1 /* 2 * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6894072 8004488 8194486 27 * @summary always refresh keytab 28 * @library /test/lib 29 * @compile -XDignore.symbol.file KeyTabCompat.java 30 * @run main jdk.test.lib.FileInstaller TestHosts TestHosts 31 * @run main/othervm -Djdk.net.hosts.file=TestHosts KeyTabCompat 32 */ 33 34 import javax.security.auth.kerberos.KerberosKey; 35 import sun.security.jgss.GSSUtil; 36 37 /* 38 * There are 2 compat issues to check: 39 * 40 * 1. If there is only KerberosKeys in private credential set and no 41 * KerberosPrincipal. JAAS login should go on. 42 * 2. If KeyTab is used, user won't get KerberosKeys from 43 * private credentials set. 44 */ 45 public class KeyTabCompat { 46 main(String[] args)47 public static void main(String[] args) 48 throws Exception { 49 OneKDC kdc = new OneKDC("aes128-cts"); 50 kdc.writeJAASConf(); 51 kdc.addPrincipal(OneKDC.SERVER, "pass1".toCharArray()); 52 kdc.writeKtab(OneKDC.KTAB); 53 54 Context c, s; 55 56 // Part 1 57 c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); 58 s = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, true); 59 60 s.s().getPrincipals().clear(); 61 62 c.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID); 63 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 64 65 Context.handshake(c, s); 66 67 // Part 2 68 c = Context.fromJAAS("client"); 69 s = Context.fromJAAS("server"); 70 71 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); 72 s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); 73 s.status(); 74 75 if (s.s().getPrivateCredentials(KerberosKey.class).size() != 0) { 76 throw new Exception("There should be no KerberosKey"); 77 } 78 } 79 } 80