From a112c8541fa7eaeac87404660c5e27b41833c083 Mon Sep 17 00:00:00 2001 From: weijun Date: Wed, 9 Apr 2014 17:08:37 +0800 Subject: [PATCH] 8039132: cleanup @ignore JAAS/krb5 tests Reviewed-by: xuelei --- .../krb5/auto/AddressesAndNameType.java | 85 +++++++++++++++++++ test/sun/security/krb5/auto/UdpTcp.java | 65 ++++++++++++++ .../krb5/etype/UnsupportedKeyType.java | 77 +++++++++++++++++ 3 files changed, 227 insertions(+) create mode 100644 test/sun/security/krb5/auto/AddressesAndNameType.java create mode 100644 test/sun/security/krb5/auto/UdpTcp.java create mode 100644 test/sun/security/krb5/etype/UnsupportedKeyType.java diff --git a/test/sun/security/krb5/auto/AddressesAndNameType.java b/test/sun/security/krb5/auto/AddressesAndNameType.java new file mode 100644 index 000000000..de0dc8949 --- /dev/null +++ b/test/sun/security/krb5/auto/AddressesAndNameType.java @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 4501327 4868379 8039132 + * @run main/othervm AddressesAndNameType 1 + * @run main/othervm AddressesAndNameType 2 + * @run main/othervm AddressesAndNameType 3 + * @summary noaddresses settings and server name type + */ + +import java.net.InetAddress; +import java.util.Set; +import sun.security.krb5.Config; + +import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.kerberos.KerberosTicket; + +public class AddressesAndNameType { + + public static void main(String[] args) + throws Exception { + + OneKDC kdc = new OneKDC(null); + kdc.writeJAASConf(); + + String extraLine; + switch (args[0]) { + case "1": extraLine = "noaddresses = false"; break; + case "2": extraLine = "noaddresses = true"; break; + default: extraLine = ""; break; + } + + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + extraLine); + Config.refresh(); + + Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); + Set tickets = + c.s().getPrivateCredentials(KerberosTicket.class); + + if (tickets.isEmpty()) throw new Exception(); + KerberosTicket ticket = tickets.iterator().next(); + InetAddress[] addresses = ticket.getClientAddresses(); + + switch (args[0]) { + case "1": + if (addresses == null || addresses.length == 0) { + throw new Exception("No addresses"); + } + if (ticket.getServer().getNameType() + != KerberosPrincipal.KRB_NT_SRV_INST) { + throw new Exception( + "Wrong type: " + ticket.getServer().getNameType()); + } + break; + default: + if (addresses != null && addresses.length != 0) { + throw new Exception("See addresses"); + } + break; + } + } +} diff --git a/test/sun/security/krb5/auto/UdpTcp.java b/test/sun/security/krb5/auto/UdpTcp.java new file mode 100644 index 000000000..e66f5d459 --- /dev/null +++ b/test/sun/security/krb5/auto/UdpTcp.java @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 4966382 8039132 + * @run main/othervm UdpTcp UDP + * @run main/othervm UdpTcp TCP + * @summary udp or tcp + */ + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import sun.security.krb5.Config; + +public class UdpTcp { + + public static void main(String[] args) + throws Exception { + + System.setProperty("sun.security.krb5.debug", "true"); + + OneKDC kdc = new OneKDC(null); + kdc.writeJAASConf(); + + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "udp_preference_limit = " + + (args[0].equals("UDP") ? "1000" : "100")); + Config.refresh(); + + ByteArrayOutputStream bo = new ByteArrayOutputStream(); + PrintStream oldout = System.out; + System.setOut(new PrintStream(bo)); + Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); + System.setOut(oldout); + + for (String line: new String(bo.toByteArray()).split("\n")) { + if (line.contains(">>> KDCCommunication")) { + if (!line.contains(args[0])) { + throw new Exception("No " + args[0] + " in: " + line); + } + } + } + } +} diff --git a/test/sun/security/krb5/etype/UnsupportedKeyType.java b/test/sun/security/krb5/etype/UnsupportedKeyType.java new file mode 100644 index 000000000..c54a73d95 --- /dev/null +++ b/test/sun/security/krb5/etype/UnsupportedKeyType.java @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 5006629 + * @summary Kerberos library should only select keys of types that it supports + */ + +import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.kerberos.KeyTab; +import java.io.File; +import java.nio.file.Files; +import java.nio.file.Paths; + +public class UnsupportedKeyType { + + // Homemade keytab files: + // + // String KVNO Timestamp Principal (etype) + // -------- ---- -------------- ----------------------- + // camellia 4 4/3/14 9:58 AM u1@K1 (25:camellia128-cts-cmac) + // aes 5 4/3/14 9:58 AM u1@K1 (17:aes128-cts-hmac-sha1-96) + + static String aes = + "050200000027000100024b310002753100000001533cc04f0500110010e0eab6" + + "7f31608df2b2f8fffc6b21cc91"; + static String camellia = + "050200000027000100024b310002753100000001533cc03e0400190010d88678" + + "14e478b6b7d2d97375163b971e"; + + public static void main(String[] args) throws Exception { + + byte[] data = new byte[aes.length()/2]; + KerberosPrincipal kp = new KerberosPrincipal("u1@K1"); + + // aes128 + for (int i=0; i