Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9882:8d201183db88
7152176: More krb5 tests
Reviewed-by: xuelei
| author | weijun |
|---|---|
| date | Tue, 20 Mar 2012 19:12:21 +0800 |
| parents | c90cdba6b3f6 |
| children | c695a2737b31 |
| files | test/sun/security/krb5/auto/Basic.java test/sun/security/krb5/auto/Context.java test/sun/security/krb5/auto/GSS.java test/sun/security/krb5/auto/KDC.java test/sun/security/krb5/auto/TwoTab.java |
| diffstat | 5 files changed, 266 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/Basic.java Tue Mar 20 19:12:21 2012 +0800 @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7152176 + * @summary More krb5 tests + * @compile -XDignore.symbol.file Basic.java + * @run main/othervm Basic + */ + +import sun.security.jgss.GSSUtil; + +// The basic krb5 test skeleton you can copy from +public class Basic { + + public static void main(String[] args) throws Exception { + + new OneKDC(null).writeJAASConf(); + + Context c, s; + c = Context.fromJAAS("client"); + s = Context.fromJAAS("server"); + + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); + s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + + Context.handshake(c, s); + + Context.transmit("i say high --", c, s); + Context.transmit(" you say low", s, c); + + s.dispose(); + c.dispose(); + } +}
--- a/test/sun/security/krb5/auto/Context.java Wed Feb 08 11:44:36 2012 +0800 +++ b/test/sun/security/krb5/auto/Context.java Tue Mar 20 19:12:21 2012 +0800 @@ -96,6 +96,15 @@ } /** + * No JAAS login at all, can be used to test JGSS without JAAS + */ + public static Context fromThinAir() throws Exception { + Context out = new Context(); + out.s = new Subject(); + return out; + } + + /** * Logins with a JAAS login config entry name */ public static Context fromJAAS(final String name) throws Exception { @@ -111,8 +120,10 @@ String user, char[] pass, boolean storeKey) throws Exception { return fromUserPass(null, user, pass, storeKey); } + /** * Logins with a username and a password, using Krb5LoginModule directly + * @param s existing subject, test multiple princ & creds for single subj * @param storeKey true if key should be saved, used on acceptor side */ public static Context fromUserPass(Subject s,
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/GSS.java Tue Mar 20 19:12:21 2012 +0800 @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7152176 + * @summary More krb5 tests + * @compile -XDignore.symbol.file GSS.java + * @run main/othervm GSS + */ + +import sun.security.jgss.GSSUtil; + +// Testing JGSS without JAAS +public class GSS { + + public static void main(String[] args) throws Exception { + + new OneKDC(null).writeJAASConf(); + + Context c, s; + c = Context.fromThinAir(); + s = Context.fromThinAir(); + + // This is the only setting needed for JGSS without JAAS. The default + // JAAS config entries are already created by OneKDC. + System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); + + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); + s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + + Context.handshake(c, s); + + Context.transmit("i say high --", c, s); + Context.transmit(" you say low", s, c); + + s.dispose(); + c.dispose(); + } +}
--- a/test/sun/security/krb5/auto/KDC.java Wed Feb 08 11:44:36 2012 +0800 +++ b/test/sun/security/krb5/auto/KDC.java Tue Mar 20 19:12:21 2012 +0800 @@ -256,80 +256,82 @@ } /** - * Writes or appends KDC keys into a keytab. See doc for writeMultiKtab. + * Writes or appends keys into a keytab. + * <p> + * Attention: This is the most basic one of a series of methods below on + * keytab creation or modification. All these methods reference krb5.conf + * settings. If you need to modify krb5.conf or switch to another krb5.conf + * later, please call <code>Config.refresh()</code> again. For example: + * <pre> + * kdc.writeKtab("/etc/kdc/ktab", true); // Config is initialized, + * System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf"); + * Config.refresh(); + * </pre> + * Inside this method there are 2 places krb5.conf is used: + * <ol> + * <li> (Fatal) Generating keys: EncryptionKey.acquireSecretKeys + * <li> (Has workaround) Creating PrincipalName + * </ol> + * @param tab the keytab file name * @param append true if append, otherwise, overwrite. + * @param names the names to write into, write all if names is empty */ - private static void writeKtab0(String tab, boolean append, KDC... kdcs) + public void writeKtab(String tab, boolean append, String... names) throws IOException, KrbException { KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab); - for (KDC kdc: kdcs) { - for (String name : kdc.passwords.keySet()) { - char[] pass = kdc.passwords.get(name); - int kvno = 0; - if (Character.isDigit(pass[pass.length-1])) { - kvno = pass[pass.length-1] - '0'; - } - ktab.addEntry(new PrincipalName(name, - name.indexOf('/') < 0 ? - PrincipalName.KRB_NT_UNKNOWN : - PrincipalName.KRB_NT_SRV_HST), - pass, - kvno, - true); + Iterable<String> entries = + (names.length != 0) ? Arrays.asList(names): passwords.keySet(); + for (String name : entries) { + char[] pass = passwords.get(name); + int kvno = 0; + if (Character.isDigit(pass[pass.length-1])) { + kvno = pass[pass.length-1] - '0'; } + ktab.addEntry(new PrincipalName(name, + name.indexOf('/') < 0 ? + PrincipalName.KRB_NT_UNKNOWN : + PrincipalName.KRB_NT_SRV_HST), + pass, + kvno, + true); } ktab.save(); } /** * Writes all principals' keys from multiple KDCs into one keytab file. - * Note that the keys for the krbtgt principals will not be written. - * <p> - * Attention: This method references krb5.conf settings. If you need to - * setup krb5.conf later, please call <code>Config.refresh()</code> after - * the new setting. For example: - * <pre> - * KDC.writeKtab("/etc/kdc/ktab", kdc); // Config is initialized, - * System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf"); - * Config.refresh(); - * </pre> - * - * Inside this method there are 2 places krb5.conf is used: - * <ol> - * <li> (Fatal) Generating keys: EncryptionKey.acquireSecretKeys - * <li> (Has workaround) Creating PrincipalName - * </ol> - * @param tab The keytab filename to write to. * @throws java.io.IOException for any file output error * @throws sun.security.krb5.KrbException for any realm and/or principal * name error. */ public static void writeMultiKtab(String tab, KDC... kdcs) throws IOException, KrbException { - writeKtab0(tab, false, kdcs); + KeyTab.create(tab).save(); // Empty the old keytab + appendMultiKtab(tab, kdcs); } /** * Appends all principals' keys from multiple KDCs to one keytab file. - * See writeMultiKtab for details. */ public static void appendMultiKtab(String tab, KDC... kdcs) throws IOException, KrbException { - writeKtab0(tab, true, kdcs); + for (KDC kdc: kdcs) { + kdc.writeKtab(tab, true); + } } /** * Write a ktab for this KDC. */ public void writeKtab(String tab) throws IOException, KrbException { - KDC.writeMultiKtab(tab, this); + writeKtab(tab, false); } /** * Appends keys in this KDC to a ktab. */ public void appendKtab(String tab) throws IOException, KrbException { - KDC.appendMultiKtab(tab, this); + writeKtab(tab, true); } /**
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/TwoTab.java Tue Mar 20 19:12:21 2012 +0800 @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7152176 + * @summary More krb5 tests + * @compile -XDignore.symbol.file TwoTab.java + * @run main/othervm TwoTab + */ + +import java.io.File; +import java.io.FileOutputStream; +import java.nio.file.Files; +import java.security.Security; +import sun.security.jgss.GSSUtil; +import sun.security.krb5.PrincipalName; +import sun.security.krb5.internal.ktab.KeyTab; + +// Two services using their own keytab. +public class TwoTab { + + public static void main(String[] args) throws Exception { + + KDC k = new OneKDC(null); + + // Write JAAS conf, two service using different keytabs + System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF); + File f = new File(OneKDC.JAAS_CONF); + try (FileOutputStream fos = new FileOutputStream(f)) { + fos.write(( + "server {\n" + + " com.sun.security.auth.module.Krb5LoginModule required\n" + + " principal=\"" + OneKDC.SERVER + "\"\n" + + " useKeyTab=true\n" + + " keyTab=server.keytab\n" + + " storeKey=true;\n};\n" + + "server2 {\n" + + " com.sun.security.auth.module.Krb5LoginModule required\n" + + " principal=\"" + OneKDC.BACKEND + "\"\n" + + " useKeyTab=true\n" + + " keyTab=backend.keytab\n" + + " storeKey=true;\n};\n" + ).getBytes()); + } + f.deleteOnExit(); + + k.writeKtab("server.keytab", false, "server/host.rabbit.hole@RABBIT.HOLE"); + k.writeKtab("backend.keytab", false, "backend/host.rabbit.hole@RABBIT.HOLE"); + + Context c, s, s2; + c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); + s = Context.fromJAAS("server"); + s2 = Context.fromJAAS("server2"); + + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); + s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + + Context.handshake(c, s); + + Context.transmit("i say high --", c, s); + Context.transmit(" you say low", s, c); + + s.dispose(); + c.dispose(); + + c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); + c.startAsClient(OneKDC.BACKEND, GSSUtil.GSS_KRB5_MECH_OID); + s2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + + Context.handshake(c, s2); + + Context.transmit("i say high --", c, s2); + Context.transmit(" you say low", s2, c); + + s2.dispose(); + c.dispose(); + } +}