1 /* 2 * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6851973 27 * @run main/othervm IgnoreChannelBinding 28 * @summary ignore incoming channel binding if acceptor does not set one 29 */ 30 31 import java.net.InetAddress; 32 import org.ietf.jgss.ChannelBinding; 33 import org.ietf.jgss.GSSException; 34 import sun.security.jgss.GSSUtil; 35 36 public class IgnoreChannelBinding { 37 38 public static void main(String[] args) 39 throws Exception { 40 41 new OneKDC(null).writeJAASConf(); 42 43 Context c = Context.fromJAAS("client"); 44 Context s = Context.fromJAAS("server"); 45 46 // All silent 47 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 48 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 49 Context.handshake(c, s); 50 51 // Initiator req, acceptor ignore 52 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 53 c.x().setChannelBinding(new ChannelBinding( 54 InetAddress.getByName("client.rabbit.hole"), 55 InetAddress.getByName("host.rabbit.hole"), 56 new byte[0] 57 )); 58 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 59 Context.handshake(c, s); 60 61 // Both req, and match 62 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 63 c.x().setChannelBinding(new ChannelBinding( 64 InetAddress.getByName("client.rabbit.hole"), 65 InetAddress.getByName("host.rabbit.hole"), 66 new byte[0] 67 )); 68 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 69 s.x().setChannelBinding(new ChannelBinding( 70 InetAddress.getByName("client.rabbit.hole"), 71 InetAddress.getByName("host.rabbit.hole"), 72 new byte[0] 73 )); 74 Context.handshake(c, s); 75 76 // Both req, NOT match 77 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 78 c.x().setChannelBinding(new ChannelBinding( 79 InetAddress.getByName("client.rabbit.hole"), 80 InetAddress.getByName("host.rabbit.hole"), 81 new byte[0] 82 )); 83 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 84 s.x().setChannelBinding(new ChannelBinding( 85 InetAddress.getByName("client.rabbit.hole"), 86 InetAddress.getByName("host.rabbit.hole"), 87 new byte[1] // 0 -> 1 88 )); 89 try { 90 Context.handshake(c, s); 91 throw new Exception("Acceptor should reject initiator"); 92 } catch (GSSException ge) { 93 // Expected bahavior 94 } 95 96 // Acceptor req, reject 97 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 98 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 99 s.x().setChannelBinding(new ChannelBinding( 100 InetAddress.getByName("client.rabbit.hole"), 101 InetAddress.getByName("host.rabbit.hole"), 102 new byte[0] 103 )); 104 try { 105 Context.handshake(c, s); 106 throw new Exception("Acceptor should reject initiator"); 107 } catch (GSSException ge) { 108 // Expected bahavior 109 if (ge.getMajor() != GSSException.BAD_BINDINGS) { 110 throw ge; 111 } 112 } 113 } 114 }