--- old/test/jdk/sun/security/krb5/auto/SSLwithPerms.java 2018-05-11 15:11:44.444596600 -0700 +++ /dev/null 2018-05-11 10:42:23.849000000 -0700 @@ -1,235 +0,0 @@ -/* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 8038089 8194486 - * @summary TLS optional support for Kerberos cipher suites needs to be re-examined - * @library ../../../../java/security/testlibrary/ /test/lib - * @run main jdk.test.lib.FileInstaller TestHosts TestHosts - * @run main/othervm -Djdk.net.hosts.file=TestHosts SSLwithPerms - */ -import java.io.*; -import javax.net.ssl.*; -import javax.security.auth.AuthPermission; -import javax.security.auth.kerberos.ServicePermission; -import java.net.SocketPermission; -import java.nio.ByteBuffer; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.security.Principal; -import java.security.Security; -import java.security.SecurityPermission; -import java.util.Collections; -import java.util.Date; -import java.util.List; -import java.util.ArrayList; -import java.util.Locale; -import java.util.PropertyPermission; - -import sun.security.jgss.GSSUtil; - -public class SSLwithPerms { - - static String KRB5_CONF = "krb5.conf"; - static String JAAS_CONF = "jaas.conf"; - static String REALM = "REALM"; - static String KTAB = "ktab"; - static String HOST = "host." + REALM.toLowerCase(Locale.US); - static String SERVER = "host/" + HOST; - static String USER = "user"; - static char[] PASS = "password".toCharArray(); - - public static void main(String[] args) throws Exception { - - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - if (args.length == 0) { - KDC kdc = KDC.create(REALM, HOST, 0, true); - - kdc.addPrincipal(USER, PASS); - kdc.addPrincipalRandKey("krbtgt/" + REALM); - kdc.addPrincipalRandKey(SERVER); - KDC.saveConfig(KRB5_CONF, kdc); - kdc.writeKtab(KTAB); - - File f = new File(JAAS_CONF); - FileOutputStream fos = new FileOutputStream(f); - fos.write(( - "ssl {\n" + - " com.sun.security.auth.module.Krb5LoginModule required\n" + - " principal=\"" + SERVER + "\"\n" + - " useKeyTab=true\n" + - " keyTab=" + KTAB + "\n" + - " isInitiator=false\n" + - " storeKey=true;\n};\n" - ).getBytes()); - fos.close(); - - String hostsFileName = System.getProperty("test.src", ".") + "/TestHosts"; - - Proc pc = Proc.create("SSLwithPerms") - .args("client") - .inheritIO() - .prop("java.security.manager", "") - .prop("java.security.krb5.conf", KRB5_CONF) - .prop("jdk.net.hosts.file", hostsFileName) - .prop("javax.net.ssl", "handshake") - .prop("sun.security.krb5.debug", "true") - .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms")) - .perm(new java.util.PropertyPermission("user.name", "read")) - .perm(new PropertyPermission("sun.security.krb5.principal", "read")) - .perm(new FilePermission("port", "read")) - .perm(new FilePermission(hostsFileName, "read")) - .perm(new FilePermission(KTAB, "read")) - .perm(new AuthPermission("modifyPrincipals")) - .perm(new AuthPermission("modifyPrivateCredentials")) - .perm(new AuthPermission("doAs")) - .perm(new SocketPermission("127.0.0.1", "connect")) - .perm(new ServicePermission("host/host.realm@REALM", "initiate")) - .start(); - - Proc ps = Proc.create("SSLwithPerms") - .args("server") - .inheritIO() - .prop("java.security.manager", "") - .prop("java.security.krb5.conf", KRB5_CONF) - .prop("java.security.auth.login.config", JAAS_CONF) - .prop("jdk.net.hosts.file", hostsFileName) - .prop("javax.net.ssl", "handshake") - .prop("sun.security.krb5.debug", "true") - .perm(new SecurityPermission("setProperty.jdk.tls.disabledAlgorithms")) - .perm(new AuthPermission("createLoginContext.ssl")) - .perm(new AuthPermission("doAs")) - .perm(new FilePermission(hostsFileName, "read")) - .perm(new FilePermission("port", "write")) - .perm(new SocketPermission("127.0.0.1", "accept")) - .perm(new ServicePermission("host/host.realm@REALM", "accept")) - .start(); - - if (pc.waitFor() != 0) { - throw new Exception(); - } - if (ps.waitFor() != 0) { - throw new Exception(); - } - } else if (args[0].equals("client")) { - Context c; - c = Context.fromUserPass(USER, PASS, false); - c.doAs(new JsseClientAction(), null); - } else if (args[0].equals("server")) { - final Context s = Context.fromJAAS("ssl"); - s.doAs(new JsseServerAction(), null); - } - } - - private static class JsseClientAction implements Action { - public byte[] run(Context s, byte[] input) throws Exception { - SSLSocketFactory sslsf = - (SSLSocketFactory) SSLSocketFactory.getDefault(); - while (!Files.exists(Paths.get("port"))) { - Thread.sleep(100); - } - int port = ByteBuffer.allocate(4) - .put(Files.readAllBytes(Paths.get("port"))).getInt(0); - System.out.println("Connecting " + SERVER + ":" + port); - SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(HOST, port); - - // Enable only a KRB5 cipher suite. - String enabledSuites[] = {"TLS_KRB5_WITH_RC4_128_SHA"}; - sslSocket.setEnabledCipherSuites(enabledSuites); - - SSLParameters params = sslSocket.getSSLParameters(); - params.setServerNames(Collections.singletonList(new SNIHostName(HOST))); - sslSocket.setSSLParameters(params); - - BufferedReader in = new BufferedReader(new InputStreamReader( - sslSocket.getInputStream())); - BufferedWriter out = new BufferedWriter(new OutputStreamWriter( - sslSocket.getOutputStream())); - - String outStr = "Hello There!\n"; - out.write(outStr); - out.flush(); - System.out.print("Sending " + outStr); - - String inStr = in.readLine(); - System.out.println("Received " + inStr); - - String cipherSuiteChosen = sslSocket.getSession().getCipherSuite(); - System.out.println("Cipher suite in use: " + cipherSuiteChosen); - Principal self = sslSocket.getSession().getLocalPrincipal(); - System.out.println("I am: " + self.toString()); - Principal peer = sslSocket.getSession().getPeerPrincipal(); - System.out.println("Server is: " + peer.toString()); - - sslSocket.close(); - return null; - } - } - - private static class JsseServerAction implements Action { - public byte[] run(Context s, byte[] input) throws Exception { - SSLServerSocketFactory sslssf = - (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(0); // any port - int port = sslServerSocket.getLocalPort(); - System.out.println("Listening on " + port); - - String enabledSuites[] = {"TLS_KRB5_WITH_RC4_128_SHA"}; - sslServerSocket.setEnabledCipherSuites(enabledSuites); - - Files.write(Paths.get("port"), ByteBuffer.allocate(4).putInt(port).array()); - System.out.println("Waiting for incoming connection..."); - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - - System.out.println("Got connection from client " - + sslSocket.getInetAddress()); - - BufferedReader in = new BufferedReader(new InputStreamReader( - sslSocket.getInputStream())); - BufferedWriter out = new BufferedWriter(new OutputStreamWriter( - sslSocket.getOutputStream())); - - String inStr = in.readLine(); - System.out.println("Received " + inStr); - - String outStr = inStr + " " + new Date().toString() + "\n"; - out.write(outStr); - System.out.println("Sending " + outStr); - out.flush(); - - String cipherSuiteChosen = - sslSocket.getSession().getCipherSuite(); - System.out.println("Cipher suite in use: " + cipherSuiteChosen); - Principal self = sslSocket.getSession().getLocalPrincipal(); - System.out.println("I am: " + self.toString()); - Principal peer = sslSocket.getSession().getPeerPrincipal(); - System.out.println("Client is: " + peer.toString()); - - sslSocket.close(); - return null; - } - } -}