1 /* 2 * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6706974 27 * @summary Add krb5 test infrastructure 28 * @compile -XDignore.symbol.file BasicKrb5Test.java 29 * @run main/othervm BasicKrb5Test 30 * @run main/othervm BasicKrb5Test des-cbc-crc 31 * @run main/othervm BasicKrb5Test des-cbc-md5 32 * @run main/othervm BasicKrb5Test des3-cbc-sha1 33 * @run main/othervm BasicKrb5Test aes128-cts 34 * @run main/othervm BasicKrb5Test aes256-cts 35 * @run main/othervm BasicKrb5Test rc4-hmac 36 * @run main/othervm BasicKrb5Test -s 37 * @run main/othervm BasicKrb5Test des-cbc-crc -s 38 * @run main/othervm BasicKrb5Test des-cbc-md5 -s 39 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s 40 * @run main/othervm BasicKrb5Test aes128-cts -s 41 * @run main/othervm BasicKrb5Test aes256-cts -s 42 * @run main/othervm BasicKrb5Test rc4-hmac -s 43 * @run main/othervm BasicKrb5Test -C 44 * @run main/othervm BasicKrb5Test des-cbc-crc -C 45 * @run main/othervm BasicKrb5Test des-cbc-md5 -C 46 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -C 47 * @run main/othervm BasicKrb5Test aes128-cts -C 48 * @run main/othervm BasicKrb5Test aes256-cts -C 49 * @run main/othervm BasicKrb5Test rc4-hmac -C 50 * @run main/othervm BasicKrb5Test -s -C 51 * @run main/othervm BasicKrb5Test des-cbc-crc -s -C 52 * @run main/othervm BasicKrb5Test des-cbc-md5 -s -C 53 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s -C 54 * @run main/othervm BasicKrb5Test aes128-cts -s -C 55 * @run main/othervm BasicKrb5Test aes256-cts -s -C 56 * @run main/othervm BasicKrb5Test rc4-hmac -s -C 57 */ 58 59 import org.ietf.jgss.GSSName; 60 import sun.security.jgss.GSSUtil; 61 import sun.security.krb5.Config; 62 import sun.security.krb5.internal.crypto.EType; 63 64 /** 65 * Basic JGSS/krb5 test with 3 parties: client, server, backend server. Each 66 * party uses JAAS login to get subjects and executes JGSS calls using 67 * Subject.doAs. 68 */ 69 public class BasicKrb5Test { 70 71 private static boolean conf = true; 72 /** 73 * @param args empty or etype 74 */ 75 public static void main(String[] args) 76 throws Exception { 77 78 String etype = null; 79 for (String arg: args) { 80 if (arg.equals("-s")) Context.usingStream = true; 81 else if(arg.equals("-C")) conf = false; 82 else etype = arg; 83 } 84 85 // Creates and starts the KDC. This line must be put ahead of etype check 86 // since the check needs a krb5.conf. 87 new OneKDC(etype).writeJAASConf(); 88 89 System.out.println("Testing etype " + etype); 90 if (etype != null && !EType.isSupported(Config.getType(etype))) { 91 // aes256 is not enabled on all systems 92 System.out.println("Not supported."); 93 return; 94 } 95 96 new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND); 97 } 98 99 void go(final String server, final String backend) throws Exception { 100 Context c, s, s2, b; 101 c = Context.fromJAAS("client"); 102 s = Context.fromJAAS("server"); 103 b = Context.fromJAAS("backend"); 104 105 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 106 c.x().requestCredDeleg(true); 107 c.x().requestConf(conf); 108 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 109 110 c.status(); 111 s.status(); 112 113 Context.handshake(c, s); 114 GSSName client = c.x().getSrcName(); 115 116 c.status(); 117 s.status(); 118 119 Context.transmit("i say high --", c, s); 120 Context.transmit(" you say low", s, c); 121 122 s2 = s.delegated(); 123 s.dispose(); 124 s = null; 125 126 s2.startAsClient(backend, GSSUtil.GSS_KRB5_MECH_OID); 127 s2.x().requestConf(conf); 128 b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 129 130 s2.status(); 131 b.status(); 132 133 Context.handshake(s2, b); 134 GSSName client2 = b.x().getSrcName(); 135 136 if (!client.equals(client2)) { 137 throw new Exception("Delegation failed"); 138 } 139 140 s2.status(); 141 b.status(); 142 143 Context.transmit("you say hello --", s2, b); 144 Context.transmit(" i say goodbye", b, s2); 145 146 s2.dispose(); 147 b.dispose(); 148 } 149 }