Path: blob/master/test/jdk/sun/security/krb5/auto/MoreKvno.java
41152 views
/*1* Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 6893158 6907425 7197159 819448626* @summary AP_REQ check should use key version number27* @library /test/lib28* @run main jdk.test.lib.FileInstaller TestHosts TestHosts29* @run main/othervm -Djdk.net.hosts.file=TestHosts MoreKvno30*/3132import org.ietf.jgss.GSSException;33import sun.security.jgss.GSSUtil;34import sun.security.krb5.KrbException;35import sun.security.krb5.PrincipalName;36import sun.security.krb5.internal.ktab.KeyTab;37import sun.security.krb5.internal.Krb5;3839public class MoreKvno {4041static PrincipalName p;42public static void main(String[] args)43throws Exception {4445OneKDC kdc = new OneKDC(null);46kdc.writeJAASConf();4748// Rewrite keytab, 3 set of keys with different kvno49KeyTab ktab = KeyTab.create(OneKDC.KTAB);50p = new PrincipalName(51OneKDC.SERVER+"@"+OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);52ktab.addEntry(p, "pass1".toCharArray(), 1, true);53ktab.addEntry(p, "pass3".toCharArray(), 3, true);54ktab.addEntry(p, "pass2".toCharArray(), 2, true);55ktab.save();5657char[] pass = "pass2".toCharArray();58kdc.addPrincipal(OneKDC.SERVER, pass);59go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass);6061pass = "pass3".toCharArray();62kdc.addPrincipal(OneKDC.SERVER, pass);63// "server" initiate also, check pass2 is used at authentication64go(OneKDC.SERVER, "server", pass);6566try {67pass = "pass4".toCharArray();68kdc.addPrincipal(OneKDC.SERVER, pass);69go(OneKDC.SERVER, "com.sun.security.jgss.krb5.accept", pass);70throw new Exception("This test should fail");71} catch (GSSException gsse) {72// Since 7197159, different kvno is accepted, this return code73// will never be thrown out again.74//KrbException ke = (KrbException)gsse.getCause();75//if (ke.returnCode() != Krb5.KRB_AP_ERR_BADKEYVER) {76// throw new Exception("Not expected failure code: " +77// ke.returnCode());78//}79}80}8182static void go(String server, String entry, char[] pass) throws Exception {83Context c, s;8485// Part 1: Test keytab86c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);87s = Context.fromJAAS(entry);8889c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID);90s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);9192Context.handshake(c, s);9394s.dispose();95c.dispose();9697// Part 2: Test username/password pair98c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);99s = Context.fromUserPass(p.getNameString(), pass, true);100101c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID);102s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);103104Context.handshake(c, s);105106s.dispose();107c.dispose();108}109}110111112