New test/sun/security/krb5/auto/SaslUnbound.java

   1 /*
   2  * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8001104
  27  * @summary Unbound SASL service: the GSSAPI/krb5 mech
  28  * @modules java.base/sun.net.spi.nameservice
  29  *          java.base/sun.security.util
  30  *          java.security.jgss/sun.security.krb5
  31  *          java.security.jgss/sun.security.krb5.internal
  32  *          java.security.jgss/sun.security.krb5.internal.ccache
  33  *          java.security.jgss/sun.security.krb5.internal.crypto
  34  *          java.security.jgss/sun.security.krb5.internal.ktab
  35  *          java.security.sasl
  36  * @compile -XDignore.symbol.file SaslUnbound.java
  37  * @run main/othervm SaslUnbound 0
  38  * @run main/othervm/fail SaslUnbound 1
  39  * @run main/othervm/fail SaslUnbound 2
  40  * @run main/othervm/fail SaslUnbound 3
  41  * @run main/othervm/fail SaslUnbound 4
  42  */
  43 import java.io.IOException;
  44 import java.util.Arrays;
  45 import java.util.HashMap;
  46 import javax.security.auth.callback.Callback;
  47 import javax.security.auth.callback.CallbackHandler;
  48 import javax.security.auth.callback.UnsupportedCallbackException;
  49 import javax.security.sasl.*;
  50 
  51 public class SaslUnbound {
  52 
  53     public static void main(String[] args) throws Exception {
  54 
  55         String serverProtocol, serverName;
  56         switch (args[0].charAt(0)) {
  57             case '1':       // Using another protocol, should fail
  58                 serverProtocol = "serv";
  59                 serverName = null;
  60                 break;
  61             case '2':       // Using another protocol, should fail
  62                 serverProtocol = "otherwise";
  63                 serverName = null;
  64                 break;
  65             case '3':       // Using another protocol, should fail
  66                 serverProtocol = "otherwise";
  67                 serverName = "host." + OneKDC.REALM;
  68                 break;
  69             case '4':       // Bound to another serverName, should fail.
  70                 serverProtocol = "server";
  71                 serverName = "host2." + OneKDC.REALM;
  72                 break;
  73             default:        // Good unbound server
  74                 serverProtocol = "server";
  75                 serverName = null;
  76                 break;
  77         }
  78         new OneKDC(null).writeJAASConf();
  79         System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
  80 
  81         HashMap clntprops = new HashMap();
  82         clntprops.put(Sasl.QOP, "auth-conf");
  83         SaslClient sc = Sasl.createSaslClient(
  84                 new String[]{"GSSAPI"}, null, "server",
  85                 "host." + OneKDC.REALM, clntprops, null);
  86 
  87         final HashMap srvprops = new HashMap();
  88         srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf");
  89         SaslServer ss = Sasl.createSaslServer("GSSAPI", serverProtocol,
  90                 serverName, srvprops,
  91                 new CallbackHandler() {
  92                     public void handle(Callback[] callbacks)
  93                             throws IOException, UnsupportedCallbackException {
  94                         for (Callback cb : callbacks) {
  95                             if (cb instanceof RealmCallback) {
  96                                 ((RealmCallback) cb).setText(OneKDC.REALM);
  97                             } else if (cb instanceof AuthorizeCallback) {
  98                                 ((AuthorizeCallback) cb).setAuthorized(true);
  99                             }
 100                         }
 101                     }
 102                 });
 103 
 104         byte[] token = new byte[0];
 105         while (!sc.isComplete() || !ss.isComplete()) {
 106             if (!sc.isComplete()) {
 107                 token = sc.evaluateChallenge(token);
 108             }
 109             if (!ss.isComplete()) {
 110                 token = ss.evaluateResponse(token);
 111             }
 112         }
 113         System.out.println(ss.getNegotiatedProperty(Sasl.BOUND_SERVER_NAME));
 114         byte[] hello = "hello".getBytes();
 115         token = sc.wrap(hello, 0, hello.length);
 116         token = ss.unwrap(token, 0, token.length);
 117         if (!Arrays.equals(hello, token)) {
 118             throw new Exception("Message altered");
 119         }
 120     }
 121 }