diff --git a/test/sun/security/krb5/auto/Basic.java b/test/sun/security/krb5/auto/Basic.java
new file mode 100644
index 0000000000000000000000000000000000000000..1048dc037e46c2383e21da9156c5b0ae1cc9313d
--- /dev/null
+++ b/test/sun/security/krb5/auto/Basic.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7152176
+ * @summary More krb5 tests
+ * @compile -XDignore.symbol.file Basic.java
+ * @run main/othervm Basic
+ */
+
+import sun.security.jgss.GSSUtil;
+
+// The basic krb5 test skeleton you can copy from
+public class Basic {
+
+ public static void main(String[] args) throws Exception {
+
+ new OneKDC(null).writeJAASConf();
+
+ Context c, s;
+ c = Context.fromJAAS("client");
+ s = Context.fromJAAS("server");
+
+ c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+ s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+ Context.handshake(c, s);
+
+ Context.transmit("i say high --", c, s);
+ Context.transmit(" you say low", s, c);
+
+ s.dispose();
+ c.dispose();
+ }
+}
diff --git a/test/sun/security/krb5/auto/Context.java b/test/sun/security/krb5/auto/Context.java
index c4c0cbcc4e7d2f783c94ad903f1c9e74b0e44630..ca612bad4773c68320064c502cc1ab9b5c89736f 100644
--- a/test/sun/security/krb5/auto/Context.java
+++ b/test/sun/security/krb5/auto/Context.java
@@ -95,6 +95,15 @@ public class Context {
return out;
}
+ /**
+ * No JAAS login at all, can be used to test JGSS without JAAS
+ */
+ public static Context fromThinAir() throws Exception {
+ Context out = new Context();
+ out.s = new Subject();
+ return out;
+ }
+
/**
* Logins with a JAAS login config entry name
*/
@@ -111,8 +120,10 @@ public class Context {
String user, char[] pass, boolean storeKey) throws Exception {
return fromUserPass(null, user, pass, storeKey);
}
+
/**
* Logins with a username and a password, using Krb5LoginModule directly
+ * @param s existing subject, test multiple princ & creds for single subj
* @param storeKey true if key should be saved, used on acceptor side
*/
public static Context fromUserPass(Subject s,
diff --git a/test/sun/security/krb5/auto/GSS.java b/test/sun/security/krb5/auto/GSS.java
new file mode 100644
index 0000000000000000000000000000000000000000..8e782095884bb23167814e09fd76e5310b432ce3
--- /dev/null
+++ b/test/sun/security/krb5/auto/GSS.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7152176
+ * @summary More krb5 tests
+ * @compile -XDignore.symbol.file GSS.java
+ * @run main/othervm GSS
+ */
+
+import sun.security.jgss.GSSUtil;
+
+// Testing JGSS without JAAS
+public class GSS {
+
+ public static void main(String[] args) throws Exception {
+
+ new OneKDC(null).writeJAASConf();
+
+ Context c, s;
+ c = Context.fromThinAir();
+ s = Context.fromThinAir();
+
+ // This is the only setting needed for JGSS without JAAS. The default
+ // JAAS config entries are already created by OneKDC.
+ System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+
+ c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+ s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+ Context.handshake(c, s);
+
+ Context.transmit("i say high --", c, s);
+ Context.transmit(" you say low", s, c);
+
+ s.dispose();
+ c.dispose();
+ }
+}
diff --git a/test/sun/security/krb5/auto/KDC.java b/test/sun/security/krb5/auto/KDC.java
index 13cad02b954c5dc3a54582ca076fe2cbc05c51e9..917c56d7b0fd7d564bb22211e6a69f08b00e4b71 100644
--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java
@@ -236,80 +236,82 @@ public class KDC {
}
/**
- * Writes or appends KDC keys into a keytab. See doc for writeMultiKtab.
+ * Writes or appends keys into a keytab.
+ *
+ * Attention: This is the most basic one of a series of methods below on
+ * keytab creation or modification. All these methods reference krb5.conf
+ * settings. If you need to modify krb5.conf or switch to another krb5.conf
+ * later, please call Config.refresh() again. For example:
+ *
+ * kdc.writeKtab("/etc/kdc/ktab", true); // Config is initialized,
+ * System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf");
+ * Config.refresh();
+ *
+ * Inside this method there are 2 places krb5.conf is used:
+ *
+ * - (Fatal) Generating keys: EncryptionKey.acquireSecretKeys
+ *
- (Has workaround) Creating PrincipalName
+ *
+ * @param tab the keytab file name
* @param append true if append, otherwise, overwrite.
+ * @param names the names to write into, write all if names is empty
*/
- private static void writeKtab0(String tab, boolean append, KDC... kdcs)
+ public void writeKtab(String tab, boolean append, String... names)
throws IOException, KrbException {
KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);
- for (KDC kdc: kdcs) {
- for (String name : kdc.passwords.keySet()) {
- char[] pass = kdc.passwords.get(name);
- int kvno = 0;
- if (Character.isDigit(pass[pass.length-1])) {
- kvno = pass[pass.length-1] - '0';
- }
- ktab.addEntry(new PrincipalName(name,
- name.indexOf('/') < 0 ?
- PrincipalName.KRB_NT_UNKNOWN :
- PrincipalName.KRB_NT_SRV_HST),
- pass,
- kvno,
- true);
+ Iterable entries =
+ (names.length != 0) ? Arrays.asList(names): passwords.keySet();
+ for (String name : entries) {
+ char[] pass = passwords.get(name);
+ int kvno = 0;
+ if (Character.isDigit(pass[pass.length-1])) {
+ kvno = pass[pass.length-1] - '0';
}
+ ktab.addEntry(new PrincipalName(name,
+ name.indexOf('/') < 0 ?
+ PrincipalName.KRB_NT_UNKNOWN :
+ PrincipalName.KRB_NT_SRV_HST),
+ pass,
+ kvno,
+ true);
}
ktab.save();
}
/**
* Writes all principals' keys from multiple KDCs into one keytab file.
- * Note that the keys for the krbtgt principals will not be written.
- *
- * Attention: This method references krb5.conf settings. If you need to
- * setup krb5.conf later, please call Config.refresh() after
- * the new setting. For example:
- *
- * KDC.writeKtab("/etc/kdc/ktab", kdc); // Config is initialized,
- * System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf");
- * Config.refresh();
- *
- *
- * Inside this method there are 2 places krb5.conf is used:
- *
- * - (Fatal) Generating keys: EncryptionKey.acquireSecretKeys
- *
- (Has workaround) Creating PrincipalName
- *
- * @param tab The keytab filename to write to.
* @throws java.io.IOException for any file output error
* @throws sun.security.krb5.KrbException for any realm and/or principal
* name error.
*/
public static void writeMultiKtab(String tab, KDC... kdcs)
throws IOException, KrbException {
- writeKtab0(tab, false, kdcs);
+ KeyTab.create(tab).save(); // Empty the old keytab
+ appendMultiKtab(tab, kdcs);
}
/**
* Appends all principals' keys from multiple KDCs to one keytab file.
- * See writeMultiKtab for details.
*/
public static void appendMultiKtab(String tab, KDC... kdcs)
throws IOException, KrbException {
- writeKtab0(tab, true, kdcs);
+ for (KDC kdc: kdcs) {
+ kdc.writeKtab(tab, true);
+ }
}
/**
* Write a ktab for this KDC.
*/
public void writeKtab(String tab) throws IOException, KrbException {
- KDC.writeMultiKtab(tab, this);
+ writeKtab(tab, false);
}
/**
* Appends keys in this KDC to a ktab.
*/
public void appendKtab(String tab) throws IOException, KrbException {
- KDC.appendMultiKtab(tab, this);
+ writeKtab(tab, true);
}
/**
diff --git a/test/sun/security/krb5/auto/TwoTab.java b/test/sun/security/krb5/auto/TwoTab.java
new file mode 100644
index 0000000000000000000000000000000000000000..dd2cf96a8a4856a46705b6a97f824b5e25d3fd5f
--- /dev/null
+++ b/test/sun/security/krb5/auto/TwoTab.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7152176
+ * @summary More krb5 tests
+ * @compile -XDignore.symbol.file TwoTab.java
+ * @run main/othervm TwoTab
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.security.Security;
+import sun.security.jgss.GSSUtil;
+import sun.security.krb5.PrincipalName;
+import sun.security.krb5.internal.ktab.KeyTab;
+
+// Two services using their own keytab.
+public class TwoTab {
+
+ public static void main(String[] args) throws Exception {
+
+ KDC k = new OneKDC(null);
+
+ // Write JAAS conf, two service using different keytabs
+ System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
+ File f = new File(OneKDC.JAAS_CONF);
+ try (FileOutputStream fos = new FileOutputStream(f)) {
+ fos.write((
+ "server {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\n" +
+ " principal=\"" + OneKDC.SERVER + "\"\n" +
+ " useKeyTab=true\n" +
+ " keyTab=server.keytab\n" +
+ " storeKey=true;\n};\n" +
+ "server2 {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\n" +
+ " principal=\"" + OneKDC.BACKEND + "\"\n" +
+ " useKeyTab=true\n" +
+ " keyTab=backend.keytab\n" +
+ " storeKey=true;\n};\n"
+ ).getBytes());
+ }
+ f.deleteOnExit();
+
+ k.writeKtab("server.keytab", false, "server/host.rabbit.hole@RABBIT.HOLE");
+ k.writeKtab("backend.keytab", false, "backend/host.rabbit.hole@RABBIT.HOLE");
+
+ Context c, s, s2;
+ c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
+ s = Context.fromJAAS("server");
+ s2 = Context.fromJAAS("server2");
+
+ c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+ s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+ Context.handshake(c, s);
+
+ Context.transmit("i say high --", c, s);
+ Context.transmit(" you say low", s, c);
+
+ s.dispose();
+ c.dispose();
+
+ c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
+ c.startAsClient(OneKDC.BACKEND, GSSUtil.GSS_KRB5_MECH_OID);
+ s2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+ Context.handshake(c, s2);
+
+ Context.transmit("i say high --", c, s2);
+ Context.transmit(" you say low", s2, c);
+
+ s2.dispose();
+ c.dispose();
+ }
+}