1#! /usr/bin/bash 2 3# ATTENTION: 4# 5# Please read spnegoReadme first to setup the testing 6# environment needed 7 8# the following ENV should be adjusted to match your environment 9WWW_REALM=JSL.BEIJING 10WWW_KDC=jsl-bjlab1.jsl.beijing 11WWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt 12 13PROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM 14PROXY_KDC=anchor.jsldublin.ireland.sun.com 15PROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt 16PROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080" 17 18GOOD_PASS='-Duser=olala -Dpass=1q2w#E$R' 19GOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R' 20BAD_PASS='-Duser=olala -Dpass=false' 21BAD_KPASS='-Dkuser=olala -Dkpass=false' 22 23WWW_TAB=www.tab 24PROXY_TAB=proxy.tab 25TAB_PATH=/tmp/krb5cc_156710 26 27FILE_CONTENT=content_of_web_file 28 29# these ENV determines how much to show in terminal. don't edit 30EXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint" 31 32ANY_EXCEPTION='Exception' 33IO_EXCEPTION='java.io.IOException' 34PROTO_EXCEPTION='java.net.ProtocolException' 35HEADER_200='HTTP/1.1 200' 36 37# a java run 38function runonce { 39 echo Testing $AUTH_TYPE-$TEST_NAME ... 40 java -Djava.security.krb5.realm=$USE_REALM \ 41 -Djava.security.krb5.kdc=$USE_KDC \ 42 -Djava.security.auth.login.config=spnegoLogin.conf \ 43 -Dhttp.maxRedirects=2 \ 44 $AUTH_PREF \ 45 $EXTRA_PARA \ 46 $EXTRA_LOG \ 47 $USER_PASS \ 48 $KUSER_PASS \ 49 WebGet $USE_URL 2> err.log > out.log 50 if [ "$HAS_CACHE" = true ]; then 51 grep -i 'PROVIDING Kerberos' out.log && exit $LINENO 52 else 53 grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass' 54 fi 55} 56 57function testsuite { 58 59 # normal runs 60 USER_PASS=$GOOD_PASS 61 KUSER_PASS=$GOOD_KPASS 62 63 TEST_NAME=Authenticate 64 AUTH_PREF= 65 runonce 66 grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO 67 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 68 grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO 69 grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO 70 grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO 71 grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO 72 73 TEST_NAME="Authenticate with Negotiate" 74 AUTH_PREF=-Dhttp.auth.preference=Negotiate 75 runonce 76 # first 40X and ask for authen i author-neg and 200 and success 77 grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO 78 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 79 grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO 80 grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO 81 grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO 82 grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO 83 84 TEST_NAME="Authenticate with Kerberos" 85 AUTH_PREF=-Dhttp.auth.preference=Kerberos 86 runonce 87 # first 40X and ask for authen i author-neg and 200 and success 88 grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO 89 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 90 grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO 91 grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO 92 grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO 93 grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO 94 95 TEST_NAME="Authenticate with Basic" 96 AUTH_PREF=-Dhttp.auth.preference=Basic 97 runonce 98 # first 40X and ask for authen i author-basic and 200 and success 99 grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO 100 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 101 grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO 102 grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO 103 grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO 104 grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO 105 106 if [ "$HAS_CACHE" = true ]; then 107 echo 'Skip bad kpass test if HAS_CACHE is true' 108 else 109 # bad kpass should fallback to basic 110 111 TEST_NAME="Authenticate fallback" 112 KUSER_PASS=$BAD_KPASS 113 AUTH_PREF= 114 runonce 115 # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success 116 grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO 117 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 118 grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO 119 grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO 120 grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO 121 grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO 122 grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO 123 124 # auth.pref given, does not fallback 125 126 TEST_NAME="Authenticate no fallback" 127 KUSER_PASS=$BAD_KPASS 128 AUTH_PREF=-Dhttp.auth.preference=Negotiate 129 runonce # will fail 130 # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION 131 grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO 132 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 133 grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null && exit $LINENO 134 grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO 135 136 # bad kpass fallback to basic, but bad pass 137 TEST_NAME="Authenticate fallback but still cannot go on" 138 KUSER_PASS=$BAD_KPASS 139 USER_PASS=$BAD_PASS 140 AUTH_PREF= 141 runonce # will fail 142 # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION 143 grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO 144 grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO 145 grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO 146 grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO 147 grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO 148 fi 149} 150 151function testWWW { 152 153 # WWW Part 154 AUTH_TYPE=WWW 155 USE_REALM=$WWW_REALM 156 USE_KDC=$WWW_KDC 157 USE_URL=$WWW_URL 158 EXTRA_PARA= 159 160 HEADER_40X='HTTP/1.1 401' 161 AUTH_RESPONSE='WWW-Authenticate:' 162 AUTH_NEG_REQUEST='{Authorization: Negotiate' 163 AUTH_BASIC_REQUEST='{Authorization: Basic' 164 AUTH_ANY_REQUEST='{Authorization:' 165 166 testsuite 167 168 echo Pass WWW 169} 170 171function testProxy { 172 173 # Proxy Part 174 AUTH_TYPE=Proxy 175 USE_REALM=$PROXY_REALM 176 USE_KDC=$PROXY_KDC 177 USE_URL=$PROXY_URL 178 EXTRA_PARA=$PROXY_PARA 179 180 HEADER_40X='HTTP/1.1 407' 181 AUTH_RESPONSE='Proxy-Authenticate:' 182 AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate' 183 AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic' 184 AUTH_ANY_REQUEST='{Proxy-Authorization:' 185 186 testsuite 187 188 echo Pass Proxy 189} 190 191HAS_CACHE='false' 192kdestroy 193testWWW 194testProxy 195 196HAS_CACHE='true' 197#kinit for WWW_REALM 198cp $WWW_TAB $TAB_PATH 199testWWW 200#kinit for PRXY_REALM 201cp $PROXY_TAB $TAB_PATH 202testProxy 203 204kdestroy 205rm err.log 206rm out.log 207 208exit 0 209