Cross Reference: /openjdk7/jdk/test/sun/net/www/protocol/http/spnegoTest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
0N/A#! /usr/bin/bash
0N/A
0N/A# ATTENTION:
0N/A#
0N/A# Please read spnegoReadme first to setup the testing
0N/A# environment needed
0N/A
0N/A# the following ENV should be adjusted to match your environment
0N/AWWW_REALM=JSL.BEIJING
0N/AWWW_KDC=jsl-bjlab1.jsl.beijing
0N/AWWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt
0N/A
0N/APROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM
0N/APROXY_KDC=anchor.jsldublin.ireland.sun.com
0N/APROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt
0N/APROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080"
0N/A
0N/AGOOD_PASS='-Duser=olala -Dpass=1q2w#E$R'
0N/AGOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R'
0N/ABAD_PASS='-Duser=olala -Dpass=false'
0N/ABAD_KPASS='-Dkuser=olala -Dkpass=false'
0N/A
0N/AWWW_TAB=www.tab
0N/APROXY_TAB=proxy.tab
0N/ATAB_PATH=/tmp/krb5cc_156710
0N/A
0N/AFILE_CONTENT=content_of_web_file
0N/A
0N/A# these ENV determines how much to show in terminal. don't edit
0N/AEXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint"
0N/A
0N/AANY_EXCEPTION='Exception'
0N/AIO_EXCEPTION='java.io.IOException'
0N/APROTO_EXCEPTION='java.net.ProtocolException'
0N/AHEADER_200='HTTP/1.1 200'
0N/A
0N/A# a java run
0N/Afunction runonce {
0N/A echo Testing $AUTH_TYPE-$TEST_NAME ...
0N/A java -Djava.security.krb5.realm=$USE_REALM \
0N/A -Djava.security.krb5.kdc=$USE_KDC \
0N/A -Djava.security.auth.login.config=spnegoLogin.conf \
0N/A -Dhttp.maxRedirects=2 \
0N/A $AUTH_PREF \
0N/A $EXTRA_PARA \
0N/A $EXTRA_LOG \
0N/A $USER_PASS \
0N/A $KUSER_PASS \
0N/A WebGet $USE_URL 2> err.log > out.log
0N/A if [ "$HAS_CACHE" = true ]; then
0N/A grep -i 'PROVIDING Kerberos' out.log && exit $LINENO
0N/A else
0N/A grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass'
0N/A fi
0N/A}
0N/A
0N/Afunction testsuite {
0N/A
0N/A # normal runs
0N/A USER_PASS=$GOOD_PASS
0N/A KUSER_PASS=$GOOD_KPASS
0N/A
0N/A TEST_NAME=Authenticate
0N/A AUTH_PREF=
0N/A runonce
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A TEST_NAME="Authenticate with Negotiate"
0N/A AUTH_PREF=-Dhttp.auth.preference=Negotiate
0N/A runonce
0N/A # first 40X and ask for authen i author-neg and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A TEST_NAME="Authenticate with Kerberos"
0N/A AUTH_PREF=-Dhttp.auth.preference=Kerberos
0N/A runonce
0N/A # first 40X and ask for authen i author-neg and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A TEST_NAME="Authenticate with Basic"
0N/A AUTH_PREF=-Dhttp.auth.preference=Basic
0N/A runonce
0N/A # first 40X and ask for authen i author-basic and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A if [ "$HAS_CACHE" = true ]; then
0N/A echo 'Skip bad kpass test if HAS_CACHE is true'
0N/A else
0N/A # bad kpass should fallback to basic
0N/A
0N/A TEST_NAME="Authenticate fallback"
0N/A KUSER_PASS=$BAD_KPASS
0N/A AUTH_PREF=
0N/A runonce
0N/A # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO
0N/A grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO
0N/A grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
0N/A
0N/A # auth.pref given, does not fallback
0N/A
0N/A TEST_NAME="Authenticate no fallback"
0N/A KUSER_PASS=$BAD_KPASS
0N/A AUTH_PREF=-Dhttp.auth.preference=Negotiate
0N/A runonce # will fail
0N/A # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null && exit $LINENO
0N/A grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO
0N/A
0N/A # bad kpass fallback to basic, but bad pass
0N/A TEST_NAME="Authenticate fallback but still cannot go on"
0N/A KUSER_PASS=$BAD_KPASS
0N/A USER_PASS=$BAD_PASS
0N/A AUTH_PREF=
0N/A runonce # will fail
0N/A # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION
0N/A grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
0N/A grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO
0N/A grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO
0N/A grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO
0N/A grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO
0N/A fi
0N/A}
0N/A
0N/Afunction testWWW {
0N/A
0N/A # WWW Part
0N/A AUTH_TYPE=WWW
0N/A USE_REALM=$WWW_REALM
0N/A USE_KDC=$WWW_KDC
0N/A USE_URL=$WWW_URL
0N/A EXTRA_PARA=
0N/A
0N/A HEADER_40X='HTTP/1.1 401'
0N/A AUTH_RESPONSE='WWW-Authenticate:'
0N/A AUTH_NEG_REQUEST='{Authorization: Negotiate'
0N/A AUTH_BASIC_REQUEST='{Authorization: Basic'
0N/A AUTH_ANY_REQUEST='{Authorization:'
0N/A
0N/A testsuite
0N/A
0N/A echo Pass WWW
0N/A}
0N/A
0N/Afunction testProxy {
0N/A
0N/A # Proxy Part
0N/A AUTH_TYPE=Proxy
0N/A USE_REALM=$PROXY_REALM
0N/A USE_KDC=$PROXY_KDC
0N/A USE_URL=$PROXY_URL
0N/A EXTRA_PARA=$PROXY_PARA
0N/A
0N/A HEADER_40X='HTTP/1.1 407'
0N/A AUTH_RESPONSE='Proxy-Authenticate:'
0N/A AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate'
0N/A AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic'
0N/A AUTH_ANY_REQUEST='{Proxy-Authorization:'
0N/A
0N/A testsuite
0N/A
0N/A echo Pass Proxy
0N/A}
0N/A
0N/AHAS_CACHE='false'
0N/Akdestroy
0N/AtestWWW
0N/AtestProxy
0N/A
0N/AHAS_CACHE='true'
0N/A#kinit for WWW_REALM
0N/Acp $WWW_TAB $TAB_PATH
0N/AtestWWW
0N/A#kinit for PRXY_REALM
0N/Acp $PROXY_TAB $TAB_PATH
0N/AtestProxy
0N/A
0N/Akdestroy
0N/Arm err.log
0N/Arm out.log
0N/A
0N/Aexit 0