krb5/auto/MaxRetries.java

	MaxRetries.java revision 2362
2342N/A/*
2362N/A * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
2342N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
2342N/A *
2342N/A * This code is free software; you can redistribute it and/or modify it
2342N/A * under the terms of the GNU General Public License version 2 only, as
2342N/A * published by the Free Software Foundation.
2342N/A *
2342N/A * This code is distributed in the hope that it will be useful, but WITHOUT
2342N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
2342N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
2342N/A * version 2 for more details (a copy is included in the LICENSE file that
2342N/A * accompanied this code).
2342N/A *
2342N/A * You should have received a copy of the GNU General Public License version
2342N/A * 2 along with this work; if not, write to the Free Software Foundation,
2342N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
2342N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
2342N/A */
2342N/A
2342N/A/*
2342N/A * @test
2342N/A * @bug 6844193
2342N/A * @run main/timeout=300 MaxRetries
2342N/A * @summary support max_retries in krb5.conf
2342N/A */
2342N/A
2342N/Aimport java.io.*;
2342N/Aimport java.security.Security;
2342N/A
2342N/Apublic class MaxRetries {
2342N/A    public static void main(String[] args)
2342N/A            throws Exception {
2342N/A
2342N/A        System.setProperty("sun.security.krb5.debug", "true");
2342N/A        new OneKDC(null).writeJAASConf();
2342N/A        System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
2342N/A
2342N/A        // For tryLast
2342N/A        Security.setProperty("krb5.kdc.bad.policy", "trylast");
2342N/A        rewriteMaxRetries(4);
2342N/A        test1(4000, 6);         // 1 1 1 1 2 2
2342N/A        test1(4000, 2);         // 2 2
2342N/A
2342N/A        rewriteMaxRetries(1);
2342N/A        test1(1000, 3);         // 1 2 2
2342N/A        test1(1000, 2);         // 2 2
2342N/A
2342N/A        rewriteMaxRetries(-1);
2342N/A        test1(5000, 4);         // 1 1 2 2
2342N/A        test1(5000, 2);         // 2 2
2342N/A
2342N/A        // For tryLess
2342N/A        Security.setProperty("krb5.kdc.bad.policy", "tryless");
2342N/A        rewriteMaxRetries(4);
2342N/A        test1(4000, 7);         // 1 1 1 1 2 1 2
2342N/A        test1(4000, 4);         // 1 2 1 2
2342N/A
2342N/A        rewriteMaxRetries(1);
2342N/A        test1(1000, 4);         // 1 2 1 2
2342N/A        test1(1000, 4);         // 1 2 1 2
2342N/A
2342N/A        rewriteMaxRetries(-1);
2342N/A        test1(5000, 5);         // 1 1 2 1 2
2342N/A        test1(5000, 4);         // 1 2 1 2
2342N/A
2342N/A        rewriteUdpPrefLimit(-1, -1);    // default, no limit
2342N/A        test2("UDP");
2342N/A
2342N/A        rewriteUdpPrefLimit(10, -1);    // global rules
2342N/A        test2("TCP");
2342N/A
2342N/A        rewriteUdpPrefLimit(10, 10000); // realm rules
2342N/A        test2("UDP");
2342N/A
2342N/A        rewriteUdpPrefLimit(10000, 10); // realm rules
2342N/A        test2("TCP");
2342N/A    }
2342N/A
2342N/A    /**
2342N/A     * One round of test for max_retries and timeout.
2342N/A     * @param timeout the expected timeout
2342N/A     * @param count the expected total try
2342N/A     */
2342N/A    private static void test1(int timeout, int count) throws Exception {
2342N/A        String timeoutTag = "timeout=" + timeout;
2342N/A        ByteArrayOutputStream bo = new ByteArrayOutputStream();
2342N/A        PrintStream oldout = System.out;
2342N/A        System.setOut(new PrintStream(bo));
2342N/A        Context c = Context.fromJAAS("client");
2342N/A        System.setOut(oldout);
2342N/A
2342N/A        String[] lines = new String(bo.toByteArray()).split("\n");
2342N/A        System.out.println("----------------- TEST (" + timeout + "," +
2342N/A                count + ") -----------------");
2342N/A        for (String line: lines) {
2342N/A            if (line.startsWith(">>> KDCCommunication")) {
2342N/A                System.out.println(line);
2342N/A                if (line.indexOf(timeoutTag) < 0) {
2342N/A                    throw new Exception("Wrong timeout value");
2342N/A                }
2342N/A                count--;
2342N/A            }
2342N/A        }
2342N/A        if (count != 0) {
2342N/A            throw new Exception("Retry count is " + count + " less");
2342N/A        }
2342N/A    }
2342N/A
2342N/A    /**
2342N/A     * One round of test for udp_preference_limit.
2342N/A     * @param proto the expected protocol used
2342N/A     */
2342N/A    private static void test2(String proto) throws Exception {
2342N/A        ByteArrayOutputStream bo = new ByteArrayOutputStream();
2342N/A        PrintStream oldout = System.out;
2342N/A        System.setOut(new PrintStream(bo));
2342N/A        Context c = Context.fromJAAS("client");
2342N/A        System.setOut(oldout);
2342N/A
2342N/A        int count = 2;
2342N/A        String[] lines = new String(bo.toByteArray()).split("\n");
2342N/A        System.out.println("----------------- TEST -----------------");
2342N/A        for (String line: lines) {
2342N/A            if (line.startsWith(">>> KDCCommunication")) {
2342N/A                System.out.println(line);
2342N/A                count--;
2342N/A                if (line.indexOf(proto) < 0) {
2342N/A                    throw new Exception("Wrong timeout value");
2342N/A                }
2342N/A            }
2342N/A        }
2342N/A        if (count != 0) {
2342N/A            throw new Exception("Retry count is " + count + " less");
2342N/A        }
2342N/A    }
2342N/A
2342N/A    /**
2342N/A     * Set udp_preference_limit for global and realm
2342N/A     */
2342N/A    private static void rewriteUdpPrefLimit(int global, int realm)
2342N/A            throws Exception {
2342N/A        BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
2342N/A        FileWriter fw = new FileWriter("alternative-krb5.conf");
2342N/A        while (true) {
2342N/A            String s = fr.readLine();
2342N/A            if (s == null) {
2342N/A                break;
2342N/A            }
2342N/A            if (s.startsWith("[realms]")) {
2342N/A                // Reconfig global setting
2342N/A                if (global != -1) {
2342N/A                    fw.write("udp_preference_limit = " + global + "\n");
2342N/A                }
2342N/A            } else if (s.trim().startsWith("kdc = ")) {
2342N/A                if (realm != -1) {
2342N/A                    // Reconfig for realm
2342N/A                    fw.write("    udp_preference_limit = " + realm + "\n");
2342N/A                }
2342N/A            }
2342N/A            fw.write(s + "\n");
2342N/A        }
2342N/A        fr.close();
2342N/A        fw.close();
2342N/A        sun.security.krb5.Config.refresh();
2342N/A    }
2342N/A
2342N/A    /**
2342N/A     * Set max_retries and timeout value for realm. The global value is always
2342N/A     * 2 and 5000.
2342N/A     * @param value max_retries and timeout/1000 for a realm, -1 means none.
2342N/A     */
2342N/A    private static void rewriteMaxRetries(int value) throws Exception {
2342N/A        BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
2342N/A        FileWriter fw = new FileWriter("alternative-krb5.conf");
2342N/A        while (true) {
2342N/A            String s = fr.readLine();
2342N/A            if (s == null) {
2342N/A                break;
2342N/A            }
2342N/A            if (s.startsWith("[realms]")) {
2342N/A                // Reconfig global setting
2342N/A                fw.write("max_retries = 2\n");
2342N/A                fw.write("kdc_timeout = 5000\n");
2342N/A            } else if (s.trim().startsWith("kdc = ")) {
2342N/A                if (value != -1) {
2342N/A                    // Reconfig for realm
2342N/A                    fw.write("    max_retries = " + value + "\n");
2342N/A                    fw.write("    kdc_timeout = " + (value*1000) + "\n");
2342N/A                }
2342N/A                // Add a bad KDC as the first candidate
2342N/A                fw.write("    kdc = localhost:33333\n");
2342N/A            }
2342N/A            fw.write(s + "\n");
2342N/A        }
2342N/A        fr.close();
2342N/A        fw.close();
2342N/A        sun.security.krb5.Config.refresh();
2342N/A    }
2342N/A}