Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
b0fb56ef
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
b0fb56ef
编写于
6月 08, 2016
作者:
A
akosarev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8075299: Additional tests for krb5 settings
Summary: Additional tests for 6857795 Reviewed-by: weijun
上级
c6021af0
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
337 addition
and
0 deletion
+337
-0
test/ProblemList.txt
test/ProblemList.txt
+3
-0
test/sun/security/krb5/auto/KrbTicket.java
test/sun/security/krb5/auto/KrbTicket.java
+146
-0
test/sun/security/krb5/auto/tools/KinitConfPlusProps.java
test/sun/security/krb5/auto/tools/KinitConfPlusProps.java
+188
-0
未找到文件。
test/ProblemList.txt
浏览文件 @
b0fb56ef
...
...
@@ -237,6 +237,9 @@ sun/security/tools/keytool/standard.sh solaris-all
# 8026393
sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java generic-all
# 8158827
sun/security/krb5/auto/tools/KinitConfPlusProps.java windows-all
############################################################################
# jdk_sound
...
...
test/sun/security/krb5/auto/KrbTicket.java
0 → 100644
浏览文件 @
b0fb56ef
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.nio.file.Files
;
import
java.nio.file.Paths
;
import
java.time.Instant
;
import
java.util.Arrays
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.util.Set
;
import
javax.security.auth.RefreshFailedException
;
import
javax.security.auth.Subject
;
import
javax.security.auth.kerberos.KerberosTicket
;
import
javax.security.auth.login.LoginContext
;
/*
* @test
* @bug 6857795 8075299
* @summary Checks Kerberos ticket properties
* @run main/othervm KrbTicket
*/
public
class
KrbTicket
{
private
static
final
String
REALM
=
"TEST.REALM"
;
private
static
final
String
HOST
=
"localhost"
;
private
static
final
String
USER
=
"TESTER"
;
private
static
final
String
USER_PRINCIPAL
=
USER
+
"@"
+
REALM
;
private
static
final
String
PASSWORD
=
"password"
;
private
static
final
String
KRBTGT_PRINCIPAL
=
"krbtgt/"
+
REALM
;
private
static
final
String
KRB5_CONF_FILENAME
=
"krb5.conf"
;
private
static
final
String
JAAS_CONF
=
"jaas.conf"
;
private
static
final
long
TICKET_LIFTETIME
=
5
*
60
*
1000
;
// 5 mins
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// define principals
Map
<
String
,
String
>
principals
=
new
HashMap
<>();
principals
.
put
(
USER_PRINCIPAL
,
PASSWORD
);
principals
.
put
(
KRBTGT_PRINCIPAL
,
null
);
System
.
setProperty
(
"java.security.krb5.conf"
,
KRB5_CONF_FILENAME
);
// start a local KDC instance
KDC
kdc
=
KDC
.
startKDC
(
HOST
,
null
,
REALM
,
principals
,
null
,
null
);
KDC
.
saveConfig
(
KRB5_CONF_FILENAME
,
kdc
,
"forwardable = true"
,
"proxiable = true"
);
// create JAAS config
Files
.
write
(
Paths
.
get
(
JAAS_CONF
),
Arrays
.
asList
(
"Client {"
,
" com.sun.security.auth.module.Krb5LoginModule required;"
,
"};"
));
System
.
setProperty
(
"java.security.auth.login.config"
,
JAAS_CONF
);
System
.
setProperty
(
"javax.security.auth.useSubjectCredsOnly"
,
"false"
);
long
startTime
=
Instant
.
now
().
getEpochSecond
()
*
1000
;
LoginContext
lc
=
new
LoginContext
(
"Client"
,
new
Helper
.
UserPasswordHandler
(
USER
,
PASSWORD
));
lc
.
login
();
Subject
subject
=
lc
.
getSubject
();
System
.
out
.
println
(
"subject: "
+
subject
);
Set
creds
=
subject
.
getPrivateCredentials
(
KerberosTicket
.
class
);
if
(
creds
.
size
()
>
1
)
{
throw
new
RuntimeException
(
"Multiple credintials found"
);
}
Object
o
=
creds
.
iterator
().
next
();
if
(!(
o
instanceof
KerberosTicket
))
{
throw
new
RuntimeException
(
"Instance of KerberosTicket expected"
);
}
KerberosTicket
krbTkt
=
(
KerberosTicket
)
o
;
System
.
out
.
println
(
"forwardable = "
+
krbTkt
.
isForwardable
());
System
.
out
.
println
(
"proxiable = "
+
krbTkt
.
isProxiable
());
System
.
out
.
println
(
"renewable = "
+
krbTkt
.
isRenewable
());
System
.
out
.
println
(
"current = "
+
krbTkt
.
isCurrent
());
if
(!
krbTkt
.
isForwardable
())
{
throw
new
RuntimeException
(
"Forwardable ticket expected"
);
}
if
(!
krbTkt
.
isProxiable
())
{
throw
new
RuntimeException
(
"Proxiable ticket expected"
);
}
if
(!
krbTkt
.
isCurrent
())
{
throw
new
RuntimeException
(
"Ticket is not current"
);
}
if
(
krbTkt
.
isRenewable
())
{
throw
new
RuntimeException
(
"Not renewable ticket expected"
);
}
try
{
krbTkt
.
refresh
();
throw
new
RuntimeException
(
"Expected RefreshFailedException not thrown"
);
}
catch
(
RefreshFailedException
e
)
{
System
.
out
.
println
(
"Expected exception: "
+
e
);
}
if
(!
checkTime
(
krbTkt
,
startTime
))
{
throw
new
RuntimeException
(
"Wrong ticket life time"
);
}
krbTkt
.
destroy
();
if
(!
krbTkt
.
isDestroyed
())
{
throw
new
RuntimeException
(
"Ticket not destroyed"
);
}
System
.
out
.
println
(
"Test passed"
);
}
private
static
boolean
checkTime
(
KerberosTicket
krbTkt
,
long
startTime
)
{
long
ticketEndTime
=
krbTkt
.
getEndTime
().
getTime
();
long
roughLifeTime
=
ticketEndTime
-
startTime
;
System
.
out
.
println
(
"start time = "
+
startTime
);
System
.
out
.
println
(
"end time = "
+
ticketEndTime
);
System
.
out
.
println
(
"rough life time = "
+
roughLifeTime
);
return
roughLifeTime
>=
TICKET_LIFTETIME
;
}
}
test/sun/security/krb5/auto/tools/KinitConfPlusProps.java
0 → 100644
浏览文件 @
b0fb56ef
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.io.File
;
import
java.net.PortUnreachableException
;
import
java.util.HashMap
;
import
java.util.Map
;
import
jdk.testlibrary.ProcessTools
;
import
jdk.testlibrary.OutputAnalyzer
;
/*
* @test
* @bug 6857795 8075299
* @summary Checks if kinit uses both krb5 conf file and system properties
* @requires os.family == "windows"
* @library /lib/testlibrary
* @library /sun/security/krb5/auto
* @run main/othervm KinitConfPlusProps
*/
public
class
KinitConfPlusProps
{
private
static
final
String
KINIT
=
System
.
getProperty
(
"java.home"
)
+
File
.
separator
+
"bin"
+
File
.
separator
+
"kinit"
;
private
static
final
String
KLIST
=
System
.
getProperty
(
"java.home"
)
+
File
.
separator
+
"bin"
+
File
.
separator
+
"klist"
;
private
static
final
String
REALM
=
"REALM"
;
private
static
final
String
ANOTHER_REALM
=
"ANOTHER.REALM"
;
private
static
final
String
HOST
=
"localhost"
;
private
static
final
String
CC_FILENAME
=
"krb5cc_test"
;
private
static
final
String
USER
=
"TESTER"
;
private
static
final
String
USER_PRINCIPAL
=
USER
+
"@"
+
REALM
;
private
static
final
String
KRBTGT_PRINCIPAL
=
"krbtgt/"
+
REALM
;
private
static
final
String
KEYTAB_FILE
=
"test.keytab"
;
private
static
final
String
KRB5_CONF_FILENAME
=
"krb5.conf"
;
public
static
void
main
(
String
[]
args
)
throws
Exception
{
// define principals
Map
<
String
,
String
>
principals
=
new
HashMap
<>();
principals
.
put
(
USER_PRINCIPAL
,
null
);
principals
.
put
(
KRBTGT_PRINCIPAL
,
null
);
System
.
setProperty
(
"java.security.krb5.conf"
,
KRB5_CONF_FILENAME
);
// start a local KDC instance
KDC
kdc
=
KDC
.
startKDC
(
HOST
,
null
,
REALM
,
principals
,
KEYTAB_FILE
,
KDC
.
KtabMode
.
APPEND
);
KDC
.
saveConfig
(
KRB5_CONF_FILENAME
,
kdc
,
"forwardable = true"
,
"proxiable = true"
);
boolean
success
=
true
;
/*
* kinit should fail since java.security.krb5.kdc
* and java.security.krb5.realm properties override correct values
* in krb5 conf file
*/
String
[]
command
=
{
KINIT
,
"-k"
,
"-J-Djava.security.krb5.realm="
+
REALM
,
"-J-Djava.security.krb5.kdc="
+
HOST
,
// without port
"-J-Djava.security.krb5.conf="
+
KRB5_CONF_FILENAME
,
"-t"
,
KEYTAB_FILE
,
"-c"
,
CC_FILENAME
,
USER
};
try
{
OutputAnalyzer
out
=
ProcessTools
.
executeCommand
(
command
);
out
.
shouldHaveExitValue
(-
1
);
out
.
shouldContain
(
PortUnreachableException
.
class
.
getName
());
}
catch
(
Throwable
e
)
{
System
.
out
.
println
(
"Unexpected exception: "
+
e
);
e
.
printStackTrace
(
System
.
out
);
success
=
false
;
}
/*
* kinit should succeed
* since realm should be picked up from principal name
*/
command
=
new
String
[]
{
KINIT
,
"-k"
,
"-J-Djava.security.krb5.realm="
+
ANOTHER_REALM
,
"-J-Djava.security.krb5.kdc="
+
HOST
,
"-J-Djava.security.krb5.conf="
+
KRB5_CONF_FILENAME
,
"-t"
,
KEYTAB_FILE
,
"-c"
,
CC_FILENAME
,
USER_PRINCIPAL
};
try
{
OutputAnalyzer
out
=
ProcessTools
.
executeCommand
(
command
);
out
.
shouldHaveExitValue
(
0
);
out
.
shouldContain
(
CC_FILENAME
);
}
catch
(
Throwable
e
)
{
System
.
out
.
println
(
"Unexpected exception: "
+
e
);
e
.
printStackTrace
(
System
.
out
);
success
=
false
;
}
success
&=
checkTicketFlags
();
/*
* kinit should succeed
* since realm should be picked up from principal name,
* and other data should come from krb5 conf file
*/
command
=
new
String
[]
{
KINIT
,
"-k"
,
"-J-Djava.security.krb5.conf="
+
KRB5_CONF_FILENAME
,
"-t"
,
KEYTAB_FILE
,
"-c"
,
CC_FILENAME
,
USER_PRINCIPAL
};
try
{
OutputAnalyzer
out
=
ProcessTools
.
executeCommand
(
command
);
out
.
shouldHaveExitValue
(
0
);
out
.
shouldContain
(
CC_FILENAME
);
}
catch
(
Throwable
e
)
{
System
.
out
.
println
(
"Unexpected exception: "
+
e
);
e
.
printStackTrace
(
System
.
out
);
success
=
false
;
}
success
&=
checkTicketFlags
();
// kinit should succeed even if a principal name doesn't have realm
command
=
new
String
[]
{
KINIT
,
"-k"
,
"-J-Djava.security.krb5.conf="
+
KRB5_CONF_FILENAME
,
"-t"
,
KEYTAB_FILE
,
"-c"
,
CC_FILENAME
,
USER
};
try
{
OutputAnalyzer
out
=
ProcessTools
.
executeCommand
(
command
);
out
.
shouldHaveExitValue
(
0
);
out
.
shouldContain
(
CC_FILENAME
);
}
catch
(
Throwable
e
)
{
System
.
out
.
println
(
"Unexpected exception: "
+
e
);
e
.
printStackTrace
(
System
.
out
);
success
=
false
;
}
success
&=
checkTicketFlags
();
if
(!
success
)
{
throw
new
RuntimeException
(
"At least one test case failed"
);
}
System
.
out
.
println
(
"Test passed"
);
}
// check if a ticket has forwardable and proxiable flags
private
static
boolean
checkTicketFlags
()
{
String
[]
command
=
new
String
[]
{
KLIST
,
"-f"
,
"-c"
,
CC_FILENAME
};
try
{
OutputAnalyzer
out
=
ProcessTools
.
executeCommand
(
command
);
out
.
shouldHaveExitValue
(
0
);
out
.
shouldContain
(
"FORWARDABLE"
);
out
.
shouldContain
(
"PROXIABLE"
);
}
catch
(
Throwable
e
)
{
System
.
out
.
println
(
"Unexpected exception: "
+
e
);
e
.
printStackTrace
(
System
.
out
);
return
false
;
}
return
true
;
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录