File: spnegoTest

package info (click to toggle)
openjdk-11 11.0.4%2B11-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 757,028 kB
  • sloc: java: 5,016,041; xml: 1,191,974; cpp: 934,731; ansic: 555,697; sh: 24,299; objc: 12,703; python: 3,602; asm: 3,415; makefile: 2,772; awk: 351; sed: 172; perl: 114; jsp: 24; csh: 3
file content (208 lines) | stat: -rw-r--r-- 6,960 bytes parent folder | download | duplicates (17) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
 
#! /usr/bin/bash

# ATTENTION:
#
# Please read spnegoReadme first to setup the testing
# environment needed

# the following ENV should be adjusted to match your environment
WWW_REALM=JSL.BEIJING
WWW_KDC=jsl-bjlab1.jsl.beijing
WWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt

PROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM
PROXY_KDC=anchor.jsldublin.ireland.sun.com
PROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt
PROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080"

GOOD_PASS='-Duser=olala -Dpass=1q2w#E$R'
GOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R'
BAD_PASS='-Duser=olala -Dpass=false'
BAD_KPASS='-Dkuser=olala -Dkpass=false'

WWW_TAB=www.tab
PROXY_TAB=proxy.tab
TAB_PATH=/tmp/krb5cc_156710

FILE_CONTENT=content_of_web_file

# these ENV determines how much to show in terminal. don't edit
EXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint"

ANY_EXCEPTION='Exception'
IO_EXCEPTION='java.io.IOException'
PROTO_EXCEPTION='java.net.ProtocolException'
HEADER_200='HTTP/1.1 200'

# a java run
function runonce {
  echo Testing $AUTH_TYPE-$TEST_NAME ...
  java -Djava.security.krb5.realm=$USE_REALM \
     -Djava.security.krb5.kdc=$USE_KDC \
     -Djava.security.auth.login.config=spnegoLogin.conf \
     -Dhttp.maxRedirects=2 \
     $AUTH_PREF \
     $EXTRA_PARA \
     $EXTRA_LOG \
     $USER_PASS \
     $KUSER_PASS \
     WebGet $USE_URL 2> err.log > out.log
  if [ "$HAS_CACHE" = true ]; then
     grep -i 'PROVIDING Kerberos' out.log && exit $LINENO
  else
     grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass'
  fi
}

function testsuite {

    # normal runs
    USER_PASS=$GOOD_PASS
    KUSER_PASS=$GOOD_KPASS

    TEST_NAME=Authenticate
    AUTH_PREF=
    runonce
    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO
    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    TEST_NAME="Authenticate with Negotiate"
    AUTH_PREF=-Dhttp.auth.preference=Negotiate
    runonce
    # first 40X and ask for authen i author-neg and 200 and success
    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO
    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    TEST_NAME="Authenticate with Kerberos"
    AUTH_PREF=-Dhttp.auth.preference=Kerberos
    runonce
    # first 40X and ask for authen i author-neg and 200 and success
    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  || exit $LINENO
    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    TEST_NAME="Authenticate with Basic"
    AUTH_PREF=-Dhttp.auth.preference=Basic
    runonce
    # first 40X and ask for authen i author-basic and 200 and success
    grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
    grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
    grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO
    grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
    grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

    if [ "$HAS_CACHE" = true ]; then
        echo 'Skip bad kpass test if HAS_CACHE is true'
    else
        # bad kpass should fallback to basic

        TEST_NAME="Authenticate fallback"
        KUSER_PASS=$BAD_KPASS
        AUTH_PREF=
        runonce
        # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success
        grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO
        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
        grep -i "$AUTH_RESPONSE" err.log > /dev/null  || exit $LINENO
        grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  && exit $LINENO
        grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO
        grep -i "$HEADER_200" err.log > /dev/null  || exit $LINENO
        grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO

        # auth.pref given, does not fallback

        TEST_NAME="Authenticate no fallback"
        KUSER_PASS=$BAD_KPASS
        AUTH_PREF=-Dhttp.auth.preference=Negotiate
        runonce # will fail
        # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION
        grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
        grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null  && exit $LINENO
        grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO

        # bad kpass fallback to basic, but bad pass
        TEST_NAME="Authenticate fallback but still cannot go on"
        KUSER_PASS=$BAD_KPASS
        USER_PASS=$BAD_PASS
        AUTH_PREF=
        runonce # will fail
        # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION
        grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO
        grep -i "$HEADER_40X" err.log > /dev/null  || exit $LINENO
        grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null  && exit $LINENO
        grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null  || exit $LINENO
        grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO
    fi
}

function testWWW {

    # WWW Part
    AUTH_TYPE=WWW
    USE_REALM=$WWW_REALM
    USE_KDC=$WWW_KDC
    USE_URL=$WWW_URL
    EXTRA_PARA=

    HEADER_40X='HTTP/1.1 401'
    AUTH_RESPONSE='WWW-Authenticate:'
    AUTH_NEG_REQUEST='{Authorization: Negotiate'
    AUTH_BASIC_REQUEST='{Authorization: Basic'
    AUTH_ANY_REQUEST='{Authorization:'

    testsuite

    echo Pass WWW
}

function testProxy {

    # Proxy Part
    AUTH_TYPE=Proxy
    USE_REALM=$PROXY_REALM
    USE_KDC=$PROXY_KDC
    USE_URL=$PROXY_URL
    EXTRA_PARA=$PROXY_PARA

    HEADER_40X='HTTP/1.1 407'
    AUTH_RESPONSE='Proxy-Authenticate:'
    AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate'
    AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic'
    AUTH_ANY_REQUEST='{Proxy-Authorization:'

    testsuite

    echo Pass Proxy
}

HAS_CACHE='false'
kdestroy
testWWW
testProxy

HAS_CACHE='true'
#kinit for WWW_REALM
cp $WWW_TAB $TAB_PATH
testWWW
#kinit for PRXY_REALM
cp $PROXY_TAB $TAB_PATH
testProxy

kdestroy
rm err.log
rm out.log

exit 0