Skip to content

D
dragonwell11

openanolis / dragonwell11

通知 7
Star 2
Fork 0
D
dragonwell11

体验新版 GitCode,发现更多精彩内容 >>

提交 9a434a61 编写于 作者: W weijun
浏览文件
操作

8175120: Remove old tests on kdc timeout policy 

Reviewed-by: xuelei
上级 5db86425
显示空白变更内容
内联 并排
Showing with 0 addition and 977 deletion
jdk/test/sun/security/krb5/auto/BadKdc.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.*;
import java.net.BindException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.Config;
public class BadKdc {
// Matches the krb5 debug output:
// >>> KDCCommunication: kdc=kdc.rabbit.hole UDP:14319, timeout=2000,...
// ^ kdc# ^ timeout
static final Pattern re = Pattern.compile(
">>> KDCCommunication: kdc=kdc.rabbit.hole UDP:(\\d)...., " +
"timeout=(\\d+),");
// Ratio for timeout values of all timeout tests. Not final so that
// each test can choose their own.
static float ratio = 2f;
static void setRatio(float ratio) {
BadKdc.ratio = ratio;
}
static float getRatio() {
return ratio;
}
// Gets real timeout value. This method is called when writing krb5.conf
static int toReal(int from) {
return (int)(from * ratio + .5);
}
// De-ratio a millisecond value to second
static int toSymbolicSec(int from) {
return (int)(from / ratio / 1000f + 0.5);
}
/*
* There are several cases this test fails:
*
* 1. The random selected port is used by another process. No good way to
* prevent this happening, coz krb5.conf must be written before KDC starts.
* There are two different outcomes:
*
* a. Cannot start the KDC. A BindException thrown.
* b. When trying to access a non-existing KDC, a response is received!
* Most likely a Asn1Exception thrown
*
* 2. Even if a KDC is started, and more than 20 seconds pass by, a timeout
* can still happens for the first UDP request. In fact, the KDC did not
* received it at all. This happens on almost all platforms, especially
* solaris-i586 and solaris-x64.
*
* To avoid them:
*
* 1. Catch those exceptions and ignore
*
* 2. a. Make the timeout longer? useless
* b. Read the output carefully, if there is a timeout, it's OK.
* Just make sure the retries times and KDCs are correct.
* This is tough.
* c. Feed the KDC a UDP packet first. The current "solution".
*/
public static void go(String... expected)
throws Exception {
try {
go0(expected);
} catch (BindException be) {
System.out.println("The random port is used by another process");
} catch (LoginException le) {
Throwable cause = le.getCause();
if (cause instanceof Asn1Exception) {
System.out.println("Bad packet possibly from another process");
return;
}
throw le;
}
}
public static void go0(String... expected)
throws Exception {
System.setProperty("sun.security.krb5.debug", "true");
// Idle UDP sockets will trigger a SocketTimeoutException, without it,
// a PortUnreachableException will be thrown.
DatagramSocket d1 = null, d2 = null, d3 = null;
// Make sure KDCs' ports starts with 1 and 2 and 3,
// useful for checking debug output.
int p1 = 10000 + new java.util.Random().nextInt(10000);
int p2 = 20000 + new java.util.Random().nextInt(10000);
int p3 = 30000 + new java.util.Random().nextInt(10000);
FileWriter fw = new FileWriter("alternative-krb5.conf");
fw.write("[libdefaults]\n" +
"default_realm = " + OneKDC.REALM + "\n" +
"kdc_timeout = " + toReal(2000) + "\n");
fw.write("[realms]\n" + OneKDC.REALM + " = {\n" +
"kdc = " + OneKDC.KDCHOST + ":" + p1 + "\n" +
"kdc = " + OneKDC.KDCHOST + ":" + p2 + "\n" +
"kdc = " + OneKDC.KDCHOST + ":" + p3 + "\n" +
"}\n");
fw.close();
System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
Config.refresh();
// Turn on k3 only
d1 = new DatagramSocket(p1);
d2 = new DatagramSocket(p2);
KDC k3 = on(p3);
test(expected[0]);
test(expected[1]);
Config.refresh();
test(expected[2]);
k3.terminate(); // shutdown k3
d3 = new DatagramSocket(p3);
d2.close();
on(p2); // k2 is on
test(expected[3]);
d1.close();
on(p1); // k1 and k2 is on
test(expected[4]);
d3.close();
}
private static KDC on(int p) throws Exception {
KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p, true);
k.addPrincipal(OneKDC.USER, OneKDC.PASS);
k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
// Feed a packet to newly started KDC to warm it up
System.err.println("-------- IGNORE THIS ERROR MESSAGE --------");
new DatagramSocket().send(
new DatagramPacket("Hello".getBytes(), 5,
InetAddress.getByName(OneKDC.KDCHOST), p));
return k;
}
private static void test(String expected) throws Exception {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
System.out.println("----------------- TEST -----------------");
try {
test0(bo, expected);
} catch (Exception e) {
System.out.println("----------------- ERROR -----------------");
System.out.println(new String(bo.toByteArray()));
System.out.println("--------------- ERROR END ---------------");
throw e;
}
}
/**
* One round of test for max_retries and timeout.
* @param expected the expected kdc# timeout kdc# timeout...
*/
private static void test0(ByteArrayOutputStream bo, String expected)
throws Exception {
PrintStream oldout = System.out;
boolean failed = false;
System.setOut(new PrintStream(bo));
try {
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
} catch (Exception e) {
failed = true;
} finally {
System.setOut(oldout);
}
String[] lines = new String(bo.toByteArray()).split("\n");
StringBuilder sb = new StringBuilder();
for (String line: lines) {
Matcher m = re.matcher(line);
if (m.find()) {
System.out.println(line);
sb.append(m.group(1))
.append(toSymbolicSec(Integer.parseInt(m.group(2))));
}
}
if (failed) sb.append('-');
String output = sb.toString();
System.out.println("Expected: " + expected + ", actual " + output);
if (!output.matches(expected)) {
throw new Exception("Does not match");
}
}
}
jdk/test/sun/security/krb5/auto/BadKdc1.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6843127
* @run main/othervm/timeout=300 BadKdc1
* @summary krb5 should not try to access unavailable kdc too often
*/
import java.security.Security;
public class BadKdc1 {
public static void main(String[] args)
throws Exception {
// 5 sec is default timeout for tryLess
if (BadKdc.getRatio() > 2.5) {
Security.setProperty("krb5.kdc.bad.policy",
"tryLess:1," + BadKdc.toReal(2000));
} else {
Security.setProperty("krb5.kdc.bad.policy", "tryLess");
}
BadKdc.go(
"121212222222(32){1,3}1222(32){1,3}", // 1 2
// The above line means try kdc1 for 2 seconds then kdc1
// for 2 seconds... finally kdc3 for 2 seconds.
"1222(32){1,3}1222(32){1,3}", // 1 2
// refresh
"121212222222(32){1,3}1222(32){1,3}", // 1 2
// k3 off k2 on
"(122212(22){1,3}|1222323232-)", // 1
// k1 on
"(12(12){1,3}|122212|122232-)" // empty
);
}
}
jdk/test/sun/security/krb5/auto/BadKdc2.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6843127
* @run main/othervm/timeout=300 BadKdc2
* @summary krb5 should not try to access unavailable kdc too often
*/
import java.io.*;
import java.security.Security;
public class BadKdc2 {
public static void main(String[] args)
throws Exception {
// 1 sec is too short.
BadKdc.setRatio(3.0f);
Security.setProperty(
"krb5.kdc.bad.policy", "tryLess:2," + BadKdc.toReal(1000));
BadKdc.go(
"121212222222(32){1,3}11112121(32){1,3}", // 1 2
"11112121(32){1,3}11112121(32){1,3}", // 1 2
// refresh
"121212222222(32){1,3}11112121(32){1,3}", // 1 2
// k3 off k2 on
"1111(21){1,3}1111(22){1,3}", // 1
// k1 on
"(11){1,3}(12){1,3}" // empty
);
}
}
jdk/test/sun/security/krb5/auto/BadKdc3.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6843127
* @run main/othervm/timeout=300 BadKdc3
* @summary krb5 should not try to access unavailable kdc too often
*/
import java.io.*;
import java.security.Security;
public class BadKdc3 {
public static void main(String[] args)
throws Exception {
Security.setProperty("krb5.kdc.bad.policy", "tryLast");
BadKdc.go(
"121212222222(32){2,4}", // 1 2
"(32){2,4}", // 1 2
// refresh
"121212222222(32){2,4}", // 1 2
// k3 off k2 on
"323232121212(22){2,4}", // 1 3
// k1 on
"(22){2,4}" // 1 3
);
}
}
jdk/test/sun/security/krb5/auto/BadKdc4.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6843127
* @run main/othervm/timeout=300 BadKdc4
* @summary krb5 should not try to access unavailable kdc too often
*/
import java.io.*;
import java.security.Security;
public class BadKdc4 {
public static void main(String[] args)
throws Exception {
Security.setProperty("krb5.kdc.bad.policy", "");
BadKdc.go(
"121212222222(32){1,3}121212222222(32){1,3}",
"121212222222(32){1,3}121212222222(32){1,3}",
// refresh
"121212222222(32){1,3}121212222222(32){1,3}",
// k3 off k2 on
"121212(22){1,3}121212(22){1,3}",
// k1 on
"(12){2,4}"
);
}
}
jdk/test/sun/security/krb5/auto/CommMatcher.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* Matches the krb5 debug output:
* >>> KDCCommunication: kdc=host UDP:11555, timeout=100,Attempt =1, #bytes=138
*
* Example:
* CommMatcher cm = new CommMatcher();
* cm.addPort(12345).addPort(23456);
* for (String line : debugOutput) {
* if (cm.match(line)) {
* println("KDC: %c, %s, Timeout: %d\n",
* cm.kdc(), cm.protocol(), cm.timeout());
* }
* }
*/
public class CommMatcher {
static final Pattern re = Pattern.compile(
">>> KDCCommunication: kdc=\\S+ (TCP|UDP):(\\d+), " +
"timeout=(\\d+),Attempt\\s*=(\\d+)");
List<Integer> kdcPorts = new ArrayList<>();
Matcher matcher;
/**
* Add KDC ports one by one. The 1st KDC will be 'a' in {@link #kdc()},
* 2nd is 'b', etc, etc.
*/
public CommMatcher addPort(int port) {
if (port > 0) {
kdcPorts.add(port);
} else {
kdcPorts.clear();
}
return this;
}
public boolean match(String line) {
matcher = re.matcher(line);
return matcher.find();
}
public String protocol() {
return matcher.group(1);
}
public char kdc() {
int port = Integer.parseInt(matcher.group(2));
return (char)(kdcPorts.indexOf(port) + 'a');
}
public int timeout() {
return BadKdc.toSymbolicSec(Integer.parseInt(matcher.group(3)));
}
public int attempt() {
return Integer.parseInt(matcher.group(4));
}
}
jdk/test/sun/security/krb5/auto/MaxRetries.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6844193
* @compile -XDignore.symbol.file MaxRetries.java
* @run main/othervm/timeout=300 MaxRetries
* @summary support max_retries in krb5.conf
*/
import javax.security.auth.login.LoginException;
import java.io.*;
import java.net.DatagramSocket;
import java.security.Security;
public class MaxRetries {
static int idlePort = -1;
static CommMatcher cm = new CommMatcher();
public static void main(String[] args)
throws Exception {
System.setProperty("sun.security.krb5.debug", "true");
OneKDC kdc = new OneKDC(null).writeJAASConf();
// An idle UDP socket to prevent PortUnreachableException
DatagramSocket ds = new DatagramSocket();
idlePort = ds.getLocalPort();
cm.addPort(idlePort);
cm.addPort(kdc.getPort());
System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
Security.setProperty("krb5.kdc.bad.policy", "trylast");
// We always make the real timeout to be 1 second
BadKdc.setRatio(0.25f);
rewriteMaxRetries(4);
// Explanation: In this case, max_retries=4 and timeout=4s.
// For AS-REQ without preauth, we will see 4 4s timeout on kdc#1
// ("a4" repeat 4 times), and one 4s timeout on kdc#2 ("b4"). For
// AS-REQ with preauth, one 4s timeout on kdc#2 (second "b4").
// we tolerate 4 real timeout on kdc#2, so make it "(b4){2,6}".
test1("a4a4a4a4b4b4", "a4a4a4a4(b4){2,6}");
test1("b4b4", "(b4){2,6}");
BadKdc.setRatio(1f);
rewriteMaxRetries(1);
// Explanation: Since max_retries=1 only, we could fail in 1st or 2nd
// AS-REQ to kdc#2.
String actual = test1("a1b1b1", "(a1b1b1|a1b1x|a1b1b1x)");
if (actual.endsWith("x")) {
// If 1st attempt fails, all bads are back available
test1("a1b1b1", "(a1b1b1|a1b1x|a1b1b1x)");
} else {
test1("b1b1", "(b1b1|b1x|b1b1x)");
}
BadKdc.setRatio(0.2f);
rewriteMaxRetries(-1);
test1("a5a5a5b5b5", "a5a5a5(b5){2,4}");
test1("b5b5", "(b5){2,4}");
BadKdc.setRatio(0.25f);
Security.setProperty("krb5.kdc.bad.policy",
"tryless:1,1000");
rewriteMaxRetries(4);
test1("a4a4a4a4b4a4b4", "a4a4a4a4(b4){1,3}a4(b4){1,3}");
test1("a4b4a4b4", "a4(b4){1,3}a4(b4){1,3}");
BadKdc.setRatio(1f);
rewriteMaxRetries(1);
actual = test1("a1b1a1b1", "(a1b1|a1b1x|a1b1a1b1|a1b1a1b1x)");
if (actual.endsWith("x")) {
test1("a1b1a1b1", "(a1b1|a1b1x|a1b1a1b1|a1b1a1b1x)");
} else {
test1("a1b1a1b1", "(a1b1|a1b1x|a1b1a1b1|a1b1a1b1x)");
}
BadKdc.setRatio(.2f);
rewriteMaxRetries(-1);
test1("a5a5a5b5a5b5", "a5a5a5(b5){1,2}a5(b5){1,2}");
test1("a5b5a5b5", "a5(b5){1,2}a5(b5){1,2}");
BadKdc.setRatio(1f);
rewriteMaxRetries(2);
if (BadKdc.toReal(2000) > 1000) {
// Explanation: if timeout is longer than 1s in tryLess,
// we will see "a1" at 2nd kdc#1 access
test1("a2a2b2a1b2", "a2a2(b2){1,2}a1(b2){1,2}");
} else {
test1("a2a2b2a2b2", "a2a2(b2){1,2}a2(b2){1,2}");
}
BadKdc.setRatio(1f);
rewriteUdpPrefLimit(-1, -1); // default, no limit
test2("UDP");
rewriteUdpPrefLimit(10, -1); // global rules
test2("TCP");
rewriteUdpPrefLimit(10, 10000); // realm rules
test2("UDP");
rewriteUdpPrefLimit(10000, 10); // realm rules
test2("TCP");
ds.close();
}
/**
* One round of test for max_retries and timeout.
*
* @param exact the expected exact match, where no timeout
* happens for real KDCs
* @param relaxed the expected relaxed match, where some timeout
* could happen for real KDCs
* @return the actual result
*/
private static String test1(String exact, String relaxed) throws Exception {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream oldout = System.out;
System.setOut(new PrintStream(bo));
boolean failed = false;
long start = System.nanoTime();
try {
Context c = Context.fromJAAS("client");
} catch (LoginException e) {
failed = true;
}
System.setOut(oldout);
String[] lines = new String(bo.toByteArray()).split("\n");
System.out.println("----------------- TEST (" + exact
+ ") -----------------");
// Result, a series of timeout + kdc#
StringBuilder sb = new StringBuilder();
for (String line: lines) {
if (cm.match(line)) {
System.out.println(line);
sb.append(cm.kdc()).append(cm.timeout());
}
}
if (failed) {
sb.append("x");
}
System.out.println("Time: " + (System.nanoTime() - start) / 1000000000d);
String actual = sb.toString();
System.out.println("Actual: " + actual);
if (actual.equals(exact)) {
System.out.println("Exact match: " + exact);
} else if (actual.matches(relaxed)) {
System.out.println("!!!! Tolerant match: " + relaxed);
} else {
throw new Exception("Match neither " + exact + " nor " + relaxed);
}
return actual;
}
/**
* One round of test for udp_preference_limit.
* @param proto the expected protocol used
*/
private static void test2(String proto) throws Exception {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream oldout = System.out;
System.setOut(new PrintStream(bo));
Context c = Context.fromJAAS("client");
System.setOut(oldout);
int count = 2;
String[] lines = new String(bo.toByteArray()).split("\n");
System.out.println("----------------- TEST -----------------");
for (String line: lines) {
if (cm.match(line)) {
System.out.println(line);
count--;
if (!cm.protocol().equals(proto)) {
throw new Exception("Wrong protocol value");
}
}
}
if (count != 0) {
throw new Exception("Retry count is " + count + " less");
}
}
/**
* Set udp_preference_limit for global and realm
*/
private static void rewriteUdpPrefLimit(int global, int realm)
throws Exception {
BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
FileWriter fw = new FileWriter("alternative-krb5.conf");
while (true) {
String s = fr.readLine();
if (s == null) {
break;
}
if (s.startsWith("[realms]")) {
// Reconfig global setting
fw.write("kdc_timeout = 5000\n");
if (global != -1) {
fw.write("udp_preference_limit = " + global + "\n");
}
} else if (s.trim().startsWith("kdc = ")) {
if (realm != -1) {
// Reconfig for realm
fw.write(" udp_preference_limit = " + realm + "\n");
}
}
fw.write(s + "\n");
}
fr.close();
fw.close();
sun.security.krb5.Config.refresh();
}
/**
* Set max_retries and timeout value for realm. The global value is always
* 3 and 5000.
*
* @param value max_retries and timeout/1000 for a realm, -1 means none.
*/
private static void rewriteMaxRetries(int value) throws Exception {
BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
FileWriter fw = new FileWriter("alternative-krb5.conf");
while (true) {
String s = fr.readLine();
if (s == null) {
break;
}
if (s.startsWith("[realms]")) {
// Reconfig global setting
fw.write("max_retries = 3\n");
fw.write("kdc_timeout = " + BadKdc.toReal(5000) + "\n");
} else if (s.trim().startsWith("kdc = ")) {
if (value != -1) {
// Reconfig for realm
fw.write(" max_retries = " + value + "\n");
fw.write(" kdc_timeout = " + BadKdc.toReal(value*1000) + "\n");
}
// Add a bad KDC as the first candidate
fw.write(" kdc = localhost:" + idlePort + "\n");
}
fw.write(s + "\n");
}
fr.close();
fw.close();
sun.security.krb5.Config.refresh();
}
}
jdk/test/sun/security/krb5/auto/TcpTimeout.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6952519
* @compile -XDignore.symbol.file TcpTimeout.java
* @run main/othervm TcpTimeout
* @summary kdc_timeout is not being honoured when using TCP
*/
import java.io.*;
import java.net.ServerSocket;
import sun.security.krb5.Config;
public class TcpTimeout {
public static void main(String[] args)
throws Exception {
// Set debug to grab debug output like ">>> KDCCommunication"
System.setProperty("sun.security.krb5.debug", "true");
// Called before new ServerSocket on p1 and p2 to make sure
// customized nameservice is used
KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, 0, true);
int p3 = k.getPort();
k.addPrincipal(OneKDC.USER, OneKDC.PASS);
k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
// Start two listener that does not communicate, simulate timeout
ServerSocket ss1 = null;
ServerSocket ss2 = null;
try {
ss1 = new ServerSocket(0);
ss2 = new ServerSocket(0);
int p1 = ss1.getLocalPort();
int p2 = ss2.getLocalPort();
FileWriter fw = new FileWriter("alternative-krb5.conf");
fw.write("[libdefaults]\n" +
"udp_preference_limit = 1\n" +
"max_retries = 2\n" +
"default_realm = " + OneKDC.REALM + "\n" +
"kdc_timeout = " + BadKdc.toReal(5000) + "\n");
fw.write("[realms]\n" + OneKDC.REALM + " = {\n" +
"kdc = " + OneKDC.KDCHOST + ":" + p1 + "\n" +
"kdc = " + OneKDC.KDCHOST + ":" + p2 + "\n" +
"kdc = " + OneKDC.KDCHOST + ":" + p3 + "\n" +
"}\n");
fw.close();
System.setProperty("java.security.krb5.conf",
"alternative-krb5.conf");
Config.refresh();
System.out.println("Ports opened on " + p1 + ", " + p2 + ", " + p3);
// The correct behavior should be:
// 5 sec on p1, 5 sec on p1, fail
// 5 sec on p2, 5 sec on p2, fail
// p3 ok, p3 ok again for preauth.
int count = 6;
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream oldout = System.out;
System.setOut(new PrintStream(bo));
Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
System.setOut(oldout);
String[] lines = new String(bo.toByteArray()).split("\n");
for (String line: lines) {
if (line.startsWith(">>> KDCCommunication")) {
System.out.println(line);
count--;
}
}
if (count != 0) {
throw new Exception("Retry count is " + count + " less");
}
} finally {
if (ss1 != null) ss1.close();
if (ss2 != null) ss2.close();
}
}
}
jdk/test/sun/security/krb5/auto/UdpTcp.java 已删除 100644 → 0
浏览文件 @ 5db86425
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4966382 8039132
* @run main/othervm UdpTcp UDP
* @run main/othervm UdpTcp TCP
* @summary udp or tcp
*/
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import sun.security.krb5.Config;
public class UdpTcp {
public static void main(String[] args)
throws Exception {
System.setProperty("sun.security.krb5.debug", "true");
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// Two styles of kdc_timeout setting. One global, one realm-specific.
if (args[0].equals("UDP")) {
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"kdc_timeout = 10s");
} else {
kdc.addConf("kdc_timeout = 10s");
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"udp_preference_limit = 1");
}
Config.refresh();
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream oldout = System.out;
System.setOut(new PrintStream(bo));
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
System.setOut(oldout);
for (String line: new String(bo.toByteArray()).split("\n")) {
if (line.contains(">>> KDCCommunication")) {
if (!line.contains(args[0]) || !line.contains("timeout=10000")) {
throw new Exception("No " + args[0] + " in: " + line);
}
}
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册