RFR: 8337723: Remove redundant tests from com/sun/security/sasl/gsskerb [v3]
Rajan Halade
rhalade at openjdk.org
Fri Feb 7 20:25:19 UTC 2025
On Tue, 28 Jan 2025 19:25:07 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
>> There are 3 manual GSS-API/Kerberos tests that require a manual setup and were added to the problem list years ago:
>>
>> - com/sun/security/sasl/gsskerb/**AuthOnly**-> Verifies that both client and server have completed the authentication process.
>> - com/sun/security/sasl/gsskerb/**NoSecurityLayer** -> Attempts to use wrap and unwrap to demonstrate that these operations should not be allowed without a negotiated security layer.
>> - com/sun/security/sasl/gsskerb/**ConfSecurityLayer** -> Demonstrates the use of the security layer by wrapping and unwrapping messages on both client and server sides.
>>
>> These tests need manual setup of a KDC environment, service/user principals, keytabs, JAAS configuration, and script adjustments. All that is time consuming and error prone. These do not fail if configured properly.
>>
>> In contrast, the automated test sun/security/krb5/auto/**SaslBasic** already covers these scenarios and sets up the KDC with the necessary principals **automatically**, no manual setup is required. This class starts a simple KDC with one realm, several typical principal names, generates krb5.conf and keytab files, and setup a JAAS login config file.
>>
>> I've enhanced SaslBasic to include additional wrap/unwrap checks with and without a security layer. As a result, the 3 manual tests and their associated files are now redundand and can be removed, as they no longer provide additional value.
>
> Fernando Guallini has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains five commits:
>
> - Merge branch 'master' into 8337723
> - Merge branch 'master' into 8337723
> - refactoring
> - Merge branch 'master' into 8337723
> - remov gsskerb tests
test/jdk/sun/security/krb5/auto/SaslBasic.java line 118:
> 116:
> 117: if (!Arrays.equals(hello, token)) {
> 118: throw new Exception("Client message altered");
please update these final exceptions from test to `RuntimeException`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20464#discussion_r1947139288
More information about the security-dev
mailing list