    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO

    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO

    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    TEST_NAME="Authenticate with Basic"

    AUTH_PREF=-Dhttp.auth.preference=Basic

    runonce

    # first 40X and ask for authen i author-basic and 200 and success

    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO

    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO

    grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO

    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO

    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    if [ "$HAS_CACHE" = true ]; then

        echo 'Skip bad kpass test if HAS_CACHE is true'

    else

        # bad kpass should fallback to basic

        TEST_NAME="Authenticate fallback"

        KUSER_PASS=$BAD_KPASS

        AUTH_PREF=

        runonce

        # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success

        grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO

        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

        grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO

        grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  && exit $LINENO

        grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO

        grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO

        grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

        # auth.pref given, does not fallback

        TEST_NAME="Authenticate no fallback"

        KUSER_PASS=$BAD_KPASS

        AUTH_PREF=-Dhttp.auth.preference=Negotiate

        runonce # will fail

        # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION

        grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO

        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

        grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null  && exit $LINENO

        grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO

        # bad kpass fallback to basic, but bad pass

        TEST_NAME="Authenticate fallback but still cannot go on"

        KUSER_PASS=$BAD_KPASS

        USER_PASS=$BAD_PASS

        AUTH_PREF=

        runonce # will fail

        # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION

        grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO

        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO

        grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  && exit $LINENO

        grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO

        grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO

    fi

}

function testWWW {

    # WWW Part

    AUTH_TYPE=WWW

    USE_REALM=$WWW_REALM

    USE_KDC=$WWW_KDC

    USE_URL=$WWW_URL

    EXTRA_PARA=

    HEADER_40X='HTTP/1.1 401'

    AUTH_RESPONSE='WWW-Authenticate:'

    AUTH_NEG_REQUEST='{Authorization: Negotiate'

    AUTH_BASIC_REQUEST='{Authorization: Basic'

    AUTH_ANY_REQUEST='{Authorization:'

    testsuite

    echo Pass WWW

}

function testProxy {

    # Proxy Part

    AUTH_TYPE=Proxy

    USE_REALM=$PROXY_REALM

    USE_KDC=$PROXY_KDC

    USE_URL=$PROXY_URL

    EXTRA_PARA=$PROXY_PARA

    HEADER_40X='HTTP/1.1 407'

    AUTH_RESPONSE='Proxy-Authenticate:'

    AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate'

    AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic'

    AUTH_ANY_REQUEST='{Proxy-Authorization:'

    testsuite

    echo Pass Proxy

}

HAS_CACHE='false'

kdestroy

testWWW

testProxy

HAS_CACHE='true'

#kinit for WWW_REALM

cp $WWW_TAB $TAB_PATH

testWWW

#kinit for PRXY_REALM

cp $PROXY_TAB $TAB_PATH

testProxy

kdestroy

rm err.log

rm out.log

exit 0