krb5/auto/IgnoreChannelBinding.java

1304N/A/*
3579N/A * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
1304N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1304N/A *
1304N/A * This code is free software; you can redistribute it and/or modify it
1304N/A * under the terms of the GNU General Public License version 2 only, as
1304N/A * published by the Free Software Foundation.
1304N/A *
1304N/A * This code is distributed in the hope that it will be useful, but WITHOUT
1304N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1304N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
1304N/A * version 2 for more details (a copy is included in the LICENSE file that
1304N/A * accompanied this code).
1304N/A *
1304N/A * You should have received a copy of the GNU General Public License version
1304N/A * 2 along with this work; if not, write to the Free Software Foundation,
1304N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1304N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
1304N/A */
1304N/A
1304N/A/*
1304N/A * @test
1304N/A * @bug 6851973
3579N/A * @run main/othervm IgnoreChannelBinding
1304N/A * @summary ignore incoming channel binding if acceptor does not set one
1304N/A */
1304N/A
1304N/Aimport java.net.InetAddress;
1304N/Aimport org.ietf.jgss.ChannelBinding;
1304N/Aimport org.ietf.jgss.GSSException;
1304N/Aimport sun.security.jgss.GSSUtil;
1304N/A
1304N/Apublic class IgnoreChannelBinding {
1304N/A
1304N/A    public static void main(String[] args)
1304N/A            throws Exception {
1304N/A
1304N/A        new OneKDC(null).writeJAASConf();
1304N/A
1304N/A        Context c = Context.fromJAAS("client");
1304N/A        Context s = Context.fromJAAS("server");
1304N/A
1304N/A        // All silent
1304N/A        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        Context.handshake(c, s);
1304N/A
1304N/A        // Initiator req, acceptor ignore
1304N/A        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        c.x().setChannelBinding(new ChannelBinding(
1304N/A                InetAddress.getByName("client.rabbit.hole"),
1304N/A                InetAddress.getByName("host.rabbit.hole"),
1304N/A                new byte[0]
1304N/A                ));
1304N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        Context.handshake(c, s);
1304N/A
1304N/A        // Both req, and match
1304N/A        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        c.x().setChannelBinding(new ChannelBinding(
1304N/A                InetAddress.getByName("client.rabbit.hole"),
1304N/A                InetAddress.getByName("host.rabbit.hole"),
1304N/A                new byte[0]
1304N/A                ));
1304N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        s.x().setChannelBinding(new ChannelBinding(
1304N/A                InetAddress.getByName("client.rabbit.hole"),
1304N/A                InetAddress.getByName("host.rabbit.hole"),
1304N/A                new byte[0]
1304N/A                ));
1304N/A        Context.handshake(c, s);
1304N/A
1304N/A        // Both req, NOT match
1304N/A        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        c.x().setChannelBinding(new ChannelBinding(
1304N/A                InetAddress.getByName("client.rabbit.hole"),
1304N/A                InetAddress.getByName("host.rabbit.hole"),
1304N/A                new byte[0]
1304N/A                ));
1304N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        s.x().setChannelBinding(new ChannelBinding(
1304N/A                InetAddress.getByName("client.rabbit.hole"),
1304N/A                InetAddress.getByName("host.rabbit.hole"),
1304N/A                new byte[1]     // 0 -> 1
1304N/A                ));
1304N/A        try {
1304N/A            Context.handshake(c, s);
1304N/A            throw new Exception("Acceptor should reject initiator");
1304N/A        } catch (GSSException ge) {
1304N/A            // Expected bahavior
1304N/A        }
1304N/A
1304N/A        // Acceptor req, reject
1304N/A        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
1304N/A        s.x().setChannelBinding(new ChannelBinding(
1304N/A                InetAddress.getByName("client.rabbit.hole"),
1304N/A                InetAddress.getByName("host.rabbit.hole"),
1304N/A                new byte[0]
1304N/A                ));
1304N/A        try {
1304N/A            Context.handshake(c, s);
1304N/A            throw new Exception("Acceptor should reject initiator");
1304N/A        } catch (GSSException ge) {
1304N/A            // Expected bahavior
1304N/A            if (ge.getMajor() != GSSException.BAD_BINDINGS) {
1304N/A                throw ge;
1304N/A            }
1304N/A        }
1304N/A    }
1304N/A}