/hg/icedtea6: 6706974: Add krb5 test infrastructure
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Jan 10 02:38:45 PST 2012
changeset f3e9a1730116 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=f3e9a1730116
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Jan 10 10:38:33 2012 +0000
6706974: Add krb5 test infrastructure
2012-01-10 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add new patch.
* NEWS: Mention backport.
* patches/openjdk/6706974-krb5_test_infrastructure.patch: Add
Kerberos 5 test infrastructure so the test in the 6851973
backport works.
diffstat:
ChangeLog | 10 +-
Makefile.am | 3 +-
NEWS | 3 +
patches/openjdk/6706974-krb5_test_infrastructure.patch | 2081 ++++++++++++++++
4 files changed, 2095 insertions(+), 2 deletions(-)
diffs (truncated from 2144 to 500 lines):
diff -r 283c180aa38a -r f3e9a1730116 ChangeLog
--- a/ChangeLog Fri Jan 06 16:40:02 2012 -0500
+++ b/ChangeLog Tue Jan 10 10:38:33 2012 +0000
@@ -1,3 +1,11 @@
+2012-01-10 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add new patch.
+ * NEWS: Mention backport.
+ * patches/openjdk/6706974-krb5_test_infrastructure.patch:
+ Add Kerberos 5 test infrastructure so the test in
+ the 6851973 backport works.
+
2012-01-06 Omair Majid <omajid at redhat.com>
* NEWS: Add 1.12 section
@@ -13,7 +21,7 @@
to be substitued during configure
* policytool.desktop: removed, replaced by policytool.desktop.in
* policytool.desktop.in: new file, stub for desktop file, have variable
- to be substituted during configure
+ to be substituted during configure
2012-01-06 Andrew John Hughes <ahughes at redhat.com>
diff -r 283c180aa38a -r f3e9a1730116 Makefile.am
--- a/Makefile.am Fri Jan 06 16:40:02 2012 -0500
+++ b/Makefile.am Tue Jan 10 10:38:33 2012 +0000
@@ -403,7 +403,8 @@
patches/openjdk/7102369-7094468-rmiregistry.patch \
patches/openjdk/6851973-kerberos.patch \
patches/openjdk/7091528-javadoc_class_files.patch \
- patches/openjdk/7103725-ssl_beast_regression.patch
+ patches/openjdk/7103725-ssl_beast_regression.patch \
+ patches/openjdk/6706974-krb5_test_infrastructure.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r 283c180aa38a -r f3e9a1730116 NEWS
--- a/NEWS Fri Jan 06 16:40:02 2012 -0500
+++ b/NEWS Tue Jan 10 10:38:33 2012 +0000
@@ -12,6 +12,9 @@
New in release 1.12 (2012-XX-XX):
+* Backports
+ - 6706974: Add krb5 test infrastructure
+
New in release 1.11 (2012-XX-XX):
* Use HotSpot 20 as the default virtual machine.
diff -r 283c180aa38a -r f3e9a1730116 patches/openjdk/6706974-krb5_test_infrastructure.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/6706974-krb5_test_infrastructure.patch Tue Jan 10 10:38:33 2012 +0000
@@ -0,0 +1,2090 @@
+# HG changeset patch
+# User weijun
+# Date 1224219720 -28800
+# Node ID 3f051f3ba5bba355ddd6df6d0cb1528aef631a2d
+# Parent 8b2d7e577d4a89fab8a892623cb4dff4e6fca0a6
+6706974: Add krb5 test infrastructure
+Reviewed-by: valeriep
+
+diff -r 8b2d7e577d4a -r 3f051f3ba5bb test/sun/security/krb5/auto/Action.java
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ openjdk/jdk/test/sun/security/krb5/auto/Action.java Fri Oct 17 13:02:00 2008 +0800
+@@ -0,0 +1,33 @@
++/*
++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
++ * CA 95054 USA or visit www.sun.com if you need additional information or
++ * have any questions.
++ */
++
++/**
++ * Action used in Context.doAs
++ */
++public interface Action {
++ /**
++ * This method always reads a byte block and emits another one
++ */
++ byte[] run(Context s, byte[] input) throws Exception;
++}
++
+diff -r 8b2d7e577d4a -r 3f051f3ba5bb test/sun/security/krb5/auto/BasicKrb5Test.java
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ openjdk/jdk/test/sun/security/krb5/auto/BasicKrb5Test.java Fri Oct 17 13:02:00 2008 +0800
+@@ -0,0 +1,111 @@
++/*
++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
++ * CA 95054 USA or visit www.sun.com if you need additional information or
++ * have any questions.
++ */
++
++/*
++ * @test
++ * @bug 6706974
++ * @summary Add krb5 test infrastructure
++ */
++
++import org.ietf.jgss.GSSName;
++import sun.security.jgss.GSSUtil;
++import sun.security.krb5.Config;
++import sun.security.krb5.internal.crypto.EType;
++
++/**
++ * Basic JGSS/krb5 test with 3 parties: client, server, backend server. Each
++ * party uses JAAS login to get subjects and executes JGSS calls using
++ * Subject.doAs.
++ */
++public class BasicKrb5Test {
++
++ /**
++ * @param args empty or etype
++ */
++ public static void main(String[] args)
++ throws Exception {
++
++ String etype = null;
++ if (args.length > 0) {
++ etype = args[0];
++ }
++ System.out.println("Testing etype " + etype);
++ if (etype != null && !EType.isSupported(Config.getInstance().getType(etype))) {
++ System.out.println("Not supported.");
++ System.exit(0);
++ }
++
++ // Creates and starts the KDC
++ new OneKDC(etype).writeJAASConf();
++ new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND);
++ }
++
++ void go(final String server, final String backend) throws Exception {
++ Context c, s, s2, b;
++ c = Context.fromJAAS("client");
++ s = Context.fromJAAS("server");
++ b = Context.fromJAAS("backend");
++
++ c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID);
++ c.x().requestCredDeleg(true);
++ s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
++
++ c.status();
++ s.status();
++
++ Context.handshake(c, s);
++ GSSName client = c.x().getSrcName();
++
++ c.status();
++ s.status();
++
++ Context.transmit("i say high --", c, s);
++ Context.transmit(" you say low", s, c);
++
++ s2 = s.delegated();
++ s.dispose();
++ s = null;
++
++ s2.startAsClient(backend, GSSUtil.GSS_KRB5_MECH_OID);
++ b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
++
++ s2.status();
++ b.status();
++
++ Context.handshake(s2, b);
++ GSSName client2 = b.x().getSrcName();
++
++ if (!client.equals(client2)) {
++ throw new Exception("Delegation failed");
++ }
++
++ s2.status();
++ b.status();
++
++ Context.transmit("you say hello --", s2, b);
++ Context.transmit(" i say goodbye", b, s2);
++
++ s2.dispose();
++ b.dispose();
++ }
++}
+diff -r 8b2d7e577d4a -r 3f051f3ba5bb test/sun/security/krb5/auto/CleanState.java
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ openjdk/jdk/test/sun/security/krb5/auto/CleanState.java Fri Oct 17 13:02:00 2008 +0800
+@@ -0,0 +1,75 @@
++/*
++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
++ * CA 95054 USA or visit www.sun.com if you need additional information or
++ * have any questions.
++ */
++
++/*
++ * @test
++ * @bug 6716534
++ * @summary Krb5LoginModule has not cleaned temp info between authentication attempts
++ */
++import com.sun.security.auth.module.Krb5LoginModule;
++import java.util.HashMap;
++import java.util.Map;
++import javax.security.auth.Subject;
++import javax.security.auth.callback.Callback;
++import javax.security.auth.callback.CallbackHandler;
++import javax.security.auth.callback.NameCallback;
++import javax.security.auth.callback.PasswordCallback;
++
++public class CleanState {
++ public static void main(String[] args) throws Exception {
++ CleanState x = new CleanState();
++ new OneKDC(null);
++ x.go();
++ }
++
++ void go() throws Exception {
++ Krb5LoginModule krb5 = new Krb5LoginModule();
++
++ final String name = OneKDC.USER;
++ final char[] password = OneKDC.PASS;
++ char[] badpassword = "hellokitty".toCharArray();
++
++ Map<String,String> map = new HashMap<String,String>();
++ map.put("useTicketCache", "false");
++ map.put("doNotPrompt", "false");
++ map.put("tryFirstPass", "true");
++ Map<String,Object> shared = new HashMap<String,Object>();
++ shared.put("javax.security.auth.login.name", name);
++ shared.put("javax.security.auth.login.password", badpassword);
++
++ krb5.initialize(new Subject(), new CallbackHandler() {
++ @Override
++ public void handle(Callback[] callbacks) {
++ for(Callback callback: callbacks) {
++ if (callback instanceof NameCallback) {
++ ((NameCallback)callback).setName(name);
++ }
++ if (callback instanceof PasswordCallback) {
++ ((PasswordCallback)callback).setPassword(password);
++ }
++ }
++ }
++ }, shared, map);
++ krb5.login();
++ }
++}
+diff -r 8b2d7e577d4a -r 3f051f3ba5bb test/sun/security/krb5/auto/Context.java
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ openjdk/jdk/test/sun/security/krb5/auto/Context.java Fri Oct 17 13:02:00 2008 +0800
+@@ -0,0 +1,386 @@
++/*
++ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
++ * CA 95054 USA or visit www.sun.com if you need additional information or
++ * have any questions.
++ */
++
++import com.sun.security.auth.module.Krb5LoginModule;
++import java.security.PrivilegedActionException;
++import java.security.PrivilegedExceptionAction;
++import java.util.Arrays;
++import java.util.HashMap;
++import java.util.Map;
++import javax.security.auth.Subject;
++import javax.security.auth.kerberos.KerberosKey;
++import javax.security.auth.kerberos.KerberosTicket;
++import javax.security.auth.login.LoginContext;
++import org.ietf.jgss.GSSContext;
++import org.ietf.jgss.GSSCredential;
++import org.ietf.jgss.GSSException;
++import org.ietf.jgss.GSSManager;
++import org.ietf.jgss.GSSName;
++import org.ietf.jgss.MessageProp;
++import org.ietf.jgss.Oid;
++
++/**
++ * Context of a JGSS subject, encapsulating Subject and GSSContext.
++ *
++ * Three "constructors", which acquire the (private) credentials and fill
++ * it into the Subject:
++ *
++ * 1. static fromJAAS(): Creates a Context using a JAAS login config entry
++ * 2. static fromUserPass(): Creates a Context using a username and a password
++ * 3. delegated(): A new context which uses the delegated credentials from a
++ * previously established acceptor Context
++ *
++ * Two context initiators, which create the GSSContext object inside:
++ *
++ * 1. startAsClient()
++ * 2. startAsServer()
++ *
++ * Privileged action:
++ * doAs(): Performs an action in the name of the Subject
++ *
++ * Handshake process:
++ * static handShake(initiator, acceptor)
++ *
++ * A four-phase typical data communication which includes all four GSS
++ * actions (wrap, unwrap, getMic and veryfyMiC):
++ * static transmit(message, from, to)
++ */
++public class Context {
++
++ private Subject s;
++ private GSSContext x;
++ private boolean f; // context established?
++ private String name;
++ private GSSCredential cred; // see static method delegated().
++
++ private Context() {}
++
++ /**
++ * Using the delegated credentials from a previous acceptor
++ * @param c
++ */
++ public Context delegated() throws Exception {
++ Context out = new Context();
++ out.s = s;
++ out.cred = x.getDelegCred();
++ out.name = name + " as " + out.cred.getName().toString();
++ return out;
++ }
++
++ /**
++ * Logins with a JAAS login config entry name
++ */
++ public static Context fromJAAS(final String name) throws Exception {
++ Context out = new Context();
++ out.name = name;
++ LoginContext lc = new LoginContext(name);
++ lc.login();
++ out.s = lc.getSubject();
++ return out;
++ }
++
++ /**
++ * Logins with a username and a password, using Krb5LoginModule directly
++ * @param storeKey true if key should be saved, used on acceptor side
++ */
++ public static Context fromUserPass(String user, char[] pass, boolean storeKey) throws Exception {
++ Context out = new Context();
++ out.name = user;
++ out.s = new Subject();
++ Krb5LoginModule krb5 = new Krb5LoginModule();
++ Map<String, String> map = new HashMap<String, String>();
++ map.put("tryFirstPass", "true");
++ if (storeKey) {
++ map.put("storeKey", "true");
++ }
++ Map<String, Object> shared = new HashMap<String, Object>();
++ shared.put("javax.security.auth.login.name", user);
++ shared.put("javax.security.auth.login.password", pass);
++
++ krb5.initialize(out.s, null, shared, map);
++ krb5.login();
++ krb5.commit();
++ return out;
++ }
++
++ /**
++ * Starts as a client
++ * @param target communication peer
++ * @param mech GSS mech
++ * @throws java.lang.Exception
++ */
++ public void startAsClient(final String target, final Oid mech) throws Exception {
++ doAs(new Action() {
++ @Override
++ public byte[] run(Context me, byte[] dummy) throws Exception {
++ GSSManager m = GSSManager.getInstance();
++ me.x = m.createContext(
++ target.indexOf('@') < 0 ?
++ m.createName(target, null) :
++ m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
++ mech,
++ cred,
++ GSSContext.DEFAULT_LIFETIME);
++ return null;
++ }
++ }, null);
++ f = false;
++ }
++
++ /**
++ * Starts as a server
++ * @param mech GSS mech
++ * @throws java.lang.Exception
++ */
++ public void startAsServer(final Oid mech) throws Exception {
++ doAs(new Action() {
++ @Override
++ public byte[] run(Context me, byte[] dummy) throws Exception {
++ GSSManager m = GSSManager.getInstance();
++ me.x = m.createContext(m.createCredential(
++ null,
++ GSSCredential.INDEFINITE_LIFETIME,
++ mech,
++ GSSCredential.ACCEPT_ONLY));
++ return null;
++ }
++ }, null);
++ f = false;
++ }
++
++ /**
++ * Accesses the internal GSSContext object. Currently it's used for --
++ *
++ * 1. calling requestXXX() before handshake
++ * 2. accessing source name
++ *
++ * Note: If the application needs to do any privileged call on this
++ * object, please use doAs(). Otherwise, it can be done directly. The
++ * methods listed above are all non-privileged calls.
++ *
++ * @return the GSSContext object
++ */
++ public GSSContext x() {
++ return x;
++ }
++
++ /**
++ * Disposes the GSSContext within
++ * @throws org.ietf.jgss.GSSException
++ */
++ public void dispose() throws GSSException {
++ x.dispose();
++ }
++
++ /**
++ * Does something using the Subject inside
++ * @param action the action
++ * @param in the input byte
++ * @return the output byte
++ * @throws java.lang.Exception
++ */
++ public byte[] doAs(final Action action, final byte[] in) throws Exception {
++ try {
More information about the distro-pkg-dev
mailing list