New test/sun/security/jgss/spnego/MSOID.java

   1 /*
   2  * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8078439
  27  * @summary SPNEGO auth fails if client proposes MS krb5 OID
  28  */
  29 
  30 import org.ietf.jgss.GSSContext;
  31 import org.ietf.jgss.GSSCredential;
  32 import org.ietf.jgss.GSSException;
  33 import org.ietf.jgss.GSSManager;
  34 
  35 import java.lang.Exception;
  36 import java.nio.file.Files;
  37 import java.nio.file.Paths;
  38 import java.util.Arrays;
  39 import java.util.Base64;
  40 
  41 public class MSOID {
  42     public static void main(String[] args) throws Exception {
  43 
  44         // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
  45         // IIS server on a test machine. No sensitive info included.
  46         byte[] header = Files.readAllBytes(
  47                 Paths.get(System.getProperty("test.src"), "msoid.txt"));
  48         byte[] token = Base64.getMimeDecoder().decode(
  49                 Arrays.copyOfRange(header, 10, header.length));
  50 
  51         GSSCredential cred = null;
  52         GSSContext ctx = GSSManager.getInstance().createContext(cred);
  53 
  54         try {
  55             ctx.acceptSecContext(token, 0, token.length);
  56             // Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
  57             // and acceptor chooses another mech and goes on
  58             throw new Exception("Should fail");
  59         } catch (GSSException gsse) {
  60             // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
  61             // cannot be accepted because we don't have any krb5 credential.
  62             gsse.printStackTrace();
  63             if (gsse.getMajor() != GSSException.NO_CRED) {
  64                 throw gsse;
  65             }
  66             for (StackTraceElement st: gsse.getStackTrace()) {
  67                 if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
  68                     // Good, it is already in krb5 mech's hand.
  69                     return;
  70                 }
  71             }
  72             throw gsse;
  73         }
  74     }
  75 }