1/*
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22*/
23
24/*
25 * @test
26 * @bug 8001326
27 * @run main/othervm NoneReplayCacheTest
28 * @summary the replaycache type none cannot stop an authenticator replay,
29 * but it can stop a message replay when s.s.k.acceptor.subkey is true.
30 * You should not really use none in production environment. This test merely
31 * shows there can be other protections when replay cache is not working fine.
32 */
33
34import org.ietf.jgss.GSSException;
35import sun.security.jgss.GSSUtil;
36
37public class NoneReplayCacheTest {
38
39    public static void main(String[] args)
40            throws Exception {
41
42        new OneKDC(null);
43
44        System.setProperty("sun.security.krb5.rcache", "none");
45        System.setProperty("sun.security.krb5.acceptor.subkey", "true");
46
47        Context c, s;
48        c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
49        s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);
50
51        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
52        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
53
54        byte[] first = c.take(new byte[0]);
55
56        c.take(s.take(first));
57
58        byte[] msg = c.wrap("hello".getBytes(), true);
59        s.unwrap(msg, true);
60
61        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
62        s.take(first);  // apreq replay not detectable
63        try {
64            s.unwrap(msg, true);    // msg replay detectable
65            throw new Exception("This method should fail");
66        } catch (GSSException gsse) {
67            gsse.printStackTrace();
68        }
69    }
70}
71