1#! /usr/bin/bash
2
3# ATTENTION:
4#
5# Please read spnegoReadme first to setup the testing
6# environment needed
7
8# the following ENV should be adjusted to match your environment
9WWW_REALM=JSL.BEIJING
10WWW_KDC=jsl-bjlab1.jsl.beijing
11WWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt
12
13PROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM
14PROXY_KDC=anchor.jsldublin.ireland.sun.com
15PROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt
16PROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080"
17
18GOOD_PASS='-Duser=olala -Dpass=1q2w#E$R'
19GOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R'
20BAD_PASS='-Duser=olala -Dpass=false'
21BAD_KPASS='-Dkuser=olala -Dkpass=false'
22
23WWW_TAB=www.tab
24PROXY_TAB=proxy.tab
25TAB_PATH=/tmp/krb5cc_156710
26
27FILE_CONTENT=content_of_web_file
28
29# these ENV determines how much to show in terminal. don't edit
30EXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint"
31
32ANY_EXCEPTION='Exception'
33IO_EXCEPTION='java.io.IOException'
34PROTO_EXCEPTION='java.net.ProtocolException'
35HEADER_200='HTTP/1.1 200'
36
37# a java run
38function runonce {
39  echo Testing $AUTH_TYPE-$TEST_NAME ...
40  java -Djava.security.krb5.realm=$USE_REALM \
41     -Djava.security.krb5.kdc=$USE_KDC \
42     -Djava.security.auth.login.config=spnegoLogin.conf \
43     -Dhttp.maxRedirects=2 \
44     $AUTH_PREF \
45     $EXTRA_PARA \
46     $EXTRA_LOG \
47     $USER_PASS \
48     $KUSER_PASS \
49     WebGet $USE_URL 2> err.log > out.log
50  if [ "$HAS_CACHE" = true ]; then
51     grep -i 'PROVIDING Kerberos' out.log && exit $LINENO
52  else
53     grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass'
54  fi
55}
56
57function testsuite {
58
59    # normal runs
60    USER_PASS=$GOOD_PASS
61    KUSER_PASS=$GOOD_KPASS
62
63    TEST_NAME=Authenticate
64    AUTH_PREF=
65    runonce
66    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
67    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
68    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
69    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO
70    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
71    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
72
73    TEST_NAME="Authenticate with Negotiate"
74    AUTH_PREF=-Dhttp.auth.preference=Negotiate
75    runonce
76    # first 40X and ask for authen i author-neg and 200 and success
77    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
78    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
79    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
80    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO
81    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
82    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
83
84    TEST_NAME="Authenticate with Kerberos"
85    AUTH_PREF=-Dhttp.auth.preference=Kerberos
86    runonce
87    # first 40X and ask for authen i author-neg and 200 and success
88    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
89    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
90    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
91    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO
92    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
93    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
94
95    TEST_NAME="Authenticate with Basic"
96    AUTH_PREF=-Dhttp.auth.preference=Basic
97    runonce
98    # first 40X and ask for authen i author-basic and 200 and success
99    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
100    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
101    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
102    grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO
103    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
104    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
105
106    if [ "$HAS_CACHE" = true ]; then
107        echo 'Skip bad kpass test if HAS_CACHE is true'
108    else
109        # bad kpass should fallback to basic
110
111        TEST_NAME="Authenticate fallback"
112        KUSER_PASS=$BAD_KPASS
113        AUTH_PREF=
114        runonce
115        # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success
116        grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
117        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
118        grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
119        grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  && exit $LINENO
120        grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO
121        grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
122        grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO
123
124        # auth.pref given, does not fallback
125
126        TEST_NAME="Authenticate no fallback"
127        KUSER_PASS=$BAD_KPASS
128        AUTH_PREF=-Dhttp.auth.preference=Negotiate
129        runonce # will fail
130        # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION
131        grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
132        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
133        grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null  && exit $LINENO
134        grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO
135
136        # bad kpass fallback to basic, but bad pass
137        TEST_NAME="Authenticate fallback but still cannot go on"
138        KUSER_PASS=$BAD_KPASS
139        USER_PASS=$BAD_PASS
140        AUTH_PREF=
141        runonce # will fail
142        # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION
143        grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
144        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
145        grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  && exit $LINENO
146        grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO
147        grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO
148    fi
149}
150
151function testWWW {
152
153    # WWW Part
154    AUTH_TYPE=WWW
155    USE_REALM=$WWW_REALM
156    USE_KDC=$WWW_KDC
157    USE_URL=$WWW_URL
158    EXTRA_PARA=
159
160    HEADER_40X='HTTP/1.1 401'
161    AUTH_RESPONSE='WWW-Authenticate:'
162    AUTH_NEG_REQUEST='{Authorization: Negotiate'
163    AUTH_BASIC_REQUEST='{Authorization: Basic'
164    AUTH_ANY_REQUEST='{Authorization:'
165
166    testsuite
167
168    echo Pass WWW
169}
170
171function testProxy {
172
173    # Proxy Part
174    AUTH_TYPE=Proxy
175    USE_REALM=$PROXY_REALM
176    USE_KDC=$PROXY_KDC
177    USE_URL=$PROXY_URL
178    EXTRA_PARA=$PROXY_PARA
179
180    HEADER_40X='HTTP/1.1 407'
181    AUTH_RESPONSE='Proxy-Authenticate:'
182    AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate'
183    AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic'
184    AUTH_ANY_REQUEST='{Proxy-Authorization:'
185
186    testsuite
187
188    echo Pass Proxy
189}
190
191HAS_CACHE='false'
192kdestroy
193testWWW
194testProxy
195
196HAS_CACHE='true'
197#kinit for WWW_REALM
198cp $WWW_TAB $TAB_PATH
199testWWW
200#kinit for PRXY_REALM
201cp $PROXY_TAB $TAB_PATH
202testProxy
203
204kdestroy
205rm err.log
206rm out.log
207
208exit 0
209