use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class DynamicKeytab method go.
void go() throws Exception {
OneKDC k = new OneKDC(null);
k.writeJAASConf();
Files.delete(Paths.get(OneKDC.KTAB));
// Starts with no keytab
c = Context.fromJAAS("client");
s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
// Test 1: read new key 1 from keytab
k.addPrincipal(OneKDC.SERVER, "pass1".toCharArray());
k.writeKtab(OneKDC.KTAB);
connect();
// Test 2: service key cached, find 1 in keytab (now contains 1 and 2)
k.addPrincipal(OneKDC.SERVER, "pass2".toCharArray());
k.appendKtab(OneKDC.KTAB);
connect();
// Test 3: re-login. Now find 2 in keytab
c = Context.fromJAAS("client");
connect();
// Test 4: re-login, KDC use 3 this time.
c = Context.fromJAAS("client");
// Put 3 and 4 into keytab but keep the real key back to 3.
k.addPrincipal(OneKDC.SERVER, "pass3".toCharArray());
k.appendKtab(OneKDC.KTAB);
k.addPrincipal(OneKDC.SERVER, "pass4".toCharArray());
k.appendKtab(OneKDC.KTAB);
k.addPrincipal(OneKDC.SERVER, "pass3".toCharArray());
connect();
// Test 5: invalid keytab file, should ignore
try (FileOutputStream fos = new FileOutputStream(OneKDC.KTAB)) {
fos.write("BADBADBAD".getBytes());
}
connect();
// Test 6: delete keytab file, identical to revoke all
Files.delete(Paths.get(OneKDC.KTAB));
try {
connect();
throw new Exception("Should not success");
} catch (GSSException gsse) {
System.out.println(gsse);
KrbException ke = (KrbException) gsse.getCause();
// This should have been Krb5.KRB_AP_ERR_NOKEY
if (ke.returnCode() != Krb5.API_INVALID_ARG) {
throw new Exception("Not expected failure code: " + ke.returnCode());
}
}
// Test 7: 3 revoked, should fail (now contains only 5)
k.addPrincipal(OneKDC.SERVER, "pass5".toCharArray());
// overwrite keytab, which means
k.writeKtab(OneKDC.KTAB);
// old key is revoked
try {
connect();
throw new Exception("Should not success");
} catch (GSSException gsse) {
System.out.println(gsse);
// Since 7197159, different kvno is accepted, this return code
// will never be thrown out again.
//KrbException ke = (KrbException)gsse.getCause();
//if (ke.returnCode() != Krb5.KRB_AP_ERR_BADKEYVER) {
// throw new Exception("Not expected failure code: " +
// ke.returnCode());
//}
}
// Test 8: an empty KDC means revoke all
KDC.create("EMPTY.REALM").writeKtab(OneKDC.KTAB);
try {
connect();
throw new Exception("Should not success");
} catch (GSSException gsse) {
System.out.println(gsse);
KrbException ke = (KrbException) gsse.getCause();
// This should have been Krb5.KRB_AP_ERR_NOKEY
if (ke.returnCode() != Krb5.API_INVALID_ARG) {
throw new Exception("Not expected failure code: " + ke.returnCode());
}
}
}
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KvnoNA method main.
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// In KDC, it's 2
char[] pass = "pass2".toCharArray();
kdc.addPrincipal(OneKDC.SERVER, pass);
// In ktab, kvno is 1 or 3, 3 has the same password
KeyTab ktab = KeyTab.create(OneKDC.KTAB);
PrincipalName p = new PrincipalName(OneKDC.SERVER + "@" + OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);
ktab.addEntry(p, "pass1".toCharArray(), 1, true);
ktab.addEntry(p, "pass2".toCharArray(), 3, true);
ktab.save();
Context c, s;
c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
s.dispose();
c.dispose();
}
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class FileKeyTab method main.
public static void main(String[] args) throws Exception {
String name = "ktab";
KeyTab kt = KeyTab.create(name);
kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
kt.save();
check(name);
check("FILE:" + name);
name = new File(name).getAbsolutePath().toString();
check(name);
check("FILE:" + name);
// The bug reporter uses this style, should only work for
// absolute path
check("FILE:/" + name);
}
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KeyTabIndex method main.
public static void main(String[] args) throws Exception {
KeyTab kt = KeyTab.create("ktab");
// Two entries with very different length, so that it's easy to
// observice the abnormal change of "index" field.
kt.addEntry(new PrincipalName("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@A"), "x".toCharArray(), 1, true);
kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
kt.save();
Runnable t = new Runnable() {
@Override
public void run() {
KeyTab.getInstance("ktab").getClass();
}
};
for (int i = 0; i < 10; i++) {
new Thread(t).start();
}
}
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KtabZero method check.
// Checks existence as well as kt-vno
static void check(boolean showBeMissing) throws Exception {
KeyTab kt = KeyTab.getInstance(NAME);
if (kt.isMissing() != showBeMissing) {
throw new Exception("isMissing is not " + showBeMissing);
}
Field f = KeyTab.class.getDeclaredField("kt_vno");
f.setAccessible(true);
if (f.getInt(kt) != KeyTabConstants.KRB5_KT_VNO) {
throw new Exception("kt_vno is " + f.getInt(kt));
}
}
Aggregations