RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test

Weijun Wang weijun.wang at oracle.com
Fri Sep 8 03:19:14 UTC 2017


Small update on http://cr.openjdk.java.net/~weijun/8186884/webrev.02. All files belong to a single Proc now have the same prefix so they appear together in file list.

Thanks
Max

> On Sep 7, 2017, at 8:39 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
> 
> Updated at
> 
>  http://cr.openjdk.java.net/~weijun/8186884/webrev.01/
> 
> Now the libraries can be more freely combined, so you can test interop between one native library and another one:
> 
>   jtreg -Dnative.krb5.libs=j=,n=,m=lib1.so,h=lib2.so BasicProc.java
> 
> 
> More comments inline below.
> 
>> On Sep 7, 2017, at 3:29 PM, Artem Smotrakov <artem.smotrakov at oracle.com> wrote:
>> 
>> Hi Max,
>> 
>> In general, looks fine to me. Below are a couple of comments you might want to address.
>> 
>> 1. BasicProc.java, it might be better to use named constants for parameters for once() method. That would make it easier to understand what each particular onse() call does
> 
> I am passing in label and library names now.
> 
>> 
>> 2. BasicProc.java, could you please add an exception message?
>> 
>> +                if (!Arrays.equals(msg, msg2)) {
>> +                    throw new Exception();
>> +                }
>> +                break;
> 
> Fixed.
> 
>> 
>> 3. BasicProc.java, should the test do some cleanup then?
>> 
>> +            Files.copy(Paths.get("ccache.base"), Paths.get("ccache." + label));
> 
> Nowadays I prefer to let jtreg do the cleanup/retain. In fact, I am able to find a KDC.java bug by saving the ccache, where the incoming service ticket is invalid and not saved into the ccache.
> 
> Thanks
> Max
> 
>> 
>> Artem
>> 
>> On 09/07/2017 03:07 AM, Weijun Wang wrote:
>>> Please take a review at
>>> 
>>>   http://cr.openjdk.java.net/~weijun/8186884/webrev.00/
>>> 
>>> BasicProc.java is enhanced to use a native JGSS provider, and KDC.java is enhanced to start (not use) a native KDC. For example, you would be able to test interop among Java JGSS, native JGSS (with MIT krb5) and Heimdal KDC with
>>> 
>>>    jtreg -Dnative.krb5.lib=/usr/local/krb5/lib/libgssapi_krb5.so \
>>>          -Dnative.kdc.path=/usr/local/heimdal \
>>>          test/sun/security/krb5/auto/BasicProc.java
>>> 
>>> Without those 2 new system properties, it behaves like before, i.e. Java GSS on the embedded KDC.
>>> 
>>> Another change in Context.java. Instead of using shared states to provide username and password when doing a krb5 login, a callback handler is used. This is considered more common. An extra permission is needed to read the default username (though I think this can coded as optional).
>>> 
>>> Thanks
>>> Max
>>> 
>> 
> 



More information about the security-dev mailing list