1 /* 2 * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6706974 27 * @compile -XDignore.symbol.file CrossRealm.java 28 * @run main/othervm CrossRealm 29 * @summary Add krb5 test infrastructure 30 */ 31 import java.io.File; 32 import java.io.FileOutputStream; 33 import java.io.IOException; 34 import java.security.Security; 35 import javax.security.auth.callback.Callback; 36 import javax.security.auth.callback.CallbackHandler; 37 import javax.security.auth.callback.NameCallback; 38 import javax.security.auth.callback.PasswordCallback; 39 import javax.security.auth.callback.UnsupportedCallbackException; 40 import org.ietf.jgss.GSSContext; 41 import org.ietf.jgss.GSSManager; 42 import org.ietf.jgss.GSSName; 43 import sun.security.jgss.GSSUtil; 44 45 public class CrossRealm implements CallbackHandler { 46 public static void main(String[] args) throws Exception { 47 startKDCs(); 48 xRealmAuth(); 49 } 50 51 static void startKDCs() throws Exception { 52 // Create and start the KDC 53 KDC kdc1 = KDC.create("RABBIT.HOLE"); 54 kdc1.addPrincipal("dummy", "bogus".toCharArray()); 55 kdc1.addPrincipalRandKey("krbtgt/RABBIT.HOLE"); 56 kdc1.addPrincipal("krbtgt/SNAKE.HOLE@RABBIT.HOLE", 57 "rabbit->snake".toCharArray()); 58 59 KDC kdc2 = KDC.create("SNAKE.HOLE"); 60 kdc2.addPrincipalRandKey("krbtgt/SNAKE.HOLE"); 61 kdc2.addPrincipal("krbtgt/SNAKE.HOLE@RABBIT.HOLE", 62 "rabbit->snake".toCharArray()); 63 kdc2.addPrincipalRandKey("host/www.snake.hole"); 64 65 KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, 66 "forwardable=true", 67 "[domain_realm]", 68 ".snake.hole=SNAKE.HOLE"); 69 System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf"); 70 } 71 72 static void xRealmAuth() throws Exception { 73 Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm"); 74 System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf"); 75 System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); 76 FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf"); 77 fos.write(("com.sun.security.jgss.krb5.initiate {\n" + 78 " com.sun.security.auth.module.Krb5LoginModule\n" + 79 " required\n" + 80 " principal=dummy\n" + 81 " doNotPrompt=false\n" + 82 " useTicketCache=false\n" + 83 " ;\n" + 84 "};").getBytes()); 85 fos.close(); 86 87 GSSManager m = GSSManager.getInstance(); 88 m.createContext( 89 m.createName("host@www.snake.hole", GSSName.NT_HOSTBASED_SERVICE), 90 GSSUtil.GSS_KRB5_MECH_OID, 91 null, 92 GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0); 93 } 94 95 @Override 96 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 97 for (Callback callback : callbacks) { 98 if (callback instanceof NameCallback) { 99 ((NameCallback) callback).setName("dummy"); 100 } 101 if (callback instanceof PasswordCallback) { 102 ((PasswordCallback) callback).setPassword("bogus".toCharArray()); 103 } 104 } 105 } 106 }