J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. |
| 8 | * |
| 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | * accompanied this code). |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License version |
| 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | * |
| 19 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 20 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 21 | * have any questions. |
| 22 | */ |
| 23 | |
| 24 | /* |
| 25 | * @test |
| 26 | * @bug 4919147 |
| 27 | * @summary Support for token-based KeyStores |
| 28 | */ |
| 29 | |
| 30 | import java.io.File; |
| 31 | import java.io.IOException; |
| 32 | import java.util.Map; |
| 33 | import java.util.HashMap; |
| 34 | |
| 35 | import javax.security.auth.*; |
| 36 | import javax.security.auth.login.*; |
| 37 | import javax.security.auth.callback.*; |
| 38 | import com.sun.security.auth.module.KeyStoreLoginModule; |
| 39 | |
| 40 | public class OptionTest { |
| 41 | |
| 42 | private static final String TEST = "OptionTest"; |
| 43 | private static int testnum = 1; |
| 44 | |
| 45 | private static final String O_URL = "keyStoreURL"; |
| 46 | private static final String O_ALIAS = "keyStoreAlias"; |
| 47 | private static final String O_TYPE = "keyStoreType"; |
| 48 | private static final String O_SPASS_URL = "keyStorePasswordURL"; |
| 49 | private static final String O_KPASS_URL = "privateKeyPasswordURL"; |
| 50 | private static final String O_PPATH = "protected"; |
| 51 | private static final String NONE = "NONE"; |
| 52 | |
| 53 | private static String URL; |
| 54 | private static String SPASS_URL; |
| 55 | private static String KPASS_URL; |
| 56 | |
| 57 | private static final String P11KEYSTORE = "PKCS11"; |
| 58 | private static final String ALIAS = "alias"; |
| 59 | private static final char[] STORE_PASS = new char[] |
| 60 | { 's', 't', 'o', 'r', 'e', 'P', 'a', 's', 's' }; // sync with file |
| 61 | private static final char[] KEY_PASS = |
| 62 | { 'k', 'e', 'y', 'P', 'a', 's', 's' }; // sync with file |
| 63 | |
| 64 | public static void main(String[] args) throws Exception { |
| 65 | init(); |
| 66 | testInvalidOptions(); |
| 67 | testNullCallbackHandler(); |
| 68 | testWithCallbackHandler(); |
| 69 | } |
| 70 | |
| 71 | private static void init() throws Exception { |
| 72 | File f = new File(System.getProperty("test.src", ".") + |
| 73 | File.separatorChar + |
| 74 | TEST + |
| 75 | ".keystore"); |
| 76 | URL = f.toURI().toURL().toString(); |
| 77 | |
| 78 | f = new File(System.getProperty("test.src", ".") + |
| 79 | File.separatorChar + |
| 80 | TEST + |
| 81 | ".storePass"); |
| 82 | SPASS_URL = f.toURI().toURL().toString(); |
| 83 | |
| 84 | f = new File(System.getProperty("test.src", ".") + |
| 85 | File.separatorChar + |
| 86 | TEST + |
| 87 | ".keyPass"); |
| 88 | KPASS_URL = f.toURI().toURL().toString(); |
| 89 | } |
| 90 | |
| 91 | private static void testInvalidOptions() throws Exception { |
| 92 | |
| 93 | // if keyStoreType is PKCS11, keyStoreURL must be NONE |
| 94 | |
| 95 | KeyStoreLoginModule m = new KeyStoreLoginModule(); |
| 96 | Subject s = new Subject(); |
| 97 | Map options = new HashMap(); |
| 98 | options.put(O_TYPE, P11KEYSTORE); |
| 99 | m.initialize(s, null, null, options); |
| 100 | try { |
| 101 | m.login(); |
| 102 | throw new SecurityException("expected exception"); |
| 103 | } catch (LoginException le) { |
| 104 | // good |
| 105 | //le.printStackTrace(); |
| 106 | System.out.println("test " + testnum++ + " passed"); |
| 107 | } |
| 108 | |
| 109 | // if keyStoreType is PKCS11, keyStoreURL is NONE, |
| 110 | // then privateKeyPasswordURL must not be specified |
| 111 | |
| 112 | options = new HashMap(); |
| 113 | options.put(O_TYPE, P11KEYSTORE); |
| 114 | options.put(O_URL, NONE); |
| 115 | options.put(O_KPASS_URL, KPASS_URL); |
| 116 | m.initialize(s, null, null, options); |
| 117 | try { |
| 118 | m.login(); |
| 119 | throw new SecurityException("expected exception"); |
| 120 | } catch (LoginException le) { |
| 121 | // good |
| 122 | //le.printStackTrace(); |
| 123 | System.out.println("test " + testnum++ + " passed"); |
| 124 | } |
| 125 | |
| 126 | // if protected is true, keyStorePasswordURL must not be specified |
| 127 | |
| 128 | options = new HashMap(); |
| 129 | options.put(O_PPATH, "true"); |
| 130 | options.put(O_SPASS_URL, SPASS_URL); |
| 131 | m.initialize(s, null, null, options); |
| 132 | try { |
| 133 | m.login(); |
| 134 | throw new SecurityException("expected exception"); |
| 135 | } catch (LoginException le) { |
| 136 | // good |
| 137 | //le.printStackTrace(); |
| 138 | System.out.println("test " + testnum++ + " passed"); |
| 139 | } |
| 140 | |
| 141 | // if protected is true, privateKeyPasswordURL must not be specified |
| 142 | |
| 143 | options = new HashMap(); |
| 144 | options.put(O_PPATH, "true"); |
| 145 | options.put(O_KPASS_URL, KPASS_URL); |
| 146 | m.initialize(s, null, null, options); |
| 147 | try { |
| 148 | m.login(); |
| 149 | throw new SecurityException("expected exception"); |
| 150 | } catch (LoginException le) { |
| 151 | // good |
| 152 | //le.printStackTrace(); |
| 153 | System.out.println("test " + testnum++ + " passed"); |
| 154 | } |
| 155 | } |
| 156 | |
| 157 | private static void testNullCallbackHandler() throws Exception { |
| 158 | |
| 159 | // no options (missing alias) |
| 160 | |
| 161 | KeyStoreLoginModule m = new KeyStoreLoginModule(); |
| 162 | Subject s = new Subject(); |
| 163 | Map options = new HashMap(); |
| 164 | m.initialize(s, null, null, options); |
| 165 | try { |
| 166 | m.login(); |
| 167 | throw new SecurityException("expected exception"); |
| 168 | } catch (LoginException le) { |
| 169 | // good |
| 170 | //le.printStackTrace(); |
| 171 | System.out.println("test " + testnum++ + " passed"); |
| 172 | } |
| 173 | |
| 174 | // missing passwords |
| 175 | |
| 176 | options.put(O_ALIAS, ALIAS); |
| 177 | m.initialize(s, null, null, options); |
| 178 | try { |
| 179 | m.login(); |
| 180 | throw new SecurityException("expected exception"); |
| 181 | } catch (LoginException le) { |
| 182 | // good |
| 183 | //le.printStackTrace(); |
| 184 | System.out.println("test " + testnum++ + " passed"); |
| 185 | } |
| 186 | |
| 187 | // no private key password |
| 188 | // (private key password is different from store password) |
| 189 | |
| 190 | options.put(O_SPASS_URL, SPASS_URL); |
| 191 | m.initialize(s, null, null, options); |
| 192 | try { |
| 193 | m.login(); |
| 194 | throw new SecurityException("expected exception"); |
| 195 | } catch (LoginException le) { |
| 196 | // good |
| 197 | //le.printStackTrace(); |
| 198 | System.out.println("test " + testnum++ + " passed"); |
| 199 | } |
| 200 | |
| 201 | // all necessary options |
| 202 | // (private key password is different from store password) |
| 203 | |
| 204 | options.put(O_URL, URL); |
| 205 | options.put(O_KPASS_URL, KPASS_URL); |
| 206 | m.initialize(s, null, null, options); |
| 207 | m.login(); |
| 208 | System.out.println("test " + testnum++ + " passed"); |
| 209 | } |
| 210 | |
| 211 | private static void testWithCallbackHandler() throws Exception { |
| 212 | |
| 213 | KeyStoreLoginModule m = new KeyStoreLoginModule(); |
| 214 | Subject s = new Subject(); |
| 215 | Map options = new HashMap(); |
| 216 | options.put(O_URL, URL); |
| 217 | |
| 218 | CallbackHandler goodHandler = new MyCallbackHandler(true); |
| 219 | m.initialize(s, goodHandler, null, options); |
| 220 | m.login(); |
| 221 | System.out.println("test " + testnum++ + " passed"); |
| 222 | |
| 223 | CallbackHandler badHandler = new MyCallbackHandler(false); |
| 224 | m.initialize(s, badHandler, null, options); |
| 225 | try { |
| 226 | m.login(); |
| 227 | throw new SecurityException("expected LoginException"); |
| 228 | } catch (LoginException le) { |
| 229 | // good |
| 230 | System.out.println("test " + testnum++ + " passed"); |
| 231 | } |
| 232 | } |
| 233 | |
| 234 | private static class MyCallbackHandler implements CallbackHandler { |
| 235 | |
| 236 | private final boolean good; |
| 237 | |
| 238 | public MyCallbackHandler(boolean good) { |
| 239 | this.good = good; |
| 240 | } |
| 241 | |
| 242 | public void handle(Callback[] callbacks) |
| 243 | throws IOException, UnsupportedCallbackException { |
| 244 | for (int i = 0; i < callbacks.length; i++) { |
| 245 | if (callbacks[i] instanceof NameCallback) { |
| 246 | NameCallback nc = (NameCallback) callbacks[i]; |
| 247 | if (good) { |
| 248 | nc.setName(OptionTest.ALIAS); |
| 249 | } else { |
| 250 | nc.setName("FOO"); |
| 251 | } |
| 252 | } else if (callbacks[i] instanceof PasswordCallback) { |
| 253 | PasswordCallback pc = (PasswordCallback) callbacks[i]; |
| 254 | |
| 255 | // this is dependent on KeyStoreLoginModule |
| 256 | if (pc.getPrompt().startsWith("Keystore password: ")) { |
| 257 | pc.setPassword(OptionTest.STORE_PASS); |
| 258 | } else if (pc.getPrompt().startsWith("Private key")) { |
| 259 | pc.setPassword(OptionTest.KEY_PASS); |
| 260 | } |
| 261 | } else if (callbacks[i] instanceof ConfirmationCallback) { |
| 262 | ConfirmationCallback confirmation = |
| 263 | (ConfirmationCallback) callbacks[i]; |
| 264 | // this is dependent on KeyStoreLoginModule confirmation |
| 265 | confirmation.setSelectedIndex(ConfirmationCallback.OK); |
| 266 | } |
| 267 | } |
| 268 | } |
| 269 | } |
| 270 | } |