1 /* 2 * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6893158 6907425 7197159 27 * @run main/othervm MoreKvno 28 * @summary AP_REQ check should use key version number 29 */ 30 31 import org.ietf.jgss.GSSException; 32 import sun.security.jgss.GSSUtil; 33 import sun.security.krb5.KrbException; 34 import sun.security.krb5.PrincipalName; 35 import sun.security.krb5.internal.ktab.KeyTab; 36 import sun.security.krb5.internal.Krb5; 37 38 public class MoreKvno { 39 40 static PrincipalName p; 41 public static void main(String[] args) 42 throws Exception { 43 44 OneKDC kdc = new OneKDC(null); 45 kdc.writeJAASConf(); 46 47 // Rewrite keytab, 3 set of keys with different kvno 48 KeyTab ktab = KeyTab.create(OneKDC.KTAB); 49 p = new PrincipalName( 50 OneKDC.SERVER+"@"+OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST); 51 ktab.addEntry(p, "pass1".toCharArray(), 1, true); 52 ktab.addEntry(p, "pass3".toCharArray(), 3, true); 53 ktab.addEntry(p, "pass2".toCharArray(), 2, true); 54 ktab.save(); 55 56 char[] pass = "pass2".toCharArray(); 57 kdc.addPrincipal(OneKDC.SERVER, pass); 58 go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass); 59 60 pass = "pass3".toCharArray(); 61 kdc.addPrincipal(OneKDC.SERVER, pass); 62 // "server" initiate also, check pass2 is used at authentication 63 go(OneKDC.SERVER, "server", pass); 64 65 try { 66 pass = "pass4".toCharArray(); 67 kdc.addPrincipal(OneKDC.SERVER, pass); 68 go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass); 69 throw new Exception("This test should fail"); 70 } catch (GSSException gsse) { 71 // Since 7197159, different kvno is accepted, this return code 72 // will never be thrown out again. 73 //KrbException ke = (KrbException)gsse.getCause(); 74 //if (ke.returnCode() != Krb5.KRB_AP_ERR_BADKEYVER) { 75 // throw new Exception("Not expected failure code: " + 76 // ke.returnCode()); 77 //} 78 } 79 } 80 81 static void go(String server, String entry, char[] pass) throws Exception { 82 Context c, s; 83 84 // Part 1: Test keytab 85 c = Context.fromUserPass("dummy", "bogus".toCharArray(), false); 86 s = Context.fromJAAS(entry); 87 88 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 89 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 90 91 Context.handshake(c, s); 92 93 s.dispose(); 94 c.dispose(); 95 96 // Part 2: Test username/password pair 97 c = Context.fromUserPass("dummy", "bogus".toCharArray(), false); 98 s = Context.fromUserPass(p.getNameString(), pass, true); 99 100 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 101 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 102 103 Context.handshake(c, s); 104 105 s.dispose(); 106 c.dispose(); 107 } 108 }