1/*
2 * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 6894072
27 * @bug 8004488
28 * @compile -XDignore.symbol.file KeyTabCompat.java
29 * @run main/othervm KeyTabCompat
30 * @summary always refresh keytab
31 */
32
33import javax.security.auth.kerberos.KerberosKey;
34import sun.security.jgss.GSSUtil;
35
36/*
37 * There are 2 compat issues to check:
38 *
39 * 1. If there is only KerberosKeys in private credential set and no
40 *    KerberosPrincipal. JAAS login should go on.
41 * 2. If KeyTab is used, user won't get KerberosKeys from
42 *    private credentials set.
43 */
44public class KeyTabCompat {
45
46    public static void main(String[] args)
47            throws Exception {
48        OneKDC kdc = new OneKDC("aes128-cts");
49        kdc.writeJAASConf();
50        kdc.addPrincipal(OneKDC.SERVER, "pass1".toCharArray());
51        kdc.writeKtab(OneKDC.KTAB);
52
53        Context c, s;
54
55        // Part 1
56        c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
57        s = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, true);
58
59        s.s().getPrincipals().clear();
60
61        c.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
62        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
63
64        Context.handshake(c, s);
65
66        // Part 2
67        c = Context.fromJAAS("client");
68        s = Context.fromJAAS("server");
69
70        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
71        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
72        s.status();
73
74        if (s.s().getPrivateCredentials(KerberosKey.class).size() != 0) {
75            throw new Exception("There should be no KerberosKey");
76        }
77    }
78}
79