1 /* 2 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8048194 27 * @modules java.base/sun.security.util 28 * java.security.jgss/sun.security.jgss 29 * java.security.jgss/sun.security.jgss.spnego 30 * @run main/othervm NotPreferredMech 31 * @summary GSSContext.acceptSecContext fails when a supported mech is not initiator preferred 32 */ 33 34 import org.ietf.jgss.*; 35 import sun.security.jgss.*; 36 import sun.security.jgss.spnego.NegTokenInit; 37 import sun.security.jgss.spnego.NegTokenTarg; 38 import sun.security.util.BitArray; 39 import sun.security.util.DerOutputStream; 40 import sun.security.util.DerValue; 41 import sun.security.util.ObjectIdentifier; 42 43 import java.io.ByteArrayOutputStream; 44 import java.lang.reflect.Constructor; 45 import java.lang.reflect.Method; 46 47 public class NotPreferredMech { 48 49 public static void main(String[] argv) throws Exception { 50 51 // Generates a NegTokenInit mechTypes field, with an 52 // unsupported mech as the preferred. 53 DerOutputStream mech = new DerOutputStream(); 54 mech.write(new Oid("1.2.3.4").getDER()); 55 mech.write(GSSUtil.GSS_KRB5_MECH_OID.getDER()); 56 DerOutputStream mechTypeList = new DerOutputStream(); 57 mechTypeList.write(DerValue.tag_Sequence, mech); 58 59 // Generates a NegTokenInit mechToken field for 1.2.3.4 mech 60 GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1); 61 ByteArrayOutputStream bout = new ByteArrayOutputStream(); 62 h1.encode(bout); 63 bout.write(new byte[1]); 64 65 // Generates the NegTokenInit token 66 Constructor<NegTokenInit> ctor = NegTokenInit.class.getDeclaredConstructor( 67 byte[].class, BitArray.class, byte[].class, byte[].class); 68 ctor.setAccessible(true); 69 NegTokenInit initToken = ctor.newInstance( 70 mechTypeList.toByteArray(), 71 new BitArray(0), 72 bout.toByteArray(), 73 null); 74 Method m = Class.forName("sun.security.jgss.spnego.SpNegoToken") 75 .getDeclaredMethod("getEncoded"); 76 m.setAccessible(true); 77 byte[] spnegoToken = (byte[])m.invoke(initToken); 78 79 // and wraps it into a GSSToken 80 GSSHeader h = new GSSHeader( 81 new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()), 82 spnegoToken.length); 83 bout = new ByteArrayOutputStream(); 84 h.encode(bout); 85 bout.write(spnegoToken); 86 byte[] token = bout.toByteArray(); 87 88 // and feeds it to a GSS acceptor 89 GSSManager man = GSSManager.getInstance(); 90 GSSContext ctxt = man.createContext((GSSCredential) null); 91 token = ctxt.acceptSecContext(token, 0, token.length); 92 NegTokenTarg targ = new NegTokenTarg(token); 93 94 // Make sure it's a GO-ON message 95 Method m2 = NegTokenTarg.class.getDeclaredMethod("getNegotiatedResult"); 96 m2.setAccessible(true); 97 int negResult = (int)m2.invoke(targ); 98 99 if (negResult != 1 /* ACCEPT_INCOMPLETE */) { 100 throw new Exception("Not a continue"); 101 } 102 } 103 }