1 /* 2 * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6893158 6907425 7197159 27 * @modules java.base/sun.net.spi.nameservice 28 * java.base/sun.security.util 29 * java.security.jgss/sun.security.jgss 30 * java.security.jgss/sun.security.krb5 31 * java.security.jgss/sun.security.krb5.internal 32 * java.security.jgss/sun.security.krb5.internal.ccache 33 * java.security.jgss/sun.security.krb5.internal.crypto 34 * java.security.jgss/sun.security.krb5.internal.ktab 35 * @run main/othervm MoreKvno 36 * @summary AP_REQ check should use key version number 37 */ 38 39 import org.ietf.jgss.GSSException; 40 import sun.security.jgss.GSSUtil; 41 import sun.security.krb5.KrbException; 42 import sun.security.krb5.PrincipalName; 43 import sun.security.krb5.internal.ktab.KeyTab; 44 import sun.security.krb5.internal.Krb5; 45 46 public class MoreKvno { 47 48 static PrincipalName p; 49 public static void main(String[] args) 50 throws Exception { 51 52 OneKDC kdc = new OneKDC(null); 53 kdc.writeJAASConf(); 54 55 // Rewrite keytab, 3 set of keys with different kvno 56 KeyTab ktab = KeyTab.create(OneKDC.KTAB); 57 p = new PrincipalName( 58 OneKDC.SERVER+"@"+OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST); 59 ktab.addEntry(p, "pass1".toCharArray(), 1, true); 60 ktab.addEntry(p, "pass3".toCharArray(), 3, true); 61 ktab.addEntry(p, "pass2".toCharArray(), 2, true); 62 ktab.save(); 63 64 char[] pass = "pass2".toCharArray(); 65 kdc.addPrincipal(OneKDC.SERVER, pass); 66 go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass); 67 68 pass = "pass3".toCharArray(); 69 kdc.addPrincipal(OneKDC.SERVER, pass); 70 // "server" initiate also, check pass2 is used at authentication 71 go(OneKDC.SERVER, "server", pass); 72 73 try { 74 pass = "pass4".toCharArray(); 75 kdc.addPrincipal(OneKDC.SERVER, pass); 76 go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass); 77 throw new Exception("This test should fail"); 78 } catch (GSSException gsse) { 79 // Since 7197159, different kvno is accepted, this return code 80 // will never be thrown out again. 81 //KrbException ke = (KrbException)gsse.getCause(); 82 //if (ke.returnCode() != Krb5.KRB_AP_ERR_BADKEYVER) { 83 // throw new Exception("Not expected failure code: " + 84 // ke.returnCode()); 85 //} 86 } 87 } 88 89 static void go(String server, String entry, char[] pass) throws Exception { 90 Context c, s; 91 92 // Part 1: Test keytab 93 c = Context.fromUserPass("dummy", "bogus".toCharArray(), false); 94 s = Context.fromJAAS(entry); 95 96 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 97 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 98 99 Context.handshake(c, s); 100 101 s.dispose(); 102 c.dispose(); 103 104 // Part 2: Test username/password pair 105 c = Context.fromUserPass("dummy", "bogus".toCharArray(), false); 106 s = Context.fromUserPass(p.getNameString(), pass, true); 107 108 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 109 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 110 111 Context.handshake(c, s); 112 113 s.dispose(); 114 c.dispose(); 115 } 116 }