BasicKrb5Test.java revision 6073:cea72c2bf071 
1/*
2 * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 6706974
27 * @summary Add krb5 test infrastructure
28 * @compile -XDignore.symbol.file BasicKrb5Test.java
29 * @run main/othervm BasicKrb5Test
30 * @run main/othervm BasicKrb5Test des-cbc-crc
31 * @run main/othervm BasicKrb5Test des-cbc-md5
32 * @run main/othervm BasicKrb5Test des3-cbc-sha1
33 * @run main/othervm BasicKrb5Test aes128-cts
34 * @run main/othervm BasicKrb5Test aes256-cts
35 * @run main/othervm BasicKrb5Test rc4-hmac
36 * @run main/othervm BasicKrb5Test -s
37 * @run main/othervm BasicKrb5Test des-cbc-crc -s
38 * @run main/othervm BasicKrb5Test des-cbc-md5 -s
39 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s
40 * @run main/othervm BasicKrb5Test aes128-cts -s
41 * @run main/othervm BasicKrb5Test aes256-cts -s
42 * @run main/othervm BasicKrb5Test rc4-hmac -s
43 * @run main/othervm BasicKrb5Test -C
44 * @run main/othervm BasicKrb5Test des-cbc-crc -C
45 * @run main/othervm BasicKrb5Test des-cbc-md5 -C
46 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -C
47 * @run main/othervm BasicKrb5Test aes128-cts -C
48 * @run main/othervm BasicKrb5Test aes256-cts -C
49 * @run main/othervm BasicKrb5Test rc4-hmac -C
50 * @run main/othervm BasicKrb5Test -s -C
51 * @run main/othervm BasicKrb5Test des-cbc-crc -s -C
52 * @run main/othervm BasicKrb5Test des-cbc-md5 -s -C
53 * @run main/othervm BasicKrb5Test des3-cbc-sha1 -s -C
54 * @run main/othervm BasicKrb5Test aes128-cts -s -C
55 * @run main/othervm BasicKrb5Test aes256-cts -s -C
56 * @run main/othervm BasicKrb5Test rc4-hmac -s -C
57 */
58
59import org.ietf.jgss.GSSName;
60import sun.security.jgss.GSSUtil;
61import sun.security.krb5.Config;
62import sun.security.krb5.internal.crypto.EType;
63
64/**
65 * Basic JGSS/krb5 test with 3 parties: client, server, backend server. Each
66 * party uses JAAS login to get subjects and executes JGSS calls using
67 * Subject.doAs.
68 */
69public class BasicKrb5Test {
70
71    private static boolean conf = true;
72    /**
73     * @param args empty or etype
74     */
75    public static void main(String[] args)
76            throws Exception {
77
78        String etype = null;
79        for (String arg: args) {
80            if (arg.equals("-s")) Context.usingStream = true;
81            else if(arg.equals("-C")) conf = false;
82            else etype = arg;
83        }
84
85        // Creates and starts the KDC. This line must be put ahead of etype check
86        // since the check needs a krb5.conf.
87        new OneKDC(etype).writeJAASConf();
88
89        System.out.println("Testing etype " + etype);
90        if (etype != null && !EType.isSupported(Config.getType(etype))) {
91            // aes256 is not enabled on all systems
92            System.out.println("Not supported.");
93            return;
94        }
95
96        new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND);
97    }
98
99    void go(final String server, final String backend) throws Exception {
100        Context c, s, s2, b;
101        c = Context.fromJAAS("client");
102        s = Context.fromJAAS("server");
103        b = Context.fromJAAS("backend");
104
105        c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID);
106        c.x().requestCredDeleg(true);
107        c.x().requestConf(conf);
108        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
109
110        c.status();
111        s.status();
112
113        Context.handshake(c, s);
114        GSSName client = c.x().getSrcName();
115
116        c.status();
117        s.status();
118
119        Context.transmit("i say high --", c, s);
120        Context.transmit("   you say low", s, c);
121
122        s2 = s.delegated();
123        s.dispose();
124        s = null;
125
126        s2.startAsClient(backend, GSSUtil.GSS_KRB5_MECH_OID);
127        s2.x().requestConf(conf);
128        b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
129
130        s2.status();
131        b.status();
132
133        Context.handshake(s2, b);
134        GSSName client2 = b.x().getSrcName();
135
136        if (!client.equals(client2)) {
137            throw new Exception("Delegation failed");
138        }
139
140        s2.status();
141        b.status();
142
143        Context.transmit("you say hello --", s2, b);
144        Context.transmit("   i say goodbye", b, s2);
145
146        s2.dispose();
147        b.dispose();
148    }
149}
150