1/* 2 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 1.2 07/03/29 26 * @bug 4634892 27 * @summary Ensure that client requesting integrity causes resulting channel to 28 * be integrity-protected. 29 */ 30 31/* 32 * Can set logging to FINEST to view exchange. 33 */ 34import javax.security.sasl.*; 35import javax.security.auth.callback.*; 36import java.security.Security; 37import java.util.*; 38 39public class Integrity { 40 private static final String MECH = "DIGEST-MD5"; 41 private static final String SERVER_FQDN = "machineX.imc.org"; 42 private static final String PROTOCOL = "jmx"; 43 44 private static final byte[] EMPTY = new byte[0]; 45 46 private static String pwfile, namesfile, proxyfile; 47 private static boolean auto; 48 private static boolean verbose = false; 49 50 private static byte[][] clntdata, srvdata; 51 52 private static void init(String[] args) throws Exception { 53 if (args.length == 0) { 54 pwfile = "pw.properties"; 55 namesfile = "names.properties"; 56 auto = true; 57 } else { 58 int i = 0; 59 if (args[i].equals("-m")) { 60 i++; 61 auto = false; 62 } 63 if (args.length > i) { 64 pwfile = args[i++]; 65 66 if (args.length > i) { 67 namesfile = args[i++]; 68 69 if (args.length > i) { 70 proxyfile = args[i]; 71 } 72 } 73 } else { 74 pwfile = "pw.properties"; 75 namesfile = "names.properties"; 76 } 77 } 78 79 initData(); 80 } 81 82 83 public static void main(String[] args) throws Exception { 84 85 init(args); 86 87 CallbackHandler clntCbh = new ClientCallbackHandler(auto); 88 89 CallbackHandler srvCbh = 90 new PropertiesFileCallbackHandler(pwfile, namesfile, proxyfile); 91 92 Map srvProps = new HashMap(); 93 srvProps.put(Sasl.QOP, "auth-int"); 94 95 Map clntProps = new HashMap(); 96 clntProps.put(Sasl.QOP, "auth-int"); 97 98 SaslClient clnt = Sasl.createSaslClient( 99 new String[]{MECH}, null, PROTOCOL, SERVER_FQDN, clntProps, clntCbh); 100 101 SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN, 102 srvProps, srvCbh); 103 104 if (clnt == null) { 105 throw new IllegalStateException( 106 "Unable to find client impl for " + MECH); 107 } 108 if (srv == null) { 109 throw new IllegalStateException( 110 "Unable to find server impl for " + MECH); 111 } 112 113 byte[] response = (clnt.hasInitialResponse()? 114 clnt.evaluateChallenge(EMPTY) : EMPTY); 115 byte[] challenge; 116 117 while (!clnt.isComplete() || !srv.isComplete()) { 118 challenge = srv.evaluateResponse(response); 119 120 if (challenge != null) { 121 response = clnt.evaluateChallenge(challenge); 122 } 123 } 124 125 if (clnt.isComplete() && srv.isComplete()) { 126 if (verbose) { 127 System.out.println("SUCCESS"); 128 System.out.println("authzid is " + srv.getAuthorizationID()); 129 } 130 } else { 131 throw new IllegalStateException("FAILURE: mismatched state:" + 132 " client complete? " + clnt.isComplete() + 133 " server complete? " + srv.isComplete()); 134 } 135 136 /* Use security layer */ 137 int count = 0; 138 for (int i = 0; i < clntStrs.length; i++) { 139 byte[] orig = clntdata[i]; 140 byte[] wrapped = clnt.wrap(clntdata[i], 0, clntdata[i].length); 141 byte[] unwrapped = srv.unwrap(wrapped, 0, wrapped.length); 142 143 if (!Arrays.equals(orig, unwrapped)) { 144 throw new SaslException("Server cannot unwrap client data"); 145 } 146 147 byte[] sorig = srvdata[i]; 148 byte[] swrapped = srv.wrap(srvdata[i], 0, srvdata[i].length); 149 byte[] sunwrapped = clnt.unwrap(swrapped, 0, swrapped.length); 150 151 if (!Arrays.equals(sorig, sunwrapped)) { 152 throw new SaslException("Client cannot unwrap server data"); 153 } 154 ++count; 155 } 156 157 if (verbose) 158 System.out.println(count + " sets of wrap/unwrap between client/server"); 159 160 clnt.dispose(); 161 srv.dispose(); 162 } 163 164 private static final String[] srvStrs = new String[] { 165"A is the 1st letter", 166"B is the 2nd letter", 167"C is the 3rd letter", 168"D is the 4th letter", 169"E is the 5th letter", 170"F is the 6th letter", 171"G is the 7th letter", 172"H is the 8th letter", 173"I is the 9th letter", 174"J is the 10th letter", 175"K is the 11th letter", 176"L is the 12th letter", 177"M is the 13th letter", 178 }; 179 180 private static final String[] clntStrs = new String[] { 181"0", 182"1", 183"2", 184"3", 185"4", 186"5", 187"6", 188"7", 189"8", 190"9", 191"10", 192"11", 193"12", 194 }; 195 196 private static void initData() { 197 clntdata = new byte[clntStrs.length][]; 198 for (int i = 0; i < clntStrs.length; i++) { 199 clntdata[i] = clntStrs[i].getBytes(); 200 } 201 202 srvdata = new byte[srvStrs.length][]; 203 for (int i = 0; i < srvStrs.length; i++) { 204 srvdata[i] = srvStrs[i].getBytes(); 205 } 206 } 207} 208