1 /* 2 * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 5014493 27 * @summary SaslServer.wrap throws NullPointerException when security 28 * layer negotiated. 29 * @run main/manual ConfSecurityLayer 30 */ 31 32 /* 33 * Set logging to FINEST to view exchange. 34 * See run-conf-wjaas.csh for instructions for how to run this test. 35 */ 36 37 import javax.security.sasl.*; 38 import javax.security.auth.callback.*; 39 import java.security.*; 40 import javax.security.auth.Subject; 41 import javax.security.auth.login.*; 42 import com.sun.security.auth.callback.*; 43 import java.util.HashMap; 44 45 public class ConfSecurityLayer { 46 private static final String MECH = "GSSAPI"; 47 private static final String SERVER_FQDN = "machineX.imc.org"; 48 private static final String PROTOCOL = "sample"; 49 50 private static String namesfile, proxyfile; 51 private static final byte[] EMPTY = new byte[0]; 52 private static boolean auto; 53 private static boolean verbose = false; 54 main(String[] args)55 public static void main(String[] args) throws Exception { 56 if (args.length == 0) { 57 namesfile = null; 58 auto = true; 59 } else { 60 int i = 0; 61 if (args[i].equals("-m")) { 62 i++; 63 auto = false; 64 } 65 if (args.length > i) { 66 namesfile = args[i++]; 67 if (args.length > i) { 68 proxyfile = args[i]; 69 } 70 } else { 71 namesfile = null; 72 } 73 } 74 75 CallbackHandler clntCbh = null; 76 final CallbackHandler srvCbh = new PropertiesFileCallbackHandler( 77 null, namesfile, proxyfile); 78 79 Subject clntSubj = doLogin("client"); 80 Subject srvSubj = doLogin("server"); 81 final HashMap clntprops = new HashMap(); 82 final HashMap srvprops = new HashMap(); 83 84 clntprops.put(Sasl.QOP, "auth-conf"); 85 srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf"); 86 87 final SaslClient clnt = (SaslClient) 88 Subject.doAs(clntSubj, new PrivilegedExceptionAction() { 89 public Object run() throws Exception { 90 return Sasl.createSaslClient( 91 new String[]{MECH}, null, PROTOCOL, SERVER_FQDN, 92 clntprops, null); 93 } 94 }); 95 96 if (verbose) { 97 System.out.println(clntSubj); 98 System.out.println(srvSubj); 99 } 100 final SaslServer srv = (SaslServer) 101 Subject.doAs(srvSubj, new PrivilegedExceptionAction() { 102 public Object run() throws Exception { 103 return Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN, 104 srvprops, srvCbh); 105 } 106 }); 107 108 109 if (clnt == null) { 110 throw new IllegalStateException( 111 "Unable to find client impl for " + MECH); 112 } 113 if (srv == null) { 114 throw new IllegalStateException( 115 "Unable to find server impl for " + MECH); 116 } 117 118 byte[] response; 119 byte[] challenge; 120 121 response = (byte[]) Subject.doAs(clntSubj, 122 new PrivilegedExceptionAction() { 123 public Object run() throws Exception { 124 return (clnt.hasInitialResponse()? clnt.evaluateChallenge(EMPTY) : EMPTY); 125 }}); 126 127 while (!clnt.isComplete() || !srv.isComplete()) { 128 final byte[] responseCopy = response; 129 challenge = (byte[]) Subject.doAs(srvSubj, 130 new PrivilegedExceptionAction() { 131 public Object run() throws Exception { 132 return srv.evaluateResponse(responseCopy); 133 }}); 134 135 if (challenge != null) { 136 final byte[] challengeCopy = challenge; 137 response = (byte[]) Subject.doAs(clntSubj, 138 new PrivilegedExceptionAction() { 139 public Object run() throws Exception { 140 return clnt.evaluateChallenge(challengeCopy); 141 }}); 142 } 143 } 144 145 if (clnt.isComplete() && srv.isComplete()) { 146 if (verbose) { 147 System.out.println("SUCCESS"); 148 System.out.println("authzid is " + srv.getAuthorizationID()); 149 } 150 } else { 151 throw new IllegalStateException("FAILURE: mismatched state:" + 152 " client complete? " + clnt.isComplete() + 153 " server complete? " + srv.isComplete()); 154 } 155 156 if (verbose) { 157 System.out.println(clnt.getNegotiatedProperty(Sasl.QOP)); 158 } 159 160 // Now try to use security layer 161 162 byte[] clntBuf = new byte[]{0, 1, 2, 3}; 163 byte[] wrappedClnt = clnt.wrap(clntBuf, 0, clntBuf.length); 164 System.out.println("plaintext2: " + bytesToString(clntBuf)); 165 System.out.println("wrapped2: " + bytesToString(wrappedClnt)); 166 167 byte[] srvBuf = new byte[]{10, 11, 12, 13}; 168 byte[] wrappedSrv = srv.wrap(srvBuf, 0, srvBuf.length); 169 System.out.println("plaintext1: " + bytesToString(srvBuf)); 170 System.out.println("wrapped1: " + bytesToString(wrappedSrv)); 171 172 byte[] unwrapped1 = clnt.unwrap(wrappedSrv, 0, wrappedSrv.length); 173 System.out.println("unwrapped1: " + bytesToString(unwrapped1)); 174 175 byte[] unwrapped2 = srv.unwrap(wrappedClnt, 0, wrappedClnt.length); 176 System.out.println("unwrapped2: " + bytesToString(unwrapped2)); 177 } 178 doLogin(String msg)179 private static Subject doLogin(String msg) throws LoginException { 180 LoginContext lc = null; 181 if (verbose) { 182 System.out.println(msg); 183 } 184 try { 185 lc = new LoginContext(msg, new TextCallbackHandler()); 186 187 // Attempt authentication 188 // You might want to do this in a "for" loop to give 189 // user more than one chance to enter correct username/password 190 lc.login(); 191 192 } catch (LoginException le) { 193 throw le; 194 } 195 return lc.getSubject(); 196 } 197 bytesToString(byte[] digest)198 private static String bytesToString(byte[] digest) { 199 // Get character representation of digest 200 StringBuffer digestString = new StringBuffer(); 201 202 for (int i = 0; i < digest.length; i++) { 203 if ((digest[i] & 0x000000ff) < 0x10) { 204 digestString.append("0" + 205 Integer.toHexString(digest[i] & 0x000000ff)); 206 } else { 207 digestString.append( 208 Integer.toHexString(digest[i] & 0x000000ff)); 209 } 210 } 211 return digestString.toString(); 212 } 213 } 214