/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6894643 6913636
* @summary Test JSSE Kerberos ciphersuite
*/
public class SSL {
private static volatile int port;
// Run this after KDC, so our own DNS service can be started
try {
server = "localhost";
}
// Add 3 versions of keys into keytab
// and use the middle one as the real key
// JAAS config entry name ssl
"ssl {\n" +
" com.sun.security.auth.module.Krb5LoginModule required\n" +
" useKeyTab=true\n" +
" isInitiator=false\n" +
" storeKey=true;\n};\n"
).getBytes());
f.deleteOnExit();
Context c;
// There's no keytab file when server starts.
public void run() {
try {
} catch (Exception e) {
e.printStackTrace();
}
}
});
// Warm the server
// Now create the keytab
/*
// Add 3 versions of keys into keytab
KeyTab ktab = KeyTab.create(OneKDC.KTAB);
PrincipalName service = new PrincipalName(
"host/" + server, PrincipalName.KRB_NT_SRV_HST);
ktab.addEntry(service, "pass1".toCharArray(), 1);
ktab.addEntry(service, "pass2".toCharArray(), 2);
ktab.addEntry(service, "pass3".toCharArray(), 3);
ktab.save();
// and use the middle one as the real key
kdc.addPrincipal("host/" + server, "pass2".toCharArray());
*/
// Add another version of key, make sure it can be loaded
// Revoke the old key
/*Thread.sleep(2000);
ktab = KeyTab.create(OneKDC.KTAB);
ktab.addEntry(service, "pass5".toCharArray(), 5, false);
ktab.save();
c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
c.startAsClient("host/" + server, GSSUtil.GSS_KRB5_MECH_OID);
try {
c.doAs(new JsseClientAction(), null);
throw new Exception("Should fail this time.");
} catch (SSLException e) {
// Correct behavior.
}*/
}
// Following codes copied from
// Enable only a KRB5 cipher suite.
// Should check for exception if enabledSuites is not supported
sslSocket.getInputStream()));
sslSocket.getOutputStream()));
// This line should not be needed. It's the server's duty to
// forget the old key
//sslSocket.getSession().invalidate();
return null;
}
}
// Enable only a KRB5 cipher suite.
// Should check for exception if enabledSuites is not supported
while (loopCount++ < LOOP_LIMIT) {
+ sslSocket.getInetAddress());
sslSocket.getInputStream()));
sslSocket.getOutputStream()));
}
return null;
}
}
}