krb5/auto/KeyTabCompat.java

4102N/A/*
4102N/A * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
4102N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4102N/A *
4102N/A * This code is free software; you can redistribute it and/or modify it
4102N/A * under the terms of the GNU General Public License version 2 only, as
4102N/A * published by the Free Software Foundation.
4102N/A *
4102N/A * This code is distributed in the hope that it will be useful, but WITHOUT
4102N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
4102N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
4102N/A * version 2 for more details (a copy is included in the LICENSE file that
4102N/A * accompanied this code).
4102N/A *
4102N/A * You should have received a copy of the GNU General Public License version
4102N/A * 2 along with this work; if not, write to the Free Software Foundation,
4102N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
4102N/A *
4102N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
4102N/A * or visit www.oracle.com if you need additional information or have any
4102N/A * questions.
4102N/A */
4102N/A
4102N/A/*
4102N/A * @test
4102N/A * @bug 6894072
4102N/A * @compile -XDignore.symbol.file KeyTabCompat.java
4102N/A * @run main/othervm KeyTabCompat
4102N/A * @summary always refresh keytab
4102N/A */
4102N/A
4102N/Aimport javax.security.auth.kerberos.KerberosKey;
4102N/Aimport sun.security.jgss.GSSUtil;
4102N/A
4102N/A/*
4102N/A * There are 2 compat issues to check:
4102N/A *
4102N/A * 1. If there is only KerberosKeys in private credential set and no
4102N/A *    KerberosPrincipal. JAAS login should go on.
4102N/A * 2. Even if KeyTab is used, user can still get KerberosKeys from
4102N/A *    private credentials set.
4102N/A */
4102N/Apublic class KeyTabCompat {
4102N/A
4102N/A    public static void main(String[] args)
4102N/A            throws Exception {
4102N/A        OneKDC kdc = new OneKDC("aes128-cts");
4102N/A        kdc.writeJAASConf();
4102N/A        kdc.addPrincipal(OneKDC.SERVER, "pass1".toCharArray());
4102N/A        kdc.writeKtab(OneKDC.KTAB);
4102N/A
4102N/A        Context c, s;
4102N/A
4102N/A        // Part 1
4102N/A        c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
4102N/A        s = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, true);
4102N/A
4102N/A        s.s().getPrincipals().clear();
4102N/A
4102N/A        c.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
4102N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
4102N/A
4102N/A        Context.handshake(c, s);
4102N/A
4102N/A        // Part 2
4102N/A        c = Context.fromJAAS("client");
4102N/A        s = Context.fromJAAS("server");
4102N/A
4102N/A        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
4102N/A        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
4102N/A        s.status();
4102N/A
4102N/A        if (s.s().getPrivateCredentials(KerberosKey.class).size() != 1) {
4102N/A            throw new Exception("There should be one KerberosKey");
4102N/A        }
4102N/A
4102N/A        Thread.sleep(2000);     // make sure ktab timestamp is different
4102N/A
4102N/A        kdc.addPrincipal(OneKDC.SERVER, "pass2".toCharArray());
4102N/A        kdc.writeKtab(OneKDC.KTAB);
4102N/A
4102N/A        Context.handshake(c, s);
4102N/A        s.status();
4102N/A
4102N/A        if (s.s().getPrivateCredentials(KerberosKey.class).size() != 1) {
4102N/A            throw new Exception("There should be only one KerberosKey");
4102N/A        }
4102N/A
4102N/A    }
4102N/A}