1 /* 2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8131051 8194486 8187218 27 * @summary KDC might issue a renewable ticket even if not requested 28 * @library /test/lib 29 * @compile -XDignore.symbol.file LongLife.java 30 * @run main jdk.test.lib.FileInstaller TestHosts TestHosts 31 * @run main/othervm -Djdk.net.hosts.file=TestHosts LongLife 32 */ 33 34 import org.ietf.jgss.GSSCredential; 35 import org.ietf.jgss.GSSManager; 36 import sun.security.krb5.Config; 37 import javax.security.auth.Subject; 38 import javax.security.auth.kerberos.KerberosTicket; 39 import java.security.PrivilegedExceptionAction; 40 41 public class LongLife { 42 main(String[] args)43 public static void main(String[] args) throws Exception { 44 45 OneKDC kdc = new OneKDC(null).writeJAASConf(); 46 47 test(kdc, "10h", false, 36000, false); 48 test(kdc, "2d", false, KDC.DEFAULT_LIFETIME, true); 49 test(kdc, "2d", true, 2 * 24 * 3600, false); 50 51 // 8187218: getRemainingLifetime() is negative if lifetime 52 // is longer than 30 days. 53 test(kdc, "30d", true, 30 * 24 * 3600, false); 54 } 55 test( KDC kdc, String ticketLifetime, boolean forceTill, int expectedLifeTime, boolean expectedRenewable)56 static void test( 57 KDC kdc, 58 String ticketLifetime, 59 boolean forceTill, // if true, KDC will not try RENEWABLE 60 int expectedLifeTime, 61 boolean expectedRenewable) throws Exception { 62 63 KDC.saveConfig(OneKDC.KRB5_CONF, kdc, 64 "ticket_lifetime = " + ticketLifetime); 65 Config.refresh(); 66 67 if (forceTill) { 68 System.setProperty("test.kdc.force.till", ""); 69 } else { 70 System.clearProperty("test.kdc.force.till"); 71 } 72 73 Context c = Context.fromJAAS("client"); 74 75 GSSCredential cred = Subject.doAs(c.s(), 76 (PrivilegedExceptionAction<GSSCredential>) 77 ()-> { 78 GSSManager m = GSSManager.getInstance(); 79 return m.createCredential(GSSCredential.INITIATE_ONLY); 80 }); 81 82 KerberosTicket tgt = c.s().getPrivateCredentials(KerberosTicket.class) 83 .iterator().next(); 84 System.out.println(tgt); 85 86 int actualLifeTime = cred.getRemainingLifetime(); 87 if (actualLifeTime < expectedLifeTime - 60 88 || actualLifeTime > expectedLifeTime + 60) { 89 throw new Exception("actualLifeTime is " + actualLifeTime); 90 } 91 92 if (tgt.isRenewable() != expectedRenewable) { 93 throw new Exception("TGT's RENEWABLE flag is " + tgt.isRenewable()); 94 } 95 } 96 } 97