1 /* 2 * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6706974 27 * @summary Add krb5 test infrastructure 28 * @compile -XDignore.symbol.file BasicKrb5Test.java 29 * @run main/othervm BasicKrb5Test 30 * @run main/othervm BasicKrb5Test des-cbc-crc 31 * @run main/othervm BasicKrb5Test des-cbc-md5 32 * @run main/othervm BasicKrb5Test des3-cbc-sha1 33 * @run main/othervm BasicKrb5Test aes128-cts 34 * @run main/othervm BasicKrb5Test aes256-cts 35 * @run main/othervm BasicKrb5Test rc4-hmac 36 * @run main/othervm BasicKrb5Test -s 37 * @run main/othervm BasicKrb5Test des-cbc-crc -s 38 * @run main/othervm BasicKrb5Test des-cbc-md5 -s 39 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s 40 * @run main/othervm BasicKrb5Test aes128-cts -s 41 * @run main/othervm BasicKrb5Test aes256-cts -s 42 * @run main/othervm BasicKrb5Test rc4-hmac -s 43 * @run main/othervm BasicKrb5Test -C 44 * @run main/othervm BasicKrb5Test des-cbc-crc -C 45 * @run main/othervm BasicKrb5Test des-cbc-md5 -C 46 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -C 47 * @run main/othervm BasicKrb5Test aes128-cts -C 48 * @run main/othervm BasicKrb5Test aes256-cts -C 49 * @run main/othervm BasicKrb5Test rc4-hmac -C 50 * @run main/othervm BasicKrb5Test -s -C 51 * @run main/othervm BasicKrb5Test des-cbc-crc -s -C 52 * @run main/othervm BasicKrb5Test des-cbc-md5 -s -C 53 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s -C 54 * @run main/othervm BasicKrb5Test aes128-cts -s -C 55 * @run main/othervm BasicKrb5Test aes256-cts -s -C 56 * @run main/othervm BasicKrb5Test rc4-hmac -s -C 57 */ 58 59 import org.ietf.jgss.GSSName; 60 import sun.security.jgss.GSSUtil; 61 import sun.security.krb5.Config; 62 import sun.security.krb5.KrbException; 63 import sun.security.krb5.internal.crypto.EType; 64 65 /** 66 * Basic JGSS/krb5 test with 3 parties: client, server, backend server. Each 67 * party uses JAAS login to get subjects and executes JGSS calls using 68 * Subject.doAs. 69 */ 70 public class BasicKrb5Test { 71 72 private static boolean conf = true; 73 /** 74 * @param args empty or etype 75 */ 76 public static void main(String[] args) 77 throws Exception { 78 79 String etype = null; 80 for (String arg: args) { 81 if (arg.equals("-s")) Context.usingStream = true; 82 else if(arg.equals("-C")) conf = false; 83 else etype = arg; 84 } 85 86 // Creates and starts the KDC. This line must be put ahead of etype check 87 // since the check needs a krb5.conf. 88 try { 89 new OneKDC(etype).writeJAASConf(); 90 } catch (KrbException ke) { 91 System.out.println("Testing etype " + etype + "Not supported."); 92 return; 93 } 94 95 new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND); 96 } 97 98 void go(final String server, final String backend) throws Exception { 99 Context c, s, s2, b; 100 c = Context.fromJAAS("client"); 101 s = Context.fromJAAS("server"); 102 b = Context.fromJAAS("backend"); 103 104 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 105 c.x().requestCredDeleg(true); 106 c.x().requestConf(conf); 107 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 108 109 c.status(); 110 s.status(); 111 112 Context.handshake(c, s); 113 GSSName client = c.x().getSrcName(); 114 115 c.status(); 116 s.status(); 117 118 Context.transmit("i say high --", c, s); 119 Context.transmit(" you say low", s, c); 120 121 s2 = s.delegated(); 122 s.dispose(); 123 s = null; 124 125 s2.startAsClient(backend, GSSUtil.GSS_KRB5_MECH_OID); 126 s2.x().requestConf(conf); 127 b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 128 129 s2.status(); 130 b.status(); 131 132 Context.handshake(s2, b); 133 GSSName client2 = b.x().getSrcName(); 134 135 if (!client.equals(client2)) { 136 throw new Exception("Delegation failed"); 137 } 138 139 s2.status(); 140 b.status(); 141 142 Context.transmit("you say hello --", s2, b); 143 Context.transmit(" i say goodbye", b, s2); 144 145 s2.dispose(); 146 b.dispose(); 147 } 148 }