1 /* 2 * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6706974 8014628 8194486 27 * @summary Add krb5 test infrastructure 28 * @library /test/lib 29 * @compile -XDignore.symbol.file BasicKrb5Test.java 30 * @run main jdk.test.lib.FileInstaller TestHosts TestHosts 31 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 32 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des-cbc-crc 33 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des-cbc-md5 34 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des3-cbc-sha1 35 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes128-sha1 36 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes256-sha1 37 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes128-sha2 38 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes256-sha2 39 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test rc4-hmac 40 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test -s 41 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des-cbc-crc -s 42 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des-cbc-md5 -s 43 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 44 * des3-cbc-sha1 -s 45 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes128-sha1 -s 46 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes256-sha1 -s 47 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes128-sha2 -s 48 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes256-sha2 -s 49 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test rc4-hmac -s 50 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test -C 51 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des-cbc-crc -C 52 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test des-cbc-md5 -C 53 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 54 * des3-cbc-sha1 -C 55 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes128-sha1 -C 56 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes256-sha1 -C 57 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes128-sha2 -C 58 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test aes256-sha2 -C 59 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test rc4-hmac -C 60 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test -s -C 61 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 62 * des-cbc-crc -s -C 63 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 64 * des-cbc-md5 -s -C 65 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 66 * des3-cbc-sha1 -s -C 67 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 68 * aes128-sha1 -s -C 69 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 70 * aes256-sha1 -s -C 71 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 72 * aes128-sha2 -s -C 73 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 74 * aes256-sha2 -s -C 75 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicKrb5Test 76 * rc4-hmac -s -C 77 */ 78 79 import org.ietf.jgss.GSSName; 80 import sun.security.jgss.GSSUtil; 81 import sun.security.krb5.KrbException; 82 83 /** 84 * Basic JGSS/krb5 test with 3 parties: client, server, backend server. Each 85 * party uses JAAS login to get subjects and executes JGSS calls using 86 * Subject.doAs. 87 */ 88 public class BasicKrb5Test { 89 90 private static boolean conf = true; 91 /** 92 * @param args empty or etype 93 */ main(String[] args)94 public static void main(String[] args) 95 throws Exception { 96 97 String etype = null; 98 for (String arg: args) { 99 if (arg.equals("-s")) Context.usingStream = true; 100 else if (arg.equals("-C")) conf = false; 101 else etype = arg; 102 } 103 104 // Creates and starts the KDC. This line must be put ahead of etype check 105 // since the check needs a krb5.conf. 106 try { 107 new OneKDC(etype).writeJAASConf(); 108 } catch (KrbException ke) { 109 System.out.println("Testing etype " + etype + "Not supported."); 110 return; 111 } 112 113 new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND); 114 } 115 go(final String server, final String backend)116 void go(final String server, final String backend) throws Exception { 117 Context c, s, s2, b; 118 c = Context.fromJAAS("client"); 119 s = Context.fromJAAS("server"); 120 b = Context.fromJAAS("backend"); 121 122 c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID); 123 c.x().requestCredDeleg(true); 124 c.x().requestConf(conf); 125 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 126 127 c.status(); 128 s.status(); 129 130 Context.handshake(c, s); 131 GSSName client = c.x().getSrcName(); 132 133 c.status(); 134 s.status(); 135 136 Context.transmit("i say high --", c, s); 137 Context.transmit(" you say low", s, c); 138 139 s2 = s.delegated(); 140 s.dispose(); 141 s = null; 142 143 s2.startAsClient(backend, GSSUtil.GSS_KRB5_MECH_OID); 144 s2.x().requestConf(conf); 145 b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 146 147 s2.status(); 148 b.status(); 149 150 Context.handshake(s2, b); 151 GSSName client2 = b.x().getSrcName(); 152 153 if (!client.equals(client2)) { 154 throw new Exception("Delegation failed"); 155 } 156 157 s2.status(); 158 b.status(); 159 160 Context.transmit("you say hello --", s2, b); 161 Context.transmit(" i say goodbye", b, s2); 162 163 s2.dispose(); 164 b.dispose(); 165 } 166 } 167