#! /usr/bin/bash
# ATTENTION:
#
# Please read spnegoReadme first to setup the testing
# environment needed
# the following ENV should be adjusted to match your environment
WWW_REALM=JSL.BEIJING
WWW_KDC=jsl-bjlab1.jsl.beijing
WWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt
PROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM
PROXY_KDC=anchor.jsldublin.ireland.sun.com
PROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt
PROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080"
GOOD_PASS='-Duser=olala -Dpass=1q2w#E$R'
GOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R'
BAD_PASS='-Duser=olala -Dpass=false'
BAD_KPASS='-Dkuser=olala -Dkpass=false'
WWW_TAB=www.tab
PROXY_TAB=proxy.tab
TAB_PATH=/tmp/krb5cc_156710
FILE_CONTENT=content_of_web_file
# these ENV determines how much to show in terminal. don't edit
EXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint"
ANY_EXCEPTION='Exception'
IO_EXCEPTION='java.io.IOException'
PROTO_EXCEPTION='java.net.ProtocolException'
HEADER_200='HTTP/1.1 200'
# a java run
function runonce {
echo Testing $AUTH_TYPE-$TEST_NAME ...
java -Djava.security.krb5.realm=$USE_REALM \
-Djava.security.krb5.kdc=$USE_KDC \
-Djava.security.auth.login.config=spnegoLogin.conf \
-Dhttp.maxRedirects=2 \
$AUTH_PREF \
$EXTRA_PARA \
$EXTRA_LOG \
$USER_PASS \
$KUSER_PASS \
WebGet $USE_URL 2> err.log > out.log
if [ "$HAS_CACHE" = true ]; then
grep -i 'PROVIDING Kerberos' out.log && exit $LINENO
else
grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass'
fi
}
function testsuite {
# normal runs
USER_PASS=$GOOD_PASS
KUSER_PASS=$GOOD_KPASS
TEST_NAME=Authenticate
AUTH_PREF=
runonce
grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
TEST_NAME="Authenticate with Negotiate"
AUTH_PREF=-Dhttp.auth.preference=Negotiate
runonce
# first 40X and ask for authen i author-neg and 200 and success
grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
TEST_NAME="Authenticate with Kerberos"
AUTH_PREF=-Dhttp.auth.preference=Kerberos
runonce
# first 40X and ask for authen i author-neg and 200 and success
grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
TEST_NAME="Authenticate with Basic"
AUTH_PREF=-Dhttp.auth.preference=Basic
runonce
# first 40X and ask for authen i author-basic and 200 and success
grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
if [ "$HAS_CACHE" = true ]; then
echo 'Skip bad kpass test if HAS_CACHE is true'
else
# bad kpass should fallback to basic
TEST_NAME="Authenticate fallback"
KUSER_PASS=$BAD_KPASS
AUTH_PREF=
runonce
# first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success
grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO
grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
# auth.pref given, does not fallback
TEST_NAME="Authenticate no fallback"
KUSER_PASS=$BAD_KPASS
AUTH_PREF=-Dhttp.auth.preference=Negotiate
runonce # will fail
# first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION
grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null && exit $LINENO
grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO
# bad kpass fallback to basic, but bad pass
TEST_NAME="Authenticate fallback but still cannot go on"
KUSER_PASS=$BAD_KPASS
USER_PASS=$BAD_PASS
AUTH_PREF=
runonce # will fail
# first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION
grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO
grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO
fi
}
function testWWW {
# WWW Part
AUTH_TYPE=WWW
USE_REALM=$WWW_REALM
USE_KDC=$WWW_KDC
USE_URL=$WWW_URL
EXTRA_PARA=
HEADER_40X='HTTP/1.1 401'
AUTH_RESPONSE='WWW-Authenticate:'
AUTH_NEG_REQUEST='{Authorization: Negotiate'
AUTH_BASIC_REQUEST='{Authorization: Basic'
AUTH_ANY_REQUEST='{Authorization:'
testsuite
echo Pass WWW
}
function testProxy {
# Proxy Part
AUTH_TYPE=Proxy
USE_REALM=$PROXY_REALM
USE_KDC=$PROXY_KDC
USE_URL=$PROXY_URL
EXTRA_PARA=$PROXY_PARA
HEADER_40X='HTTP/1.1 407'
AUTH_RESPONSE='Proxy-Authenticate:'
AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate'
AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic'
AUTH_ANY_REQUEST='{Proxy-Authorization:'
testsuite
echo Pass Proxy
}
HAS_CACHE='false'
kdestroy
testWWW
testProxy
HAS_CACHE='true'
#kinit for WWW_REALM
cp $WWW_TAB $TAB_PATH
testWWW
#kinit for PRXY_REALM
cp $PROXY_TAB $TAB_PATH
testProxy
kdestroy
rm err.log
rm out.log
exit 0