193 lines
8.3 KiB
Java
193 lines
8.3 KiB
Java
/*
|
|
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 8009977
|
|
* @summary A test library to launch multiple Java processes
|
|
* @library ../../../../java/security/testlibrary/
|
|
* @compile -XDignore.symbol.file BasicProc.java
|
|
* @run main/othervm BasicProc
|
|
*/
|
|
|
|
import java.io.File;
|
|
import org.ietf.jgss.Oid;
|
|
|
|
import javax.security.auth.PrivateCredentialPermission;
|
|
|
|
public class BasicProc {
|
|
|
|
static String CONF = "krb5.conf";
|
|
static String KTAB = "ktab";
|
|
public static void main(String[] args) throws Exception {
|
|
String HOST = "localhost";
|
|
String SERVER = "server/" + HOST;
|
|
String BACKEND = "backend/" + HOST;
|
|
String USER = "user";
|
|
char[] PASS = "password".toCharArray();
|
|
String REALM = "REALM";
|
|
|
|
Oid oid = new Oid("1.2.840.113554.1.2.2");
|
|
|
|
if (args.length == 0) {
|
|
System.setProperty("java.security.krb5.conf", CONF);
|
|
KDC kdc = KDC.create(REALM, HOST, 0, true);
|
|
kdc.addPrincipal(USER, PASS);
|
|
kdc.addPrincipalRandKey("krbtgt/" + REALM);
|
|
kdc.addPrincipalRandKey(SERVER);
|
|
kdc.addPrincipalRandKey(BACKEND);
|
|
|
|
String cwd = System.getProperty("user.dir");
|
|
kdc.writeKtab(KTAB);
|
|
KDC.saveConfig(CONF, kdc, "forwardable = true");
|
|
|
|
Proc pc = Proc.create("BasicProc")
|
|
.args("client")
|
|
.prop("java.security.krb5.conf", CONF)
|
|
.prop("java.security.manager", "")
|
|
.perm(new java.util.PropertyPermission(
|
|
"sun.security.krb5.principal", "read"))
|
|
.perm(new javax.security.auth.AuthPermission(
|
|
"modifyPrincipals"))
|
|
.perm(new javax.security.auth.AuthPermission(
|
|
"modifyPrivateCredentials"))
|
|
.perm(new javax.security.auth.AuthPermission("doAs"))
|
|
.perm(new javax.security.auth.kerberos.ServicePermission(
|
|
"krbtgt/" + REALM + "@" + REALM, "initiate"))
|
|
.perm(new javax.security.auth.kerberos.ServicePermission(
|
|
"server/localhost@" + REALM, "initiate"))
|
|
.perm(new javax.security.auth.kerberos.DelegationPermission(
|
|
"\"server/localhost@" + REALM + "\" " +
|
|
"\"krbtgt/" + REALM + "@" + REALM + "\""))
|
|
.debug("C")
|
|
.start();
|
|
Proc ps = Proc.create("BasicProc")
|
|
.args("server")
|
|
.prop("java.security.krb5.conf", CONF)
|
|
.prop("java.security.manager", "")
|
|
.perm(new java.util.PropertyPermission(
|
|
"sun.security.krb5.principal", "read"))
|
|
.perm(new javax.security.auth.AuthPermission(
|
|
"modifyPrincipals"))
|
|
.perm(new javax.security.auth.AuthPermission(
|
|
"modifyPrivateCredentials"))
|
|
.perm(new javax.security.auth.AuthPermission("doAs"))
|
|
.perm(new PrivateCredentialPermission(
|
|
"javax.security.auth.kerberos.KeyTab * \"*\"",
|
|
"read"))
|
|
.perm(new javax.security.auth.kerberos.ServicePermission(
|
|
"server/localhost@" + REALM, "accept"))
|
|
.perm(new java.io.FilePermission(
|
|
cwd + File.separator + KTAB, "read"))
|
|
.perm(new javax.security.auth.kerberos.ServicePermission(
|
|
"backend/localhost@" + REALM, "initiate"))
|
|
.debug("S")
|
|
.start();
|
|
Proc pb = Proc.create("BasicProc")
|
|
.args("backend")
|
|
.prop("java.security.krb5.conf", CONF)
|
|
.prop("java.security.manager", "")
|
|
.perm(new java.util.PropertyPermission(
|
|
"sun.security.krb5.principal", "read"))
|
|
.perm(new javax.security.auth.AuthPermission(
|
|
"modifyPrincipals"))
|
|
.perm(new javax.security.auth.AuthPermission(
|
|
"modifyPrivateCredentials"))
|
|
.perm(new javax.security.auth.AuthPermission("doAs"))
|
|
.perm(new PrivateCredentialPermission(
|
|
"javax.security.auth.kerberos.KeyTab * \"*\"",
|
|
"read"))
|
|
.perm(new javax.security.auth.kerberos.ServicePermission(
|
|
"backend/localhost@" + REALM, "accept"))
|
|
.perm(new java.io.FilePermission(
|
|
cwd + File.separator + KTAB, "read"))
|
|
.debug("B")
|
|
.start();
|
|
|
|
// Client and server handshake
|
|
String token = pc.readData();
|
|
ps.println(token);
|
|
token = ps.readData();
|
|
pc.println(token);
|
|
// Server and backend handshake
|
|
token = ps.readData();
|
|
pb.println(token);
|
|
token = pb.readData();
|
|
ps.println(token);
|
|
// wrap/unwrap/getMic/verifyMic and plain text
|
|
token = ps.readData();
|
|
pb.println(token);
|
|
token = pb.readData();
|
|
ps.println(token);
|
|
token = pb.readData();
|
|
ps.println(token);
|
|
|
|
if ((pc.waitFor() | ps.waitFor() | pb.waitFor()) != 0) {
|
|
throw new Exception();
|
|
}
|
|
} else if (args[0].equals("client")) {
|
|
Context c = Context.fromUserPass(USER, PASS, false);
|
|
c.startAsClient(SERVER, oid);
|
|
c.x().requestCredDeleg(true);
|
|
Proc.binOut(c.take(new byte[0]));
|
|
byte[] token = Proc.binIn();
|
|
c.take(token);
|
|
} else if (args[0].equals("server")) {
|
|
Context s = Context.fromUserKtab(SERVER, KTAB, true);
|
|
s.startAsServer(oid);
|
|
byte[] token = Proc.binIn();
|
|
token = s.take(token);
|
|
Proc.binOut(token);
|
|
Context s2 = s.delegated();
|
|
s2.startAsClient(BACKEND, oid);
|
|
Proc.binOut(s2.take(new byte[0]));
|
|
token = Proc.binIn();
|
|
s2.take(token);
|
|
byte[] msg = "Hello".getBytes();
|
|
Proc.binOut(s2.wrap(msg, true));
|
|
s2.verifyMic(Proc.binIn(), msg);
|
|
String in = Proc.textIn();
|
|
if (!in.equals("Hello")) {
|
|
throw new Exception();
|
|
}
|
|
} else if (args[0].equals("backend")) {
|
|
Context b = Context.fromUserKtab(BACKEND, KTAB, true);
|
|
b.startAsServer(oid);
|
|
byte[] token = Proc.binIn();
|
|
Proc.binOut(b.take(token));
|
|
byte[] msg = b.unwrap(Proc.binIn(), true);
|
|
Proc.binOut(b.getMic(msg));
|
|
Proc.textOut(new String(msg));
|
|
}
|
|
}
|
|
// create a native server
|
|
private static Proc ns(Proc p) throws Exception {
|
|
return p
|
|
.env("KRB5_CONFIG", CONF)
|
|
.env("KRB5_KTNAME", KTAB)
|
|
.prop("sun.security.jgss.native", "true")
|
|
.prop("javax.security.auth.useSubjectCredsOnly", "false")
|
|
.prop("sun.security.nativegss.debug", "true");
|
|
}
|
|
}
|