1941N/A/*
2362N/A * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
1941N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1941N/A *
1941N/A * This code is free software; you can redistribute it and/or modify it
1941N/A * under the terms of the GNU General Public License version 2 only, as
1941N/A * published by the Free Software Foundation.
1941N/A *
1941N/A * This code is distributed in the hope that it will be useful, but WITHOUT
1941N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1941N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1941N/A * version 2 for more details (a copy is included in the LICENSE file that
1941N/A * accompanied this code).
1941N/A *
1941N/A * You should have received a copy of the GNU General Public License version
1941N/A * 2 along with this work; if not, write to the Free Software Foundation,
1941N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1941N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
1941N/A */
1941N/A
1941N/Aimport com.sun.security.jgss.ExtendedGSSContext;
1941N/Aimport org.ietf.jgss.GSSCredential;
1941N/Aimport org.ietf.jgss.GSSException;
1941N/Aimport org.ietf.jgss.Oid;
1941N/Aimport sun.security.jgss.GSSUtil;
1941N/Aimport sun.security.krb5.Config;
1941N/A
1941N/Apublic class OkAsDelegate {
1941N/A
1941N/A public static void main(String[] args)
1941N/A throws Exception {
1941N/A OkAsDelegate ok = new OkAsDelegate();
1941N/A ok.go(
1941N/A Boolean.valueOf(args[0]), // FORWARDABLE in krb5.conf on?
1941N/A Boolean.valueOf(args[1]), // requestDelegState
1941N/A Boolean.valueOf(args[2]), // requestDelegPolicyState
1941N/A Boolean.valueOf(args[3]), // DelegState in response
1941N/A Boolean.valueOf(args[4]), // DelegPolicyState in response
1941N/A Boolean.valueOf(args[5]) // getDelegCred OK?
1941N/A );
1941N/A }
1941N/A
1941N/A void go(
1941N/A boolean forwardable,
1941N/A boolean requestDelegState,
1941N/A boolean requestDelegPolicyState,
1941N/A boolean delegState,
1941N/A boolean delegPolicyState,
1941N/A boolean delegated
1941N/A ) throws Exception {
1941N/A OneKDC kdc = new OneKDC(null);
1941N/A kdc.setPolicy("ok-as-delegate",
1941N/A System.getProperty("test.kdc.policy.ok-as-delegate"));
1941N/A kdc.writeJAASConf();
1941N/A if (!forwardable) {
1941N/A // The default OneKDC always includes "forwardable = true"
1941N/A // in krb5.conf, override it.
1941N/A KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
1941N/A "default_keytab_name = " + OneKDC.KTAB);
1941N/A Config.refresh();
1941N/A }
1941N/A
1941N/A Context c, s;
1941N/A c = Context.fromJAAS("client");
1941N/A s = Context.fromJAAS("server");
1941N/A
1941N/A Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
1941N/A if (System.getProperty("test.spnego") != null) {
1941N/A mech = GSSUtil.GSS_SPNEGO_MECH_OID;
1941N/A }
1941N/A c.startAsClient(OneKDC.SERVER, mech);
1941N/A ExtendedGSSContext cx = (ExtendedGSSContext)c.x();
1941N/A cx.requestCredDeleg(requestDelegState);
1941N/A cx.requestDelegPolicy(requestDelegPolicyState);
1941N/A s.startAsServer(mech);
1941N/A ExtendedGSSContext sx = (ExtendedGSSContext)s.x();
1941N/A
1941N/A Context.handshake(c, s);
1941N/A
1941N/A if (cx.getCredDelegState() != delegState) {
1941N/A throw new Exception("Initiator cred state error");
1941N/A }
1941N/A if (sx.getCredDelegState() != delegState) {
1941N/A throw new Exception("Acceptor cred state error");
1941N/A }
1941N/A if (cx.getDelegPolicyState() != delegPolicyState) {
1941N/A throw new Exception("Initiator cred policy state error");
1941N/A }
1941N/A
1941N/A GSSCredential cred = null;
1941N/A try {
1941N/A cred = s.x().getDelegCred();
1941N/A } catch (GSSException e) {
1941N/A // leave cred as null
1941N/A }
1941N/A
1941N/A if (delegated != (cred != null)) {
1941N/A throw new Exception("get cred error");
1941N/A }
1941N/A }
1941N/A}