aboutsummaryrefslogtreecommitdiff
path: root/test/sun/security/krb5/auto/Renewal.java
diff options
context:
space:
mode:
Diffstat (limited to 'test/sun/security/krb5/auto/Renewal.java')
-rw-r--r--test/sun/security/krb5/auto/Renewal.java164
1 files changed, 164 insertions, 0 deletions
diff --git a/test/sun/security/krb5/auto/Renewal.java b/test/sun/security/krb5/auto/Renewal.java
new file mode 100644
index 0000000000..38639c7610
--- /dev/null
+++ b/test/sun/security/krb5/auto/Renewal.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8044500
+ * @summary Add kinit options and krb5.conf flags that allow users to
+ * obtain renewable tickets and specify ticket lifetimes
+ * @library ../../../../java/security/testlibrary/
+ * @compile -XDignore.symbol.file Renewal.java
+ * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock Renewal
+ */
+
+import sun.security.jgss.GSSUtil;
+import sun.security.krb5.Config;
+import sun.security.krb5.internal.ccache.Credentials;
+import sun.security.krb5.internal.ccache.FileCredentialsCache;
+
+import javax.security.auth.kerberos.KerberosTicket;
+import java.util.Date;
+import java.util.Random;
+import java.util.Set;
+
+// The basic krb5 test skeleton you can copy from
+public class Renewal {
+
+ static OneKDC kdc;
+ static String clazz = "sun.security.krb5.internal.tools.Kinit";
+
+ public static void main(String[] args) throws Exception {
+
+ kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+ kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+
+ checkLogin(null, null, KDC.DEFAULT_LIFETIME, -1);
+ checkLogin("1h", null, 3600, -1);
+ checkLogin(null, "2d", KDC.DEFAULT_LIFETIME, 86400*2);
+ checkLogin("1h", "10h", 3600, 36000);
+ // When rtime is before till, use till as rtime
+ checkLogin("10h", "1h", 36000, 36000);
+
+ try {
+ Class.forName(clazz);
+ } catch (ClassNotFoundException cnfe) {
+ return;
+ }
+
+ checkKinit(null, null, null, null, KDC.DEFAULT_LIFETIME, -1);
+ checkKinit("1h", "10h", null, null, 3600, 36000);
+ checkKinit(null, null, "30m", "5h", 1800, 18000);
+ checkKinit("1h", "10h", "30m", "5h", 1800, 18000);
+
+ checkKinitRenew();
+ }
+
+ static int count = 0;
+
+ static void checkKinit(
+ String s1, // ticket_lifetime in krb5.conf, null if none
+ String s2, // renew_lifetime in krb5.conf, null if none
+ String c1, // -l on kinit, null if none
+ String c2, // -r on kinit, null if none
+ int t1, int t2 // expected lifetimes, -1 of unexpected
+ ) throws Exception {
+ KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+ s1 != null ? ("ticket_lifetime = " + s1) : "",
+ s2 != null ? ("renew_lifetime = " + s2) : "");
+ Proc p = Proc.create(clazz);
+ if (c1 != null) {
+ p.args("-l", c1);
+ }
+ if (c2 != null) {
+ p.args("-r", c2);
+ }
+ count++;
+ p.args(OneKDC.USER, new String(OneKDC.PASS))
+ .inheritIO()
+ .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
+ .prop("java.security.krb5.conf", OneKDC.KRB5_CONF)
+ .env("KRB5CCNAME", "ccache" + count)
+ .start();
+ if (p.waitFor() != 0) {
+ throw new Exception();
+ }
+ FileCredentialsCache fcc =
+ FileCredentialsCache.acquireInstance(null, "ccache" + count);
+ Credentials cred = fcc.getDefaultCreds();
+ checkRough(cred.getEndTime().toDate(), t1);
+ if (cred.getRenewTill() == null) {
+ checkRough(null, t2);
+ } else {
+ checkRough(cred.getRenewTill().toDate(), t2);
+ }
+ }
+
+ static void checkKinitRenew() throws Exception {
+ Proc p = Proc.create(clazz)
+ .args("-R")
+ .inheritIO()
+ .prop("sun.net.spi.nameservice.provider.1", "ns,mock")
+ .prop("java.security.krb5.conf", OneKDC.KRB5_CONF)
+ .env("KRB5CCNAME", "ccache" + count)
+ .start();
+ if (p.waitFor() != 0) {
+ throw new Exception();
+ }
+ }
+
+ static void checkLogin(
+ String s1, // ticket_lifetime in krb5.conf, null if none
+ String s2, // renew_lifetime in krb5.conf, null if none
+ int t1, int t2 // expected lifetimes, -1 of unexpected
+ ) throws Exception {
+ KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+ s1 != null ? ("ticket_lifetime = " + s1) : "",
+ s2 != null ? ("renew_lifetime = " + s2) : "");
+ Config.refresh();
+
+ Context c;
+ c = Context.fromJAAS("client");
+
+ Set<KerberosTicket> tickets =
+ c.s().getPrivateCredentials(KerberosTicket.class);
+ if (tickets.size() != 1) {
+ throw new Exception();
+ }
+ KerberosTicket ticket = tickets.iterator().next();
+
+ checkRough(ticket.getEndTime(), t1);
+ checkRough(ticket.getRenewTill(), t2);
+ }
+
+ static void checkRough(Date t, int duration) throws Exception {
+ Date now = new Date();
+ if (t == null && duration == -1) {
+ return;
+ }
+ long change = (t.getTime() - System.currentTimeMillis()) / 1000;
+ if (change > duration + 20 || change < duration - 20) {
+ throw new Exception(t + " is not " + duration);
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 15:57:02 +0000