Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9885:b37890eb824b
8075297: Tests for RFEs 4515853 and 4745056
Reviewed-by: weijun
author | asmotrak |
---|---|
date | Fri, 17 Jul 2015 17:30:55 -0700 |
parents | 0e7691621a1f |
children | b14861e90ffe |
files | test/sun/security/krb5/auto/BogusKDC.java test/sun/security/krb5/auto/Helper.java test/sun/security/krb5/auto/KDC.java test/sun/security/krb5/auto/RefreshKrb5Config.java test/sun/security/krb5/auto/refreshKrb5Config.jaas |
diffstat | 5 files changed, 301 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/BogusKDC.java Fri Jul 17 17:30:55 2015 -0700 @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.HashMap; +import java.util.Map; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +/* + * @test + * @bug 4515853 8075297 + * @summary Checks that Kerberos client tries slave KDC + * if master KDC is not responding + * @run main/othervm BogusKDC + */ +public class BogusKDC { + + static final String TEST_SRC = System.getProperty("test.src", "."); + static final String HOST = "localhost"; + static final String NOT_EXISTING_HOST = "not.existing.host"; + static final String REALM = "TEST.REALM"; + static final String USER = "USER"; + static final String USER_PRINCIPAL = USER + "@" + REALM; + static final String USER_PASSWORD = "password"; + static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM; + static final String KRB5_CONF = "krb5.conf"; + static final int WRONG_KDC_PORT = 21; + + static final String KRB5_CONF_TEMPLATE = "" + + "[libdefaults]\n" + + "default_realm = TEST.REALM\n" + + "max_retries = 1\n" + + "\n" + + "[realms]\n" + + "TEST.REALM = {\n" + + " kdc = %s\n" + + " kdc = localhost:%d\n" + + "}"; + + public static void main(String[] args) throws LoginException, IOException { + Map<String, String> principals = new HashMap<>(); + principals.put(USER_PRINCIPAL, USER_PASSWORD); + principals.put(KRBTGT_PRINCIPAL, null); + + System.setProperty("java.security.krb5.conf", KRB5_CONF); + + // start a local KDC + KDC kdc = KDC.startKDC(HOST, KRB5_CONF, REALM, principals, null, null); + + System.setProperty("java.security.auth.login.config", + TEST_SRC + File.separator + "refreshKrb5Config.jaas"); + + CallbackHandler handler = new Helper.UserPasswordHandler( + USER, USER_PASSWORD); + + // create a krb5 config with non-existing host for master KDC, + // and wrong port for slave KDC + try (PrintWriter w = new PrintWriter(new FileWriter(KRB5_CONF))) { + w.write(String.format(KRB5_CONF_TEMPLATE, + KDC.KDCNameService.NOT_EXISTING_HOST, WRONG_KDC_PORT)); + w.flush(); + } + + // login with not-refreshable config + try { + new LoginContext("NotRefreshable", handler).login(); + throw new RuntimeException("Expected exception not thrown"); + } catch (LoginException le) { + System.out.println("Expected login failure: " + le); + } + + // create a krb5 config with non-existing host for master KDC, + // but correct port for slave KDC + try (PrintWriter w = new PrintWriter(new FileWriter(KRB5_CONF))) { + w.write(String.format(KRB5_CONF_TEMPLATE, + KDC.KDCNameService.NOT_EXISTING_HOST, kdc.getPort())); + w.flush(); + } + + // login with not-refreshable config + try { + new LoginContext("NotRefreshable", handler).login(); + throw new RuntimeException("Expected exception not thrown"); + } catch (LoginException le) { + System.out.println("Expected login failure: " + le); + } + + // login with refreshable config + new LoginContext("Refreshable", handler).login(); + + System.out.println("Test passed"); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/Helper.java Fri Jul 17 17:30:55 2015 -0700 @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +public class Helper { + + static class UserPasswordHandler implements CallbackHandler { + + private final String name; + private final String password; + + UserPasswordHandler(String name, String password) { + this.name = name; + this.password = password; + } + + @Override + public void handle(Callback[] callbacks) + throws UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof PasswordCallback) { + ((PasswordCallback) callback).setPassword( + password.toCharArray()); + } else if (callback instanceof NameCallback) { + ((NameCallback)callback).setName(name); + } else { + throw new UnsupportedCallbackException(callback); + } + } + } + } +}
--- a/test/sun/security/krb5/auto/KDC.java Sat Feb 01 05:54:11 2020 +0000 +++ b/test/sun/security/krb5/auto/KDC.java Fri Jul 17 17:30:55 2015 -0700 @@ -1261,14 +1261,17 @@ } } - public static void startKDC(final String host, final String krbConfFileName, + public static KDC startKDC(final String host, final String krbConfFileName, final String realm, final Map<String, String> principals, final String ktab, final KtabMode mode) { + KDC kdc; try { - KDC kdc = KDC.create(realm, host, 0, true); + kdc = KDC.create(realm, host, 0, true); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, Boolean.FALSE); - KDC.saveConfig(krbConfFileName, kdc); + if (krbConfFileName != null) { + KDC.saveConfig(krbConfFileName, kdc); + } // Add principals if (principals != null) { @@ -1322,6 +1325,7 @@ throw new RuntimeException("KDC: unexpected exception", e); } + return kdc; } /** @@ -1371,13 +1375,20 @@ } public static class KDCNameService implements NameServiceDescriptor { + + public static String NOT_EXISTING_HOST = "not.existing.host"; + @Override public NameService createNameService() throws Exception { NameService ns = new NameService() { @Override public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException { - // Everything is localhost + // Everything is localhost except NOT_EXISTING_HOST + if (NOT_EXISTING_HOST.equals(host)) { + throw new UnknownHostException("Unknown host name: " + + NOT_EXISTING_HOST); + } return new InetAddress[]{ InetAddress.getByAddress(host, new byte[]{127,0,0,1}) };
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/RefreshKrb5Config.java Fri Jul 17 17:30:55 2015 -0700 @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +/* + * @test + * @bug 4745056 8075297 + * @summary Checks if refreshKrb5Config is set to true for Krb5LoginModule, + * then configuration will be refreshed before login() method is called + * @run main/othervm RefreshKrb5Config + */ +public class RefreshKrb5Config { + + static final String TEST_SRC = System.getProperty("test.src", "."); + static final String HOST = "localhost"; + static final String NOT_EXISTING_HOST = "not.existing.host"; + static final String REALM = "TEST.REALM"; + static final String USER = "USER"; + static final String USER_PRINCIPAL = USER + "@" + REALM; + static final String USER_PASSWORD = "password"; + static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM; + static final String KRB5_CONF_FILENAME = "krb5.conf"; + + public static void main(String[] args) throws LoginException, IOException { + Map<String, String> principals = new HashMap<>(); + principals.put(USER_PRINCIPAL, USER_PASSWORD); + principals.put(KRBTGT_PRINCIPAL, null); + + System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME); + + // start a local KDC, and save krb5 config + KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null); + KDC.saveConfig(KRB5_CONF_FILENAME, kdc, "max_retries = 1"); + + System.setProperty("java.security.auth.login.config", + TEST_SRC + File.separator + "refreshKrb5Config.jaas"); + + CallbackHandler handler = new Helper.UserPasswordHandler( + USER, USER_PASSWORD); + + // set incorrect KDC + System.out.println("java.security.krb5.kdc = " + NOT_EXISTING_HOST); + System.setProperty("java.security.krb5.kdc", NOT_EXISTING_HOST); + System.out.println("java.security.krb5.realm = " + REALM); + System.setProperty("java.security.krb5.realm", REALM); + try { + new LoginContext("Refreshable", handler).login(); + throw new RuntimeException("Expected exception not thrown"); + } catch (LoginException le) { + System.out.println("Expected login failure: " + le); + } + + // reset properties + System.out.println("Reset java.security.krb5.kdc"); + System.clearProperty("java.security.krb5.kdc"); + System.out.println("Reset java.security.krb5.realm"); + System.clearProperty("java.security.krb5.realm"); + + // login with not-refreshable config + try { + new LoginContext("NotRefreshable", handler).login(); + throw new RuntimeException("Expected exception not thrown"); + } catch (LoginException le) { + System.out.println("Expected login failure: " + le); + } + + // login with refreshable config + new LoginContext("Refreshable", handler).login(); + + System.out.println("Test passed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/krb5/auto/refreshKrb5Config.jaas Fri Jul 17 17:30:55 2015 -0700 @@ -0,0 +1,11 @@ +Refreshable { + com.sun.security.auth.module.Krb5LoginModule required + useTicketCache=false + refreshKrb5Config=true; +}; + +NotRefreshable { + com.sun.security.auth.module.Krb5LoginModule required + useTicketCache=false + refreshKrb5Config=false; +};