CoCalc -- ServiceCredsCombination.java

GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/krb5/ServiceCredsCombination.java
³⁸⁸³⁸ views
1
/*
2
 * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23
/*
24
 * @test
25
 * @bug 8005447
26
 * @compile -XDignore.symbol.file ServiceCredsCombination.java
27
 * @run main ServiceCredsCombination
28
 * @summary default principal can act as anyone
29
 */
30

31
import java.security.PrivilegedActionException;
32
import java.security.PrivilegedExceptionAction;
33
import java.util.Objects;
34
import javax.security.auth.Subject;
35
import javax.security.auth.kerberos.KerberosKey;
36
import javax.security.auth.kerberos.KerberosPrincipal;
37
import javax.security.auth.kerberos.KeyTab;
38
import org.ietf.jgss.GSSCredential;
39
import org.ietf.jgss.GSSException;
40
import org.ietf.jgss.GSSManager;
41
import org.ietf.jgss.GSSName;
42
import sun.security.jgss.GSSUtil;
43

44
public class ServiceCredsCombination {
45

46
    public static void main(String[] args) throws Exception {
47
        // pass
48
        check("a", "a", princ("a"), key("a"));
49
        check(null, "a", princ("a"), key("a"));
50
        check("x", "NOCRED", princ("a"), key("a"));
51
        // two pass
52
        check("a", "a", princ("a"), key("a"), princ("b"), key("b"));
53
        check("b", "b", princ("a"), key("a"), princ("b"), key("b"));
54
        check(null, null, princ("a"), key("a"), princ("b"), key("b"));
55
        check("x", "NOCRED", princ("a"), key("a"), princ("b"), key("b"));
56
        // old ktab
57
        check("b", "b", princ("b"), oldktab());
58
        check("x", "NOCRED", princ("b"), oldktab());
59
        check(null, "b", princ("b"), oldktab());
60
        // Two old ktab
61
        check("a", "a", princ("a"), princ("b"), oldktab(), oldktab());
62
        check("b", "b", princ("a"), princ("b"), oldktab(), oldktab());
63
        check(null, null, princ("a"), princ("b"), oldktab(), oldktab());
64
        check("x", "NOCRED", princ("a"), princ("b"), oldktab(), oldktab());
65
        // bound ktab
66
        check("c", "c", princ("c"), ktab("c"));
67
        check(null, "c", princ("c"), ktab("c"));
68
        // unbound ktab
69
        check("x", "x", ktab());
70
        check(null, null, ktab());
71
        // Two bound ktab
72
        check("c1", "c1", princ("c1"), princ("c2"), ktab("c1"), ktab("c2"));
73
        check("c2", "c2", princ("c1"), princ("c2"), ktab("c1"), ktab("c2"));
74
        check("x", "NOCRED", princ("c1"), princ("c2"), ktab("c1"), ktab("c2"));
75
        check(null, null, princ("c1"), princ("c2"), ktab("c1"), ktab("c2"));
76
        // One bound, one unbound
77
        check("c1", "c1", princ("c1"), ktab("c1"), ktab());
78
        check("x", "x", princ("c1"), ktab("c1"), ktab());
79
        check(null, null, princ("c1"), ktab("c1"), ktab());
80
        // Two unbound ktab
81
        check("x", "x", ktab(), ktab());
82
        check(null, null, ktab(), ktab());
83
        // pass + old ktab
84
        check("a", "a", princ("a"), princ("b"), key("a"), oldktab());
85
        check("b", "b", princ("a"), princ("b"), key("a"), oldktab());
86
        check(null, null, princ("a"), princ("b"), key("a"), oldktab());
87
        check("x", "NOCRED", princ("a"), princ("b"), key("a"), oldktab());
88
        // pass + bound ktab
89
        check("a", "a", princ("a"), princ("c"), key("a"), ktab("c"));
90
        check("c", "c", princ("a"), princ("c"), key("a"), ktab("c"));
91
        check("x", "NOCRED", princ("a"), princ("c"), key("a"), ktab("c"));
92
        check(null, null, princ("a"), princ("c"), key("a"), ktab("c"));
93
        // pass + unbound ktab
94
        check("a", "a", princ("a"), key("a"), ktab());
95
        check("x", "x", princ("a"), key("a"), ktab());
96
        check(null, null, princ("a"), key("a"), ktab());
97
        // Compatibility, automatically add princ for keys
98
        check(null, "a", key("a"));
99
        check("x", "NOCRED", key("a"));
100
        check(null, "a", key("a"), oldktab());
101
        check("x", "NOCRED", key("a"), oldktab());
102
        // Limitation, "a" has no key, but we don't know oldktab() is for "b"
103
        check("a", "a", princ("a"), princ("b"), oldktab());
104
    }
105

106
    /**
107
     * Checks the correct bound
108
     * @param a get a creds for this principal, null for default one
109
     * @param b expected name, null for still unbound, "NOCRED" for no creds
110
     * @param objs princs, keys and keytabs in the subject
111
     */
112
    private static void check(final String a, String b, Object... objs)
113
            throws Exception {
114
        Subject subj = new Subject();
115
        for (Object obj: objs) {
116
            if (obj instanceof KerberosPrincipal) {
117
                subj.getPrincipals().add((KerberosPrincipal)obj);
118
            } else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
119
                subj.getPrivateCredentials().add(obj);
120
            }
121
        }
122
        final GSSManager man = GSSManager.getInstance();
123
        try {
124
            String result = Subject.doAs(
125
                    subj, new PrivilegedExceptionAction<String>() {
126
                @Override
127
                public String run() throws GSSException {
128
                    GSSCredential cred = man.createCredential(
129
                            a == null ? null : man.createName(r(a), null),
130
                            GSSCredential.INDEFINITE_LIFETIME,
131
                            GSSUtil.GSS_KRB5_MECH_OID,
132
                            GSSCredential.ACCEPT_ONLY);
133
                    GSSName name = cred.getName();
134
                    return name == null ? null : name.toString();
135
                }
136
            });
137
            if (!Objects.equals(result, r(b))) {
138
                throw new Exception("Check failed: getInstance(" + a
139
                        + ") has name " + result + ", not " + b);
140
            }
141
        } catch (PrivilegedActionException e) {
142
            if (!"NOCRED".equals(b)) {
143
                throw new Exception("Check failed: getInstance(" + a
144
                        + ") is null " + ", but not one with name " + b);
145
            }
146
        }
147
    }
148
    private static String r(String s) {
149
        return s == null ? null : (s+"@REALM");
150
    }
151
    private static KerberosPrincipal princ(String s) {
152
        return new KerberosPrincipal(r(s));
153
    }
154
    private static KerberosKey key(String s) {
155
        return new KerberosKey(princ(s), new byte[0], 0, 0);
156
    }
157
    private static KeyTab oldktab() {
158
        return KeyTab.getInstance();
159
    }
160
    static KeyTab ktab(String s) {
161
        return KeyTab.getInstance(princ(s));
162
    }
163
    static KeyTab ktab() {
164
        return KeyTab.getUnboundInstance();
165
    }
166
}
167

168
Product

Resources

Company
