jdk-sandbox: comparison jdk/test/com/sun/security/sasl/ntlm/NTLMTest.java

equal deleted inserted replaced

-:8c52bb671f3e
+:151856936fd8
+/*
+* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* This code is free software; you can redistribute it and/or modify it
+* under the terms of the GNU General Public License version 2 only, as
+* published by the Free Software Foundation.
+*
+* This code is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+* version 2 for more details (a copy is included in the LICENSE file that
+* accompanied this code).
+*
+* You should have received a copy of the GNU General Public License version
+* 2 along with this work; if not, write to the Free Software Foundation,
+* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+*
+* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+* or visit www.oracle.com if you need additional information or have any
+* questions.
+*/
+/*
+* @test
+* @bug 6911951
+* @summary NTLM should be a supported Java SASL mechanism
+*/
+import java.io.IOException;
+import javax.security.sasl.*;
+import javax.security.auth.callback.*;
+import java.util.*;
+import com.sun.security.ntlm.NTLMException;
+public class NTLMTest {
+private static final String MECH = "NTLM";
+private static final String REALM = "REALM";
+private static final String PROTOCOL = "jmx";
+private static final byte[] EMPTY = new byte[0];
+private static final String USER1 = "dummy";
+private static final char[] PASS1 = "bogus".toCharArray();
+private static final String USER2 = "foo";
+private static final char[] PASS2 = "bar".toCharArray();
+private static final Map<String,char[]> maps =
+new HashMap<String,char[]>();
+static {
+maps.put(USER1, PASS1);
+maps.put(USER2, PASS2);
+}
+static char[] getPass(String d, String u) {
+if (!d.equals(REALM)) return null;
+return maps.get(u);
+}
+public static void main(String[] args) throws Exception {
+checkAuthOnly();
+checkClientNameOverride();
+checkServerDomainOverride();
+checkClientDomainOverride();
+checkVersions();
+checkClientHostname();
+}
+static void checkVersions() throws Exception {
+// Server accepts all version
+checkVersion(null, null);
+checkVersion("LM/NTLM", null);
+checkVersion("LM", null);
+checkVersion("NTLM", null);
+checkVersion("NTLM2", null);
+checkVersion("LMv2/NTLMv2", null);
+checkVersion("LMv2", null);
+checkVersion("NTLMv2", null);
+// Client's default version is LMv2
+checkVersion(null, "LMv2");
+// Also works if they specified identical versions
+checkVersion("LM/NTLM", "LM");
+checkVersion("LM", "LM");
+checkVersion("NTLM", "LM");
+checkVersion("NTLM2", "NTLM2");
+checkVersion("LMv2/NTLMv2", "LMv2");
+checkVersion("LMv2", "LMv2");
+checkVersion("NTLMv2", "LMv2");
+// But should not work if different
+try {
+checkVersion("LM/NTLM", "LMv2");
+throw new Exception("Should not succeed");
+} catch (SaslException se) {
+NTLMException ne = (NTLMException)se.getCause();
+if (ne.errorCode() != NTLMException.AUTH_FAILED) {
+throw new Exception("Failed false");
+}
+}
+try {
+checkVersion("LMv2/NTLMv2", "LM");
+throw new Exception("Should not succeed");
+} catch (SaslException se) {
+NTLMException ne = (NTLMException)se.getCause();
+if (ne.errorCode() != NTLMException.AUTH_FAILED) {
+throw new Exception("Failed false");
+}
+}
+}
+/**
+* A test on version matching
+* @param vc ntlm version specified for client
+* @param vs ntlm version specified for server
+* @throws Exception
+*/
+private static void checkVersion(String vc, String vs) throws Exception {
+Map<String,Object> pc = new HashMap<>();
+pc.put("com.sun.security.sasl.ntlm.version", vc);
+Map<String,Object> ps = new HashMap<>();
+ps.put("com.sun.security.sasl.ntlm.version", vs);
+SaslClient clnt = Sasl.createSaslClient(
+new String[]{MECH}, USER1, PROTOCOL, null, pc,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+NameCallback ncb = (NameCallback)cb;
+ncb.setName(ncb.getDefaultName());
+} else if (cb instanceof PasswordCallback) {
+((PasswordCallback)cb).setPassword(PASS1);
+}
+}
+}
+});
+SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, REALM, ps,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+String domain = null, name = null;
+PasswordCallback pcb = null;
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+name = ((NameCallback)cb).getDefaultName();
+} else if (cb instanceof RealmCallback) {
+domain = ((RealmCallback)cb).getDefaultText();
+} else if (cb instanceof PasswordCallback) {
+pcb = (PasswordCallback)cb;
+}
+}
+if (pcb != null) {
+pcb.setPassword(getPass(domain, name));
+}
+}
+});
+handshake(clnt, srv);
+}
+private static void checkClientHostname() throws Exception {
+Map<String,Object> pc = new HashMap<>();
+pc.put("com.sun.security.sasl.ntlm.hostname", "this.is.com");
+SaslClient clnt = Sasl.createSaslClient(
+new String[]{MECH}, USER1, PROTOCOL, null, pc,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+NameCallback ncb = (NameCallback)cb;
+ncb.setName(ncb.getDefaultName());
+} else if (cb instanceof PasswordCallback) {
+((PasswordCallback)cb).setPassword(PASS1);
+}
+}
+}
+});
+SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, REALM, null,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+String domain = null, name = null;
+PasswordCallback pcb = null;
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+name = ((NameCallback)cb).getDefaultName();
+} else if (cb instanceof RealmCallback) {
+domain = ((RealmCallback)cb).getDefaultText();
+} else if (cb instanceof PasswordCallback) {
+pcb = (PasswordCallback)cb;
+}
+}
+if (pcb != null) {
+pcb.setPassword(getPass(domain, name));
+}
+}
+});
+handshake(clnt, srv);
+if (!"this.is.com".equals(
+srv.getNegotiatedProperty("com.sun.security.sasl.ntlm.hostname"))) {
+throw new Exception("Hostname not trasmitted to server");
+}
+}
+/**
+* Client realm override, but finally overridden by server response
+*/
+private static void checkClientDomainOverride() throws Exception {
+SaslClient clnt = Sasl.createSaslClient(
+new String[]{MECH}, USER1, PROTOCOL, "ANOTHERREALM", null,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+NameCallback ncb = (NameCallback)cb;
+ncb.setName(ncb.getDefaultName());
+} else if(cb instanceof RealmCallback) {
+RealmCallback dcb = (RealmCallback)cb;
+dcb.setText("THIRDDOMAIN");
+} else if (cb instanceof PasswordCallback) {
+((PasswordCallback)cb).setPassword(PASS1);
+}
+}
+}
+});
+SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, REALM, null,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+String domain = null, name = null;
+PasswordCallback pcb = null;
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+name = ((NameCallback)cb).getDefaultName();
+} else if (cb instanceof RealmCallback) {
+domain = ((RealmCallback)cb).getDefaultText();
+} else if (cb instanceof PasswordCallback) {
+pcb = (PasswordCallback)cb;
+}
+}
+if (pcb != null) {
+pcb.setPassword(getPass(domain, name));
+}
+}
+});
+handshake(clnt, srv);
+}
+/**
+* Client side user name provided in callback.
+* @throws Exception
+*/
+private static void checkClientNameOverride() throws Exception {
+SaslClient clnt = Sasl.createSaslClient(
+new String[]{MECH}, null, PROTOCOL, null, null,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+NameCallback ncb = (NameCallback)cb;
+ncb.setName(USER1);
+} else if (cb instanceof PasswordCallback) {
+((PasswordCallback)cb).setPassword(PASS1);
+}
+}
+}
+});
+SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, REALM, null,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+String domain = null, name = null;
+PasswordCallback pcb = null;
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+name = ((NameCallback)cb).getDefaultName();
+} else if (cb instanceof RealmCallback) {
+domain = ((RealmCallback)cb).getDefaultText();
+} else if (cb instanceof PasswordCallback) {
+pcb = (PasswordCallback)cb;
+}
+}
+if (pcb != null) {
+pcb.setPassword(getPass(domain, name));
+}
+}
+});
+handshake(clnt, srv);
+}
+/**
+* server side domain provided in props.
+* @throws Exception
+*/
+private static void checkServerDomainOverride() throws Exception {
+SaslClient clnt = Sasl.createSaslClient(
+new String[]{MECH}, USER1, PROTOCOL, null, null,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+NameCallback ncb = (NameCallback)cb;
+ncb.setName(ncb.getDefaultName());
+} else if (cb instanceof PasswordCallback) {
+((PasswordCallback)cb).setPassword(PASS1);
+}
+}
+}
+});
+Map<String,Object> ps = new HashMap<>();
+ps.put("com.sun.security.sasl.ntlm.domain", REALM);
+SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, null, ps,
+new CallbackHandler() {
+public void handle(Callback[] callbacks)
+throws IOException, UnsupportedCallbackException {
+String domain = null, name = null;
+PasswordCallback pcb = null;
+for (Callback cb: callbacks) {
+if (cb instanceof NameCallback) {
+name = ((NameCallback)cb).getDefaultName();
+} else if (cb instanceof RealmCallback) {
+domain = ((RealmCallback)cb).getDefaultText();
+} else if (cb instanceof PasswordCallback) {
+pcb = (PasswordCallback)cb;
+}
+}
+if (pcb != null) {
+pcb.setPassword(getPass(domain, name));
+}
+}
+});
+handshake(clnt, srv);
+}
+private static void checkAuthOnly() throws Exception {
+Map<String,Object> props = new HashMap<>();
+props.put(Sasl.QOP, "auth-conf");
+try {
+Sasl.createSaslClient(
+new String[]{MECH}, USER2, PROTOCOL, REALM, props, null);
+throw new Exception("NTLM should not support auth-conf");
+} catch (SaslException se) {
+// Normal
+}
+}
+private static void handshake(SaslClient clnt, SaslServer srv)
+throws Exception {
+if (clnt == null) {
+throw new IllegalStateException(
+"Unable to find client impl for " + MECH);
+}
+if (srv == null) {
+throw new IllegalStateException(
+"Unable to find server impl for " + MECH);
+}
+byte[] response = (clnt.hasInitialResponse()
+? clnt.evaluateChallenge(EMPTY) : EMPTY);
+System.out.println("Initial:");
+new sun.misc.HexDumpEncoder().encodeBuffer(response, System.out);
+byte[] challenge;
+while (!clnt.isComplete() || !srv.isComplete()) {
+challenge = srv.evaluateResponse(response);
+response = null;
+if (challenge != null) {
+System.out.println("Challenge:");
+new sun.misc.HexDumpEncoder().encodeBuffer(challenge, System.out);
+response = clnt.evaluateChallenge(challenge);
+}
+if (response != null) {
+System.out.println("Response:");
+new sun.misc.HexDumpEncoder().encodeBuffer(response, System.out);
+}
+}
+if (clnt.isComplete() && srv.isComplete()) {
+System.out.println("SUCCESS");
+if (!srv.getAuthorizationID().equals(USER1)) {
+throw new Exception("Not correct user");
+}
+} else {
+throw new IllegalStateException(
+"FAILURE: mismatched state:"
++ " client complete? " + clnt.isComplete()
++ " server complete? " + srv.isComplete());
+}
+if (!clnt.getNegotiatedProperty(Sasl.QOP).equals("auth") ||
+!srv.getNegotiatedProperty(Sasl.QOP).equals("auth") ||
+!clnt.getNegotiatedProperty(
+"com.sun.security.sasl.ntlm.domain").equals(REALM)) {
+throw new Exception("Negotiated property error");
+}
+clnt.dispose();
+srv.dispose();
+}
+}

changeset 6517	151856936fd8
child 6678	fd8832656675