1 /*
2  * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.
8  *
9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 /*
25  * @test
26  * @bug 8005447 8194486
27  * @summary default principal can act as anyone
28  * @library /test/lib
29  * @compile -XDignore.symbol.file DiffNameSameKey.java
30  * @run main jdk.test.lib.FileInstaller TestHosts TestHosts
31  * @run main/othervm/fail -Djdk.net.hosts.file=TestHosts DiffNameSameKey a
32  * @run main/othervm -Djdk.net.hosts.file=TestHosts DiffNameSameKey b
33  */
34 
35 import sun.security.jgss.GSSUtil;
36 import sun.security.krb5.PrincipalName;
37 
38 /**
39  * This test confirms the compatibility codes described in
40  * ServiceCreds.getEKeys(). If the acceptor starts as x.us.oracle.com
41  * but client requests for x.us, as long as the KDC supports both names
42  * and the keys are the same, the auth should succeed.
43  */
44 public class DiffNameSameKey {
45 
46     static final String SERVER2 = "x" + OneKDC.SERVER;
47 
main(String[] args)48     public static void main(String[] args) throws Exception {
49 
50         OneKDC kdc = new KDC2();
51         kdc.addPrincipal(SERVER2, "samepass".toCharArray());
52         kdc.addPrincipal(OneKDC.SERVER, "samepass".toCharArray());
53         kdc.writeJAASConf();
54         kdc.writeKtab(OneKDC.KTAB);
55 
56         Context c, s;
57         c = Context.fromJAAS("client");
58         s = Context.fromJAAS("server");
59 
60         switch (args[0]) {
61             case "a":   // If server starts as another service, should fail
62                 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
63                 s.startAsServer(SERVER2.replace('/', '@'),
64                         GSSUtil.GSS_SPNEGO_MECH_OID);
65                 break;
66             case "b":   // If client requests another server with the same keys,
67                         // succeed to be compatible
68                 c.startAsClient(SERVER2, GSSUtil.GSS_SPNEGO_MECH_OID);
69                 s.startAsServer(OneKDC.SERVER.replace('/', '@'),
70                         GSSUtil.GSS_SPNEGO_MECH_OID);
71                 break;
72         }
73 
74         Context.handshake(c, s);
75 
76         s.dispose();
77         c.dispose();
78     }
79 
80     /**
81      * This KDC returns the same salt for all principals. This means same
82      * passwords generate same keys.
83      */
84     static class KDC2 extends OneKDC {
KDC2()85         KDC2() throws Exception {
86             super(null);
87         }
88         @Override
getSalt(PrincipalName pn)89         public String getSalt(PrincipalName pn) {
90             return "SAME";
91         }
92     }
93 }
94