PrincipalSystemPropTest.java

/*
 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 8075301
 * @library /sun/security/krb5/auto
 * @summary New test for sun.security.krb5.principal system property.
 * The principal can set using the system property sun.security.krb5.principal.
 * This property is checked during login. If this property is not set,
 * then the principal name from the configuration is used.
 * @run main/othervm/java.security.policy=principalSystemPropTest.policy
 * PrincipalSystemPropTest
 */

import java.io.File;
import java.util.HashMap;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.LoginContext;
import com.sun.security.auth.callback.TextCallbackHandler;

public class PrincipalSystemPropTest {

    private static final boolean PASS = Boolean.TRUE;
    private static final boolean FAIL = Boolean.FALSE;
    private static final String VALID_PRINCIPAL_JAAS_ENTRY =
            "ValidPrincipalSystemPropTest";
    private static final String INVALID_PRINCIPAL_JAAS_ENTRY =
            "InvalidPrincipalSystemPropTest";
    private static final String NO_PRINCIPAL_JAAS_ENTRY =
            "NoPrincipalSystemPropTest";
    private static final String SAME_PRINCIPAL_JAAS_ENTRY =
            "SelfPrincipalSystemPropTest";
    private static final String HOST = "localhost";
    private static final String KTAB_FILENAME = "krb5.keytab.data";
    private static final String REALM = "TEST.REALM";
    private static final String TEST_SRC = System.getProperty("test.src", ".");
    private static final String USER = "USER";
    private static final String AVAILABLE_USER = "AVAILABLE";
    private static final String USER_PASSWORD = "password";
    private static final String FS = System.getProperty("file.separator");
    private static final String KRB5_CONF_FILENAME = "krb5.conf";
    private static final String JAAS_CONF_FILENAME = "jaas.conf";
    private static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM;
    private static final String USER_PRINCIPAL = USER + "@" + REALM;
    private static final String AVAILABLE_USER_PRINCIPAL =
            AVAILABLE_USER + "@" + REALM;

    public static void main(String[] args) throws Exception {

        setupTest();

        // Expected result, Jaas Config Entry, Login Principal Expected,
        // Principal passed through System property
        runTest(PASS, VALID_PRINCIPAL_JAAS_ENTRY,
                USER_PRINCIPAL, "USER@TEST.REALM");
        runTest(PASS, VALID_PRINCIPAL_JAAS_ENTRY,
                AVAILABLE_USER_PRINCIPAL,  null);
        runTest(PASS, INVALID_PRINCIPAL_JAAS_ENTRY,
                USER_PRINCIPAL, "USER@TEST.REALM");
        runTest(FAIL, INVALID_PRINCIPAL_JAAS_ENTRY, null,  null);
        runTest(PASS, NO_PRINCIPAL_JAAS_ENTRY,
                USER_PRINCIPAL, "USER@TEST.REALM");
        runTest(FAIL, NO_PRINCIPAL_JAAS_ENTRY, null, null);
        runTest(PASS, SAME_PRINCIPAL_JAAS_ENTRY,
                USER_PRINCIPAL, "USER@TEST.REALM");

    }

    private static void setupTest() {

        System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
        System.setProperty("java.security.auth.login.config",
                TEST_SRC + FS + JAAS_CONF_FILENAME);

        Map<String, String> principals = new HashMap<>();
        principals.put(USER_PRINCIPAL, USER_PASSWORD);
        principals.put(AVAILABLE_USER_PRINCIPAL, USER_PASSWORD);
        principals.put(KRBTGT_PRINCIPAL, null);
        KDC.startKDC(HOST, KRB5_CONF_FILENAME, REALM, principals,
                KTAB_FILENAME, KDC.KtabMode.APPEND);

    }

    private static void runTest(boolean expected, String jaasConfigEntry,
            String expectedLoginUser, String loginUserBySysProp) {

        if(loginUserBySysProp != null) {
            System.setProperty("sun.security.krb5.principal",
                    loginUserBySysProp);
        } else {
            System.clearProperty("sun.security.krb5.principal");
        }

        try {
            LoginContext lc = new LoginContext(jaasConfigEntry,
                    new TextCallbackHandler());
            lc.login();
            System.out.println(String.format(
                    "Authentication completed with Subject '%s' ",
                    lc.getSubject()));

            if (!expected) {
                throw new RuntimeException(
                        "TEST FAILED - JAAS login success isn't expected");
            }
            if(expectedLoginUser != null && !lc.getSubject().getPrincipals()
                    .stream().map(p -> p.getName()).filter(
                            expectedLoginUser :: equals).findFirst()
                            .isPresent()) {
                throw new RuntimeException(String.format(
                        "TEST FAILED - Login principal is not matched "
                        + "to expected principal '%s'.", expectedLoginUser));
            }
            System.out.println(
                    "TEST PASSED - JAAS login success is expected.");
        } catch (LoginException ie) {
            System.out.println(String.format(
                    "Authentication failed with exception: %s",
                    ie.getMessage()));
            if (expected) {
                System.out.println(
                        "TEST FAILED - JAAS login failure isn't expected");
                throw new RuntimeException(ie);
            }
            System.out.println(
                    "TEST PASSED - JAAS login failure is expected.");
        }

    }

}