2009-11-12 23:00:23 +00:00
|
|
|
/*
|
2010-05-25 15:58:33 -07:00
|
|
|
* Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
|
2009-11-12 23:00:23 +00:00
|
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
|
*
|
|
|
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
|
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
|
|
* accompanied this code).
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License version
|
|
|
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
*
|
2010-05-25 15:58:33 -07:00
|
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
|
|
|
* questions.
|
2009-11-12 23:00:23 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* @test
|
2010-01-05 10:40:44 +08:00
|
|
|
* @bug 6894643 6913636
|
2009-11-12 23:00:23 +00:00
|
|
|
* @summary Test JSSE Kerberos ciphersuite
|
2010-06-24 14:26:35 +08:00
|
|
|
* @run main SSL TLS_KRB5_WITH_RC4_128_SHA
|
|
|
|
|
* @run main SSL TLS_KRB5_WITH_RC4_128_MD5
|
|
|
|
|
* @run main SSL TLS_KRB5_WITH_3DES_EDE_CBC_SHA
|
|
|
|
|
* @run main SSL TLS_KRB5_WITH_3DES_EDE_CBC_MD5
|
|
|
|
|
* @run main SSL TLS_KRB5_WITH_DES_CBC_SHA
|
|
|
|
|
* @run main SSL TLS_KRB5_WITH_DES_CBC_MD5
|
|
|
|
|
* @run main SSL TLS_KRB5_EXPORT_WITH_RC4_40_SHA
|
|
|
|
|
* @run main SSL TLS_KRB5_EXPORT_WITH_RC4_40_MD5
|
|
|
|
|
* @run main SSL TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
|
|
|
|
|
* @run main SSL TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
|
2009-11-12 23:00:23 +00:00
|
|
|
*/
|
|
|
|
|
import java.io.*;
|
|
|
|
|
import java.net.InetAddress;
|
|
|
|
|
import javax.net.ssl.*;
|
|
|
|
|
import java.security.Principal;
|
|
|
|
|
import java.util.Date;
|
|
|
|
|
import sun.security.jgss.GSSUtil;
|
2010-01-05 10:40:44 +08:00
|
|
|
import sun.security.krb5.PrincipalName;
|
|
|
|
|
import sun.security.krb5.internal.ktab.KeyTab;
|
2009-11-12 23:00:23 +00:00
|
|
|
|
|
|
|
|
public class SSL {
|
|
|
|
|
|
2010-06-24 14:26:35 +08:00
|
|
|
private static String krb5Cipher;
|
2009-11-12 23:00:23 +00:00
|
|
|
private static final int LOOP_LIMIT = 1;
|
|
|
|
|
private static int loopCount = 0;
|
2009-12-03 21:30:27 +00:00
|
|
|
private static volatile String server;
|
|
|
|
|
private static volatile int port;
|
2009-11-12 23:00:23 +00:00
|
|
|
|
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
|
|
|
|
2010-06-24 14:26:35 +08:00
|
|
|
krb5Cipher = args[0];
|
|
|
|
|
|
2009-11-12 23:00:23 +00:00
|
|
|
KDC kdc = KDC.create(OneKDC.REALM);
|
|
|
|
|
// Run this after KDC, so our own DNS service can be started
|
|
|
|
|
try {
|
2009-12-03 21:30:27 +00:00
|
|
|
server = InetAddress.getLocalHost().getHostName().toLowerCase();
|
2009-11-12 23:00:23 +00:00
|
|
|
} catch (java.net.UnknownHostException e) {
|
2009-12-03 21:30:27 +00:00
|
|
|
server = "localhost";
|
2009-11-12 23:00:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
|
|
|
|
|
kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
|
|
|
|
|
KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
|
|
|
|
|
System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
|
|
|
|
|
|
2010-01-05 10:40:44 +08:00
|
|
|
// Add 3 versions of keys into keytab
|
|
|
|
|
KeyTab ktab = KeyTab.create(OneKDC.KTAB);
|
|
|
|
|
PrincipalName service = new PrincipalName(
|
|
|
|
|
"host/" + server, PrincipalName.KRB_NT_SRV_HST);
|
2010-11-06 09:11:18 +08:00
|
|
|
ktab.addEntry(service, "pass1".toCharArray(), 1, true);
|
|
|
|
|
ktab.addEntry(service, "pass2".toCharArray(), 2, true);
|
|
|
|
|
ktab.addEntry(service, "pass3".toCharArray(), 3, true);
|
2010-01-05 10:40:44 +08:00
|
|
|
ktab.save();
|
|
|
|
|
|
|
|
|
|
// and use the middle one as the real key
|
|
|
|
|
kdc.addPrincipal("host/" + server, "pass2".toCharArray());
|
|
|
|
|
|
|
|
|
|
// JAAS config entry name ssl
|
|
|
|
|
System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
|
|
|
|
|
File f = new File(OneKDC.JAAS_CONF);
|
|
|
|
|
FileOutputStream fos = new FileOutputStream(f);
|
|
|
|
|
fos.write((
|
|
|
|
|
"ssl {\n" +
|
|
|
|
|
" com.sun.security.auth.module.Krb5LoginModule required\n" +
|
|
|
|
|
" principal=\"host/" + server + "\"\n" +
|
|
|
|
|
" useKeyTab=true\n" +
|
|
|
|
|
" keyTab=" + OneKDC.KTAB + "\n" +
|
|
|
|
|
" isInitiator=false\n" +
|
|
|
|
|
" storeKey=true;\n};\n"
|
|
|
|
|
).getBytes());
|
|
|
|
|
fos.close();
|
|
|
|
|
f.deleteOnExit();
|
|
|
|
|
|
2009-11-12 23:00:23 +00:00
|
|
|
final Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
|
2010-01-05 10:40:44 +08:00
|
|
|
final Context s = Context.fromJAAS("ssl");
|
2009-11-12 23:00:23 +00:00
|
|
|
|
2009-12-03 21:30:27 +00:00
|
|
|
c.startAsClient("host/" + server, GSSUtil.GSS_KRB5_MECH_OID);
|
2009-11-12 23:00:23 +00:00
|
|
|
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
|
|
|
|
|
|
|
|
|
|
new Thread(new Runnable() {
|
|
|
|
|
public void run() {
|
|
|
|
|
try {
|
|
|
|
|
s.doAs(new JsseServerAction(), null);
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
e.printStackTrace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}).start();
|
|
|
|
|
|
|
|
|
|
// Warm the server
|
|
|
|
|
Thread.sleep(2000);
|
|
|
|
|
|
|
|
|
|
c.doAs(new JsseClientAction(), null);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Following codes copied from
|
|
|
|
|
// http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part2.html#JSSE
|
|
|
|
|
private static class JsseClientAction implements Action {
|
|
|
|
|
public byte[] run(Context s, byte[] input) throws Exception {
|
|
|
|
|
SSLSocketFactory sslsf =
|
|
|
|
|
(SSLSocketFactory) SSLSocketFactory.getDefault();
|
2009-12-03 21:30:27 +00:00
|
|
|
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(server, port);
|
2009-11-12 23:00:23 +00:00
|
|
|
|
|
|
|
|
// Enable only a KRB5 cipher suite.
|
2010-06-24 14:26:35 +08:00
|
|
|
String enabledSuites[] = {krb5Cipher};
|
2009-11-12 23:00:23 +00:00
|
|
|
sslSocket.setEnabledCipherSuites(enabledSuites);
|
|
|
|
|
// Should check for exception if enabledSuites is not supported
|
|
|
|
|
|
|
|
|
|
BufferedReader in = new BufferedReader(new InputStreamReader(
|
|
|
|
|
sslSocket.getInputStream()));
|
|
|
|
|
BufferedWriter out = new BufferedWriter(new OutputStreamWriter(
|
|
|
|
|
sslSocket.getOutputStream()));
|
|
|
|
|
|
|
|
|
|
String outStr = "Hello There!\n";
|
|
|
|
|
out.write(outStr);
|
|
|
|
|
out.flush();
|
|
|
|
|
System.out.print("Sending " + outStr);
|
|
|
|
|
|
|
|
|
|
String inStr = in.readLine();
|
|
|
|
|
System.out.println("Received " + inStr);
|
|
|
|
|
|
|
|
|
|
String cipherSuiteChosen = sslSocket.getSession().getCipherSuite();
|
|
|
|
|
System.out.println("Cipher suite in use: " + cipherSuiteChosen);
|
|
|
|
|
Principal self = sslSocket.getSession().getLocalPrincipal();
|
|
|
|
|
System.out.println("I am: " + self.toString());
|
|
|
|
|
Principal peer = sslSocket.getSession().getPeerPrincipal();
|
|
|
|
|
System.out.println("Server is: " + peer.toString());
|
|
|
|
|
|
|
|
|
|
sslSocket.close();
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static class JsseServerAction implements Action {
|
|
|
|
|
public byte[] run(Context s, byte[] input) throws Exception {
|
|
|
|
|
SSLServerSocketFactory sslssf =
|
|
|
|
|
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
|
|
|
|
|
SSLServerSocket sslServerSocket =
|
2009-12-03 21:30:27 +00:00
|
|
|
(SSLServerSocket) sslssf.createServerSocket(0); // any port
|
|
|
|
|
port = sslServerSocket.getLocalPort();
|
2009-11-12 23:00:23 +00:00
|
|
|
|
|
|
|
|
// Enable only a KRB5 cipher suite.
|
2010-06-24 14:26:35 +08:00
|
|
|
String enabledSuites[] = {krb5Cipher};
|
2009-11-12 23:00:23 +00:00
|
|
|
sslServerSocket.setEnabledCipherSuites(enabledSuites);
|
|
|
|
|
// Should check for exception if enabledSuites is not supported
|
|
|
|
|
|
|
|
|
|
while (loopCount++ < LOOP_LIMIT) {
|
|
|
|
|
System.out.println("Waiting for incoming connection...");
|
|
|
|
|
|
|
|
|
|
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
|
|
|
|
|
|
|
|
|
|
System.out.println("Got connection from client "
|
|
|
|
|
+ sslSocket.getInetAddress());
|
|
|
|
|
|
|
|
|
|
BufferedReader in = new BufferedReader(new InputStreamReader(
|
|
|
|
|
sslSocket.getInputStream()));
|
|
|
|
|
BufferedWriter out = new BufferedWriter(new OutputStreamWriter(
|
|
|
|
|
sslSocket.getOutputStream()));
|
|
|
|
|
|
|
|
|
|
String inStr = in.readLine();
|
|
|
|
|
System.out.println("Received " + inStr);
|
|
|
|
|
|
|
|
|
|
String outStr = inStr + " " + new Date().toString() + "\n";
|
|
|
|
|
out.write(outStr);
|
|
|
|
|
System.out.println("Sending " + outStr);
|
|
|
|
|
out.flush();
|
|
|
|
|
|
|
|
|
|
String cipherSuiteChosen =
|
|
|
|
|
sslSocket.getSession().getCipherSuite();
|
|
|
|
|
System.out.println("Cipher suite in use: " + cipherSuiteChosen);
|
|
|
|
|
Principal self = sslSocket.getSession().getLocalPrincipal();
|
|
|
|
|
System.out.println("I am: " + self.toString());
|
|
|
|
|
Principal peer = sslSocket.getSession().getPeerPrincipal();
|
|
|
|
|
System.out.println("Client is: " + peer.toString());
|
|
|
|
|
|
|
|
|
|
sslSocket.close();
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
