Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/com/sun/security/sasl/gsskerb/NoSecurityLayer.java
38867 views
/*1* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 487355226* @summary GSS-API/krb5 SASL mechanism should throw IllegalStateException for auth-only2728* @ignore see run-nosec-wjaas.csh for instructions for how to run this test29*/30/*31* Can set logging to FINEST to view exchange.32*/33import javax.security.sasl.*;34import javax.security.auth.callback.*;35import java.security.*;36import javax.security.auth.Subject;37import javax.security.auth.login.*;38import com.sun.security.auth.callback.*;39import java.util.HashMap;4041public class NoSecurityLayer {42private static final String MECH = "GSSAPI";43private static final String SERVER_FQDN = "anti.imc.org";44private static final String PROTOCOL = "sample";4546private static String namesfile, proxyfile;47private static final byte[] EMPTY = new byte[0];48private static boolean auto;49private static boolean verbose = false;5051public static void main(String[] args) throws Exception {52if (args.length == 0) {53namesfile = null;54auto = true;55} else {56int i = 0;57if (args[i].equals("-m")) {58i++;59auto = false;60}61if (args.length > i) {62namesfile = args[i++];63if (args.length > i) {64proxyfile = args[i];65}66} else {67namesfile = null;68}69}7071CallbackHandler clntCbh = null;72final CallbackHandler srvCbh = new PropertiesFileCallbackHandler(73null, namesfile, proxyfile);7475Subject clntSubj = doLogin("client");76Subject srvSubj = doLogin("server");77final HashMap clntprops = new HashMap();78final HashMap srvprops = new HashMap();7980clntprops.put(Sasl.QOP, "auth");81srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf");8283final SaslClient clnt = (SaslClient)84Subject.doAs(clntSubj, new PrivilegedExceptionAction() {85public Object run() throws Exception {86return Sasl.createSaslClient(87new String[]{MECH}, null, PROTOCOL, SERVER_FQDN,88clntprops, null);89}90});9192if (verbose) {93System.out.println(clntSubj);94System.out.println(srvSubj);95}96final SaslServer srv = (SaslServer)97Subject.doAs(srvSubj, new PrivilegedExceptionAction() {98public Object run() throws Exception {99return Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN,100srvprops, srvCbh);101}102});103104105if (clnt == null) {106throw new IllegalStateException(107"Unable to find client impl for " + MECH);108}109if (srv == null) {110throw new IllegalStateException(111"Unable to find server impl for " + MECH);112}113114byte[] response;115byte[] challenge;116117response = (byte[]) Subject.doAs(clntSubj,118new PrivilegedExceptionAction() {119public Object run() throws Exception {120return (clnt.hasInitialResponse()? clnt.evaluateChallenge(EMPTY) : EMPTY);121}});122123while (!clnt.isComplete() || !srv.isComplete()) {124final byte[] responseCopy = response;125challenge = (byte[]) Subject.doAs(srvSubj,126new PrivilegedExceptionAction() {127public Object run() throws Exception {128return srv.evaluateResponse(responseCopy);129}});130131if (challenge != null) {132final byte[] challengeCopy = challenge;133response = (byte[]) Subject.doAs(clntSubj,134new PrivilegedExceptionAction() {135public Object run() throws Exception {136return clnt.evaluateChallenge(challengeCopy);137}});138}139}140141if (clnt.isComplete() && srv.isComplete()) {142if (verbose) {143System.out.println("SUCCESS");144System.out.println("authzid is " + srv.getAuthorizationID());145}146} else {147throw new IllegalStateException("FAILURE: mismatched state:" +148" client complete? " + clnt.isComplete() +149" server complete? " + srv.isComplete());150}151152if (verbose) {153System.out.println(clnt.getNegotiatedProperty(Sasl.QOP));154}155156// Now try to use security layer157158byte[] clntBuf = new byte[]{0, 1, 2, 3};159try {160byte[] wrapped = clnt.wrap(clntBuf, 0, clntBuf.length);161throw new Exception(162"clnt wrap should not be allowed w/no security layer");163} catch (IllegalStateException e) {164// expected165}166167byte[] srvBuf = new byte[]{10, 11, 12, 13};168try {169byte[] wrapped = srv.wrap(srvBuf, 0, srvBuf.length);170throw new Exception(171"srv wrap should not be allowed w/no security layer");172} catch (IllegalStateException e) {173// expected174}175176try {177byte[] unwrapped = clnt.unwrap(clntBuf, 0, clntBuf.length);178throw new Exception(179"clnt wrap should not be allowed w/no security layer");180} catch (IllegalStateException e) {181// expected182}183184try {185byte[] unwrapped = srv.unwrap(srvBuf, 0, srvBuf.length);186throw new Exception(187"srv wrap should not be allowed w/no security layer");188} catch (IllegalStateException e) {189// expected190}191}192193private static Subject doLogin(String msg) throws LoginException {194LoginContext lc = null;195if (verbose) {196System.out.println(msg);197}198try {199lc = new LoginContext(msg, new TextCallbackHandler());200201// Attempt authentication202// You might want to do this in a "for" loop to give203// user more than one chance to enter correct username/password204lc.login();205206} catch (LoginException le) {207throw le;208}209return lc.getSubject();210}211}212213214