Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/com/sun/security/sasl/gsskerb/AuthOnly.java
38867 views
/*1* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 463489226* @summary Ensure authentication via GSS-API/Kerberos v5 works.27* @ignore see runwjaas.csh for instructions for how to run this test28*/29/*30* Can set logging to FINEST to view exchange.31*/32import javax.security.sasl.*;33import javax.security.auth.callback.*;34import java.security.*;35import javax.security.auth.Subject;36import javax.security.auth.login.*;37import com.sun.security.auth.callback.*;38import java.util.HashMap;3940public class AuthOnly {41private static final String MECH = "GSSAPI";42private static final String SERVER_FQDN = "machineX.imc.org";43private static final String PROTOCOL = "sample";4445private static String namesfile, proxyfile;46private static final byte[] EMPTY = new byte[0];47private static boolean auto;48private static boolean verbose = false;4950public static void main(String[] args) throws Exception {51if (args.length == 0) {52namesfile = null;53auto = true;54} else {55int i = 0;56if (args[i].equals("-m")) {57i++;58auto = false;59}60if (args.length > i) {61namesfile = args[i++];62if (args.length > i) {63proxyfile = args[i];64}65} else {66namesfile = null;67}68}6970CallbackHandler clntCbh = null;71final CallbackHandler srvCbh = new PropertiesFileCallbackHandler(72null, namesfile, proxyfile);7374Subject clntSubj = doLogin("client");75Subject srvSubj = doLogin("server");76final HashMap clntprops = new HashMap();77final HashMap srvprops = new HashMap();7879clntprops.put(Sasl.QOP, "auth");80srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf");8182final SaslClient clnt = (SaslClient)83Subject.doAs(clntSubj, new PrivilegedExceptionAction() {84public Object run() throws Exception {85return Sasl.createSaslClient(86new String[]{MECH}, null, PROTOCOL, SERVER_FQDN,87clntprops, null);88}89});9091if (verbose) {92System.out.println(clntSubj);93System.out.println(srvSubj);94}95final SaslServer srv = (SaslServer)96Subject.doAs(srvSubj, new PrivilegedExceptionAction() {97public Object run() throws Exception {98return Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN,99srvprops, srvCbh);100}101});102103104if (clnt == null) {105throw new IllegalStateException(106"Unable to find client impl for " + MECH);107}108if (srv == null) {109throw new IllegalStateException(110"Unable to find server impl for " + MECH);111}112113byte[] response;114byte[] challenge;115116response = (byte[]) Subject.doAs(clntSubj,117new PrivilegedExceptionAction() {118public Object run() throws Exception {119return (clnt.hasInitialResponse()? clnt.evaluateChallenge(EMPTY) : EMPTY);120}});121122while (!clnt.isComplete() || !srv.isComplete()) {123final byte[] responseCopy = response;124challenge = (byte[]) Subject.doAs(srvSubj,125new PrivilegedExceptionAction() {126public Object run() throws Exception {127return srv.evaluateResponse(responseCopy);128}});129130if (challenge != null) {131final byte[] challengeCopy = challenge;132response = (byte[]) Subject.doAs(clntSubj,133new PrivilegedExceptionAction() {134public Object run() throws Exception {135return clnt.evaluateChallenge(challengeCopy);136}});137}138}139140if (clnt.isComplete() && srv.isComplete()) {141if (verbose) {142System.out.println("SUCCESS");143System.out.println("authzid is " + srv.getAuthorizationID());144}145} else {146throw new IllegalStateException("FAILURE: mismatched state:" +147" client complete? " + clnt.isComplete() +148" server complete? " + srv.isComplete());149}150}151152private static Subject doLogin(String msg) throws LoginException {153LoginContext lc = null;154if (verbose) {155System.out.println(msg);156}157try {158lc = new LoginContext(msg, new TextCallbackHandler());159160// Attempt authentication161// You might want to do this in a "for" loop to give162// user more than one chance to enter correct username/password163lc.login();164165} catch (LoginException le) {166throw le;167}168return lc.getSubject();169}170}171172173