1 /*
2  * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.
8  *
9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 /*
25  * @test
26  * @bug 6894072 8004488 8194486
27  * @summary always refresh keytab
28  * @library /test/lib
29  * @compile -XDignore.symbol.file KeyTabCompat.java
30  * @run main jdk.test.lib.FileInstaller TestHosts TestHosts
31  * @run main/othervm -Djdk.net.hosts.file=TestHosts KeyTabCompat
32  */
33 
34 import javax.security.auth.kerberos.KerberosKey;
35 import sun.security.jgss.GSSUtil;
36 
37 /*
38  * There are 2 compat issues to check:
39  *
40  * 1. If there is only KerberosKeys in private credential set and no
41  *    KerberosPrincipal. JAAS login should go on.
42  * 2. If KeyTab is used, user won't get KerberosKeys from
43  *    private credentials set.
44  */
45 public class KeyTabCompat {
46 
main(String[] args)47     public static void main(String[] args)
48             throws Exception {
49         OneKDC kdc = new OneKDC("aes128-cts");
50         kdc.writeJAASConf();
51         kdc.addPrincipal(OneKDC.SERVER, "pass1".toCharArray());
52         kdc.writeKtab(OneKDC.KTAB);
53 
54         Context c, s;
55 
56         // Part 1
57         c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
58         s = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, true);
59 
60         s.s().getPrincipals().clear();
61 
62         c.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
63         s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
64 
65         Context.handshake(c, s);
66 
67         // Part 2
68         c = Context.fromJAAS("client");
69         s = Context.fromJAAS("server");
70 
71         c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
72         s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
73         s.status();
74 
75         if (s.s().getPrivateCredentials(KerberosKey.class).size() != 0) {
76             throw new Exception("There should be no KerberosKey");
77         }
78     }
79 }
80