Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/krb5/auto/BasicProc.java
41152 views
1
/*

2
 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 8009977 8186884 8194486 8201627

27
 * @summary A test to launch multiple Java processes using either Java GSS

28
 *          or native GSS

29
 * @library /test/lib

30
 * @compile -XDignore.symbol.file BasicProc.java

31
 * @run main jdk.test.lib.FileInstaller TestHosts TestHosts

32
 * @run main/othervm -Djdk.net.hosts.file=TestHosts BasicProc launcher

33
 */

34


35
import java.nio.file.Files;

36
import java.nio.file.Paths;

37
import java.nio.file.attribute.PosixFilePermission;

38
import java.util.Arrays;

39
import java.util.PropertyPermission;

40
import java.util.Set;

41


42
import jdk.test.lib.Asserts;

43
import jdk.test.lib.Platform;

44
import jdk.test.lib.process.Proc;

45
import org.ietf.jgss.Oid;

46
import sun.security.krb5.Config;

47


48
import javax.security.auth.PrivateCredentialPermission;

49


50
/**

51
 * Run this test automatically and test Java GSS with embedded KDC.

52
 *

53
 * Run with customized native.krb5.libs to test interop between Java GSS

54
 * and native GSS, and native.kdc.path with a native KDC. For example,

55
 * run the following command to test interop among Java, default native,

56
 * MIT, and Heimdal krb5 libraries with the Heimdal KDC:

57
 *

58
 *    jtreg -Dnative.krb5.libs=j=,

59
 *                             n=,

60
 *                             k=/usr/local/krb5/lib/libgssapi_krb5.so,

61
 *                             h=/space/install/heimdal/lib/libgssapi.so \

62
 *          -Dnative.kdc.path=/usr/local/heimdal \

63
 *          BasicProc.java

64
 *

65
 * Note: The first 4 lines should be concatenated to make a long system

66
 * property value with no blank around ",". This comma-separated value

67
 * has each element being name=libpath. The special name "j" means the

68
 * Java library and libpath is ignored. Otherwise it means a native library,

69
 * and libpath (can be empty) will be the value for the sun.security.jgss.lib

70
 * system property. If this system property is not set, only the Java

71
 * library will be tested.

72
 */

73


74
public class BasicProc {

75


76
    private static final String CONF = "krb5.conf";

77
    private static final String KTAB_S = "server.ktab";

78
    private static final String KTAB_B = "backend.ktab";

79


80
    private static final String HOST = "localhost";

81
    private static final String SERVER = "server/" + HOST;

82
    private static final String BACKEND = "backend/" + HOST;

83
    private static final String USER = "user";

84
    private static final char[] PASS = "password".toCharArray();

85
    private static final String REALM = "REALM";

86


87
    private static final int MSGSIZE = 1024;

88
    private static final byte[] MSG = new byte[MSGSIZE];

89


90
    public static void main(String[] args) throws Exception {

91


92
        Oid oid = new Oid("1.2.840.113554.1.2.2");

93
        byte[] token, msg;

94


95
        switch (args[0]) {

96
            case "launcher":

97
                KDC kdc = KDC.create(REALM, HOST, 0, true);

98
                try {

99
                    kdc.addPrincipal(USER, PASS);

100
                    kdc.addPrincipalRandKey("krbtgt/" + REALM);

101
                    kdc.addPrincipalRandKey(SERVER);

102
                    kdc.addPrincipalRandKey(BACKEND);

103


104
                    // Native lib might do some name lookup

105
                    KDC.saveConfig(CONF, kdc,

106
                            "dns_lookup_kdc = no",

107
                            "ticket_lifetime = 1h",

108
                            "dns_lookup_realm = no",

109
                            "dns_canonicalize_hostname = false",

110
                            "forwardable = true");

111
                    System.setProperty("java.security.krb5.conf", CONF);

112
                    Config.refresh();

113
                    kdc.writeKtab(KTAB_S, false, SERVER);

114
                    kdc.writeKtab(KTAB_B, false, BACKEND);

115


116
                    String[] tmp = System.getProperty("native.krb5.libs", "j=")

117
                            .split(",");

118


119
                    // Library paths. The 1st one is always null which means

120
                    // Java, "" means the default native lib.

121
                    String[] libs = new String[tmp.length];

122


123
                    // Names for each lib above. Use in file names.

124
                    String[] names = new String[tmp.length];

125


126
                    boolean hasNative = false;

127


128
                    for (int i = 0; i < tmp.length; i++) {

129
                        if (tmp[i].isEmpty()) {

130
                            throw new Exception("Invalid native.krb5.libs");

131
                        }

132
                        String[] pair = tmp[i].split("=", 2);

133
                        names[i] = pair[0];

134
                        if (!pair[0].equals("j")) {

135
                            libs[i] = pair.length > 1 ? pair[1] : "";

136
                            hasNative = true;

137
                        }

138
                    }

139


140
                    if (hasNative) {

141
                        kdc.kinit(USER, "base.ccache");

142
                    }

143


144
                    // Try the same lib first

145
                    for (int i = 0; i < libs.length; i++) {

146
                        once(names[i] + names[i] + names[i],

147
                                libs[i], libs[i], libs[i]);

148
                    }

149


150
                    for (int i = 0; i < libs.length; i++) {

151
                        for (int j = 0; j < libs.length; j++) {

152
                            for (int k = 0; k < libs.length; k++) {

153
                                if (i != j || i != k) {

154
                                    once(names[i] + names[j] + names[k],

155
                                            libs[i], libs[j], libs[k]);

156
                                }

157
                            }

158
                        }

159
                    }

160
                } finally {

161
                    kdc.terminate();

162
                }

163
                break;

164
            case "client":

165
                Context c = args[1].equals("n") ?

166
                        Context.fromThinAir() :

167
                        Context.fromUserPass(USER, PASS, false);

168
                c.startAsClient(SERVER, oid);

169
                c.x().requestCredDeleg(true);

170
                c.x().requestMutualAuth(true);

171
                Proc.binOut(c.take(new byte[0])); // AP-REQ

172
                c.take(Proc.binIn()); // AP-REP

173
                Proc.binOut(c.wrap(MSG, true));

174
                Proc.binOut(c.getMic(MSG));

175
                break;

176
            case "server":

177
                Context s = args[1].equals("n") ?

178
                        Context.fromThinAir() :

179
                        Context.fromUserKtab(SERVER, KTAB_S, true);

180
                s.startAsServer(oid);

181
                token = Proc.binIn(); // AP-REQ

182
                Proc.binOut(s.take(token)); // AP-REP

183
                msg = s.unwrap(Proc.binIn(), true);

184
                Asserts.assertTrue(Arrays.equals(msg, MSG));

185
                s.verifyMic(Proc.binIn(), msg);

186
                Context s2 = s.delegated();

187
                s2.startAsClient(BACKEND, oid);

188
                s2.x().requestMutualAuth(false);

189
                Proc.binOut(s2.take(new byte[0])); // AP-REQ

190
                msg = s2.unwrap(Proc.binIn(), true);

191
                Asserts.assertTrue(Arrays.equals(msg, MSG));

192
                s2.verifyMic(Proc.binIn(), msg);

193
                break;

194
            case "backend":

195
                Context b = args[1].equals("n") ?

196
                        Context.fromThinAir() :

197
                        Context.fromUserKtab(BACKEND, KTAB_B, true);

198
                b.startAsServer(oid);

199
                token = b.take(Proc.binIn()); // AP-REQ

200
                Asserts.assertTrue(token == null);

201
                Proc.binOut(b.wrap(MSG, true));

202
                Proc.binOut(b.getMic(MSG));

203
                break;

204
        }

205
    }

206


207
    /**

208
     * One test run.

209
     *

210
     * @param label test label

211
     * @param lc lib of client

212
     * @param ls lib of server

213
     * @param lb lib of backend

214
     */

215
    private static void once(String label, String lc, String ls, String lb)

216
            throws Exception {

217


218
        Proc pc = proc(lc)

219
                .args("client", lc == null ? "j" : "n")

220
                .perm(new javax.security.auth.kerberos.ServicePermission(

221
                        "krbtgt/" + REALM + "@" + REALM, "initiate"))

222
                .perm(new javax.security.auth.kerberos.ServicePermission(

223
                        SERVER + "@" + REALM, "initiate"))

224
                .perm(new javax.security.auth.kerberos.DelegationPermission(

225
                        "\"" + SERVER + "@" + REALM + "\" " +

226
                                "\"krbtgt/" + REALM + "@" + REALM + "\""))

227
                .debug(label + "-C");

228
        if (lc == null) {

229
            // for Krb5LoginModule::promptForName

230
            pc.perm(new PropertyPermission("user.name", "read"));

231
        } else {

232
            Files.copy(Paths.get("base.ccache"), Paths.get(label + ".ccache"));

233
            if (!Platform.isWindows()) {

234
                Files.setPosixFilePermissions(Paths.get(label + ".ccache"),

235
                        Set.of(PosixFilePermission.OWNER_READ,

236
                                PosixFilePermission.OWNER_WRITE));

237
            }

238
            pc.env("KRB5CCNAME", "FILE:" + label + ".ccache");

239
            // Do not try system ktab if ccache fails

240
            pc.env("KRB5_KTNAME", "none");

241
        }

242
        pc.start();

243


244
        Proc ps = proc(ls)

245
                .args("server", ls == null ? "j" : "n")

246
                .perm(new javax.security.auth.kerberos.ServicePermission(

247
                        SERVER + "@" + REALM, "accept"))

248
                .perm(new javax.security.auth.kerberos.ServicePermission(

249
                        BACKEND + "@" + REALM, "initiate"))

250
                .debug(label + "-S");

251
        if (ls == null) {

252
            ps.perm(new PrivateCredentialPermission(

253
                    "javax.security.auth.kerberos.KeyTab * \"*\"", "read"))

254
                .perm(new java.io.FilePermission(KTAB_S, "read"));

255
        } else {

256
            ps.env("KRB5_KTNAME", KTAB_S);

257
        }

258
        ps.start();

259


260
        Proc pb = proc(lb)

261
                .args("backend", lb == null ? "j" : "n")

262
                .perm(new javax.security.auth.kerberos.ServicePermission(

263
                        BACKEND + "@" + REALM, "accept"))

264
                .debug(label + "-B");

265
        if (lb == null) {

266
            pb.perm(new PrivateCredentialPermission(

267
                    "javax.security.auth.kerberos.KeyTab * \"*\"", "read"))

268
                .perm(new java.io.FilePermission(KTAB_B, "read"));

269
        } else {

270
            pb.env("KRB5_KTNAME", KTAB_B);

271
        }

272
        pb.start();

273


274
        // Client and server

275
        ps.println(pc.readData()); // AP-REQ

276
        pc.println(ps.readData()); // AP-REP

277


278
        ps.println(pc.readData()); // KRB-PRIV

279
        ps.println(pc.readData()); // KRB-SAFE

280


281
        // Server and backend

282
        pb.println(ps.readData()); // AP-REQ

283


284
        ps.println(pb.readData()); // KRB-PRIV

285
        ps.println(pb.readData()); // KRB-SAFE

286


287
        if ((pc.waitFor() | ps.waitFor() | pb.waitFor()) != 0) {

288
            throw new Exception("Process failed");

289
        }

290
    }

291


292
    /**

293
     * A Proc for a child process.

294
     *

295
     * @param lib the library. Null is Java. "" is default native lib.

296
     */

297
    private static Proc proc(String lib) throws Exception {

298
        Proc p = Proc.create("BasicProc")

299
                .inheritProp("jdk.net.hosts.file")

300
                .prop("java.security.manager", "")

301
                .perm(new javax.security.auth.AuthPermission("doAs"));

302
        if (lib != null) {

303
            p.env("KRB5_CONFIG", CONF)

304
                    .env("KRB5_TRACE", Platform.isWindows() ? "CON" : "/dev/stderr")

305
                    .prop("sun.security.jgss.native", "true")

306
                    .prop("sun.security.jgss.lib", lib)

307
                    .prop("javax.security.auth.useSubjectCredsOnly", "false")

308
                    .prop("sun.security.nativegss.debug", "true");

309
            int pos = lib.lastIndexOf('/');

310
            if (pos > 0) {

311
                p.env(Platform.sharedLibraryPathVariableName(), lib.substring(0, pos));

312
            }

313
        } else {

314
            p.perm(new java.util.PropertyPermission(

315
                            "sun.security.krb5.principal", "read"))

316
                            // For Krb5LoginModule::login.

317
                    .perm(new javax.security.auth.AuthPermission(

318
                            "modifyPrincipals"))

319
                    .perm(new javax.security.auth.AuthPermission(

320
                            "modifyPrivateCredentials"))

321
                    .prop("sun.security.krb5.debug", "true")

322
                    .prop("java.security.krb5.conf", CONF);

323
        }

324
        return p;

325
    }

326
}

327


328