/* * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8009977 * @summary A test library to launch multiple Java processes * @library ../../../../java/security/testlibrary/ * @modules java.base/sun.net.spi.nameservice * java.base/sun.security.util * java.security.jgss/sun.security.krb5 * java.security.jgss/sun.security.krb5.internal * java.security.jgss/sun.security.krb5.internal.ccache * java.security.jgss/sun.security.krb5.internal.crypto * java.security.jgss/sun.security.krb5.internal.ktab * @compile -XDignore.symbol.file BasicProc.java * @run main/othervm BasicProc */ import java.io.File; import org.ietf.jgss.Oid; import javax.security.auth.PrivateCredentialPermission; public class BasicProc { static String CONF = "krb5.conf"; static String KTAB = "ktab"; public static void main(String[] args) throws Exception { String HOST = "localhost"; String SERVER = "server/" + HOST; String BACKEND = "backend/" + HOST; String USER = "user"; char[] PASS = "password".toCharArray(); String REALM = "REALM"; Oid oid = new Oid("1.2.840.113554.1.2.2"); if (args.length == 0) { System.setProperty("java.security.krb5.conf", CONF); KDC kdc = KDC.create(REALM, HOST, 0, true); kdc.addPrincipal(USER, PASS); kdc.addPrincipalRandKey("krbtgt/" + REALM); kdc.addPrincipalRandKey(SERVER); kdc.addPrincipalRandKey(BACKEND); String cwd = System.getProperty("user.dir"); kdc.writeKtab(KTAB); KDC.saveConfig(CONF, kdc, "forwardable = true"); Proc pc = Proc.create("BasicProc") .args("client") .prop("java.security.krb5.conf", CONF) .prop("java.security.manager", "") .perm(new java.util.PropertyPermission( "sun.security.krb5.principal", "read")) .perm(new javax.security.auth.AuthPermission( "modifyPrincipals")) .perm(new javax.security.auth.AuthPermission( "modifyPrivateCredentials")) .perm(new javax.security.auth.AuthPermission("doAs")) .perm(new javax.security.auth.kerberos.ServicePermission( "krbtgt/" + REALM + "@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.ServicePermission( "server/localhost@" + REALM, "initiate")) .perm(new javax.security.auth.kerberos.DelegationPermission( "\"server/localhost@" + REALM + "\" " + "\"krbtgt/" + REALM + "@" + REALM + "\"")) .debug("C") .start(); Proc ps = Proc.create("BasicProc") .args("server") .prop("java.security.krb5.conf", CONF) .prop("java.security.manager", "") .perm(new java.util.PropertyPermission( "sun.security.krb5.principal", "read")) .perm(new javax.security.auth.AuthPermission( "modifyPrincipals")) .perm(new javax.security.auth.AuthPermission( "modifyPrivateCredentials")) .perm(new javax.security.auth.AuthPermission("doAs")) .perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new javax.security.auth.kerberos.ServicePermission( "server/localhost@" + REALM, "accept")) .perm(new java.io.FilePermission( cwd + File.separator + KTAB, "read")) .perm(new javax.security.auth.kerberos.ServicePermission( "backend/localhost@" + REALM, "initiate")) .debug("S") .start(); Proc pb = Proc.create("BasicProc") .args("backend") .prop("java.security.krb5.conf", CONF) .prop("java.security.manager", "") .perm(new java.util.PropertyPermission( "sun.security.krb5.principal", "read")) .perm(new javax.security.auth.AuthPermission( "modifyPrincipals")) .perm(new javax.security.auth.AuthPermission( "modifyPrivateCredentials")) .perm(new javax.security.auth.AuthPermission("doAs")) .perm(new PrivateCredentialPermission( "javax.security.auth.kerberos.KeyTab * \"*\"", "read")) .perm(new javax.security.auth.kerberos.ServicePermission( "backend/localhost@" + REALM, "accept")) .perm(new java.io.FilePermission( cwd + File.separator + KTAB, "read")) .debug("B") .start(); // Client and server handshake String token = pc.readData(); ps.println(token); token = ps.readData(); pc.println(token); // Server and backend handshake token = ps.readData(); pb.println(token); token = pb.readData(); ps.println(token); // wrap/unwrap/getMic/verifyMic and plain text token = ps.readData(); pb.println(token); token = pb.readData(); ps.println(token); token = pb.readData(); ps.println(token); if ((pc.waitFor() | ps.waitFor() | pb.waitFor()) != 0) { throw new Exception(); } } else if (args[0].equals("client")) { Context c = Context.fromUserPass(USER, PASS, false); c.startAsClient(SERVER, oid); c.x().requestCredDeleg(true); Proc.binOut(c.take(new byte[0])); byte[] token = Proc.binIn(); c.take(token); } else if (args[0].equals("server")) { Context s = Context.fromUserKtab(SERVER, KTAB, true); s.startAsServer(oid); byte[] token = Proc.binIn(); token = s.take(token); Proc.binOut(token); Context s2 = s.delegated(); s2.startAsClient(BACKEND, oid); Proc.binOut(s2.take(new byte[0])); token = Proc.binIn(); s2.take(token); byte[] msg = "Hello".getBytes(); Proc.binOut(s2.wrap(msg, true)); s2.verifyMic(Proc.binIn(), msg); String in = Proc.textIn(); if (!in.equals("Hello")) { throw new Exception(); } } else if (args[0].equals("backend")) { Context b = Context.fromUserKtab(BACKEND, KTAB, true); b.startAsServer(oid); byte[] token = Proc.binIn(); Proc.binOut(b.take(token)); byte[] msg = b.unwrap(Proc.binIn(), true); Proc.binOut(b.getMic(msg)); Proc.textOut(new String(msg)); } } // create a native server private static Proc ns(Proc p) throws Exception { return p .env("KRB5_CONFIG", CONF) .env("KRB5_KTNAME", KTAB) .prop("sun.security.jgss.native", "true") .prop("javax.security.auth.useSubjectCredsOnly", "false") .prop("sun.security.nativegss.debug", "true"); } }