8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test

Reviewed-by: mbalao

8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test
Reviewed-by: mbalao
30f766b9 · andrew · 15b81d15 · 30f766b9 · 30f766b9 · 30f766b9
4 changed file
--- a/test/java/security/testlibrary/Proc.java
+++ b/test/java/security/testlibrary/Proc.java
@@ -235,6 +235,13 @@ public class Proc {
        br = new BufferedReader(new InputStreamReader(p.getInputStream()));
        return this;
    }
+    String getId(String suffix) {
+        if (debug != null) {
+            return debug + "." + suffix;
+        } else {
+            return System.identityHashCode(this) + "." + suffix;
+        }
+    }
    // Reads a line from stdout of proc
    public String readLine() throws IOException {
        String s = br.readLine();
@@ -303,9 +310,13 @@ public class Proc {
        boolean isEmpty = true;
        while (true) {
            int i = System.in.read();
-            if (i == -1) break;
+            if (i == -1) {
+                break;
+            }
            isEmpty = false;
-            if (i == '\n') break;
+            if (i == '\n') {
+                break;
+            }
            if (i != 13) {
                // Force it to a char, so only simple ASCII works.
                sb.append((char)i);

--- a/test/sun/security/krb5/auto/BasicProc.java
+++ b/test/sun/security/krb5/auto/BasicProc.java
--- a/test/sun/security/krb5/auto/Context.java
+++ b/test/sun/security/krb5/auto/Context.java
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -22,14 +22,21 @@
 */
 import com.sun.security.auth.module.Krb5LoginModule;
-import java.security.Key;
+import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.security.Key;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
 import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.kerberos.KerberosKey;
 import javax.security.auth.kerberos.KerberosTicket;
 import javax.security.auth.login.LoginContext;
@@ -40,6 +47,10 @@ import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
 import org.ietf.jgss.MessageProp;
 import org.ietf.jgss.Oid;
+import sun.security.jgss.krb5.Krb5Util;
+import sun.security.krb5.Credentials;
+import sun.security.krb5.internal.ccache.CredentialsCache;
 import com.sun.security.jgss.ExtendedGSSContext;
 import com.sun.security.jgss.InquireType;
 import com.sun.security.jgss.AuthorizationDataEntry;
@@ -154,24 +165,36 @@ public class Context {
        Map<String, String> map = new HashMap<>();
        Map<String, Object> shared = new HashMap<>();
+        if (storeKey) {
+            map.put("storeKey", "true");
+        }
        if (pass != null) {
-            map.put("useFirstPass", "true");
+            krb5.initialize(out.s, new CallbackHandler() {
-            shared.put("javax.security.auth.login.name", user);
+                @Override
-            shared.put("javax.security.auth.login.password", pass);
+                public void handle(Callback[] callbacks)
+                        throws IOException, UnsupportedCallbackException {
+                    for (Callback cb: callbacks) {
+                        if (cb instanceof NameCallback) {
+                            ((NameCallback)cb).setName(user);
+                        } else if (cb instanceof PasswordCallback) {
+                            ((PasswordCallback)cb).setPassword(pass);
+                        }
+                    }
+                }
+            }, shared, map);
        } else {
            map.put("doNotPrompt", "true");
            map.put("useTicketCache", "true");
            if (user != null) {
                map.put("principal", user);
            }
-        }
+            krb5.initialize(out.s, null, shared, map);
-        if (storeKey) {
-            map.put("storeKey", "true");
        }
-        krb5.initialize(out.s, null, shared, map);
        krb5.login();
        krb5.commit();
        return out;
    }
@@ -529,9 +552,23 @@ public class Context {
     * @param s2 the receiver
     * @throws java.lang.Exception If anything goes wrong
     */
-    static public void transmit(final String message, final Context s1,
+    static public void transmit(String message, final Context s1,
+                                final Context s2) throws Exception {
+        transmit(message.getBytes(), s1, s2);
+    }
+    /**
+     * Transmits a message from one Context to another. The sender wraps the
+     * message and sends it to the receiver. The receiver unwraps it, creates
+     * a MIC of the clear text and sends it back to the sender. The sender
+     * verifies the MIC against the message sent earlier.
+     * @param messageBytes the message
+     * @param s1 the sender
+     * @param s2 the receiver
+     * @throws java.lang.Exception If anything goes wrong
+     */
+    static public void transmit(byte[] messageBytes, final Context s1,
            final Context s2) throws Exception {
-        final byte[] messageBytes = message.getBytes();
        System.out.printf("-------------------- TRANSMIT from %s to %s------------------------\n",
                s1.name, s2.name);
        byte[] wrapped = s1.wrap(messageBytes, true);
@@ -615,6 +652,32 @@ public class Context {
        }, in);
    }
+    /**
+     * Saves the tickets to a ccache file.
+     *
+     * @param file pathname of the ccache file
+     * @return true if created, false otherwise.
+     */
+    public boolean ccache(String file) throws Exception {
+        Set<KerberosTicket> tickets
+                = s.getPrivateCredentials(KerberosTicket.class);
+        if (tickets != null && !tickets.isEmpty()) {
+            CredentialsCache cc = null;
+            for (KerberosTicket t : tickets) {
+                Credentials cred = Krb5Util.ticketToCreds(t);
+                if (cc == null) {
+                    cc = CredentialsCache.create(cred.getClient(), file);
+                }
+                cc.update(cred.toCCacheCreds());
+            }
+            if (cc != null) {
+                cc.save();
+                return true;
+            }
+        }
+        return false;
+    }
    /**
     * Handshake (security context establishment process) between two Contexts
     * @param c the initiator

--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java