1/* 2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 26 * @bug 8078439 27 * @summary SPNEGO auth fails if client proposes MS krb5 OID 28 * @compile -XDignore.symbol.file MSOID2.java 29 * @run main/othervm MSOID2 30 */ 31 32import sun.security.jgss.GSSUtil; 33import sun.security.util.HexDumpEncoder; 34 35// The basic krb5 test skeleton you can copy from 36public class MSOID2 { 37 38 public static void main(String[] args) throws Exception { 39 40 new OneKDC(null).writeJAASConf(); 41 42 Context c, s; 43 c = Context.fromJAAS("client"); 44 s = Context.fromJAAS("server"); 45 46 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); 47 s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID); 48 49 byte[] t = new byte[0]; 50 boolean first = true; 51 while (true) { 52 if (t != null || !c.x().isEstablished()) t = c.take(t); 53 if (first) { 54 // Tweak the packet to append an extra OID 55 int len = t.length; 56 byte[] nt = new byte[len + 11]; 57 System.arraycopy(t, 0, nt, 0, 0x23); 58 System.arraycopy(t, 0x18, nt, 0x23, 11); // dup the OID 59 System.arraycopy(t, 0x23, nt, 0x2e, len-0x23); 60 nt[0x1d] = (byte)0x82; // change the 1st to MS OID 61 // Length bytes to be tweaked 62 for (int pos: new int[] {3, 0xf, 0x13, 0x15, 0x17}) { 63 int newLen = (nt[pos]&0xff) + 11; 64 // The length byte at nt[pos] might overflow. It's 65 // unlikely for nt[pos-1] to overflow, which means the size 66 // of token is bigger than 65535. 67 if (newLen >= 256) { 68 nt[pos-1] = (byte)(nt[pos-1] + 1); 69 } 70 nt[pos] = (byte)newLen; 71 } 72 t = nt; 73 new HexDumpEncoder().encodeBuffer(t, System.out); 74 } 75 if (t != null || !s.x().isEstablished()) t = s.take(t); 76 if (c.x().isEstablished() && s.x().isEstablished()) break; 77 first = false; 78 } 79 80 Context.transmit("i say high --", c, s); 81 Context.transmit(" you say low", s, c); 82 83 s.dispose(); 84 c.dispose(); 85 } 86} 87