1 /* 2 * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6894072 27 * @bug 8004488 28 * @compile -XDignore.symbol.file KeyTabCompat.java 29 * @run main/othervm KeyTabCompat 30 * @summary always refresh keytab 31 */ 32 33 import javax.security.auth.kerberos.KerberosKey; 34 import sun.security.jgss.GSSUtil; 35 36 /* 37 * There are 2 compat issues to check: 38 * 39 * 1. If there is only KerberosKeys in private credential set and no 40 * KerberosPrincipal. JAAS login should go on. 41 * 2. If KeyTab is used, user won't get KerberosKeys from 42 * private credentials set. 43 */ 44 public class KeyTabCompat { 45 46 public static void main(String[] args) 47 throws Exception { 48 OneKDC kdc = new OneKDC("aes128-cts"); 49 kdc.writeJAASConf(); 50 kdc.addPrincipal(OneKDC.SERVER, "pass1".toCharArray()); 51 kdc.writeKtab(OneKDC.KTAB); 52 53 Context c, s; 54 55 // Part 1 56 c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); 57 s = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, true); 58 59 s.s().getPrincipals().clear(); 60 61 c.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID); 62 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 63 64 Context.handshake(c, s); 65 66 // Part 2 67 c = Context.fromJAAS("client"); 68 s = Context.fromJAAS("server"); 69 70 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 71 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 72 s.status(); 73 74 if (s.s().getPrivateCredentials(KerberosKey.class).size() != 0) { 75 throw new Exception("There should be no KerberosKey"); 76 } 77 } 78 }