Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9884:0e7691621a1f
8075301: Tests for sun.security.krb5.principal system property
Reviewed-by: mbalao
Contributed-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com>
author | andrew |
---|---|
date | Sat, 01 Feb 2020 05:54:11 +0000 |
parents | c695a2737b31 |
children | b37890eb824b |
files | test/sun/security/krb5/auto/KDC.java test/sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java test/sun/security/krb5/auto/principalProperty/jaas.conf test/sun/security/krb5/auto/principalProperty/principalSystemPropTest.policy |
diffstat | 4 files changed, 283 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/test/sun/security/krb5/auto/KDC.java Sat Feb 01 05:10:44 2020 +0000 +++ b/test/sun/security/krb5/auto/KDC.java Sat Feb 01 05:54:11 2020 +0000 @@ -30,6 +30,7 @@ import java.security.SecureRandom; import java.util.*; import java.util.concurrent.*; + import sun.net.spi.nameservice.NameService; import sun.net.spi.nameservice.NameServiceDescriptor; import sun.security.krb5.*; @@ -161,6 +162,8 @@ DatagramSocket u1 = null; ServerSocket t1 = null; + public static enum KtabMode { APPEND, EXISTING }; + /** * Option names, to be expanded forever. */ @@ -1257,6 +1260,70 @@ // OK } } + + public static void startKDC(final String host, final String krbConfFileName, + final String realm, final Map<String, String> principals, + final String ktab, final KtabMode mode) { + + try { + KDC kdc = KDC.create(realm, host, 0, true); + kdc.setOption(KDC.Option.PREAUTH_REQUIRED, Boolean.FALSE); + KDC.saveConfig(krbConfFileName, kdc); + + // Add principals + if (principals != null) { + for (Map.Entry<String, String> entry : principals.entrySet()) { + String name = entry.getKey(); + String password = entry.getValue(); + if (password == null || password.isEmpty()) { + System.out.println(String.format( + "KDC:add a principal '%s' with a random " + + "password", name)); + kdc.addPrincipalRandKey(name); + } else { + System.out.println(String.format( + "KDC:add a principal '%s' with '%s' password", + name, password)); + kdc.addPrincipal(name, password.toCharArray()); + } + } + } + + // Create or append keys to existing keytab file + if (ktab != null) { + File ktabFile = new File(ktab); + switch(mode) { + case APPEND: + if (ktabFile.exists()) { + System.out.println(String.format( + "KDC:append keys to an exising keytab " + + "file %s", ktab)); + kdc.appendKtab(ktab); + } else { + System.out.println(String.format( + "KDC:create a new keytab file %s", ktab)); + kdc.writeKtab(ktab); + } + break; + case EXISTING: + System.out.println(String.format( + "KDC:use an existing keytab file %s", ktab)); + break; + default: + throw new RuntimeException(String.format( + "KDC:unsupported keytab mode: %s", mode)); + } + } + + System.out.println(String.format( + "KDC: started on %s:%s with '%s' realm", + host, kdc.getPort(), realm)); + } catch (Exception e) { + throw new RuntimeException("KDC: unexpected exception", e); + } + + } + /** * Helper class to encapsulate a job in a KDC. */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java Sat Feb 01 05:54:11 2020 +0000 @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8075301 + * @library /sun/security/krb5/auto + * @summary New test for sun.security.krb5.principal system property. + * The principal can set using the system property sun.security.krb5.principal. + * This property is checked during login. If this property is not set, + * then the principal name from the configuration is used. + * @run main/othervm/java.security.policy=principalSystemPropTest.policy + * PrincipalSystemPropTest + */ + +import java.io.File; +import java.security.Principal; +import java.util.HashMap; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import javax.security.auth.login.LoginException; +import javax.security.auth.login.LoginContext; +import com.sun.security.auth.callback.TextCallbackHandler; + +public class PrincipalSystemPropTest { + + private static final boolean PASS = Boolean.TRUE; + private static final boolean FAIL = Boolean.FALSE; + private static final String VALID_PRINCIPAL_JAAS_ENTRY = + "ValidPrincipalSystemPropTest"; + private static final String INVALID_PRINCIPAL_JAAS_ENTRY = + "InvalidPrincipalSystemPropTest"; + private static final String NO_PRINCIPAL_JAAS_ENTRY = + "NoPrincipalSystemPropTest"; + private static final String SAME_PRINCIPAL_JAAS_ENTRY = + "SelfPrincipalSystemPropTest"; + private static final String HOST = "localhost"; + private static final String KTAB_FILENAME = "krb5.keytab.data"; + private static final String REALM = "TEST.REALM"; + private static final String TEST_SRC = System.getProperty("test.src", "."); + private static final String USER = "USER"; + private static final String AVAILABLE_USER = "AVAILABLE"; + private static final String USER_PASSWORD = "password"; + private static final String FS = System.getProperty("file.separator"); + private static final String KRB5_CONF_FILENAME = "krb5.conf"; + private static final String JAAS_CONF_FILENAME = "jaas.conf"; + private static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM; + private static final String USER_PRINCIPAL = USER + "@" + REALM; + private static final String AVAILABLE_USER_PRINCIPAL = + AVAILABLE_USER + "@" + REALM; + + public static void main(String[] args) throws Exception { + + setupTest(); + + // Expected result, Jaas Config Entry, Login Principal Expected, + // Principal passed through System property + runTest(PASS, VALID_PRINCIPAL_JAAS_ENTRY, + USER_PRINCIPAL, "USER@TEST.REALM"); + runTest(PASS, VALID_PRINCIPAL_JAAS_ENTRY, + AVAILABLE_USER_PRINCIPAL, null); + runTest(PASS, INVALID_PRINCIPAL_JAAS_ENTRY, + USER_PRINCIPAL, "USER@TEST.REALM"); + runTest(FAIL, INVALID_PRINCIPAL_JAAS_ENTRY, null, null); + runTest(PASS, NO_PRINCIPAL_JAAS_ENTRY, + USER_PRINCIPAL, "USER@TEST.REALM"); + runTest(FAIL, NO_PRINCIPAL_JAAS_ENTRY, null, null); + runTest(PASS, SAME_PRINCIPAL_JAAS_ENTRY, + USER_PRINCIPAL, "USER@TEST.REALM"); + + } + + private static void setupTest() { + + System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME); + System.setProperty("java.security.auth.login.config", + TEST_SRC + FS + JAAS_CONF_FILENAME); + + Map<String, String> principals = new HashMap<>(); + principals.put(USER_PRINCIPAL, USER_PASSWORD); + principals.put(AVAILABLE_USER_PRINCIPAL, USER_PASSWORD); + principals.put(KRBTGT_PRINCIPAL, null); + KDC.startKDC(HOST, KRB5_CONF_FILENAME, REALM, principals, + KTAB_FILENAME, KDC.KtabMode.APPEND); + + } + + private static void runTest(boolean expected, String jaasConfigEntry, + String expectedLoginUser, String loginUserBySysProp) { + + if(loginUserBySysProp != null) { + System.setProperty("sun.security.krb5.principal", + loginUserBySysProp); + } else { + System.clearProperty("sun.security.krb5.principal"); + } + + try { + LoginContext lc = new LoginContext(jaasConfigEntry, + new TextCallbackHandler()); + lc.login(); + System.out.println(String.format( + "Authentication completed with Subject '%s' ", + lc.getSubject())); + + if (!expected) { + throw new RuntimeException( + "TEST FAILED - JAAS login success isn't expected"); + } + if(expectedLoginUser != null) { + boolean found = false; + for (Principal p : lc.getSubject().getPrincipals()) { + if (expectedLoginUser.equals(p.getName())) { + found = true; + } + } + if (!found) { + throw new RuntimeException(String.format( + "TEST FAILED - Login principal is not matched " + + "to expected principal '%s'.", expectedLoginUser)); + } + } + System.out.println( + "TEST PASSED - JAAS login success is expected."); + } catch (LoginException ie) { + System.out.println(String.format( + "Authentication failed with exception: %s", + ie.getMessage())); + if (expected) { + System.out.println( + "TEST FAILED - JAAS login failure isn't expected"); + throw new RuntimeException(ie); + } + System.out.println( + "TEST PASSED - JAAS login failure is expected."); + } + + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/principalProperty/jaas.conf Sat Feb 01 05:54:11 2020 +0000 @@ -0,0 +1,34 @@ +NoPrincipalSystemPropTest { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab = true + keyTab = krb5.keytab.data + doNotPrompt =true + debug=true; +}; + +InvalidPrincipalSystemPropTest { + com.sun.security.auth.module.Krb5LoginModule required + principal="UNAVAILABLE@TEST.REALM" + useKeyTab = true + keyTab = krb5.keytab.data + doNotPrompt =true + debug=true; +}; + +ValidPrincipalSystemPropTest { + com.sun.security.auth.module.Krb5LoginModule required + principal="AVAILABLE@TEST.REALM" + useKeyTab = true + keyTab = krb5.keytab.data + doNotPrompt =true + debug=true; +}; + +SelfPrincipalSystemPropTest { + com.sun.security.auth.module.Krb5LoginModule required + principal="USER@TEST.REALM" + useKeyTab = true + keyTab = krb5.keytab.data + doNotPrompt =true + debug=true; +};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/principalProperty/principalSystemPropTest.policy Sat Feb 01 05:54:11 2020 +0000 @@ -0,0 +1,21 @@ +grant { + permission javax.security.auth.AuthPermission + "createLoginContext.ValidPrincipalSystemPropTest"; + permission javax.security.auth.AuthPermission + "createLoginContext.InvalidPrincipalSystemPropTest"; + permission javax.security.auth.AuthPermission + "createLoginContext.NoPrincipalSystemPropTest"; + permission javax.security.auth.AuthPermission + "createLoginContext.SelfPrincipalSystemPropTest"; + permission javax.security.auth.AuthPermission "doAs"; + permission javax.security.auth.AuthPermission "modifyPrincipals"; + permission javax.security.auth.AuthPermission "getSubject"; + permission java.util.PropertyPermission "*", "read,write"; + permission java.io.FilePermission "*", "read,write,delete"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.lang.RuntimePermission "accessClassInPackage.*"; + permission java.net.SocketPermission "*:*", + "listen,resolve,accept,connect"; +}; +