summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/tests/java
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/tests/java')
-rw-r--r--third_party/heimdal/tests/java/KerberosInit.java95
-rw-r--r--third_party/heimdal/tests/java/Makefile.am46
-rw-r--r--third_party/heimdal/tests/java/NTMakefile35
-rw-r--r--third_party/heimdal/tests/java/check-kinit.in147
-rw-r--r--third_party/heimdal/tests/java/have-java.sh58
-rw-r--r--third_party/heimdal/tests/java/jaas.conf14
-rw-r--r--third_party/heimdal/tests/java/krb5.conf.in32
7 files changed, 427 insertions, 0 deletions
diff --git a/third_party/heimdal/tests/java/KerberosInit.java b/third_party/heimdal/tests/java/KerberosInit.java
new file mode 100644
index 0000000..9442417
--- /dev/null
+++ b/third_party/heimdal/tests/java/KerberosInit.java
@@ -0,0 +1,95 @@
+/*
+ *
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+import javax.security.auth.login.*;
+import javax.security.auth.callback.*;
+
+public class KerberosInit {
+
+ private class TestCallBackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks)
+ throws UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof TextOutputCallback) {
+ TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+ System.out.println(toc.getMessage());
+ } else if (callbacks[i] instanceof NameCallback) {
+ NameCallback nc = (NameCallback)callbacks[i];
+ nc.setName("lha");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ PasswordCallback pc = (PasswordCallback)callbacks[i];
+ pc.setPassword("foo".toCharArray());
+ } else {
+ throw new
+ UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+ }
+ private TestCallBackHandler getHandler() {
+ return new TestCallBackHandler();
+ }
+
+ public static void main(String[] args) {
+
+ LoginContext lc = null;
+ try {
+ lc = new LoginContext("kinit", new KerberosInit().getHandler());
+ } catch (LoginException e) {
+ System.err.println("Cannot create LoginContext. " + e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ } catch (SecurityException e) {
+ System.err.println("Cannot create LoginContext. " + e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ }
+
+ try {
+ lc.login();
+ } catch (LoginException e) {
+ System.err.println("Authentication failed:" + e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ }
+
+ System.out.println("lc.login ok");
+ System.exit(0);
+ }
+}
+
diff --git a/third_party/heimdal/tests/java/Makefile.am b/third_party/heimdal/tests/java/Makefile.am
new file mode 100644
index 0000000..acbe874
--- /dev/null
+++ b/third_party/heimdal/tests/java/Makefile.am
@@ -0,0 +1,46 @@
+# $Id: Makefile.am 20739 2007-05-31 16:53:21Z lha $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf
+
+check_SCRIPTS = $(SCRIPT_TESTS)
+
+SCRIPT_TESTS = check-kinit
+
+TESTS = $(SCRIPT_TESTS)
+
+port = 49188
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/java,g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+
+check-kinit: check-kinit.in Makefile
+ $(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp
+ chmod +x check-kinit.tmp
+ mv check-kinit.tmp check-kinit
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+CLEANFILES= \
+ $(TESTS) \
+ *.tmp \
+ *.class \
+ current-db* \
+ krb5.conf \
+ messages.log
+
+
+EXTRA_DIST = \
+ NTMakefile \
+ KerberosInit.java \
+ jaas.conf \
+ check-kinit.in \
+ have-java.sh \
+ krb5.conf.in
diff --git a/third_party/heimdal/tests/java/NTMakefile b/third_party/heimdal/tests/java/NTMakefile
new file mode 100644
index 0000000..5783739
--- /dev/null
+++ b/third_party/heimdal/tests/java/NTMakefile
@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# - Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+RELDIR=tests\java
+
+!include ../../windows/NTMakefile.w32
+
diff --git a/third_party/heimdal/tests/java/check-kinit.in b/third_party/heimdal/tests/java/check-kinit.in
new file mode 100644
index 0000000..8203344
--- /dev/null
+++ b/third_party/heimdal/tests/java/check-kinit.in
@@ -0,0 +1,147 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+srcdir="@srcdir@"
+env_setup="@env_setup@"
+objdir="@objdir@"
+port="@port@"
+
+. ${env_setup}
+
+# Disable test if: no data, no java, or socket wrapper
+../db/have-db || exit 77
+sh ${srcdir}/have-java.sh || exit 77
+[ X"$SOCKET_WRAPPER_DIR" != X ] && exit 77
+
+R=TEST.H5L.SE
+server=host/localhost
+keytabfile="${objdir}/server.keytab"
+keytab="FILE:${keytabfile}"
+cache="FILE:${objdir}/cache.krb5"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=127.0.0.1 -P $port"
+gssclient="${TESTS_ENVIRONMENT} ../../appl/test/gssapi_client"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile} messages.log
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+echo "Compile"
+javac -d "${objdir}" "${srcdir}/KerberosInit.java" || \
+ { echo "Failed to compile java program: $?" ; exit 77; }
+
+echo "Compile"
+javac -d "${objdir}" "${srcdir}/../../appl/test/jgssapi_server.java" || \
+ { echo "Failed to compile java program: $?" ; exit 77; }
+
+> messages.log
+
+echo foo > ${objdir}/foopassword
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults lha@${R} || exit 1
+${kadmin} modify --attributes=+requires-pre-auth lha@${R} || exit 1
+${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
+${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
+
+echo Starting kdc
+${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; }
+kdcpid=`getpid kdc`
+
+trap "kill -9 ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+echo "Run init"
+java \
+ -Dsun.security.krb5.debug=true \
+ -Djava.security.krb5.conf="${objdir}"/krb5.conf \
+ -Djava.security.auth.login.config="${srcdir}/jaas.conf" \
+ KerberosInit > output.tmp 2>&1 || { cat output.tmp ; exit 1; }
+
+
+# Disabled because of:
+#
+# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7077646
+# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7077640
+#
+
+if false ; then
+
+ echo "start server"
+ java \
+ -Dsun.security.krb5.debug=true \
+ -Djava.security.krb5.conf="${objdir}"/krb5.conf \
+ -Djavax.security.auth.useSubjectCredsOnly=false \
+ -Djava.security.auth.login.config="${srcdir}/jaas.conf" \
+ jgssapi_server > output.tmp 2>&1 &
+ javapid=$!
+ sleep 5
+
+ trap "kill -9 ${kdcpid} ${javapid}; echo signal killing kdc java; exit 1;" EXIT
+
+ echo "Getting client initial tickets"; > messages.log
+ ${kinit} --password-file=${objdir}/foopassword lha@$R || \
+ { echo "kinit failed" ; exit 1; }
+
+ env KRB5CCNAME=${cache} \
+ ${gssclient} --port=4717 --service=host localhost || exit 1
+
+ sleep 5
+
+ kill ${javapid}
+
+ grep 'Exception in thread' output.tmp && exit 1
+fi
+
+echo "Done"
+
+echo "killing kdc (${kdcpid} ${javapid})"
+kill $kdcpid $javapid || exit 1
+
+trap "" EXIT
+
+exit 0
diff --git a/third_party/heimdal/tests/java/have-java.sh b/third_party/heimdal/tests/java/have-java.sh
new file mode 100644
index 0000000..84ac00e
--- /dev/null
+++ b/third_party/heimdal/tests/java/have-java.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+echo "Checking for java and javac"
+
+oldifs=$IFS
+IFS=:
+set -- $PATH
+IFS=$oldifs
+for i in $*; do
+ test -n "$i" || i="."
+ test -x $i/java && j=f
+ test -x $i/javac && k=c
+done
+
+test "$j$k" = fc || exit 1
+
+# GNU GCC Java doesn't support Kerberos
+if java -version 2>&1 | grep 'gij' > /dev/null ; then
+ exit 1
+fi
+
+echo "ok"
+
+exit 0
diff --git a/third_party/heimdal/tests/java/jaas.conf b/third_party/heimdal/tests/java/jaas.conf
new file mode 100644
index 0000000..00a9e02
--- /dev/null
+++ b/third_party/heimdal/tests/java/jaas.conf
@@ -0,0 +1,14 @@
+/* $Id$ */
+
+kinit {
+ com.sun.security.auth.module.Krb5LoginModule required;
+};
+
+com.sun.security.jgss.accept {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ keyTab="server.keytab"
+ principal="host/localhost"
+ isInitiator=false;
+};
diff --git a/third_party/heimdal/tests/java/krb5.conf.in b/third_party/heimdal/tests/java/krb5.conf.in
new file mode 100644
index 0000000..ca6b74f
--- /dev/null
+++ b/third_party/heimdal/tests/java/krb5.conf.in
@@ -0,0 +1,32 @@
+# $Id$
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[kdc]
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ log_file = @objdir@/current.log
+ }
+
+[hdb]
+ db-dir = @objdir@
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+# Have both default and non default salting for single DES encryptes,
+# this to check if the kdc return default salting.
+[kadmin]
+ default_keys = aes256-cts-hmac-sha1-96:pw-salt
+ default_keys = aes128-cts-hmac-sha1-96:pw-salt
+ default_keys = des3-cbc-sha1:pw-salt