0N/A#! /usr/bin/bash
0N/A
0N/A# ATTENTION:
0N/A#
0N/A# Please read spnegoReadme first to setup the testing
0N/A# environment needed
0N/A
0N/A# the following ENV should be adjusted to match your environment
0N/AWWW_REALM=JSL.BEIJING
0N/AWWW_KDC=jsl-bjlab1.jsl.beijing
0N/AWWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt
0N/A
0N/APROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM
0N/APROXY_KDC=anchor.jsldublin.ireland.sun.com
0N/APROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt
0N/APROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080"
0N/A
0N/AGOOD_PASS='-Duser=olala -Dpass=1q2w#E$R'
0N/AGOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R'
0N/ABAD_PASS='-Duser=olala -Dpass=false'
0N/ABAD_KPASS='-Dkuser=olala -Dkpass=false'
0N/A
0N/AWWW_TAB=www.tab
0N/APROXY_TAB=proxy.tab
0N/ATAB_PATH=/tmp/krb5cc_156710
0N/A
0N/AFILE_CONTENT=content_of_web_file
0N/A
0N/A# these ENV determines how much to show in terminal. don't edit
0N/AEXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint"
0N/A
0N/AANY_EXCEPTION='Exception'
0N/AIO_EXCEPTION='java.io.IOException'
0N/APROTO_EXCEPTION='java.net.ProtocolException'
0N/AHEADER_200='HTTP/1.1 200'
0N/A
0N/A# a java run
0N/Afunction runonce {
0N/A echo Testing $AUTH_TYPE-$TEST_NAME ...
0N/A java -Djava.security.krb5.realm=$USE_REALM \
0N/A -Djava.security.krb5.kdc=$USE_KDC \
0N/A -Djava.security.auth.login.config=spnegoLogin.conf \
0N/A -Dhttp.maxRedirects=2 \
0N/A $AUTH_PREF \
0N/A $EXTRA_PARA \
0N/A $EXTRA_LOG \
0N/A $USER_PASS \
0N/A $KUSER_PASS \
0N/A WebGet $USE_URL 2> err.log > out.log
0N/A if [ "$HAS_CACHE" = true ]; then
0N/A grep -i 'PROVIDING Kerberos' out.log && exit $LINENO
0N/A else
0N/A grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass'
0N/A fi
0N/A}
0N/A
0N/Afunction testsuite {
0N/A
0N/A # normal runs
0N/A USER_PASS=$GOOD_PASS
0N/A KUSER_PASS=$GOOD_KPASS
0N/A
0N/A TEST_NAME=Authenticate
0N/A AUTH_PREF=
0N/A runonce
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A TEST_NAME="Authenticate with Negotiate"
0N/A AUTH_PREF=-Dhttp.auth.preference=Negotiate
0N/A runonce
0N/A # first 40X and ask for authen i author-neg and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A TEST_NAME="Authenticate with Kerberos"
0N/A AUTH_PREF=-Dhttp.auth.preference=Kerberos
0N/A runonce
0N/A # first 40X and ask for authen i author-neg and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A TEST_NAME="Authenticate with Basic"
0N/A AUTH_PREF=-Dhttp.auth.preference=Basic
0N/A runonce
0N/A # first 40X and ask for authen i author-basic and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A if [ "$HAS_CACHE" = true ]; then
0N/A echo 'Skip bad kpass test if HAS_CACHE is true'
0N/A else
0N/A # bad kpass should fallback to basic
0N/A
0N/A TEST_NAME="Authenticate fallback"
0N/A KUSER_PASS=$BAD_KPASS
0N/A AUTH_PREF=
0N/A runonce
0N/A # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO
0N/A grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A # auth.pref given, does not fallback
0N/A
0N/A TEST_NAME="Authenticate no fallback"
0N/A KUSER_PASS=$BAD_KPASS
0N/A AUTH_PREF=-Dhttp.auth.preference=Negotiate
0N/A runonce # will fail
0N/A # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null && exit $LINENO
0N/A grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO
0N/A
0N/A # bad kpass fallback to basic, but bad pass
0N/A TEST_NAME="Authenticate fallback but still cannot go on"
0N/A KUSER_PASS=$BAD_KPASS
0N/A USER_PASS=$BAD_PASS
0N/A AUTH_PREF=
0N/A runonce # will fail
0N/A # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO
0N/A grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO
0N/A fi
0N/A}
0N/A
0N/Afunction testWWW {
0N/A
0N/A # WWW Part
0N/A AUTH_TYPE=WWW
0N/A USE_REALM=$WWW_REALM
0N/A USE_KDC=$WWW_KDC
0N/A USE_URL=$WWW_URL
0N/A EXTRA_PARA=
0N/A
0N/A HEADER_40X='HTTP/1.1 401'
0N/A AUTH_RESPONSE='WWW-Authenticate:'
0N/A AUTH_NEG_REQUEST='{Authorization: Negotiate'
0N/A AUTH_BASIC_REQUEST='{Authorization: Basic'
0N/A AUTH_ANY_REQUEST='{Authorization:'
0N/A
0N/A testsuite
0N/A
0N/A echo Pass WWW
0N/A}
0N/A
0N/Afunction testProxy {
0N/A
0N/A # Proxy Part
0N/A AUTH_TYPE=Proxy
0N/A USE_REALM=$PROXY_REALM
0N/A USE_KDC=$PROXY_KDC
0N/A USE_URL=$PROXY_URL
0N/A EXTRA_PARA=$PROXY_PARA
0N/A
0N/A HEADER_40X='HTTP/1.1 407'
0N/A AUTH_RESPONSE='Proxy-Authenticate:'
0N/A AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate'
0N/A AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic'
0N/A AUTH_ANY_REQUEST='{Proxy-Authorization:'
0N/A
0N/A testsuite
0N/A
0N/A echo Pass Proxy
0N/A}
0N/A
0N/AHAS_CACHE='false'
0N/Akdestroy
0N/AtestWWW
0N/AtestProxy
0N/A
0N/AHAS_CACHE='true'
0N/A#kinit for WWW_REALM
0N/Acp $WWW_TAB $TAB_PATH
0N/AtestWWW
0N/A#kinit for PRXY_REALM
0N/Acp $PROXY_TAB $TAB_PATH
0N/AtestProxy
0N/A
0N/Akdestroy
0N/Arm err.log
0N/Arm out.log
0N/A
0N/Aexit 0