83 try (DatagramSocket d1 = new DatagramSocket();
84 DatagramSocket d2 = new DatagramSocket()) {
85 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
86 }
87 } else {
88 try (ServerSocket d1 = new ServerSocket(0);
89 ServerSocket d2 = new ServerSocket(0)) {
90 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
91 }
92 }
93 }
94
95 static void run(int p1, int p2, int p3) throws Exception {
96
97 // cm.kdc() will return a and b for fake KDCs, and c for real KDC.
98 cm.addPort(-1).addPort(p1).addPort(p2).addPort(p3);
99
100 System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
101
102 // Check default timeout is 30s. Use real KDC only, otherwise too
103 // slow to wait for timeout.
104 writeConf(-1, -1, p3);
105 test("c30000c30000");
106
107 // 1. Default policy is tryLast
108 //Security.setProperty("krb5.kdc.bad.policy", "tryLast");
109
110 // Need a real KDC, otherwise there is no last good.
111 // This test waste 3 seconds waiting for d1 to timeout.
112 // It is possible the real KDC cannot fulfil the request
113 // in 3s, so it might fail (either 1st time or 2nd time).
114 writeConf(1, 3000, p1, p3);
115 test("a3000c3000c3000|a3000c3000-|a3000c3000c3000a3000-");
116
117 // If a test case won't use a real KDC, it can be sped up.
118 writeConf(3, 5, p1, p2);
119 test("a5a5a5b5b5b5-"); // default max_retries == 3
120 test("a5a5a5b5b5b5-"); // all bad means no bad
121
122 // 2. No policy.
123 Security.setProperty("krb5.kdc.bad.policy", "");
124 Config.refresh();
125
|
83 try (DatagramSocket d1 = new DatagramSocket();
84 DatagramSocket d2 = new DatagramSocket()) {
85 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
86 }
87 } else {
88 try (ServerSocket d1 = new ServerSocket(0);
89 ServerSocket d2 = new ServerSocket(0)) {
90 run(d1.getLocalPort(), d2.getLocalPort(), kdc.getPort());
91 }
92 }
93 }
94
95 static void run(int p1, int p2, int p3) throws Exception {
96
97 // cm.kdc() will return a and b for fake KDCs, and c for real KDC.
98 cm.addPort(-1).addPort(p1).addPort(p2).addPort(p3);
99
100 System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
101
102 // Check default timeout is 30s. Use real KDC only, otherwise too
103 // slow to wait for timeout. Each request (without preauth and with
104 // preauth) might be retried 3 times, and could fail if one fails for
105 // all 3 times.
106 writeConf(-1, -1, p3);
107 test("(c30000){2,6}|(c30000){3,6}-");
108
109 // 1. Default policy is tryLast
110 //Security.setProperty("krb5.kdc.bad.policy", "tryLast");
111
112 // Need a real KDC, otherwise there is no last good.
113 // This test waste 3 seconds waiting for d1 to timeout.
114 // It is possible the real KDC cannot fulfil the request
115 // in 3s, so it might fail (either 1st time or 2nd time).
116 writeConf(1, 3000, p1, p3);
117 test("a3000c3000c3000|a3000c3000-|a3000c3000c3000a3000-");
118
119 // If a test case won't use a real KDC, it can be sped up.
120 writeConf(3, 5, p1, p2);
121 test("a5a5a5b5b5b5-"); // default max_retries == 3
122 test("a5a5a5b5b5b5-"); // all bad means no bad
123
124 // 2. No policy.
125 Security.setProperty("krb5.kdc.bad.policy", "");
126 Config.refresh();
127
|